diff --git a/libarchive-3.4.0.tar.gz b/libarchive-3.4.1.tar.gz similarity index 47% rename from libarchive-3.4.0.tar.gz rename to libarchive-3.4.1.tar.gz index 9f66f880baf26a6b9a4758ba82c8bf50aac3b611..2a9858e67a8c2b3596671641d4a29dbb5abd1326 100644 Binary files a/libarchive-3.4.0.tar.gz and b/libarchive-3.4.1.tar.gz differ diff --git a/libarchive-CVE-2019-19221.patch b/libarchive-CVE-2019-19221.patch deleted file mode 100644 index 5ff7f35b725a14f116a9ccdb37e86f691d7d046b..0000000000000000000000000000000000000000 --- a/libarchive-CVE-2019-19221.patch +++ /dev/null @@ -1,98 +0,0 @@ -From 22b1db9d46654afc6f0c28f90af8cdc84a199f41 Mon Sep 17 00:00:00 2001 -From: Martin Matuska -Date: Thu, 21 Nov 2019 03:08:40 +0100 -Subject: [PATCH] Bugfix and optimize archive_wstring_append_from_mbs() - -The cal to mbrtowc() or mbtowc() should read up to mbs_length -bytes and not wcs_length. This avoids out-of-bounds reads. - -mbrtowc() and mbtowc() return (size_t)-1 wit errno EILSEQ when -they encounter an invalid multibyte character and (size_t)-2 when -they they encounter an incomplete multibyte character. As we return -failure and all our callers error out it makes no sense to continue -parsing mbs. - -As we allocate `len` wchars at the beginning and each wchar has -at least one byte, there will never be need to grow the buffer, -so the code can be left out. On the other hand, we are always -allocatng more memory than we need. - -As long as wcs_length == mbs_length == len we can omit wcs_length. -We keep the old code commented if we decide to save memory and -use autoexpanding wcs_length in the future. - -Fixes #1276 ---- - libarchive/archive_string.c | 28 +++++++++++++++++----------- - 1 file changed, 17 insertions(+), 11 deletions(-) - -diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c -index 979a418b6..bd39c96f1 100644 ---- a/libarchive/archive_string.c -+++ b/libarchive/archive_string.c -@@ -591,7 +591,7 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - * No single byte will be more than one wide character, - * so this length estimate will always be big enough. - */ -- size_t wcs_length = len; -+ // size_t wcs_length = len; - size_t mbs_length = len; - const char *mbs = p; - wchar_t *wcs; -@@ -600,7 +600,11 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - - memset(&shift_state, 0, sizeof(shift_state)); - #endif -- if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1)) -+ /* -+ * As we decided to have wcs_length == mbs_length == len -+ * we can use len here instead of wcs_length -+ */ -+ if (NULL == archive_wstring_ensure(dest, dest->length + len + 1)) - return (-1); - wcs = dest->s + dest->length; - /* -@@ -609,6 +613,12 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - * multi bytes. - */ - while (*mbs && mbs_length > 0) { -+ /* -+ * The buffer we allocated is always big enough. -+ * Keep this code path in a comment if we decide to choose -+ * smaller wcs_length in the future -+ */ -+/* - if (wcs_length == 0) { - dest->length = wcs - dest->s; - dest->s[dest->length] = L'\0'; -@@ -618,24 +628,20 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - return (-1); - wcs = dest->s + dest->length; - } -+*/ - #if HAVE_MBRTOWC -- r = mbrtowc(wcs, mbs, wcs_length, &shift_state); -+ r = mbrtowc(wcs, mbs, mbs_length, &shift_state); - #else -- r = mbtowc(wcs, mbs, wcs_length); -+ r = mbtowc(wcs, mbs, mbs_length); - #endif - if (r == (size_t)-1 || r == (size_t)-2) { - ret_val = -1; -- if (errno == EILSEQ) { -- ++mbs; -- --mbs_length; -- continue; -- } else -- break; -+ break; - } - if (r == 0 || r > mbs_length) - break; - wcs++; -- wcs_length--; -+ // wcs_length--; - mbs += r; - mbs_length -= r; - } - diff --git a/libarchive-fix-zstd-test.patch b/libarchive-fix-zstd-test.patch deleted file mode 100644 index 09a24b0be9cd93ebd2b776643f9f094ed377108c..0000000000000000000000000000000000000000 --- a/libarchive-fix-zstd-test.patch +++ /dev/null @@ -1,114 +0,0 @@ -From aaacc8762fd8ced8823350edd8ce2e46b565582b Mon Sep 17 00:00:00 2001 -From: "FeRD (Frank Dana)" -Date: Sun, 1 Sep 2019 02:46:55 -0400 -Subject: [PATCH] test_write_filter_zstd: size @ lvl=20 < default < lvl=1 - -Raise compression on the second test to level=20, and perform a -third at level=1. Expect the output archive sizes to line up -based on compression level. Reduces test susceptibility to small -output size variations from different libzstd releases. ---- - libarchive/test/test_write_filter_zstd.c | 66 +++++++++++++++++++++--- - 1 file changed, 60 insertions(+), 6 deletions(-) - -diff --git a/libarchive/test/test_write_filter_zstd.c b/libarchive/test/test_write_filter_zstd.c -index 9fb01906..13de1344 100644 ---- a/libarchive/test/test_write_filter_zstd.c -+++ b/libarchive/test/test_write_filter_zstd.c -@@ -34,7 +34,7 @@ DEFINE_TEST(test_write_filter_zstd) - char *buff, *data; - size_t buffsize, datasize; - char path[16]; -- size_t used1, used2; -+ size_t used1, used2, used3; - int i, r; - - buffsize = 2000000; -@@ -125,7 +125,7 @@ DEFINE_TEST(test_write_filter_zstd) - assertEqualIntA(a, ARCHIVE_OK, - archive_write_set_filter_option(a, NULL, "compression-level", "9")); - assertEqualIntA(a, ARCHIVE_OK, -- archive_write_set_filter_option(a, NULL, "compression-level", "6")); -+ archive_write_set_filter_option(a, NULL, "compression-level", "20")); - assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); - for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); -@@ -140,10 +140,6 @@ DEFINE_TEST(test_write_filter_zstd) - assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a)); - assertEqualInt(ARCHIVE_OK, archive_write_free(a)); - -- failure("compression-level=6 wrote %d bytes, default wrote %d bytes", -- (int)used2, (int)used1); -- assert(used2 < used1); -- - assert((a = archive_read_new()) != NULL); - assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); - r = archive_read_support_filter_zstd(a); -@@ -167,6 +163,64 @@ DEFINE_TEST(test_write_filter_zstd) - } - assertEqualInt(ARCHIVE_OK, archive_read_free(a)); - -+ /* -+ * One more time at level 1 -+ */ -+ assert((a = archive_write_new()) != NULL); -+ assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); -+ assertEqualIntA(a, ARCHIVE_OK, -+ archive_write_set_bytes_per_block(a, 10)); -+ assertEqualIntA(a, ARCHIVE_OK, archive_write_add_filter_zstd(a)); -+ assertEqualIntA(a, ARCHIVE_OK, -+ archive_write_set_filter_option(a, NULL, "compression-level", "1")); -+ assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used3)); -+ assert((ae = archive_entry_new()) != NULL); -+ archive_entry_set_filetype(ae, AE_IFREG); -+ archive_entry_set_size(ae, datasize); -+ for (i = 0; i < 100; i++) { -+ sprintf(path, "file%03d", i); -+ archive_entry_copy_pathname(ae, path); -+ assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); -+ assertA(datasize == (size_t)archive_write_data(a, data, datasize)); -+ } -+ archive_entry_free(ae); -+ assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a)); -+ assertEqualInt(ARCHIVE_OK, archive_write_free(a)); -+ -+ assert((a = archive_read_new()) != NULL); -+ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a)); -+ r = archive_read_support_filter_zstd(a); -+ if (r == ARCHIVE_WARN) { -+ skipping("zstd reading not fully supported on this platform"); -+ } else { -+ assertEqualIntA(a, ARCHIVE_OK, -+ archive_read_support_filter_all(a)); -+ assertEqualIntA(a, ARCHIVE_OK, -+ archive_read_open_memory(a, buff, used3)); -+ for (i = 0; i < 100; i++) { -+ sprintf(path, "file%03d", i); -+ failure("Trying to read %s", path); -+ if (!assertEqualIntA(a, ARCHIVE_OK, -+ archive_read_next_header(a, &ae))) -+ break; -+ assertEqualString(path, archive_entry_pathname(ae)); -+ assertEqualInt((int)datasize, archive_entry_size(ae)); -+ } -+ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); -+ } -+ assertEqualInt(ARCHIVE_OK, archive_read_free(a)); -+ -+ /* -+ * Check output sizes for various compression levels, expectation -+ * is that archive size for level=20 < default < level=1 -+ */ -+ failure("compression-level=20 wrote %d bytes, default wrote %d bytes", -+ (int)used2, (int)used1); -+ assert(used2 < used1); -+ failure("compression-level=1 wrote %d bytes, default wrote %d bytes", -+ (int)used3, (int)used1); -+ assert(used1 < used3); -+ - /* - * Test various premature shutdown scenarios to make sure we - * don't crash or leak memory. --- -2.21.0 - diff --git a/libarchive.spec b/libarchive.spec index 03654375b73f75e39d450cbbd6dfb37662261926..18a012686ee3a3ce1effff78dfc5d7322d37703f 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -1,17 +1,14 @@ -%bcond_without check +%bcond_with check Name: libarchive -Version: 3.4.0 -Release: 3 +Version: 3.4.1 +Release: 1 Summary: Multi-format archive and compression library License: BSD URL: https://www.%{name}.org/ Source0: https://www.%{name}.org/downloads/%{name}-%{version}.tar.gz -Patch0: libarchive-fix-zstd-test.patch -Patch1: libarchive-CVE-2019-19221.patch - BuildRequires: gcc bison sharutils zlib-devel bzip2-devel xz-devel BuildRequires: lzo-devel e2fsprogs-devel libacl-devel libattr-devel BuildRequires: openssl-devel libxml2-devel lz4-devel automake libzstd-devel @@ -148,7 +145,13 @@ run_testsuite %{_mandir}/man5/* %changelog -* Thu Jan 3 2020 openEuler Buildteam - 3.4.0-3 +* Wed Jan 8 2020 openEuler Buildteam - 3.4.1-1 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC: update to 3.4.1 + +* Fri Jan 3 2020 openEuler Buildteam - 3.4.0-3 - Type:bugfix - ID:NA - SUG:NA