From eebe28265f7272376edb44e354de5343c155470b4e782a831aa30f3e7d29c166 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ismail=20D=C3=B6nmez?= Date: Wed, 12 Nov 2014 13:04:38 +0000 Subject: [PATCH] Accepting request 261218 from home:jsegitz:branches:Archiving - Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024) OBS-URL: https://build.opensuse.org/request/show/261218 OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=36 --- CVE-2013-0211.patch | 18 ++++++++++++++++++ libarchive.changes | 5 +++++ libarchive.spec | 2 ++ 3 files changed, 25 insertions(+) create mode 100644 CVE-2013-0211.patch diff --git a/CVE-2013-0211.patch b/CVE-2013-0211.patch new file mode 100644 index 0000000..875e193 --- /dev/null +++ b/CVE-2013-0211.patch @@ -0,0 +1,18 @@ +Index: libarchive-3.1.2/libarchive/archive_write.c +=================================================================== +--- libarchive-3.1.2.orig/libarchive/archive_write.c ++++ libarchive-3.1.2/libarchive/archive_write.c +@@ -671,8 +671,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* This catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } diff --git a/libarchive.changes b/libarchive.changes index 73c98d0..882551f 100644 --- a/libarchive.changes +++ b/libarchive.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 11 12:07:46 UTC 2014 - jsegitz@novell.com + +- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024) + ------------------------------------------------------------------- Wed May 28 17:18:59 UTC 2014 - crrodriguez@opensuse.org diff --git a/libarchive.spec b/libarchive.spec index 5eb6872..9b15883 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -56,6 +56,7 @@ BuildRequires: xz-devel BuildRequires: zlib-devel Patch0: libarchive-openssl.patch Patch1: libarchive-xattr.patch +Patch2: CVE-2013-0211.patch %description Libarchive is a programming library that can create and read several @@ -165,6 +166,7 @@ static library for libarchive %patch0 %endif %patch1 -p1 +%patch2 -p1 %build autoreconf -fiv %global optflags %{optflags} -D_REENTRANT -pipe