[arch-commits] Commit in libarchive/trunk (2 files)

Christian Hesse eworm at archlinux.org
Sat Feb 4 17:43:32 UTC 2017 

    Date: Saturday, February 4, 2017 @ 17:43:31
  Author: eworm
Revision: 288024

upgpkg: libarchive 3.2.2-4

fix CVE-2017-5601 [0] (FS#52840)

[0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601

Added:
  libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch
Modified:
  libarchive/trunk/PKGBUILD

-----------------------------------------+
 0002-fixes-a-heap-buffer-overflow.patch |   24 ++++++++++++++++++++++++
 PKGBUILD                                |   12 +++++++++---
 2 files changed, 33 insertions(+), 3 deletions(-)

Added: 0002-fixes-a-heap-buffer-overflow.patch
===================================================================
--- 0002-fixes-a-heap-buffer-overflow.patch	                        (rev 0)
+++ 0002-fixes-a-heap-buffer-overflow.patch	2017-02-04 17:43:31 UTC (rev 288024)
@@ -0,0 +1,24 @@
+From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin at matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
+ Fixes a heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index 52a5531..d77a7c2 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ 	/* Get a real compressed file size. */
+ 	lha->compsize -= extdsize - 2;
+ 
++	if (lha->compsize < 0)
++		goto invalid;	/* Invalid compressed file size */
++
+ 	if (sum_calculated != headersum) {
+ 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ 		    "LHa header sum error");

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-02-04 17:21:16 UTC (rev 288023)
+++ PKGBUILD	2017-02-04 17:43:31 UTC (rev 288024)
@@ -3,7 +3,7 @@
 
 pkgname=libarchive
 pkgver=3.2.2
-pkgrel=3
+pkgrel=4
 pkgdesc="library that can create and read several streaming archive formats"
 arch=('i686' 'x86_64')
 url="http://libarchive.org/"
@@ -12,9 +12,11 @@
 options=('strip' 'debug' 'libtool')
 provides=('libarchive.so')
 source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
-        '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch')
+        '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch'
+        '0002-fixes-a-heap-buffer-overflow.patch')
 sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4'
-            '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5')
+            '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5'
+            'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4')
 
 prepare() {
   cd "$pkgname-$pkgver"
@@ -21,6 +23,10 @@
 
   # Issue #822: Try harder to detect directories in zip archives
   patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
+
+  # Fail with negative lha->compsize in lha_read_file_header_1()
+  # Fixes a heap buffer overflow reported in Secunia SA74169
+  patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch
 }
 
 build() {

More information about the arch-commits mailing list