aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2024-03-31 16:28:43 -0400
committerLeo Famulari <leo@famulari.name>2024-04-03 17:59:25 -0400
commit629614c7a3f9283306939402f1ff46914f327c21 (patch)
treee78aaef12dbc97d64dc3b2a2bcb1640128cb3587 /gnu/packages/patches
parent9b560fee239a7fd563e05ca9926b178f15954833 (diff)
downloadguix-629614c7a3f9283306939402f1ff46914f327c21.tar
guix-629614c7a3f9283306939402f1ff46914f327c21.tar.gz
gnu: libarchive: Fix a potential security issue.
https://github.com/libarchive/libarchive/pull/2101 * gnu/packages/backup.scm (libarchive)[replacement]: New field. (libarchive/fixed): New variable. * gnu/packages/patches/libarchive-remove-potential-backdoor.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. Change-Id: I939e9b842b10d1a78125da4a4599c38d9c037079
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/libarchive-remove-potential-backdoor.patch47
1 files changed, 47 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch
new file mode 100644
index 0000000000..2b9a9e2ffe
--- /dev/null
+++ b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch
@@ -0,0 +1,47 @@
+Remove code added by 'JiaT75', the malicious actor that backdoored `xz`:
+
+https://github.com/libarchive/libarchive/pull/2101
+
+At libarchive, they are reviewing all code contributed by this actor:
+
+https://github.com/libarchive/libarchive/issues/2103
+
+See the original disclosure and subsequent discussion for more
+information about this incident:
+
+https://seclists.org/oss-sec/2024/q1/268
+
+Patch copied from upstream source repository:
+
+https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942
+
+From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
+From: Ed Maste <emaste@freebsd.org>
+Date: Fri, 29 Mar 2024 18:02:06 -0400
+Subject: [PATCH] tar: make error reporting more robust and use correct errno
+ (#2101)
+
+As discussed in #1609.
+---
+ tar/read.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/tar/read.c b/tar/read.c
+index af3d3f42..a7f14a07 100644
+--- a/tar/read.c
++++ b/tar/read.c
+@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
+ if (r != ARCHIVE_OK) {
+ if (!bsdtar->verbose)
+ safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
+- fprintf(stderr, ": %s: ", archive_error_string(a));
+- fprintf(stderr, "%s", strerror(errno));
++ safe_fprintf(stderr, ": %s: %s",
++ archive_error_string(a),
++ strerror(archive_errno(a)));
+ if (!bsdtar->verbose)
+ fprintf(stderr, "\n");
+ bsdtar->return_value = 1;
+--
+2.41.0
+