From 1b7d5242c36d82242f1148cc583ea362d3e83577 Mon Sep 17 00:00:00 2001
From: Mark H Weaver <mhw@netris.org>
Date: Sat, 11 Oct 2014 22:49:15 -0400
Subject: gnu: libarchive: Apply fixes including for CVE-2013-0211.

* gnu/packages/patches/libarchive-CVE-2013-0211.patch,
  gnu/packages/patches/libarchive-fix-lzo-test-case.patch,
  gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: New files.
* gnu-system.am (dist_patch_DATA): Add them.
* gnu/packages/backup.scm (libarchive)[source]: Add patches.
---
 gnu-system.am                                      |  3 +
 gnu/packages/backup.scm                            |  6 +-
 .../patches/libarchive-CVE-2013-0211.patch         | 21 ++++++
 .../patches/libarchive-fix-lzo-test-case.patch     | 83 ++++++++++++++++++++++
 .../libarchive-mtree-filename-length-fix.patch     | 18 +++++
 5 files changed, 130 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/libarchive-CVE-2013-0211.patch
 create mode 100644 gnu/packages/patches/libarchive-fix-lzo-test-case.patch
 create mode 100644 gnu/packages/patches/libarchive-mtree-filename-length-fix.patch

diff --git a/gnu-system.am b/gnu-system.am
index 6028527e44..2d2eb0631f 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -359,6 +359,9 @@ dist_patch_DATA =						\
   gnu/packages/patches/inkscape-stray-comma.patch               \
   gnu/packages/patches/jbig2dec-ignore-testtest.patch		\
   gnu/packages/patches/kmod-module-directory.patch		\
+  gnu/packages/patches/libarchive-CVE-2013-0211.patch		\
+  gnu/packages/patches/libarchive-fix-lzo-test-case.patch	\
+  gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
   gnu/packages/patches/libbonobo-activation-test-race.patch	\
   gnu/packages/patches/libevent-dns-tests.patch			\
   gnu/packages/patches/liboop-mips64-deplibs-fix.patch		\
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index f4f6d0c42c..1aef75e05b 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -138,7 +138,11 @@ (define-public libarchive
                            version ".tar.gz"))
        (sha256
         (base32
-         "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))))
+         "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
+       (patches
+        (list (search-patch "libarchive-mtree-filename-length-fix.patch")
+              (search-patch "libarchive-fix-lzo-test-case.patch")
+              (search-patch "libarchive-CVE-2013-0211.patch")))))
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
new file mode 100644
index 0000000000..b024a7d4a8
--- /dev/null
+++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
@@ -0,0 +1,21 @@
+Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/703957
+Forwarded: not-needed
+
+--- libarchive-3.0.4.orig/libarchive/archive_write.c
++++ libarchive-3.0.4/libarchive/archive_write.c
+@@ -665,8 +665,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ 	struct archive_write *a = (struct archive_write *)_a;
++	const size_t max_write = INT_MAX;
++
+ 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ 	    ARCHIVE_STATE_DATA, "archive_write_data");
++	/* In particular, this catches attempts to pass negative values. */
++	if (s > max_write)
++		s = max_write;
+ 	archive_clear_error(&a->archive);
+ 	return ((a->format_write_data)(a, buff, s));
+ }
diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
new file mode 100644
index 0000000000..ffdc0db922
--- /dev/null
+++ b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
@@ -0,0 +1,83 @@
+Description: This patch fixes test cases for LZO write support in various
+ architectures, such as armhf. Writing a certain amount of files would
+ cause the LZO compressor level 9 to produce a bigger archive than the
+ default compressor level.
+Author: Andres Mejia <amejia@debian.org>
+
+--- a/libarchive/test/test_write_filter_lzop.c
++++ b/libarchive/test/test_write_filter_lzop.c
+@@ -39,7 +39,7 @@
+ 	size_t buffsize, datasize;
+ 	char path[16];
+ 	size_t used1, used2;
+-	int i, r, use_prog = 0;
++	int i, r, use_prog = 0, filecount;
+ 
+ 	assert((a = archive_write_new()) != NULL);
+ 	r = archive_write_add_filter_lzop(a);
+@@ -58,9 +58,10 @@
+ 
+ 	datasize = 10000;
+ 	assert(NULL != (data = (char *)calloc(1, datasize)));
++	filecount = 10;
+ 
+ 	/*
+-	 * Write a 100 files and read them all back.
++	 * Write a filecount files and read them all back.
+ 	 */
+ 	assert((a = archive_write_new()) != NULL);
+ 	assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
+@@ -77,7 +78,7 @@
+ 	assert((ae = archive_entry_new()) != NULL);
+ 	archive_entry_set_filetype(ae, AE_IFREG);
+ 	archive_entry_set_size(ae, datasize);
+-	for (i = 0; i < 100; i++) {
++	for (i = 0; i < filecount; i++) {
+ 		sprintf(path, "file%03d", i);
+ 		archive_entry_copy_pathname(ae, path);
+ 		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
+@@ -97,7 +98,7 @@
+ 	} else {
+ 		assertEqualIntA(a, ARCHIVE_OK,
+ 		    archive_read_open_memory(a, buff, used1));
+-		for (i = 0; i < 100; i++) {
++		for (i = 0; i < filecount; i++) {
+ 			sprintf(path, "file%03d", i);
+ 			if (!assertEqualInt(ARCHIVE_OK,
+ 				archive_read_next_header(a, &ae)))
+@@ -133,7 +134,7 @@
+ 	    archive_write_set_options(a, "lzop:compression-level=9"));
+ 	assertEqualIntA(a, ARCHIVE_OK,
+ 	    archive_write_open_memory(a, buff, buffsize, &used2));
+-	for (i = 0; i < 100; i++) {
++	for (i = 0; i < filecount; i++) {
+ 		sprintf(path, "file%03d", i);
+ 		assert((ae = archive_entry_new()) != NULL);
+ 		archive_entry_copy_pathname(ae, path);
+@@ -161,7 +162,7 @@
+ 		    archive_read_support_filter_all(a));
+ 		assertEqualIntA(a, ARCHIVE_OK,
+ 		    archive_read_open_memory(a, buff, used2));
+-		for (i = 0; i < 100; i++) {
++		for (i = 0; i < filecount; i++) {
+ 			sprintf(path, "file%03d", i);
+ 			if (!assertEqualInt(ARCHIVE_OK,
+ 				archive_read_next_header(a, &ae)))
+@@ -186,7 +187,7 @@
+ 	    archive_write_set_filter_option(a, NULL, "compression-level", "1"));
+ 	assertEqualIntA(a, ARCHIVE_OK,
+ 	    archive_write_open_memory(a, buff, buffsize, &used2));
+-	for (i = 0; i < 100; i++) {
++	for (i = 0; i < filecount; i++) {
+ 		sprintf(path, "file%03d", i);
+ 		assert((ae = archive_entry_new()) != NULL);
+ 		archive_entry_copy_pathname(ae, path);
+@@ -216,7 +217,7 @@
+ 	} else {
+ 		assertEqualIntA(a, ARCHIVE_OK,
+ 		    archive_read_open_memory(a, buff, used2));
+-		for (i = 0; i < 100; i++) {
++		for (i = 0; i < filecount; i++) {
+ 			sprintf(path, "file%03d", i);
+ 			if (!assertEqualInt(ARCHIVE_OK,
+ 				archive_read_next_header(a, &ae)))
diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
new file mode 100644
index 0000000000..ad94592c05
--- /dev/null
+++ b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
@@ -0,0 +1,18 @@
+Description: Patch to fix filename length calculation when writing mtree archives.
+Author: Dave Reisner <dreisner@archlinux.org>
+Origin: upstream
+
+--- a/libarchive/archive_write_set_format_mtree.c
++++ b/libarchive/archive_write_set_format_mtree.c
+@@ -1855,9 +1855,9 @@
+ 		return (ret);
+ 	}
+ 
+-	/* Make a basename from dirname and slash */
++	/* Make a basename from file->parentdir.s and slash */
+ 	*slash  = '\0';
+-	file->parentdir.length = slash - dirname;
++	file->parentdir.length = slash - file->parentdir.s;
+ 	archive_strcpy(&(file->basename),  slash + 1);
+ 	return (ret);
+ }
-- 
cgit v1.2.3