Accepting request 709705 from Archiving

OBS-URL: https://build.opensuse.org/request/show/709705 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libarchive?expand=0&rev=34
2019-06-17 08:32:01 +00:00 · 2019-06-17 08:32:01 +00:00 · 00af0a8d38
commit 00af0a8d38
parent 9eb5fb5014 afb0de5939
12 changed files with 112 additions and 312 deletions
--- a/CVE-2018-1000877.patch
+++ b/CVE-2018-1000877.patch
@ -1,31 +0,0 @@
 From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
 From: Daniel Axtens <dja@axtens.net>
 Date: Tue, 20 Nov 2018 17:56:29 +1100
 Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
 new_size can be 0 with a malicious or corrupted RAR archive.
 realloc(area, 0) is equivalent to free(area), so the region would
 be free()d here and the free()d again in the cleanup function.
 Found with a setup running AFL, afl-rb, and qsym.
 ---
 libarchive/archive_read_support_format_rar.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
 index 234522229..6f419c270 100644
 --- a/libarchive/archive_read_support_format_rar.c
 +++ b/libarchive/archive_read_support_format_rar.c
@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
       new_size = DICTIONARY_MAX_SIZE;
     else
       new_size = rar_fls((unsigned int)rar->unp_size) << 1;
 +    if (new_size == 0) {
 +      archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +                        "Zero window size is invalid.");
 +      return (ARCHIVE_FATAL);
 +    }
     new_window = realloc(rar->lzss.window, new_size);
     if (new_window == NULL) {
       archive_set_error(&a->archive, ENOMEM,
--- a/CVE-2018-1000878.patch
+++ b/CVE-2018-1000878.patch
@ -1,72 +0,0 @@
 From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
 From: Daniel Axtens <dja@axtens.net>
 Date: Tue, 4 Dec 2018 00:55:22 +1100
 Subject: [PATCH] rar: file split across multi-part archives must match
 Fuzzing uncovered some UAF and memory overrun bugs where a file in a
 single file archive reported that it was split across multiple
 volumes. This was caused by ppmd7 operations calling
 rar_br_fillup. This would invoke rar_read_ahead, which would in some
 situations invoke archive_read_format_rar_read_header.  That would
 check the new file name against the old file name, and if they didn't
 match up it would free the ppmd7 buffer and allocate a new
 one. However, because the ppmd7 decoder wasn't actually done with the
 buffer, it would continue to used the freed buffer. Both reads and
 writes to the freed region can be observed.
 This is quite tricky to solve: once the buffer has been freed it is
 too late, as the ppmd7 decoder functions almost universally assume
 success - there's no way for ppmd_read to signal error, nor are there
 good ways for functions like Range_Normalise to propagate them. So we
 can't detect after the fact that we're in an invalid state - e.g. by
 checking rar->cursor, we have to prevent ourselves from ever ending up
 there. So, when we are in the dangerous part or rar_read_ahead that
 assumes a valid split, we set a flag force read_header to either go
 down the path for split files or bail. This means that the ppmd7
 decoder keeps a valid buffer and just runs out of data.
 Found with a combination of AFL, afl-rb and qsym.
 ---
 libarchive/archive_read_support_format_rar.c | 9 +++++++++
 1 file changed, 9 insertions(+)
 diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
 index 6f419c270..a8cc5c94d 100644
 --- a/libarchive/archive_read_support_format_rar.c
 +++ b/libarchive/archive_read_support_format_rar.c
@@ -258,6 +258,7 @@ struct rar
   struct data_block_offsets *dbo;
   unsigned int cursor;
   unsigned int nodes;
 +  char filename_must_match;
   /* LZSS members */
   struct huffman_code maincode;
@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
     }
     return ret;
   }
 +  else if (rar->filename_must_match)
 +  {
 +    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +      "Mismatch of file parts split across multi-volume archive");
 +    return (ARCHIVE_FATAL);
 +  }
   rar->filename_save = (char*)realloc(rar->filename_save,
                                       filename_size + 1);
@@ -2933,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
     else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
       rar->file_flags & FHD_SPLIT_AFTER)
     {
 +      rar->filename_must_match = 1;
       ret = archive_read_format_rar_read_header(a, a->entry);
       if (ret == (ARCHIVE_EOF))
       {
         rar->has_endarc_header = 1;
         ret = archive_read_format_rar_read_header(a, a->entry);
       }
 +      rar->filename_must_match = 0;
       if (ret != (ARCHIVE_OK))
         return NULL;
       return rar_read_ahead(a, min, avail);
--- a/CVE-2018-1000879.patch
+++ b/CVE-2018-1000879.patch
@ -1,43 +0,0 @@
 From 15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Mon Sep 17 00:00:00 2001
 From: Daniel Axtens <dja@axtens.net>
 Date: Tue, 4 Dec 2018 14:29:42 +1100
 Subject: [PATCH] Skip 0-length ACL fields
 Currently, it is possible to create an archive that crashes bsdtar
 with a malformed ACL:
 Program received signal SIGSEGV, Segmentation fault.
 archive_acl_from_text_l (acl=<optimised out>, text=0x7e2e92 "", want_type=<optimised out>, sc=<optimised out>) at libarchive/archive_acl.c:1726
 1726				switch (*s) {
 (gdb) p n
 $1 = 1
 (gdb) p field[n]
 $2 = {start = 0x0, end = 0x0}
 Stop this by checking that the length is not zero before beginning
 the switch statement.
 I am pretty sure this is the bug mentioned in the qsym paper [1],
 and I was able to replicate it with a qsym + AFL + afl-rb setup.
 [1] https://www.usenix.org/conference/usenixsecurity18/presentation/yun
 ---
 libarchive/archive_acl.c | 5 +++++
 1 file changed, 5 insertions(+)
 Index: libarchive-3.3.3/libarchive/archive_acl.c
 ===================================================================
 --- libarchive-3.3.3.orig/libarchive/archive_acl.c
 +++ libarchive-3.3.3/libarchive/archive_acl.c
@@ -1707,6 +1707,11 @@ archive_acl_from_text_l(struct archive_a
 			st = field[n].start + 1;
 			len = field[n].end - field[n].start;
 +			if (len == 0) {
 +				ret = ARCHIVE_WARN;
 +				continue;
 +			}
 +
 			switch (*s) {
 			case 'u':
 				if (len == 1 || (len == 4
--- a/CVE-2018-1000880.patch
+++ b/CVE-2018-1000880.patch
@ -1,37 +0,0 @@
 From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001
 From: Daniel Axtens <dja@axtens.net>
 Date: Tue, 4 Dec 2018 16:33:42 +1100
 Subject: [PATCH] warc: consume data once read
 The warc decoder only used read ahead, it wouldn't actually consume
 data that had previously been printed. This means that if you specify
 an invalid content length, it will just reprint the same data over
 and over and over again until it hits the desired length.
 This means that a WARC resource with e.g.
 Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665
 but only a few hundred bytes of data, causes a quasi-infinite loop.
 Consume data in subsequent calls to _warc_read.
 Found with an AFL + afl-rb + qsym setup.
 ---
 libarchive/archive_read_support_format_warc.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
 index e8753853f..e8fc8428b 100644
 --- a/libarchive/archive_read_support_format_warc.c
 +++ b/libarchive/archive_read_support_format_warc.c
@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off)
 		return (ARCHIVE_EOF);
 	}
 +	if (w->unconsumed) {
 +		__archive_read_consume(a, w->unconsumed);
 +		w->unconsumed = 0U;
 +	}
 +
 	rab = __archive_read_ahead(a, 1U, &nrd);
 	if (nrd < 0) {
 		*bsz = 0U;
--- a/CVE-2019-1000019.patch
+++ b/CVE-2019-1000019.patch
@ -1,53 +0,0 @@
 commit 65a23f5dbee4497064e9bb467f81138a62b0dae1
 Author: Daniel Axtens <dja@axtens.net>
 Date:   Tue Jan 1 16:01:40 2019 +1100
    7zip: fix crash when parsing certain archives
    Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
    would sometimes fail to return at least 'minimum' bytes. This can cause
    the crc32() invocation in header_bytes to read off into invalid memory.
    A specially crafted archive can use this to cause a crash.
    An ASAN trace is below, but ASAN is not required - an uninstrumented
    binary will also crash.
    ==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
    ==7719==The signal is caused by a READ memory access.
        #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
        #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
        #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
        #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
        #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
        #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
        #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
        #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
        #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
        #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
        #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
        #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
        #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
    This was primarly done with afl and FairFuzz. Some early corpus entries
    may have been generated by qsym.
 diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
 index bccbf896..b6d1505d 100644
 --- a/libarchive/archive_read_support_format_7zip.c
 +++ b/libarchive/archive_read_support_format_7zip.c
@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
 	if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
 		/* Copy mode. */
 -		/*
 -		 * Note: '1' here is a performance optimization.
 -		 * Recall that the decompression layer returns a count of
 -		 * available bytes; asking for more than that forces the
 -		 * decompressor to combine reads by copying data.
 -		 */
 -		*buff = __archive_read_ahead(a, 1, &bytes_avail);
 +		*buff = __archive_read_ahead(a, minimum, &bytes_avail);
 		if (bytes_avail <= 0) {
 			archive_set_error(&a->archive,
 			    ARCHIVE_ERRNO_FILE_FORMAT,
--- a/CVE-2019-1000020.patch
+++ b/CVE-2019-1000020.patch
@ -1,53 +0,0 @@
 commit 8312eaa576014cd9b965012af51bc1f967b12423
 Author: Daniel Axtens <dja@axtens.net>
 Date:   Tue Jan 1 17:10:49 2019 +1100
    iso9660: Fail when expected Rockridge extensions is missing
    A corrupted or malicious ISO9660 image can cause read_CE() to loop
    forever.
    read_CE() calls parse_rockridge(), expecting a Rockridge extension
    to be read. However, parse_rockridge() is structured as a while
    loop starting with a sanity check, and if the sanity check fails
    before the loop has run, the function returns ARCHIVE_OK without
    advancing the position in the file. This causes read_CE() to retry
    indefinitely.
    Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
    extension. As someone with no real knowledge of the format, this
    seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
    it to a fatal error immediately anyway.
    Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
 diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
 index 28acfefb..bad8f1df 100644
 --- a/libarchive/archive_read_support_format_iso9660.c
 +++ b/libarchive/archive_read_support_format_iso9660.c
@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
     const unsigned char *p, const unsigned char *end)
 {
 	struct iso9660 *iso9660;
 +	int entry_seen = 0;
 	iso9660 = (struct iso9660 *)(a->format->data);
@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
 		}
 		p += p[2];
 +		entry_seen = 1;
 +	}
 +
 +	if (entry_seen)
 +		return (ARCHIVE_OK);
 +	else {
 +		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +				  "Tried to parse Rockridge extensions, but none found");
 +		return (ARCHIVE_WARN);
 	}
 -	return (ARCHIVE_OK);
 }
 static int
--- a/libarchive-3.3.3.tar.gz
+++ b/libarchive-3.3.3.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e
 size 6535598
--- a/libarchive-3.4.0.tar.gz
+++ b/libarchive-3.4.0.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:8643d50ed40c759f5412a3af4e353cffbce4fdf3b5cf321cb72cacf06b2d825e
 size 6908093
--- a/libarchive-3.4.0.tar.gz.asc
+++ b/libarchive-3.4.0.tar.gz.asc
@ -0,0 +1,16 @@
 -----BEGIN PGP SIGNATURE-----
 iQIzBAABCAAdFiEEy1V4g2C5kvoIhch48ED3GWupmvQFAl0CEeEACgkQ8ED3GWup
 mvRz/g//dSHxY2sqxTg2K8B5eDLxkCZ9wV7X4bu6xR6Te8tqhUh6F6dGioDWAMHC
 6rSpAdKn+ldOJhuFoaDrOq+Lu8ZUxn4mRnqj9kG4PhhmPl31K+QwXMWHa4NX3n7u
 9d9oU9ebkiOhO8/J+dEljd9HTj9+A8sz97lwRGbckaFjYqRZ2UaYPIXnUwIG+I5I
 7djUHekZEJWri8qF4P797k5YTWXZbFhwTo8t8RVBsTZjupL2HD+V10JK7KzvTavE
 MpG7jrK4hxzxPdtbiWHMuLXKiDYZ7ANO+360CQyG6aGhr+ZwAEgkflNk9AZ71GRM
 vWWCb0b0m041IR6ahdf9R6N0BF0xxc/IpS6PoGq+dEixcteh2Vx/MDx9Jk+54q75
 QstTHFCHa6xmGSJ7Bmv9TIpAJ3s1sZvuTmmVoxDj1k6UEOwtMN+NFd9dDT2eZb2r
 7y+0gNrVxuUgaSPV/odPBnVaYZ29NKCDtLldli2JjBn705MxdIB7MDKs7HpiOBi1
 Zo2yG+1T69ZKe8/uxicTI11XnPIoukZr6kPFWBG5ZqfpwBszVZHUqxe35lnAgjfY
 KMluK6sQcvqE8rH8AFsvBihV60oC6KI/uiHCrbtYpOtPN6GgyO2hoGGHAbd3XCjb
 1JWDV4zwRkaQGdnoIRSapR8gFGd866fOpvsmKfeGVTICuRs2qYE=
 =JopE
 -----END PGP SIGNATURE-----
--- a/libarchive.changes
+++ b/libarchive.changes
@ -1,3 +1,27 @@
 -------------------------------------------------------------------
 Thu Jun 13 08:00:36 UTC 2019 - Ismail Dönmez <idonmez@suse.com>
 - Update to version 3.4.0
  * Support for file and directory symlinks on Windows
  * Read support for RAR 5.0 archives
  * Read support for ZIPX archives with xz, lzma, ppmd8 and
    bzip2 compression
  * Support for non-recursive list and extract
  * New tar option: --exclude-vcs
  * Improved file attribute support on Linux and file flags support
    on FreeBSD
  * Fix reading Android APK archives (#1055 )
  * Fix problems related to unreadable directories (#1167)
  * A two-digit number of OSS-Fuzz issues was resolved in this release
 - Add libarchive.keyring and validate the tarball signature
 - Drop all security patches, fixed upstream:
  * CVE-2018-1000877.patch
  * CVE-2018-1000878.patch
  * CVE-2018-1000879.patch
  * CVE-2018-1000880.patch
  * CVE-2019-1000019.patch
  * CVE-2019-1000020.patch
 -------------------------------------------------------------------
 Tue Feb  5 15:16:08 UTC 2019 - Adrian Schröter <adrian@suse.de>
--- a/libarchive.keyring
+++ b/libarchive.keyring
@ -0,0 +1,63 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBFhUn/MBEACxbpg9G9KKuROKDLgugNKr6c4lrp3lTvx4XwuA+EGLCC/tBwOE
 8ak5f21g/QogUnYkhpuI3XLqKGsuWCDFQHB3Wk1dUYE/7wk4Um4DyHrMncyUmAHY
 fy9OZ+ZVYDBcodxlBDtVHKG0lzNhTs/HNO4Ep6Ja/37GsbEJRqz0XRgqM6l7GYwC
 iltTaU3nJuGDeWtRsaZO5Xqm36NoXNTlR4MYy1m+ddAZZexgonNX33MNaATlkcJg
 o1HIr7fUt2JcLjrM0LVd5BAbLEcaXSlE0Dl6MjnOYsJLL/zjMQ8esfRzVNYYZiZv
 qHCCDLii3rOzdCiuaJ0D2BfZKZNF4ETi+tvtL4YkmiDUb9+jc7p/CbYRpk0eV/9O
 4JERtwI7TVvObksY4N88Oc882dNvbw8y3R9WLuIoRx69lBwTmiYYlDt6kCd/7Wgp
 rqq2Spmvyp5KOVm7qFi0F2SsMqsNWngdKbiMTXD2Rg0rZqpcnLdWcYysrAnnyuQH
 vR6WUmDaeJdAnSf3VBsavdK2sjjjqcqW8+0NGWBg2UaHgUGc1gh01hfkp5tjAyR2
 G3jNSfzP0PtJIuxvOOwDZsdja/BW5bnuzjZUNGOoZQ8OcYR6By8uugfcmd4H6GK9
 +Yj+xUDnook3WKksy80ekDT8KdC/XTdmRYYZRbtb8gjBGxdlzciC5l262wARAQAB
 tB9NYXJ0aW4gTWF0dXNrYSA8bW1ARnJlZUJTRC5vcmc+iQI9BBMBCAAnAhsDBQsJ
 CAcCBhUICQoLAgQWAgMBAh4BAheABQJYVKWNBQkFo6AaAAoJEPBA9xlrqZr05uoP
 /0JduegGf9eD69vXJvDORE+eGhqHhEP3v6mbfJ6ErmyaypKfbyWfLw2rdEaY14Wt
 8IEPQi8ULpTaJPZOjlk77BAZ/efPIBAvGNs0D1z424bn3uZM+pZhh6jY7nPkyajh
 8tDeMtixLiaK6re2/TRuIUPy7Y91P94uPgLVxx88qtI62gh5Sc8oGY+OMQybtZ8S
 6kEuio3ZhQF4fXM92NUf1XY9BYZ330yiv/CQTz+Bz/nOHU7QqDG8OKVrUA0lNKfE
 crF7dsrrBeLoC73FB+gqcHcTZ/A+ZlO+IWunWfs6plB7F92v4d3dzsHIuPt6Ldf2
 tP+hmsMa0mGmL6zriG1vo3hxpRmRqlr5KTpa1yrjs/8PULfuae8qcGuUcytaZVhY
 zu2hIijwWJ0OxIF6EhV4maG/9bEINqNUaHzthrHbSVeYTR7i4EIGOXgK3jMZ9zhj
 Uz70IzAcshNdypVO6QeMB9Cv5ei975MKG0khRukdmg43Q4OijSmh6F4+Ikp5yTT3
 BfVUiK0Jy+ceGE+hU/fRFhPWp3+oyVXO9Xhng7LNvp+gT32UN9FLOVmAhPj0mYVS
 aHKs1MwCV2xZv1nJjVE9TbmwR1G27fyQfXZ/m3+Gzl+mT+oD9FnsiFAO67FEm/O1
 GPPl4LSHWD5QP3L+RXXJ0sxTmDUew6XgbnVFNnuaypFatCNNYXJ0aW4gTWF0dXNr
 YSA8bWFydGluQG1hdHVza2Eub3JnPokCPQQTAQgAJwIbAwULCQgHAgYVCAkKCwIE
 FgIDAQIeAQIXgAUCWFSljQUJBaOgGgAKCRDwQPcZa6ma9H8rEACEjIuI1hNpsCRF
 CFdtrS5bUrMBrS29LEmiyPIAS2uSYf5A/iSek0oe2MG9NZ8zGNpjJ9o2ZSw2LlFp
 dJlJ5fNjF+MQu09LbmuZKSYArFwnS8Vc2bjpzUQuBsQRcItD3kWAI1HbgjnrF5Ey
 gj6ps5m8H6PM8+sxLhtVfTPN8Ad2vARJFr/OEfJtZGvJgaBvoivQw2GfTBbCvtGG
 du1f9mrraC/pPSIkgx97Zrv1z841gAIjfmChpjgP+kAYosunBNAwJtbqQctrpnP+
 SoNceUxrKf2hI8qRBDAE2CyB2KwLC3Qdr2TOzsZ2XG3OqNh7k4GoikfQr8V278QW
 SAImpzUmJQqA0vCKnAjIHEVRNGSiVNlbNIDLdzYj0f6SDyW+YTm3PKNOGvDcZT5m
 ZAogGnXQn23on0c1mWqe9LKWQjgch+7CXdA4ovSVI12poGVhhQ0b92WFsozBUIYa
 W/7OVfDhlJDRehHT8MmR7eQS1AeBujUxyg0mfapdDMCepr8xrpuMpfrT0s4Yw1Mk
 Nnne0DAMFKF9bA7JQ+2L971IpikITKnY17wua+XggfcCB970VM1XiPvRLPIxZr+a
 BLvKFLhM2dYDbdetFDKRxypbz2ePaAjAVlOk96Om5LavKhqC/jbJeUk2CVtauYLz
 itB5D6WMHTlyQLvU2G2T4clYFNyfw7kCDQRYVJ/zARAA1zIB+5uoKEGwPClb+INb
 /6JNaj6wBQ/RVYDR+dpN1Sdp19WnoAErz5hKX+qficy2aq2tI/xzA7E4hwS+qWA9
 vne1ALzBaWIfk699lOBnDwFCcwgJe6UeYBEQtuFC4pyJvLlT/Tr6uGuImEMl5BZn
 BNnJZHFvkQYEGkX2MX85xd9opgugNoKIZVOUJ5nh86WsLlsTHiVmlORgA4TfEuFk
 b4SDdJsfhV11Dt44Vyvz5tA6ha4uOQ5/6CQl4X5i345wAYyeUYK9asXXfsVXR67b
 /rB7v8htSX/3fQ04vzD5+UGeRdc/7FiczR5+PXg5/hVBagnUg1kVScopB2v34UXa
 Z6Wod/hHPgIQsTEdhtCKf6qcSmHqYL4vrSl19JY33U+EI67cvm2H2MzgnVdja0l7
 O3N7KUNjYhWb8d6lvknaM5WX/snBlDJhJyiE2eK9hfZCfFB9s/W+k5HVXvBtm6Sp
 VGA6hCljLN4WhXoNtXxXNySvJX9XlNP2+VeNsGGGNgqcmN9PGey+93pioa/tyOEm
 hKJhz+rtypRdkcfvo5axzFVdYr7EIHQgWep7rAxj/TtOu8NghWC8hl3h52HAVT+w
 dVOuP3CgE8tNnSULYcCIW7AJGG+K90E5KFenrvM/ndhQAct8o0J+ySpsd7rXpviZ
 pnfy4903ZFcNJu+9cM+IgPcAEQEAAYkCHwQYAQgACQUCWFSf8wIbDAAKCRDwQPcZ
 a6ma9EGDEACbe5pzfhvR0Da7owUJCdGErVg+NWpdrGINMXk0Q18Q7RkMegfOpCI3
 +RUHmrU0OmU3abUEiSVnvyrx5GhtkTPI+eVvCc0pwpUFhH5nORtRa6ptW9C90/EF
 xP5T10vIrIQSKgeiJMOxULpa3f2eF62t48RI4950W+le+Jd2QyC6QavabXtjxk8e
 YSjjT4Vn7uqKuAfVSuFrhTHqA+/o5VTzbYmrkJ012SXxwE+URjc+jMHNuKCrJmMS
 38JCVXa060I0Ci3EisRtBIj9O1Gy0at8txEFTwkt86nQd0Cjgh/YXN9Ontil3JjI
 2DBl/pOei96dQ26CC4LxbPEc5sj9D2wDeMw7KrXbXRPskkJ6eSUpRtc0Cq7f86uV
 bLQZwkYU2WXcaqQG3ql1RvoRV7m+OchZJ/27f5gFLRR3eTuy99Se/mxknwvpxDTd
 XV9MqhXUkXkkWfhpij8bsGp0O9FRSXh00iJG5n9+EygD+jJe6Jrt+i4DCDctILGQ
 22rnKEJ0sOfcPtObxB+yqbsRab6ws6dpGCnLfbyyxkVp0Uaax0+JUyQZkwfZ00/f
 uLL6J9Q3BNNQnqeFNvA+D5TjM7uFL7Sg9BwAsuOwTodhd2WJpeYknnWZZ+LqJ9Bl
 Heo9XgfmVI+nhV7kXqil0pKc1D2SguOTqtRiBRJznEuAsaaCmQclkA==
 =H6gz
 -----END PGP PUBLIC KEY BLOCK-----
--- a/libarchive.spec
+++ b/libarchive.spec
@ -20,7 +20,6 @@
 %define libname libarchive%{somajor}
 %if 0%{?centos_version} || 0%{?rhel_version}
 %if 0%{?centos_version} <= 600 || 0%{?rhel_version <= 700}
 %define skip_autoreconf 1
 %bcond_without	static_libs
 %bcond_with	openssl
 %bcond_with	ext2fs
@ -31,20 +30,16 @@
 %bcond_without	ext2fs
 %endif
 Name:           libarchive
-Version:        3.3.3
+Version:        3.4.0
 Release:        0
 Summary:        Utility and C library to create and read several different streaming archive formats
 License:        BSD-2-Clause
 Group:          Productivity/Archiving/Compression
 URL:            http://www.libarchive.org/
-Source0:        http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz
+Source0:        https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.gz
-Source1:        baselibs.conf
+Source1:        https://github.com/libarchive/libarchive/releases/download/v%{version}/libarchive-%{version}.tar.gz.asc
-Patch0:         CVE-2018-1000877.patch
+Source2:        libarchive.keyring
-Patch1:         CVE-2018-1000878.patch
+Source1000:     baselibs.conf
 Patch2:         CVE-2018-1000879.patch
 Patch3:         CVE-2018-1000880.patch
 Patch4:         CVE-2019-1000019.patch
 Patch5:         CVE-2019-1000020.patch
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel
 BuildRequires:  libtool
@ -162,17 +157,8 @@ Static library for libarchive
 %prep
 %setup -q
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 %build
 %if !0%{?skip_autoreconf}
 autoreconf -fiv
 %endif
 export CFLAGS="%{optflags} -D_REENTRANT -pipe"
 export CXXFLAGS="$CFLAGS"
 %configure \
@ -189,7 +175,7 @@ make %{?_smp_mflags}
 %check
 # test suite is a bit racy unfortunatly, so give it three attempts
-make check || make check || make check
+make %{?_smp_mflags} check || make check || make check
 %install
 %make_install