summaryrefslogtreecommitdiffstats
path: root/package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch
diff options
context:
space:
mode:
authorBaruch Siach <baruch@tkos.co.il>2018-10-19 08:20:05 +0300
committerPeter Korsgaard <peter@korsgaard.com>2018-10-20 14:17:46 +0200
commit946f136fe174efc4560116940c93a84d456c7cfe (patch)
tree31d486d2d097be1858a57e1d1e18cc50c35e53fb /package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch
parentbe43be070f9bff3dbc7139b9a719749b46a9d8db (diff)
downloadbuildroot-946f136fe174efc4560116940c93a84d456c7cfe.tar.gz
buildroot-946f136fe174efc4560116940c93a84d456c7cfe.zip
libarchive: security bump to version 3.3.3
Fixes CVE-2017-14501: An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header. Drop upstream patches. Use upstream provided tarball hash. Signed-off-by: Baruch Siach <baruch@tkos.co.il> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch')
-rw-r--r--package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch42
1 files changed, 0 insertions, 42 deletions
diff --git a/package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch b/package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch
deleted file mode 100644
index 1d1d80d708..0000000000
--- a/package/libarchive/0001-Do-something-sensible-for-empty-strings-to-make-fuzz.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <joerg@bec.de>
-Date: Tue, 5 Sep 2017 18:12:19 +0200
-Subject: [PATCH] Do something sensible for empty strings to make fuzzers
- happy.
-
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Upstream status: commit fa7438a0ff
-
- libarchive/archive_read_support_format_xar.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
-index 7a22beb9d8e4..93eeacc5e6eb 100644
---- a/libarchive/archive_read_support_format_xar.c
-+++ b/libarchive/archive_read_support_format_xar.c
-@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
- uint64_t l;
- int digit;
-
-+ if (char_cnt == 0)
-+ return (0);
-+
- l = 0;
- digit = *p - '0';
- while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
-@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
- {
- int64_t l;
- int digit;
--
-+
-+ if (char_cnt == 0)
-+ return (0);
-+
- l = 0;
- while (char_cnt-- > 0) {
- if (*p >= '0' && *p <= '7')
---
-2.14.1
-
OpenPOWER on IntegriCloud