Package: libarchive / 3.1.2-11+deb8u3
Metadata
Package | Version | Patches format |
---|---|---|
libarchive | 3.1.2-11+deb8u3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
examples.patch | (download) |
examples/minitar/minitar.c |
3 3 + 0 - 0 ! |
add autopkgtest support. |
examples offset type.patch | (download) |
examples/minitar/minitar.c |
2 1 + 1 - 0 ! |
fix offset data type in examples. |
mtree filename length fix.patch | (download) |
libarchive/archive_write_set_format_mtree.c |
4 2 + 2 - 0 ! |
patch to fix filename length calculation when writing mtree archives. |
fix lzo test case.patch | (download) |
libarchive/test/test_write_filter_lzop.c |
17 9 + 8 - 0 ! |
this patch fixes test cases for lzo write support in various architectures, such as armhf. Writing a certain amount of files would cause the LZO compressor level 9 to produce a bigger archive than the default compressor level. |
Initialize buff to all zeros.patch | (download) |
libarchive/test/test_archive_write_add_filter_by_name.c |
2 1 + 1 - 0 ! |
initialize buff to all zeros. From 1016793be6f7ff9f451a60c997c356ea83759562 Mon Sep 17 00:00:00 2001 |
Allow the option to use no 2nd stage compression wit.patch | (download) |
libarchive/archive_write_add_filter_lrzip.c |
7 6 + 1 - 0 ! |
allow the option to use no 2nd stage compression with lrzip. From 21b21bc874f31b1379c2c4feb944970ce4459d5c Mon Sep 17 00:00:00 2001 |
Fix test_archive_write_add_filter_by_name_lrzip test.patch | (download) |
libarchive/test/test_archive_write_add_filter_by_name.c |
10 10 + 0 - 0 ! |
fix test_archive_write_add_filter_by_name_lrzip test case. There's some bug in lrzip where small files cannot use 2nd stage compression. See http://ck-hack.blogspot.com/2012/03/lrzip-0612.html?showComment=1337356929450#c3154145708572533571 From d767d7904781794442938df6b0dd29c8da325e03 Mon Sep 17 00:00:00 2001 |
fix CVE 2013 0211.patch | (download) |
libarchive/archive_write.c |
5 5 + 0 - 0 ! |
fix cve-2013-0211: read buffer overflow on 64-bit systems |
Do not overwrite file size if the local file header .patch | (download) |
libarchive/archive_read_support_format_zip.c |
6 4 + 2 - 0 ! |
do not overwrite file size if the local file header has valid file size. This allows us to extract index.xml from Apple iWork '09 format files. |
Add ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS option.patch | (download) |
cpio/bsdcpio.1 |
3 2 + 1 - 0 ! |
add archive_extract_secure_noabsolutepaths option This fixes a directory traversal in the cpio tool. |
Issue 656 Fix CVE 2016 1541 VU 862384.patch | (download) |
libarchive/archive_read_support_format_zip.c |
13 13 + 0 - 0 ! |
[patch] issue #656: fix cve-2016-1541, vu#862384 When reading OS X metadata entries in Zip archives that were stored without compression, libarchive would use the uncompressed entry size to allocate a buffer but would use the compressed entry size to limit the amount of data copied into that buffer. Since the compressed and uncompressed sizes are provided by data in the archive itself, an attacker could manipulate these values to write data beyond the end of the allocated buffer. This fix provides three new checks to guard against such manipulation and to make libarchive generally more robust when handling this type of entry: 1. If an OS X metadata entry is stored without compression, abort the entire archive if the compressed and uncompressed data sizes do not match. 2. When sanity-checking the size of an OS X metadata entry, abort this entry if either the compressed or uncompressed size is larger than 4MB. 3. When copying data into the allocated buffer, check the copy size against both the compressed entry size and uncompressed entry size. |
CVE 2015 8916.patch | (download) |
tar/read.c |
6 6 + 0 - 0 ! |
[patch] issues 396, 397: ignore entries with empty filenames. Bugs in the rar and cab readers lead to returning entries with empty filenames. Make bsdtar resistant to this. Of course, we should also fix the rar and cab readers to handle these cases correctly and either return correctly-populated entries or fail cleanly. |
CVE 2015 8919.patch | (download) |
libarchive/archive_read_support_format_lha.c |
6 4 + 2 - 0 ! |
[patch] issue 402: failed to recognize empty dir name in lha/lzh file When parsing a directory name, we checked for the name length being zero, but not for the first byte being a null byte. Add a similar check for the file case. |
CVE 2015 8920.patch | (download) |
libarchive/archive_read_support_format_ar.c |
21 14 + 7 - 0 ! |
[patch] issue 403: buffer underflow parsing 'ar' header While pruning trailing text from ar filenames, we did not check for an empty filename. This results in reading the byte before the filename on the stack. While here, change a number of ar format issues from WARN to FATAL. It's better to abort on a damaged file than risk reading garbage. No doubt, this will require additional tuning in the future. |
CVE 2015 8921.patch | (download) |
libarchive/archive_entry.c |
20 14 + 6 - 0 ! |
fix read past end of string parsing |
CVE 2015 8922.patch | (download) |
Makefile.am |
3 3 + 0 - 0 ! |
[patch] issue 405: segfault on malformed 7z archive Reject a couple of nonsensical cases. |
CVE 2015 8923.patch | (download) |
Makefile.am |
2 2 + 0 - 0 ! |
[patch] issue 406: segfault on malformed zip archive Issue here was reading a size field as a signed number and then using that as an offset. Fixed by correctly masking the size value to an unsigned result. Includes test based on the archive provided in the issue report. |
CVE 2015 8924.patch | (download) |
libarchive/archive_read_support_format_tar.c |
20 8 + 12 - 0 ! |
[patch] issue 407: tar reader tries to examine last character of an empty filename Of interest: While working on this, I noted that we have an existing test for tar files with empty filenames. That test asserts that the correct behavior here is for the format handler to return the entry with the empty filename and a status of ARCHIVE_OK. Clients need to be robust against empty filenames. |
CVE 2015 8925.patch | (download) |
libarchive/archive_read_support_format_mtree.c |
56 27 + 29 - 0 ! |
[patch] issue 408: fix escaped newline parsing |
CVE 2015 8926.patch | (download) |
libarchive/archive_read_support_format_rar.c |
2 1 + 1 - 0 ! |
[patch] issue 410: segfault on invalid rar archive Libarchive's API passes a void ** which is set by the format to the address of the entry data that was just read. In one particular case, the RAR decompression logic uses a non-NULL value here to indicate that the internal 128k decompression buffer has been filled. But the RAR code took no steps to ensure that the value was set NULL on entry. As a result, a crafted RAR file can trick libarchive into returning to the caller a 128k block of data starting at whatever value was previously in the caller's variable. The fix is simply to set *buff = NULL on entry to the RAR decompression logic. |
CVE 2015 8928.patch | (download) |
libarchive/archive_read_support_format_mtree.c |
53 29 + 24 - 0 ! |
[patch] issue 550: fix out-of-bounds read in mtree. The mtree parser scanned from the end of the string to identify the filename when the filename is the last element of the line. If the filename was the entire line, the logic would scan back to before the start of the string. The revised logic scans from the beginning of the string and remembers the last separator position to locate the trailing filename. |
CVE 2015 8930.patch | (download) |
libarchive/archive_read_support_format_iso9660.c |
43 34 + 9 - 0 ! |
fix segfault via dir loop in malformed iso |
CVE 2015 8931.patch | (download) |
libarchive/archive_read_support_format_mtree.c |
47 25 + 22 - 0 ! |
fix integer overflow parsing time values |
CVE 2015 8932.patch | (download) |
Makefile.am |
1 1 + 0 - 0 ! |
fix crash via invalid compressed data |
CVE 2015 8933.patch | (download) |
libarchive/archive_read_support_format_tar.c |
4 4 + 0 - 0 ! |
[patch] issue #582: reject sparse blocks with negative size or offset, detect overflow when tracking sparse blocks |
CVE 2015 8934.patch | (download) |
Makefile.am |
1 1 + 0 - 0 ! |
[patch] issue 521: properly check reading from lzss decompression buffer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prior code could be tricked into trying to copy data from beyond the end of the internal decompression buffer. Thanks to Hanno Bck for his ongoing fuzz-testing work with libarchive. |
CVE 2016 4300.patch | (download) |
libarchive/archive_read_support_format_7zip.c |
34 21 + 13 - 0 ! |
fix overflow reading 7-zip with large number of substreams |
CVE 2016 4302.patch | (download) |
libarchive/archive_ppmd7.c |
5 5 + 0 - 0 ! |
fix crash via rar files with zero dictionary size |
CVE 2016 4809.patch | (download) |
libarchive/archive_read_support_format_cpio.c |
5 5 + 0 - 0 ! |
[patch] reject cpio symlinks that exceed 1mb |
CVE 2016 5844.patch | (download) |
libarchive/archive_read_support_format_iso9660.c |
4 2 + 2 - 0 ! |
[patch] issue 717: fix integer overflow when computing location of volume descriptor The multiplication here defaulted to 'int' but calculations of file positions should always use int64_t. A simple cast suffices to fix this since the base location is always 32 bits for ISO, so multiplying by the sector size will never overflow a 64-bit integer. |
CVE 2016 7166 Fix a potential crash issue discovered by Alexander .patch | (download) |
Makefile.am |
2 2 + 0 - 0 ! |
[patch] fix a potential crash issue discovered by alexander Cherepanov: It seems bsdtar automatically handles stacked compression. This is a nice feature but it could be problematic when it's completely unlimited. Most clearly it's illustrated with quines: $ curl -sRO http://www.maximumcompression.com/selfgz.gz $ (ulimit -v 10000000 && bsdtar -tvf selfgz.gz) bsdtar: Error opening archive: Can't allocate data for gzip decompression Without ulimit, bsdtar will eat all available memory. This could also be a problem for other applications using libarchive. |
Clarify the limit on number of filters.patch | (download) |
libarchive/archive_read.c |
8 6 + 2 - 0 ! |
[patch] clarify the limit on number of filters |
CVE 2016 6250 Issue 711 Be more careful about verifying filename l.patch | (download) |
libarchive/archive_write_set_format_iso9660.c |
18 10 + 8 - 0 ! |
[patch] issue 711: be more careful about verifying filename lengths when writing ISO9660 archives * Don't cast size_t to int, since this can lead to overflow on machines where sizeof(int) < sizeof(size_t) * Check a + b > limit by writing it as a > limit || b > limit || a + b > limit to avoid problems when a + b wraps around. |
CVE 2016 5418/Test cases for Github Issue 744 745 and 746.patch | (download) |
Makefile.am |
3 3 + 0 - 0 ! |
[patch] test cases for github issue #744, #745, and #746. |
CVE 2016 5418/Fix the test cases for Issue 745 and Issue 746.patch | (download) |
libarchive/test/test_write_disk_secure745.c |
5 4 + 1 - 0 ! |
[patch] fix the test cases for issue #745 and issue #746 Thanks to Doran Moppert for pointing out the inconsistencies here. |
CVE 2016 5418/Issue 744 part of Issue 743 Enforce sandbox with ver.patch | (download) |
libarchive/archive_write_disk_posix.c |
12 11 + 1 - 0 ! |
[patch] issue #744 (part of issue #743): enforce sandbox with very long pathnames Because check_symlinks is handled separately from the deep-directory support, very long pathnames cause problems. Previously, the code ignored most failures to lstat() a path component. In particular, this led to check_symlinks always passing for very long paths, which in turn provides a way to evade the symlink checks in the sandboxing code. We now fail on unrecognized lstat() failures, which plugs this hole at the cost of disabling deep directory support when the user requests sandboxing. TODO: This probably cannot be completely fixed without entirely reimplementing the deep directory support to integrate the symlink checks. I want to reimplement the deep directory hanlding someday anyway; openat() and related system calls now provide a much cleaner way to handle deep directories than the chdir approach used by this code. |
CVE 2016 5418/Fixes for Issue 745 and Issue 746 from Doran Moppert.patch | (download) |
libarchive/archive_write_disk_posix.c |
292 229 + 63 - 0 ! |
[patch] fixes for issue #745 and issue #746 from doran moppert. |