Sync from SUSE:ALP:Source:Standard:1.0 libarchive revision 062a7476f674f366c5219220942adf4e
This commit is contained in:
parent
ea570bba36
commit
704b9ab035
74
CVE-2024-20697-2.patch
Normal file
74
CVE-2024-20697-2.patch
Normal file
@ -0,0 +1,74 @@
|
||||
From bf3940d944640a6cde7fcad0ba1461dd4a132c4f Mon Sep 17 00:00:00 2001
|
||||
From: terrynini38514 <nini@undefined.zip>
|
||||
Date: Wed, 10 Jul 2024 12:37:41 +0800
|
||||
Subject: [PATCH 1/3] Fix CVE-2024-26256
|
||||
|
||||
---
|
||||
libarchive/archive_read_support_format_rar.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
||||
index fb7cfde7b..98ec31f91 100644
|
||||
--- a/libarchive/archive_read_support_format_rar.c
|
||||
+++ b/libarchive/archive_read_support_format_rar.c
|
||||
@@ -3428,6 +3428,12 @@ run_filters(struct archive_read *a)
|
||||
return 0;
|
||||
}
|
||||
|
||||
+ if ( filter->blocklength > VM_MEMORY_SIZE )
|
||||
+ {
|
||||
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
|
||||
+ return 0LL;
|
||||
+ }
|
||||
+
|
||||
ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
|
||||
if (ret != ARCHIVE_OK)
|
||||
return 0;
|
||||
|
||||
From e77203d934cbd90432c00d58f4789ec1d9c18337 Mon Sep 17 00:00:00 2001
|
||||
From: terrynini <terrynini38514@gmail.com>
|
||||
Date: Thu, 8 Aug 2024 11:44:45 +0800
|
||||
Subject: [PATCH 2/3] Update libarchive/archive_read_support_format_rar.c
|
||||
|
||||
Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
|
||||
---
|
||||
libarchive/archive_read_support_format_rar.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
||||
index 98ec31f91..4f8760c5b 100644
|
||||
--- a/libarchive/archive_read_support_format_rar.c
|
||||
+++ b/libarchive/archive_read_support_format_rar.c
|
||||
@@ -3431,7 +3431,7 @@ run_filters(struct archive_read *a)
|
||||
if ( filter->blocklength > VM_MEMORY_SIZE )
|
||||
{
|
||||
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
|
||||
- return 0LL;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
ret = copy_from_lzss_window(a, filters->vm->memory, start, filter->blocklength);
|
||||
|
||||
From 33c0bfc8b8d36bbc2ccfe6f76d1c0cbee06f8397 Mon Sep 17 00:00:00 2001
|
||||
From: terrynini <terrynini38514@gmail.com>
|
||||
Date: Thu, 8 Aug 2024 11:44:51 +0800
|
||||
Subject: [PATCH 3/3] Update libarchive/archive_read_support_format_rar.c
|
||||
|
||||
Co-authored-by: Timothy Lyanguzov <theta682@gmail.com>
|
||||
---
|
||||
libarchive/archive_read_support_format_rar.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
||||
index 4f8760c5b..f4dcb7528 100644
|
||||
--- a/libarchive/archive_read_support_format_rar.c
|
||||
+++ b/libarchive/archive_read_support_format_rar.c
|
||||
@@ -3428,7 +3428,7 @@ run_filters(struct archive_read *a)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- if ( filter->blocklength > VM_MEMORY_SIZE )
|
||||
+ if (filter->blocklength > VM_MEMORY_SIZE)
|
||||
{
|
||||
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, "Bad RAR file data");
|
||||
return 0;
|
||||
29
CVE-2024-48957.patch
Normal file
29
CVE-2024-48957.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b Mon Sep 17 00:00:00 2001
|
||||
From: Wei-Cheng Pan <legnaleurc@gmail.com>
|
||||
Date: Mon, 29 Apr 2024 06:53:19 +0900
|
||||
Subject: [PATCH] fix: OOB in rar audio filter (#2149)
|
||||
|
||||
This patch ensures that `src` won't move ahead of `dst`, so `src` will
|
||||
not OOB. Similar situation like in a1cb648.
|
||||
---
|
||||
libarchive/archive_read_support_format_rar.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
||||
index 619ee81e2..4fc6626ca 100644
|
||||
--- a/libarchive/archive_read_support_format_rar.c
|
||||
+++ b/libarchive/archive_read_support_format_rar.c
|
||||
@@ -3722,6 +3722,13 @@ execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm)
|
||||
memset(&state, 0, sizeof(state));
|
||||
for (j = i; j < length; j += numchannels)
|
||||
{
|
||||
+ /*
|
||||
+ * The src block should not overlap with the dst block.
|
||||
+ * If so it would be better to consider this archive is broken.
|
||||
+ */
|
||||
+ if (src >= dst)
|
||||
+ return 0;
|
||||
+
|
||||
int8_t delta = (int8_t)*src++;
|
||||
uint8_t predbyte, byte;
|
||||
int prederror;
|
||||
29
CVE-2024-48958.patch
Normal file
29
CVE-2024-48958.patch
Normal file
@ -0,0 +1,29 @@
|
||||
From 17d9d73ee92eeb1a08b0a56659d010d8120af33a Mon Sep 17 00:00:00 2001
|
||||
From: Wei-Cheng Pan <legnaleurc@gmail.com>
|
||||
Date: Fri, 26 Apr 2024 13:58:34 +0900
|
||||
Subject: [PATCH] fix: OOB in rar delta filter
|
||||
|
||||
---
|
||||
libarchive/archive_read_support_format_rar.c | 8 ++++++++
|
||||
1 file changed, 8 insertions(+)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
|
||||
index 79669a8f4..619ee81e2 100644
|
||||
--- a/libarchive/archive_read_support_format_rar.c
|
||||
+++ b/libarchive/archive_read_support_format_rar.c
|
||||
@@ -3612,7 +3612,15 @@ execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm)
|
||||
{
|
||||
uint8_t lastbyte = 0;
|
||||
for (idx = i; idx < length; idx += numchannels)
|
||||
+ {
|
||||
+ /*
|
||||
+ * The src block should not overlap with the dst block.
|
||||
+ * If so it would be better to consider this archive is broken.
|
||||
+ */
|
||||
+ if (src >= dst)
|
||||
+ return 0;
|
||||
lastbyte = dst[idx] = lastbyte - *src++;
|
||||
+ }
|
||||
}
|
||||
|
||||
filter->filteredblockaddress = length;
|
||||
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 29 18:45:40 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
||||
|
||||
- Fix CVE-2024-48958, out-of-bounds access in execute_filter_delta
|
||||
(CVE-2024-48958, bsc#1231624)
|
||||
* CVE-2024-48958.patch
|
||||
- Additional patch to fix CVE-2024-20697 (also attributed CVE-2024-26256)
|
||||
(CVE-2024-20697, CVE-2024-26256, bsc#1225972)
|
||||
* CVE-2024-20697-2.patch
|
||||
- Fix CVE-2024-48957, out-of-bounds access in execute_filter_audio
|
||||
(CVE-2024-48957, bsc#1231544)
|
||||
* CVE-2024-48957.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 13 18:19:13 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
|
||||
|
||||
|
||||
@ -46,6 +46,11 @@ Patch2: fix-soversion.patch
|
||||
Patch3: CVE-2024-20696.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1225972 antonio.teixeira@suse.com CVE-2024-20697
|
||||
Patch4: CVE-2024-20697.patch
|
||||
Patch5: CVE-2024-20697-2.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1231544 antonio.teixeira@suse.com CVE-2024-48957
|
||||
Patch6: CVE-2024-48957.patch
|
||||
# PATCH-FIX-UPSTREAM bsc#1231624 antonio.teixeira@suse.com CVE-2024-48958
|
||||
Patch7: CVE-2024-48958.patch
|
||||
BuildRequires: cmake
|
||||
BuildRequires: libacl-devel
|
||||
BuildRequires: libbz2-devel
|
||||
|
||||
Loading…
Reference in New Issue
Block a user