Bug#866516: stretch-pu: package unrar-nonfree/1:5.3.2-1+deb9u1
Hi KiBi,
On 02.07.2017 23:25, Cyril Brulebois wrote:
> Control: tag -1 confirmed
>
> Hi Felix,
>
> Felix Geyer <fgeyer@debian.org> (2017-06-29):
>> I'd like to fix CVE-2012-6706 in stretch, see #865461 for details.
>> debdiff is attached.
>
> This looks good to me, feel free to upload; thanks.
Uploaded, thanks!
>> +--- unrar-nonfree-5.3.2.orig/unpack.hpp
>> ++++ unrar-nonfree-5.3.2/unpack.hpp
>> +@@ -13,6 +13,12 @@
>> + // from two data blocks.
>> + #define MAX3_UNPACK_FILTERS 8192
>> +
>> ++// Limit maximum number of channels in RAR3 delta filter to some reasonable
>> ++// value to prevent too slow processing of corrupt archives with invalid
>> ++// channels number. Must be equal or larger than v3_MAX_FILTER_CHANNELS.
>> ++// No need to provide it for RAR5, which uses only 5 bits to store channels.
>> ++#define MAX3_UNPACK_CHANNELS 1024
>> ++
>> + // Write data in 4 MB or smaller blocks. Must not exceed PACK_MAX_WRITE,
>> + // so we keep number of buffered filter in unpacker reasonable.
>> + #define UNPACK_MAX_WRITE 0x400000
>
> (Funny to see a new definition for MAX3_UNPACK_CHANNELS but not for the
> hardcoded 128. But I suppose this might be an artefact of backporting
> the fix from a new upstream. Not a huge deal anyway.)
It's the same in the upstream 5.5.5 code. Incidentally there is also no MAX_FILTER_CHANNELS
constant defined ...
Felix
Reply to: