[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#866516: stretch-pu: package unrar-nonfree/1:5.3.2-1+deb9u1



Hi KiBi,

On 02.07.2017 23:25, Cyril Brulebois wrote:
> Control: tag -1 confirmed
> 
> Hi Felix,
> 
> Felix Geyer <fgeyer@debian.org> (2017-06-29):
>> I'd like to fix CVE-2012-6706 in stretch, see #865461 for details.
>> debdiff is attached.
> 
> This looks good to me, feel free to upload; thanks.

Uploaded, thanks!

>> +--- unrar-nonfree-5.3.2.orig/unpack.hpp
>> ++++ unrar-nonfree-5.3.2/unpack.hpp
>> +@@ -13,6 +13,12 @@
>> + // from two data blocks.
>> + #define MAX3_UNPACK_FILTERS      8192
>> + 
>> ++// Limit maximum number of channels in RAR3 delta filter to some reasonable
>> ++// value to prevent too slow processing of corrupt archives with invalid
>> ++// channels number. Must be equal or larger than v3_MAX_FILTER_CHANNELS.
>> ++// No need to provide it for RAR5, which uses only 5 bits to store channels.
>> ++#define MAX3_UNPACK_CHANNELS      1024
>> ++
>> + // Write data in 4 MB or smaller blocks. Must not exceed PACK_MAX_WRITE,
>> + // so we keep number of buffered filter in unpacker reasonable.
>> + #define UNPACK_MAX_WRITE     0x400000
> 
> (Funny to see a new definition for MAX3_UNPACK_CHANNELS but not for the
> hardcoded 128. But I suppose this might be an artefact of backporting
> the fix from a new upstream. Not a huge deal anyway.)

It's the same in the upstream 5.5.5 code. Incidentally there is also no MAX_FILTER_CHANNELS
constant defined ...

Felix


Reply to: