rpms/libarchive
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import libarchive-3.3.2-8.el8_1

Browse Source
This commit is contained in:
CentOS Sources 2020-01-29 02:31:25 -05:00 committed by Andrew Lukoshko
parent ed02cf7654
commit a5333758ff
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
SOURCES/libarchive-3.3.2-CVE-2019-18408.patch Normal file
View File

@ -0,0 +1,31 @@
From 1abcbf1af5209631ccf4fca4ddcab3c863294c85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= <panovotn@redhat.com>
Date: Wed, 15 Jan 2020 16:10:04 +0100
Subject: [PATCH] RAR reader: fix use after free
If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed
to continue with next archive headers. We need to set rar->start_new_table
after the ppmd7_context got freed, otherwise it won't be allocated again.
---
libarchive/archive_read_support_format_rar.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
index cbb14c32..9c26ef97 100644
--- a/libarchive/archive_read_support_format_rar.c
+++ b/libarchive/archive_read_support_format_rar.c
@@ -1037,8 +1037,10 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff,
case COMPRESS_METHOD_GOOD:
case COMPRESS_METHOD_BEST:
ret = read_data_compressed(a, buff, size, offset);
- if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN)
+ if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) {
__archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc);
+ rar->start_new_table = 1;
+ }
break;
default:
--
2.24.1

6
SPECS/libarchive.spec
View File

@ -2,7 +2,7 @@
Name: libarchive Name: libarchive
Version: 3.3.2 Version: 3.3.2
Release: 7%{?dist} Release: 8%{?dist}
Summary: A library for handling streaming archive formats Summary: A library for handling streaming archive formats
License: BSD License: BSD
@ -16,6 +16,7 @@ Patch3: libarchive-3.3.2-CVE-2018-1000878.patch
Patch4: libarchive-3.3.2-CVE-2018-1000877.patch Patch4: libarchive-3.3.2-CVE-2018-1000877.patch
Patch5: fix-use-after-free-in-delayed-newc.patch Patch5: fix-use-after-free-in-delayed-newc.patch
Patch6: fix-few-obvious-resource-leaks-covscan.patch Patch6: fix-few-obvious-resource-leaks-covscan.patch
Patch7: libarchive-3.3.2-CVE-2019-18408.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: bison BuildRequires: bison
@ -219,6 +220,9 @@ run_testsuite
%changelog %changelog
* Wed Jan 15 2020 Patrik Novotný <panovotn@redhat.com> - 3.3.2-8
- Fix CVE-2019-18408: RAR use-after-free
* Mon May 27 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.3.2-7 * Mon May 27 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.3.2-7
- fix use-after-free in delayed newc link processing (#1602575) - fix use-after-free in delayed newc link processing (#1602575)
- fix a few obvious resource leaks and strcpy() misuses (#1602575) - fix a few obvious resource leaks and strcpy() misuses (#1602575)