diff options
| author |   NP-Hardass <NP-Hardass@gentoo.org> | 2017-02-11 12:14:24 -0500 |
|---|---|---|
| committer | NP-Hardass <NP-Hardass@gentoo.org> | 2017-02-11 12:14:47 -0500 |
| commit | dc5768207ff73ee56333736676ca256e578fd0c8 (patch) | |
| tree | fdfea2f952bd81f7b75a955e6e8116bf50f86c23 /app-arch/libarchive | |
| parent | media-libs/xine-lib: FusionSound will disappear in the near future (#596534) (diff) | |
| download | gentoo-dc5768207ff73ee56333736676ca256e578fd0c8.tar.gz gentoo-dc5768207ff73ee56333736676ca256e578fd0c8.tar.bz2 gentoo-dc5768207ff73ee56333736676ca256e578fd0c8.zip | |
app-arch/libarchive: Backport fix for CVE-2017-5601, #607794
https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
Package-Manager: portage-2.3.0
Diffstat (limited to 'app-arch/libarchive')
| -rw-r--r-- | app-arch/libarchive/files/CVE-2017-5601.patch | 24 | ||||
| -rw-r--r-- | app-arch/libarchive/libarchive-3.2.2-r1.ebuild | 125 |
2 files changed, 149 insertions, 0 deletions
diff --git a/app-arch/libarchive/files/CVE-2017-5601.patch b/app-arch/libarchive/files/CVE-2017-5601.patch new file mode 100644 index 000000000000..4ba85ff9072f --- /dev/null +++ b/app-arch/libarchive/files/CVE-2017-5601.patch @@ -0,0 +1,24 @@ +From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001 +From: Martin Matuska <martin@matuska.org> +Date: Thu, 19 Jan 2017 22:00:18 +0100 +Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1() + Fixes a heap buffer overflow reported in Secunia SA74169 + +--- + libarchive/archive_read_support_format_lha.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c +index 52a5531..d77a7c2 100644 +--- a/libarchive/archive_read_support_format_lha.c ++++ b/libarchive/archive_read_support_format_lha.c +@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) + /* Get a real compressed file size. */ + lha->compsize -= extdsize - 2; + ++ if (lha->compsize < 0) ++ goto invalid; /* Invalid compressed file size */ ++ + if (sum_calculated != headersum) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "LHa header sum error"); diff --git a/app-arch/libarchive/libarchive-3.2.2-r1.ebuild b/app-arch/libarchive/libarchive-3.2.2-r1.ebuild new file mode 100644 index 000000000000..e33c0b78cbbc --- /dev/null +++ b/app-arch/libarchive/libarchive-3.2.2-r1.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 +inherit eutils libtool multilib-minimal toolchain-funcs + +DESCRIPTION="BSD tar command" +HOMEPAGE="http://www.libarchive.org/" +SRC_URI="http://www.libarchive.org/downloads/${P}.tar.gz" + +LICENSE="BSD BSD-2 BSD-4 public-domain" +SLOT="0/13" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~amd64-linux ~arm-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" +IUSE="acl +bzip2 +e2fsprogs expat +iconv kernel_linux libressl lz4 +lzma lzo nettle static-libs +threads xattr +zlib" + +RDEPEND=" + acl? ( virtual/acl[${MULTILIB_USEDEP}] ) + bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) + expat? ( dev-libs/expat[${MULTILIB_USEDEP}] ) + !expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] ) + iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] ) + kernel_linux? ( + xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] ) + ) + !libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] ) + libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] ) + lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) + lzma? ( app-arch/xz-utils[threads=,${MULTILIB_USEDEP}] ) + lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] ) + nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] ) + zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + kernel_linux? ( + virtual/os-headers + e2fsprogs? ( sys-fs/e2fsprogs ) + )" + +PATCHES=( + "${FILESDIR}"/CVE-2017-5601.patch +) + +src_prepare() { + default + elibtoolize # is required for Solaris sol2_ld linker fix +} + +multilib_src_configure() { + export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923 + + local myconf=() + myconf=( + $(use_enable acl) + $(use_enable static-libs static) + $(use_enable xattr) + $(use_with bzip2 bz2lib) + $(use_with expat) + $(use_with !expat xml2) + $(use_with iconv) + $(use_with lz4) + $(use_with lzma) + $(use_with lzo lzo2) + $(use_with nettle) + $(use_with zlib) + ) + if multilib_is_native_abi ; then myconf+=( + --enable-bsdcat=$(tc-is-static-only && echo static || echo shared) + --enable-bsdcpio=$(tc-is-static-only && echo static || echo shared) + --enable-bsdtar=$(tc-is-static-only && echo static || echo shared) + ); else myconf+=( + --disable-bsdcat + --disable-bsdcpio + --disable-bsdtar + ); fi + + # We disable lzmadec because we support the newer liblzma from xz-utils + # and not liblzmadec with this version. + myconf+=( + --without-lzmadec + ) + + ECONF_SOURCE="${S}" econf "${myconf[@]}" +} + +multilib_src_compile() { + if multilib_is_native_abi ; then + emake + else + emake libarchive.la + fi +} + +multilib_src_test() { + # Replace the default src_test so that it builds tests in parallel + multilib_is_native_abi && emake check +} + +multilib_src_install() { + if multilib_is_native_abi ; then + emake DESTDIR="${D}" install + + # Create symlinks for FreeBSD + if ! use prefix && [[ ${CHOST} == *-freebsd* ]]; then + # Exclude cat for the time being #589876 + for bin in cpio tar; do + dosym bsd${bin} /usr/bin/${bin} + echo '.so bsd${bin}.1' > "${T}"/${bin}.1 + doman "${T}"/${bin}.1 + done + fi + else + emake DESTDIR="${D}" \ + install-includeHEADERS \ + install-libLTLIBRARIES \ + install-pkgconfigDATA + fi + + # Libs.private: should be used from libarchive.pc instead + prune_libtool_files +} + +multilib_src_install_all() { + cd "${S}" || die + einstalldocs +} |