diff options
| -rw-r--r-- | meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch | 38 | ||||
| -rw-r--r-- | meta/recipes-extended/libarchive/libarchive_3.1.2.bb | 1 |
2 files changed, 39 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch new file mode 100644 index 0000000000..126f80e044 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/libarchive-CVE-2013-0211.patch | |||
| @@ -0,0 +1,38 @@ | |||
| 1 | From 2f55d6bd308ea61975558c2469ae349dba297e89 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Robert Yang <liezhi.yang@windriver.com> | ||
| 3 | Date: Sat, 22 Feb 2014 14:35:59 +0800 | ||
| 4 | Subject: [PATCH] Fix CVE-2013-0211 | ||
| 5 | |||
| 6 | This patch comes from:https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4 | ||
| 7 | |||
| 8 | Upstream-Status: Backport | ||
| 9 | |||
| 10 | Signed-off-by: Baogen shang <baogen.shang@windriver.com> | ||
| 11 | |||
| 12 | Update the patch because of uprev on 20140222 | ||
| 13 | |||
| 14 | Signed-off-by: Robert Yang <liezhi.yang@windriver.com> | ||
| 15 | --- | ||
| 16 | libarchive/archive_write.c | 4 ++++ | ||
| 17 | 1 file changed, 4 insertions(+) | ||
| 18 | |||
| 19 | diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c | ||
| 20 | index a3d1a33..a323588 100644 | ||
| 21 | --- a/libarchive/archive_write.c | ||
| 22 | +++ b/libarchive/archive_write.c | ||
| 23 | @@ -671,8 +671,12 @@ static ssize_t | ||
| 24 | _archive_write_data(struct archive *_a, const void *buff, size_t s) | ||
| 25 | { | ||
| 26 | struct archive_write *a = (struct archive_write *)_a; | ||
| 27 | + const size_t max_write = INT_MAX; | ||
| 28 | archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, | ||
| 29 | ARCHIVE_STATE_DATA, "archive_write_data"); | ||
| 30 | + /* In particular, this catches attempts to pass negative values. */ | ||
| 31 | + if (s > max_write) | ||
| 32 | + s = max_write; | ||
| 33 | archive_clear_error(&a->archive); | ||
| 34 | return ((a->format_write_data)(a, buff, s)); | ||
| 35 | } | ||
| 36 | -- | ||
| 37 | 1.8.2.1 | ||
| 38 | |||
diff --git a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb index 2556dc8898..d5599e0eb6 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.1.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.1.2.bb | |||
| @@ -26,6 +26,7 @@ PACKAGECONFIG[libxml2] = "--with-xml2,--without-xml2,libxml2," | |||
| 26 | PACKAGECONFIG[expat] = "--with-expat,--without-expat,expat," | 26 | PACKAGECONFIG[expat] = "--with-expat,--without-expat,expat," |
| 27 | 27 | ||
| 28 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ | 28 | SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ |
| 29 | file://libarchive-CVE-2013-0211.patch \ | ||
| 29 | " | 30 | " |
| 30 | 31 | ||
| 31 | SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a" | 32 | SRC_URI[md5sum] = "efad5a503f66329bb9d2f4308b5de98a" |