Revert "Merge branch 'core-updates'"

This reverts commit 455859a50f88f625d13fc2f304111f02369b366b.
author: Mark H Weaver <mhw@netris.org> 2016-08-04 08:16:38 -0400
committer: Mark H Weaver <mhw@netris.org> 2016-08-04 08:16:38 -0400
commit: 0832787e5c463c713d8f24fdec0f52900ff1c2bd (patch)
tree: 5ce20bef711d0d85a22cd041758278d7c176b0f3 /gnu/packages/patches/libarchive-CVE-2013-0211.patch
parent: 5b098cc4b937c05d6f685772c66e2aa04490710a (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
new file mode 100644
index 0000000000..b024a7d4a8
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
@@ -0,0 +1,21 @@
+Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/703957
+Forwarded: not-needed
+
+--- libarchive-3.0.4.orig/libarchive/archive_write.c
++++ libarchive-3.0.4/libarchive/archive_write.c
+@@ -665,8 +665,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ 	struct archive_write *a = (struct archive_write *)_a;
++	const size_t max_write = INT_MAX;
++
+ 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ 	    ARCHIVE_STATE_DATA, "archive_write_data");
++	/* In particular, this catches attempts to pass negative values. */
++	if (s > max_write)
++		s = max_write;
+ 	archive_clear_error(&a->archive);
+ 	return ((a->format_write_data)(a, buff, s));
+ }
author	Mark H Weaver <mhw@netris.org>	2016-08-04 08:16:38 -0400
committer	Mark H Weaver <mhw@netris.org>	2016-08-04 08:16:38 -0400
commit	0832787e5c463c713d8f24fdec0f52900ff1c2bd (patch)
tree	5ce20bef711d0d85a22cd041758278d7c176b0f3 /gnu/packages/patches/libarchive-CVE-2013-0211.patch
parent	5b098cc4b937c05d6f685772c66e2aa04490710a (diff)