Bug#771005: wheezy-pu: package libclamunrar/0.98.5-0+deb7u1

Scott Kitterman Tue, 25 Nov 2014 13:28:02 -0800

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu


Upstream update in parallel with the clamav package from which this is
split.  Fixes open security issue, "ibclamunrar: double-free error
libclamunrar_iface/unrar_iface.c"

https://security-tracker.debian.org/tracker/TEMP-0770647-53FAC2

Note: The diff has been edited to remove auto* related changes.

diff -Nru libclamunrar-0.96.4/clamav-config.h.in libclamunrar-0.98.5/clamav-config.h.in
--- libclamunrar-0.96.4/clamav-config.h.in	2010-10-25 17:47:21.000000000 -0400
+++ libclamunrar-0.98.5/clamav-config.h.in	2014-11-18 16:22:37.000000000 -0500
@@ -1,4 +1,4 @@
-/* clamav-config.h.in.  Generated from configure.in by autoheader.  */
+/* clamav-config.h.in.  Generated from configure.ac by autoheader.  */
 
 /* Define if building universal (internal helper macro) */
 #undef AC_APPLE_UNIVERSAL_BUILD
@@ -12,18 +12,15 @@
 /* "build clamd" */
 #undef BUILD_CLAMD
 
+/* use ClamAuth */
+#undef CLAMAUTH
+
 /* name of the clamav group */
 #undef CLAMAVGROUP
 
 /* name of the clamav user */
 #undef CLAMAVUSER
 
-/* enable clamuko */
-#undef CLAMUKO
-
-/* enable loading of unsigned bytecode */
-#undef CL_BCUNSIGNED
-
 /* enable debugging */
 #undef CL_DEBUG
 
@@ -90,15 +87,15 @@
 /* "default FD_SETSIZE value" */
 #undef DEFAULT_FD_SETSIZE
 
+/* use fanotify */
+#undef FANOTIFY
+
 /* whether _XOPEN_SOURCE needs to be defined for fd passing to work */
 #undef FDPASS_NEED_XOPEN
 
 /* file i/o buffer size */
 #undef FILEBUFF
 
-/* FPU byte ordering matches CPU */
-#undef FPU_WORDS_BIGENDIAN
-
 /* enable workaround for broken DNS servers */
 #undef FRESHCLAM_DNS_FIX
 
@@ -123,9 +120,16 @@
 /* ctime_r takes 3 arguments */
 #undef HAVE_CTIME_R_3
 
+/* Define to 1 if you have a deprecated version of the 'libjson' library
+   (-ljson). */
+#undef HAVE_DEPRECATED_JSON
+
 /* Define to 1 if you have the <dlfcn.h> header file. */
 #undef HAVE_DLFCN_H
 
+/* Define to 1 if you have the `enable_extended_FILE_stdio' function. */
+#undef HAVE_ENABLE_EXTENDED_FILE_STDIO
+
 /* have working file descriptor passing support */
 #undef HAVE_FD_PASSING
 
@@ -135,6 +139,9 @@
 /* have getaddrinfo() */
 #undef HAVE_GETADDRINFO
 
+/* Define to 1 if you have the `getnameinfo' function. */
+#undef HAVE_GETNAMEINFO
+
 /* Define to 1 if getpagesize() is available */
 #undef HAVE_GETPAGESIZE
 
@@ -159,6 +166,9 @@
 /* in_port_t is defined */
 #undef HAVE_IN_PORT_T
 
+/* Define to 1 if you have the 'libjson' library (-ljson). */
+#undef HAVE_JSON
+
 /* Define to '1' if you have the check.h library */
 #undef HAVE_LIBCHECK
 
@@ -171,6 +181,12 @@
 /* Define to '1' if you have the curses.h library */
 #undef HAVE_LIBPDCURSES
 
+/* Define to 1 if you have the `ssl' library (-lssl). */
+#undef HAVE_LIBSSL
+
+/* Define to 1 if you have the 'libxml2' library (-lxml2). */
+#undef HAVE_LIBXML2
+
 /* Define to 1 if you have the `z' library (-lz). */
 #undef HAVE_LIBZ
 
@@ -214,6 +230,9 @@
 /* "pragma pack hppa/hp-ux style" */
 #undef HAVE_PRAGMA_PACK_HPPA
 
+/* Define to 1 if you have the <pthread.h> header file */
+#undef HAVE_PTHREAD_H
+
 /* Define to 1 if you have the `pthread_yield' function. */
 #undef HAVE_PTHREAD_YIELD
 
@@ -250,6 +269,9 @@
 /* Define to 1 if you have the `snprintf' function. */
 #undef HAVE_SNPRINTF
 
+/* enable stat64 */
+#undef HAVE_STAT64
+
 /* Define to 1 if you have the <stdbool.h> header file. */
 #undef HAVE_STDBOOL_H
 
@@ -280,8 +302,8 @@
 /* Define to 1 if sysconf(_SC_PAGESIZE) is available */
 #undef HAVE_SYSCONF_SC_PAGESIZE
 
-/* link against system-wide libtommath */
-#undef HAVE_SYSTEM_TOMMATH
+/* Define to 1 if you have the `sysctlbyname' function. */
+#undef HAVE_SYSCTLBYNAME
 
 /* Define to 1 if you have the <sys/filio.h> header file. */
 #undef HAVE_SYS_FILIO_H
@@ -304,6 +326,9 @@
 /* Define to 1 if you have the <sys/stat.h> header file. */
 #undef HAVE_SYS_STAT_H
 
+/* Define to 1 if you have the <sys/times.h> header file. */
+#undef HAVE_SYS_TIMES_H
+
 /* Define to 1 if you have the <sys/types.h> header file. */
 #undef HAVE_SYS_TYPES_H
 
@@ -313,6 +338,9 @@
 /* Define to 1 if you have the <termios.h> header file. */
 #undef HAVE_TERMIOS_H
 
+/* Define to 1 if you have the `timegm' function. */
+#undef HAVE_TIMEGM
+
 /* Define this if uname(2) is POSIX */
 #undef HAVE_UNAME_SYSCALL
 
@@ -365,9 +393,6 @@
 /* Define to the version of this package. */
 #undef PACKAGE_VERSION
 
-/* scan buffer size */
-#undef SCANBUFF
-
 /* Define to 1 if the `setpgrp' function takes no argument. */
 #undef SETPGRP_VOID
 
@@ -398,6 +423,28 @@
 /* use syslog */
 #undef USE_SYSLOG
 
+/* Enable extensions on AIX 3, Interix.  */
+#ifndef _ALL_SOURCE
+# undef _ALL_SOURCE
+#endif
+/* Enable GNU extensions on systems that have them.  */
+#ifndef _GNU_SOURCE
+# undef _GNU_SOURCE
+#endif
+/* Enable threading extensions on Solaris.  */
+#ifndef _POSIX_PTHREAD_SEMANTICS
+# undef _POSIX_PTHREAD_SEMANTICS
+#endif
+/* Enable extensions on HP NonStop.  */
+#ifndef _TANDEM_SOURCE
+# undef _TANDEM_SOURCE
+#endif
+/* Enable general extensions on Solaris.  */
+#ifndef __EXTENSIONS__
+# undef __EXTENSIONS__
+#endif
+
+
 /* Version number of package */
 #undef VERSION
 
@@ -419,9 +466,19 @@
 /* Define to 1 to make fseeko visible on some hosts (e.g. glibc 2.2). */
 #undef _LARGEFILE_SOURCE
 
+/* Define to 1 if on MINIX. */
+#undef _MINIX
+
+/* Define to 2 if the system does not provide POSIX.1 features except with
+   this defined. */
+#undef _POSIX_1_SOURCE
+
 /* POSIX compatibility */
 #undef _POSIX_PII_SOCKET
 
+/* Define to 1 if you need to in order for `stat' and other things to work. */
+#undef _POSIX_SOURCE
+
 /* thread safe */
 #undef _REENTRANT
 
diff -Nru libclamunrar-0.96.4/config/test-driver libclamunrar-0.98.5/config/test-driver
--- libclamunrar-0.96.4/config/test-driver	1969-12-31 19:00:00.000000000 -0500
+++ libclamunrar-0.98.5/config/test-driver	2014-11-18 16:22:26.000000000 -0500
@@ -0,0 +1,127 @@
+#! /bin/sh
+# test-driver - basic testsuite driver script.
+
+scriptversion=2012-06-27.10; # UTC
+
+# Copyright (C) 2011-2013 Free Software Foundation, Inc.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-autom...@gnu.org> or send patches to
+# <automake-patc...@gnu.org>.
+
+# Make unconditional expansion of undefined variables an error.  This
+# helps a lot in preventing typo-related bugs.
+set -u
+
+usage_error ()
+{
+  echo "$0: $*" >&2
+  print_usage >&2
+  exit 2
+}
+
+print_usage ()
+{
+  cat <<END
+Usage:
+  test-driver --test-name=NAME --log-file=PATH --trs-file=PATH
+              [--expect-failure={yes|no}] [--color-tests={yes|no}]
+              [--enable-hard-errors={yes|no}] [--] TEST-SCRIPT
+The '--test-name', '--log-file' and '--trs-file' options are mandatory.
+END
+}
+
+# TODO: better error handling in option parsing (in particular, ensure
+# TODO: $log_file, $trs_file and $test_name are defined).
+test_name= # Used for reporting.
+log_file=  # Where to save the output of the test script.
+trs_file=  # Where to save the metadata of the test run.
+expect_failure=no
+color_tests=no
+enable_hard_errors=yes
+while test $# -gt 0; do
+  case $1 in
+  --help) print_usage; exit $?;;
+  --version) echo "test-driver $scriptversion"; exit $?;;
+  --test-name) test_name=$2; shift;;
+  --log-file) log_file=$2; shift;;
+  --trs-file) trs_file=$2; shift;;
+  --color-tests) color_tests=$2; shift;;
+  --expect-failure) expect_failure=$2; shift;;
+  --enable-hard-errors) enable_hard_errors=$2; shift;;
+  --) shift; break;;
+  -*) usage_error "invalid option: '$1'";;
+  esac
+  shift
+done
+
+if test $color_tests = yes; then
+  # Keep this in sync with 'lib/am/check.am:$(am__tty_colors)'.
+  red='[0;31m' # Red.
+  grn='[0;32m' # Green.
+  lgn='[1;32m' # Light green.
+  blu='[1;34m' # Blue.
+  mgn='[0;35m' # Magenta.
+  std='[m'     # No color.
+else
+  red= grn= lgn= blu= mgn= std=
+fi
+
+do_exit='rm -f $log_file $trs_file; (exit $st); exit $st'
+trap "st=129; $do_exit" 1
+trap "st=130; $do_exit" 2
+trap "st=141; $do_exit" 13
+trap "st=143; $do_exit" 15
+
+# Test script is run here.
+"$@" >$log_file 2>&1
+estatus=$?
+if test $enable_hard_errors = no && test $estatus -eq 99; then
+  estatus=1
+fi
+
+case $estatus:$expect_failure in
+  0:yes) col=$red res=XPASS recheck=yes gcopy=yes;;
+  0:*)   col=$grn res=PASS  recheck=no  gcopy=no;;
+  77:*)  col=$blu res=SKIP  recheck=no  gcopy=yes;;
+  99:*)  col=$mgn res=ERROR recheck=yes gcopy=yes;;
+  *:yes) col=$lgn res=XFAIL recheck=no  gcopy=yes;;
+  *:*)   col=$red res=FAIL  recheck=yes gcopy=yes;;
+esac
+
+# Report outcome to console.
+echo "${col}${res}${std}: $test_name"
+
+# Register the test result, and other relevant metadata.
+echo ":test-result: $res" > $trs_file
+echo ":global-test-result: $res" >> $trs_file
+echo ":recheck: $recheck" >> $trs_file
+echo ":copy-in-global-log: $gcopy" >> $trs_file
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff -Nru libclamunrar-0.96.4/COPYING libclamunrar-0.98.5/COPYING
--- libclamunrar-0.96.4/COPYING	2010-10-25 17:47:06.000000000 -0400
+++ libclamunrar-0.98.5/COPYING	2014-11-18 16:22:26.000000000 -0500
@@ -338,3 +338,19 @@
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Library General
 Public License instead of this License.
+
+            REGARDING OPENSSL
+
+ In addition, as a special exception, the copyright holders give
+ permission to link the code of portions of this program with the
+ OpenSSL library under certain conditions as described in each
+ individual source file, and distribute linked combinations
+ including the two.
+
+ You must obey the GNU General Public License in all respects
+ for all of the code used other than OpenSSL.  If you modify
+ file(s) with this exception, you may extend this exception to your
+ version of the file(s), but you are not obligated to do so.  If you
+ do not wish to do so, delete this exception statement from your
+ version.  If you delete this exception statement from all source
+ files in the program, then also delete it here.
diff -Nru libclamunrar-0.96.4/debian/changelog libclamunrar-0.98.5/debian/changelog
--- libclamunrar-0.96.4/debian/changelog	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/changelog	2014-11-25 16:14:32.000000000 -0500
@@ -1,3 +1,30 @@
+libclamunrar (0.98.5-0+deb7u1) stable; urgency=medium
+
+  [ Sebastian Andrzej Siewior ]
+  * Update to new upstream version.
+    - Finaly address "double-free error exists within the
+      unrar_extract_next_prepare()" (Closes: #770647)
+  * redo rules files to something smaller like we do have in the clamav
+    package.
+  * Do autoreconf before configure (closes: #727917).
+  * Enable hardened build flags (closes: #741080).
+  * Remove all .la files (clamd works without them).
+  * Add VCS-* tags.
+  * Add myself as uploader.
+  * Remove *.so files (lintian warning).
+  * Add a symbol file.
+  * Bumb standards version to 3.9.1 after made the required changes.
+  * Drop automake workaround, the bug was fixed.
+  * Fix LFS support using the same approach as clamav for compatibility and
+    correctness
+
+  [ Scott Kitterman ]
+  * Add build-dep on libssl-dev, needed for configure even if not used
+    in libclamunrar
+  * Update debian/copyright to add openssl exception per COPYING
+
+ -- Sebastian Andrzej Siewior <sebast...@breakpoint.cc>  Tue, 25 Nov 2014 22:01:13 +0100
+
 libclamunrar (0.96.4-1) unstable; urgency=low
 
   * New upstream version
diff -Nru libclamunrar-0.96.4/debian/compat libclamunrar-0.98.5/debian/compat
--- libclamunrar-0.96.4/debian/compat	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/compat	2014-11-25 15:45:33.000000000 -0500
@@ -1 +1 @@
-7
+8
diff -Nru libclamunrar-0.96.4/debian/control libclamunrar-0.98.5/debian/control
--- libclamunrar-0.96.4/debian/control	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/control	2014-11-25 15:45:33.000000000 -0500
@@ -2,9 +2,11 @@
 Priority: extra
 Section: non-free/libs
 Maintainer: ClamAV Team <pkg-clamav-de...@lists.alioth.debian.org>
-Uploaders: Michael Tautschnig <m...@debian.org>, Stephen Gran <sg...@debian.org>
-Build-Depends: debhelper (>= 7), autotools-dev, zlib1g-dev, libbz2-dev
-Standards-Version: 3.9.1
+Uploaders: Michael Tautschnig <m...@debian.org>, Stephen Gran <sg...@debian.org>, Sebastian Andrzej Siewior <sebast...@breakpoint.cc>
+Build-Depends: debhelper (>= 8), autotools-dev, zlib1g-dev, libbz2-dev, dh-autoreconf, automake, libssl-dev
+Standards-Version: 3.9.5
+Vcs-Git: git://anonscm.debian.org/pkg-clamav/libclamunrar.git
+Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-clamav/libclamunrar.git;a=summary
 Homepage: http://www.clamav.net/
 XS-Autobuild: yes
 
diff -Nru libclamunrar-0.96.4/debian/copyright libclamunrar-0.98.5/debian/copyright
--- libclamunrar-0.96.4/debian/copyright	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/copyright	2014-11-25 15:45:33.000000000 -0500
@@ -26,6 +26,23 @@
 On Debian GNU/Linux systems, the complete text of the GNU General
 Public License can be found in `/usr/share/common-licenses/GPL-2'.
 
+            REGARDING OPENSSL
+
+ In addition, as a special exception, the copyright holders give
+ permission to link the code of portions of this program with the
+ OpenSSL library under certain conditions as described in each
+ individual source file, and distribute linked combinations
+ including the two.
+
+ You must obey the GNU General Public License in all respects
+ for all of the code used other than OpenSSL.  If you modify
+ file(s) with this exception, you may extend this exception to your
+ version of the file(s), but you are not obligated to do so.  If you
+ do not wish to do so, delete this exception statement from your
+ version.  If you delete this exception statement from all source
+ files in the program, then also delete it here.
+
+
 libclamunrar_iface/unrar_iface.c and libclamunrar_iface/unrar_iface.h are
 Copyright (C) 2007 Sourcefire, Inc.
 
diff -Nru libclamunrar-0.96.4/debian/libclamunrar6.dirs libclamunrar-0.98.5/debian/libclamunrar6.dirs
--- libclamunrar-0.96.4/debian/libclamunrar6.dirs	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/libclamunrar6.dirs	1969-12-31 19:00:00.000000000 -0500
@@ -1 +0,0 @@
-usr/lib
diff -Nru libclamunrar-0.96.4/debian/libclamunrar6.install libclamunrar-0.98.5/debian/libclamunrar6.install
--- libclamunrar-0.96.4/debian/libclamunrar6.install	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/libclamunrar6.install	1969-12-31 19:00:00.000000000 -0500
@@ -1,3 +0,0 @@
-usr/lib/lib*.so
-usr/lib/lib*.so.*
-usr/lib/libclamunrar_iface.la
diff -Nru libclamunrar-0.96.4/debian/libclamunrar6.symbols libclamunrar-0.98.5/debian/libclamunrar6.symbols
--- libclamunrar-0.96.4/debian/libclamunrar6.symbols	1969-12-31 19:00:00.000000000 -0500
+++ libclamunrar-0.98.5/debian/libclamunrar6.symbols	2014-11-25 15:45:33.000000000 -0500
@@ -0,0 +1,13 @@
+libclamunrar.so.6 libclamunrar6 #MINVER#
+ CLAMAV_PRIVATE_UNRAR@CLAMAV_PRIVATE_UNRAR 0.98.1
+ ppm_constructor@CLAMAV_PRIVATE_UNRAR 0.98.1
+ ppm_destructor@CLAMAV_PRIVATE_UNRAR 0.98.1
+ rar_init_filters@CLAMAV_PRIVATE_UNRAR 0.98.1
+ rar_unpack@CLAMAV_PRIVATE_UNRAR 0.98.1
+ rarvm_free@CLAMAV_PRIVATE_UNRAR 0.98.1
+libclamunrar_iface.so.6 libclamunrar6 #MINVER#
+ CLAMAV_PRIVATE@CLAMAV_PRIVATE 0.98.1
+ libclamunrar_iface_LTX_unrar_close@CLAMAV_PRIVATE 0.98.1
+ libclamunrar_iface_LTX_unrar_extract_next@CLAMAV_PRIVATE 0.98.1
+ libclamunrar_iface_LTX_unrar_extract_next_prepare@CLAMAV_PRIVATE 0.98.1
+ libclamunrar_iface_LTX_unrar_open@CLAMAV_PRIVATE 0.98.1
diff -Nru libclamunrar-0.96.4/debian/rules libclamunrar-0.98.5/debian/rules
--- libclamunrar-0.96.4/debian/rules	2014-11-25 16:15:50.000000000 -0500
+++ libclamunrar-0.98.5/debian/rules	2014-11-25 15:45:33.000000000 -0500
@@ -1,101 +1,25 @@
 #!/usr/bin/make -f
-# -*- makefile -*-
-# Sample debian/rules that uses debhelper.
-# This file was originally written by Joey Hess and Craig Small.
-# As a special exception, when this file is copied by dh-make into a
-# dh-make output file, you may use that output file without restriction.
-# This special exception was added by Craig Small in version 0.37 of dh-make.
-
-# Uncomment this to turn on verbose mode.
 #export DH_VERBOSE=1
 
-
-# These are used for cross-compiling and for saving the configure script
-# from having to guess our platform (since we know it already)
-DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
-DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
-ifneq ($(DEB_HOST_GNU_TYPE),$(DEB_BUILD_GNU_TYPE))
-CROSS= --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)
+# The autotools in squeeze (Debian 6) are too old, so don't use autoreconf.
+ifeq ($(shell cut -c1 /etc/debian_version),6)
+AUTORECONF =
 else
-CROSS= --build $(DEB_BUILD_GNU_TYPE)
-endif
-
-
-
-
-# shared library versions, option 1
-#version=2.0.5
-#major=2
-# option 2, assuming the library is created as src/.libs/libfoo.so.2.0.5 or so
-version=`ls libclamunrar/.libs/lib*.so.* | \
- awk '{if (match($$0,/[0-9]+\.[0-9]+\.[0-9]+$$/)) print substr($$0,RSTART)}'`
-major=`ls libclamunrar/.libs/lib*.so.* | \
- awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'`
-
-config.status: configure
-	dh_testdir
-	# Add here commands to configure the package.
-ifneq "$(wildcard /usr/share/misc/config.sub)" ""
-	cp -f /usr/share/misc/config.sub config.sub
+AUTORECONF = --with autoreconf
 endif
-ifneq "$(wildcard /usr/share/misc/config.guess)" ""
-	cp -f /usr/share/misc/config.guess config.guess
-endif
-	chmod a+x configure
-	./configure $(CROSS) --prefix=/usr --mandir=\$${prefix}/share/man --infodir=\$${prefix}/share/info CFLAGS="$(CFLAGS)" LDFLAGS="-Wl,-z,defs" --disable-clamav
-
-
-build: build-stamp
-build-stamp:  config.status 
-	dh_testdir
-
-	# Add here commands to compile the package.
-	$(MAKE)
-
-	touch $@
-
-clean: 
-	dh_testdir
-	dh_testroot
-	rm -f build-stamp 
-
-	# Add here commands to clean up after the build process.
-	[ ! -f Makefile ] || $(MAKE) distclean
-	rm -f config.sub config.guess
-
-	dh_clean 
-
-install: build
-	dh_testdir
-	dh_testroot
-	dh_prep  
-	dh_installdirs
-
-	# Add here commands to install the package into debian/tmp
-	$(MAKE) DESTDIR=$(CURDIR)/debian/tmp install
-
-
-# Build architecture-independent files here.
-binary-indep: install
-# We have nothing to do by default.
 
-# Build architecture-dependent files here.
-binary-arch: install
-	dh_testdir
-	dh_testroot
-	dh_install
-	dh_installdocs
-	dh_installchangelogs -XChangeLog
-	dh_link
-	dh_strip
-	dh_compress
-	dh_fixperms
-	dh_makeshlibs
-	dh_installdeb
-	dh_shlibdeps
-	dh_gencontrol
-	dh_md5sums
-	dh_builddeb
+%:
+	dh $@ --parallel $(AUTORECONF)
 
-binary: binary-indep binary-arch
-.PHONY: build clean binary-indep binary-arch binary install 
+override_dh_auto_configure:
+	dh_auto_configure -- $(shell DEB_LDFLAGS_MAINT_APPEND="-Wl,-z,defs" \
+		DEB_CFLAGS_MAINT_APPEND="-D_FILE_OFFSET_BITS=64" dpkg-buildflags --export=configure) \
+		--disable-clamav
+
+override_dh_auto_build-arch:
+	dh_auto_build -a -- V=1
+
+override_dh_auto_install:
+	dh_auto_install
+	rm debian/libclamunrar6/usr/lib/*.la
+	rm debian/libclamunrar6/usr/lib/*.so
diff -Nru libclamunrar-0.96.4/debian/source/format libclamunrar-0.98.5/debian/source/format
--- libclamunrar-0.96.4/debian/source/format	1969-12-31 19:00:00.000000000 -0500
+++ libclamunrar-0.98.5/debian/source/format	2014-11-25 15:45:33.000000000 -0500
@@ -0,0 +1 @@
+3.0 (quilt)
diff -Nru libclamunrar-0.96.4/libclamunrar/unrar20.c libclamunrar-0.98.5/libclamunrar/unrar20.c
--- libclamunrar-0.96.4/libclamunrar/unrar20.c	2010-07-30 08:25:17.000000000 -0400
+++ libclamunrar-0.98.5/libclamunrar/unrar20.c	2014-11-13 17:30:43.000000000 -0500
@@ -2,6 +2,7 @@
  *  Extract RAR archives
  *
  *  Copyright (C) 2005 t...@uncon.org
+ *  Patches added by Sourcefire, Inc. Copyright (C) 2007-2013
  *
  *  This code is based on the work of Alexander L. Roshal (C)
  *
@@ -100,8 +101,9 @@
 		rar_addbits(unpack_data, 4);
 	}
 	rar_make_decode_tables(bit_length, (struct Decode *)&unpack_data->BD, BC20);
-	i=0;
-	while (i < table_size) {
+
+	memset(table, 0, sizeof(table));
+	for (i=0; i<table_size;) {
 		if (unpack_data->in_addr > unpack_data->read_top-5) {
 			if (!rar_unp_read_buf(fd, unpack_data)) {
 				return FALSE;
diff -Nru libclamunrar-0.96.4/libclamunrar/unrar.c libclamunrar-0.98.5/libclamunrar/unrar.c
--- libclamunrar-0.96.4/libclamunrar/unrar.c	2010-07-30 08:25:17.000000000 -0400
+++ libclamunrar-0.98.5/libclamunrar/unrar.c	2014-11-13 17:30:43.000000000 -0500
@@ -2,6 +2,7 @@
  *  Extract RAR archives
  *
  *  Copyright (C) 2005-2006 t...@uncon.org
+ *  Patches added by Sourcefire, Inc. Copyright (C) 2007-2013
  *
  *  This code is based on the work of Alexander L. Roshal (C)
  *
@@ -447,7 +448,7 @@
 		}
 	}
 	rar_make_decode_tables(bit_length,(struct Decode *)&unpack_data->BD,BC);
-	
+	memset(table, 0, sizeof(table));
 	for (i=0;i<table_size;) {
 		if (unpack_data->in_addr > unpack_data->read_top-5) {
 			if (!rar_unp_read_buf(fd, unpack_data)) {
diff -Nru libclamunrar-0.96.4/libclamunrar/unrarvm.c libclamunrar-0.98.5/libclamunrar/unrarvm.c
--- libclamunrar-0.96.4/libclamunrar/unrarvm.c	2010-08-06 12:04:57.000000000 -0400
+++ libclamunrar-0.98.5/libclamunrar/unrarvm.c	2014-11-13 17:30:43.000000000 -0500
@@ -2,6 +2,7 @@
  *  Extract RAR archives
  *
  *  Copyright (C) 2005-2006 t...@uncon.org
+ *  Patches added by Sourcefire, Inc. Copyright (C) 2007-2013
  *
  *  This code is based on the work of Alexander L. Roshal (C)
  *
@@ -994,6 +995,9 @@
 			default: /* make gcc happy */
 				break;
 		}
+		if (cmd->op_code > VM_PRINT) {
+			continue; /* don't re-optimize, unlikely anyway */
+		}
 		if ((vm_cmdflags[cmd->op_code] & VMCF_CHFLAGS) == 0) {
 			continue;
 		}
diff -Nru libclamunrar-0.96.4/libclamunrar_iface/unrar_iface.c libclamunrar-0.98.5/libclamunrar_iface/unrar_iface.c
--- libclamunrar-0.96.4/libclamunrar_iface/unrar_iface.c	2010-10-25 17:47:06.000000000 -0400
+++ libclamunrar-0.98.5/libclamunrar_iface/unrar_iface.c	2014-11-18 16:22:26.000000000 -0500
@@ -1,6 +1,6 @@
 /*
  *  Interface to libclamunrar
- *  Copyright (C) 2007 Sourcefire, Inc.
+ *  Copyright (C) 2007-2013 Sourcefire, Inc.
  *  Authors: Trog, Torok Edvin, Tomasz Kojm
  *
  *  This library is free software; you can redistribute it and/or
@@ -144,6 +144,10 @@
 
     for (;;) {
 	offset = lseek(fd, 0, SEEK_CUR);
+    if (offset == -1) {
+        unrar_dbgmsg("UNRAR: seek: call to lseek() failed in read_block\n");
+        return NULL;
+    }
 	file_header = read_header(fd, FILE_HEAD);
 	if(!file_header)
 	    return NULL;
@@ -168,6 +172,7 @@
 	unrar_dbgmsg("UNRAR: Head Size: %.4x\n", file_header->head_size);
 	if(lseek(fd, file_header->next_offset, SEEK_SET) != file_header->next_offset) {
 	    unrar_dbgmsg("seek: %ld\n", file_header->next_offset);
+            free(file_header);
 	    return NULL;
 	}
 
@@ -310,6 +315,13 @@
 	unrar_comment_header_t *comment_header;
 	unrar_dbgmsg("UNRAR: RAR main comment\n");
 	offset = lseek(fd, 0, SEEK_CUR);
+        if (offset == -1) {
+            unrar_dbgmsg("UNRAR: seek: lseek() call failed in unrar_open\n");
+            free(main_hdr);
+            free(state->comment_dir);
+            free(unpack_data);
+            return UNRAR_ERR;
+        }
 	unrar_dbgmsg("UNRAR: Offset: %x\n", offset);
 	comment_header = read_header(fd, COMM_HEAD);
 	if(comment_header) {
@@ -345,7 +357,16 @@
 	    }
 	    free(comment_header);
 	}
-	lseek(fd, offset, SEEK_SET);
+        if (lseek(fd, offset, SEEK_SET) == -1) {
+            unrar_dbgmsg("UNRAR: seek: call to lseek() failed in unrar_open: %ld\n", offset);
+            free(main_hdr);
+            ppm_destructor(&unpack_data->ppm_data);
+            rar_init_filters(unpack_data);
+            unpack_free_data(unpack_data);
+            free(unpack_data);
+            free(state->comment_dir);
+            return UNRAR_ERR;
+        }
     }
 
     if(main_hdr->head_size > SIZEOF_NEWMHD) {
@@ -419,7 +440,6 @@
 		snprintf(filename, 1024, "%s"PATHSEP"%lu.cmt", state->comment_dir, state->file_count);
 		ofd = open(filename, O_WRONLY|O_CREAT|O_TRUNC|O_BINARY, 0600);
 		if(ofd < 0) {
-		    free(comment_header);
 		    unrar_dbgmsg("UNRAR: ERROR: Failed to open output file\n");
 		} else {
 		    unrar_dbgmsg("UNRAR: Copying file comment (not packed)\n");
diff -Nru libclamunrar-0.96.4/platform.h.in libclamunrar-0.98.5/platform.h.in
--- libclamunrar-0.96.4/platform.h.in	2010-10-25 17:47:06.000000000 -0400
+++ libclamunrar-0.98.5/platform.h.in	2014-11-18 16:22:26.000000000 -0500
@@ -38,8 +38,8 @@
 #define CONFDIR_FRESHCLAM CONFDIR PATHSEP "freshclam.conf"
 #define CONFDIR_MILTER CONFDIR PATHSEP "clamav-milter.conf"
 
-/* Nothing is safe in windows, not even open */
-#define safe_open open
+#define cli_to_utf8_maybe_alloc(x) (x)
+#define cli_strdup_to_utf8(x) strdup(x)
 #ifndef WORDS_BIGENDIAN
 #define WORDS_BIGENDIAN 0
 #endif

Bug#771005: wheezy-pu: package libclamunrar/0.98.5-0+deb7u1

Reply via email to