guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: libarchive: Replace with libarchive 3.3.2 and fix CVE-2017-1


From: Leo Famulari
Subject: 01/01: gnu: libarchive: Replace with libarchive 3.3.2 and fix CVE-2017-14166.
Date: Thu, 7 Sep 2017 14:29:49 -0400 (EDT)

lfam pushed a commit to branch master
in repository guix.

commit 94d671f673d184691cb13d36203e109c13cd4859
Author: Leo Famulari <address@hidden>
Date:   Wed Sep 6 15:43:30 2017 -0400

    gnu: libarchive: Replace with libarchive 3.3.2 and fix CVE-2017-14166.
    
    * gnu/packages/backup.scm (libarchive)[replacement]: New field.
    (libarchive-3.3.2): New variable.
    * gnu/packages/patches/libarchive-CVE-2017-14166.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                       |  1 +
 gnu/packages/backup.scm                            |  9 +++--
 .../patches/libarchive-CVE-2017-14166.patch        | 45 ++++++++++++++++++++++
 3 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index a38e4e2..60e9ff2 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -752,6 +752,7 @@ dist_patch_DATA =                                           
\
   %D%/packages/patches/liba52-link-with-libm.patch             \
   %D%/packages/patches/liba52-set-soname.patch                 \
   %D%/packages/patches/liba52-use-mtune-not-mcpu.patch         \
+  %D%/packages/patches/libarchive-CVE-2017-14166.patch         \
   %D%/packages/patches/libbase-fix-includes.patch              \
   %D%/packages/patches/libbase-use-own-logging.patch           \
   %D%/packages/patches/libbonobo-activation-test-race.patch    \
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index eca69be..006d00e 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -184,6 +184,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
   (package
     (name "libarchive")
+    (replacement libarchive-3.3.2)
     (version "3.3.1")
     (source
      (origin
@@ -239,19 +240,19 @@ archive.  In particular, note that there is currently no 
built-in support for
 random access nor for in-place modification.")
     (license license:bsd-2)))
 
-(define libarchive-3.3.1
+(define libarchive-3.3.2
   (package
     (inherit libarchive)
-    (name "libarchive")
-    (version "3.3.1")
+    (version "3.3.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "http://libarchive.org/downloads/libarchive-";
                            version ".tar.gz"))
+       (patches (search-patches "libarchive-CVE-2017-14166.patch"))
        (sha256
         (base32
-         "1rr40hxlm9vy5z2zb5w7pyfkgd1a4s061qapm83s19accb8mpji9"))))))
+         "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))))
 
 (define-public rdup
   (package
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch 
b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
new file mode 100644
index 0000000..a122848
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-14166:
+
+https://github.com/libarchive/libarchive/issues/935
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166
+
+Patch copied from upstream source repository:
+
+https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
+
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <address@hidden>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+---
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c 
b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d..93eeacc5e 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+       uint64_t l;
+       int digit;
+ 
++      if (char_cnt == 0)
++              return (0);
++
+       l = 0;
+       digit = *p - '0';
+       while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+       int64_t l;
+       int digit;
+-        
++
++      if (char_cnt == 0)
++              return (0);
++
+       l = 0;
+       while (char_cnt-- > 0) {
+               if (*p >= '0' && *p <= '7')



reply via email to

[Prev in Thread] Current Thread [Next in Thread]