parent
40491ceaad
commit
e79a026fe5
14
libarchive-3.5.3-Fix-CVE-2022-26280.patch
Normal file
14
libarchive-3.5.3-Fix-CVE-2022-26280.patch
Normal file
@ -0,0 +1,14 @@
|
||||
# Patch sources from libarchive upstream
|
||||
# Source: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
|
||||
|
||||
--- libarchive-3.5.3/libarchive/archive_read_support_format_zip.c.old 2022-05-18 08:55:50.861574517 +0000
|
||||
+++ libarchive-3.5.3/libarchive/archive_read_support_format_zip.c 2022-05-18 08:57:03.049574517 +0000
|
||||
@@ -1657,7 +1657,7 @@ zipx_lzma_alone_init(struct archive_read
|
||||
*/
|
||||
|
||||
/* Read magic1,magic2,lzma_params from the ZIPX stream. */
|
||||
- if((p = __archive_read_ahead(a, 9, NULL)) == NULL) {
|
||||
+ if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) {
|
||||
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
|
||||
"Truncated lzma data");
|
||||
return (ARCHIVE_FATAL);
|
@ -2,7 +2,7 @@
|
||||
|
||||
Name: libarchive
|
||||
Version: 3.5.3
|
||||
Release: 1%{?dist}
|
||||
Release: 2%{?dist}
|
||||
Summary: A library for handling streaming archive formats
|
||||
|
||||
License: BSD
|
||||
@ -10,6 +10,8 @@ URL: https://www.libarchive.org/
|
||||
Source0: https://libarchive.org/downloads/%{name}-%{version}.tar.gz
|
||||
|
||||
Patch1: openssl3-rmd160failure.patch
|
||||
# Source: https://github.com/libarchive/libarchive/commit/cfaa28168a07ea4a53276b63068f94fce37d6aff
|
||||
Patch2: %{name}-3.5.3-Fix-CVE-2022-26280.patch
|
||||
|
||||
BuildRequires: automake
|
||||
BuildRequires: bison
|
||||
@ -213,6 +215,9 @@ run_testsuite
|
||||
|
||||
|
||||
%changelog
|
||||
* Wed May 18 2022 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-2
|
||||
- Resolves: CVE-2022-26280
|
||||
|
||||
* Mon Feb 14 2022 Lukas Javorsky <ljavorsk@redhat.com> - 3.5.3-1
|
||||
- Rebase to version 3.5.3
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user