From 2e421e5c8721b9e7b061241616a583aefa018479 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 29 2020 07:31:25 +0000 Subject: import libarchive-3.3.2-8.el8_1 --- diff --git a/SOURCES/libarchive-3.3.2-CVE-2019-18408.patch b/SOURCES/libarchive-3.3.2-CVE-2019-18408.patch new file mode 100644 index 0000000..1811e77 --- /dev/null +++ b/SOURCES/libarchive-3.3.2-CVE-2019-18408.patch @@ -0,0 +1,31 @@ +From 1abcbf1af5209631ccf4fca4ddcab3c863294c85 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= +Date: Wed, 15 Jan 2020 16:10:04 +0100 +Subject: [PATCH] RAR reader: fix use after free + +If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed +to continue with next archive headers. We need to set rar->start_new_table +after the ppmd7_context got freed, otherwise it won't be allocated again. +--- + libarchive/archive_read_support_format_rar.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index cbb14c32..9c26ef97 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -1037,8 +1037,10 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff, + case COMPRESS_METHOD_GOOD: + case COMPRESS_METHOD_BEST: + ret = read_data_compressed(a, buff, size, offset); +- if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) ++ if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) { + __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc); ++ rar->start_new_table = 1; ++ } + break; + + default: +-- +2.24.1 + diff --git a/SPECS/libarchive.spec b/SPECS/libarchive.spec index 977d6e2..82b00da 100644 --- a/SPECS/libarchive.spec +++ b/SPECS/libarchive.spec @@ -2,7 +2,7 @@ Name: libarchive Version: 3.3.2 -Release: 7%{?dist} +Release: 8%{?dist} Summary: A library for handling streaming archive formats License: BSD @@ -16,6 +16,7 @@ Patch3: libarchive-3.3.2-CVE-2018-1000878.patch Patch4: libarchive-3.3.2-CVE-2018-1000877.patch Patch5: fix-use-after-free-in-delayed-newc.patch Patch6: fix-few-obvious-resource-leaks-covscan.patch +Patch7: libarchive-3.3.2-CVE-2019-18408.patch BuildRequires: gcc BuildRequires: bison @@ -219,6 +220,9 @@ run_testsuite %changelog +* Wed Jan 15 2020 Patrik Novotný - 3.3.2-8 +- Fix CVE-2019-18408: RAR use-after-free + * Mon May 27 2019 Ondrej Dubaj - 3.3.2-7 - fix use-after-free in delayed newc link processing (#1602575) - fix a few obvious resource leaks and strcpy() misuses (#1602575)