aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSergey Lukin <sergej.lukin@gmail.com>2017-02-01 09:09:29 +0000
committerTimo Teräs <timo.teras@iki.fi>2017-02-01 12:34:37 +0000
commit2633b787490d2fbf07717ea3fbe19834224a1ad9 (patch)
tree6c596c48649777ee5b5a025bf7351c2d8810945c
parentc9d1081114d13e615a2bafddd82df7793666aad6 (diff)
downloadaports-2633b787490d2fbf07717ea3fbe19834224a1ad9.tar.bz2
aports-2633b787490d2fbf07717ea3fbe19834224a1ad9.tar.xz
main/libarchive: security fixes #6790
CVE-2017-5601: Out of bounds read in lha_read_file_header_1() function
-rw-r--r--main/libarchive/APKBUILD21
-rw-r--r--main/libarchive/CVE-2017-5601.patch21
2 files changed, 37 insertions, 5 deletions
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index 69191829b5..d976f795ab 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libarchive
pkgver=3.2.2
-pkgrel=0
+pkgrel=1
pkgdesc="library that can create and read several streaming archive formats"
url="http://libarchive.org/"
arch="all"
@@ -10,7 +11,14 @@ depends=""
depends_dev="zlib-dev bzip2-dev xz-dev acl-dev libressl-dev expat-dev"
makedepends="$depends_dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
-source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz"
+source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
+ CVE-2017-5601.patch
+ "
+
+# secfixes:
+# 3.2.2-r1:
+# - CVE-2017-5601.patch
+
builddir="$srcdir/$pkgname-$pkgver"
build () {
@@ -36,6 +44,9 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz"
-sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz"
-sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz"
+md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz
+165d8eb95d6083dfd3e8f2453a644497 CVE-2017-5601.patch"
+sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz
+572abfaf0e252f855a500bfc17eb711f26be6e94133a8e3bbf929e49b0450533 CVE-2017-5601.patch"
+sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz
+c450b0a9eb952b292d3749acd7041b59a0fa72b8f5a284ceaab6665a95336a5b39182addd59628661caf911a6461726ebe1c85c7d39b7d9da84ed6f736ef3e6e CVE-2017-5601.patch"
diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch
new file mode 100644
index 0000000000..4103c2a02e
--- /dev/null
+++ b/main/libarchive/CVE-2017-5601.patch
@@ -0,0 +1,21 @@
+commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
+Author: Martin Matuska <martin@matuska.org>
+Date: Thu Jan 19 22:00:18 2017 +0100
+
+ Fail with negative lha->compsize in lha_read_file_header_1()
+ Fixes a heap buffer overflow reported in Secunia SA74169
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index 52a5531b..d77a7c2e 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ /* Get a real compressed file size. */
+ lha->compsize -= extdsize - 2;
+
++ if (lha->compsize < 0)
++ goto invalid; /* Invalid compressed file size */
++
+ if (sum_calculated != headersum) {
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ "LHa header sum error");