diff options
-rw-r--r-- | system/libarchive/APKBUILD | 56 | ||||
-rw-r--r-- | system/libarchive/CVE-2017-14166.patch | 36 | ||||
-rw-r--r-- | system/libarchive/penis.patch | 11 |
3 files changed, 103 insertions, 0 deletions
diff --git a/system/libarchive/APKBUILD b/system/libarchive/APKBUILD new file mode 100644 index 000000000..f7d4aa2c4 --- /dev/null +++ b/system/libarchive/APKBUILD @@ -0,0 +1,56 @@ +# Contributor: Sergei Lukin <sergej.lukin@gmail.com> +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> +pkgname=libarchive +pkgver=3.3.2 +pkgrel=2 +pkgdesc="library that can create and read several streaming archive formats" +url="http://libarchive.org/" +arch="all" +license="BSD" +makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev attr-dev" +subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" +source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz + penis.patch + CVE-2017-14166.patch" +options="!check" # needs EUC-JP and KOI8R support in iconv +builddir="$srcdir/$pkgname-$pkgver" + +# secfixes: +# 3.3.2-r1: +# - CVE-2017-14166 + +build () { + cd "$builddir" + ./configure \ + --build=$CBUILD \ + --host=$CHOST \ + --prefix=/usr \ + --with-expat \ + --without-xml2 \ + --with-bz2lib \ + --with-zlib \ + --with-lzma \ + --with-lz4 \ + --enable-acl \ + --enable-xattr \ + ac_cv_header_linux_fiemap_h=no + make +} + +package() { + cd "$builddir" + make DESTDIR="$pkgdir" install +} + +tools() { + pkgdesc="libarchive tools - bsdtar and bsdcpio" + + mkdir -p "$subpkgdir"/usr/ + mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ + ln -s bsdtar "$subpkgdir"/usr/bin/tar + ln -s bsdcpio "$subpkgdir"/usr/bin/cpio +} + +sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4 libarchive-3.3.2.tar.gz +3de98af0f97063999a6a06bb7a3d8cfa10b350237497eaf25a990178fe7ff74355445deb21ec9e883faad8ffc7f4e008cd9ac916be63c79b3f4ed2d5741e4336 penis.patch +7cc9dbafd970c07fb4421b7a72a075cc0a000db77df4432222539c58625c93c45f01a144838b551980bc0c6dc5b4c3ab852eb1433006c3174581ba0897010dbe CVE-2017-14166.patch" diff --git a/system/libarchive/CVE-2017-14166.patch b/system/libarchive/CVE-2017-14166.patch new file mode 100644 index 000000000..b729ae41e --- /dev/null +++ b/system/libarchive/CVE-2017-14166.patch @@ -0,0 +1,36 @@ +From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 +From: Joerg Sonnenberger <joerg@bec.de> +Date: Tue, 5 Sep 2017 18:12:19 +0200 +Subject: [PATCH] Do something sensible for empty strings to make fuzzers + happy. + +--- + libarchive/archive_read_support_format_xar.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c +index 7a22beb9d..93eeacc5e 100644 +--- a/libarchive/archive_read_support_format_xar.c ++++ b/libarchive/archive_read_support_format_xar.c +@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) + uint64_t l; + int digit; + ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + digit = *p - '0'; + while (digit >= 0 && digit < 10 && char_cnt-- > 0) { +@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) + { + int64_t l; + int digit; +- ++ ++ if (char_cnt == 0) ++ return (0); ++ + l = 0; + while (char_cnt-- > 0) { + if (*p >= '0' && *p <= '7') diff --git a/system/libarchive/penis.patch b/system/libarchive/penis.patch new file mode 100644 index 000000000..c3745979e --- /dev/null +++ b/system/libarchive/penis.patch @@ -0,0 +1,11 @@ +--- libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c.old 2017-02-25 17:37:08.000000000 +0000 ++++ libarchive-3.3.1/libarchive/archive_read_disk_entry_from_file.c 2017-07-04 01:31:03.297134418 +0000 +@@ -1865,7 +1865,7 @@ + #endif + #endif /* defined(HAVE_LINUX_FIEMAP_H) */ + +-#if defined(SEEK_HOLE) && defined(SEEK_DATA) ++#if defined(SEEK_HOLE) && defined(SEEK_DATA) && defined(__PENIS__) + + /* + * SEEK_HOLE sparse interface (FreeBSD, Linux, Solaris) |