diff options
| author | Alex Vong <alexvong1995@gmail.com> | 2019-01-05 23:20:41 +0800 |
|---|---|---|
| committer | Alex Vong <alexvong1995@gmail.com> | 2019-01-07 05:42:34 +0800 |
| commit | c824dedf711dc4aa33e005fa291a3aec58a9e2e2 (patch) | |
| tree | 9869dce2671ec91de478d2bd63b5aa4fc09690d9 /gnu/packages/patches/libarchive-CVE-2018-1000880.patch | |
| parent | b7ec276e570a4c41d2b333848c7488d65322209c (diff) | |
| download | guix-c824dedf711dc4aa33e005fa291a3aec58a9e2e2.tar.gz | |
gnu: libarchive: Replace with libarchive 3.3.3 and fix CVE-2018-{1000877,1000878,1000880}.
* gnu/packages/backup.scm (libarchive)[source, home-page]: Use HTTPS. [replacement]: New field. (libarchive-3.3.3): New variable. * gnu/packages/patches/libarchive-CVE-2018-1000877.patch, gnu/packages/patches/libarchive-CVE-2018-1000878.patch, gnu/packages/patches/libarchive-CVE-2018-1000880.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them.
Diffstat (limited to 'gnu/packages/patches/libarchive-CVE-2018-1000880.patch')
| -rw-r--r-- | gnu/packages/patches/libarchive-CVE-2018-1000880.patch | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-CVE-2018-1000880.patch b/gnu/packages/patches/libarchive-CVE-2018-1000880.patch new file mode 100644 index 0000000000..6834cabda0 --- /dev/null +++ b/gnu/packages/patches/libarchive-CVE-2018-1000880.patch @@ -0,0 +1,51 @@ +Fix CVE-2018-1000880: + +https://bugs.launchpad.net/ubuntu/+source/libarchive/+bug/1794909 +https://github.com/libarchive/libarchive/pull/1105 +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880 +https://security-tracker.debian.org/tracker/CVE-2018-1000880 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/commit/9c84b7426660c09c18cc349f6d70b5f8168b5680 + +From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001 +From: Daniel Axtens <dja@axtens.net> +Date: Tue, 4 Dec 2018 16:33:42 +1100 +Subject: [PATCH] warc: consume data once read + +The warc decoder only used read ahead, it wouldn't actually consume +data that had previously been printed. This means that if you specify +an invalid content length, it will just reprint the same data over +and over and over again until it hits the desired length. + +This means that a WARC resource with e.g. +Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665 +but only a few hundred bytes of data, causes a quasi-infinite loop. + +Consume data in subsequent calls to _warc_read. + +Found with an AFL + afl-rb + qsym setup. +--- + libarchive/archive_read_support_format_warc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c +index e8753853..e8fc8428 100644 +--- a/libarchive/archive_read_support_format_warc.c ++++ b/libarchive/archive_read_support_format_warc.c +@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off) + return (ARCHIVE_EOF); + } + ++ if (w->unconsumed) { ++ __archive_read_consume(a, w->unconsumed); ++ w->unconsumed = 0U; ++ } ++ + rab = __archive_read_ahead(a, 1U, &nrd); + if (nrd < 0) { + *bsz = 0U; +-- +2.20.1 + |