From 7e034d873198bef020ce74093702ac2d9ec0242c Mon Sep 17 00:00:00 2001 From: Tomas Bzatek Date: Thu, 28 Mar 2013 16:13:55 +0100 Subject: [PATCH] Update to 3.1.2 - Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105) --- .gitignore | 1 + ...3-CVE-2013-0211_read_buffer_overflow.patch | 32 +++++++++++++++++++ libarchive.spec | 18 ++++++++--- sources | 2 +- 4 files changed, 48 insertions(+), 5 deletions(-) create mode 100644 libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch diff --git a/.gitignore b/.gitignore index 84b7ad2..686d237 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ libarchive-2.8.4.tar.gz /libarchive-3.0.4.tar.gz /v3.1.1.tar.gz /libarchive-3.1.1.tar.gz +/libarchive-3.1.2.tar.gz diff --git a/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch b/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch new file mode 100644 index 0000000..78427ce --- /dev/null +++ b/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch @@ -0,0 +1,32 @@ +From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Fri, 22 Mar 2013 23:48:41 -0700 +Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a + certain common programming error (passing -1 to write) from leading to other + problems deeper in the library. + +--- + libarchive/archive_write.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c +index eede5e0..be85621 100644 +--- a/libarchive/archive_write.c ++++ b/libarchive/archive_write.c +@@ -673,8 +673,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } +-- +1.8.1 + diff --git a/libarchive.spec b/libarchive.spec index f175b31..6d21eab 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -1,12 +1,12 @@ Name: libarchive -Version: 3.1.1 -Release: 2%{?dist} +Version: 3.1.2 +Release: 1%{?dist} Summary: A library for handling streaming archive formats Group: System Environment/Libraries License: BSD -URL: http://libarchive.github.com/ -Source0:  https://github.com/libarchive/libarchive/archive/%{name}-%{version}.tar.gz +URL: http://www.libarchive.org/ +Source0:  http://www.libarchive.org/downloads/%{name}-%{version}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) @@ -25,6 +25,11 @@ BuildRequires: libunistring-devel BuildRequires: automake autoconf libtool +# CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems +# https://bugzilla.redhat.com/show_bug.cgi?id=927105 +Patch0: libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch + + %description Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio @@ -61,6 +66,7 @@ libarchive packages. %prep %setup -q -n %{name}-%{version} +%patch0 -p1 -b .CVE-2013-0211 %build @@ -119,6 +125,10 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Mar 28 2013 Tomas Bzatek - 3.1.2-1 +- Update to 3.1.2 +- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105) + * Thu Feb 14 2013 Fedora Release Engineering - 3.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild diff --git a/sources b/sources index 3c98732..b146a35 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -b482463d73370bdbe8e234095a6ef6c9 libarchive-3.1.1.tar.gz +efad5a503f66329bb9d2f4308b5de98a libarchive-3.1.2.tar.gz