summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/libarchive/APKBUILD56
-rw-r--r--system/libarchive/CVE-2017-14166.patch36
-rw-r--r--system/libarchive/penis.patch11
3 files changed, 103 insertions, 0 deletions
diff --git a/system/libarchive/APKBUILD b/system/libarchive/APKBUILD
new file mode 100644
index 000000000..f7d4aa2c4
--- /dev/null
+++ b/system/libarchive/APKBUILD
@@ -0,0 +1,56 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
+# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
+pkgname=libarchive
+pkgver=3.3.2
+pkgrel=2
+pkgdesc="library that can create and read several streaming archive formats"
+url="http://libarchive.org/"
+arch="all"
+license="BSD"
+makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev attr-dev"
+subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
+source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
+ penis.patch
+ CVE-2017-14166.patch"
+options="!check" # needs EUC-JP and KOI8R support in iconv
+builddir="$srcdir/$pkgname-$pkgver"
+
+# secfixes:
+# 3.3.2-r1:
+# - CVE-2017-14166
+
+build () {
+ cd "$builddir"
+ ./configure \
+ --build=$CBUILD \
+ --host=$CHOST \
+ --prefix=/usr \
+ --with-expat \
+ --without-xml2 \
+ --with-bz2lib \
+ --with-zlib \
+ --with-lzma \
+ --with-lz4 \
+ --enable-acl \
+ --enable-xattr \
+ ac_cv_header_linux_fiemap_h=no
+ make
+}
+
+package() {
+ cd "$builddir"
+ make DESTDIR="$pkgdir" install
+}
+
+tools() {
+ pkgdesc="libarchive tools - bsdtar and bsdcpio"
+
+ mkdir -p "$subpkgdir"/usr/
+ mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
+ ln -s bsdtar "$subpkgdir"/usr/bin/tar
+ ln -s bsdcpio "$subpkgdir"/usr/bin/cpio
+}
+
+sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4 libarchive-3.3.2.tar.gz
+3de98af0f97063999a6a06bb7a3d8cfa10b350237497eaf25a990178fe7ff74355445deb21ec9e883faad8ffc7f4e008cd9ac916be63c79b3f4ed2d5741e4336 penis.patch
+7cc9dbafd970c07fb4421b7a72a075cc0a000db77df4432222539c58625c93c45f01a144838b551980bc0c6dc5b4c3ab852eb1433006c3174581ba0897010dbe CVE-2017-14166.patch"
diff --git a/system/libarchive/CVE-2017-14166.patch b/system/libarchive/CVE-2017-14166.patch
new file mode 100644
index 000000000..b729ae41e
--- /dev/null
+++ b/system/libarchive/CVE-2017-14166.patch
@@ -0,0 +1,36 @@
+From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
+From: Joerg Sonnenberger <joerg@bec.de>
+Date: Tue, 5 Sep 2017 18:12:19 +0200
+Subject: [PATCH] Do something sensible for empty strings to make fuzzers
+ happy.
+
+---
+ libarchive/archive_read_support_format_xar.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9d..93eeacc5e 100644
+--- a/libarchive/archive_read_support_format_xar.c
++++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ uint64_t l;
+ int digit;
+
++ if (char_cnt == 0)
++ return (0);
++
+ l = 0;
+ digit = *p - '0';
+ while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ int64_t l;
+ int digit;
+-
++
++ if (char_cnt == 0)
++ return (0);
++
+ l = 0;
+ while (char_cnt-- > 0) {
+ if (*p >= '0' && *p <= '7')
diff --git a/system/libarchive/penis.patch b/system/libarchive/penis.patch
new file mode 100644
index 000000000..c3745979e
--- /dev/null
+++ b/system/libarchive/penis.patch
@@ -0,0 +1,11 @@
+--- libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c.old 2017-02-25 17:37:08.000000000 +0000
++++ libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c 2017-07-04 01:31:03.297134418 +0000
+@@ -1865,7 +1865,7 @@
+ #endif
+ #endif /* defined(HAVE_LINUX_FIEMAP_H) */
+
+-#if defined(SEEK_HOLE) && defined(SEEK_DATA)
++#if defined(SEEK_HOLE) && defined(SEEK_DATA) && defined(__PENIS__)
+
+ /*
+ * SEEK_HOLE sparse interface (FreeBSD, Linux, Solaris)