From 378715dd5c3cb4f4fa74ecf23d9aecc4da5d19c7029c304c5cc4a02bfc2d10d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= <adrian.schroeter@suse.com>
Date: Tue, 21 Jun 2016 06:17:54 +0000
Subject: [PATCH] Just to have it in devel package, misses documentation about
 security issues in changes file for submission to factory

OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=56
---
 CVE-2016-4809.patch     | 22 ----------------------
 fix-build.patch         | 20 ++++++++++++++++++++
 libarchive-3.2.0.tar.gz |  3 ---
 libarchive-3.2.1.tar.gz |  3 +++
 libarchive.changes      |  5 +++++
 libarchive.spec         | 11 +++++++----
 6 files changed, 35 insertions(+), 29 deletions(-)
 delete mode 100644 CVE-2016-4809.patch
 create mode 100644 fix-build.patch
 delete mode 100644 libarchive-3.2.0.tar.gz
 create mode 100644 libarchive-3.2.1.tar.gz

diff --git a/CVE-2016-4809.patch b/CVE-2016-4809.patch
deleted file mode 100644
index 911d540..0000000
--- a/CVE-2016-4809.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-commit fd7e0c02e272913a0a8b6d492c7260dfca0b1408
-Author: Tim Kientzle <kientzle@acm.org>
-Date:   Sat May 14 12:37:37 2016 -0700
-
-    Reject cpio symlinks that exceed 1MB
-
-diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c
-index c2ca85b..b09db0e 100644
---- a/libarchive/archive_read_support_format_cpio.c
-+++ b/libarchive/archive_read_support_format_cpio.c
-@@ -401,6 +401,11 @@ archive_read_format_cpio_read_header(struct archive_read *a,
- 
- 	/* If this is a symlink, read the link contents. */
- 	if (archive_entry_filetype(entry) == AE_IFLNK) {
-+		if (cpio->entry_bytes_remaining > 1024 * 1024) {
-+			archive_set_error(&a->archive, ENOMEM,
-+			    "Rejecting malformed cpio archive: symlink contents exceed 1 megabyte");
-+			return (ARCHIVE_FATAL);
-+		}
- 		h = __archive_read_ahead(a,
- 			(size_t)cpio->entry_bytes_remaining, NULL);
- 		if (h == NULL)
diff --git a/fix-build.patch b/fix-build.patch
new file mode 100644
index 0000000..d34b777
--- /dev/null
+++ b/fix-build.patch
@@ -0,0 +1,20 @@
+--- libarchive/test/test_write_format_gnutar_filenames.c.orig	2016-06-20 13:03:13.796386223 +0200
++++ libarchive/test/test_write_format_gnutar_filenames.c	2016-06-20 13:04:19.472387624 +0200
+@@ -55,7 +55,7 @@
+ 	archive_entry_set_mode(template, S_IFREG | 0755);
+ 	archive_entry_set_size(template, 8);
+ 
+-	for (int i = 0; i < 2000; ++i) {
++	int i; for (i = 0; i < 2000; ++i) {
+ 		filename[i] = 'a';
+ 		filename[i + 1] = '\0';
+ 		archive_entry_copy_pathname(template, filename);
+@@ -110,7 +110,7 @@
+ 	archive_entry_set_mode(template, S_IFLNK | 0755);
+ 	archive_entry_copy_pathname(template, "link");
+ 
+-	for (int i = 0; i < 2000; ++i) {
++	int i; for (i = 0; i < 2000; ++i) {
+ 		filename[i] = 'a';
+ 		filename[i + 1] = '\0';
+ 		archive_entry_copy_symlink(template, filename);
diff --git a/libarchive-3.2.0.tar.gz b/libarchive-3.2.0.tar.gz
deleted file mode 100644
index 6435e2f..0000000
--- a/libarchive-3.2.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7bce45fd71ff01dc20d19edd78322d4965583d81b8bed8e26cacb65d6f5baa87
-size 5448095
diff --git a/libarchive-3.2.1.tar.gz b/libarchive-3.2.1.tar.gz
new file mode 100644
index 0000000..07cc3d8
--- /dev/null
+++ b/libarchive-3.2.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2
+size 5448888
diff --git a/libarchive.changes b/libarchive.changes
index d7c94e8..801f319 100644
--- a/libarchive.changes
+++ b/libarchive.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Jun 20 10:31:43 UTC 2016 - adrian@suse.de
+
+- update to version 3.2.1
+
 -------------------------------------------------------------------
 Thu Jun 16 09:33:17 UTC 2016 - adrian@suse.de
 
diff --git a/libarchive.spec b/libarchive.spec
index c45cd76..a3644a5 100644
--- a/libarchive.spec
+++ b/libarchive.spec
@@ -33,7 +33,7 @@
 %define libname libarchive%{somajor}
 
 Name:           libarchive
-Version:        3.2.0
+Version:        3.2.1
 Release:        0
 Summary:        Creates and reads several different streaming archive formats
 License:        BSD-2-Clause
@@ -41,6 +41,7 @@ Group:          Productivity/Archiving/Compression
 Url:            http://www.libarchive.org/
 Source0:        http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz
 Source1:        baselibs.conf
+Patch1:         fix-build.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel
@@ -56,8 +57,6 @@ BuildRequires:  pkg-config
 BuildRequires:  xz-devel
 BuildRequires:  zlib-devel
 Patch0:         libarchive-openssl.patch
-# PATCH-FIX-UPSTREAM bnc#984990
-Patch1:         CVE-2016-4809.patch
 
 %description
 Libarchive is a programming library that can create and read several
@@ -166,7 +165,7 @@ static library for libarchive
 %if %{with openssl}
 %patch0 -p0
 %endif
-%patch1 -p1
+%patch1 -p0
 
 %build
 %if !0%{?skip_autoreconf}
@@ -179,6 +178,10 @@ autoreconf -fiv
 	--disable-static \
 %endif
 	--enable-bsdcpio
+
+# lzma mt detection is broken
+sed -i -e "/HAVE_LZMA_STREAM_ENCODER_MT/d" config.h
+
 make %{?_smp_mflags}
 
 %check