Accepting request 907250 from Java:packages
Security fixes OBS-URL: https://build.opensuse.org/request/show/907250 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache-commons-compress?expand=0&rev=4
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
a91889c61a
@ -9,7 +9,7 @@
|
||||
<property file="build.properties"/>
|
||||
|
||||
<property name="build.name" value="commons-compress"/>
|
||||
<property name="build.version" value="1.19"/>
|
||||
<property name="build.version" value="1.21"/>
|
||||
<property name="build.finalName" value="${build.name}-${build.version}"/>
|
||||
<property name="build.dir" value="target"/>
|
||||
<property name="build.javadocDir" value="${build.dir}/site/apidocs"/>
|
||||
@ -18,18 +18,15 @@
|
||||
<property name="build.resourceDir.0" value="src/main/resources"/>
|
||||
<property name="build.resourceDir.1" value="."/>
|
||||
|
||||
<property name="commons.javadoc.javaee.link" value="http://docs.oracle.com/javaee/6/api/"/>
|
||||
<property name="commons.javadoc.java.link" value="http://docs.oracle.com/javase/7/docs/api/"/>
|
||||
|
||||
<property name="commons.osgi.dynamicImport" value=""/>
|
||||
<property name="commons.osgi.excludeDependencies" value="true"/>
|
||||
<property name="commons.osgi.export" value="org.apache.commons.compress;version="${build.version}",org.apache.commons.compress.archivers;version="${build.version}",org.apache.commons.compress.archivers.ar;version="${build.version}",org.apache.commons.compress.archivers.arj;version="${build.version}",org.apache.commons.compress.archivers.cpio;version="${build.version}",org.apache.commons.compress.archivers.dump;version="${build.version}",org.apache.commons.compress.archivers.examples;version="${build.version}",org.apache.commons.compress.archivers.jar;version="${build.version}",org.apache.commons.compress.archivers.sevenz;version="${build.version}",org.apache.commons.compress.archivers.tar;version="${build.version}",org.apache.commons.compress.archivers.zip;version="${build.version}",org.apache.commons.compress.changes;version="${build.version}",org.apache.commons.compress.compressors;version="${build.version}",org.apache.commons.compress.compressors.bzip2;version="${build.version}",org.apache.commons.compress.compressors.deflate;version="${build.version}",org.apache.commons.compress.compressors.deflate64;version="${build.version}",org.apache.commons.compress.compressors.gzip;version="${build.version}",org.apache.commons.compress.compressors.lz4;version="${build.version}",org.apache.commons.compress.compressors.lz77support;version="${build.version}",org.apache.commons.compress.compressors.lzma;version="${build.version}",org.apache.commons.compress.compressors.lzw;version="${build.version}",org.apache.commons.compress.compressors.pack200;version="${build.version}",org.apache.commons.compress.compressors.snappy;version="${build.version}",org.apache.commons.compress.compressors.xz;version="${build.version}",org.apache.commons.compress.compressors.z;version="${build.version}",org.apache.commons.compress.parallel;version="${build.version}",org.apache.commons.compress.utils;version="${build.version}""/>
|
||||
<property name="commons.osgi.import" value="org.tukaani.xz;resolution:=optional,javax.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional,org.brotli.dec;resolution:=optional,com.github.luben.zstd;resolution:=optional"/>
|
||||
<property name="commons.osgi.export" value="org.apache.commons.compress;version="${build.version}",org.apache.commons.compress.archivers;version="${build.version}",org.apache.commons.compress.archivers.ar;version="${build.version}",org.apache.commons.compress.archivers.arj;version="${build.version}",org.apache.commons.compress.archivers.cpio;version="${build.version}",org.apache.commons.compress.archivers.dump;version="${build.version}",org.apache.commons.compress.archivers.examples;version="${build.version}",org.apache.commons.compress.archivers.jar;version="${build.version}",org.apache.commons.compress.archivers.sevenz;version="${build.version}",org.apache.commons.compress.archivers.tar;version="${build.version}",org.apache.commons.compress.archivers.zip;version="${build.version}",org.apache.commons.compress.changes;version="${build.version}",org.apache.commons.compress.compressors;version="${build.version}",org.apache.commons.compress.compressors.bzip2;version="${build.version}",org.apache.commons.compress.compressors.deflate;version="${build.version}",org.apache.commons.compress.compressors.deflate64;version="${build.version}",org.apache.commons.compress.compressors.gzip;version="${build.version}",org.apache.commons.compress.compressors.lz4;version="${build.version}",org.apache.commons.compress.compressors.lz77support;version="${build.version}",org.apache.commons.compress.compressors.lzma;version="${build.version}",org.apache.commons.compress.compressors.lzw;version="${build.version}",org.apache.commons.compress.compressors.pack200;version="${build.version}",org.apache.commons.compress.compressors.snappy;version="${build.version}",org.apache.commons.compress.compressors.xz;version="${build.version}",org.apache.commons.compress.compressors.z;version="${build.version}",org.apache.commons.compress.harmony.archive.internal.nls;version="${build.version}",org.apache.commons.compress.harmony.pack200;version="${build.version}",org.apache.commons.compress.harmony.unpack200;version="${build.version}",org.apache.commons.compress.harmony.unpack200.bytecode;version="${build.version}",org.apache.commons.compress.harmony.unpack200.bytecode.forms;version="${build.version}",org.apache.commons.compress.java.util.jar;version="${build.version}",org.apache.commons.compress.parallel;version="${build.version}",org.apache.commons.compress.utils;version="${build.version}""/>
|
||||
<property name="commons.osgi.import" value="org.tukaani.xz;resolution:=optional,org.objectweb.asm;resolution:=optional,javax.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional"/>
|
||||
<property name="commons.osgi.private" value=""/>
|
||||
<property name="commons.osgi.symbolicName" value="org.apache.commons.compress"/>
|
||||
|
||||
<property name="compiler.source" value="1.7"/>
|
||||
<property name="compiler.target" value="1.7"/>
|
||||
<property name="compiler.source" value="1.8"/>
|
||||
<property name="compiler.target" value="1.8"/>
|
||||
|
||||
|
||||
<!-- ====================================================================== -->
|
||||
@ -108,8 +105,6 @@
|
||||
linksource="true"
|
||||
breakiterator="false">
|
||||
<classpath refid="build.classpath"/>
|
||||
<!-- <link href="${commons.javadoc.java.link}"/> -->
|
||||
<!-- <link href="${commons.javadoc.javaee.link}"/> -->
|
||||
</javadoc>
|
||||
</target>
|
||||
|
||||
|
||||
@ -1,3 +1,31 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
||||
|
||||
- Updated to 1.21
|
||||
* When reading a specially crafted 7Z archive, the construction of
|
||||
the list of codecs that decompress an entry can result in an
|
||||
infinite loop. This could be used to mount a denial of service
|
||||
attack against services that use Compress' sevenz package.
|
||||
(CVE-2021-35515, bsc#1188463)
|
||||
* When reading a specially crafted 7Z archive, Compress can be
|
||||
made to allocate large amounts of memory that finally leads to
|
||||
an out of memory error even for very small inputs. This could
|
||||
be used to mount a denial of service attack against services
|
||||
that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
|
||||
* When reading a specially crafted TAR archive, Compress can be
|
||||
made to allocate large amounts of memory that finally leads to
|
||||
an out of memory error even for very small inputs. This could be
|
||||
used to mount a denial of service attack against services that
|
||||
use Compress' tar package. (CVE-2021-35517, bsc#1188465)
|
||||
* When reading a specially crafted ZIP archive, Compress can be
|
||||
made to allocate large amounts of memory that finally leads to
|
||||
an out of memory error even for very small inputs. This could
|
||||
be used to mount a denial of service attack against services
|
||||
that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
|
||||
- New dependency on asm3 for Pack200 compressor
|
||||
- Rebased patch fix_java_8_compatibility.patch to a new context and
|
||||
added some new ocurrences
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 28 08:57:02 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package apache
|
||||
# spec file
|
||||
#
|
||||
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2021 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -19,12 +19,12 @@
|
||||
%global base_name compress
|
||||
%global short_name commons-%{base_name}
|
||||
Name: apache-%{short_name}
|
||||
Version: 1.19
|
||||
Version: 1.21
|
||||
Release: 0
|
||||
Summary: Java API for working with compressed files and archivers
|
||||
License: Apache-2.0
|
||||
Group: Development/Libraries/Java
|
||||
URL: http://commons.apache.org/proper/commons-compress/
|
||||
URL: https://commons.apache.org/proper/commons-compress/
|
||||
Source0: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz
|
||||
Source1: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz.asc
|
||||
Source2: %{name}-build.xml
|
||||
@ -32,11 +32,11 @@ Patch0: 0001-Remove-Brotli-compressor.patch
|
||||
Patch1: 0002-Remove-ZSTD-compressor.patch
|
||||
Patch2: fix_java_8_compatibility.patch
|
||||
BuildRequires: ant
|
||||
BuildRequires: asm3
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: java-devel >= 1.7
|
||||
BuildRequires: java-devel >= 1.8
|
||||
BuildRequires: javapackages-local
|
||||
BuildRequires: xz-java
|
||||
Requires: mvn(org.tukaani:xz)
|
||||
Provides: %{short_name} = %{version}-%{release}
|
||||
Obsoletes: %{short_name} < %{version}-%{release}
|
||||
Provides: jakarta-%{short_name} = %{version}-%{release}
|
||||
@ -47,7 +47,7 @@ BuildArch: noarch
|
||||
The Apache Commons Compress library defines an API for working with
|
||||
ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files.
|
||||
In version 1.14 read-only support for Brotli decompression has been added,
|
||||
but it has been removed form this package.
|
||||
but it has been removed from this package.
|
||||
|
||||
%package javadoc
|
||||
Summary: API documentation for %{name}
|
||||
@ -74,13 +74,6 @@ rm src/test/java/org/apache/commons/compress/compressors/DetectCompressorTestCas
|
||||
# Restore Java 8 compatibility
|
||||
%patch2 -p1
|
||||
|
||||
# remove osgi tests, we don't have deps for them
|
||||
%pom_remove_dep org.ops4j.pax.exam:::test
|
||||
%pom_remove_dep :org.apache.felix.framework::test
|
||||
%pom_remove_dep :javax.inject::test
|
||||
%pom_remove_dep :slf4j-api::test
|
||||
rm src/test/java/org/apache/commons/compress/OsgiITest.java
|
||||
|
||||
# NPE with jdk10
|
||||
%pom_remove_plugin :maven-javadoc-plugin
|
||||
|
||||
@ -91,7 +84,7 @@ rm src/test/java/org/apache/commons/compress/OsgiITest.java
|
||||
|
||||
%build
|
||||
mkdir -p lib
|
||||
build-jar-repository -s lib xz-java
|
||||
build-jar-repository -s lib xz-java asm3
|
||||
%{ant} package javadoc
|
||||
|
||||
%install
|
||||
|
||||
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:34217d8e831c7e769d24ade60e41aa48c71200f772f18216205c00b9b2a11d4b
|
||||
size 9877992
|
||||
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iHEEABEKADEWIQTOgHWiUVR77iSbwVGiEVrhX2uLcgUCXWFijBMcYm9kZXdpZ0Bh
|
||||
cGFjaGUub3JnAAoJEKIRWuFfa4tyNIkAn2gKkMs8N+T5giVT746EDm9sR8ypAKCe
|
||||
9VpPXdbYTImJ4SYaSH+CUUOIYA==
|
||||
=vNiG
|
||||
-----END PGP SIGNATURE-----
|
||||
3
commons-compress-1.21-src.tar.gz
Normal file
3
commons-compress-1.21-src.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3ecb1feb62e5307d0fc865dd0b5a80206758aec1d160d297e5c153cfba5977e6
|
||||
size 15165800
|
||||
7
commons-compress-1.21-src.tar.gz.asc
Normal file
7
commons-compress-1.21-src.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iHEEABEKADEWIQTOgHWiUVR77iSbwVGiEVrhX2uLcgUCYOiAPBMcYm9kZXdpZ0Bh
|
||||
cGFjaGUub3JnAAoJEKIRWuFfa4tyyNwAn1RAMciW7Os/lbwCiQ/RJ64GL+LSAKDB
|
||||
7ZWg3nXsSSAnuN7K/3doWvLkLQ==
|
||||
=iHWA
|
||||
-----END PGP SIGNATURE-----
|
||||
@ -1,8 +1,6 @@
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java
|
||||
@@ -19,6 +19,7 @@ package org.apache.commons.compress.arch
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java 2021-07-19 16:32:46.529020782 +0200
|
||||
@@ -19,6 +19,7 @@
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
@ -10,7 +8,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.channels.SeekableByteChannel;
|
||||
|
||||
@@ -69,7 +70,7 @@ class BoundedSeekableByteChannelInputStr
|
||||
@@ -83,7 +84,7 @@
|
||||
} else {
|
||||
buf = ByteBuffer.allocate(bytesToRead);
|
||||
bytesRead = channel.read(buf);
|
||||
@ -19,23 +17,21 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
}
|
||||
if (bytesRead >= 0) {
|
||||
buf.get(b, off, bytesRead);
|
||||
@@ -79,9 +80,9 @@ class BoundedSeekableByteChannelInputStr
|
||||
@@ -93,9 +94,9 @@
|
||||
}
|
||||
|
||||
private int read(int len) throws IOException {
|
||||
private int read(final int len) throws IOException {
|
||||
- buffer.rewind().limit(len);
|
||||
+ ((Buffer)buffer).rewind().limit(len);
|
||||
int read = channel.read(buffer);
|
||||
final int read = channel.read(buffer);
|
||||
- buffer.flip();
|
||||
+ ((Buffer)buffer).flip();
|
||||
return read;
|
||||
}
|
||||
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
|
||||
@@ -25,6 +25,7 @@ import java.io.File;
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 2021-07-19 16:20:02.675782684 +0200
|
||||
@@ -26,6 +26,7 @@
|
||||
import java.io.FilterInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
@ -43,10 +39,19 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.ByteOrder;
|
||||
import java.nio.CharBuffer;
|
||||
@@ -1305,9 +1306,9 @@ public class SevenZFile implements Close
|
||||
@@ -499,7 +500,7 @@
|
||||
while (pos > minPos) {
|
||||
pos--;
|
||||
channel.position(pos);
|
||||
- nidBuf.rewind();
|
||||
+ ((Buffer)nidBuf).rewind();
|
||||
if (channel.read(nidBuf) < 1) {
|
||||
throw new EOFException();
|
||||
}
|
||||
@@ -2016,9 +2017,9 @@
|
||||
}
|
||||
|
||||
private void readFully(ByteBuffer buf) throws IOException {
|
||||
private void readFully(final ByteBuffer buf) throws IOException {
|
||||
- buf.rewind();
|
||||
+ ((Buffer)buf).rewind();
|
||||
IOUtils.readFully(channel, buf);
|
||||
@ -55,19 +60,17 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
}
|
||||
|
||||
@Override
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java
|
||||
@@ -24,6 +24,7 @@ import java.io.DataOutputStream;
|
||||
import java.io.File;
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java 2021-07-19 16:14:03.565317437 +0200
|
||||
@@ -26,6 +26,7 @@
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
+import java.nio.Buffer;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.ByteOrder;
|
||||
import java.nio.channels.SeekableByteChannel;
|
||||
@@ -288,7 +289,7 @@ public class SevenZOutputFile implements
|
||||
@@ -341,7 +342,7 @@
|
||||
crc32.reset();
|
||||
crc32.update(bb.array(), SevenZFile.sevenZSignature.length + 6, 20);
|
||||
bb.putInt(SevenZFile.sevenZSignature.length + 2, (int) crc32.getValue());
|
||||
@ -76,7 +79,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
channel.write(bb);
|
||||
}
|
||||
|
||||
@@ -772,7 +773,7 @@ public class SevenZOutputFile implements
|
||||
@@ -826,7 +827,7 @@
|
||||
private final ByteBuffer buffer = ByteBuffer.allocate(BUF_SIZE);
|
||||
@Override
|
||||
public void write(final int b) throws IOException {
|
||||
@ -85,7 +88,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
buffer.put((byte) b).flip();
|
||||
channel.write(buffer);
|
||||
compressedCrc32.update(b);
|
||||
@@ -790,7 +791,7 @@ public class SevenZOutputFile implements
|
||||
@@ -844,7 +845,7 @@
|
||||
if (len > BUF_SIZE) {
|
||||
channel.write(ByteBuffer.wrap(b, off, len));
|
||||
} else {
|
||||
@ -94,10 +97,8 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
buffer.put(b, off, len).flip();
|
||||
channel.write(buffer);
|
||||
}
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java 2021-07-19 16:14:03.565317437 +0200
|
||||
@@ -20,6 +20,7 @@
|
||||
package org.apache.commons.compress.archivers.zip;
|
||||
|
||||
@ -106,7 +107,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.CharBuffer;
|
||||
import java.nio.charset.Charset;
|
||||
@@ -121,8 +122,8 @@ class NioZipEncoding implements ZipEncod
|
||||
@@ -121,8 +122,8 @@
|
||||
enc.encode(cb, out, true);
|
||||
// may have caused underflow, but that's been ignored traditionally
|
||||
|
||||
@ -117,11 +118,9 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
return out;
|
||||
}
|
||||
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
|
||||
@@ -25,6 +25,7 @@ import java.io.IOException;
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java 2021-07-19 16:14:03.565317437 +0200
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.InputStream;
|
||||
import java.io.PushbackInputStream;
|
||||
import java.math.BigInteger;
|
||||
@ -129,16 +128,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
import java.nio.ByteBuffer;
|
||||
import java.util.Arrays;
|
||||
import java.util.zip.CRC32;
|
||||
@@ -220,7 +221,7 @@ public class ZipArchiveInputStream exten
|
||||
this.allowStoredEntriesWithDataDescriptor =
|
||||
@@ -256,7 +257,7 @@
|
||||
allowStoredEntriesWithDataDescriptor;
|
||||
this.skipSplitSig = skipSplitSig;
|
||||
// haven't read anything so far
|
||||
- buf.limit(0);
|
||||
+ ((Buffer)buf).limit(0);
|
||||
}
|
||||
|
||||
public ZipArchiveEntry getNextZipEntry() throws IOException {
|
||||
@@ -522,13 +523,13 @@ public class ZipArchiveInputStream exten
|
||||
@@ -596,13 +597,13 @@
|
||||
}
|
||||
|
||||
if (buf.position() >= buf.limit()) {
|
||||
@ -155,7 +154,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
|
||||
count(l);
|
||||
current.bytesReadFromStream += l;
|
||||
@@ -719,7 +720,7 @@ public class ZipArchiveInputStream exten
|
||||
@@ -795,7 +796,7 @@
|
||||
}
|
||||
|
||||
inf.reset();
|
||||
@ -164,7 +163,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
current = null;
|
||||
lastStoredEntry = null;
|
||||
}
|
||||
@@ -784,7 +785,7 @@ public class ZipArchiveInputStream exten
|
||||
@@ -860,7 +861,7 @@
|
||||
}
|
||||
final int length = in.read(buf.array());
|
||||
if (length > 0) {
|
||||
@ -173,10 +172,8 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
count(buf.limit());
|
||||
inf.setInput(buf.array(), 0, buf.limit());
|
||||
}
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java 2021-07-19 16:29:53.519835167 +0200
|
||||
@@ -18,6 +18,7 @@
|
||||
|
||||
package org.apache.commons.compress.archivers.zip;
|
||||
@ -185,10 +182,10 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.charset.Charset;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
@@ -85,8 +86,8 @@ public abstract class ZipEncodingHelper
|
||||
@@ -85,8 +86,8 @@
|
||||
}
|
||||
|
||||
static ByteBuffer growBufferBy(ByteBuffer buffer, int increment) {
|
||||
static ByteBuffer growBufferBy(final ByteBuffer buffer, final int increment) {
|
||||
- buffer.limit(buffer.position());
|
||||
- buffer.rewind();
|
||||
+ ((Buffer)buffer).limit(buffer.position());
|
||||
@ -196,11 +193,9 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
|
||||
final ByteBuffer on = ByteBuffer.allocate(buffer.capacity() + increment);
|
||||
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
|
||||
@@ -25,6 +25,7 @@ import java.io.File;
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 2021-07-19 16:28:13.175147502 +0200
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.SequenceInputStream;
|
||||
@ -208,16 +203,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.channels.FileChannel;
|
||||
import java.nio.channels.SeekableByteChannel;
|
||||
@@ -693,7 +694,7 @@ public class ZipFile implements Closeabl
|
||||
|
||||
@@ -713,7 +714,7 @@
|
||||
positionAtCentralDirectory();
|
||||
centralDirectoryStartOffset = archive.position();
|
||||
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
long sig = ZipLong.getValue(wordBuf);
|
||||
|
||||
@@ -704,7 +705,7 @@ public class ZipFile implements Closeabl
|
||||
@@ -724,7 +725,7 @@
|
||||
|
||||
while (sig == CFH_SIG) {
|
||||
readCentralDirectoryEntry(noUTF8Flag);
|
||||
@ -226,7 +221,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
sig = ZipLong.getValue(wordBuf);
|
||||
}
|
||||
@@ -723,7 +724,7 @@ public class ZipFile implements Closeabl
|
||||
@@ -743,7 +744,7 @@
|
||||
private void
|
||||
readCentralDirectoryEntry(final Map<ZipArchiveEntry, NameAndComment> noUTF8Flag)
|
||||
throws IOException {
|
||||
@ -235,7 +230,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
IOUtils.readFully(archive, cfhBbuf);
|
||||
int off = 0;
|
||||
final Entry ze = new Entry();
|
||||
@@ -961,7 +962,7 @@ public class ZipFile implements Closeabl
|
||||
@@ -1100,7 +1101,7 @@
|
||||
archive.position() > ZIP64_EOCDL_LENGTH;
|
||||
if (searchedForZip64EOCD) {
|
||||
archive.position(archive.position() - ZIP64_EOCDL_LENGTH);
|
||||
@ -244,38 +239,85 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
found = Arrays.equals(ZipArchiveOutputStream.ZIP64_EOCD_LOC_SIG,
|
||||
wordBuf);
|
||||
@@ -990,10 +991,10 @@ public class ZipFile implements Closeabl
|
||||
@@ -1128,11 +1129,11 @@
|
||||
private void positionAtCentralDirectory64()
|
||||
throws IOException {
|
||||
skipBytes(ZIP64_EOCDL_LOCATOR_OFFSET
|
||||
- WORD /* signature has already been read */);
|
||||
- dwordBbuf.rewind();
|
||||
if (isSplitZipArchive) {
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
final long diskNumberOfEOCD = ZipLong.getValue(wordBuf);
|
||||
|
||||
- dwordBbuf.rewind();
|
||||
+ ((Buffer)dwordBbuf).rewind();
|
||||
IOUtils.readFully(archive, dwordBbuf);
|
||||
final long relativeOffsetOfEOCD = ZipEightByteInteger.getLongValue(dwordBuf);
|
||||
((ZipSplitReadOnlySeekableByteChannel) archive)
|
||||
@@ -1140,12 +1141,12 @@
|
||||
} else {
|
||||
skipBytes(ZIP64_EOCDL_LOCATOR_OFFSET
|
||||
- WORD /* signature has already been read */);
|
||||
- dwordBbuf.rewind();
|
||||
+ ((Buffer)dwordBbuf).rewind();
|
||||
IOUtils.readFully(archive, dwordBbuf);
|
||||
archive.position(ZipEightByteInteger.getLongValue(dwordBuf));
|
||||
IOUtils.readFully(archive, dwordBbuf);
|
||||
archive.position(ZipEightByteInteger.getLongValue(dwordBuf));
|
||||
}
|
||||
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
if (!Arrays.equals(wordBuf, ZipArchiveOutputStream.ZIP64_EOCD_SIG)) {
|
||||
throw new ZipException("Archive's ZIP64 end of central "
|
||||
@@ -1001,7 +1002,7 @@ public class ZipFile implements Closeabl
|
||||
}
|
||||
skipBytes(ZIP64_EOCD_CFD_LOCATOR_OFFSET
|
||||
- WORD /* signature has already been read */);
|
||||
- dwordBbuf.rewind();
|
||||
+ ((Buffer)dwordBbuf).rewind();
|
||||
IOUtils.readFully(archive, dwordBbuf);
|
||||
archive.position(ZipEightByteInteger.getLongValue(dwordBuf));
|
||||
}
|
||||
@@ -1016,7 +1017,7 @@ public class ZipFile implements Closeabl
|
||||
private void positionAtCentralDirectory32()
|
||||
@@ -1155,13 +1156,13 @@
|
||||
if (isSplitZipArchive) {
|
||||
skipBytes(ZIP64_EOCD_CFD_DISK_OFFSET
|
||||
- WORD /* signature has already been read */);
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
centralDirectoryStartDiskNumber = ZipLong.getValue(wordBuf);
|
||||
|
||||
skipBytes(ZIP64_EOCD_CFD_LOCATOR_RELATIVE_OFFSET);
|
||||
|
||||
- dwordBbuf.rewind();
|
||||
+ ((Buffer)dwordBbuf).rewind();
|
||||
IOUtils.readFully(archive, dwordBbuf);
|
||||
centralDirectoryStartRelativeOffset = ZipEightByteInteger.getLongValue(dwordBuf);
|
||||
((ZipSplitReadOnlySeekableByteChannel) archive)
|
||||
@@ -1169,7 +1170,7 @@
|
||||
} else {
|
||||
skipBytes(ZIP64_EOCD_CFD_LOCATOR_OFFSET
|
||||
- WORD /* signature has already been read */);
|
||||
- dwordBbuf.rewind();
|
||||
+ ((Buffer)dwordBbuf).rewind();
|
||||
IOUtils.readFully(archive, dwordBbuf);
|
||||
centralDirectoryStartDiskNumber = 0;
|
||||
centralDirectoryStartRelativeOffset = ZipEightByteInteger.getLongValue(dwordBuf);
|
||||
@@ -1188,20 +1189,20 @@
|
||||
throws IOException {
|
||||
skipBytes(CFD_LOCATOR_OFFSET);
|
||||
- wordBbuf.rewind();
|
||||
if (isSplitZipArchive) {
|
||||
skipBytes(CFD_DISK_OFFSET);
|
||||
- shortBbuf.rewind();
|
||||
+ ((Buffer)shortBbuf).rewind();
|
||||
IOUtils.readFully(archive, shortBbuf);
|
||||
centralDirectoryStartDiskNumber = ZipShort.getValue(shortBuf);
|
||||
|
||||
skipBytes(CFD_LOCATOR_RELATIVE_OFFSET);
|
||||
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
centralDirectoryStartRelativeOffset = ZipLong.getValue(wordBuf);
|
||||
((ZipSplitReadOnlySeekableByteChannel) archive)
|
||||
.position(centralDirectoryStartDiskNumber, centralDirectoryStartRelativeOffset);
|
||||
} else {
|
||||
skipBytes(CFD_LOCATOR_OFFSET);
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
archive.position(ZipLong.getValue(wordBuf));
|
||||
}
|
||||
@@ -1050,9 +1051,9 @@ public class ZipFile implements Closeabl
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
centralDirectoryStartDiskNumber = 0;
|
||||
centralDirectoryStartRelativeOffset = ZipLong.getValue(wordBuf);
|
||||
@@ -1238,9 +1239,9 @@
|
||||
for (; off >= stopSearching; off--) {
|
||||
archive.position(off);
|
||||
try {
|
||||
@ -284,13 +326,13 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
- wordBbuf.flip();
|
||||
+ ((Buffer)wordBbuf).flip();
|
||||
} catch (EOFException ex) { // NOSONAR
|
||||
} catch (final EOFException ex) { // NOSONAR
|
||||
break;
|
||||
}
|
||||
@@ -1153,9 +1154,9 @@ public class ZipFile implements Closeabl
|
||||
private int[] setDataOffset(ZipArchiveEntry ze) throws IOException {
|
||||
final long offset = ze.getLocalHeaderOffset();
|
||||
archive.position(offset + LFH_OFFSET_FOR_FILENAME_LENGTH);
|
||||
@@ -1352,9 +1353,9 @@
|
||||
} else {
|
||||
archive.position(offset + LFH_OFFSET_FOR_FILENAME_LENGTH);
|
||||
}
|
||||
- wordBbuf.rewind();
|
||||
+ ((Buffer)wordBbuf).rewind();
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
@ -299,7 +341,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
wordBbuf.get(shortBuf);
|
||||
final int fileNameLen = ZipShort.getValue(shortBuf);
|
||||
wordBbuf.get(shortBuf);
|
||||
@@ -1180,7 +1181,7 @@ public class ZipFile implements Closeabl
|
||||
@@ -1382,7 +1383,7 @@
|
||||
*/
|
||||
private boolean startsWithLocalFileHeader() throws IOException {
|
||||
archive.position(0);
|
||||
@ -308,38 +350,18 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
|
||||
IOUtils.readFully(archive, wordBbuf);
|
||||
return Arrays.equals(wordBuf, ZipArchiveOutputStream.LFH_SIG);
|
||||
}
|
||||
@@ -1223,7 +1224,7 @@ public class ZipFile implements Closeabl
|
||||
singleByteBuffer = ByteBuffer.allocate(1);
|
||||
}
|
||||
else {
|
||||
- singleByteBuffer.rewind();
|
||||
+ ((Buffer)singleByteBuffer).rewind();
|
||||
}
|
||||
int read = read(loc, singleByteBuffer);
|
||||
if (read < 0) {
|
||||
@@ -1262,7 +1263,7 @@ public class ZipFile implements Closeabl
|
||||
archive.position(pos);
|
||||
read = archive.read(buf);
|
||||
}
|
||||
- buf.flip();
|
||||
+ ((Buffer)buf).flip();
|
||||
return read;
|
||||
}
|
||||
}
|
||||
@@ -1284,7 +1285,7 @@ public class ZipFile implements Closeabl
|
||||
@@ -1418,7 +1419,7 @@
|
||||
@Override
|
||||
protected int read(long pos, ByteBuffer buf) throws IOException {
|
||||
int read = archive.read(buf, pos);
|
||||
protected int read(final long pos, final ByteBuffer buf) throws IOException {
|
||||
final int read = archive.read(buf, pos);
|
||||
- buf.flip();
|
||||
+ ((Buffer)buf).flip();
|
||||
return read;
|
||||
}
|
||||
}
|
||||
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java
|
||||
===================================================================
|
||||
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java
|
||||
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java
|
||||
@@ -21,6 +21,7 @@ package org.apache.commons.compress.util
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java 2021-07-19 16:16:51.850472686 +0200
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.FileOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
@ -347,16 +369,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.ByteOrder;
|
||||
import java.nio.channels.ClosedChannelException;
|
||||
@@ -88,7 +89,7 @@ public class FixedLengthBlockOutputStrea
|
||||
@@ -88,7 +89,7 @@
|
||||
}
|
||||
|
||||
private void writeBlock() throws IOException {
|
||||
- buffer.flip();
|
||||
+ ((Buffer)buffer).flip();
|
||||
int i = out.write(buffer);
|
||||
boolean hasRemaining = buffer.hasRemaining();
|
||||
final int i = out.write(buffer);
|
||||
final boolean hasRemaining = buffer.hasRemaining();
|
||||
if (i != blockSize || hasRemaining) {
|
||||
@@ -97,7 +98,7 @@ public class FixedLengthBlockOutputStrea
|
||||
@@ -97,7 +98,7 @@
|
||||
blockSize, i);
|
||||
throw new IOException(msg);
|
||||
}
|
||||
@ -365,16 +387,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -142,7 +143,7 @@ public class FixedLengthBlockOutputStrea
|
||||
@@ -142,7 +143,7 @@
|
||||
// fill up the reset of buffer and write the block.
|
||||
if (buffer.position() != 0) {
|
||||
int n = buffer.remaining();
|
||||
final int n = buffer.remaining();
|
||||
- src.limit(src.position() + n);
|
||||
+ ((Buffer)src).limit(src.position() + n);
|
||||
buffer.put(src);
|
||||
writeBlock();
|
||||
srcLeft -= n;
|
||||
@@ -150,12 +151,12 @@ public class FixedLengthBlockOutputStrea
|
||||
@@ -150,12 +151,12 @@
|
||||
// whilst we have enough bytes in src for complete blocks,
|
||||
// write them directly from src without copying them to buffer
|
||||
while (srcLeft >= blockSize) {
|
||||
@ -389,15 +411,31 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils
|
||||
buffer.put(src);
|
||||
}
|
||||
return srcRemaining;
|
||||
@@ -240,9 +241,9 @@ public class FixedLengthBlockOutputStrea
|
||||
|
||||
try {
|
||||
int pos = buffer.position();
|
||||
- int len = buffer.limit() - pos;
|
||||
+ int len = ((Buffer)buffer).limit() - pos;
|
||||
@@ -242,7 +243,7 @@
|
||||
final int pos = buffer.position();
|
||||
final int len = buffer.limit() - pos;
|
||||
out.write(buffer.array(), buffer.arrayOffset() + pos, len);
|
||||
- buffer.position(buffer.limit());
|
||||
+ ((Buffer)buffer).position(buffer.limit());
|
||||
return len;
|
||||
} catch (IOException e) {
|
||||
} catch (final IOException e) {
|
||||
try {
|
||||
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/IOUtils.java 2020-01-22 16:10:15.000000000 +0100
|
||||
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/IOUtils.java 2021-07-19 17:09:11.659891748 +0200
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
+import java.nio.Buffer;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.channels.ReadableByteChannel;
|
||||
import java.nio.file.Files;
|
||||
@@ -372,7 +373,7 @@
|
||||
break;
|
||||
}
|
||||
output.write(b.array(), 0, readNow);
|
||||
- b.rewind();
|
||||
+ ((Buffer)b).rewind();
|
||||
read += readNow;
|
||||
}
|
||||
return output.toByteArray();
|
||||
|
||||
Loading…
Reference in New Issue
Block a user