Bug#853469: marked as done (unblock: libarchive/3.2.1-6)

To: Niels Thykier <niels@thykier.net>
Subject: Bug#853469: marked as done (unblock: libarchive/3.2.1-6)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Tue, 31 Jan 2017 20:39:03 +0000
Message-id: <[🔎] handler.853469.D853469.148589492317003.ackdone@bugs.debian.org>
References: <e4354b6b-750e-4b76-a05c-4bd2a461c56a@thykier.net> <[🔎] 148585540893.18636.10928501872143055012.reportbug@mbpah.endian.se>

Your message dated Tue, 31 Jan 2017 20:34:00 +0000
with message-id <e4354b6b-750e-4b76-a05c-4bd2a461c56a@thykier.net>
and subject line Re: Bug#853469: unblock: libarchive/3.2.1-6
has caused the Debian Bug report #853469,
regarding unblock: libarchive/3.2.1-6
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
853469: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853469
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unblock: libarchive/3.2.1-6
From: Andreas Henriksson <andreas@fatal.se>
Date: Tue, 31 Jan 2017 10:39:29 +0100
Message-id: <[🔎] 148585540893.18636.10928501872143055012.reportbug@mbpah.endian.se>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package libarchive

Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278

unblock libarchive/3.2.1-6

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index e1386ce6..289df2d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libarchive (3.2.1-6) unstable; urgency=medium
+
+  * Add debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
+    - Cherry-pick upstream commit 98dcbbf0bf4854bf987557
+      "Fail with negative lha->compsize in lha_read_file_header_1()"
+      Secunia SA74169, CVE-2017-5601 (Closes: #853278)
+
+ -- Andreas Henriksson <andreas@fatal.se>  Tue, 31 Jan 2017 10:25:56 +0100
+
 libarchive (3.2.1-5) unstable; urgency=medium
 
   * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
diff --git a/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
new file mode 100644
index 00000000..3b35e267
--- /dev/null
+++ b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
@@ -0,0 +1,23 @@
+From: Martin Matuska <martin@matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: Fail with negative lha->compsize in lha_read_file_header_1() Fixes a
+ heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index c359d83e..1a5617fa 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ 	/* Get a real compressed file size. */
+ 	lha->compsize -= extdsize - 2;
+ 
++	if (lha->compsize < 0)
++		goto invalid;	/* Invalid compressed file size */
++
+ 	if (sum_calculated != headersum) {
+ 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ 		    "LHa header sum error");
diff --git a/debian/patches/series b/debian/patches/series
index 24a6b0a7..68f4950f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch
 Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch
 Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch
 Issue-767-Buffer-overflow-printing-a-filename.patch
+Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch

--- End Message ---

--- Begin Message ---

To: Andreas Henriksson <andreas@fatal.se>, 853469-done@bugs.debian.org

Subject: Re: Bug#853469: unblock: libarchive/3.2.1-6

From: Niels Thykier <niels@thykier.net>

Date: Tue, 31 Jan 2017 20:34:00 +0000

Message-id: <e4354b6b-750e-4b76-a05c-4bd2a461c56a@thykier.net>

In-reply-to: <[🔎] 148585540893.18636.10928501872143055012.reportbug@mbpah.endian.se>

References: <[🔎] 148585540893.18636.10928501872143055012.reportbug@mbpah.endian.se>
Andreas Henriksson:
> Package: release.debian.org
> Severity: normal
> User: release.debian.org@packages.debian.org
> Usertags: unblock
> 
> Please unblock package libarchive
> 
> Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278
> 
> unblock libarchive/3.2.1-6
> 
> [...]

Unblocked and aged, thanks.

~Niels
--- End Message ---

Reply to:

References:
- Bug#853469: unblock: libarchive/3.2.1-6
  - From: Andreas Henriksson <andreas@fatal.se>

Prev by Date: Bug#853280: marked as done (unblock: simple-cdd/0.6.4)
Next by Date: Bug#853289: marked as done (unblock: beets/1.3.19-2.1)
Previous by thread: Bug#853469: unblock: libarchive/3.2.1-6
Next by thread: new RC bug in texlive-base and transition to testing
Index(es):
- Date
- Thread