Fixes CVE-2016-4301 Libarchive mtree parse_device Code Execution Vulnerability

Signed-off-by: Marcel Lorenz marcel.lorenz@ipfire.org --- config/rootfiles/common/libarchive | 6 +++++- lfs/libarchive | 12 ++++-------- 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/config/rootfiles/common/libarchive b/config/rootfiles/common/libarchive index 735bf37..80daa2d 100644 --- a/config/rootfiles/common/libarchive +++ b/config/rootfiles/common/libarchive @@ -1,13 +1,15 @@ #usr/bin/bsdcpio +#usr/bin/bsdcat #usr/bin/bsdtar #usr/include/archive.h #usr/include/archive_entry.h #usr/lib/libarchive.la #usr/lib/libarchive.so #usr/lib/libarchive.so.13 -#usr/lib/libarchive.so.13.1.2 +#usr/lib/libarchive.so.13.2.1 #usr/lib/pkgconfig/libarchive.pc #usr/share/man/man1/bsdcpio.1 +#usr/share/man/man1/bsdcat.1 #usr/share/man/man1/bsdtar.1 #usr/share/man/man3/archive_entry.3 #usr/share/man/man3/archive_entry_acl.3 @@ -17,6 +19,7 @@ #usr/share/man/man3/archive_entry_stat.3 #usr/share/man/man3/archive_entry_time.3 #usr/share/man/man3/archive_read.3 +#usr/share/man/man3/archive_read_add_passphrase.3 #usr/share/man/man3/archive_read_data.3 #usr/share/man/man3/archive_read_disk.3 #usr/share/man/man3/archive_read_extract.3 @@ -40,6 +43,7 @@ #usr/share/man/man3/archive_write_new.3 #usr/share/man/man3/archive_write_open.3 #usr/share/man/man3/archive_write_set_options.3 +#usr/share/man/man3/archive_write_set_passphrase.3 #usr/share/man/man3/libarchive.3 #usr/share/man/man3/libarchive_changes.3 #usr/share/man/man3/libarchive_internals.3 diff --git a/lfs/libarchive b/lfs/libarchive index 43365ee..58b4b6e 100644 --- a/lfs/libarchive +++ b/lfs/libarchive @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2015 IPFire Team info@ipfire.org # +# Copyright (C) 2016 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@

include Config

-VER = 3.1.2 +VER = 3.2.1

THISAPP = libarchive-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = efad5a503f66329bb9d2f4308b5de98a +$(DL_FILE)_MD5 = afa257047d1941a565216edbf0171e72

install : $(TARGET)

@@ -74,12 +74,8 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && ./configure \ - --prefix=/usr \ - --disable-static - + cd $(DIR_APP) && ./configure --prefix=/usr --disable-static cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install - @rm -rf $(DIR_APP) @$(POSTBUILD)