summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2021-03-16Hack to make output not get out of order1.8.2.z+ios+jsonSam Bingner
2021-03-16Add support for JSON outputSam Bingner
2021-03-13Merge remote-tracking branch 'upstream/1.8.2.z' into 1.8.2.z+ios1.8.2.z+iosSam Bingner
2020-12-07Release 1.8.2.2Julian Andres Klode
2020-12-07CVE-2020-27350: tarfile: integer overflow: Limit tar items to 128 GiBJulian Andres Klode
The integer overflow was detected by DonKult who added a check like this: (std::numeric_limits<decltype(Itm.Size)>::max() - (2 * sizeof(Block))) Which deals with the code as is, but also still is a fairly big limit, and could become fragile if we change the code. Let's limit our file sizes to 128 GiB, which should be sufficient for everyone. Original comment by DonKult: The code assumes that it can add sizeof(Block)-1 to the size of the item later on, but if we are close to a 64bit overflow this is not possible. Fixing this seems too complex compared to just ensuring there is enough room left given that we will have a lot more problems the moment we will be acting on files that large as if the item is that large, the (valid) tar including it probably doesn't fit in 64bit either.
2020-12-07CVE-2020-27350: debfile: integer overflow: Limit control size to 64 MiBJulian Andres Klode
Like the code in arfile.cc, MemControlExtract also has buffer overflows, in code allocating memory for parsing control files. Specify an upper limit of 64 MiB for control files to both protect against the Size overflowing (we allocate Size + 2 bytes), and protect a bit against control files consisting only of zeroes.
2020-12-07tarfile: OOM hardening: Limit size of long names/links to 1 MiBJulian Andres Klode
Tarballs have long names and long link targets structured by a special tar header with a GNU extension followed by the actual content (padded to 512 bytes). Essentially, think of a name as a special kind of file. The limit of a file size in a header is 12 bytes, aka 10**12 or 1 TB. While this works OK-ish for file content that we stream to extractors, we need to copy file names into memory, and this opens us up to an OOM DoS attack. Limit the file name size to 1 MiB, as libarchive does, to make things safer.
2020-12-07CVE-2020-27350: arfile: Integer overflow in parsingJulian Andres Klode
GHSL-2020-169: This first hunk adds a check that we have more files left to read in the file than the size of the member, ensuring that (a) the number is not negative, which caused the crash here and (b) ensures that we similarly avoid other issues with trying to read too much data. GHSL-2020-168: Long file names are encoded by a special marker in the filename and then the real filename is part of what is normally the data. We did not check that the length of the file name is within the length of the member, which means that we got a overflow later when subtracting the length from the member size to get the remaining member size. The file createdeb-lp1899193.cc was provided by GitHub Security Lab and reformatted using apt coding style for inclusion in the test case, both of these issues have an automated test case in test/integration/test-ubuntu-bug-1899193-security-issues. LP: #1899193
2020-07-17Don't tell the server to set a cookie1.8.y+iosSam Bingner
2020-07-17Hack around nitotv's broken webserverSam Bingner
2020-07-17Update User-Agent stringSam Bingner
2020-07-17Add nitotv cookiesSam Bingner
2020-07-17Warn if appropriate on dateSam Bingner
2020-07-17Cleanup patches for 1.8.2Sam Bingner
2020-07-17Use access instead of faccessat for iOS5 compatibilitySam Bingner
2020-07-17Remove errors that we don't needSam Bingner
2020-07-17build changes to work with our new httpJaywalker
2020-07-17Added kirb's TLS1.2 patchJaywalker
2020-07-17Make the compiler complain lessSam Bingner
2020-07-17Workaround for shell scriptsSam Bingner
2020-07-17Added required patchesJaywalker
2020-07-17Added seemingly missing filesJaywalker
2020-07-17Build system changesJaywalker
2020-07-17Don't download "optional" files not in Release :/.Jay Freeman (saurik)
2020-07-17For ReMap to work, S has to be marked volatile :/.Jay Freeman (saurik)
2020-07-17Tags should use StoreString, not WriteStringInMap.Jay Freeman (saurik)
2020-07-17Port TagIterator to correctly support ReMap (doh).Jay Freeman (saurik)
2020-07-17Repeat after me: IMS-Hit is really "I am shit" :/.Jay Freeman (saurik)
2020-07-17It is NOT OK to just munmap memory from malloc :/.Jay Freeman (saurik)
2020-07-17Symlinking final file failed is a common issue :/.Jay Freeman (saurik)
2020-07-17This is realloc, not reallocf: be more careful :/.Jay Freeman (saurik)
2020-07-17Bill is consistent. Bill is correct. Be like Bill.Jay Freeman (saurik)
2020-07-17You can't just assume the start is always zero :/.Jay Freeman (saurik)
2020-07-17The length given to msync was calculated wrong :/.Jay Freeman (saurik)
2020-07-17Not /not/ immediately mapping a file is INSANE :/.Jay Freeman (saurik)
2020-07-17The entire concept of PendingError() is flawed :/.Jay Freeman (saurik)
2020-07-17Bug #807012 also involves package dependencies :/.Jay Freeman (saurik)
2020-07-17On IMS-Hit, you can't assume local compression :/.Jay Freeman (saurik)
2020-07-17It is *never* a good idea to throw away stderr :/.Jay Freeman (saurik)
2020-07-17It is just so absolutely critical that this works.Jay Freeman (saurik)
2020-07-17My "tolerance" patch was a tad bit overzealous :(.Jay Freeman (saurik)
2020-07-17You have to do the bounds check before the access.Jay Freeman (saurik)
2020-07-17Fix field-without-values appearing at end of file.Jay Freeman (saurik)
2020-07-17Of *course* I managed to get this check backwards.Jay Freeman (saurik)
2020-07-17In the C locale, let's avoid any crazy transforms.Jay Freeman (saurik)
2020-07-17It's just *mean* to complain if they already know.Jay Freeman (saurik)
2020-07-17Wreck validation until we can assess ecosystem :/.Jay Freeman (saurik)
2020-07-17This is 2016 and APT already requires use of mmap.Jay Freeman (saurik)
2020-07-17Only check for valid Date if checking Valid-Until.Jay Freeman (saurik)
2020-07-17I know this is "bad", but a "full wedge" is worse.Jay Freeman (saurik)