Change-Id: I22592ddf68af869f2f575cf1ce3a09a61ec31051
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1446
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Vinay Kulkarni <kulkarniv@vmware.com>
(cherry picked from commit aaaecaa2c7f375a8aeadcd5db12748ec96dd53c4)
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1450
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,81 @@ |
0 |
+From 3014e19820ea53c15c90f9d447ca3e668a0b76c6 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Tim Kientzle <kientzle@acm.org> |
|
2 |
+Date: Sat, 28 May 2016 11:50:39 -0700 |
|
3 |
+Subject: [PATCH] Issue 711: Be more careful about verifying filename lengths |
|
4 |
+ when writing ISO9660 archives |
|
5 |
+ |
|
6 |
+* Don't cast size_t to int, since this can lead to overflow |
|
7 |
+ on machines where sizeof(int) < sizeof(size_t) |
|
8 |
+* Check a + b > limit by writing it as |
|
9 |
+ a > limit || b > limit || a + b > limit |
|
10 |
+ to avoid problems when a + b wraps around. |
|
11 |
+--- |
|
12 |
+ libarchive/archive_write_set_format_iso9660.c | 18 ++++++++++-------- |
|
13 |
+ 1 file changed, 10 insertions(+), 8 deletions(-) |
|
14 |
+ |
|
15 |
+diff --git a/libarchive/archive_write_set_format_iso9660.c b/libarchive/archive_write_set_format_iso9660.c |
|
16 |
+index 4d832fb..cb3e54e 100644 |
|
17 |
+--- a/libarchive/archive_write_set_format_iso9660.c |
|
18 |
+@@ -6225,7 +6225,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent, |
|
19 |
+ unsigned char *p; |
|
20 |
+ size_t l; |
|
21 |
+ int r; |
|
22 |
+- int ffmax, parent_len; |
|
23 |
++ size_t ffmax, parent_len; |
|
24 |
+ static const struct archive_rb_tree_ops rb_ops = { |
|
25 |
+ isoent_cmp_node_joliet, isoent_cmp_key_joliet |
|
26 |
+ }; |
|
27 |
+@@ -6239,7 +6239,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent, |
|
28 |
+ else |
|
29 |
+ ffmax = 128; |
|
30 |
+ |
|
31 |
+- r = idr_start(a, idr, isoent->children.cnt, ffmax, 6, 2, &rb_ops); |
|
32 |
++ r = idr_start(a, idr, isoent->children.cnt, (int)ffmax, 6, 2, &rb_ops); |
|
33 |
+ if (r < 0) |
|
34 |
+ return (r); |
|
35 |
+ |
|
36 |
+@@ -6252,7 +6252,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent, |
|
37 |
+ int ext_off, noff, weight; |
|
38 |
+ size_t lt; |
|
39 |
+ |
|
40 |
+- if ((int)(l = np->file->basename_utf16.length) > ffmax) |
|
41 |
++ if ((l = np->file->basename_utf16.length) > ffmax) |
|
42 |
+ l = ffmax; |
|
43 |
+ |
|
44 |
+ p = malloc((l+1)*2); |
|
45 |
+@@ -6285,7 +6285,7 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent, |
|
46 |
+ /* |
|
47 |
+ * Get a length of MBS of a full-pathname. |
|
48 |
+ */ |
|
49 |
+- if ((int)np->file->basename_utf16.length > ffmax) { |
|
50 |
++ if (np->file->basename_utf16.length > ffmax) { |
|
51 |
+ if (archive_strncpy_l(&iso9660->mbs, |
|
52 |
+ (const char *)np->identifier, l, |
|
53 |
+ iso9660->sconv_from_utf16be) != 0 && |
|
54 |
+@@ -6302,7 +6302,9 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent, |
|
55 |
+ |
|
56 |
+ /* If a length of full-pathname is longer than 240 bytes, |
|
57 |
+ * it violates Joliet extensions regulation. */ |
|
58 |
+- if (parent_len + np->mb_len > 240) { |
|
59 |
++ if (parent_len > 240 |
|
60 |
++ || np->mb_len > 240 |
|
61 |
++ || parent_len + np->mb_len > 240) { |
|
62 |
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, |
|
63 |
+ "The regulation of Joliet extensions;" |
|
64 |
+ " A length of a full-pathname of `%s' is " |
|
65 |
+@@ -6314,11 +6316,11 @@ isoent_gen_joliet_identifier(struct archive_write *a, struct isoent *isoent, |
|
66 |
+ |
|
67 |
+ /* Make an offset of the number which is used to be set |
|
68 |
+ * hexadecimal number to avoid duplicate identifier. */ |
|
69 |
+- if ((int)l == ffmax) |
|
70 |
++ if (l == ffmax) |
|
71 |
+ noff = ext_off - 6; |
|
72 |
+- else if ((int)l == ffmax-2) |
|
73 |
++ else if (l == ffmax-2) |
|
74 |
+ noff = ext_off - 4; |
|
75 |
+- else if ((int)l == ffmax-4) |
|
76 |
++ else if (l == ffmax-4) |
|
77 |
+ noff = ext_off - 2; |
|
78 |
+ else |
|
79 |
+ noff = ext_off; |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Multi-format archive and compression library |
2 | 2 |
Name: libarchive |
3 | 3 |
Version: 3.1.2 |
4 |
-Release: 6%{?dist} |
|
4 |
+Release: 7%{?dist} |
|
5 | 5 |
License: BSD 2-Clause License |
6 | 6 |
URL: http://www.libarchive.org/ |
7 | 7 |
Group: System Environment/Development |
... | ... |
@@ -11,6 +11,7 @@ Source0: http://www.libarchive.org/downloads/%{name}-%{version}.tar.gz |
11 | 11 |
%define sha1 libarchive=6a991777ecb0f890be931cec4aec856d1a195489 |
12 | 12 |
Patch0: libarchive-CVE-2013-0211.patch |
13 | 13 |
Patch1: 0001-Add-ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS-option.patch |
14 |
+Patch2: libarchive-CVE-2016-6250.patch |
|
14 | 15 |
|
15 | 16 |
%description |
16 | 17 |
Multi-format archive and compression library |
... | ... |
@@ -25,6 +26,7 @@ It contains the libraries and header files to create applications |
25 | 25 |
%setup -q |
26 | 26 |
%patch0 -p1 |
27 | 27 |
%patch1 -p1 |
28 |
+%patch2 -p1 |
|
28 | 29 |
|
29 | 30 |
%build |
30 | 31 |
export CFLAGS="%{optflags}" |
... | ... |
@@ -54,8 +56,10 @@ find %{buildroot}%{_libdir} -name '*.la' -delete |
54 | 54 |
%{_libdir}/pkgconfig/*.pc |
55 | 55 |
|
56 | 56 |
%changelog |
57 |
-* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.1.2-6 |
|
58 |
-- GA - Bump release of all rpms |
|
57 |
+* Thu Sep 22 2016 Anish Swaminathan <anishs@vmware.com> 3.1.2-7 |
|
58 |
+- Adding patch for security fix CVE-2016-6250 |
|
59 |
+* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 3.1.2-6 |
|
60 |
+- GA - Bump release of all rpms |
|
59 | 61 |
* Mon Oct 12 2015 Xiaolin Li <xiaolinl@vmware.com> 3.1.2-5 |
60 | 62 |
- Moving static lib files to devel package. |
61 | 63 |
* Fri Oct 9 2015 Xiaolin Li <xiaolinl@vmware.com> 3.1.2-4 |