From 7f4cb4bb0f472a2d9c48f67386cf45d72e85e9c2 Mon Sep 17 00:00:00 2001 From: Tee KOBAYASHI Date: Wed, 30 Mar 2022 04:33:11 +0900 Subject: [PATCH] libarchive: Add patch for CVE-2022-26280 --- packages/libarchive/build.sh | 2 +- .../libarchive-3.6.0-CVE-2022-26280.patch | 24 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch diff --git a/packages/libarchive/build.sh b/packages/libarchive/build.sh index ec12de056..e012050e2 100644 --- a/packages/libarchive/build.sh +++ b/packages/libarchive/build.sh @@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Multi-format archive and compression library" TERMUX_PKG_LICENSE="BSD 2-Clause" TERMUX_PKG_MAINTAINER="@termux" TERMUX_PKG_VERSION=3.6.0 -TERMUX_PKG_REVISION=1 +TERMUX_PKG_REVISION=2 TERMUX_PKG_SRCURL=https://github.com/libarchive/libarchive/releases/download/v$TERMUX_PKG_VERSION/libarchive-$TERMUX_PKG_VERSION.tar.gz TERMUX_PKG_SHA256=a36613695ffa2905fdedc997b6df04a3006ccfd71d747a339b78aa8412c3d852 TERMUX_PKG_AUTO_UPDATE=true diff --git a/packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch b/packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch new file mode 100644 index 000000000..ae892a7b2 --- /dev/null +++ b/packages/libarchive/libarchive-3.6.0-CVE-2022-26280.patch @@ -0,0 +1,24 @@ +From cfaa28168a07ea4a53276b63068f94fce37d6aff Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Thu, 24 Mar 2022 10:35:00 +0100 +Subject: [PATCH] ZIP reader: fix possible out-of-bounds read in + zipx_lzma_alone_init() + +Fixes #1672 +--- + libarchive/archive_read_support_format_zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c +index 38ada70b5..9d6c900b2 100644 +--- a/libarchive/archive_read_support_format_zip.c ++++ b/libarchive/archive_read_support_format_zip.c +@@ -1667,7 +1667,7 @@ zipx_lzma_alone_init(struct archive_read *a, struct zip *zip) + */ + + /* Read magic1,magic2,lzma_params from the ZIPX stream. */ +- if((p = __archive_read_ahead(a, 9, NULL)) == NULL) { ++ if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Truncated lzma data"); + return (ARCHIVE_FATAL);