diff options
| author | Vladimír Čunát <vcunat@gmail.com> | 2014-04-21 17:56:39 +0200 |
|---|---|---|
| committer | Vladimír Čunát <vcunat@gmail.com> | 2014-04-21 17:57:20 +0200 |
| commit | f3ec500d487443800a6406690817159654a8ccdb (patch) | |
| tree | 0d2f916e9b256d403dfffb0a2433c823c0df0b6c /pkgs/development/libraries/libarchive | |
| parent | 3b93b7bfe6bc992c4ebbde8819b14676bb2e3b5f (diff) | |
| download | nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.tar nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.tar.gz nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.tar.bz2 nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.tar.lz nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.tar.xz nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.tar.zst nixpkgs-f3ec500d487443800a6406690817159654a8ccdb.zip | |
libarchive: move patch into nixpkgs
Unfortunately, github periodically changes output even for raw diffs (not just raw patches). I'm including the patch in nixpkgs. I was unable to do it without hash change. Even if I added binary equal file.
Diffstat (limited to 'pkgs/development/libraries/libarchive')
| -rw-r--r-- | pkgs/development/libraries/libarchive/CVE-2013-0211.patch | 30 | ||||
| -rw-r--r-- | pkgs/development/libraries/libarchive/default.nix | 8 |
2 files changed, 33 insertions, 5 deletions
diff --git a/pkgs/development/libraries/libarchive/CVE-2013-0211.patch b/pkgs/development/libraries/libarchive/CVE-2013-0211.patch new file mode 100644 index 00000000000..5b1a9831063 --- /dev/null +++ b/pkgs/development/libraries/libarchive/CVE-2013-0211.patch @@ -0,0 +1,30 @@ +From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle <kientzle@acm.org> +Date: Fri, 22 Mar 2013 23:48:41 -0700 +Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a + certain common programming error (passing -1 to write) from leading to other + problems deeper in the library. + +--- + libarchive/archive_write.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c +index eede5e0..be85621 100644 +--- a/libarchive/archive_write.c ++++ b/libarchive/archive_write.c +@@ -673,8 +673,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } + diff --git a/pkgs/development/libraries/libarchive/default.nix b/pkgs/development/libraries/libarchive/default.nix index 5e728d9b3dd..f0c3c0632a9 100644 --- a/pkgs/development/libraries/libarchive/default.nix +++ b/pkgs/development/libraries/libarchive/default.nix @@ -12,11 +12,9 @@ stdenv.mkDerivation rec { sha256 = "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"; }; - patches = [(fetchurl { - url = "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4.diff"; - sha256 = "1466ddrkdh2r8idmj3v7fk2gwnhc1kdxvyczdpnqms0qlmas6fj5"; - name = "CVE-2013-0211.patch"; - })]; + patches = [ + ./CVE-2013-0211.patch # https://github.com/libarchive/libarchive/commit/22531545 + ]; buildInputs = [ sharutils libxml2 zlib bzip2 openssl xz ] ++ stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ]; |