5 files changed, 130 insertions(+), 1 deletions(-)

M gnu-system.am
M gnu/packages/backup.scm
A gnu/packages/patches/libarchive-CVE-2013-0211.patch
A gnu/packages/patches/libarchive-fix-lzo-test-case.patch
A gnu/packages/patches/libarchive-mtree-filename-length-fix.patch

@@ 359,6 359,9 @@ dist_patch_DATA =						\
   gnu/packages/patches/inkscape-stray-comma.patch               \
   gnu/packages/patches/jbig2dec-ignore-testtest.patch		\
   gnu/packages/patches/kmod-module-directory.patch		\
+  gnu/packages/patches/libarchive-CVE-2013-0211.patch		\
+  gnu/packages/patches/libarchive-fix-lzo-test-case.patch	\
+  gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
   gnu/packages/patches/libbonobo-activation-test-race.patch	\
   gnu/packages/patches/libevent-dns-tests.patch			\
   gnu/packages/patches/liboop-mips64-deplibs-fix.patch		\

@@ 138,7 138,11 @@ backups (called chunks) to allow easy burning to CD/DVD.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))))
+         "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
+       (patches
+        (list (search-patch "libarchive-mtree-filename-length-fix.patch")
+              (search-patch "libarchive-fix-lzo-test-case.patch")
+              (search-patch "libarchive-CVE-2013-0211.patch")))))
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)

@@ 0,0 1,21 @@
+Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
+Origin: upstream
+Bug-Debian: http://bugs.debian.org/703957
+Forwarded: not-needed
+
+--- libarchive-3.0.4.orig/libarchive/archive_write.c
++++ libarchive-3.0.4/libarchive/archive_write.c
+@@ -665,8 +665,13 @@ static ssize_t
+ _archive_write_data(struct archive *_a, const void *buff, size_t s)
+ {
+ 	struct archive_write *a = (struct archive_write *)_a;
++	const size_t max_write = INT_MAX;
++
+ 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
+ 	    ARCHIVE_STATE_DATA, "archive_write_data");
++	/* In particular, this catches attempts to pass negative values. */
++	if (s > max_write)
++		s = max_write;
+ 	archive_clear_error(&a->archive);
+ 	return ((a->format_write_data)(a, buff, s));
+ }

@@ 0,0 1,83 @@
+Description: This patch fixes test cases for LZO write support in various
+ architectures, such as armhf. Writing a certain amount of files would
+ cause the LZO compressor level 9 to produce a bigger archive than the
+ default compressor level.
+Author: Andres Mejia <amejia@debian.org>
+
+--- a/libarchive/test/test_write_filter_lzop.c
++++ b/libarchive/test/test_write_filter_lzop.c
+@@ -39,7 +39,7 @@
+ 	size_t buffsize, datasize;
+ 	char path[16];
+ 	size_t used1, used2;
+-	int i, r, use_prog = 0;
++	int i, r, use_prog = 0, filecount;
+ 
+ 	assert((a = archive_write_new()) != NULL);
+ 	r = archive_write_add_filter_lzop(a);
+@@ -58,9 +58,10 @@
+ 
+ 	datasize = 10000;
+ 	assert(NULL != (data = (char *)calloc(1, datasize)));
++	filecount = 10;
+ 
+ 	/*
+-	 * Write a 100 files and read them all back.
++	 * Write a filecount files and read them all back.
+ 	 */
+ 	assert((a = archive_write_new()) != NULL);
+ 	assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
+@@ -77,7 +78,7 @@
+ 	assert((ae = archive_entry_new()) != NULL);
+ 	archive_entry_set_filetype(ae, AE_IFREG);
+ 	archive_entry_set_size(ae, datasize);
+-	for (i = 0; i < 100; i++) {
++	for (i = 0; i < filecount; i++) {
+ 		sprintf(path, "file%03d", i);
+ 		archive_entry_copy_pathname(ae, path);
+ 		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
+@@ -97,7 +98,7 @@
+ 	} else {
+ 		assertEqualIntA(a, ARCHIVE_OK,
+ 		    archive_read_open_memory(a, buff, used1));
+-		for (i = 0; i < 100; i++) {
++		for (i = 0; i < filecount; i++) {
+ 			sprintf(path, "file%03d", i);
+ 			if (!assertEqualInt(ARCHIVE_OK,
+ 				archive_read_next_header(a, &ae)))
+@@ -133,7 +134,7 @@
+ 	    archive_write_set_options(a, "lzop:compression-level=9"));
+ 	assertEqualIntA(a, ARCHIVE_OK,
+ 	    archive_write_open_memory(a, buff, buffsize, &used2));
+-	for (i = 0; i < 100; i++) {
++	for (i = 0; i < filecount; i++) {
+ 		sprintf(path, "file%03d", i);
+ 		assert((ae = archive_entry_new()) != NULL);
+ 		archive_entry_copy_pathname(ae, path);
+@@ -161,7 +162,7 @@
+ 		    archive_read_support_filter_all(a));
+ 		assertEqualIntA(a, ARCHIVE_OK,
+ 		    archive_read_open_memory(a, buff, used2));
+-		for (i = 0; i < 100; i++) {
++		for (i = 0; i < filecount; i++) {
+ 			sprintf(path, "file%03d", i);
+ 			if (!assertEqualInt(ARCHIVE_OK,
+ 				archive_read_next_header(a, &ae)))
+@@ -186,7 +187,7 @@
+ 	    archive_write_set_filter_option(a, NULL, "compression-level", "1"));
+ 	assertEqualIntA(a, ARCHIVE_OK,
+ 	    archive_write_open_memory(a, buff, buffsize, &used2));
+-	for (i = 0; i < 100; i++) {
++	for (i = 0; i < filecount; i++) {
+ 		sprintf(path, "file%03d", i);
+ 		assert((ae = archive_entry_new()) != NULL);
+ 		archive_entry_copy_pathname(ae, path);
+@@ -216,7 +217,7 @@
+ 	} else {
+ 		assertEqualIntA(a, ARCHIVE_OK,
+ 		    archive_read_open_memory(a, buff, used2));
+-		for (i = 0; i < 100; i++) {
++		for (i = 0; i < filecount; i++) {
+ 			sprintf(path, "file%03d", i);
+ 			if (!assertEqualInt(ARCHIVE_OK,
+ 				archive_read_next_header(a, &ae)))

@@ 0,0 1,18 @@
+Description: Patch to fix filename length calculation when writing mtree archives.
+Author: Dave Reisner <dreisner@archlinux.org>
+Origin: upstream
+
+--- a/libarchive/archive_write_set_format_mtree.c
++++ b/libarchive/archive_write_set_format_mtree.c
+@@ -1855,9 +1855,9 @@
+ 		return (ret);
+ 	}
+ 
+-	/* Make a basename from dirname and slash */
++	/* Make a basename from file->parentdir.s and slash */
+ 	*slash  = '\0';
+-	file->parentdir.length = slash - dirname;
++	file->parentdir.length = slash - file->parentdir.s;
+ 	archive_strcpy(&(file->basename),  slash + 1);
+ 	return (ret);
+ }