diff options
author | Otavio Salvador <otavio@ossystems.com.br> | 2018-09-16 18:16:23 -0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-21 18:45:46 -0700 |
commit | 4622cc08bfd1f195c17b153cc5ff40e939850434 (patch) | |
tree | f8f8cd014c6bca52c70927aad11eb3e370a4e5a4 /meta | |
parent | 611e090acc76761fbb6c6629f350bacd34705e51 (diff) | |
download | poky-4622cc08bfd1f195c17b153cc5ff40e939850434.tar.gz |
libarchive: Update 3.3.2 -> 3.3.3
This upgrades to 3.3.3 release and drop the backported patches when
doing the recipe update.
(From OE-Core rev: 60d99a4e64fdddbbe5863fa5879c813fa004600b)
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | 37 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14501.patch | 79 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch | 37 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch | 33 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/bug929.patch | 38 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive_3.3.3.bb (renamed from meta/recipes-extended/libarchive/libarchive_3.3.2.bb) | 11 |
6 files changed, 3 insertions, 232 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch deleted file mode 100644 index e85fec40aa..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | libarchive-3.3.2: Fix CVE-2017-14166 | ||
2 | |||
3 | [No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935 | ||
4 | |||
5 | archive_read_support_format_xar: heap-based buffer overflow in xml_data | ||
6 | |||
7 | Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71] | ||
8 | CVE: CVE-2017-14166 | ||
9 | Bug: 935 | ||
10 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
11 | |||
12 | diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c | ||
13 | index 7a22beb..93eeacc 100644 | ||
14 | --- a/libarchive/archive_read_support_format_xar.c | ||
15 | +++ b/libarchive/archive_read_support_format_xar.c | ||
16 | @@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) | ||
17 | uint64_t l; | ||
18 | int digit; | ||
19 | |||
20 | + if (char_cnt == 0) | ||
21 | + return (0); | ||
22 | + | ||
23 | l = 0; | ||
24 | digit = *p - '0'; | ||
25 | while (digit >= 0 && digit < 10 && char_cnt-- > 0) { | ||
26 | @@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) | ||
27 | { | ||
28 | int64_t l; | ||
29 | int digit; | ||
30 | - | ||
31 | + | ||
32 | + if (char_cnt == 0) | ||
33 | + return (0); | ||
34 | + | ||
35 | l = 0; | ||
36 | while (char_cnt-- > 0) { | ||
37 | if (*p >= '0' && *p <= '7') | ||
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14501.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14501.patch deleted file mode 100644 index 1038102e6b..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14501.patch +++ /dev/null | |||
@@ -1,79 +0,0 @@ | |||
1 | From f9569c086ff29259c73790db9cbf39fe8fb9d862 Mon Sep 17 00:00:00 2001 | ||
2 | From: John Starks <jostarks@microsoft.com> | ||
3 | Date: Wed, 25 Jul 2018 12:16:34 -0700 | ||
4 | Subject: [PATCH] iso9660: validate directory record length | ||
5 | |||
6 | CVE: CVE-2017-14501 | ||
7 | Upstream-Status: Backport [https://github.com/mmatuska/libarchive/commit/13e87dcd9c37b533127cceb9f3e1e5a38d95e784] | ||
8 | |||
9 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
10 | --- | ||
11 | libarchive/archive_read_support_format_iso9660.c | 17 +++++++++++------ | ||
12 | 1 file changed, 11 insertions(+), 6 deletions(-) | ||
13 | |||
14 | diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c | ||
15 | index f01d37bf..089bb723 100644 | ||
16 | --- a/libarchive/archive_read_support_format_iso9660.c | ||
17 | +++ b/libarchive/archive_read_support_format_iso9660.c | ||
18 | @@ -409,7 +409,8 @@ static int next_entry_seek(struct archive_read *, struct iso9660 *, | ||
19 | struct file_info **); | ||
20 | static struct file_info * | ||
21 | parse_file_info(struct archive_read *a, | ||
22 | - struct file_info *parent, const unsigned char *isodirrec); | ||
23 | + struct file_info *parent, const unsigned char *isodirrec, | ||
24 | + size_t reclen); | ||
25 | static int parse_rockridge(struct archive_read *a, | ||
26 | struct file_info *file, const unsigned char *start, | ||
27 | const unsigned char *end); | ||
28 | @@ -1022,7 +1023,7 @@ read_children(struct archive_read *a, struct file_info *parent) | ||
29 | if (*(p + DR_name_len_offset) == 1 | ||
30 | && *(p + DR_name_offset) == '\001') | ||
31 | continue; | ||
32 | - child = parse_file_info(a, parent, p); | ||
33 | + child = parse_file_info(a, parent, p, b - p); | ||
34 | if (child == NULL) { | ||
35 | __archive_read_consume(a, skip_size); | ||
36 | return (ARCHIVE_FATAL); | ||
37 | @@ -1112,7 +1113,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660) | ||
38 | */ | ||
39 | seenJoliet = iso9660->seenJoliet;/* Save flag. */ | ||
40 | iso9660->seenJoliet = 0; | ||
41 | - file = parse_file_info(a, NULL, block); | ||
42 | + file = parse_file_info(a, NULL, block, vd->size); | ||
43 | if (file == NULL) | ||
44 | return (ARCHIVE_FATAL); | ||
45 | iso9660->seenJoliet = seenJoliet; | ||
46 | @@ -1144,7 +1145,7 @@ choose_volume(struct archive_read *a, struct iso9660 *iso9660) | ||
47 | return (ARCHIVE_FATAL); | ||
48 | } | ||
49 | iso9660->seenJoliet = 0; | ||
50 | - file = parse_file_info(a, NULL, block); | ||
51 | + file = parse_file_info(a, NULL, block, vd->size); | ||
52 | if (file == NULL) | ||
53 | return (ARCHIVE_FATAL); | ||
54 | iso9660->seenJoliet = seenJoliet; | ||
55 | @@ -1749,7 +1750,7 @@ archive_read_format_iso9660_cleanup(struct archive_read *a) | ||
56 | */ | ||
57 | static struct file_info * | ||
58 | parse_file_info(struct archive_read *a, struct file_info *parent, | ||
59 | - const unsigned char *isodirrec) | ||
60 | + const unsigned char *isodirrec, size_t reclen) | ||
61 | { | ||
62 | struct iso9660 *iso9660; | ||
63 | struct file_info *file, *filep; | ||
64 | @@ -1763,7 +1764,11 @@ parse_file_info(struct archive_read *a, struct file_info *parent, | ||
65 | |||
66 | iso9660 = (struct iso9660 *)(a->format->data); | ||
67 | |||
68 | - dr_len = (size_t)isodirrec[DR_length_offset]; | ||
69 | + if (reclen == 0 || reclen < (dr_len = (size_t)isodirrec[DR_length_offset])) { | ||
70 | + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, | ||
71 | + "Invalid directory record length"); | ||
72 | + return (NULL); | ||
73 | + } | ||
74 | name_len = (size_t)isodirrec[DR_name_len_offset]; | ||
75 | location = archive_le32dec(isodirrec + DR_extent_offset); | ||
76 | fsize = toi(isodirrec + DR_size_offset, DR_size_size); | ||
77 | -- | ||
78 | 2.13.3 | ||
79 | |||
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch deleted file mode 100644 index 72e1546435..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch +++ /dev/null | |||
@@ -1,37 +0,0 @@ | |||
1 | From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joerg Sonnenberger <joerg@bec.de> | ||
3 | Date: Sat, 9 Sep 2017 17:47:32 +0200 | ||
4 | Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR | ||
5 | archives. | ||
6 | |||
7 | Reported-By: OSS-Fuzz issue 573 | ||
8 | |||
9 | CVE: CVE-2017-14502 | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> | ||
14 | --- | ||
15 | libarchive/archive_read_support_format_rar.c | 6 +++++- | ||
16 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
17 | |||
18 | diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c | ||
19 | index cbb14c3..751de69 100644 | ||
20 | --- a/libarchive/archive_read_support_format_rar.c | ||
21 | +++ b/libarchive/archive_read_support_format_rar.c | ||
22 | @@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry, | ||
23 | return (ARCHIVE_FATAL); | ||
24 | } | ||
25 | filename[filename_size++] = '\0'; | ||
26 | - filename[filename_size++] = '\0'; | ||
27 | + /* | ||
28 | + * Do not increment filename_size here as the computations below | ||
29 | + * add the space for the terminating NUL explicitly. | ||
30 | + */ | ||
31 | + filename[filename_size] = '\0'; | ||
32 | |||
33 | /* Decoded unicode form is UTF-16BE, so we have to update a string | ||
34 | * conversion object for it. */ | ||
35 | -- | ||
36 | 1.9.1 | ||
37 | |||
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch deleted file mode 100644 index 779ca854eb..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14503.patch +++ /dev/null | |||
@@ -1,33 +0,0 @@ | |||
1 | From 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Mon Sep 17 00:00:00 2001 | ||
2 | From: Joerg Sonnenberger <joerg@bec.de> | ||
3 | Date: Thu, 19 Jul 2018 21:14:53 +0200 | ||
4 | Subject: [PATCH] Reject LHA archive entries with negative size. | ||
5 | |||
6 | CVE: CVE-2017-14503 | ||
7 | Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/2c8c83b9731ff822fad6cc8c670ea5519c366a14] | ||
8 | |||
9 | Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> | ||
10 | --- | ||
11 | libarchive/archive_read_support_format_lha.c | 6 ++++++ | ||
12 | 1 file changed, 6 insertions(+) | ||
13 | |||
14 | diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c | ||
15 | index b8ef4ae1..95c99bb1 100644 | ||
16 | --- a/libarchive/archive_read_support_format_lha.c | ||
17 | +++ b/libarchive/archive_read_support_format_lha.c | ||
18 | @@ -701,6 +701,12 @@ archive_read_format_lha_read_header(struct archive_read *a, | ||
19 | * Prepare variables used to read a file content. | ||
20 | */ | ||
21 | lha->entry_bytes_remaining = lha->compsize; | ||
22 | + if (lha->entry_bytes_remaining < 0) { | ||
23 | + archive_set_error(&a->archive, | ||
24 | + ARCHIVE_ERRNO_FILE_FORMAT, | ||
25 | + "Invalid LHa entry size"); | ||
26 | + return (ARCHIVE_FATAL); | ||
27 | + } | ||
28 | lha->entry_offset = 0; | ||
29 | lha->entry_crc_calculated = 0; | ||
30 | |||
31 | -- | ||
32 | 2.13.3 | ||
33 | |||
diff --git a/meta/recipes-extended/libarchive/libarchive/bug929.patch b/meta/recipes-extended/libarchive/libarchive/bug929.patch deleted file mode 100644 index 2f3254c8dc..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/bug929.patch +++ /dev/null | |||
@@ -1,38 +0,0 @@ | |||
1 | libarchive-3.3.2: Fix bug929 | ||
2 | |||
3 | [No upstream tracking] -- https://github.com/libarchive/libarchive/pull/929 | ||
4 | |||
5 | archive_read_support_format_cpio: header_newc(): Avoid overflow when reading corrupt | ||
6 | cpio archive | ||
7 | |||
8 | A cpio "newc" archive with a namelength of "FFFFFFFF", if read on a | ||
9 | system with a 32-bit size_t, would result in namelength + name_pad | ||
10 | overflowing 32 bits and libarchive attempting to copy 2^32-1 bytes | ||
11 | from a 2-byte buffer, with appropriately hilarious results. | ||
12 | |||
13 | Check for this overflow and fail; there's no legitimate reason for a | ||
14 | cpio archive to contain a file with a name over 4 billion characters | ||
15 | in length. | ||
16 | |||
17 | Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/bac4659e0b970990e7e3f3a3d239294e96311630] | ||
18 | Bug: 929 | ||
19 | Signed-off-by: Andrej Valek <andrej.valek@siemens.com> | ||
20 | |||
21 | diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c | ||
22 | index ad9f782..1faa64d 100644 | ||
23 | --- a/libarchive/archive_read_support_format_cpio.c | ||
24 | +++ b/libarchive/archive_read_support_format_cpio.c | ||
25 | @@ -633,6 +633,13 @@ header_newc(struct archive_read *a, struct cpio *cpio, | ||
26 | /* Pad name to 2 more than a multiple of 4. */ | ||
27 | *name_pad = (2 - *namelength) & 3; | ||
28 | |||
29 | + /* Make sure that the padded name length fits into size_t. */ | ||
30 | + if ((size_t)(*namelength + *name_pad) < *namelength) { | ||
31 | + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, | ||
32 | + "cpio archive has invalid namelength"); | ||
33 | + return (ARCHIVE_FATAL); | ||
34 | + } | ||
35 | + | ||
36 | /* | ||
37 | * Note: entry_bytes_remaining is at least 64 bits and | ||
38 | * therefore guaranteed to be big enough for a 33-bit file | ||
diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.2.bb b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb index e3d90b276a..eabab16770 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.3.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.3.3.bb | |||
@@ -32,16 +32,11 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," | |||
32 | EXTRA_OECONF += "--enable-largefile" | 32 | EXTRA_OECONF += "--enable-largefile" |
33 | 33 | ||
34 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ | 34 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ |
35 | file://bug929.patch \ | ||
36 | file://CVE-2017-14166.patch \ | ||
37 | file://CVE-2017-14502.patch \ | ||
38 | file://non-recursive-extract-and-list.patch \ | 35 | file://non-recursive-extract-and-list.patch \ |
39 | file://CVE-2017-14503.patch \ | 36 | " |
40 | file://CVE-2017-14501.patch \ | ||
41 | " | ||
42 | 37 | ||
43 | SRC_URI[md5sum] = "4583bd6b2ebf7e0e8963d90879eb1b27" | 38 | SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120" |
44 | SRC_URI[sha256sum] = "ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce" | 39 | SRC_URI[sha256sum] = "ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e" |
45 | 40 | ||
46 | inherit autotools update-alternatives pkgconfig | 41 | inherit autotools update-alternatives pkgconfig |
47 | 42 | ||