diff -Nru unrar-free-0.0.1+cvs20140707/debian/changelog unrar-free-0.0.1+cvs20140707/debian/changelog --- unrar-free-0.0.1+cvs20140707/debian/changelog 2017-09-07 19:34:05.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/changelog 2017-10-15 16:46:04.000000000 +0000 @@ -1,3 +1,18 @@ +unrar-free (1:0.0.1+cvs20140707-4) unstable; urgency=low + + * Fix CVE-2017-14122 (Closes: #874060) + - debian/patches/0002-CVE-2017-14122.patch + * Add autopkgtest for testing CVE-2017-14122 + * Fix CVE-2017-14121 (Closes: #874061) + - debian/patches/0003-CVE-2017-14121.patch + * Add autopkgtest for testing CVE-2017-14121 + * Fix compatibility for -y option (Closes: #724295) + - debian/patches/0004-unrar-nonfree-compat-ignored-options.patch + - Thanks to Dominik George + * Bump Standards-Version to 4.1.1: Nothing needs to be changed + + -- Ying-Chun Liu (PaulLiu) Mon, 16 Oct 2017 00:46:04 +0800 + unrar-free (1:0.0.1+cvs20140707-3) unstable; urgency=low * autopkgtest: Add depends to shunit2 diff -Nru unrar-free-0.0.1+cvs20140707/debian/control unrar-free-0.0.1+cvs20140707/debian/control --- unrar-free-0.0.1+cvs20140707/debian/control 2017-09-07 05:17:43.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/control 2017-10-15 16:46:04.000000000 +0000 @@ -4,7 +4,7 @@ Maintainer: Ying-Chun Liu (PaulLiu) Uploaders: Erik Schanze Build-Depends: debhelper (>= 9), docbook-to-man, autotools-dev -Standards-Version: 4.0.0 +Standards-Version: 4.1.1 Homepage: https://gna.org/projects/unrar/ Package: unrar-free diff -Nru unrar-free-0.0.1+cvs20140707/debian/patches/0001-CVE-2017-14120.patch unrar-free-0.0.1+cvs20140707/debian/patches/0001-CVE-2017-14120.patch --- unrar-free-0.0.1+cvs20140707/debian/patches/0001-CVE-2017-14120.patch 2017-09-07 05:14:32.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/patches/0001-CVE-2017-14120.patch 2017-10-15 16:45:45.000000000 +0000 @@ -5,6 +5,8 @@ Bug-Debian: https://bugs.debian.org/874059 Last-Update: 2017-09-07 +Index: unrar-free-0.0.1+cvs20140707/src/unrar.c +=================================================================== --- unrar-free-0.0.1+cvs20140707.orig/src/unrar.c +++ unrar-free-0.0.1+cvs20140707/src/unrar.c @@ -362,6 +362,11 @@ unrar_extract_file (struct unrar_argumen diff -Nru unrar-free-0.0.1+cvs20140707/debian/patches/0002-CVE-2017-14122.patch unrar-free-0.0.1+cvs20140707/debian/patches/0002-CVE-2017-14122.patch --- unrar-free-0.0.1+cvs20140707/debian/patches/0002-CVE-2017-14122.patch 1970-01-01 00:00:00.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/patches/0002-CVE-2017-14122.patch 2017-10-14 13:41:26.000000000 +0000 @@ -0,0 +1,18 @@ +Description: This patch fixes CVE-2017-14122 + CVE-2017-14122 describes a security issue about stack overread + vulnerability. +Author: Ying-Chun Liu (PaulLiu) +Bug-Debian: https://bugs.debian.org/874060 +Last-Update: 2017-10-14 +Index: unrar-free-0.0.1+cvs20140707/src/unrarlib.c +=================================================================== +--- unrar-free-0.0.1+cvs20140707.orig/src/unrarlib.c ++++ unrar-free-0.0.1+cvs20140707/src/unrarlib.c +@@ -596,6 +596,7 @@ ReadHeader (int BlockType) + { + int Size = 0; + unsigned char Header[64]; ++ memset(Header,0,sizeof(Header)); + switch (BlockType) + { + case MAIN_HEAD: diff -Nru unrar-free-0.0.1+cvs20140707/debian/patches/0003-CVE-2017-14121.patch unrar-free-0.0.1+cvs20140707/debian/patches/0003-CVE-2017-14121.patch --- unrar-free-0.0.1+cvs20140707/debian/patches/0003-CVE-2017-14121.patch 1970-01-01 00:00:00.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/patches/0003-CVE-2017-14121.patch 2017-10-14 14:53:40.000000000 +0000 @@ -0,0 +1,20 @@ +Description: This patch fixes CVE-2017-14121 + CVE-2017-14121 describes a security issue about null pointer dereference + vulnerability. +Author: Ying-Chun Liu (PaulLiu) +Bug-Debian: https://bugs.debian.org/874061 +Last-Update: 2017-10-14 + +Index: unrar-free-0.0.1+cvs20140707/src/unrarlib.c +=================================================================== +--- unrar-free-0.0.1+cvs20140707.orig/src/unrarlib.c ++++ unrar-free-0.0.1+cvs20140707/src/unrarlib.c +@@ -1651,6 +1651,8 @@ DecodeNumber (struct Decode *Deco) + + #else + N = BitField & 0xFFFE; ++ if (!Deco->DecodeLen) ++ return; + if (N < Deco->DecodeLen[8]) + { + if (N < Deco->DecodeLen[4]) diff -Nru unrar-free-0.0.1+cvs20140707/debian/patches/0004-unrar-nonfree-compat-ignored-options.patch unrar-free-0.0.1+cvs20140707/debian/patches/0004-unrar-nonfree-compat-ignored-options.patch --- unrar-free-0.0.1+cvs20140707/debian/patches/0004-unrar-nonfree-compat-ignored-options.patch 1970-01-01 00:00:00.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/patches/0004-unrar-nonfree-compat-ignored-options.patch 2017-10-15 16:45:13.000000000 +0000 @@ -0,0 +1,18 @@ +Description: Add -y for compatibility + This patch allows -y option for compatibility. Through -y is currently + useless. +Author: Dominik George +Bug-Debian: https://bugs.debian.org/724295 +Last-Update: 2017-10-14 +Index: unrar-free-0.0.1+cvs20140707/src/opts.c +=================================================================== +--- unrar-free-0.0.1+cvs20140707.orig/src/opts.c ++++ unrar-free-0.0.1+cvs20140707/src/opts.c +@@ -218,6 +218,7 @@ int compat_iscmd(char *a) { + || strcmp(a,"vt")==0 + || strcmp(a,"vb")==0 + || strcmp(a,"x")==0 ++ || strcmp(a,"y")==0 + ) { + return (1==1); + } diff -Nru unrar-free-0.0.1+cvs20140707/debian/patches/series unrar-free-0.0.1+cvs20140707/debian/patches/series --- unrar-free-0.0.1+cvs20140707/debian/patches/series 2017-09-07 05:12:23.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/patches/series 2017-10-15 16:42:35.000000000 +0000 @@ -1 +1,4 @@ 0001-CVE-2017-14120.patch +0002-CVE-2017-14122.patch +0003-CVE-2017-14121.patch +0004-unrar-nonfree-compat-ignored-options.patch diff -Nru unrar-free-0.0.1+cvs20140707/debian/tests/0003-CVE-2017-14122 unrar-free-0.0.1+cvs20140707/debian/tests/0003-CVE-2017-14122 --- unrar-free-0.0.1+cvs20140707/debian/tests/0003-CVE-2017-14122 1970-01-01 00:00:00.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/tests/0003-CVE-2017-14122 2017-10-15 16:15:58.000000000 +0000 @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Test CVE-2017-14122 + +setUp() { + uudecode > unrar-gpl-stack-overread.rar < unrar-gpl-nullptr.rar < "$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log 2>&1 + grep -q '*** Segmentation fault' "$AUTOPKGTEST_TMP"/0004-CVE-2017-14121.log + assertNotEquals "catchsegv value" 0 $? + + valgrind --error-exitcode=121 --track-origins=yes unrar-free --extract unrar-gpl-nullptr.rar + assertNotEquals "Valgrind status code" 121 $? +} + +. /usr/bin/shunit2 diff -Nru unrar-free-0.0.1+cvs20140707/debian/tests/control unrar-free-0.0.1+cvs20140707/debian/tests/control --- unrar-free-0.0.1+cvs20140707/debian/tests/control 2017-09-07 19:33:51.000000000 +0000 +++ unrar-free-0.0.1+cvs20140707/debian/tests/control 2017-10-15 15:48:09.000000000 +0000 @@ -5,3 +5,11 @@ Tests: 0002-CVE-2017-14120 Depends: @, sharutils, shunit2 Restrictions: allow-stderr + +Tests: 0003-CVE-2017-14122 +Depends: @, sharutils, shunit2, valgrind +Restrictions: allow-stderr + +Tests: 0004-CVE-2017-14121 +Depends: @, sharutils, shunit2, valgrind +Restrictions: allow-stderr