diff options
author | Leo Famulari <leo@famulari.name> | 2024-03-31 16:28:43 -0400 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2024-04-03 17:59:25 -0400 |
commit | 629614c7a3f9283306939402f1ff46914f327c21 (patch) | |
tree | e78aaef12dbc97d64dc3b2a2bcb1640128cb3587 /gnu/packages/patches | |
parent | 9b560fee239a7fd563e05ca9926b178f15954833 (diff) | |
download | guix-629614c7a3f9283306939402f1ff46914f327c21.tar guix-629614c7a3f9283306939402f1ff46914f327c21.tar.gz |
gnu: libarchive: Fix a potential security issue.
https://github.com/libarchive/libarchive/pull/2101
* gnu/packages/backup.scm (libarchive)[replacement]: New field.
(libarchive/fixed): New variable.
* gnu/packages/patches/libarchive-remove-potential-backdoor.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
Change-Id: I939e9b842b10d1a78125da4a4599c38d9c037079
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/libarchive-remove-potential-backdoor.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/gnu/packages/patches/libarchive-remove-potential-backdoor.patch b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch new file mode 100644 index 0000000000..2b9a9e2ffe --- /dev/null +++ b/gnu/packages/patches/libarchive-remove-potential-backdoor.patch @@ -0,0 +1,47 @@ +Remove code added by 'JiaT75', the malicious actor that backdoored `xz`: + +https://github.com/libarchive/libarchive/pull/2101 + +At libarchive, they are reviewing all code contributed by this actor: + +https://github.com/libarchive/libarchive/issues/2103 + +See the original disclosure and subsequent discussion for more +information about this incident: + +https://seclists.org/oss-sec/2024/q1/268 + +Patch copied from upstream source repository: + +https://github.com/libarchive/libarchive/pull/2101/commits/e200fd8abfb4cf895a1cab4d89b67e6eefe83942 + +From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001 +From: Ed Maste <emaste@freebsd.org> +Date: Fri, 29 Mar 2024 18:02:06 -0400 +Subject: [PATCH] tar: make error reporting more robust and use correct errno + (#2101) + +As discussed in #1609. +--- + tar/read.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/tar/read.c b/tar/read.c +index af3d3f42..a7f14a07 100644 +--- a/tar/read.c ++++ b/tar/read.c +@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer) + if (r != ARCHIVE_OK) { + if (!bsdtar->verbose) + safe_fprintf(stderr, "%s", archive_entry_pathname(entry)); +- fprintf(stderr, ": %s: ", archive_error_string(a)); +- fprintf(stderr, "%s", strerror(errno)); ++ safe_fprintf(stderr, ": %s: %s", ++ archive_error_string(a), ++ strerror(archive_errno(a))); + if (!bsdtar->verbose) + fprintf(stderr, "\n"); + bsdtar->return_value = 1; +-- +2.41.0 + |