gnu: libarchive: Update to 3.2.0.

* gnu/packages/patches/libarchive-CVE-2013-0211.patch, gnu/packages/patches/libarchive-CVE-2016-1541.patch, gnu/packages/patches/libarchive-bsdtar-test.patch, gnu/packages/patches/libarchive-fix-lzo-test-case.patch, gnu/packages/patches/libarchive-mtree-filename-length-fix.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them. * gnu/packages/backup.scm (libarchive): Update to 3.2.0. [source]: Remove deleted patches. [replacement]: Remove. (libarchive/fixed): Remove variable.
2016-05-13 02:23:38 -04:00 · 2016-05-13 02:23:38 -04:00 · 4fa05a8198
parent eb74eb4199
commit 4fa05a8198
7 changed files with 2 additions and 284 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -561,11 +561,6 @@ dist_patch_DATA =						\
  gnu/packages/patches/liba52-link-with-libm.patch		\
  gnu/packages/patches/liba52-set-soname.patch			\
  gnu/packages/patches/liba52-use-mtune-not-mcpu.patch		\
  gnu/packages/patches/libarchive-bsdtar-test.patch		\
  gnu/packages/patches/libarchive-CVE-2013-0211.patch		\
  gnu/packages/patches/libarchive-CVE-2016-1541.patch		\
  gnu/packages/patches/libarchive-fix-lzo-test-case.patch	\
  gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \
  gnu/packages/patches/libbonobo-activation-test-race.patch	\
  gnu/packages/patches/libcanberra-sound-theme-freedesktop.patch \
  gnu/packages/patches/libcmis-fix-test-onedrive.patch		\
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@ -136,8 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
 (define-public libarchive
  (package
    (name "libarchive")
-    (replacement libarchive/fixed)
+    (version "3.2.0")
    (version "3.1.2")
    (source
     (origin
       (method url-fetch)
@ -145,12 +144,7 @@ backups (called chunks) to allow easy burning to CD/DVD.")
                           version ".tar.gz"))
       (sha256
        (base32
-         "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb"))
+         "11xabdpmvdmcdkidigmqh4ymhra95lr7ipcys4hdq0gzf7ylbkkv"))))
       (patches
        (search-patches "libarchive-mtree-filename-length-fix.patch"
                        "libarchive-fix-lzo-test-case.patch"
                        "libarchive-CVE-2013-0211.patch"
                        "libarchive-bsdtar-test.patch"))))
    (build-system gnu-build-system)
    ;; TODO: Add -L/path/to/nettle in libarchive.pc.
    (inputs
@ -194,14 +188,6 @@ archive.  In particular, note that there is currently no built-in support for
 random access nor for in-place modification.")
    (license license:bsd-2)))
 (define libarchive/fixed
  (package
    (inherit libarchive)
    (source (origin
              (inherit (package-source libarchive))
              (patches (cons (search-patch "libarchive-CVE-2016-1541.patch")
                             (origin-patches (package-source libarchive))))))))
 (define-public rdup
  (package
    (name "rdup")
--- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch
+++ b/gnu/packages/patches/libarchive-CVE-2013-0211.patch
@ -1,21 +0,0 @@
 Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems
 Origin: upstream
 Bug-Debian: http://bugs.debian.org/703957
 Forwarded: not-needed
 --- libarchive-3.0.4.orig/libarchive/archive_write.c
 +++ libarchive-3.0.4/libarchive/archive_write.c
@@ -665,8 +665,13 @@ static ssize_t
 _archive_write_data(struct archive *_a, const void *buff, size_t s)
 {
 	struct archive_write *a = (struct archive_write *)_a;
 +	const size_t max_write = INT_MAX;
 +
 	archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC,
 	    ARCHIVE_STATE_DATA, "archive_write_data");
 +	/* In particular, this catches attempts to pass negative values. */
 +	if (s > max_write)
 +		s = max_write;
 	archive_clear_error(&a->archive);
 	return ((a->format_write_data)(a, buff, s));
 }
--- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch
+++ b/gnu/packages/patches/libarchive-CVE-2016-1541.patch
@ -1,67 +0,0 @@
 Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata)
 Taken from upstream source repository:
 https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7
 When reading OS X metadata entries in Zip archives that were stored
 without compression, libarchive would use the uncompressed entry size
 to allocate a buffer but would use the compressed entry size to limit
 the amount of data copied into that buffer.  Since the compressed
 and uncompressed sizes are provided by data in the archive itself,
 an attacker could manipulate these values to write data beyond
 the end of the allocated buffer.
 This fix provides three new checks to guard against such
 manipulation and to make libarchive generally more robust when
 handling this type of entry:
 1. If an OS X metadata entry is stored without compression,
    abort the entire archive if the compressed and uncompressed
    data sizes do not match.
 2. When sanity-checking the size of an OS X metadata entry,
    abort this entry if either the compressed or uncompressed
    size is larger than 4MB.
 3. When copying data into the allocated buffer, check the copy
    size against both the compressed entry size and uncompressed
    entry size.
 ---
 libarchive/archive_read_support_format_zip.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
 index 0f8262c..0a0be96 100644
 --- a/libarchive/archive_read_support_format_zip.c
 +++ b/libarchive/archive_read_support_format_zip.c
@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
 	switch(rsrc->compression) {
 	case 0:  /* No compression. */
 +		if (rsrc->uncompressed_size != rsrc->compressed_size) {
 +			archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +			    "Malformed OS X metadata entry: inconsistent size");
 +			return (ARCHIVE_FATAL);
 +		}
 #ifdef HAVE_ZLIB_H
 	case 8: /* Deflate compression. */
 #endif
@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
 		    (intmax_t)rsrc->uncompressed_size);
 		return (ARCHIVE_WARN);
 	}
 +	if (rsrc->compressed_size > (4 * 1024 * 1024)) {
 +		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +		    "Mac metadata is too large: %jd > 4M bytes",
 +		    (intmax_t)rsrc->compressed_size);
 +		return (ARCHIVE_WARN);
 +	}
 	metadata = malloc((size_t)rsrc->uncompressed_size);
 	if (metadata == NULL) {
@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry,
 			bytes_avail = remaining_bytes;
 		switch(rsrc->compression) {
 		case 0:  /* No compression. */
 +			if ((size_t)bytes_avail > metadata_bytes)
 +				bytes_avail = metadata_bytes;
 			memcpy(mp, p, bytes_avail);
 			bytes_used = (size_t)bytes_avail;
 			metadata_bytes -= bytes_used;
--- a/gnu/packages/patches/libarchive-bsdtar-test.patch
+++ b/gnu/packages/patches/libarchive-bsdtar-test.patch
@ -1,74 +0,0 @@
 commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d
 Author: Pavel Raiskup <praiskup@redhat.com>
 Date:   Thu Jun 27 16:01:30 2013 +0200
    Use ustar format in the test_option_b test
    .. because the ustar archive does not store SELinux context.  As the default
    format for bsdtar is "restricted pax" (trying to store xattrs and other
    things by default), the test failed on Fedora because our files have by
    default SELinux context set.  This results in additional data in tested
    archive ~> and the test failed because the archive was unexpectedly big:
     tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048
    Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com>
 diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c
 index be2ae65..6fea474 100644
 --- a/tar/test/test_option_b.c
 +++ b/tar/test/test_option_b.c
@@ -25,8 +25,14 @@
 #include "test.h"
 __FBSDID("$FreeBSD$");
 +#define USTAR_OPT " --format=ustar"
 +
 DEFINE_TEST(test_option_b)
 {
 +	char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
 +	strcpy(testprog_ustar, testprog);
 +	strcat(testprog_ustar, USTAR_OPT);
 +
 	assertMakeFile("file1", 0644, "file1");
 	if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) {
 		skipping("Platform doesn't have cat");
@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b)
 	/*
 	 * Bsdtar does not pad if the output is going directly to a disk file.
 	 */
 -	assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog));
 +	assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar));
 	failure("bsdtar does not pad archives written directly to regular files");
 	assertFileSize("archive1.tar", 2048);
 	assertEmptyFile("test1.out");
@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b)
 	 * Bsdtar does pad to the block size if the output is going to a socket.
 	 */
 	/* Default is -b 20 */
 -	assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog));
 +	assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar));
 	failure("bsdtar does pad archives written to pipes");
 	assertFileSize("archive2.tar", 10240);
 	assertEmptyFile("test2.err");
 -	assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog));
 +	assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar));
 	assertFileSize("archive3.tar", 10240);
 	assertEmptyFile("test3.err");
 -	assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog));
 +	assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar));
 	assertFileSize("archive4.tar", 5120);
 	assertEmptyFile("test4.err");
 -	assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog));
 +	assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar));
 	assertFileSize("archive5.tar", 2048);
 	assertEmptyFile("test5.err");
 -	assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog));
 +	assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar));
 	assertFileSize("archive6.tar", 4194304);
 	assertEmptyFile("test6.err");
--- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
+++ b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch
@ -1,83 +0,0 @@
 Description: This patch fixes test cases for LZO write support in various
 architectures, such as armhf. Writing a certain amount of files would
 cause the LZO compressor level 9 to produce a bigger archive than the
 default compressor level.
 Author: Andres Mejia <amejia@debian.org>
 --- a/libarchive/test/test_write_filter_lzop.c
 +++ b/libarchive/test/test_write_filter_lzop.c
@@ -39,7 +39,7 @@
 	size_t buffsize, datasize;
 	char path[16];
 	size_t used1, used2;
 -	int i, r, use_prog = 0;
 +	int i, r, use_prog = 0, filecount;
 	assert((a = archive_write_new()) != NULL);
 	r = archive_write_add_filter_lzop(a);
@@ -58,9 +58,10 @@
 	datasize = 10000;
 	assert(NULL != (data = (char *)calloc(1, datasize)));
 +	filecount = 10;
 	/*
 -	 * Write a 100 files and read them all back.
 +	 * Write a filecount files and read them all back.
 	 */
 	assert((a = archive_write_new()) != NULL);
 	assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
@@ -77,7 +78,7 @@
 	assert((ae = archive_entry_new()) != NULL);
 	archive_entry_set_filetype(ae, AE_IFREG);
 	archive_entry_set_size(ae, datasize);
 -	for (i = 0; i < 100; i++) {
 +	for (i = 0; i < filecount; i++) {
 		sprintf(path, "file%03d", i);
 		archive_entry_copy_pathname(ae, path);
 		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
@@ -97,7 +98,7 @@
 	} else {
 		assertEqualIntA(a, ARCHIVE_OK,
 		    archive_read_open_memory(a, buff, used1));
 -		for (i = 0; i < 100; i++) {
 +		for (i = 0; i < filecount; i++) {
 			sprintf(path, "file%03d", i);
 			if (!assertEqualInt(ARCHIVE_OK,
 				archive_read_next_header(a, &ae)))
@@ -133,7 +134,7 @@
 	    archive_write_set_options(a, "lzop:compression-level=9"));
 	assertEqualIntA(a, ARCHIVE_OK,
 	    archive_write_open_memory(a, buff, buffsize, &used2));
 -	for (i = 0; i < 100; i++) {
 +	for (i = 0; i < filecount; i++) {
 		sprintf(path, "file%03d", i);
 		assert((ae = archive_entry_new()) != NULL);
 		archive_entry_copy_pathname(ae, path);
@@ -161,7 +162,7 @@
 		    archive_read_support_filter_all(a));
 		assertEqualIntA(a, ARCHIVE_OK,
 		    archive_read_open_memory(a, buff, used2));
 -		for (i = 0; i < 100; i++) {
 +		for (i = 0; i < filecount; i++) {
 			sprintf(path, "file%03d", i);
 			if (!assertEqualInt(ARCHIVE_OK,
 				archive_read_next_header(a, &ae)))
@@ -186,7 +187,7 @@
 	    archive_write_set_filter_option(a, NULL, "compression-level", "1"));
 	assertEqualIntA(a, ARCHIVE_OK,
 	    archive_write_open_memory(a, buff, buffsize, &used2));
 -	for (i = 0; i < 100; i++) {
 +	for (i = 0; i < filecount; i++) {
 		sprintf(path, "file%03d", i);
 		assert((ae = archive_entry_new()) != NULL);
 		archive_entry_copy_pathname(ae, path);
@@ -216,7 +217,7 @@
 	} else {
 		assertEqualIntA(a, ARCHIVE_OK,
 		    archive_read_open_memory(a, buff, used2));
 -		for (i = 0; i < 100; i++) {
 +		for (i = 0; i < filecount; i++) {
 			sprintf(path, "file%03d", i);
 			if (!assertEqualInt(ARCHIVE_OK,
 				archive_read_next_header(a, &ae)))
--- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
+++ b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch
@ -1,18 +0,0 @@
 Description: Patch to fix filename length calculation when writing mtree archives.
 Author: Dave Reisner <dreisner@archlinux.org>
 Origin: upstream
 --- a/libarchive/archive_write_set_format_mtree.c
 +++ b/libarchive/archive_write_set_format_mtree.c
@@ -1855,9 +1855,9 @@
 		return (ret);
 	}
 -	/* Make a basename from dirname and slash */
 +	/* Make a basename from file->parentdir.s and slash */
 	*slash  = '\0';
 -	file->parentdir.length = slash - dirname;
 +	file->parentdir.length = slash - file->parentdir.s;
 	archive_strcpy(&(file->basename),  slash + 1);
 	return (ret);
 }