diff options
author | Mark H Weaver <mhw@netris.org> | 2014-10-11 22:49:15 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2014-10-11 23:21:37 -0400 |
commit | 1b7d5242c36d82242f1148cc583ea362d3e83577 (patch) | |
tree | 811341494f3aadb17d5954483c8c7ba610c8bf6b /gnu/packages/patches/libarchive-CVE-2013-0211.patch | |
parent | 36ae58488bfeeb3bc2b314bd16ba37d06b3a13af (diff) | |
download | guix-1b7d5242c36d82242f1148cc583ea362d3e83577.tar.gz |
gnu: libarchive: Apply fixes including for CVE-2013-0211.
* gnu/packages/patches/libarchive-CVE-2013-0211.patch, gnu/packages/patches/libarchive-fix-lzo-test-case.patch, gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/backup.scm (libarchive)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/libarchive-CVE-2013-0211.patch')
-rw-r--r-- | gnu/packages/patches/libarchive-CVE-2013-0211.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch new file mode 100644 index 0000000000..b024a7d4a8 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch @@ -0,0 +1,21 @@ +Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems +Origin: upstream +Bug-Debian: http://bugs.debian.org/703957 +Forwarded: not-needed + +--- libarchive-3.0.4.orig/libarchive/archive_write.c ++++ libarchive-3.0.4/libarchive/archive_write.c +@@ -665,8 +665,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } |