commit libarchive for openSUSE:Factory

h_root Mon, 24 Nov 2014 02:16:32 -0800

Hello community,

here is the log from the commit of package libarchive for openSUSE:Factory 
checked in at 2014-11-24 11:15:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libarchive (Old)
 and      /work/SRC/openSUSE:Factory/.libarchive.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libarchive"

Changes:
--------
--- /work/SRC/openSUSE:Factory/libarchive/libarchive.changes    2014-06-05 
10:49:40.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.libarchive.new/libarchive.changes       
2014-11-24 11:15:39.000000000 +0100
@@ -1,0 +2,5 @@
+Tue Nov 11 12:07:46 UTC 2014 - jseg...@novell.com
+
+- Added CVE-2013-0211.patch to fix CVE-2013-0211 (bnc#800024)
+
+-------------------------------------------------------------------

New:
----
  CVE-2013-0211.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libarchive.spec ++++++
--- /var/tmp/diff_new_pack.dgHdzJ/_old  2014-11-24 11:15:40.000000000 +0100
+++ /var/tmp/diff_new_pack.dgHdzJ/_new  2014-11-24 11:15:40.000000000 +0100
@@ -56,6 +56,7 @@
 BuildRequires:  zlib-devel
 Patch0:         libarchive-openssl.patch
 Patch1:         libarchive-xattr.patch
+Patch2:         CVE-2013-0211.patch
 
 %description
 Libarchive is a programming library that can create and read several
@@ -165,6 +166,7 @@
 %patch0
 %endif
 %patch1 -p1
+%patch2 -p1
 %build
 autoreconf -fiv
 %global optflags    %{optflags} -D_REENTRANT -pipe

++++++ CVE-2013-0211.patch ++++++
Index: libarchive-3.1.2/libarchive/archive_write.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_write.c
+++ libarchive-3.1.2/libarchive/archive_write.c
@@ -671,8 +671,13 @@ static ssize_t
 _archive_write_data(struct archive *_a, const void *buff, size_t s)
 {
        struct archive_write *a = (struct archive_write *)_a;
+  size_t max_write = INT_MAX;
+
        archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
            ARCHIVE_STATE_DATA, "archive_write_data");
+  /* This catches attempts to pass negative values. */
+  if (s > max_write)
+    s = max_write;
        archive_clear_error(&a->archive);
        return ((a->format_write_data)(a, buff, s));
 }
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

commit libarchive for openSUSE:Factory

Reply via email to