commit f3ec500d487443800a6406690817159654a8ccdb · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

libarchive: move patch into nixpkgs

Unfortunately, github periodically changes output even for raw diffs
(not just raw patches). I'm including the patch in nixpkgs.

I was unable to do it without hash change. Even if I added binary equal file.

Vladimír Čunát 11 years ago f3ec500d 3b93b7bf

+33 -5

2 changed files

expand all

unified split

pkgs

development

libraries

libarchive

CVE-2013-0211.patch

default.nix

+30

pkgs/development/libraries/libarchive/CVE-2013-0211.patch

···

··· 1 + From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 2 + From: Tim Kientzle <kientzle@acm.org> 3 + Date: Fri, 22 Mar 2013 23:48:41 -0700 4 + Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a 5 + certain common programming error (passing -1 to write) from leading to other 6 + problems deeper in the library. 7 + 8 + --- 9 + libarchive/archive_write.c | 5 +++++ 10 + 1 file changed, 5 insertions(+) 11 + 12 + diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c 13 + index eede5e0..be85621 100644 14 + --- a/libarchive/archive_write.c 15 + +++ b/libarchive/archive_write.c 16 + @@ -673,8 +673,13 @@ static ssize_t 17 + _archive_write_data(struct archive *_a, const void *buff, size_t s) 18 + { 19 + struct archive_write *a = (struct archive_write *)_a; 20 + + const size_t max_write = INT_MAX; 21 + + 22 + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, 23 + ARCHIVE_STATE_DATA, "archive_write_data"); 24 + + /* In particular, this catches attempts to pass negative values. */ 25 + + if (s > max_write) 26 + + s = max_write; 27 + archive_clear_error(&a->archive); 28 + return ((a->format_write_data)(a, buff, s)); 29 + } 30 +

+3 -5

pkgs/development/libraries/libarchive/default.nix

··· 12 sha256 = "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"; 13 }; 14 15 - patches = [(fetchurl { 16 - url = "https://github.com/libarchive/libarchive/commit/22531545514043e04633e1c015c7540b9de9dbe4.diff"; 17 - sha256 = "1466ddrkdh2r8idmj3v7fk2gwnhc1kdxvyczdpnqms0qlmas6fj5"; 18 - name = "CVE-2013-0211.patch"; 19 - })]; 20 21 buildInputs = [ sharutils libxml2 zlib bzip2 openssl xz ] ++ 22 stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ];

··· 12 sha256 = "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"; 13 }; 14 15 + patches = [ 16 + ./CVE-2013-0211.patch # https://github.com/libarchive/libarchive/commit/22531545 17 + ]; 18 19 buildInputs = [ sharutils libxml2 zlib bzip2 openssl xz ] ++ 20 stdenv.lib.optionals stdenv.isLinux [ e2fsprogs attr acl ];