Bug#859764: unblock: libphysfs/2.0.3-5
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package libphysfs
It adds a patch to fix a buffer overflow when using zlib. It is also
required for the manaplus package to work correct again with newer versions.
diff -Nru libphysfs-2.0.3/debian/changelog libphysfs-2.0.3/debian/changelog
--- libphysfs-2.0.3/debian/changelog 2016-12-23 09:24:38.000000000 +0100
+++ libphysfs-2.0.3/debian/changelog 2017-04-03 19:48:25.000000000 +0200
@@ -1,3 +1,10 @@
+libphysfs (2.0.3-5) unstable; urgency=low
+
+ * Add patch 02-zip-seek to fix a buffer overflow in physfs with zlib version
+ >= 1.2.11.
+
+ -- Patrick Matthäi <pmatthaei@debian.org> Mon, 03 Apr 2017 19:48:04 +0200
+
libphysfs (2.0.3-4) unstable; urgency=medium
* Enable full hardening.
diff -Nru libphysfs-2.0.3/debian/patches/02-zip-seek.diff libphysfs-2.0.3/debian/patches/02-zip-seek.diff
--- libphysfs-2.0.3/debian/patches/02-zip-seek.diff 1970-01-01 01:00:00.000000000 +0100
+++ libphysfs-2.0.3/debian/patches/02-zip-seek.diff 2017-04-03 19:48:25.000000000 +0200
@@ -0,0 +1,19 @@
+# Fix buffer overflow in physfs if you use zlib >= 1.2.11.
+#
+# zlib link: https://github.com/madler/zlib/issues/206
+# Upstream report: http://icculus.org/pipermail/physfs/2017-January/001215.html
+# Author and patch founder: http://manaplus.org/physfs_bugs
+
+diff -r 34ebe997c5c0 archivers/zip.c
+--- a/archivers/zip.c Fri Jan 01 12:53:41 2016 -0500
++++ b/archivers/zip.c Wed Jan 25 20:56:26 2017 +0300
+@@ -327,7 +327,8 @@
+ return(0);
+
+ inflateEnd(&finfo->stream);
+- memcpy(&finfo->stream, &str, sizeof (z_stream));
++ inflateCopy(&finfo->stream, &str);
++ inflateEnd(&str);
+ finfo->uncompressed_position = finfo->compressed_position = 0;
+ } /* if */
+
diff -Nru libphysfs-2.0.3/debian/patches/series libphysfs-2.0.3/debian/patches/series
--- libphysfs-2.0.3/debian/patches/series 2016-12-23 09:24:38.000000000 +0100
+++ libphysfs-2.0.3/debian/patches/series 2017-04-03 19:48:25.000000000 +0200
@@ -1 +1,2 @@
01-do-not-link-against-curses.diff
+02-zip-seek.diff
unblock libphysfs/2.0.3-5
-- System Information:
Debian Release: 8.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Reply to: