From 1b7d5242c36d82242f1148cc583ea362d3e83577 Mon Sep 17 00:00:00 2001 From: Mark H Weaver Date: Sat, 11 Oct 2014 22:49:15 -0400 Subject: [PATCH] gnu: libarchive: Apply fixes including for CVE-2013-0211. * gnu/packages/patches/libarchive-CVE-2013-0211.patch, gnu/packages/patches/libarchive-fix-lzo-test-case.patch, gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/backup.scm (libarchive)[source]: Add patches. --- gnu-system.am | 3 + gnu/packages/backup.scm | 6 +- .../patches/libarchive-CVE-2013-0211.patch | 21 +++++ .../libarchive-fix-lzo-test-case.patch | 83 +++++++++++++++++++ ...libarchive-mtree-filename-length-fix.patch | 18 ++++ 5 files changed, 130 insertions(+), 1 deletion(-) create mode 100644 gnu/packages/patches/libarchive-CVE-2013-0211.patch create mode 100644 gnu/packages/patches/libarchive-fix-lzo-test-case.patch create mode 100644 gnu/packages/patches/libarchive-mtree-filename-length-fix.patch diff --git a/gnu-system.am b/gnu-system.am index 6028527e44..2d2eb0631f 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -359,6 +359,9 @@ dist_patch_DATA = \ gnu/packages/patches/inkscape-stray-comma.patch \ gnu/packages/patches/jbig2dec-ignore-testtest.patch \ gnu/packages/patches/kmod-module-directory.patch \ + gnu/packages/patches/libarchive-CVE-2013-0211.patch \ + gnu/packages/patches/libarchive-fix-lzo-test-case.patch \ + gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \ gnu/packages/patches/libbonobo-activation-test-race.patch \ gnu/packages/patches/libevent-dns-tests.patch \ gnu/packages/patches/liboop-mips64-deplibs-fix.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index f4f6d0c42c..1aef75e05b 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -138,7 +138,11 @@ (define-public libarchive version ".tar.gz")) (sha256 (base32 - "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb")))) + "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb")) + (patches + (list (search-patch "libarchive-mtree-filename-length-fix.patch") + (search-patch "libarchive-fix-lzo-test-case.patch") + (search-patch "libarchive-CVE-2013-0211.patch"))))) (build-system gnu-build-system) (inputs `(("zlib" ,zlib) diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch new file mode 100644 index 0000000000..b024a7d4a8 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch @@ -0,0 +1,21 @@ +Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems +Origin: upstream +Bug-Debian: http://bugs.debian.org/703957 +Forwarded: not-needed + +--- libarchive-3.0.4.orig/libarchive/archive_write.c ++++ libarchive-3.0.4/libarchive/archive_write.c +@@ -665,8 +665,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch new file mode 100644 index 0000000000..ffdc0db922 --- /dev/null +++ b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch @@ -0,0 +1,83 @@ +Description: This patch fixes test cases for LZO write support in various + architectures, such as armhf. Writing a certain amount of files would + cause the LZO compressor level 9 to produce a bigger archive than the + default compressor level. +Author: Andres Mejia + +--- a/libarchive/test/test_write_filter_lzop.c ++++ b/libarchive/test/test_write_filter_lzop.c +@@ -39,7 +39,7 @@ + size_t buffsize, datasize; + char path[16]; + size_t used1, used2; +- int i, r, use_prog = 0; ++ int i, r, use_prog = 0, filecount; + + assert((a = archive_write_new()) != NULL); + r = archive_write_add_filter_lzop(a); +@@ -58,9 +58,10 @@ + + datasize = 10000; + assert(NULL != (data = (char *)calloc(1, datasize))); ++ filecount = 10; + + /* +- * Write a 100 files and read them all back. ++ * Write a filecount files and read them all back. + */ + assert((a = archive_write_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); +@@ -77,7 +78,7 @@ + assert((ae = archive_entry_new()) != NULL); + archive_entry_set_filetype(ae, AE_IFREG); + archive_entry_set_size(ae, datasize); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + archive_entry_copy_pathname(ae, path); + assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); +@@ -97,7 +98,7 @@ + } else { + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used1)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +@@ -133,7 +134,7 @@ + archive_write_set_options(a, "lzop:compression-level=9")); + assertEqualIntA(a, ARCHIVE_OK, + archive_write_open_memory(a, buff, buffsize, &used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, path); +@@ -161,7 +162,7 @@ + archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +@@ -186,7 +187,7 @@ + archive_write_set_filter_option(a, NULL, "compression-level", "1")); + assertEqualIntA(a, ARCHIVE_OK, + archive_write_open_memory(a, buff, buffsize, &used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, path); +@@ -216,7 +217,7 @@ + } else { + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch new file mode 100644 index 0000000000..ad94592c05 --- /dev/null +++ b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch @@ -0,0 +1,18 @@ +Description: Patch to fix filename length calculation when writing mtree archives. +Author: Dave Reisner +Origin: upstream + +--- a/libarchive/archive_write_set_format_mtree.c ++++ b/libarchive/archive_write_set_format_mtree.c +@@ -1855,9 +1855,9 @@ + return (ret); + } + +- /* Make a basename from dirname and slash */ ++ /* Make a basename from file->parentdir.s and slash */ + *slash = '\0'; +- file->parentdir.length = slash - dirname; ++ file->parentdir.length = slash - file->parentdir.s; + archive_strcpy(&(file->basename), slash + 1); + return (ret); + }