update

OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=72
2017-09-07 07:08:13 +00:00 · 2017-09-07 07:08:13 +00:00 · fece4d03d8
commit fece4d03d8
parent a6ec62ff8a
5 changed files with 45 additions and 4 deletions
--- a/fix-CVE-2017-14166.patch
+++ b/fix-CVE-2017-14166.patch
@ -0,0 +1,32 @@
+commit fa7438a0ff4033e4741c807394a9af6207940d71
+Author: Joerg Sonnenberger <joerg@bec.de>
+Date:   Tue Sep 5 18:12:19 2017 +0200
+
+    Do something sensible for empty strings to make fuzzers happy.
+
+diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
+index 7a22beb9..93eeacc5 100644
+--- a/libarchive/archive_read_support_format_xar.c
+++ b/libarchive/archive_read_support_format_xar.c
+@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
+ 	uint64_t l;
+ 	int digit;
+ 
+	if (char_cnt == 0)
+		return (0);
+
+ 	l = 0;
+ 	digit = *p - '0';
+ 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
+@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
+ {
+ 	int64_t l;
+ 	int digit;
+-        
+
+	if (char_cnt == 0)
+		return (0);
+
+ 	l = 0;
+ 	while (char_cnt-- > 0) {
+ 		if (*p >= '0' && *p <= '7')
--- a/libarchive-3.3.1.tar.gz
+++ b/libarchive-3.3.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:29ca5bd1624ca5a007aa57e16080262ab4379dbf8797f5c52f7ea74a3b0424e7
-size 6219943
--- a/libarchive-3.3.2.tar.gz
+++ b/libarchive-3.3.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce
+size 6236562
--- a/libarchive.changes
+++ b/libarchive.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Sep  7 07:05:15 UTC 2017 - adrian@suse.de
+
+- update to version 3.3.2
+  * NFSv4 ACL support for Linux (librichacl)
+- fix for CVE-2017-14166 (boo#1057514)
+
 -------------------------------------------------------------------
 Mon Apr  3 14:44:27 UTC 2017 - adrian@suse.de

--- a/libarchive.spec
+++ b/libarchive.spec
@ -33,7 +33,7 @@
 %define libname libarchive%{somajor}

 Name:           libarchive
-Version:        3.3.1
+Version:        3.3.2
 Release:        0
 Summary:        Creates and reads several different streaming archive formats
 License:        BSD-2-Clause
@ -41,6 +41,7 @@ Group:          Productivity/Archiving/Compression
 Url:            http://www.libarchive.org/
 Source0:        http://www.libarchive.org/downloads/libarchive-%{version}.tar.gz
 Source1:        baselibs.conf
+Patch1:         fix-CVE-2017-14166.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel
@ -161,6 +162,7 @@ static library for libarchive

 %prep
 %setup -q
+%patch1 -p1

 %build
 %if !0%{?skip_autoreconf}