[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: gnu: libarchive: Update to 3.2.0.
|
From: |
Leo Famulari |
|
Subject: |
02/02: gnu: libarchive: Update to 3.2.0. |
|
Date: |
Sun, 15 May 2016 06:42:36 +0000 (UTC) |
lfam pushed a commit to branch core-updates
in repository guix.
commit 4fa05a81983d4aa33837e1c01457442be7b58aad
Author: Leo Famulari <address@hidden>
Date: Fri May 13 02:23:38 2016 -0400
gnu: libarchive: Update to 3.2.0.
* gnu/packages/patches/libarchive-CVE-2013-0211.patch,
gnu/packages/patches/libarchive-CVE-2016-1541.patch,
gnu/packages/patches/libarchive-bsdtar-test.patch,
gnu/packages/patches/libarchive-fix-lzo-test-case.patch,
gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: Delete
files.
* gnu/local.mk (dist_patch_DATA): Remove them.
* gnu/packages/backup.scm (libarchive): Update to 3.2.0.
[source]: Remove deleted patches.
[replacement]: Remove.
(libarchive/fixed): Remove variable.
---
gnu/local.mk | 5 --
gnu/packages/backup.scm | 18 +----
.../patches/libarchive-CVE-2013-0211.patch | 21 -----
.../patches/libarchive-CVE-2016-1541.patch | 67 ----------------
gnu/packages/patches/libarchive-bsdtar-test.patch | 74 -----------------
.../patches/libarchive-fix-lzo-test-case.patch | 83 --------------------
.../libarchive-mtree-filename-length-fix.patch | 18 -----
7 files changed, 2 insertions(+), 284 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 9d3bc1e..8cf5ef5 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -561,11 +561,6 @@ dist_patch_DATA =
\
gnu/packages/patches/liba52-link-with-libm.patch \
gnu/packages/patches/liba52-set-soname.patch \
gnu/packages/patches/liba52-use-mtune-not-mcpu.patch \
- gnu/packages/patches/libarchive-bsdtar-test.patch \
- gnu/packages/patches/libarchive-CVE-2013-0211.patch \
- gnu/packages/patches/libarchive-CVE-2016-1541.patch \
- gnu/packages/patches/libarchive-fix-lzo-test-case.patch \
- gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
gnu/packages/patches/libbonobo-activation-test-race.patch \
gnu/packages/patches/libcanberra-sound-theme-freedesktop.patch \
gnu/packages/patches/libcmis-fix-test-onedrive.patch \
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 917bee7..05423f1 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -136,8 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (replacement libarchive/fixed)
- (version "3.1.2")
+ (version "3.2.0")
(source
(origin
(method url-fetch)
@@ -145,12 +144,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
version ".tar.gz"))
(sha256
(base32
- "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
- (patches
- (search-patches "libarchive-mtree-filename-length-fix.patch"
- "libarchive-fix-lzo-test-case.patch"
- "libarchive-CVE-2013-0211.patch"
- "libarchive-bsdtar-test.patch"))))
+ "11xabdpmvdmcdkidigmqh4ymhra95lr7ipcys4hdq0gzf7ylbkkv"))))
(build-system gnu-build-system)
;; TODO: Add -L/path/to/nettle in libarchive.pc.
(inputs
@@ -194,14 +188,6 @@ archive. In particular, note that there is currently no
built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
-(define libarchive/fixed
- (package
- (inherit libarchive)
- (source (origin
- (inherit (package-source libarchive))
- (patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
- (origin-patches (package-source libarchive))))))))
-
(define-public rdup
(package
(name "rdup")
diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch
b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
deleted file mode 100644
index b024a7d..0000000
--- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
-Origin: upstream
-Bug-Debian: http://bugs.debian.org/703957
-Forwarded: not-needed
-
---- libarchive-3.0.4.orig/libarchive/archive_write.c
-+++ libarchive-3.0.4/libarchive/archive_write.c
-@@ -665,8 +665,13 @@ static ssize_t
- _archive_write_data(struct archive *_a, const void *buff, size_t s)
- {
- struct archive_write *a = (struct archive_write *)_a;
-+ const size_t max_write = INT_MAX;
-+
- archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
- ARCHIVE_STATE_DATA, "archive_write_data");
-+ /* In particular, this catches attempts to pass negative values. */
-+ if (s > max_write)
-+ s = max_write;
- archive_clear_error(&a->archive);
- return ((a->format_write_data)(a, buff, s));
- }
diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch
b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
deleted file mode 100644
index 6ac8773..0000000
--- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
-
-Taken from upstream source repository:
-https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
-
-When reading OS X metadata entries in Zip archives that were stored
-without compression, libarchive would use the uncompressed entry size
-to allocate a buffer but would use the compressed entry size to limit
-the amount of data copied into that buffer. Since the compressed
-and uncompressed sizes are provided by data in the archive itself,
-an attacker could manipulate these values to write data beyond
-the end of the allocated buffer.
-
-This fix provides three new checks to guard against such
-manipulation and to make libarchive generally more robust when
-handling this type of entry:
- 1. If an OS X metadata entry is stored without compression,
- abort the entire archive if the compressed and uncompressed
- data sizes do not match.
- 2. When sanity-checking the size of an OS X metadata entry,
- abort this entry if either the compressed or uncompressed
- size is larger than 4MB.
- 3. When copying data into the allocated buffer, check the copy
- size against both the compressed entry size and uncompressed
- entry size.
----
- libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_zip.c
b/libarchive/archive_read_support_format_zip.c
-index 0f8262c..0a0be96 100644
---- a/libarchive/archive_read_support_format_zip.c
-+++ b/libarchive/archive_read_support_format_zip.c
-@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct
archive_entry *entry,
-
- switch(rsrc->compression) {
- case 0: /* No compression. */
-+ if (rsrc->uncompressed_size != rsrc->compressed_size) {
-+ archive_set_error(&a->archive,
ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Malformed OS X metadata entry: inconsistent size");
-+ return (ARCHIVE_FATAL);
-+ }
- #ifdef HAVE_ZLIB_H
- case 8: /* Deflate compression. */
- #endif
-@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct
archive_entry *entry,
- (intmax_t)rsrc->uncompressed_size);
- return (ARCHIVE_WARN);
- }
-+ if (rsrc->compressed_size > (4 * 1024 * 1024)) {
-+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
-+ "Mac metadata is too large: %jd > 4M bytes",
-+ (intmax_t)rsrc->compressed_size);
-+ return (ARCHIVE_WARN);
-+ }
-
- metadata = malloc((size_t)rsrc->uncompressed_size);
- if (metadata == NULL) {
-@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct
archive_entry *entry,
- bytes_avail = remaining_bytes;
- switch(rsrc->compression) {
- case 0: /* No compression. */
-+ if ((size_t)bytes_avail > metadata_bytes)
-+ bytes_avail = metadata_bytes;
- memcpy(mp, p, bytes_avail);
- bytes_used = (size_t)bytes_avail;
- metadata_bytes -= bytes_used;
diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch
b/gnu/packages/patches/libarchive-bsdtar-test.patch
deleted file mode 100644
index 6a533a9..0000000
--- a/gnu/packages/patches/libarchive-bsdtar-test.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
-Author: Pavel Raiskup <address@hidden>
-Date: Thu Jun 27 16:01:30 2013 +0200
-
- Use ustar format in the test_option_b test
-
- .. because the ustar archive does not store SELinux context. As the
default
- format for bsdtar is "restricted pax" (trying to store xattrs and other
- things by default), the test failed on Fedora because our files have by
- default SELinux context set. This results in additional data in tested
- archive ~> and the test failed because the archive was unexpectedly big:
-
- tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected
2048
-
- Reviewed by Konrad Kleine <address@hidden>
-
-diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
-index be2ae65..6fea474 100644
---- a/tar/test/test_option_b.c
-+++ b/tar/test/test_option_b.c
-@@ -25,8 +25,14 @@
- #include "test.h"
- __FBSDID("$FreeBSD$");
-
-+#define USTAR_OPT " --format=ustar"
-+
- DEFINE_TEST(test_option_b)
- {
-+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
-+ strcpy(testprog_ustar, testprog);
-+ strcat(testprog_ustar, USTAR_OPT);
-+
- assertMakeFile("file1", 0644, "file1");
- if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
- skipping("Platform doesn't have cat");
-@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
- /*
- * Bsdtar does not pad if the output is going directly to a disk file.
- */
-- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out
2>test1.err", testprog));
-+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out
2>test1.err", testprog_ustar));
- failure("bsdtar does not pad archives written directly to regular
files");
- assertFileSize("archive1.tar", 2048);
- assertEmptyFile("test1.out");
-@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
- * Bsdtar does pad to the block size if the output is going to a socket.
- */
- /* Default is -b 20 */
-- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat
>archive2.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat
>archive2.tar ", testprog_ustar));
- failure("bsdtar does pad archives written to pipes");
- assertFileSize("archive2.tar", 10240);
- assertEmptyFile("test2.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat
>archive3.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat
>archive3.tar ", testprog_ustar));
- assertFileSize("archive3.tar", 10240);
- assertEmptyFile("test3.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat
>archive4.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat
>archive4.tar ", testprog_ustar));
- assertFileSize("archive4.tar", 5120);
- assertEmptyFile("test4.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat
>archive5.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat
>archive5.tar ", testprog_ustar));
- assertFileSize("archive5.tar", 2048);
- assertEmptyFile("test5.err");
-
-- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat
>archive6.tar ", testprog));
-+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat
>archive6.tar ", testprog_ustar));
- assertFileSize("archive6.tar", 4194304);
- assertEmptyFile("test6.err");
-
diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
deleted file mode 100644
index ffdc0db..0000000
--- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-Description: This patch fixes test cases for LZO write support in various
- architectures, such as armhf. Writing a certain amount of files would
- cause the LZO compressor level 9 to produce a bigger archive than the
- default compressor level.
-Author: Andres Mejia <address@hidden>
-
---- a/libarchive/test/test_write_filter_lzop.c
-+++ b/libarchive/test/test_write_filter_lzop.c
-@@ -39,7 +39,7 @@
- size_t buffsize, datasize;
- char path[16];
- size_t used1, used2;
-- int i, r, use_prog = 0;
-+ int i, r, use_prog = 0, filecount;
-
- assert((a = archive_write_new()) != NULL);
- r = archive_write_add_filter_lzop(a);
-@@ -58,9 +58,10 @@
-
- datasize = 10000;
- assert(NULL != (data = (char *)calloc(1, datasize)));
-+ filecount = 10;
-
- /*
-- * Write a 100 files and read them all back.
-+ * Write a filecount files and read them all back.
- */
- assert((a = archive_write_new()) != NULL);
- assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
-@@ -77,7 +78,7 @@
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_set_filetype(ae, AE_IFREG);
- archive_entry_set_size(ae, datasize);
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- archive_entry_copy_pathname(ae, path);
- assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
-@@ -97,7 +98,7 @@
- } else {
- assertEqualIntA(a, ARCHIVE_OK,
- archive_read_open_memory(a, buff, used1));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- if (!assertEqualInt(ARCHIVE_OK,
- archive_read_next_header(a, &ae)))
-@@ -133,7 +134,7 @@
- archive_write_set_options(a, "lzop:compression-level=9"));
- assertEqualIntA(a, ARCHIVE_OK,
- archive_write_open_memory(a, buff, buffsize, &used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, path);
-@@ -161,7 +162,7 @@
- archive_read_support_filter_all(a));
- assertEqualIntA(a, ARCHIVE_OK,
- archive_read_open_memory(a, buff, used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- if (!assertEqualInt(ARCHIVE_OK,
- archive_read_next_header(a, &ae)))
-@@ -186,7 +187,7 @@
- archive_write_set_filter_option(a, NULL, "compression-level", "1"));
- assertEqualIntA(a, ARCHIVE_OK,
- archive_write_open_memory(a, buff, buffsize, &used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- assert((ae = archive_entry_new()) != NULL);
- archive_entry_copy_pathname(ae, path);
-@@ -216,7 +217,7 @@
- } else {
- assertEqualIntA(a, ARCHIVE_OK,
- archive_read_open_memory(a, buff, used2));
-- for (i = 0; i < 100; i++) {
-+ for (i = 0; i < filecount; i++) {
- sprintf(path, "file%03d", i);
- if (!assertEqualInt(ARCHIVE_OK,
- archive_read_next_header(a, &ae)))
diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
deleted file mode 100644
index ad94592..0000000
--- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Description: Patch to fix filename length calculation when writing mtree
archives.
-Author: Dave Reisner <address@hidden>
-Origin: upstream
-
---- a/libarchive/archive_write_set_format_mtree.c
-+++ b/libarchive/archive_write_set_format_mtree.c
-@@ -1855,9 +1855,9 @@
- return (ret);
- }
-
-- /* Make a basename from dirname and slash */
-+ /* Make a basename from file->parentdir.s and slash */
- *slash = '\0';
-- file->parentdir.length = slash - dirname;
-+ file->parentdir.length = slash - file->parentdir.s;
- archive_strcpy(&(file->basename), slash + 1);
- return (ret);
- }