X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id 27A155C4A93 for ; Wed, 1 Feb 2017 09:40:37 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id h65so35818224lfi.3 for ; Wed, 01 Feb 2017 01:40:37 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=576q3aODyxoUkQp/FVUghLN5VtU92CBZpBw/A1Byvew=; b=FBLZtVOdqJzMyPeu+BBsHHn0IrBMGpVvySN4Yzh8QOnxIGcUjBuLJY+RBKAvQqx1WD xczgzYXmR7QsPiQ9NTLqGRfU5f+u+W4UsrUdSjmlIaAgEVC9mI39dkfdhoC1w3ImCA3o +36kssN2AjGjZIoGzKOr/vJlHnUUYHvKKoL7zZEWbqav5mgX3+It7w2xsVhVO0MvmLSO MKfntSquvVZ863aZYe4VQfRhikFsu7OvLbkfwVBUTdZrtiQ7wWgn7SSFioEhZJk/RG8J EJzPtE8GWpfWyySZCSmiKcqiczFmHocSeIQFkVpi3Co027HuAc4bNHuCNg/PqCZ+8Kd8 yUHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=576q3aODyxoUkQp/FVUghLN5VtU92CBZpBw/A1Byvew=; b=I1AvSaOKNAMTL56rOyDmMis4KtdrZQ04NU/blar9p/IjxXYkRBYO3wzdCeK8BXJmVE NolC6KDI2zqjPx6qXf1Z+gQERTk11bJndLCGD3Ye94C8SNoZhqEnHlC/AiHfh8gDw9D0 foRazIBbiygVTNK08UFLDkjfIzGyiFAxYYCQokDZsO7YGGRn/F8ABefxQEn4Bob7vblG 9s7vkbiGSpwZA3ULBHpULw14Ygs4/4GJLeH8zpg1zOhCbw+6/TXQkO+szQ0JbFSDYqOt kfB8UMoRqVOVUEABWucB51tAH46dLh1WEsJXamG/pSX4mOE2sj3reikLJlwFBMfbOsdJ r0zg== X-Gm-Message-State: AIkVDXI/7tgNI+Fp3rtWTJ76QCb1oYv5RsUJ54CTJmNRTPYEq/Qd6dmhljIkYdqxuNYl1Q== X-Received: by 10.25.34.196 with SMTP id i187mr711566lfi.176.1485942035970; Wed, 01 Feb 2017 01:40:35 -0800 (PST) Received: from v3-2.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id f8sm5630330lji.2.2017.02.01.01.40.35 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 01 Feb 2017 01:40:35 -0800 (PST) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.2] main/libarchive: security upgrade to 3.2.2 - fixes #6794 Date: Wed, 1 Feb 2017 09:40:28 +0000 Message-Id: <1485942028-12495-1-git-send-email-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.4.11 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2017-5601: Out of bounds read in lha_read_file_header_1() function --- 3.2.2 is a security release https://github.com/libarchive/libarchive/blob/master/NEWS#L8 main/libarchive/APKBUILD | 15 +++++++++++---- main/libarchive/CVE-2017-5601.patch | 24 ++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 4 deletions(-) create mode 100644 main/libarchive/CVE-2017-5601.patch diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD index 42649ed..34680c9 100644 --- a/main/libarchive/APKBUILD +++ b/main/libarchive/APKBUILD @@ -1,6 +1,7 @@ +# Contributor: Sergei Lukin # Maintainer: Natanael Copa pkgname=libarchive -pkgver=3.2.1 +pkgver=3.2.2 pkgrel=0 pkgdesc="library that can create and read several streaming archive formats" url="http://libarchive.googlecode.com/" @@ -11,6 +12,7 @@ subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" makedepends="zlib-dev bzip2-dev xz-dev acl-dev openssl-dev expat-dev" depends_dev="$makedepends" source="http://www.libarchive.org/downloads/libarchive-$pkgver.tar.gz + CVE-2017-5601.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -24,6 +26,8 @@ _builddir="$srcdir"/$pkgname-$pkgver # 3.2.1-r0: # - CVE-2016-5418 # - CVE-2016-7166 +# 3.2.2-r0: +# - CVE-2017-5601 prepare() { cd "$_builddir" @@ -57,6 +61,9 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="afa257047d1941a565216edbf0171e72 libarchive-3.2.1.tar.gz" -sha256sums="72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2 libarchive-3.2.1.tar.gz" -sha512sums="a5d43cb0bf36b687fabfbc874e7adc1fa94c563e7f073e107db8d4e79e8d0d8146cb985809f8115fbb882fc2d8a2a477d0a7364e93e6df62f292bb5e9865ec5c libarchive-3.2.1.tar.gz" +md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz +f9bf727dad55bc4c639e4fe12c456d8f CVE-2017-5601.patch" +sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz +300c119e85a49615e2ed34521de77fa8202d1db39bb861998b3e71148c1adcdc CVE-2017-5601.patch" +sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz +a00839e72fa7ccbdbde4b8b5a8e04f96d6eabcaa2d0150393c8273e4855b09d18cbec6fb1e4551d0d1bbc0439e1f41d5341539a0de8a97f821a5281a7bac8494 CVE-2017-5601.patch" diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch new file mode 100644 index 0000000..44d5e17 --- /dev/null +++ b/main/libarchive/CVE-2017-5601.patch @@ -0,0 +1,24 @@ +Source: +https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 + +commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 +Author: Martin Matuska +Date: Thu Jan 19 22:00:18 2017 +0100 + + Fail with negative lha->compsize in lha_read_file_header_1() + Fixes a heap buffer overflow reported in Secunia SA74169 + +diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c +index 52a5531b..d77a7c2e 100644 +--- a/libarchive/archive_read_support_format_lha.c ++++ b/libarchive/archive_read_support_format_lha.c +@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) + /* Get a real compressed file size. */ + lha->compsize -= extdsize - 2; + ++ if (lha->compsize < 0) ++ goto invalid; /* Invalid compressed file size */ ++ + if (sum_calculated != headersum) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "LHa header sum error"); -- 2.4.11 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---