From 8d8d3afe6be4418c9eb2c8edf9858650d9bb6e99e71468e60307b9341dcf8ed1 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Tue, 31 Dec 2019 08:23:29 +0000 Subject: [PATCH] Accepting request 760008 from home:namtrac:branches:Archiving - Revert back to autoconf, cmake introduces a cycle. Leave cmake patches in since they are basically correct and might be useful in the future. - Update to version 3.4.1 New features: * Unicode filename support for reading lha/lzh archives * New pax write option "xattrhdr" Important bugfixes: * security fixes in wide string processing (#1276 #1298) * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 * security fixes and optimizations to write filter logic (#351) * security fix related to use of readlink(2) (1dae5a5) * sparse file handling fixes (#1218 #1260) - Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream CVE-2019-19221.patch out-of-bounds read in libarchive OBS-URL: https://build.opensuse.org/request/show/760008 OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=91 --- CVE-2019-19221.patch | 97 ---------------------------- fix-zstd-test.patch | 32 ---------- libarchive-3.4.0.tar.gz | 3 - libarchive-3.4.0.tar.gz.asc | 16 ----- libarchive-3.4.1.tar.gz | 3 + libarchive-3.4.1.tar.gz.asc | 16 +++++ libarchive.changes | 24 ++++++- libarchive.keyring | 122 ++++++++++++++++++------------------ libarchive.spec | 32 +++++----- 9 files changed, 122 insertions(+), 223 deletions(-) delete mode 100644 CVE-2019-19221.patch delete mode 100644 fix-zstd-test.patch delete mode 100644 libarchive-3.4.0.tar.gz delete mode 100644 libarchive-3.4.0.tar.gz.asc create mode 100644 libarchive-3.4.1.tar.gz create mode 100644 libarchive-3.4.1.tar.gz.asc diff --git a/CVE-2019-19221.patch b/CVE-2019-19221.patch deleted file mode 100644 index 211676b..0000000 --- a/CVE-2019-19221.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 22b1db9d46654afc6f0c28f90af8cdc84a199f41 Mon Sep 17 00:00:00 2001 -From: Martin Matuska -Date: Thu, 21 Nov 2019 03:08:40 +0100 -Subject: [PATCH] Bugfix and optimize archive_wstring_append_from_mbs() - -The cal to mbrtowc() or mbtowc() should read up to mbs_length -bytes and not wcs_length. This avoids out-of-bounds reads. - -mbrtowc() and mbtowc() return (size_t)-1 wit errno EILSEQ when -they encounter an invalid multibyte character and (size_t)-2 when -they they encounter an incomplete multibyte character. As we return -failure and all our callers error out it makes no sense to continue -parsing mbs. - -As we allocate `len` wchars at the beginning and each wchar has -at least one byte, there will never be need to grow the buffer, -so the code can be left out. On the other hand, we are always -allocatng more memory than we need. - -As long as wcs_length == mbs_length == len we can omit wcs_length. -We keep the old code commented if we decide to save memory and -use autoexpanding wcs_length in the future. - -Fixes #1276 ---- - libarchive/archive_string.c | 28 +++++++++++++++++----------- - 1 file changed, 17 insertions(+), 11 deletions(-) - -diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c -index 979a418b6..bd39c96f1 100644 ---- a/libarchive/archive_string.c -+++ b/libarchive/archive_string.c -@@ -591,7 +591,7 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - * No single byte will be more than one wide character, - * so this length estimate will always be big enough. - */ -- size_t wcs_length = len; -+ // size_t wcs_length = len; - size_t mbs_length = len; - const char *mbs = p; - wchar_t *wcs; -@@ -600,7 +600,11 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - - memset(&shift_state, 0, sizeof(shift_state)); - #endif -- if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1)) -+ /* -+ * As we decided to have wcs_length == mbs_length == len -+ * we can use len here instead of wcs_length -+ */ -+ if (NULL == archive_wstring_ensure(dest, dest->length + len + 1)) - return (-1); - wcs = dest->s + dest->length; - /* -@@ -609,6 +613,12 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - * multi bytes. - */ - while (*mbs && mbs_length > 0) { -+ /* -+ * The buffer we allocated is always big enough. -+ * Keep this code path in a comment if we decide to choose -+ * smaller wcs_length in the future -+ */ -+/* - if (wcs_length == 0) { - dest->length = wcs - dest->s; - dest->s[dest->length] = L'\0'; -@@ -618,24 +628,20 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest, - return (-1); - wcs = dest->s + dest->length; - } -+*/ - #if HAVE_MBRTOWC -- r = mbrtowc(wcs, mbs, wcs_length, &shift_state); -+ r = mbrtowc(wcs, mbs, mbs_length, &shift_state); - #else -- r = mbtowc(wcs, mbs, wcs_length); -+ r = mbtowc(wcs, mbs, mbs_length); - #endif - if (r == (size_t)-1 || r == (size_t)-2) { - ret_val = -1; -- if (errno == EILSEQ) { -- ++mbs; -- --mbs_length; -- continue; -- } else -- break; -+ break; - } - if (r == 0 || r > mbs_length) - break; - wcs++; -- wcs_length--; -+ // wcs_length--; - mbs += r; - mbs_length -= r; - } diff --git a/fix-zstd-test.patch b/fix-zstd-test.patch deleted file mode 100644 index 89f8d2d..0000000 --- a/fix-zstd-test.patch +++ /dev/null @@ -1,32 +0,0 @@ -From ff1691b0ce507733c9655c9fa5c33bc0ae4d6b5d Mon Sep 17 00:00:00 2001 -From: Martin Matuska -Date: Mon, 12 Aug 2019 00:14:00 +0200 -Subject: [PATCH] test_write_filter_zstd: set compression level to 7 - -Fixes #1226 ---- - libarchive/test/test_write_filter_zstd.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libarchive/test/test_write_filter_zstd.c b/libarchive/test/test_write_filter_zstd.c -index da3c80667..9fb01906d 100644 ---- a/libarchive/test/test_write_filter_zstd.c -+++ b/libarchive/test/test_write_filter_zstd.c -@@ -125,7 +125,7 @@ DEFINE_TEST(test_write_filter_zstd) - assertEqualIntA(a, ARCHIVE_OK, - archive_write_set_filter_option(a, NULL, "compression-level", "9")); - assertEqualIntA(a, ARCHIVE_OK, -- archive_write_set_filter_option(a, NULL, "compression-level", "6")); -+ archive_write_set_filter_option(a, NULL, "compression-level", "7")); - assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2)); - for (i = 0; i < 100; i++) { - sprintf(path, "file%03d", i); -@@ -140,7 +140,7 @@ DEFINE_TEST(test_write_filter_zstd) - assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a)); - assertEqualInt(ARCHIVE_OK, archive_write_free(a)); - -- failure("compression-level=6 wrote %d bytes, default wrote %d bytes", -+ failure("compression-level=7 wrote %d bytes, default wrote %d bytes", - (int)used2, (int)used1); - assert(used2 < used1); - diff --git a/libarchive-3.4.0.tar.gz b/libarchive-3.4.0.tar.gz deleted file mode 100644 index 62ffd3e..0000000 --- a/libarchive-3.4.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8643d50ed40c759f5412a3af4e353cffbce4fdf3b5cf321cb72cacf06b2d825e -size 6908093 diff --git a/libarchive-3.4.0.tar.gz.asc b/libarchive-3.4.0.tar.gz.asc deleted file mode 100644 index ed384d8..0000000 --- a/libarchive-3.4.0.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEy1V4g2C5kvoIhch48ED3GWupmvQFAl0CEeEACgkQ8ED3GWup -mvRz/g//dSHxY2sqxTg2K8B5eDLxkCZ9wV7X4bu6xR6Te8tqhUh6F6dGioDWAMHC -6rSpAdKn+ldOJhuFoaDrOq+Lu8ZUxn4mRnqj9kG4PhhmPl31K+QwXMWHa4NX3n7u -9d9oU9ebkiOhO8/J+dEljd9HTj9+A8sz97lwRGbckaFjYqRZ2UaYPIXnUwIG+I5I -7djUHekZEJWri8qF4P797k5YTWXZbFhwTo8t8RVBsTZjupL2HD+V10JK7KzvTavE -MpG7jrK4hxzxPdtbiWHMuLXKiDYZ7ANO+360CQyG6aGhr+ZwAEgkflNk9AZ71GRM -vWWCb0b0m041IR6ahdf9R6N0BF0xxc/IpS6PoGq+dEixcteh2Vx/MDx9Jk+54q75 -QstTHFCHa6xmGSJ7Bmv9TIpAJ3s1sZvuTmmVoxDj1k6UEOwtMN+NFd9dDT2eZb2r -7y+0gNrVxuUgaSPV/odPBnVaYZ29NKCDtLldli2JjBn705MxdIB7MDKs7HpiOBi1 -Zo2yG+1T69ZKe8/uxicTI11XnPIoukZr6kPFWBG5ZqfpwBszVZHUqxe35lnAgjfY -KMluK6sQcvqE8rH8AFsvBihV60oC6KI/uiHCrbtYpOtPN6GgyO2hoGGHAbd3XCjb -1JWDV4zwRkaQGdnoIRSapR8gFGd866fOpvsmKfeGVTICuRs2qYE= -=JopE ------END PGP SIGNATURE----- diff --git a/libarchive-3.4.1.tar.gz b/libarchive-3.4.1.tar.gz new file mode 100644 index 0000000..e4e846a --- /dev/null +++ b/libarchive-3.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fcf87f3ad8db2e4f74f32526dee62dd1fb9894782b0a503a89c9d7a70a235191 +size 6931920 diff --git a/libarchive-3.4.1.tar.gz.asc b/libarchive-3.4.1.tar.gz.asc new file mode 100644 index 0000000..e8d9dec --- /dev/null +++ b/libarchive-3.4.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEpaRbEq2S2WS4nu4t7FYMgc7CJ24FAl4JV7oACgkQ7FYMgc7C +J27LIw/+MNk1Fp+17UE/tC89gu5z0CQ3BbscAsQI/1/EWknECppxuRWQ9YLm8dkt +YWBzJLy/BTI+ylVvj6tIqSQipHvH/KL4Zq4VSgZPl3Bo3eElSZeX/7/hZSX6uAwv +mj/nmtecXCfX9Bfo53AxcVAGZl/re7Epg8GA9mX6TBxk2llyhhlgQeHxL1z6E/3K +1TBGD8/q41wZ0/B/rerOr/p2MfukkbrL1NwDSpNuBJkTsumelxZzIF5yGszXv8Lz +/KTLWQmW7qvcVPsXKl+omvBhgetgTJqs6nNmu1bz+rt+m3YeA96axFGo+9qdE35v +DI3pK9071b60ZAKkAs3QU17OCtBSIGNJ191J1/T7cawSBxQLj3/d+vj7fYBGpzg2 +FmkYYvyaFjm+jLHZoxMaGf6TU/1x5Z0bmCKGtDINqto2e1nsqQTF6GunOubKzU6B +f4nUdiKjkmRIS4Ex4tQe2CIgto7ooVdXHbJD5tlpvzfpQYCdHicWo+QvgeZuiEeA +BgrI6WxAGL/pF4W4f5Te7y5RgJ+MvgOR5iIIzFkkT3gTf+vTZNwN7C1OcejCRlQh +LDCKJxar4ATdpthcHun9Vu+/9epaHVgd6DhXY7IxGVFoEEkq81iqv3bGBnRZM8WJ +5B58ZOv/ZHNc3eWVU5aN1L2gL9klHNORn2sCTKOCReTsRwxe7fY= +=A8tP +-----END PGP SIGNATURE----- diff --git a/libarchive.changes b/libarchive.changes index 7b445ae..3b574af 100644 --- a/libarchive.changes +++ b/libarchive.changes @@ -1,8 +1,30 @@ +------------------------------------------------------------------- +Mon Dec 30 08:40:05 UTC 2019 - Ismail Dönmez + +- Revert back to autoconf, cmake introduces a cycle. Leave cmake + patches in since they are basically correct and might be useful + in the future. + +------------------------------------------------------------------- +Mon Dec 30 08:14:13 UTC 2019 - Ismail Dönmez + +- Update to version 3.4.1 + New features: + * Unicode filename support for reading lha/lzh archives + * New pax write option "xattrhdr" + Important bugfixes: + * security fixes in wide string processing (#1276 #1298) + * security fixes in RAR5 reader (#1212 #1217 #1296) CVE-2019-19221 + * security fixes and optimizations to write filter logic (#351) + * security fix related to use of readlink(2) (1dae5a5) + * sparse file handling fixes (#1218 #1260) +- Drop CVE-2019-19221.patch and fix-zstd-test.patch, fixed upstream + ------------------------------------------------------------------- Fri Nov 22 13:17:53 UTC 2019 - Adrian Schröter - fix bsc#1157569 - CVE-2019-19221 out-of-bounds read in libarchive + CVE-2019-19221.patch out-of-bounds read in libarchive ------------------------------------------------------------------- Sun Aug 18 12:33:05 UTC 2019 - Ismail Dönmez diff --git a/libarchive.keyring b/libarchive.keyring index 5090aa8..f535118 100644 --- a/libarchive.keyring +++ b/libarchive.keyring @@ -1,63 +1,65 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -mQINBFhUn/MBEACxbpg9G9KKuROKDLgugNKr6c4lrp3lTvx4XwuA+EGLCC/tBwOE -8ak5f21g/QogUnYkhpuI3XLqKGsuWCDFQHB3Wk1dUYE/7wk4Um4DyHrMncyUmAHY -fy9OZ+ZVYDBcodxlBDtVHKG0lzNhTs/HNO4Ep6Ja/37GsbEJRqz0XRgqM6l7GYwC -iltTaU3nJuGDeWtRsaZO5Xqm36NoXNTlR4MYy1m+ddAZZexgonNX33MNaATlkcJg -o1HIr7fUt2JcLjrM0LVd5BAbLEcaXSlE0Dl6MjnOYsJLL/zjMQ8esfRzVNYYZiZv -qHCCDLii3rOzdCiuaJ0D2BfZKZNF4ETi+tvtL4YkmiDUb9+jc7p/CbYRpk0eV/9O -4JERtwI7TVvObksY4N88Oc882dNvbw8y3R9WLuIoRx69lBwTmiYYlDt6kCd/7Wgp -rqq2Spmvyp5KOVm7qFi0F2SsMqsNWngdKbiMTXD2Rg0rZqpcnLdWcYysrAnnyuQH -vR6WUmDaeJdAnSf3VBsavdK2sjjjqcqW8+0NGWBg2UaHgUGc1gh01hfkp5tjAyR2 -G3jNSfzP0PtJIuxvOOwDZsdja/BW5bnuzjZUNGOoZQ8OcYR6By8uugfcmd4H6GK9 -+Yj+xUDnook3WKksy80ekDT8KdC/XTdmRYYZRbtb8gjBGxdlzciC5l262wARAQAB -tB9NYXJ0aW4gTWF0dXNrYSA8bW1ARnJlZUJTRC5vcmc+iQI9BBMBCAAnAhsDBQsJ -CAcCBhUICQoLAgQWAgMBAh4BAheABQJYVKWNBQkFo6AaAAoJEPBA9xlrqZr05uoP -/0JduegGf9eD69vXJvDORE+eGhqHhEP3v6mbfJ6ErmyaypKfbyWfLw2rdEaY14Wt -8IEPQi8ULpTaJPZOjlk77BAZ/efPIBAvGNs0D1z424bn3uZM+pZhh6jY7nPkyajh -8tDeMtixLiaK6re2/TRuIUPy7Y91P94uPgLVxx88qtI62gh5Sc8oGY+OMQybtZ8S -6kEuio3ZhQF4fXM92NUf1XY9BYZ330yiv/CQTz+Bz/nOHU7QqDG8OKVrUA0lNKfE -crF7dsrrBeLoC73FB+gqcHcTZ/A+ZlO+IWunWfs6plB7F92v4d3dzsHIuPt6Ldf2 -tP+hmsMa0mGmL6zriG1vo3hxpRmRqlr5KTpa1yrjs/8PULfuae8qcGuUcytaZVhY -zu2hIijwWJ0OxIF6EhV4maG/9bEINqNUaHzthrHbSVeYTR7i4EIGOXgK3jMZ9zhj -Uz70IzAcshNdypVO6QeMB9Cv5ei975MKG0khRukdmg43Q4OijSmh6F4+Ikp5yTT3 -BfVUiK0Jy+ceGE+hU/fRFhPWp3+oyVXO9Xhng7LNvp+gT32UN9FLOVmAhPj0mYVS -aHKs1MwCV2xZv1nJjVE9TbmwR1G27fyQfXZ/m3+Gzl+mT+oD9FnsiFAO67FEm/O1 -GPPl4LSHWD5QP3L+RXXJ0sxTmDUew6XgbnVFNnuaypFatCNNYXJ0aW4gTWF0dXNr -YSA8bWFydGluQG1hdHVza2Eub3JnPokCPQQTAQgAJwIbAwULCQgHAgYVCAkKCwIE -FgIDAQIeAQIXgAUCWFSljQUJBaOgGgAKCRDwQPcZa6ma9H8rEACEjIuI1hNpsCRF -CFdtrS5bUrMBrS29LEmiyPIAS2uSYf5A/iSek0oe2MG9NZ8zGNpjJ9o2ZSw2LlFp -dJlJ5fNjF+MQu09LbmuZKSYArFwnS8Vc2bjpzUQuBsQRcItD3kWAI1HbgjnrF5Ey -gj6ps5m8H6PM8+sxLhtVfTPN8Ad2vARJFr/OEfJtZGvJgaBvoivQw2GfTBbCvtGG -du1f9mrraC/pPSIkgx97Zrv1z841gAIjfmChpjgP+kAYosunBNAwJtbqQctrpnP+ -SoNceUxrKf2hI8qRBDAE2CyB2KwLC3Qdr2TOzsZ2XG3OqNh7k4GoikfQr8V278QW -SAImpzUmJQqA0vCKnAjIHEVRNGSiVNlbNIDLdzYj0f6SDyW+YTm3PKNOGvDcZT5m -ZAogGnXQn23on0c1mWqe9LKWQjgch+7CXdA4ovSVI12poGVhhQ0b92WFsozBUIYa -W/7OVfDhlJDRehHT8MmR7eQS1AeBujUxyg0mfapdDMCepr8xrpuMpfrT0s4Yw1Mk -Nnne0DAMFKF9bA7JQ+2L971IpikITKnY17wua+XggfcCB970VM1XiPvRLPIxZr+a -BLvKFLhM2dYDbdetFDKRxypbz2ePaAjAVlOk96Om5LavKhqC/jbJeUk2CVtauYLz -itB5D6WMHTlyQLvU2G2T4clYFNyfw7kCDQRYVJ/zARAA1zIB+5uoKEGwPClb+INb -/6JNaj6wBQ/RVYDR+dpN1Sdp19WnoAErz5hKX+qficy2aq2tI/xzA7E4hwS+qWA9 -vne1ALzBaWIfk699lOBnDwFCcwgJe6UeYBEQtuFC4pyJvLlT/Tr6uGuImEMl5BZn -BNnJZHFvkQYEGkX2MX85xd9opgugNoKIZVOUJ5nh86WsLlsTHiVmlORgA4TfEuFk -b4SDdJsfhV11Dt44Vyvz5tA6ha4uOQ5/6CQl4X5i345wAYyeUYK9asXXfsVXR67b -/rB7v8htSX/3fQ04vzD5+UGeRdc/7FiczR5+PXg5/hVBagnUg1kVScopB2v34UXa -Z6Wod/hHPgIQsTEdhtCKf6qcSmHqYL4vrSl19JY33U+EI67cvm2H2MzgnVdja0l7 -O3N7KUNjYhWb8d6lvknaM5WX/snBlDJhJyiE2eK9hfZCfFB9s/W+k5HVXvBtm6Sp -VGA6hCljLN4WhXoNtXxXNySvJX9XlNP2+VeNsGGGNgqcmN9PGey+93pioa/tyOEm -hKJhz+rtypRdkcfvo5axzFVdYr7EIHQgWep7rAxj/TtOu8NghWC8hl3h52HAVT+w -dVOuP3CgE8tNnSULYcCIW7AJGG+K90E5KFenrvM/ndhQAct8o0J+ySpsd7rXpviZ -pnfy4903ZFcNJu+9cM+IgPcAEQEAAYkCHwQYAQgACQUCWFSf8wIbDAAKCRDwQPcZ -a6ma9EGDEACbe5pzfhvR0Da7owUJCdGErVg+NWpdrGINMXk0Q18Q7RkMegfOpCI3 -+RUHmrU0OmU3abUEiSVnvyrx5GhtkTPI+eVvCc0pwpUFhH5nORtRa6ptW9C90/EF -xP5T10vIrIQSKgeiJMOxULpa3f2eF62t48RI4950W+le+Jd2QyC6QavabXtjxk8e -YSjjT4Vn7uqKuAfVSuFrhTHqA+/o5VTzbYmrkJ012SXxwE+URjc+jMHNuKCrJmMS -38JCVXa060I0Ci3EisRtBIj9O1Gy0at8txEFTwkt86nQd0Cjgh/YXN9Ontil3JjI -2DBl/pOei96dQ26CC4LxbPEc5sj9D2wDeMw7KrXbXRPskkJ6eSUpRtc0Cq7f86uV -bLQZwkYU2WXcaqQG3ql1RvoRV7m+OchZJ/27f5gFLRR3eTuy99Se/mxknwvpxDTd -XV9MqhXUkXkkWfhpij8bsGp0O9FRSXh00iJG5n9+EygD+jJe6Jrt+i4DCDctILGQ -22rnKEJ0sOfcPtObxB+yqbsRab6ws6dpGCnLfbyyxkVp0Uaax0+JUyQZkwfZ00/f -uLL6J9Q3BNNQnqeFNvA+D5TjM7uFL7Sg9BwAsuOwTodhd2WJpeYknnWZZ+LqJ9Bl -Heo9XgfmVI+nhV7kXqil0pKc1D2SguOTqtRiBRJznEuAsaaCmQclkA== -=H6gz +mQINBF3+nDABEADygj7s5lCb/s8gTcCFgh6xJ8qZRmR4KVZMgkELNDF3zVhML8um +vLxNyd04n0SDBnpBxSqe5TGCgCRPLYL1OeytE9XxJ6Vf6LFu+vLSXaesL0IqrZDy +wpr2mpf8Vw3KNFUcIbKnW+E86TdN5EkYJ9WaE3sm9WnYgtV2Jtz6ZoLA4Go3Kbwf +TIMysmZDSPstIT2rGfUy1KNIgmwvOZhUjkROaX3qk0XWfTZJDozYaKH0jqrLutPX +O3KNj7SxIVjZOo51ls+w30XhRGlJjIFktry+bWviYy/AfbAjRqLAha/l3Oj3FmvX +y7+MyAMGcdDAIwQRzmWjmu5BQE1ZK1zONIUrlb6eEaO4dze7/5uxkMDt9SvRav8M +ehpZpAlrKf+Ac36Z2DkTzkzmO+OhmlM6jlhUlfUq8fBhBgP6maOcr5DzQQOAQfOm +YJBiYcXmbxwgTxdE0TeQdHqkmatdHof/gJ9A1wLTNbwZJibv3Clk4kuFoQNwKWJs +FdXFbWwdOCDxFC0+oMM3X+cHryfnarqu1ltcfNacjaFR6DaoPMON3J8AdQutv7Ew +nH0E8pTdMBT9gQv8emWKKD5I4s+GsL3Acjy1ALZMKFozYV8fnewgDU5Zy95zSNLe +/n9IlirsoTFiiXC4J82RYkhLCBS02qNp2T1zgBHRdMVoslbrxmEAw5shYwARAQAB +tCNNYXJ0aW4gTWF0dXNrYSA8bWFydGluQG1hdHVza2Eub3JnPokCVAQTAQgAPhYh +BKWkWxKtktlkuJ7uLexWDIHOwiduBQJd/pwwAhsDBQkFo5qABQsJCAcCBhUKCQgL +AgQWAgMBAh4BAheAAAoJEOxWDIHOwiduj88QAI+AIPwOI9CDE/+XMMLg/ncY3Ecg +OD3GDtH3NWT6ykJ/BOmSEx78DN9c/YR1ICxgvLJoj0Cz91/rquCAvIohGEXRhIg9 +Bg+ZsaW6x9fyTRvgv6Ew8GVWd1daK2iw3FssbLwldDNmqdbvN/q/pn8I06X9Ry5f +DfXXHFCyv+fFZp5XXCeBQbOTa8GldIUUXNnaFKAzIwX5ngi2t7fgNtp/HwqxROFq +0RXHnJdGR9z6Igf9vE9H3CQzf5aCXlxl9bpUHZCkjPruU0RLiYkvt++qF+TkCtxv +PqjmSyeQUoqxi8NcHaZoeXo5PlwcXqY9PDAtCvZl/zBwQP0EplR5ILvTzhkcsYUY +4g01JDsiXNX24X+RguQiXf7EDUM+0c/qk2C3gKOcWMWClKM47dEw4Qc96uMdnRjO +0kDL1Ue49RFV4+RMlCWCoYlOE9jQO09W6IeLTl7kfLo268PvC3Xg3YSDR+9Pvdho +f5IAKHrdwW+yMvC2kMPDYJP2NMeZz5y+eujONR0RZDDI4vHbE2wnjrpw1Cvvf7QG +RROJBEGTZni90wta5ZlwzsXa9imduZyTKIs/6jD86+wsTVBg2wJU65i7cOQGs08M +XzMWIOUdzqPSGj1OU9TG1bGFhmkob69zCUSWdfHPQ7Dq3mGnMBICv6YQHk1ICmq8 +KPv3gtRfTUhE6j/ttB9NYXJ0aW4gTWF0dXNrYSA8bW1ARnJlZUJTRC5vcmc+iQJU +BBMBCAA+FiEEpaRbEq2S2WS4nu4t7FYMgc7CJ24FAl3+nGQCGwMFCQWjmoAFCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ7FYMgc7CJ27fNRAA1BIVGfsogIbOVKmc +FC3912mEXbsfAvl6vShhdWU28hn4Iei2lIc6nt2VmatBAp490Lkhm2oAvCj/HUDK +YFBH45HjHzg2NAgD/BQdSqZ91jSUnYAZfylmqjNT1HhKLt79N/LfNMN2VamapsSJ +gB/ckQc4VfibNRQCSyOeMzxR7Fipu5iUG2RAtRKfmT/DXJFMb9qSfDZ6jaObMg7a +lB8I5ARbpsoDi5ykFgud6BC4wVFQHs7ZjSed9J0f6shwyvxUmaqocefKNVrBptE4 +KQYaog1TH1tACzbs4u+ieVgTrRTIQvwapKqV/vBmktQTF2ZS54ul11eq7idSIT4B +1C6pb8KSiPUYilbaxFMSJU0Us/8Yj0efbLzYPLUTrqyb9wn0EFLCspKaV6jChLdn +9JjCqmw2yCNJelMnSvCub1fSbqdOfKS1Xg9fV6b3/vxIbWEh8GVLhGA900XySL4G +ce1VXIQctn6kQv+1sayTu/pb5nhLYqZ0aHtM4KdgooZikofGQPa7yGcmEgnLg6jE +Lo25y586NcJzkbwI10U+FsOnOpZww0A+LY5xdBom2VvdKdd+ZFKqTI1qah2A9X6J +I/3rn10OgD/Xs1F9Xsj4Q0qWk0OQ042LqPG5lMYd4kqwRsAsNhcvYaP0137HgCBo +5BVDVFZtdGVJFMa9ppCWqOF6L++5Ag0EXf6cMAEQAK0PaOYdWhRlwcFq6wmlLFU0 +f22LbkqBoOxy9+xsWyXmKbJtQ64c8N0OYcvD6nx+aeFUh4kL9ht4vcYHJVVYqFvV +xa7v3a3IXamMfjm3TOoF727FwI6Yee5CnaNYj2B2a0UQMeEEB+WysFY/gx7qo/WZ +Ap2u5vlfqdQ1Z00MO/aYJWqGbwDJdYpfF6KlcePQChm367CjKcUInVpue0enaEXw +urx6JhxfMI9VqnLBNmZGSRjOlLTxkE3wIFnply/6HencMbWZYuhPEBYC4gcWNitm +ckMmt+zfdBYEu1YjN0GKMVB0EQsGwqyKyDYTjXUnvBhO6SY+ap+wkMH7q2T166+i +OWK7/Dp/VN03fMtk8UROW1rD4lGoaUKrFfNXiu3VP9LOv4ikzb+DNVGTUYTl1+NR +PnSC+72YdaAM3EpIAH9xnJB2IrTdpu4ODYmx7YeMRs3j+BZak+knRhyirt5CPQ53 +T6+xaubHf+q+KP3j6Bk6BkeWf1RkfMZsXUDRpoXlkq1uTz9HQAxgC7MkV4casjYi +wYHIYLKP5bT/p+urSt2+jfBw2uyGe3fcNW5woEp69wgindGmofxTXwuLLwy3TC5s +8P3Q1U0ti23hfQG/nXGinGj2OiwD/ELCHnDSf6VkvhNRq1T7yPqUWx7tSSl2t5+j +8LgSZ/ElYubrrVTRAZ7fABEBAAGJAjwEGAEIACYWIQSlpFsSrZLZZLie7i3sVgyB +zsInbgUCXf6cMAIbDAUJBaOagAAKCRDsVgyBzsInbsIqEADdNfDxTcd/dKx2/S2L +qfHsWHaHlJpVHy8ywxJ8JaEa7vs/tFNCAYVNs3NL8nfjerzW3ah+MmktiJNb37xR +/D58IfCw95ulOW/sV8H7HTlVVpshmD6boUwPx0m7S2a5pqhUnYSfrMNXmajZK6Ni +dcdSwXNBJz0jPRWDEj8MacRRPITPIjc+5mYAML56hgSg2A+0as308ZitxEEtlQ7A +PajG0svPDqcWlIn6HkVNcozJCrFqT8RwomC/sP3B1bsObeKzJLLxGm4ifTdlqhEE +1iwG6NWFr18BIyDj2taSOUKqV5kywC00oWF4UvGPxxzd2GDosvodOHHSgaCFXSGp +X8iBoHT1Gi7S4Ernnt/sEIZM8tnHiqC+42yqOI/3yJM2SKNabF0vuSN4OvdIXWIn +nHfYIzdvMgBdY6oELMfML5j6hRvvVba9ekZLDjiMwfliSNl1OtKJjsxCnt2tUtrZ +oq956yJdDMtOj/x4NT3HwaK9gJ1g4Ti7IAa2anONLTsFiZQHfwFLUOqH1F0ul7OZ +IwKm6lr4SCCdqYdMympq7BuMhs6ufo5bq9v8IjiMnjkXFu9V00fhO84YoOY77Lbn +sVe1qMxq8LxcTqKHqBveFzmgDRe9Bd4gQC/lhHtRtWS4m7Q981GaU9h7O07ckap2 +SnhsHUNk+W65LKZ22ZjsJek8cQ== +=BSXs -----END PGP PUBLIC KEY BLOCK----- diff --git a/libarchive.spec b/libarchive.spec index f57d75e..4ce2e5b 100644 --- a/libarchive.spec +++ b/libarchive.spec @@ -1,7 +1,7 @@ # # spec file for package libarchive # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,7 +30,7 @@ %bcond_without ext2fs %endif Name: libarchive -Version: 3.4.0 +Version: 3.4.1 Release: 0 Summary: Utility and C library to create and read several different streaming archive formats License: BSD-2-Clause @@ -41,18 +41,13 @@ Source1: https://github.com/libarchive/libarchive/releases/download/v%{ve Source2: libarchive.keyring Source1000: baselibs.conf Patch1: lib-suffix.patch -Patch2: fix-zstd-test.patch -Patch3: fix-soversion.patch -# PATCH-FIX-UPSTREAM bsc#1157569 -Patch10: CVE-2019-19221.patch -BuildRequires: cmake +Patch2: fix-soversion.patch BuildRequires: libacl-devel BuildRequires: libbz2-devel BuildRequires: liblz4-devel BuildRequires: libtool BuildRequires: libxml2-devel BuildRequires: libzstd-devel -BuildRequires: ninja BuildRequires: pkgconfig BuildRequires: xz-devel BuildRequires: zlib-devel @@ -169,18 +164,27 @@ Static library for libarchive %autopatch -p1 %build -%define __builder ninja -%cmake -%cmake_build +export CFLAGS="%{optflags} -D_REENTRANT -pipe" +export CXXFLAGS="$CFLAGS" +%configure \ + --disable-silent-rules \ +%if %{without static_libs} + --disable-static \ +%endif + --enable-bsdcpio + +# lzma mt detection is broken +sed -i -e "/HAVE_LZMA_STREAM_ENCODER_MT/d" config.h + +make %{?_smp_mflags} %check -ninja test -C build +make %{?_smp_mflags} check %install -%cmake_install +%make_install find %{buildroot} -type f -name "*.la" -delete -print -rm "%{buildroot}%{_libdir}/libarchive.a" rm "%{buildroot}%{_mandir}/man5/"{tar,cpio,mtree}.5* sed -i -e '/Libs.private/d' %{buildroot}%{_libdir}/pkgconfig/libarchive.pc