From 123bd9a65979ec75fb7c95b96f746c718dd5d74b48e21847bd5432b74b5e6f3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 14 Sep 2018 06:58:06 +0000 Subject: [PATCH] update OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=75 --- fix-CVE-2017-14166.patch | 32 -------------------------------- libarchive-3.3.2.tar.gz | 3 --- libarchive-3.3.3.tar.gz | 3 +++ libarchive.changes | 9 +++++++++ libarchive.spec | 8 +++----- 5 files changed, 15 insertions(+), 40 deletions(-) delete mode 100644 fix-CVE-2017-14166.patch delete mode 100644 libarchive-3.3.2.tar.gz create mode 100644 libarchive-3.3.3.tar.gz diff --git a/fix-CVE-2017-14166.patch b/fix-CVE-2017-14166.patch deleted file mode 100644 index a2837ef..0000000 --- a/fix-CVE-2017-14166.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit fa7438a0ff4033e4741c807394a9af6207940d71 -Author: Joerg Sonnenberger -Date: Tue Sep 5 18:12:19 2017 +0200 - - Do something sensible for empty strings to make fuzzers happy. - -diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c -index 7a22beb9..93eeacc5 100644 ---- a/libarchive/archive_read_support_format_xar.c -+++ b/libarchive/archive_read_support_format_xar.c -@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) - uint64_t l; - int digit; - -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - digit = *p - '0'; - while (digit >= 0 && digit < 10 && char_cnt-- > 0) { -@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) - { - int64_t l; - int digit; -- -+ -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - while (char_cnt-- > 0) { - if (*p >= '0' && *p <= '7') diff --git a/libarchive-3.3.2.tar.gz b/libarchive-3.3.2.tar.gz deleted file mode 100644 index ce1a127..0000000 --- a/libarchive-3.3.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce -size 6236562 diff --git a/libarchive-3.3.3.tar.gz b/libarchive-3.3.3.tar.gz new file mode 100644 index 0000000..1b4b704 --- /dev/null +++ b/libarchive-3.3.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e +size 6535598 diff --git a/libarchive.changes b/libarchive.changes index dcc24a3..9dc1dab 100644 --- a/libarchive.changes +++ b/libarchive.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Sep 14 06:57:14 UTC 2018 - Adrian Schröter + +- update to version 3.3.3 + * Avoid super-linear slowdown on malformed mtree files + * Many fixes for building with Visual Studio + * NO_OVERWRITE doesn't change existing directory attributes + * New support for Zstandard read and write filters + ------------------------------------------------------------------- Thu Sep 7 07:05:15 UTC 2017 - adrian@suse.de diff --git a/libarchive.spec b/libarchive.spec index 72cd5bf..42ad813 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -1,7 +1,7 @@ # # spec file for package libarchive # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -33,7 +33,7 @@ %define libname libarchive%{somajor} Name: libarchive -Version: 3.3.2 +Version: 3.3.3 Release: 0 Summary: Creates and reads several different streaming archive formats License: BSD-2-Clause @@ -41,7 +41,6 @@ Group: Productivity/Archiving/Compression Url: http://www.libarchive.org/ Source0: http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz Source1: baselibs.conf -Patch1: fix-CVE-2017-14166.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libacl-devel BuildRequires: libbz2-devel @@ -162,7 +161,6 @@ static library for libarchive %prep %setup -q -%patch1 -p1 %build %if !0%{?skip_autoreconf}