gnu: libarchive: Apply fixes including for CVE-2013-0211.

* gnu/packages/patches/libarchive-CVE-2013-0211.patch,
  gnu/packages/patches/libarchive-fix-lzo-test-case.patch,
  gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/backup.scm (libarchive)[source]: Add patches.
This commit is contained in:
Mark H Weaver 2014-10-11 22:49:15 -04:00
parent 36ae58488b
commit 1b7d5242c3
5 changed files with 130 additions and 1 deletions

View file

@ -359,6 +359,9 @@ dist_patch_DATA = \
gnu/packages/patches/inkscape-stray-comma.patch \
gnu/packages/patches/jbig2dec-ignore-testtest.patch \
gnu/packages/patches/kmod-module-directory.patch \
gnu/packages/patches/libarchive-CVE-2013-0211.patch \
gnu/packages/patches/libarchive-fix-lzo-test-case.patch \
gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
gnu/packages/patches/libbonobo-activation-test-race.patch \
gnu/packages/patches/libevent-dns-tests.patch \
gnu/packages/patches/liboop-mips64-deplibs-fix.patch \

View file

@ -138,7 +138,11 @@ (define-public libarchive
version ".tar.gz"))
(sha256
(base32
"0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))))
"0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
(patches
(list (search-patch "libarchive-mtree-filename-length-fix.patch")
(search-patch "libarchive-fix-lzo-test-case.patch")
(search-patch "libarchive-CVE-2013-0211.patch")))))
(build-system gnu-build-system)
(inputs
`(("zlib" ,zlib)

View file

@ -0,0 +1,21 @@
Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
Origin: upstream
Bug-Debian: http://bugs.debian.org/703957
Forwarded: not-needed
--- libarchive-3.0.4.orig/libarchive/archive_write.c
+++ libarchive-3.0.4/libarchive/archive_write.c
@@ -665,8 +665,13 @@ static ssize_t
_archive_write_data(struct archive *_a, const void *buff, size_t s)
{
struct archive_write *a = (struct archive_write *)_a;
+ const size_t max_write = INT_MAX;
+
archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
ARCHIVE_STATE_DATA, "archive_write_data");
+ /* In particular, this catches attempts to pass negative values. */
+ if (s > max_write)
+ s = max_write;
archive_clear_error(&a->archive);
return ((a->format_write_data)(a, buff, s));
}

View file

@ -0,0 +1,83 @@
Description: This patch fixes test cases for LZO write support in various
architectures, such as armhf. Writing a certain amount of files would
cause the LZO compressor level 9 to produce a bigger archive than the
default compressor level.
Author: Andres Mejia <amejia@debian.org>
--- a/libarchive/test/test_write_filter_lzop.c
+++ b/libarchive/test/test_write_filter_lzop.c
@@ -39,7 +39,7 @@
size_t buffsize, datasize;
char path[16];
size_t used1, used2;
- int i, r, use_prog = 0;
+ int i, r, use_prog = 0, filecount;
assert((a = archive_write_new()) != NULL);
r = archive_write_add_filter_lzop(a);
@@ -58,9 +58,10 @@
datasize = 10000;
assert(NULL != (data = (char *)calloc(1, datasize)));
+ filecount = 10;
/*
- * Write a 100 files and read them all back.
+ * Write a filecount files and read them all back.
*/
assert((a = archive_write_new()) != NULL);
assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
@@ -77,7 +78,7 @@
assert((ae = archive_entry_new()) != NULL);
archive_entry_set_filetype(ae, AE_IFREG);
archive_entry_set_size(ae, datasize);
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
archive_entry_copy_pathname(ae, path);
assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
@@ -97,7 +98,7 @@
} else {
assertEqualIntA(a, ARCHIVE_OK,
archive_read_open_memory(a, buff, used1));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
if (!assertEqualInt(ARCHIVE_OK,
archive_read_next_header(a, &ae)))
@@ -133,7 +134,7 @@
archive_write_set_options(a, "lzop:compression-level=9"));
assertEqualIntA(a, ARCHIVE_OK,
archive_write_open_memory(a, buff, buffsize, &used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
assert((ae = archive_entry_new()) != NULL);
archive_entry_copy_pathname(ae, path);
@@ -161,7 +162,7 @@
archive_read_support_filter_all(a));
assertEqualIntA(a, ARCHIVE_OK,
archive_read_open_memory(a, buff, used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
if (!assertEqualInt(ARCHIVE_OK,
archive_read_next_header(a, &ae)))
@@ -186,7 +187,7 @@
archive_write_set_filter_option(a, NULL, "compression-level", "1"));
assertEqualIntA(a, ARCHIVE_OK,
archive_write_open_memory(a, buff, buffsize, &used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
assert((ae = archive_entry_new()) != NULL);
archive_entry_copy_pathname(ae, path);
@@ -216,7 +217,7 @@
} else {
assertEqualIntA(a, ARCHIVE_OK,
archive_read_open_memory(a, buff, used2));
- for (i = 0; i < 100; i++) {
+ for (i = 0; i < filecount; i++) {
sprintf(path, "file%03d", i);
if (!assertEqualInt(ARCHIVE_OK,
archive_read_next_header(a, &ae)))

View file

@ -0,0 +1,18 @@
Description: Patch to fix filename length calculation when writing mtree archives.
Author: Dave Reisner <dreisner@archlinux.org>
Origin: upstream
--- a/libarchive/archive_write_set_format_mtree.c
+++ b/libarchive/archive_write_set_format_mtree.c
@@ -1855,9 +1855,9 @@
return (ret);
}
- /* Make a basename from dirname and slash */
+ /* Make a basename from file->parentdir.s and slash */
*slash = '\0';
- file->parentdir.length = slash - dirname;
+ file->parentdir.length = slash - file->parentdir.s;
archive_strcpy(&(file->basename), slash + 1);
return (ret);
}