cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

archivers/libarchive: update to 3.6.1

Browse Source
This commit is contained in:
naddy 2022-04-28 22:21:50 +00:00
parent 36c4fbb44e
commit 297872d47c
5 changed files with 4 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
archivers/libarchive/Makefile
View File

@ -1,8 +1,7 @@
COMMENT= multi-format archive and compression library
DISTNAME= libarchive-3.6.0
REVISION= 1
SHARED_LIBS= archive 12.0 # 19.0
DISTNAME= libarchive-3.6.1
SHARED_LIBS= archive 12.0 # 19.1
CATEGORIES= archivers
HOMEPAGE= https://www.libarchive.org/

4
archivers/libarchive/distinfo
View File

@ -1,2 +1,2 @@
SHA256 (libarchive-3.6.0.tar.xz) = 3yg5F3mcuIZZpbM8ClmPBDUtYZNqvNikj+e2TnSVDec=
SIZE (libarchive-3.6.0.tar.xz) = 6400620
SHA256 (libarchive-3.6.1.tar.xz) = WkEazrl49D5ibwwtGBLd2IB7ZF7YkkU6yr1TI3bBSOY=
SIZE (libarchive-3.6.1.tar.xz) = 5241148

22
archivers/libarchive/patches/patch-libarchive_archive_read_support_format_iso9660_c
View File

@ -1,22 +0,0 @@
From 9ad5f077491b9536f01dadca1724385c39cd7613 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.org>
Date: Wed, 30 Mar 2022 21:14:00 +0200
Subject: [PATCH] ISO reader: fix possible heap buffer overflow in
read_children()
OSS-Fuzz issue: 38764
Fixes #1685
Index: libarchive/archive_read_support_format_iso9660.c
--- libarchive/archive_read_support_format_iso9660.c.orig
+++ libarchive/archive_read_support_format_iso9660.c
@@ -1007,7 +1007,8 @@ read_children(struct archive_read *a, struct file_info
p = b;
b += iso9660->logical_block_size;
step -= iso9660->logical_block_size;
- for (; *p != 0 && p < b && p + *p <= b; p += *p) {
+ for (; *p != 0 && p + DR_name_offset < b && p + *p <= b;
+ p += *p) {
struct file_info *child;
/* N.B.: these special directory identifiers

169
archivers/libarchive/patches/patch-libarchive_archive_read_support_format_rar_c
View File

@ -1,169 +0,0 @@
From 52efa50c69653029687bfc545703b7340b7a51e2 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.org>
Date: Wed, 16 Feb 2022 21:36:41 +0100
Subject: [PATCH] RAR reader: fix heap-use-after-free in RAR (v4) filter code
Rework function expand() to process integer passed by reference
and return an archive error code.
Fixes: 01a2d329dfc7 (support rar filters)
Reported-by: OSS-Fuzz #44547
From 1271f775dc917798ad7d03c3b3bd66bacad03603 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.org>
Date: Sat, 19 Feb 2022 20:43:22 +0100
Subject: [PATCH] RAR reader: fix null-dereference in RAR (v4) filter code
Add safety check to run_filters() and fix return codes
Reported-by: OSS-Fuzz #44843
From db714553712debbc447383f735e022031dc13127 Mon Sep 17 00:00:00 2001
From: Martin Matuska <martin@matuska.org>
Date: Sun, 3 Apr 2022 12:06:24 +0200
Subject: [PATCH] RAR reader: fix heap-use-after-free in run_filters()
OSS-Fuzz issue 46279
Fixes #1715
Index: libarchive/archive_read_support_format_rar.c
--- libarchive/archive_read_support_format_rar.c.orig
+++ libarchive/archive_read_support_format_rar.c
@@ -430,7 +430,7 @@ static int new_node(struct huffman_code *);
static int make_table(struct archive_read *, struct huffman_code *);
static int make_table_recurse(struct archive_read *, struct huffman_code *, int,
struct huffman_table_entry *, int, int);
-static int64_t expand(struct archive_read *, int64_t);
+static int expand(struct archive_read *, int64_t *);
static int copy_from_lzss_window_to_unp(struct archive_read *, const void **,
int64_t, int);
static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *);
@@ -1988,7 +1988,7 @@ read_data_compressed(struct archive_read *a, const voi
return (ARCHIVE_FATAL);
struct rar *rar;
- int64_t start, end, actualend;
+ int64_t start, end;
size_t bs;
int ret = (ARCHIVE_OK), sym, code, lzss_offset, length, i;
@@ -2179,11 +2179,12 @@ read_data_compressed(struct archive_read *a, const voi
end = rar->filters.filterstart;
}
- if ((actualend = expand(a, end)) < 0)
- return ((int)actualend);
+ ret = expand(a, &end);
+ if (ret != ARCHIVE_OK)
+ return (ret);
- rar->bytes_uncopied = actualend - start;
- rar->filters.lastend = actualend;
+ rar->bytes_uncopied = end - start;
+ rar->filters.lastend = end;
if (rar->filters.lastend != rar->filters.filterstart && rar->bytes_uncopied == 0) {
/* Broken RAR files cause this case.
* NOTE: If this case were possible on a normal RAR file
@@ -2825,8 +2826,8 @@ make_table_recurse(struct archive_read *a, struct huff
return ret;
}
-static int64_t
-expand(struct archive_read *a, int64_t end)
+static int
+expand(struct archive_read *a, int64_t *end)
{
static const unsigned char lengthbases[] =
{ 0, 1, 2, 3, 4, 5, 6,
@@ -2873,16 +2874,19 @@ expand(struct archive_read *a, int64_t end)
struct rar *rar = (struct rar *)(a->format->data);
struct rar_br *br = &(rar->br);
- if (rar->filters.filterstart < end)
- end = rar->filters.filterstart;
+ if (rar->filters.filterstart < *end)
+ *end = rar->filters.filterstart;
while (1)
{
- if(lzss_position(&rar->lzss) >= end)
- return end;
+ if(lzss_position(&rar->lzss) >= *end) {
+ return (ARCHIVE_OK);
+ }
- if(rar->is_ppmd_block)
- return lzss_position(&rar->lzss);
+ if(rar->is_ppmd_block) {
+ *end = lzss_position(&rar->lzss);
+ return (ARCHIVE_OK);
+ }
if ((symbol = read_next_symbol(a, &rar->maincode)) < 0)
return (ARCHIVE_FATAL);
@@ -2906,7 +2910,8 @@ expand(struct archive_read *a, int64_t end)
goto truncated_data;
rar->start_new_table = rar_br_bits(br, 1);
rar_br_consume(br, 1);
- return lzss_position(&rar->lzss);
+ *end = lzss_position(&rar->lzss);
+ return (ARCHIVE_OK);
}
else
{
@@ -2917,7 +2922,7 @@ expand(struct archive_read *a, int64_t end)
}
else if(symbol==257)
{
- if (!read_filter(a, &end))
+ if (!read_filter(a, end))
return (ARCHIVE_FATAL);
continue;
}
@@ -3323,14 +3328,43 @@ run_filters(struct archive_read *a)
struct rar *rar = (struct rar *)(a->format->data);
struct rar_filters *filters = &rar->filters;
struct rar_filter *filter = filters->stack;
- size_t start = filters->filterstart;
- size_t end = start + filter->blocklength;
+ struct rar_filter *f;
+ size_t start, end;
+ int64_t tend;
uint32_t lastfilteraddress;
uint32_t lastfilterlength;
int ret;
+ if (filters == NULL || filter == NULL)
+ return (0);
+
+ start = filters->filterstart;
+ end = start + filter->blocklength;
+
filters->filterstart = INT64_MAX;
- end = (size_t)expand(a, end);
+ tend = (int64_t)end;
+ ret = expand(a, &tend);
+ if (ret != ARCHIVE_OK)
+ return 0;
+
+ /* Check if filter stack was modified in expand() */
+ ret = ARCHIVE_FATAL;
+ f = filters->stack;
+ while (f)
+ {
+ if (f == filter)
+ {
+ ret = ARCHIVE_OK;
+ break;
+ }
+ f = f->next;
+ }
+ if (ret != ARCHIVE_OK)
+ return 0;
+
+ if (tend < 0)
+ return 0;
+ end = (size_t)tend;
if (end != start + filter->blocklength)
return 0;

20
archivers/libarchive/patches/patch-libarchive_archive_read_support_format_zip_c
View File

@ -1,20 +0,0 @@
From cfaa28168a07ea4a53276b63068f94fce37d6aff Mon Sep 17 00:00:00 2001
From: Tim Kientzle <kientzle@acm.org>
Date: Thu, 24 Mar 2022 10:35:00 +0100
Subject: [PATCH] ZIP reader: fix possible out-of-bounds read in
zipx_lzma_alone_init()
Fixes #1672
Index: libarchive/archive_read_support_format_zip.c
--- libarchive/archive_read_support_format_zip.c.orig
+++ libarchive/archive_read_support_format_zip.c
@@ -1667,7 +1667,7 @@ zipx_lzma_alone_init(struct archive_read *a, struct zi
*/
/* Read magic1,magic2,lzma_params from the ZIPX stream. */
- if((p = __archive_read_ahead(a, 9, NULL)) == NULL) {
+ if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) {
archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
"Truncated lzma data");
return (ARCHIVE_FATAL);