diff --git a/CVE-2020-9308.patch b/CVE-2020-9308.patch deleted file mode 100644 index b958d6682a662ad90e953be3f520fc28965a9a42..0000000000000000000000000000000000000000 --- a/CVE-2020-9308.patch +++ /dev/null @@ -1,119 +0,0 @@ -From 09a14a16d91b6326cda53df117f012f890219ed8 Mon Sep 17 00:00:00 2001 -From: Grzegorz Antoniak -Date: Sun, 2 Feb 2020 08:04:41 +0100 -Subject: [PATCH] RAR5 reader: reject files that declare invalid header flags - -One of the fields in RAR5's base block structure is the size of the -header. Some invalid files declare a 0 header size setting, which can -confuse the unpacker. Minimum header size for RAR5 base blocks is 7 -bytes (4 bytes for CRC, and 3 bytes for the rest), so block size of 0 -bytes should be rejected at header parsing stage. - -The fix adds an error condition if header size of 0 bytes is detected. -In this case, the unpacker will not attempt to unpack the file, as the -header is corrupted. - -The commit also adds OSSFuzz #20459 sample to test further regressions -in this area. ---- - Makefile.am | 1 + - libarchive/archive_read_support_format_rar5.c | 17 +++++++++++++++-- - libarchive/test/test_read_format_rar5.c | 15 +++++++++++++++ - ...test_read_format_rar5_block_size_is_too_small.rar.uu | 8 ++++++++ - 4 files changed, 39 insertions(+), 2 deletions(-) - create mode 100644 libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu - -diff --git a/Makefile.am b/Makefile.am -index 781bbf7..c59466f 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -876,6 +876,7 @@ libarchive_test_EXTRA_DIST=\ - libarchive/test/test_read_format_rar5_win32.rar.uu \ - libarchive/test/test_read_format_rar5_arm_filter_on_window_boundary.rar.uu \ - libarchive/test/test_read_format_rar5_different_winsize_on_merge.rar.uu \ -+ libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu \ - libarchive/test/test_read_format_raw.bufr.uu \ - libarchive/test/test_read_format_raw.data.gz.uu \ - libarchive/test/test_read_format_raw.data.Z.uu \ -diff --git a/libarchive/archive_read_support_format_rar5.c b/libarchive/archive_read_support_format_rar5.c -index ce38b1f..970a924 100644 ---- a/libarchive/archive_read_support_format_rar5.c -+++ b/libarchive/archive_read_support_format_rar5.c -@@ -2080,6 +2080,8 @@ static int scan_for_signature(struct archive_read* a); - static int process_base_block(struct archive_read* a, - struct archive_entry* entry) - { -+ const size_t SMALLEST_RAR5_BLOCK_SIZE = 3; -+ - struct rar5* rar = get_context(a); - uint32_t hdr_crc, computed_crc; - size_t raw_hdr_size = 0, hdr_size_len, hdr_size; -@@ -2103,15 +2105,26 @@ static int process_base_block(struct archive_read* a, - return ARCHIVE_EOF; - } - -+ hdr_size = raw_hdr_size + hdr_size_len; -+ - /* Sanity check, maximum header size for RAR5 is 2MB. */ -- if(raw_hdr_size > (2 * 1024 * 1024)) { -+ if(hdr_size > (2 * 1024 * 1024)) { - archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, - "Base block header is too large"); - - return ARCHIVE_FATAL; - } - -- hdr_size = raw_hdr_size + hdr_size_len; -+ /* Additional sanity checks to weed out invalid files. */ -+ if(raw_hdr_size == 0 || hdr_size_len == 0 || -+ hdr_size < SMALLEST_RAR5_BLOCK_SIZE) -+ { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Too small block encountered (%ld bytes)", -+ raw_hdr_size); -+ -+ return ARCHIVE_FATAL; -+ } - - /* Read the whole header data into memory, maximum memory use here is - * 2MB. */ -diff --git a/libarchive/test/test_read_format_rar5.c b/libarchive/test/test_read_format_rar5.c -index bb94d4e..f91521e 100644 ---- a/libarchive/test/test_read_format_rar5.c -+++ b/libarchive/test/test_read_format_rar5.c -@@ -1256,3 +1256,18 @@ DEFINE_TEST(test_read_format_rar5_different_winsize_on_merge) - - EPILOGUE(); - } -+ -+DEFINE_TEST(test_read_format_rar5_block_size_is_too_small) -+{ -+ char buf[4096]; -+ PROLOGUE("test_read_format_rar5_block_size_is_too_small.rar"); -+ -+ /* This file is damaged, so those functions should return failure. -+ * Additionally, SIGSEGV shouldn't be raised during execution -+ * of those functions. */ -+ -+ assertA(archive_read_next_header(a, &ae) != ARCHIVE_OK); -+ assertA(archive_read_data(a, buf, sizeof(buf)) <= 0); -+ -+ EPILOGUE(); -+} -diff --git a/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu -new file mode 100644 -index 0000000..5cad219 ---- /dev/null -+++ b/libarchive/test/test_read_format_rar5_block_size_is_too_small.rar.uu -@@ -0,0 +1,8 @@ -+begin 644 test_read_format_rar5_block_size_is_too_small.rar -+M4F%R(1H'`0"-[P+2``+'(!P,("`@N`,!`B`@("`@("`@("`@("`@("#_("`@ -+M("`@("`@("`@((:Q;2!4-'-^4B`!((WO`M(``O\@$/\@-R`@("`@("`@("`@ -+M``X@("`@("`@____("`@("`@(/\@("`@("`@("`@("#_(+6U,2"UM;6UM[CU -+M)B`@*(0G(`!.`#D\3R``(/__(,+_````-0#_($&%*/HE=C+N`"```"```"`D -+J`)$#("#_("#__P`@__\@_R#_("`@("`@("#_("#__R`@(/__("#__R`" -+` -+end --- -1.8.3.1 - diff --git a/libarchive-3.4.3-lchmod-support-check.patch b/libarchive-3.4.3-lchmod-support-check.patch new file mode 100644 index 0000000000000000000000000000000000000000..82a3499220ab0b68af9d1699c86b5c1834c411c6 --- /dev/null +++ b/libarchive-3.4.3-lchmod-support-check.patch @@ -0,0 +1,63 @@ +From 291d0c218e256750228b731a693e6b96e7ed5449 Mon Sep 17 00:00:00 2001 +From: Martin Matuska +Date: Fri, 22 May 2020 13:03:55 +0200 +Subject: [PATCH] test_write_disk_secure: properly check if lchmod() is + +--- + libarchive/test/test_write_disk_secure.c | 34 +++++++++++++++++++++--- + 1 file changed, 30 insertions(+), 4 deletions(-) + +diff --git a/libarchive/test/test_write_disk_secure.c b/libarchive/test/test_write_disk_secure.c +index 7cd66c4..44b9ea0 100644 +--- a/libarchive/test/test_write_disk_secure.c ++++ b/libarchive/test/test_write_disk_secure.c +@@ -40,6 +40,10 @@ DEFINE_TEST(test_write_disk_secure) + struct archive *a; + struct archive_entry *ae; + struct stat st; ++#if defined(HAVE_LCHMOD) && defined(HAVE_SYMLINK) && \ ++ defined(S_IRUSR) && defined(S_IWUSR) && defined(S_IXUSR) ++ int working_lchmod; ++#endif + + /* Start with a known umask. */ + assertUmask(UMASK); +@@ -251,10 +255,32 @@ DEFINE_TEST(test_write_disk_secure) + assert(0 == lstat("link_to_dir", &st)); + failure("link_to_dir: st.st_mode=%o", st.st_mode); + assert(S_ISLNK(st.st_mode)); +-#if HAVE_LCHMOD +- /* Systems that lack lchmod() can't set symlink perms, so skip this. */ +- failure("link_to_dir: st.st_mode=%o", st.st_mode); +- assert((st.st_mode & 07777) == 0755); ++#if defined(HAVE_SYMLINK) && defined(HAVE_LCHMOD) && \ ++ defined(S_IRUSR) && defined(S_IWUSR) && defined(S_IXUSR) ++ /* Verify if we are able to lchmod() */ ++ if (symlink("dir", "testlink_to_dir") == 0) { ++ if (lchmod("testlink_to_dir", ++ S_IRUSR | S_IWUSR | S_IXUSR) != 0) { ++ switch (errno) { ++ case ENOTSUP: ++ case ENOSYS: ++#if ENOTSUP != EOPNOTSUPP ++ case EOPNOTSUPP: ++#endif ++ working_lchmod = 0; ++ break; ++ default: ++ working_lchmod = 1; ++ } ++ } else ++ working_lchmod = 1; ++ } else ++ working_lchmod = 0; ++ ++ if (working_lchmod) { ++ failure("link_to_dir: st.st_mode=%o", st.st_mode); ++ assert((st.st_mode & 07777) == 0755); ++ } + #endif + + assert(0 == lstat("dir/filea", &st)); +-- +2.24.1 \ No newline at end of file diff --git a/libarchive-3.4.1.tar.gz b/libarchive-3.4.3.tar.gz similarity index 47% rename from libarchive-3.4.1.tar.gz rename to libarchive-3.4.3.tar.gz index 2a9858e67a8c2b3596671641d4a29dbb5abd1326..cf1ae55658462ac5e6ed7916c6dbe609cf9080f7 100644 Binary files a/libarchive-3.4.1.tar.gz and b/libarchive-3.4.3.tar.gz differ diff --git a/libarchive-uninitialized-value.patch b/libarchive-uninitialized-value.patch index 489eae2e8efe1be335315270330c4ed4ac0a64ce..262c390c0ff3ab32b34e1bc69e290770ae21b1db 100644 --- a/libarchive-uninitialized-value.patch +++ b/libarchive-uninitialized-value.patch @@ -1,20 +1,19 @@ -From 741b491fe63fd5848b6ce4a3c09ec9a16bac9f6b Mon Sep 17 00:00:00 2001 -From: songnannan2 -Date: Tue, 18 Feb 2020 22:16:04 +0800 -Subject: [PATCH] there need to add the init of child to solve the -problem in oss-fuzz +From 1ab606af27d6b3fa07a638b7f04efadbc8ef75b4 Mon Sep 17 00:00:00 2001 +From: zhangnaru +Date: Tue, 28 Jul 2020 15:05:03 +0800 +Subject: [PATCH] libarchive-uninitialized-value --- libarchive/filter_fork_posix.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libarchive/filter_fork_posix.c b/libarchive/filter_fork_posix.c -index 02dbd4b..285dd48 100644 +index ac255c4..62085a7 100644 --- a/libarchive/filter_fork_posix.c +++ b/libarchive/filter_fork_posix.c -@@ -75,7 +75,7 @@ __FBSDID("$FreeBSD: head/lib/libarchive/filter_fork.c 182958 2008-09-12 05:33:00 - pid_t - __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout) +@@ -76,7 +76,7 @@ int + __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout, + pid_t *out_child) { - pid_t child; + pid_t child = -1; @@ -22,5 +21,5 @@ index 02dbd4b..285dd48 100644 #if HAVE_POSIX_SPAWNP posix_spawn_file_actions_t actions; -- -2.19.1 +2.23.0 diff --git a/libarchive.spec b/libarchive.spec index 88a9ef9ff9d88cd34b15b9d1c3c77e47575f236b..1dd69b37ea43565639d1ed3302124015f24cc735 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -1,23 +1,23 @@ %bcond_with check Name: libarchive -Version: 3.4.1 -Release: 3 +Version: 3.4.3 +Release: 1 Summary: Multi-format archive and compression library License: BSD -URL: https://www.%{name}.org/ -Source0: https://www.%{name}.org/downloads/%{name}-%{version}.tar.gz +URL: https://www.libarchive.org/ +Source0: https://www.libarchive.org/downloads/%{name}-%{version}.tar.gz BuildRequires: gcc bison sharutils zlib-devel bzip2-devel xz-devel BuildRequires: lzo-devel e2fsprogs-devel libacl-devel libattr-devel BuildRequires: openssl-devel libxml2-devel lz4-devel automake libzstd-devel -Provides: bsdtar bsdcpio bsdcat +Provides: bsdtar bsdcpio bsdcat Obsoletes: bsdtar bsdcpio bsdcat Patch6001: libarchive-uninitialized-value.patch -Patch6002: CVE-2020-9308.patch +Patch6002: libarchive-3.4.3-lchmod-support-check.patch %description %{name} is an open-source BSD-licensed C programming library that @@ -148,6 +148,12 @@ run_testsuite %{_mandir}/man5/* %changelog +* Tue Jul 28 2020 openEuler zhangnaru - 3.4.3-1 +- Type:enhancement +- ID:NA +- SUG:NA +- DESC:Upgrade to version 3.4.3 + * Mon Apr 20 2020 openEuler Buildteam - 3.4.1-3 - Type:cves - ID:CVE-2020-9308