Bug#853469: unblock: libarchive/3.2.1-6

[Andreas Henriksson]

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package libarchive

Fixes CVE-2017-5601 by cherry-picking a single upstream commit.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278

unblock libarchive/3.2.1-6

-- System Information:
Debian Release: 9.0
  APT prefers testing-debug
  APT policy: (500, 'testing-debug'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff --git a/debian/changelog b/debian/changelog
index e1386ce6..289df2d0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libarchive (3.2.1-6) unstable; urgency=medium
+
+  * Add 
debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
+    - Cherry-pick upstream commit 98dcbbf0bf4854bf987557
+      "Fail with negative lha->compsize in lha_read_file_header_1()"
+      Secunia SA74169, CVE-2017-5601 (Closes: #853278)
+
+ -- Andreas Henriksson <andr...@fatal.se>  Tue, 31 Jan 2017 10:25:56 +0100
+
 libarchive (3.2.1-5) unstable; urgency=medium
 
   * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f
diff --git 
a/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
new file mode 100644
index 00000000..3b35e267
--- /dev/null
+++ 
b/debian/patches/Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch
@@ -0,0 +1,23 @@
+From: Martin Matuska <mar...@matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: Fail with negative lha->compsize in lha_read_file_header_1() Fixes a
+ heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c 
b/libarchive/archive_read_support_format_lha.c
+index c359d83e..1a5617fa 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha 
*lha)
+       /* Get a real compressed file size. */
+       lha->compsize -= extdsize - 2;
+ 
++      if (lha->compsize < 0)
++              goto invalid;   /* Invalid compressed file size */
++
+       if (sum_calculated != headersum) {
+               archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+                   "LHa header sum error");
diff --git a/debian/patches/series b/debian/patches/series
index 24a6b0a7..68f4950f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch
 Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch
 Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch
 Issue-767-Buffer-overflow-printing-a-filename.patch
+Fail-with-negative-lha-compsize-in-lha_read_file_header_1.patch