BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libarchive: 3.3.2 -> 3.3.3

Browse source 
Update includes patches for sec issues:
- CVE-2017-14166
- CVE-2017-14501
- CVE-2017-14502
- Upstream includes patch for libressl version check

fixes #49583
This commit is contained in:
Periklis Tsirakidis 2018-11-01 12:45:04 +01:00 committed by Jörg Thalheim
parent cb2a3bc577
commit 95fa7b6370
No known key found for this signature in database
GPG key ID: CA4106B8D7CC79FA
3 changed files with 2 additions and 77 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
pkgs/development/libraries/libarchive/CVE-2017-14166.patch
View file

@ -1,36 +0,0 @@
From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Tue, 5 Sep 2017 18:12:19 +0200
Subject: [PATCH] Do something sensible for empty strings to make fuzzers
happy.
---
libarchive/archive_read_support_format_xar.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
index 7a22beb9d..93eeacc5e 100644
--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
uint64_t l;
int digit;
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
digit = *p - '0';
while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
{
int64_t l;
int digit;
-
+
+ if (char_cnt == 0)
+ return (0);
+
l = 0;
while (char_cnt-- > 0) {
if (*p >= '0' && *p <= '7')

28
pkgs/development/libraries/libarchive/CVE-2017-14502.patch
View file

@ -1,28 +0,0 @@
From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
From: Joerg Sonnenberger <joerg@bec.de>
Date: Sat, 9 Sep 2017 17:47:32 +0200
Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
archives.
Reported-By: OSS-Fuzz issue 573
---
libarchive/archive_read_support_format_rar.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index cbb14c32d..751de6979 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry,
return (ARCHIVE_FATAL);
}
filename[filename_size++] = '\0';
- filename[filename_size++] = '\0';
+ /*
+ * Do not increment filename_size here as the computations below
+ * add the space for the terminating NUL explicitly.
+ */
+ filename[filename_size] = '\0';
/* Decoded unicode form is UTF-16BE, so we have to update a string
* conversion object for it. */

15
pkgs/development/libraries/libarchive/default.nix
View file

@ -10,24 +10,13 @@ assert xarSupport -> libxml2 != null;
stdenv.mkDerivation rec {
name = "libarchive-${version}";
version = "3.3.2";
version = "3.3.3";
src = fetchurl {
url = "${meta.homepage}/downloads/${name}.tar.gz";
sha256 = "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd";
sha256 = "0bhfncid058p7n1n8v29l6wxm3mhdqfassscihbsxfwz3iwb2zms";
};
patches = [
./CVE-2017-14166.patch
./CVE-2017-14502.patch
# LibreSSL patch; this is from upstream, and can be removed when the next release is made.
(fetchpatch {
url = "https://github.com/libarchive/libarchive/commit/5da00ad75b09e262774ec3675bbe4d5a4502a852.patch";
sha256 = "0np1i9r6mfxmbksj7mmf5abpnmlmg63704p9z3ihjh2rnq596c1v";
})
];
outputs = [ "out" "lib" "dev" ];
nativeBuildInputs = [ pkgconfig ];