From e462fca0cc9dc31b2b8feab4c7da497e28a6ec61 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jan 22 2020 13:07:51 +0000 Subject: import libarchive-3.1.2-14.el7_7 --- diff --git a/SOURCES/libarchive-3.2.1-CVE-2019-18408.patch b/SOURCES/libarchive-3.2.1-CVE-2019-18408.patch new file mode 100644 index 0000000..7ec3494 --- /dev/null +++ b/SOURCES/libarchive-3.2.1-CVE-2019-18408.patch @@ -0,0 +1,31 @@ +From 738a3c456b52704ce2c45e10c7290db0d6fe3141 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Patrik=20Novotn=C3=BD?= +Date: Wed, 15 Jan 2020 16:29:27 +0100 +Subject: [PATCH] RAR reader: fix use after free + +If read_data_compressed() returns ARCHIVE_FAILED, the caller is allowed +to continue with next archive headers. We need to set rar->start_new_table +after the ppmd7_context got freed, otherwise it won't be allocated again. +--- + libarchive/archive_read_support_format_rar.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c +index c95c78c..7765f27 100644 +--- a/libarchive/archive_read_support_format_rar.c ++++ b/libarchive/archive_read_support_format_rar.c +@@ -966,8 +966,10 @@ archive_read_format_rar_read_data(struct archive_read *a, const void **buff, + case COMPRESS_METHOD_GOOD: + case COMPRESS_METHOD_BEST: + ret = read_data_compressed(a, buff, size, offset); +- if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) ++ if (ret != ARCHIVE_OK && ret != ARCHIVE_WARN) { + __archive_ppmd7_functions.Ppmd7_Free(&rar->ppmd7_context, &g_szalloc); ++ rar->start_new_table = 1; ++ } + break; + + default: +-- +2.24.1 + diff --git a/SPECS/libarchive.spec b/SPECS/libarchive.spec index 608e3c3..b7d1876 100644 --- a/SPECS/libarchive.spec +++ b/SPECS/libarchive.spec @@ -1,6 +1,6 @@ Name: libarchive Version: 3.1.2 -Release: 12%{?dist} +Release: 14%{?dist} Summary: A library for handling streaming archive formats Group: System Environment/Libraries @@ -59,6 +59,7 @@ Patch26: libarchive-3.1.2-CVE-2019-1000019.patch Patch27: libarchive-3.1.2-CVE-2019-1000020.patch Patch28: libarchive-3.3.2-CVE-2018-1000878.patch Patch29: libarchive-3.3.2-CVE-2018-1000877.patch +Patch30: libarchive-3.2.1-CVE-2019-18408.patch %description Libarchive is a programming library that can create and read several different @@ -132,6 +133,7 @@ libarchive packages. %patch27 -p1 -b .CVE-2019-1000020 %patch28 -p1 -b .CVE-2019-1000878 %patch29 -p1 -b .CVE-2019-1000877 +%patch30 -p1 -b .CVE-2019-18408 %build @@ -225,6 +227,12 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Fri Jan 17 2020 Patrik Novotný - 3.1.2-14 +- Fix patch application error + +* Wed Jan 15 2020 Patrik Novotný - 3.1.2-13 +- Fix CVE-2019-18408: RAR use-after-free + * Tue Apr 30 2019 Ondrej Dubaj - 3.1.2-12 - fixed use after free in RAR decoder (#1700749) - fixed double free in RAR decoder (#1700748)