Bug#859764: unblock: libphysfs/2.0.3-5

Patrick Matthäi Fri, 07 Apr 2017 01:33:53 -0700

Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock


Please unblock package libphysfs

It adds a patch to fix a buffer overflow when using zlib. It is also
required for the manaplus package to work correct again with newer versions.

diff -Nru libphysfs-2.0.3/debian/changelog libphysfs-2.0.3/debian/changelog
--- libphysfs-2.0.3/debian/changelog    2016-12-23 09:24:38.000000000 +0100
+++ libphysfs-2.0.3/debian/changelog    2017-04-03 19:48:25.000000000 +0200
@@ -1,3 +1,10 @@
+libphysfs (2.0.3-5) unstable; urgency=low
+
+  * Add patch 02-zip-seek to fix a buffer overflow in physfs with zlib version
+    >= 1.2.11.
+
+ -- Patrick Matthäi <pmatth...@debian.org>  Mon, 03 Apr 2017 19:48:04 +0200
+
 libphysfs (2.0.3-4) unstable; urgency=medium

   * Enable full hardening.
diff -Nru libphysfs-2.0.3/debian/patches/02-zip-seek.diff 
libphysfs-2.0.3/debian/patches/02-zip-seek.diff
--- libphysfs-2.0.3/debian/patches/02-zip-seek.diff     1970-01-01 
01:00:00.000000000 +0100
+++ libphysfs-2.0.3/debian/patches/02-zip-seek.diff     2017-04-03 
19:48:25.000000000 +0200
@@ -0,0 +1,19 @@
+# Fix buffer overflow in physfs if you use zlib >= 1.2.11.
+#
+# zlib link: https://github.com/madler/zlib/issues/206
+# Upstream report: http://icculus.org/pipermail/physfs/2017-January/001215.html
+# Author and patch founder: http://manaplus.org/physfs_bugs
+
+diff -r 34ebe997c5c0 archivers/zip.c
+--- a/archivers/zip.c  Fri Jan 01 12:53:41 2016 -0500
++++ b/archivers/zip.c  Wed Jan 25 20:56:26 2017 +0300
+@@ -327,7 +327,8 @@
+                 return(0);
+
+             inflateEnd(&finfo->stream);
+-            memcpy(&finfo->stream, &str, sizeof (z_stream));
++            inflateCopy(&finfo->stream, &str);
++            inflateEnd(&str);
+             finfo->uncompressed_position = finfo->compressed_position = 0;
+         } /* if */
+
diff -Nru libphysfs-2.0.3/debian/patches/series 
libphysfs-2.0.3/debian/patches/series
--- libphysfs-2.0.3/debian/patches/series       2016-12-23 09:24:38.000000000 
+0100
+++ libphysfs-2.0.3/debian/patches/series       2017-04-03 19:48:25.000000000 
+0200
@@ -1 +1,2 @@
 01-do-not-link-against-curses.diff
+02-zip-seek.diff


unblock libphysfs/2.0.3-5

-- System Information:
Debian Release: 8.7
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#859764: unblock: libphysfs/2.0.3-5

Reply via email to