Date: Saturday, February 4, 2017 @ 17:43:31 Author: eworm Revision: 288024
upgpkg: libarchive 3.2.2-4 fix CVE-2017-5601 [0] (FS#52840) [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601 Added: libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch Modified: libarchive/trunk/PKGBUILD -----------------------------------------+ 0002-fixes-a-heap-buffer-overflow.patch | 24 ++++++++++++++++++++++++ PKGBUILD | 12 +++++++++--- 2 files changed, 33 insertions(+), 3 deletions(-) Added: 0002-fixes-a-heap-buffer-overflow.patch =================================================================== --- 0002-fixes-a-heap-buffer-overflow.patch (rev 0) +++ 0002-fixes-a-heap-buffer-overflow.patch 2017-02-04 17:43:31 UTC (rev 288024) @@ -0,0 +1,24 @@ +From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001 +From: Martin Matuska <mar...@matuska.org> +Date: Thu, 19 Jan 2017 22:00:18 +0100 +Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1() + Fixes a heap buffer overflow reported in Secunia SA74169 + +--- + libarchive/archive_read_support_format_lha.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c +index 52a5531..d77a7c2 100644 +--- a/libarchive/archive_read_support_format_lha.c ++++ b/libarchive/archive_read_support_format_lha.c +@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) + /* Get a real compressed file size. */ + lha->compsize -= extdsize - 2; + ++ if (lha->compsize < 0) ++ goto invalid; /* Invalid compressed file size */ ++ + if (sum_calculated != headersum) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "LHa header sum error"); Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-02-04 17:21:16 UTC (rev 288023) +++ PKGBUILD 2017-02-04 17:43:31 UTC (rev 288024) @@ -3,7 +3,7 @@ pkgname=libarchive pkgver=3.2.2 -pkgrel=3 +pkgrel=4 pkgdesc="library that can create and read several streaming archive formats" arch=('i686' 'x86_64') url="http://libarchive.org/"; @@ -12,9 +12,11 @@ options=('strip' 'debug' 'libtool') provides=('libarchive.so') source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"; - '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch') + '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch' + '0002-fixes-a-heap-buffer-overflow.patch') sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4' - '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5') + '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5' + 'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4') prepare() { cd "$pkgname-$pkgver" @@ -21,6 +23,10 @@ # Issue #822: Try harder to detect directories in zip archives patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch + + # Fail with negative lha->compsize in lha_read_file_header_1() + # Fixes a heap buffer overflow reported in Secunia SA74169 + patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch } build() {
