diff options
-rw-r--r-- | gnu/local.mk | 5 | ||||
-rw-r--r-- | gnu/packages/backup.scm | 18 | ||||
-rw-r--r-- | gnu/packages/patches/libarchive-CVE-2013-0211.patch | 21 | ||||
-rw-r--r-- | gnu/packages/patches/libarchive-CVE-2016-1541.patch | 67 | ||||
-rw-r--r-- | gnu/packages/patches/libarchive-bsdtar-test.patch | 74 | ||||
-rw-r--r-- | gnu/packages/patches/libarchive-fix-lzo-test-case.patch | 83 | ||||
-rw-r--r-- | gnu/packages/patches/libarchive-mtree-filename-length-fix.patch | 18 |
7 files changed, 2 insertions, 284 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 9d3bc1ee8b..8cf5ef5c99 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -561,11 +561,6 @@ dist_patch_DATA = \ gnu/packages/patches/liba52-link-with-libm.patch \ gnu/packages/patches/liba52-set-soname.patch \ gnu/packages/patches/liba52-use-mtune-not-mcpu.patch \ - gnu/packages/patches/libarchive-bsdtar-test.patch \ - gnu/packages/patches/libarchive-CVE-2013-0211.patch \ - gnu/packages/patches/libarchive-CVE-2016-1541.patch \ - gnu/packages/patches/libarchive-fix-lzo-test-case.patch \ - gnu/packages/patches/libarchive-mtree-filename-length-fix.patch \ gnu/packages/patches/libbonobo-activation-test-race.patch \ gnu/packages/patches/libcanberra-sound-theme-freedesktop.patch \ gnu/packages/patches/libcmis-fix-test-onedrive.patch \ diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm index 917bee78d9..05423f1401 100644 --- a/gnu/packages/backup.scm +++ b/gnu/packages/backup.scm @@ -136,8 +136,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") (define-public libarchive (package (name "libarchive") - (replacement libarchive/fixed) - (version "3.1.2") + (version "3.2.0") (source (origin (method url-fetch) @@ -145,12 +144,7 @@ backups (called chunks) to allow easy burning to CD/DVD.") version ".tar.gz")) (sha256 (base32 - "0pixqnrcf35dnqgv0lp7qlcw7k13620qkhgxr288v7p4iz6ym1zb")) - (patches - (search-patches "libarchive-mtree-filename-length-fix.patch" - "libarchive-fix-lzo-test-case.patch" - "libarchive-CVE-2013-0211.patch" - "libarchive-bsdtar-test.patch")))) + "11xabdpmvdmcdkidigmqh4ymhra95lr7ipcys4hdq0gzf7ylbkkv")))) (build-system gnu-build-system) ;; TODO: Add -L/path/to/nettle in libarchive.pc. (inputs @@ -194,14 +188,6 @@ archive. In particular, note that there is currently no built-in support for random access nor for in-place modification.") (license license:bsd-2))) -(define libarchive/fixed - (package - (inherit libarchive) - (source (origin - (inherit (package-source libarchive)) - (patches (cons (search-patch "libarchive-CVE-2016-1541.patch") - (origin-patches (package-source libarchive)))))))) - (define-public rdup (package (name "rdup") diff --git a/gnu/packages/patches/libarchive-CVE-2013-0211.patch b/gnu/packages/patches/libarchive-CVE-2013-0211.patch deleted file mode 100644 index b024a7d4a8..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2013-0211.patch +++ /dev/null @@ -1,21 +0,0 @@ -Description: Fix CVE-2013-0211: read buffer overflow on 64-bit systems -Origin: upstream -Bug-Debian: http://bugs.debian.org/703957 -Forwarded: not-needed - ---- libarchive-3.0.4.orig/libarchive/archive_write.c -+++ libarchive-3.0.4/libarchive/archive_write.c -@@ -665,8 +665,13 @@ static ssize_t - _archive_write_data(struct archive *_a, const void *buff, size_t s) - { - struct archive_write *a = (struct archive_write *)_a; -+ const size_t max_write = INT_MAX; -+ - archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, - ARCHIVE_STATE_DATA, "archive_write_data"); -+ /* In particular, this catches attempts to pass negative values. */ -+ if (s > max_write) -+ s = max_write; - archive_clear_error(&a->archive); - return ((a->format_write_data)(a, buff, s)); - } diff --git a/gnu/packages/patches/libarchive-CVE-2016-1541.patch b/gnu/packages/patches/libarchive-CVE-2016-1541.patch deleted file mode 100644 index 6ac8773244..0000000000 --- a/gnu/packages/patches/libarchive-CVE-2016-1541.patch +++ /dev/null @@ -1,67 +0,0 @@ -Fix CVE-2016-1541 (buffer overflow zip_read_mac_metadata) - -Taken from upstream source repository: -https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 - -When reading OS X metadata entries in Zip archives that were stored -without compression, libarchive would use the uncompressed entry size -to allocate a buffer but would use the compressed entry size to limit -the amount of data copied into that buffer. Since the compressed -and uncompressed sizes are provided by data in the archive itself, -an attacker could manipulate these values to write data beyond -the end of the allocated buffer. - -This fix provides three new checks to guard against such -manipulation and to make libarchive generally more robust when -handling this type of entry: - 1. If an OS X metadata entry is stored without compression, - abort the entire archive if the compressed and uncompressed - data sizes do not match. - 2. When sanity-checking the size of an OS X metadata entry, - abort this entry if either the compressed or uncompressed - size is larger than 4MB. - 3. When copying data into the allocated buffer, check the copy - size against both the compressed entry size and uncompressed - entry size. ---- - libarchive/archive_read_support_format_zip.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 0f8262c..0a0be96 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -2778,6 +2778,11 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if (rsrc->uncompressed_size != rsrc->compressed_size) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Malformed OS X metadata entry: inconsistent size"); -+ return (ARCHIVE_FATAL); -+ } - #ifdef HAVE_ZLIB_H - case 8: /* Deflate compression. */ - #endif -@@ -2798,6 +2803,12 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - (intmax_t)rsrc->uncompressed_size); - return (ARCHIVE_WARN); - } -+ if (rsrc->compressed_size > (4 * 1024 * 1024)) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Mac metadata is too large: %jd > 4M bytes", -+ (intmax_t)rsrc->compressed_size); -+ return (ARCHIVE_WARN); -+ } - - metadata = malloc((size_t)rsrc->uncompressed_size); - if (metadata == NULL) { -@@ -2836,6 +2847,8 @@ zip_read_mac_metadata(struct archive_read *a, struct archive_entry *entry, - bytes_avail = remaining_bytes; - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if ((size_t)bytes_avail > metadata_bytes) -+ bytes_avail = metadata_bytes; - memcpy(mp, p, bytes_avail); - bytes_used = (size_t)bytes_avail; - metadata_bytes -= bytes_used; diff --git a/gnu/packages/patches/libarchive-bsdtar-test.patch b/gnu/packages/patches/libarchive-bsdtar-test.patch deleted file mode 100644 index 6a533a9a07..0000000000 --- a/gnu/packages/patches/libarchive-bsdtar-test.patch +++ /dev/null @@ -1,74 +0,0 @@ -commit b539b2e597b566fe3c4b49cb61c9eef83e5e052d -Author: Pavel Raiskup <praiskup@redhat.com> -Date: Thu Jun 27 16:01:30 2013 +0200 - - Use ustar format in the test_option_b test - - .. because the ustar archive does not store SELinux context. As the default - format for bsdtar is "restricted pax" (trying to store xattrs and other - things by default), the test failed on Fedora because our files have by - default SELinux context set. This results in additional data in tested - archive ~> and the test failed because the archive was unexpectedly big: - - tar/test/test_option_b.c:41: File archive1.tar has size 3072, expected 2048 - - Reviewed by Konrad Kleine <konrad.wilhelm.kleine@gmail.com> - -diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c -index be2ae65..6fea474 100644 ---- a/tar/test/test_option_b.c -+++ b/tar/test/test_option_b.c -@@ -25,8 +25,14 @@ - #include "test.h" - __FBSDID("$FreeBSD$"); - -+#define USTAR_OPT " --format=ustar" -+ - DEFINE_TEST(test_option_b) - { -+ char *testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1); -+ strcpy(testprog_ustar, testprog); -+ strcat(testprog_ustar, USTAR_OPT); -+ - assertMakeFile("file1", 0644, "file1"); - if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { - skipping("Platform doesn't have cat"); -@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) - /* - * Bsdtar does not pad if the output is going directly to a disk file. - */ -- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); -+ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); - failure("bsdtar does not pad archives written directly to regular files"); - assertFileSize("archive1.tar", 2048); - assertEmptyFile("test1.out"); -@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) - * Bsdtar does pad to the block size if the output is going to a socket. - */ - /* Default is -b 20 */ -- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); - failure("bsdtar does pad archives written to pipes"); - assertFileSize("archive2.tar", 10240); - assertEmptyFile("test2.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); - assertFileSize("archive3.tar", 10240); - assertEmptyFile("test3.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); - assertFileSize("archive4.tar", 5120); - assertEmptyFile("test4.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); - assertFileSize("archive5.tar", 2048); - assertEmptyFile("test5.err"); - -- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); -+ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); - assertFileSize("archive6.tar", 4194304); - assertEmptyFile("test6.err"); - diff --git a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch b/gnu/packages/patches/libarchive-fix-lzo-test-case.patch deleted file mode 100644 index ffdc0db922..0000000000 --- a/gnu/packages/patches/libarchive-fix-lzo-test-case.patch +++ /dev/null @@ -1,83 +0,0 @@ -Description: This patch fixes test cases for LZO write support in various - architectures, such as armhf. Writing a certain amount of files would - cause the LZO compressor level 9 to produce a bigger archive than the - default compressor level. -Author: Andres Mejia <amejia@debian.org> - ---- a/libarchive/test/test_write_filter_lzop.c -+++ b/libarchive/test/test_write_filter_lzop.c -@@ -39,7 +39,7 @@ - size_t buffsize, datasize; - char path[16]; - size_t used1, used2; -- int i, r, use_prog = 0; -+ int i, r, use_prog = 0, filecount; - - assert((a = archive_write_new()) != NULL); - r = archive_write_add_filter_lzop(a); -@@ -58,9 +58,10 @@ - - datasize = 10000; - assert(NULL != (data = (char *)calloc(1, datasize))); -+ filecount = 10; - - /* -- * Write a 100 files and read them all back. -+ * Write a filecount files and read them all back. - */ - assert((a = archive_write_new()) != NULL); - assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); -@@ -77,7 +78,7 @@ - assert((ae = archive_entry_new()) != NULL); - archive_entry_set_filetype(ae, AE_IFREG); - archive_entry_set_size(ae, datasize); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - archive_entry_copy_pathname(ae, path); - assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); -@@ -97,7 +98,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used1)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -133,7 +134,7 @@ - archive_write_set_options(a, "lzop:compression-level=9")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -161,7 +162,7 @@ - archive_read_support_filter_all(a)); - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) -@@ -186,7 +187,7 @@ - archive_write_set_filter_option(a, NULL, "compression-level", "1")); - assertEqualIntA(a, ARCHIVE_OK, - archive_write_open_memory(a, buff, buffsize, &used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - assert((ae = archive_entry_new()) != NULL); - archive_entry_copy_pathname(ae, path); -@@ -216,7 +217,7 @@ - } else { - assertEqualIntA(a, ARCHIVE_OK, - archive_read_open_memory(a, buff, used2)); -- for (i = 0; i < 100; i++) { -+ for (i = 0; i < filecount; i++) { - sprintf(path, "file%03d", i); - if (!assertEqualInt(ARCHIVE_OK, - archive_read_next_header(a, &ae))) diff --git a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch b/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch deleted file mode 100644 index ad94592c05..0000000000 --- a/gnu/packages/patches/libarchive-mtree-filename-length-fix.patch +++ /dev/null @@ -1,18 +0,0 @@ -Description: Patch to fix filename length calculation when writing mtree archives. -Author: Dave Reisner <dreisner@archlinux.org> -Origin: upstream - ---- a/libarchive/archive_write_set_format_mtree.c -+++ b/libarchive/archive_write_set_format_mtree.c -@@ -1855,9 +1855,9 @@ - return (ret); - } - -- /* Make a basename from dirname and slash */ -+ /* Make a basename from file->parentdir.s and slash */ - *slash = '\0'; -- file->parentdir.length = slash - dirname; -+ file->parentdir.length = slash - file->parentdir.s; - archive_strcpy(&(file->basename), slash + 1); - return (ret); - } |