Mail archive
alpine-aports

[alpine-aports] [PATCH v3.5] main/libarchive: security fixes #6791

From: Sergei Lukin <sergej.lukin_at_gmail.com>
Date: Wed, 1 Feb 2017 09:15:48 +0000

CVE-2017-5601: Out of bounds read in lha_read_file_header_1() function
---
 main/libarchive/APKBUILD            | 21 ++++++++++++++++-----
 main/libarchive/CVE-2017-5601.patch | 24 ++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 5 deletions(-)
 create mode 100644 main/libarchive/CVE-2017-5601.patch
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index 69191829b5..d976f795ab 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
_at_@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Maintainer: Natanael Copa <ncopa_at_alpinelinux.org>
 pkgname=libarchive
 pkgver=3.2.2
-pkgrel=0
+pkgrel=1
 pkgdesc="library that can create and read several streaming archive formats"
 url="http://libarchive.org/"
 arch="all"
_at_@ -10,7 +11,14 @@ depends=""
 depends_dev="zlib-dev bzip2-dev xz-dev acl-dev libressl-dev expat-dev"
 makedepends="$depends_dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
-source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz"
+source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
+	CVE-2017-5601.patch
+	"
+
+# secfixes:
+#   3.2.2-r1:
+#   - CVE-2017-5601.patch
+
 builddir="$srcdir/$pkgname-$pkgver"
 
 build () {
_at_@ -36,6 +44,9 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="1ec00b7dcaf969dd2a5712f85f23c764  libarchive-3.2.2.tar.gz"
-sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f  libarchive-3.2.2.tar.gz"
-sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7  libarchive-3.2.2.tar.gz"
+md5sums="1ec00b7dcaf969dd2a5712f85f23c764  libarchive-3.2.2.tar.gz
+165d8eb95d6083dfd3e8f2453a644497  CVE-2017-5601.patch"
+sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f  libarchive-3.2.2.tar.gz
+572abfaf0e252f855a500bfc17eb711f26be6e94133a8e3bbf929e49b0450533  CVE-2017-5601.patch"
+sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7  libarchive-3.2.2.tar.gz
+c450b0a9eb952b292d3749acd7041b59a0fa72b8f5a284ceaab6665a95336a5b39182addd59628661caf911a6461726ebe1c85c7d39b7d9da84ed6f736ef3e6e  CVE-2017-5601.patch"
diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch
new file mode 100644
index 0000000000..44d5e1779f
--- /dev/null
+++ b/main/libarchive/CVE-2017-5601.patch
_at_@ -0,0 +1,24 @@
+Source:
+https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
+
+commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
+Author: Martin Matuska <martin_at_matuska.org>
+Date:   Thu Jan 19 22:00:18 2017 +0100
+
+    Fail with negative lha->compsize in lha_read_file_header_1()
+    Fixes a heap buffer overflow reported in Secunia SA74169
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index 52a5531b..d77a7c2e 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+_at_@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ 	/* Get a real compressed file size. */
+ 	lha->compsize -= extdsize - 2;
+ 
++	if (lha->compsize < 0)
++		goto invalid;	/* Invalid compressed file size */
++
+ 	if (sum_calculated != headersum) {
+ 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ 		    "LHa header sum error");
-- 
2.11.0
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed Feb 01 2017 - 09:15:48 GMT