mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-25 22:08:16 -05:00
gnu: libarchive: Update to 3.2.0.
* gnu/packages/patches/libarchive-CVE-2013-0211.patch, gnu/packages/patches/libarchive-CVE-2016-1541.patch, gnu/packages/patches/libarchive-bsdtar-test.patch, gnu/packages/patches/libarchive-fix-lzo-test-case.patch, gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/backup.scm (libarchive): Update to 3.2.0. [source]: Remove deleted patches. [replacement]: Remove. (libarchive/fixed): Remove variable.
This commit is contained in:
parent
eb74eb4199
commit
4fa05a8198
7 changed files with 2 additions and 284 deletions
|
@ -561,11 +561,6 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/liba52-link-with-libm.patch \
|
||||
gnu/packages/patches/liba52-set-soname.patch \
|
||||
gnu/packages/patches/liba52-use-mtune-not-mcpu.patch \
|
||||
gnu/packages/patches/libarchive-bsdtar-test.patch \
|
||||
gnu/packages/patches/libarchive-CVE-2013-0211.patch \
|
||||
gnu/packages/patches/libarchive-CVE-2016-1541.patch \
|
||||
gnu/packages/patches/libarchive-fix-lzo-test-case.patch \
|
||||
gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
|
||||
gnu/packages/patches/libbonobo-activation-test-race.patch \
|
||||
gnu/packages/patches/libcanberra-sound-theme-freedesktop.patch \
|
||||
gnu/packages/patches/libcmis-fix-test-onedrive.patch \
|
||||
|
|
|
@ -136,8 +136,7 @@ (define-public hdup
|
|||
(define-public libarchive
|
||||
(package
|
||||
(name "libarchive")
|
||||
(replacement libarchive/fixed)
|
||||
(version "3.1.2")
|
||||
(version "3.2.0")
|
||||
(source
|
||||
(origin
|
||||
(method url-fetch)
|
||||
|
@ -145,12 +144,7 @@ (define-public libarchive
|
|||
version ".tar.gz"))
|
||||
(sha256
|
||||
(base32
|
||||
"0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
|
||||
(patches
|
||||
(search-patches "libarchive-mtree-filename-length-fix.patch"
|
||||
"libarchive-fix-lzo-test-case.patch"
|
||||
"libarchive-CVE-2013-0211.patch"
|
||||
"libarchive-bsdtar-test.patch"))))
|
||||
"11xabdpmvdmcdkidigmqh4ymhra95lr7ipcys4hdq0gzf7ylbkkv"))))
|
||||
(build-system gnu-build-system)
|
||||
;; TODO: Add -L/path/to/nettle in libarchive.pc.
|
||||
(inputs
|
||||
|
@ -194,14 +188,6 @@ (define-public libarchive
|
|||
random access nor for in-place modification.")
|
||||
(license license:bsd-2)))
|
||||
|
||||
(define libarchive/fixed
|
||||
(package
|
||||
(inherit libarchive)
|
||||
(source (origin
|
||||
(inherit (package-source libarchive))
|
||||
(patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
|
||||
(origin-patches (package-source libarchive))))))))
|
||||
|
||||
(define-public rdup
|
||||
(package
|
||||
(name "rdup")
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
|
||||
Origin: upstream
|
||||
Bug-Debian: http://bugs.debian.org/703957
|
||||
Forwarded: not-needed
|
||||
|
||||
--- libarchive-3.0.4.orig/libarchive/archive_write.c
|
||||
+++ libarchive-3.0.4/libarchive/archive_write.c
|
||||
@@ -665,8 +665,13 @@ static ssize_t
|
||||
_archive_write_data(struct archive *_a, const void *buff, size_t s)
|
||||
{
|
||||
struct archive_write *a = (struct archive_write *)_a;
|
||||
+ const size_t max_write = INT_MAX;
|
||||
+
|
||||
archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
|
||||
ARCHIVE_STATE_DATA, "archive_write_data");
|
||||
+ /* In particular, this catches attempts to pass negative values. */
|
||||
+ if (s > max_write)
|
||||
+ s = max_write;
|
||||
archive_clear_error(&a->archive);
|
||||
return ((a->format_write_data)(a, buff, s));
|
||||
}
|
|
@ -1,67 +0,0 @@
|
|||
Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
|
||||
|
||||
Taken from upstream source repository:
|
||||
https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
|
||||
|
||||
When reading OS X metadata entries in Zip archives that were stored
|
||||
without compression, libarchive would use the uncompressed entry size
|
||||
to allocate a buffer but would use the compressed entry size to limit
|
||||
the amount of data copied into that buffer. Since the compressed
|
||||
and uncompressed sizes are provided by data in the archive itself,
|
||||
an attacker could manipulate these values to write data beyond
|
||||
the end of the allocated buffer.
|
||||
|
||||
This fix provides three new checks to guard against such
|
||||
manipulation and to make libarchive generally more robust when
|
||||
handling this type of entry:
|
||||
1. If an OS X metadata entry is stored without compression,
|
||||
abort the entire archive if the compressed and uncompressed
|
||||
data sizes do not match.
|
||||
2. When sanity-checking the size of an OS X metadata entry,
|
||||
abort this entry if either the compressed or uncompressed
|
||||
size is larger than 4MB.
|
||||
3. When copying data into the allocated buffer, check the copy
|
||||
size against both the compressed entry size and uncompressed
|
||||
entry size.
|
||||
---
|
||||
libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
|
||||
index 0f8262c..0a0be96 100644
|
||||
--- a/libarchive/archive_read_support_format_zip.c
|
||||
+++ b/libarchive/archive_read_support_format_zip.c
|
||||
@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
|
||||
|
||||
switch(rsrc->compression) {
|
||||
case 0: /* No compression. */
|
||||
+ if (rsrc->uncompressed_size != rsrc->compressed_size) {
|
||||
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
|
||||
+ "Malformed OS X metadata entry: inconsistent size");
|
||||
+ return (ARCHIVE_FATAL);
|
||||
+ }
|
||||
#ifdef HAVE_ZLIB_H
|
||||
case 8: /* Deflate compression. */
|
||||
#endif
|
||||
@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
|
||||
(intmax_t)rsrc->uncompressed_size);
|
||||
return (ARCHIVE_WARN);
|
||||
}
|
||||
+ if (rsrc->compressed_size > (4 * 1024 * 1024)) {
|
||||
+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
|
||||
+ "Mac metadata is too large: %jd > 4M bytes",
|
||||
+ (intmax_t)rsrc->compressed_size);
|
||||
+ return (ARCHIVE_WARN);
|
||||
+ }
|
||||
|
||||
metadata = malloc((size_t)rsrc->uncompressed_size);
|
||||
if (metadata == NULL) {
|
||||
@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
|
||||
bytes_avail = remaining_bytes;
|
||||
switch(rsrc->compression) {
|
||||
case 0: /* No compression. */
|
||||
+ if ((size_t)bytes_avail > metadata_bytes)
|
||||
+ bytes_avail = metadata_bytes;
|
||||
memcpy(mp, p, bytes_avail);
|
||||
bytes_used = (size_t)bytes_avail;
|
||||
metadata_bytes -= bytes_used;
|
|
@ -1,74 +0,0 @@
|
|||
commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
|
||||
Author: Pavel Raiskup <praiskup@redhat.com>
|
||||
Date: Thu Jun 27 16:01:30 2013 +0200
|
||||
|
||||
Use ustar format in the test_option_b test
|
||||
|
||||
.. because the ustar archive does not store SELinux context. As the default
|
||||
format for bsdtar is "restricted pax" (trying to store xattrs and other
|
||||
things by default), the test failed on Fedora because our files have by
|
||||
default SELinux context set. This results in additional data in tested
|
||||
archive ~> and the test failed because the archive was unexpectedly big:
|
||||
|
||||
tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048
|
||||
|
||||
Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
|
||||
|
||||
diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
|
||||
index be2ae65..6fea474 100644
|
||||
--- a/tar/test/test_option_b.c
|
||||
+++ b/tar/test/test_option_b.c
|
||||
@@ -25,8 +25,14 @@
|
||||
#include "test.h"
|
||||
__FBSDID("$FreeBSD$");
|
||||
|
||||
+#define USTAR_OPT " --format=ustar"
|
||||
+
|
||||
DEFINE_TEST(test_option_b)
|
||||
{
|
||||
+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
|
||||
+ strcpy(testprog_ustar, testprog);
|
||||
+ strcat(testprog_ustar, USTAR_OPT);
|
||||
+
|
||||
assertMakeFile("file1", 0644, "file1");
|
||||
if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
|
||||
skipping("Platform doesn't have cat");
|
||||
@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
|
||||
/*
|
||||
* Bsdtar does not pad if the output is going directly to a disk file.
|
||||
*/
|
||||
- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog));
|
||||
+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar));
|
||||
failure("bsdtar does not pad archives written directly to regular files");
|
||||
assertFileSize("archive1.tar", 2048);
|
||||
assertEmptyFile("test1.out");
|
||||
@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
|
||||
* Bsdtar does pad to the block size if the output is going to a socket.
|
||||
*/
|
||||
/* Default is -b 20 */
|
||||
- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog));
|
||||
+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar));
|
||||
failure("bsdtar does pad archives written to pipes");
|
||||
assertFileSize("archive2.tar", 10240);
|
||||
assertEmptyFile("test2.err");
|
||||
|
||||
- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog));
|
||||
+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar));
|
||||
assertFileSize("archive3.tar", 10240);
|
||||
assertEmptyFile("test3.err");
|
||||
|
||||
- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog));
|
||||
+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar));
|
||||
assertFileSize("archive4.tar", 5120);
|
||||
assertEmptyFile("test4.err");
|
||||
|
||||
- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog));
|
||||
+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar));
|
||||
assertFileSize("archive5.tar", 2048);
|
||||
assertEmptyFile("test5.err");
|
||||
|
||||
- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog));
|
||||
+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar));
|
||||
assertFileSize("archive6.tar", 4194304);
|
||||
assertEmptyFile("test6.err");
|
||||
|
|
@ -1,83 +0,0 @@
|
|||
Description: This patch fixes test cases for LZO write support in various
|
||||
architectures, such as armhf. Writing a certain amount of files would
|
||||
cause the LZO compressor level 9 to produce a bigger archive than the
|
||||
default compressor level.
|
||||
Author: Andres Mejia <amejia@debian.org>
|
||||
|
||||
--- a/libarchive/test/test_write_filter_lzop.c
|
||||
+++ b/libarchive/test/test_write_filter_lzop.c
|
||||
@@ -39,7 +39,7 @@
|
||||
size_t buffsize, datasize;
|
||||
char path[16];
|
||||
size_t used1, used2;
|
||||
- int i, r, use_prog = 0;
|
||||
+ int i, r, use_prog = 0, filecount;
|
||||
|
||||
assert((a = archive_write_new()) != NULL);
|
||||
r = archive_write_add_filter_lzop(a);
|
||||
@@ -58,9 +58,10 @@
|
||||
|
||||
datasize = 10000;
|
||||
assert(NULL != (data = (char *)calloc(1, datasize)));
|
||||
+ filecount = 10;
|
||||
|
||||
/*
|
||||
- * Write a 100 files and read them all back.
|
||||
+ * Write a filecount files and read them all back.
|
||||
*/
|
||||
assert((a = archive_write_new()) != NULL);
|
||||
assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
|
||||
@@ -77,7 +78,7 @@
|
||||
assert((ae = archive_entry_new()) != NULL);
|
||||
archive_entry_set_filetype(ae, AE_IFREG);
|
||||
archive_entry_set_size(ae, datasize);
|
||||
- for (i = 0; i < 100; i++) {
|
||||
+ for (i = 0; i < filecount; i++) {
|
||||
sprintf(path, "file%03d", i);
|
||||
archive_entry_copy_pathname(ae, path);
|
||||
assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
|
||||
@@ -97,7 +98,7 @@
|
||||
} else {
|
||||
assertEqualIntA(a, ARCHIVE_OK,
|
||||
archive_read_open_memory(a, buff, used1));
|
||||
- for (i = 0; i < 100; i++) {
|
||||
+ for (i = 0; i < filecount; i++) {
|
||||
sprintf(path, "file%03d", i);
|
||||
if (!assertEqualInt(ARCHIVE_OK,
|
||||
archive_read_next_header(a, &ae)))
|
||||
@@ -133,7 +134,7 @@
|
||||
archive_write_set_options(a, "lzop:compression-level=9"));
|
||||
assertEqualIntA(a, ARCHIVE_OK,
|
||||
archive_write_open_memory(a, buff, buffsize, &used2));
|
||||
- for (i = 0; i < 100; i++) {
|
||||
+ for (i = 0; i < filecount; i++) {
|
||||
sprintf(path, "file%03d", i);
|
||||
assert((ae = archive_entry_new()) != NULL);
|
||||
archive_entry_copy_pathname(ae, path);
|
||||
@@ -161,7 +162,7 @@
|
||||
archive_read_support_filter_all(a));
|
||||
assertEqualIntA(a, ARCHIVE_OK,
|
||||
archive_read_open_memory(a, buff, used2));
|
||||
- for (i = 0; i < 100; i++) {
|
||||
+ for (i = 0; i < filecount; i++) {
|
||||
sprintf(path, "file%03d", i);
|
||||
if (!assertEqualInt(ARCHIVE_OK,
|
||||
archive_read_next_header(a, &ae)))
|
||||
@@ -186,7 +187,7 @@
|
||||
archive_write_set_filter_option(a, NULL, "compression-level", "1"));
|
||||
assertEqualIntA(a, ARCHIVE_OK,
|
||||
archive_write_open_memory(a, buff, buffsize, &used2));
|
||||
- for (i = 0; i < 100; i++) {
|
||||
+ for (i = 0; i < filecount; i++) {
|
||||
sprintf(path, "file%03d", i);
|
||||
assert((ae = archive_entry_new()) != NULL);
|
||||
archive_entry_copy_pathname(ae, path);
|
||||
@@ -216,7 +217,7 @@
|
||||
} else {
|
||||
assertEqualIntA(a, ARCHIVE_OK,
|
||||
archive_read_open_memory(a, buff, used2));
|
||||
- for (i = 0; i < 100; i++) {
|
||||
+ for (i = 0; i < filecount; i++) {
|
||||
sprintf(path, "file%03d", i);
|
||||
if (!assertEqualInt(ARCHIVE_OK,
|
||||
archive_read_next_header(a, &ae)))
|
|
@ -1,18 +0,0 @@
|
|||
Description: Patch to fix filename length calculation when writing mtree archives.
|
||||
Author: Dave Reisner <dreisner@archlinux.org>
|
||||
Origin: upstream
|
||||
|
||||
--- a/libarchive/archive_write_set_format_mtree.c
|
||||
+++ b/libarchive/archive_write_set_format_mtree.c
|
||||
@@ -1855,9 +1855,9 @@
|
||||
return (ret);
|
||||
}
|
||||
|
||||
- /* Make a basename from dirname and slash */
|
||||
+ /* Make a basename from file->parentdir.s and slash */
|
||||
*slash = '\0';
|
||||
- file->parentdir.length = slash - dirname;
|
||||
+ file->parentdir.length = slash - file->parentdir.s;
|
||||
archive_strcpy(&(file->basename), slash + 1);
|
||||
return (ret);
|
||||
}
|
Loading…
Reference in a new issue