diff --git a/CVE-2016-4809.patch b/CVE-2016-4809.patch new file mode 100644 index 0000000..911d540 --- /dev/null +++ b/CVE-2016-4809.patch @@ -0,0 +1,22 @@ +commit fd7e0c02e272913a0a8b6d492c7260dfca0b1408 +Author: Tim Kientzle +Date: Sat May 14 12:37:37 2016 -0700 + + Reject cpio symlinks that exceed 1MB + +diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c +index c2ca85b..b09db0e 100644 +--- a/libarchive/archive_read_support_format_cpio.c ++++ b/libarchive/archive_read_support_format_cpio.c +@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a, + + /* If this is a symlink, read the link contents. */ + if (archive_entry_filetype(entry) == AE_IFLNK) { ++ if (cpio->entry_bytes_remaining > 1024 * 1024) { ++ archive_set_error(&a->archive, ENOMEM, ++ "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte"); ++ return (ARCHIVE_FATAL); ++ } + h = __archive_read_ahead(a, + (size_t)cpio->entry_bytes_remaining, NULL); + if (h == NULL) diff --git a/libarchive.changes b/libarchive.changes index 6f8ed9b..98c924e 100644 --- a/libarchive.changes +++ b/libarchive.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de + +- limit size of symlinks in cpio archives (CVE-2016-4809, boo#984990) + ------------------------------------------------------------------- Mon May 9 08:42:19 UTC 2016 - adrian@suse.de diff --git a/libarchive.spec b/libarchive.spec index b0d0f96..c45cd76 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -56,6 +56,8 @@ BuildRequires: pkg-config BuildRequires: xz-devel BuildRequires: zlib-devel Patch0: libarchive-openssl.patch +# PATCH-FIX-UPSTREAM bnc#984990 +Patch1: CVE-2016-4809.patch %description Libarchive is a programming library that can create and read several @@ -164,6 +166,7 @@ static library for libarchive %if %{with openssl} %patch0 -p0 %endif +%patch1 -p1 %build %if !0%{?skip_autoreconf}