debian/0000775000000000000000000000000013451370123007167 5ustar debian/rules0000775000000000000000000000003512115743002010241 0ustar #!/usr/bin/make -f %: dh $@ debian/source/0000775000000000000000000000000012115744654010501 5ustar debian/source/format0000664000000000000000000000001412115744654011707 0ustar 3.0 (quilt) debian/watch0000664000000000000000000000012312115742174010221 0ustar version=3 http://qa.debian.org/watch/sf.php/advancemame/ advancecomp-(.*)\.tar\.gz debian/control0000664000000000000000000000126713240556116010604 0ustar Source: advancecomp Section: utils Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Piotr Ożarowski Build-Depends: debhelper (>= 9), autotools-dev, zlib1g-dev, tofrodos Standards-Version: 3.9.4 Homepage: http://advancemame.sourceforge.net/ Package: advancecomp Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: collection of recompression utilities AdvanceCOMP contains recompression utilities for your .zip archives, .png images, .mng video clips and .gz files. . For recompression, 7-Zip (http://www.7-zip.com) is used, which generally gives 5-10% more compression than zLib. debian/copyright0000664000000000000000000000626612166634162011144 0ustar This package was debianized by Piotr Ozarowski on Sat, 13 May 2006 21:15:49 +0200. It was downloaded from http://advancemame.sourceforge.net/comp-download.html Copyright Holder: Andrea Mazzoleni Copyright (C) 1999-2013 Andrea Mazzoleni, Filipe Estima License: This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA In addition, as a special exception, Andrea Mazzoleni gives permission to link the code of this program with the MAME library (or with modified versions of MAME that use the same license as MAME), and distribute linked combinations including the two. You must obey the GNU General Public License in all respects for all of the code used other than MAME. If you modify this file, you may extend this exception to your version of the file, but you are not obligated to do so. If you do not wish to do so, delete this exception statement from your version. ----------------------------------------------------------- Files in 7z directory contains some source files from the 7z archive utility. (http://www.7-zip.org) All the files in this directory was originally released with the LGPL license. All the modifications made on the original files must be considered Copyright (C) 2002 Andrea Mazzoleni and released under the LGPL license. On Debian systems, the complete text of the GNU Library General Public License can be found in the file `/usr/share/common-licenses/LGPL-2.1'. ----------------------------------------------------------- Files in zopfli directory contains some source files from the zopfli archive utility. () Copyright 2011 Google Inc. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. On Debian systems, the complete text of the Apache License can be found in the file `/usr/share/common-licenses/Apache-2.0'. ----------------------------------------------------------- The Debian packaging is (C) 2006-2013, Piotr Ozarowski and is licensed under the GPL3 as well. On Debian systems, the complete text of the GNU General Public License can be found in `/usr/share/common-licenses/GPL-3'. debian/compat0000664000000000000000000000000212115744430010367 0ustar 9 debian/patches/0000775000000000000000000000000013451370171010621 5ustar debian/patches/series0000664000000000000000000000005013451134671012034 0ustar CVE-2018-1056.patch CVE-2019-9210.patch debian/patches/CVE-2019-9210.patch0000664000000000000000000000237013451134732013244 0ustar From fcf71a89265c78fc26243574dda3a872574a5c02 Mon Sep 17 00:00:00 2001 From: Andrea Mazzoleni Date: Fri, 1 Mar 2019 20:40:25 +0100 Subject: [PATCH] Fix a buffer overflow with image of invalid size --- doc/history.d | 4 ++-- lib/png.c | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) #diff --git a/doc/history.d b/doc/history.d #index f36ca56..e842c57 100644 #--- a/doc/history.d #+++ b/doc/history.d #@@ -1,8 +1,8 @@ # Name # advcomp - History For AdvanceCOMP # #-AdvanceCOMP Version 2.2 2019/01 #- ) Fixed two crash conditions with invalid PNG/MNG files. #+AdvanceCOMP Version 2.2 2019/03 #+ ) Fixed multiple crash conditions with invalid PNG/MNG files. # # AdvanceCOMP Version 2.1 2018/02 # ) Support ZIPs with data descriptor signature. Index: advancecomp-1.18/lib/png.c =================================================================== --- advancecomp-1.18.orig/lib/png.c +++ advancecomp-1.18/lib/png.c @@ -655,6 +655,11 @@ adv_error adv_png_read_ihdr( } *pix_pixel = pixel; + if (width_align < width) { + error_unsupported_set("Invalid image size"); + goto err; + } + if (data[10] != 0) { /* compression */ error_unsupported_set("Unsupported compression, %d instead of 0", (unsigned)data[10]); goto err; debian/patches/CVE-2018-1056.patch0000664000000000000000000000675413240556105013253 0ustar From 7deeafc02b29cc51d51079e66f4f43f986ff9cc5 Mon Sep 17 00:00:00 2001 From: Andrea Mazzoleni Date: Mon, 12 Feb 2018 22:10:14 +0100 Subject: [PATCH] Fix a crash condition due invalid ZIP data --- HISTORY | 3 ++- doc/history.1 | 4 +++- doc/history.d | 3 ++- doc/history.txt | 3 ++- zip.cc | 20 +++++++++++++++----- zip.h | 4 ++-- 6 files changed, 26 insertions(+), 11 deletions(-) Index: advancecomp-1.18/zip.cc =================================================================== --- advancecomp-1.18.orig/zip.cc 2018-02-13 07:38:26.135474939 -0500 +++ advancecomp-1.18/zip.cc 2018-02-13 07:38:26.131474940 -0500 @@ -456,13 +456,15 @@ string zip_entry::name_get() const } /** Check central directory entry. */ -void zip_entry::check_cent(const unsigned char* buf) const +void zip_entry::check_cent(const unsigned char* buf, unsigned buf_size) const { + if (buf_size < ZIP_CO_FIXED) { + throw error_invalid() << "Invalid central directory data"; + } // check signature if (le_uint32_read(buf+ZIP_CO_central_file_header_signature) != ZIP_C_signature) { throw error_invalid() << "Invalid central directory signature"; } - // check filename_length > 0, can't exist a file without a name if (le_uint16_read(buf+ZIP_CO_filename_length) == 0) { throw error_invalid() << "Empty filename in central directory"; @@ -690,11 +692,11 @@ void zip_entry::save_local(FILE* f) * \param buf Fixed size cent dir. * \param f File seeked after the fixed size cent dir. */ -void zip_entry::load_cent(const unsigned char* buf, unsigned& skip) +void zip_entry::load_cent(const unsigned char* buf, unsigned buf_size, unsigned& skip) { const unsigned char* o_buf = buf; - check_cent(buf); + check_cent(buf, buf_size); // read header info.version_made_by = le_uint8_read(buf+ZIP_CO_version_made_by); @@ -716,6 +718,14 @@ void zip_entry::load_cent(const unsigned info.relative_offset_of_local_header = le_uint32_read(buf+ZIP_CO_relative_offset_of_local_header); buf += ZIP_CO_FIXED; + if (buf_size < info.filename_length + || buf_size < info.central_extra_field_length + || buf_size < info.file_comment_length + || buf_size < ZIP_CO_FIXED + info.filename_length + info.central_extra_field_length + info.file_comment_length + ) { + throw error_invalid() << "Invalid central directory data"; + } + // read filename data_free(file_name); file_name = data_alloc(info.filename_length); @@ -864,7 +874,7 @@ void zip::open() unsigned skip = 0; try { - i->load_cent(data + data_pos, skip); + i->load_cent(data + data_pos, data_size - data_pos, skip); } catch (...) { map.erase(i); throw; Index: advancecomp-1.18/zip.h =================================================================== --- advancecomp-1.18.orig/zip.h 2018-02-13 07:38:26.135474939 -0500 +++ advancecomp-1.18/zip.h 2018-02-13 07:38:26.135474939 -0500 @@ -187,7 +187,7 @@ private: unsigned char* central_extra_field; unsigned char* data; - void check_cent(const unsigned char* buf) const; + void check_cent(const unsigned char* buf, unsigned buf_size) const; void check_local(const unsigned char* buf) const; void check_descriptor(const unsigned char* buf) const; @@ -203,7 +203,7 @@ public: void load_local(const unsigned char* buf, FILE* f, unsigned size); void save_local(FILE* f); - void load_cent(const unsigned char* buf, unsigned& skip); + void load_cent(const unsigned char* buf, unsigned size, unsigned& skip); void save_cent(FILE* f); void unload(); debian/changelog0000664000000000000000000000310313451135216011040 0ustar advancecomp (1.18-1ubuntu0.2) trusty-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2019-9210.patch: fix in lib/png.c. - CVE-2019-9210 -- Leonidas S. Barbosa Wed, 03 Apr 2019 10:51:54 -0300 advancecomp (1.18-1ubuntu0.1) trusty-security; urgency=medium * SECURITY UPDATE: heap buffer overflow while running advzip - debian/patches/CVE-2018-1056.patch: check sizes in zip.cc, zip.h. - CVE-2018-1056 -- Marc Deslauriers Tue, 13 Feb 2018 07:38:31 -0500 advancecomp (1.18-1) unstable; urgency=low * New upstream release -- Piotr Ożarowski Tue, 19 Nov 2013 19:33:03 +0100 advancecomp (1.17-1) unstable; urgency=low * New upstream release - license changed to GPL3 * debian/copyright mentions new zopfil files * Add tofrodos to Build-Depends (used in tests) -- Piotr Ożarowski Mon, 08 Jul 2013 23:34:07 +0200 advancecomp (1.16-1) unstable; urgency=low * New upstream release * CDBS replaced with dh sequencer - debian/compat bumped to 9 * Install HISTORY file as upstream changelog * Standards-Version bumped to 3.9.4 - Homepage field moved from long description to new field (closes: #615182) * Source format changed to 3.0 (quilt) * Changed my address to piotr@debian.org -- Piotr Ożarowski Wed, 06 Mar 2013 23:34:47 +0100 advancecomp (1.15-1) unstable; urgency=low * Initial release (closes: #367112) -- Piotr Ozarowski Sat, 13 May 2006 21:15:49 +0200