From 89d1aeebdd95aa433a57a56e7b39f8dd4c8c7975 Mon Sep 17 00:00:00 2001 From: MSVSphere Packaging Team Date: Thu, 21 Nov 2024 18:43:28 +0300 Subject: [PATCH] import libarchive-3.7.7-1.el10 --- .gitignore | 2 +- .libarchive.metadata | 2 +- ...ong-option-test-for-32-bit-architect.patch | 32 ----- SOURCES/0003-fix-OOB-in-rar-e8-filter.patch | 25 ---- ...ect-copy_from_lzss_window_to_unp-217.patch | 119 ------------------ ...005-fix-OOB-in-rar-audio-filter-2149.patch | 32 ----- ...006-fix-OOB-in-rar-delta-filter-2148.patch | 36 ------ SPECS/libarchive.spec | 28 ++--- 8 files changed, 9 insertions(+), 267 deletions(-) delete mode 100644 SOURCES/0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch delete mode 100644 SOURCES/0003-fix-OOB-in-rar-e8-filter.patch delete mode 100644 SOURCES/0004-rar4-reader-protect-copy_from_lzss_window_to_unp-217.patch delete mode 100644 SOURCES/0005-fix-OOB-in-rar-audio-filter-2149.patch delete mode 100644 SOURCES/0006-fix-OOB-in-rar-delta-filter-2148.patch diff --git a/.gitignore b/.gitignore index c1a9693..832dc22 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/libarchive-3.7.2.tar.gz +SOURCES/libarchive-3.7.7.tar.gz diff --git a/.libarchive.metadata b/.libarchive.metadata index a1aed9d..804db12 100644 --- a/.libarchive.metadata +++ b/.libarchive.metadata @@ -1 +1 @@ -f3fab029fed3610aa863cac056e151ce7fba0323 SOURCES/libarchive-3.7.2.tar.gz +918692098b11db61aff23684ab04f375e4a68f69 SOURCES/libarchive-3.7.7.tar.gz diff --git a/SOURCES/0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch b/SOURCES/0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch deleted file mode 100644 index 997e18f..0000000 --- a/SOURCES/0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3bd918d92f8c34ba12de9c6604d96f9e262a59fc Mon Sep 17 00:00:00 2001 -From: Martin Matuska -Date: Tue, 12 Sep 2023 08:54:47 +0200 -Subject: [PATCH] tests: fix zstd long option test for 32-bit architectures - -Fixes #1968 ---- - libarchive/test/test_write_filter_zstd.c | 8 ++++++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/libarchive/test/test_write_filter_zstd.c b/libarchive/test/test_write_filter_zstd.c -index 3cdbd812..c9731f1b 100644 ---- a/libarchive/test/test_write_filter_zstd.c -+++ b/libarchive/test/test_write_filter_zstd.c -@@ -161,8 +161,12 @@ DEFINE_TEST(test_write_filter_zstd) - archive_write_set_filter_option(a, NULL, "max-frame-size", "1048576")); - #endif - #if ZSTD_VERSION_NUMBER >= MINVER_LONG -- assertEqualIntA(a, ARCHIVE_OK, -- archive_write_set_filter_option(a, NULL, "long", "27")); -+ if ((int)(sizeof(size_t) == 4)) -+ assertEqualIntA(a, ARCHIVE_OK, -+ archive_write_set_filter_option(a, NULL, "long", "26")); -+ else -+ assertEqualIntA(a, ARCHIVE_OK, -+ archive_write_set_filter_option(a, NULL, "long", "27")); - assertEqualIntA(a, ARCHIVE_FAILED, - archive_write_set_filter_option(a, NULL, "long", "-1")); /* negative */ - #endif --- -2.41.0 - diff --git a/SOURCES/0003-fix-OOB-in-rar-e8-filter.patch b/SOURCES/0003-fix-OOB-in-rar-e8-filter.patch deleted file mode 100644 index 19204ee..0000000 --- a/SOURCES/0003-fix-OOB-in-rar-e8-filter.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 2910a5736c3f238d2cde6cc757b01868d877ebcb Mon Sep 17 00:00:00 2001 -From: Wei-Cheng Pan -Date: Sun, 21 Apr 2024 19:11:42 +0900 -Subject: [PATCH] fix: OOB in rar e8 filter - ---- - libarchive/archive_read_support_format_rar.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c -index 99a11d17..266d0ee9 100644 ---- a/libarchive/archive_read_support_format_rar.c -+++ b/libarchive/archive_read_support_format_rar.c -@@ -3615,7 +3615,7 @@ execute_filter_e8(struct rar_filter *filter, struct rar_virtual_machine *vm, siz - uint32_t filesize = 0x1000000; - uint32_t i; - -- if (length > PROGRAM_WORK_SIZE || length < 4) -+ if (length > PROGRAM_WORK_SIZE || length <= 4) - return 0; - - for (i = 0; i <= length - 5; i++) --- -2.45.1 - diff --git a/SOURCES/0004-rar4-reader-protect-copy_from_lzss_window_to_unp-217.patch b/SOURCES/0004-rar4-reader-protect-copy_from_lzss_window_to_unp-217.patch deleted file mode 100644 index e8330a2..0000000 --- a/SOURCES/0004-rar4-reader-protect-copy_from_lzss_window_to_unp-217.patch +++ /dev/null @@ -1,119 +0,0 @@ -From eac15e252010c1189a5c0f461364dbe2cd2a68b1 Mon Sep 17 00:00:00 2001 -From: "Dustin L. Howett" -Date: Thu, 9 May 2024 18:59:17 -0500 -Subject: [PATCH] rar4 reader: protect copy_from_lzss_window_to_unp() (#2172) - -copy_from_lzss_window_to_unp unnecessarily took an `int` parameter where -both of its callers were holding a `size_t`. - -A lzss opcode chain could be constructed that resulted in a negative -copy length, which when passed into memcpy would result in a very, very -large positive number. - -Switching copy_from_lzss_window_to_unp to take a `size_t` allows it to -properly bounds-check length. - -In addition, this patch also ensures that `length` is not itself larger -than the destination buffer. - -Security: CVE-2024-20696 ---- - libarchive/archive_read_support_format_rar.c | 28 +++++++++++++------- - 1 file changed, 18 insertions(+), 10 deletions(-) - -diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c -index 4fc6626c..5776df4b 100644 ---- a/libarchive/archive_read_support_format_rar.c -+++ b/libarchive/archive_read_support_format_rar.c -@@ -432,7 +432,7 @@ static int make_table_recurse(struct archive_read *, struct huffman_code *, int, - struct huffman_table_entry *, int, int); - static int expand(struct archive_read *, int64_t *); - static int copy_from_lzss_window_to_unp(struct archive_read *, const void **, -- int64_t, int); -+ int64_t, size_t); - static const void *rar_read_ahead(struct archive_read *, size_t, ssize_t *); - static int parse_filter(struct archive_read *, const uint8_t *, uint16_t, - uint8_t); -@@ -2060,7 +2060,7 @@ read_data_compressed(struct archive_read *a, const void **buff, size_t *size, - bs = rar->unp_buffer_size - rar->unp_offset; - else - bs = (size_t)rar->bytes_uncopied; -- ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); -+ ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs); - if (ret != ARCHIVE_OK) - return (ret); - rar->offset += bs; -@@ -2213,7 +2213,7 @@ read_data_compressed(struct archive_read *a, const void **buff, size_t *size, - bs = rar->unp_buffer_size - rar->unp_offset; - else - bs = (size_t)rar->bytes_uncopied; -- ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, (int)bs); -+ ret = copy_from_lzss_window_to_unp(a, buff, rar->offset, bs); - if (ret != ARCHIVE_OK) - return (ret); - rar->offset += bs; -@@ -3094,11 +3094,16 @@ copy_from_lzss_window(struct archive_read *a, void *buffer, - - static int - copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, -- int64_t startpos, int length) -+ int64_t startpos, size_t length) - { - int windowoffs, firstpart; - struct rar *rar = (struct rar *)(a->format->data); - -+ if (length > rar->unp_buffer_size) -+ { -+ goto fatal; -+ } -+ - if (!rar->unp_buffer) - { - if ((rar->unp_buffer = malloc(rar->unp_buffer_size)) == NULL) -@@ -3110,17 +3115,17 @@ copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, - } - - windowoffs = lzss_offset_for_position(&rar->lzss, startpos); -- if(windowoffs + length <= lzss_size(&rar->lzss)) { -+ if(windowoffs + length <= (size_t)lzss_size(&rar->lzss)) { - memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs], - length); -- } else if (length <= lzss_size(&rar->lzss)) { -+ } else if (length <= (size_t)lzss_size(&rar->lzss)) { - firstpart = lzss_size(&rar->lzss) - windowoffs; - if (firstpart < 0) { - archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, - "Bad RAR file data"); - return (ARCHIVE_FATAL); - } -- if (firstpart < length) { -+ if ((size_t)firstpart < length) { - memcpy(&rar->unp_buffer[rar->unp_offset], - &rar->lzss.window[windowoffs], firstpart); - memcpy(&rar->unp_buffer[rar->unp_offset + firstpart], -@@ -3130,9 +3135,7 @@ copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, - &rar->lzss.window[windowoffs], length); - } - } else { -- archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -- "Bad RAR file data"); -- return (ARCHIVE_FATAL); -+ goto fatal; - } - rar->unp_offset += length; - if (rar->unp_offset >= rar->unp_buffer_size) -@@ -3140,6 +3143,11 @@ copy_from_lzss_window_to_unp(struct archive_read *a, const void **buffer, - else - *buffer = NULL; - return (ARCHIVE_OK); -+ -+fatal: -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Bad RAR file data"); -+ return (ARCHIVE_FATAL); - } - - static const void * --- -2.45.1 - diff --git a/SOURCES/0005-fix-OOB-in-rar-audio-filter-2149.patch b/SOURCES/0005-fix-OOB-in-rar-audio-filter-2149.patch deleted file mode 100644 index 7f31830..0000000 --- a/SOURCES/0005-fix-OOB-in-rar-audio-filter-2149.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b Mon Sep 17 00:00:00 2001 -From: Wei-Cheng Pan -Date: Mon, 29 Apr 2024 06:53:19 +0900 -Subject: [PATCH] fix: OOB in rar audio filter (#2149) - -This patch ensures that `src` won't move ahead of `dst`, so `src` will -not OOB. Similar situation like in a1cb648. ---- - libarchive/archive_read_support_format_rar.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c -index 619ee81e..4fc6626c 100644 ---- a/libarchive/archive_read_support_format_rar.c -+++ b/libarchive/archive_read_support_format_rar.c -@@ -3722,6 +3722,13 @@ execute_filter_audio(struct rar_filter *filter, struct rar_virtual_machine *vm) - memset(&state, 0, sizeof(state)); - for (j = i; j < length; j += numchannels) - { -+ /* -+ * The src block should not overlap with the dst block. -+ * If so it would be better to consider this archive is broken. -+ */ -+ if (src >= dst) -+ return 0; -+ - int8_t delta = (int8_t)*src++; - uint8_t predbyte, byte; - int prederror; --- -2.46.2 - diff --git a/SOURCES/0006-fix-OOB-in-rar-delta-filter-2148.patch b/SOURCES/0006-fix-OOB-in-rar-delta-filter-2148.patch deleted file mode 100644 index a65a09d..0000000 --- a/SOURCES/0006-fix-OOB-in-rar-delta-filter-2148.patch +++ /dev/null @@ -1,36 +0,0 @@ -From a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 Mon Sep 17 00:00:00 2001 -From: Wei-Cheng Pan -Date: Mon, 29 Apr 2024 06:50:22 +0900 -Subject: [PATCH] fix: OOB in rar delta filter (#2148) - -Ensure that `src` won't move ahead of `dst`, so `src` will not OOB. -Since `dst` won't move in this function, and we are only increasing `src` -position, this check should be enough. It should be safe to early return -because this function does not allocate resources. ---- - libarchive/archive_read_support_format_rar.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c -index 79669a8f..619ee81e 100644 ---- a/libarchive/archive_read_support_format_rar.c -+++ b/libarchive/archive_read_support_format_rar.c -@@ -3612,7 +3612,15 @@ execute_filter_delta(struct rar_filter *filter, struct rar_virtual_machine *vm) - { - uint8_t lastbyte = 0; - for (idx = i; idx < length; idx += numchannels) -+ { -+ /* -+ * The src block should not overlap with the dst block. -+ * If so it would be better to consider this archive is broken. -+ */ -+ if (src >= dst) -+ return 0; - lastbyte = dst[idx] = lastbyte - *src++; -+ } - } - - filter->filteredblockaddress = length; --- -2.46.2 - diff --git a/SPECS/libarchive.spec b/SPECS/libarchive.spec index dc6ee5e..987f485 100644 --- a/SPECS/libarchive.spec +++ b/SPECS/libarchive.spec @@ -1,8 +1,8 @@ %bcond_without check Name: libarchive -Version: 3.7.2 -Release: 9%{?dist} +Version: 3.7.7 +Release: 1%{?dist} Summary: A library for handling streaming archive formats # Licenses: @@ -44,25 +44,6 @@ BuildRequires: make # support explicitly. Patch0001: 0001-Drop-rmd160-from-OpenSSL.patch -# Upstream patch: https://github.com/libarchive/libarchive/commit/3bd918d92f8c34ba12de9c6604d96f9e262a59fc -# Fixes the broken 32-bit builds (i686 arch) due to "Allocation error : not enough memory" -Patch0002: 0002-tests-fix-zstd-long-option-test-for-32-bit-architect.patch - -# Upstream patch: https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237 -# Fixes Heap based buffer overflow in rar e8 filter (CVE-2024-26256) -Patch0003: 0003-fix-OOB-in-rar-e8-filter.patch - -# Upstream patch: https://github.com/libarchive/libarchive/commit/eac15e252010c1189a5c0f461364dbe2cd2a68b1 -# Fixes CVE-2024-20696 -Patch0004: 0004-rar4-reader-protect-copy_from_lzss_window_to_unp-217.patch - -# Upstream patches: -# https://github.com/libarchive/libarchive/commit/3006bc5d02ad3ae3c4f9274f60c1f9d2d834734b -# https://github.com/libarchive/libarchive/commit/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 -# Fixes CVE-2024-48957 -Patch0005: 0005-fix-OOB-in-rar-audio-filter-2149.patch -Patch0006: 0006-fix-OOB-in-rar-delta-filter-2148.patch - %description Libarchive is a programming library that can create and read several different streaming archive formats, including most popular tar variants, several cpio @@ -260,6 +241,11 @@ run_testsuite %changelog +* Mon Nov 18 2024 Lukas Javorsky - 3.7.7-1 +- Rebase to version 3.7.7 +- Fixing SAST issues, accepted by upstream +- Resolves: RHEL-39391 RHEL-67895 + * Tue Oct 29 2024 Troy Dawson - 3.7.2-9 - Bump release for October 2024 mass rebuild: Resolves: RHEL-64018