rpm/apache-commons-compress
SHA256
1
0
Fork 0
forked from pool/apache-commons-compress
Code Pull Requests Activity

Accepting request 907250 from Java:packages

Browse Source 
Security fixes

OBS-URL: https://build.opensuse.org/request/show/907250
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apache-commons-compress?expand=0&rev=4
This commit is contained in:
Dominique Leuenberger 2021-07-22 20:42:47 +00:00 committed by Git OBS Bridge
commit a91889c61a
8 changed files with 214 additions and 160 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
apache-commons-compress-build.xml
View File

@ -9,7 +9,7 @@
<property file="build.properties"/> <property file="build.properties"/>
<property name="build.name" value="commons-compress"/> <property name="build.name" value="commons-compress"/>
<property name="build.version" value="1.19"/> <property name="build.version" value="1.21"/>
<property name="build.finalName" value="${build.name}-${build.version}"/> <property name="build.finalName" value="${build.name}-${build.version}"/>
<property name="build.dir" value="target"/> <property name="build.dir" value="target"/>
<property name="build.javadocDir" value="${build.dir}/site/apidocs"/> <property name="build.javadocDir" value="${build.dir}/site/apidocs"/>
@ -18,18 +18,15 @@
<property name="build.resourceDir.0" value="src/main/resources"/> <property name="build.resourceDir.0" value="src/main/resources"/>
<property name="build.resourceDir.1" value="."/> <property name="build.resourceDir.1" value="."/>
<property name="commons.javadoc.javaee.link" value="http://docs.oracle.com/javaee/6/api/"/>
<property name="commons.javadoc.java.link" value="http://docs.oracle.com/javase/7/docs/api/"/>
<property name="commons.osgi.dynamicImport" value=""/> <property name="commons.osgi.dynamicImport" value=""/>
<property name="commons.osgi.excludeDependencies" value="true"/> <property name="commons.osgi.excludeDependencies" value="true"/>
<property name="commons.osgi.export" value="org.apache.commons.compress;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.ar;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.arj;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.cpio;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.dump;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.examples;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.jar;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.sevenz;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.tar;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.zip;version=&quot;${build.version}&quot;,org.apache.commons.compress.changes;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.bzip2;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.deflate;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.deflate64;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.gzip;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lz4;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lz77support;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lzma;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lzw;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.pack200;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.snappy;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.xz;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.z;version=&quot;${build.version}&quot;,org.apache.commons.compress.parallel;version=&quot;${build.version}&quot;,org.apache.commons.compress.utils;version=&quot;${build.version}&quot;"/> <property name="commons.osgi.export" value="org.apache.commons.compress;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.ar;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.arj;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.cpio;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.dump;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.examples;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.jar;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.sevenz;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.tar;version=&quot;${build.version}&quot;,org.apache.commons.compress.archivers.zip;version=&quot;${build.version}&quot;,org.apache.commons.compress.changes;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.bzip2;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.deflate;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.deflate64;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.gzip;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lz4;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lz77support;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lzma;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.lzw;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.pack200;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.snappy;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.xz;version=&quot;${build.version}&quot;,org.apache.commons.compress.compressors.z;version=&quot;${build.version}&quot;,org.apache.commons.compress.harmony.archive.internal.nls;version=&quot;${build.version}&quot;,org.apache.commons.compress.harmony.pack200;version=&quot;${build.version}&quot;,org.apache.commons.compress.harmony.unpack200;version=&quot;${build.version}&quot;,org.apache.commons.compress.harmony.unpack200.bytecode;version=&quot;${build.version}&quot;,org.apache.commons.compress.harmony.unpack200.bytecode.forms;version=&quot;${build.version}&quot;,org.apache.commons.compress.java.util.jar;version=&quot;${build.version}&quot;,org.apache.commons.compress.parallel;version=&quot;${build.version}&quot;,org.apache.commons.compress.utils;version=&quot;${build.version}&quot;"/>
<property name="commons.osgi.import" value="org.tukaani.xz;resolution:=optional,javax.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional,org.brotli.dec;resolution:=optional,com.github.luben.zstd;resolution:=optional"/> <property name="commons.osgi.import" value="org.tukaani.xz;resolution:=optional,org.objectweb.asm;resolution:=optional,javax.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional"/>
<property name="commons.osgi.private" value=""/> <property name="commons.osgi.private" value=""/>
<property name="commons.osgi.symbolicName" value="org.apache.commons.compress"/> <property name="commons.osgi.symbolicName" value="org.apache.commons.compress"/>
<property name="compiler.source" value="1.7"/> <property name="compiler.source" value="1.8"/>
<property name="compiler.target" value="1.7"/> <property name="compiler.target" value="1.8"/>
<!-- ====================================================================== --> <!-- ====================================================================== -->
@ -108,8 +105,6 @@
linksource="true" linksource="true"
breakiterator="false"> breakiterator="false">
<classpath refid="build.classpath"/> <classpath refid="build.classpath"/>
<!-- <link href="${commons.javadoc.java.link}"/> -->
<!-- <link href="${commons.javadoc.javaee.link}"/> -->
</javadoc> </javadoc>
</target> </target>

28
apache-commons-compress.changes
View File

@ -1,3 +1,31 @@
-------------------------------------------------------------------
Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Updated to 1.21
* When reading a specially crafted 7Z archive, the construction of
the list of codecs that decompress an entry can result in an
infinite loop. This could be used to mount a denial of service
attack against services that use Compress' sevenz package.
(CVE-2021-35515, bsc#1188463)
* When reading a specially crafted 7Z archive, Compress can be
made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services
that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
* When reading a specially crafted TAR archive, Compress can be
made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could be
used to mount a denial of service attack against services that
use Compress' tar package. (CVE-2021-35517, bsc#1188465)
* When reading a specially crafted ZIP archive, Compress can be
made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services
that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
- New dependency on asm3 for Pack200 compressor
- Rebased patch fix_java_8_compatibility.patch to a new context and
added some new ocurrences
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 28 08:57:02 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com> Wed Aug 28 08:57:02 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>

23
apache-commons-compress.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package apache # spec file
# #
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2021 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -19,12 +19,12 @@
%global base_name compress %global base_name compress
%global short_name commons-%{base_name} %global short_name commons-%{base_name}
Name: apache-%{short_name} Name: apache-%{short_name}
Version: 1.19 Version: 1.21
Release: 0 Release: 0
Summary: Java API for working with compressed files and archivers Summary: Java API for working with compressed files and archivers
License: Apache-2.0 License: Apache-2.0
Group: Development/Libraries/Java Group: Development/Libraries/Java
URL: http://commons.apache.org/proper/commons-compress/ URL: https://commons.apache.org/proper/commons-compress/
Source0: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz Source0: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz
Source1: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz.asc Source1: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz.asc
Source2: %{name}-build.xml Source2: %{name}-build.xml
@ -32,11 +32,11 @@ Patch0: 0001-Remove-Brotli-compressor.patch
Patch1: 0002-Remove-ZSTD-compressor.patch Patch1: 0002-Remove-ZSTD-compressor.patch
Patch2: fix_java_8_compatibility.patch Patch2: fix_java_8_compatibility.patch
BuildRequires: ant BuildRequires: ant
BuildRequires: asm3
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: java-devel >= 1.7 BuildRequires: java-devel >= 1.8
BuildRequires: javapackages-local BuildRequires: javapackages-local
BuildRequires: xz-java BuildRequires: xz-java
Requires: mvn(org.tukaani:xz)
Provides: %{short_name} = %{version}-%{release} Provides: %{short_name} = %{version}-%{release}
Obsoletes: %{short_name} < %{version}-%{release} Obsoletes: %{short_name} < %{version}-%{release}
Provides: jakarta-%{short_name} = %{version}-%{release} Provides: jakarta-%{short_name} = %{version}-%{release}
@ -47,7 +47,7 @@ BuildArch: noarch
The Apache Commons Compress library defines an API for working with The Apache Commons Compress library defines an API for working with
ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files.
In version 1.14 read-only support for Brotli decompression has been added, In version 1.14 read-only support for Brotli decompression has been added,
but it has been removed form this package. but it has been removed from this package.
%package javadoc %package javadoc
Summary: API documentation for %{name} Summary: API documentation for %{name}
@ -74,13 +74,6 @@ rm src/test/java/org/apache/commons/compress/compressors/DetectCompressorTestCas
# Restore Java 8 compatibility # Restore Java 8 compatibility
%patch2 -p1 %patch2 -p1
# remove osgi tests, we don't have deps for them
%pom_remove_dep org.ops4j.pax.exam:::test
%pom_remove_dep :org.apache.felix.framework::test
%pom_remove_dep :javax.inject::test
%pom_remove_dep :slf4j-api::test
rm src/test/java/org/apache/commons/compress/OsgiITest.java
# NPE with jdk10 # NPE with jdk10
%pom_remove_plugin :maven-javadoc-plugin %pom_remove_plugin :maven-javadoc-plugin
@ -91,7 +84,7 @@ rm src/test/java/org/apache/commons/compress/OsgiITest.java
%build %build
mkdir -p lib mkdir -p lib
build-jar-repository -s lib xz-java build-jar-repository -s lib xz-java asm3
%{ant} package javadoc %{ant} package javadoc
%install %install

3
commons-compress-1.19-src.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:34217d8e831c7e769d24ade60e41aa48c71200f772f18216205c00b9b2a11d4b
size 9877992

7
commons-compress-1.19-src.tar.gz.asc
View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iHEEABEKADEWIQTOgHWiUVR77iSbwVGiEVrhX2uLcgUCXWFijBMcYm9kZXdpZ0Bh
cGFjaGUub3JnAAoJEKIRWuFfa4tyNIkAn2gKkMs8N+T5giVT746EDm9sR8ypAKCe
9VpPXdbYTImJ4SYaSH+CUUOIYA==
=vNiG
-----END PGP SIGNATURE-----

3
commons-compress-1.21-src.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3ecb1feb62e5307d0fc865dd0b5a80206758aec1d160d297e5c153cfba5977e6
size 15165800

7
commons-compress-1.21-src.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
iHEEABEKADEWIQTOgHWiUVR77iSbwVGiEVrhX2uLcgUCYOiAPBMcYm9kZXdpZ0Bh
cGFjaGUub3JnAAoJEKIRWuFfa4tyyNwAn1RAMciW7Os/lbwCiQ/RJ64GL+LSAKDB
7ZWg3nXsSSAnuN7K/3doWvLkLQ==
=iHWA
-----END PGP SIGNATURE-----

260
fix_java_8_compatibility.patch
View File

@ -1,8 +1,6 @@
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java 2021-07-19 16:32:46.529020782 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java @@ -19,6 +19,7 @@
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java
@@ -19,6 +19,7 @@ package org.apache.commons.compress.arch
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@ -10,7 +8,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.channels.SeekableByteChannel; import java.nio.channels.SeekableByteChannel;
@@ -69,7 +70,7 @@ class BoundedSeekableByteChannelInputStr @@ -83,7 +84,7 @@
} else { } else {
buf = ByteBuffer.allocate(bytesToRead); buf = ByteBuffer.allocate(bytesToRead);
bytesRead = channel.read(buf); bytesRead = channel.read(buf);
@ -19,23 +17,21 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
} }
if (bytesRead >= 0) { if (bytesRead >= 0) {
buf.get(b, off, bytesRead); buf.get(b, off, bytesRead);
@@ -79,9 +80,9 @@ class BoundedSeekableByteChannelInputStr @@ -93,9 +94,9 @@
} }
private int read(int len) throws IOException { private int read(final int len) throws IOException {
- buffer.rewind().limit(len); - buffer.rewind().limit(len);
+ ((Buffer)buffer).rewind().limit(len); + ((Buffer)buffer).rewind().limit(len);
int read = channel.read(buffer); final int read = channel.read(buffer);
- buffer.flip(); - buffer.flip();
+ ((Buffer)buffer).flip(); + ((Buffer)buffer).flip();
return read; return read;
} }
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 2021-07-19 16:20:02.675782684 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java @@ -26,6 +26,7 @@
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java
@@ -25,6 +25,7 @@ import java.io.File;
import java.io.FilterInputStream; import java.io.FilterInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@ -43,10 +39,19 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.ByteOrder; import java.nio.ByteOrder;
import java.nio.CharBuffer; import java.nio.CharBuffer;
@@ -1305,9 +1306,9 @@ public class SevenZFile implements Close @@ -499,7 +500,7 @@
while (pos > minPos) {
pos--;
channel.position(pos);
- nidBuf.rewind();
+ ((Buffer)nidBuf).rewind();
if (channel.read(nidBuf) < 1) {
throw new EOFException();
}
@@ -2016,9 +2017,9 @@
} }
private void readFully(ByteBuffer buf) throws IOException { private void readFully(final ByteBuffer buf) throws IOException {
- buf.rewind(); - buf.rewind();
+ ((Buffer)buf).rewind(); + ((Buffer)buf).rewind();
IOUtils.readFully(channel, buf); IOUtils.readFully(channel, buf);
@ -55,19 +60,17 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
} }
@Override @Override
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java 2021-07-19 16:14:03.565317437 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java @@ -26,6 +26,7 @@
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java
@@ -24,6 +24,7 @@ import java.io.DataOutputStream;
import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
+import java.nio.Buffer; +import java.nio.Buffer;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.ByteOrder; import java.nio.ByteOrder;
import java.nio.channels.SeekableByteChannel; import java.nio.channels.SeekableByteChannel;
@@ -288,7 +289,7 @@ public class SevenZOutputFile implements @@ -341,7 +342,7 @@
crc32.reset(); crc32.reset();
crc32.update(bb.array(), SevenZFile.sevenZSignature.length + 6, 20); crc32.update(bb.array(), SevenZFile.sevenZSignature.length + 6, 20);
bb.putInt(SevenZFile.sevenZSignature.length + 2, (int) crc32.getValue()); bb.putInt(SevenZFile.sevenZSignature.length + 2, (int) crc32.getValue());
@ -76,7 +79,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
channel.write(bb); channel.write(bb);
} }
@@ -772,7 +773,7 @@ public class SevenZOutputFile implements @@ -826,7 +827,7 @@
private final ByteBuffer buffer = ByteBuffer.allocate(BUF_SIZE); private final ByteBuffer buffer = ByteBuffer.allocate(BUF_SIZE);
@Override @Override
public void write(final int b) throws IOException { public void write(final int b) throws IOException {
@ -85,7 +88,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
buffer.put((byte) b).flip(); buffer.put((byte) b).flip();
channel.write(buffer); channel.write(buffer);
compressedCrc32.update(b); compressedCrc32.update(b);
@@ -790,7 +791,7 @@ public class SevenZOutputFile implements @@ -844,7 +845,7 @@
if (len > BUF_SIZE) { if (len > BUF_SIZE) {
channel.write(ByteBuffer.wrap(b, off, len)); channel.write(ByteBuffer.wrap(b, off, len));
} else { } else {
@ -94,10 +97,8 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
buffer.put(b, off, len).flip(); buffer.put(b, off, len).flip();
channel.write(buffer); channel.write(buffer);
} }
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java 2021-07-19 16:14:03.565317437 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java
@@ -20,6 +20,7 @@ @@ -20,6 +20,7 @@
package org.apache.commons.compress.archivers.zip; package org.apache.commons.compress.archivers.zip;
@ -106,7 +107,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.CharBuffer; import java.nio.CharBuffer;
import java.nio.charset.Charset; import java.nio.charset.Charset;
@@ -121,8 +122,8 @@ class NioZipEncoding implements ZipEncod @@ -121,8 +122,8 @@
enc.encode(cb, out, true); enc.encode(cb, out, true);
// may have caused underflow, but that's been ignored traditionally // may have caused underflow, but that's been ignored traditionally
@ -117,11 +118,9 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
return out; return out;
} }
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java 2021-07-19 16:14:03.565317437 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java @@ -25,6 +25,7 @@
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java
@@ -25,6 +25,7 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.PushbackInputStream; import java.io.PushbackInputStream;
import java.math.BigInteger; import java.math.BigInteger;
@ -129,16 +128,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.util.Arrays; import java.util.Arrays;
import java.util.zip.CRC32; import java.util.zip.CRC32;
@@ -220,7 +221,7 @@ public class ZipArchiveInputStream exten @@ -256,7 +257,7 @@
this.allowStoredEntriesWithDataDescriptor =
allowStoredEntriesWithDataDescriptor; allowStoredEntriesWithDataDescriptor;
this.skipSplitSig = skipSplitSig;
// haven't read anything so far // haven't read anything so far
- buf.limit(0); - buf.limit(0);
+ ((Buffer)buf).limit(0); + ((Buffer)buf).limit(0);
} }
public ZipArchiveEntry getNextZipEntry() throws IOException { public ZipArchiveEntry getNextZipEntry() throws IOException {
@@ -522,13 +523,13 @@ public class ZipArchiveInputStream exten @@ -596,13 +597,13 @@
} }
if (buf.position() >= buf.limit()) { if (buf.position() >= buf.limit()) {
@ -155,7 +154,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
count(l); count(l);
current.bytesReadFromStream += l; current.bytesReadFromStream += l;
@@ -719,7 +720,7 @@ public class ZipArchiveInputStream exten @@ -795,7 +796,7 @@
} }
inf.reset(); inf.reset();
@ -164,7 +163,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
current = null; current = null;
lastStoredEntry = null; lastStoredEntry = null;
} }
@@ -784,7 +785,7 @@ public class ZipArchiveInputStream exten @@ -860,7 +861,7 @@
} }
final int length = in.read(buf.array()); final int length = in.read(buf.array());
if (length > 0) { if (length > 0) {
@ -173,10 +172,8 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
count(buf.limit()); count(buf.limit());
inf.setInput(buf.array(), 0, buf.limit()); inf.setInput(buf.array(), 0, buf.limit());
} }
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java 2021-07-19 16:29:53.519835167 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java
@@ -18,6 +18,7 @@ @@ -18,6 +18,7 @@
package org.apache.commons.compress.archivers.zip; package org.apache.commons.compress.archivers.zip;
@ -185,10 +182,10 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
@@ -85,8 +86,8 @@ public abstract class ZipEncodingHelper @@ -85,8 +86,8 @@
} }
static ByteBuffer growBufferBy(ByteBuffer buffer, int increment) { static ByteBuffer growBufferBy(final ByteBuffer buffer, final int increment) {
- buffer.limit(buffer.position()); - buffer.limit(buffer.position());
- buffer.rewind(); - buffer.rewind();
+ ((Buffer)buffer).limit(buffer.position()); + ((Buffer)buffer).limit(buffer.position());
@ -196,11 +193,9 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
final ByteBuffer on = ByteBuffer.allocate(buffer.capacity() + increment); final ByteBuffer on = ByteBuffer.allocate(buffer.capacity() + increment);
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 2021-07-19 16:28:13.175147502 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java @@ -25,6 +25,7 @@
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java
@@ -25,6 +25,7 @@ import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.SequenceInputStream; import java.io.SequenceInputStream;
@ -208,16 +203,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.channels.FileChannel; import java.nio.channels.FileChannel;
import java.nio.channels.SeekableByteChannel; import java.nio.channels.SeekableByteChannel;
@@ -693,7 +694,7 @@ public class ZipFile implements Closeabl @@ -713,7 +714,7 @@
positionAtCentralDirectory(); positionAtCentralDirectory();
centralDirectoryStartOffset = archive.position();
- wordBbuf.rewind(); - wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind(); + ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
long sig = ZipLong.getValue(wordBuf); long sig = ZipLong.getValue(wordBuf);
@@ -704,7 +705,7 @@ public class ZipFile implements Closeabl @@ -724,7 +725,7 @@
while (sig == CFH_SIG) { while (sig == CFH_SIG) {
readCentralDirectoryEntry(noUTF8Flag); readCentralDirectoryEntry(noUTF8Flag);
@ -226,7 +221,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
sig = ZipLong.getValue(wordBuf); sig = ZipLong.getValue(wordBuf);
} }
@@ -723,7 +724,7 @@ public class ZipFile implements Closeabl @@ -743,7 +744,7 @@
private void private void
readCentralDirectoryEntry(final Map<ZipArchiveEntry, NameAndComment> noUTF8Flag) readCentralDirectoryEntry(final Map<ZipArchiveEntry, NameAndComment> noUTF8Flag)
throws IOException { throws IOException {
@ -235,7 +230,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
IOUtils.readFully(archive, cfhBbuf); IOUtils.readFully(archive, cfhBbuf);
int off = 0; int off = 0;
final Entry ze = new Entry(); final Entry ze = new Entry();
@@ -961,7 +962,7 @@ public class ZipFile implements Closeabl @@ -1100,7 +1101,7 @@
archive.position() > ZIP64_EOCDL_LENGTH; archive.position() > ZIP64_EOCDL_LENGTH;
if (searchedForZip64EOCD) { if (searchedForZip64EOCD) {
archive.position(archive.position() - ZIP64_EOCDL_LENGTH); archive.position(archive.position() - ZIP64_EOCDL_LENGTH);
@ -244,38 +239,85 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
found = Arrays.equals(ZipArchiveOutputStream.ZIP64_EOCD_LOC_SIG, found = Arrays.equals(ZipArchiveOutputStream.ZIP64_EOCD_LOC_SIG,
wordBuf); wordBuf);
@@ -990,10 +991,10 @@ public class ZipFile implements Closeabl @@ -1128,11 +1129,11 @@
private void positionAtCentralDirectory64()
throws IOException { throws IOException {
if (isSplitZipArchive) {
- wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf);
final long diskNumberOfEOCD = ZipLong.getValue(wordBuf);
- dwordBbuf.rewind();
+ ((Buffer)dwordBbuf).rewind();
IOUtils.readFully(archive, dwordBbuf);
final long relativeOffsetOfEOCD = ZipEightByteInteger.getLongValue(dwordBuf);
((ZipSplitReadOnlySeekableByteChannel) archive)
@@ -1140,12 +1141,12 @@
} else {
skipBytes(ZIP64_EOCDL_LOCATOR_OFFSET skipBytes(ZIP64_EOCDL_LOCATOR_OFFSET
- WORD /* signature has already been read */); - WORD /* signature has already been read */);
- dwordBbuf.rewind(); - dwordBbuf.rewind();
+ ((Buffer)dwordBbuf).rewind(); + ((Buffer)dwordBbuf).rewind();
IOUtils.readFully(archive, dwordBbuf); IOUtils.readFully(archive, dwordBbuf);
archive.position(ZipEightByteInteger.getLongValue(dwordBuf)); archive.position(ZipEightByteInteger.getLongValue(dwordBuf));
}
- wordBbuf.rewind(); - wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind(); + ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
if (!Arrays.equals(wordBuf, ZipArchiveOutputStream.ZIP64_EOCD_SIG)) { if (!Arrays.equals(wordBuf, ZipArchiveOutputStream.ZIP64_EOCD_SIG)) {
throw new ZipException("Archive's ZIP64 end of central " throw new ZipException("Archive's ZIP64 end of central "
@@ -1001,7 +1002,7 @@ public class ZipFile implements Closeabl @@ -1155,13 +1156,13 @@
} if (isSplitZipArchive) {
skipBytes(ZIP64_EOCD_CFD_DISK_OFFSET
- WORD /* signature has already been read */);
- wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf);
centralDirectoryStartDiskNumber = ZipLong.getValue(wordBuf);
skipBytes(ZIP64_EOCD_CFD_LOCATOR_RELATIVE_OFFSET);
- dwordBbuf.rewind();
+ ((Buffer)dwordBbuf).rewind();
IOUtils.readFully(archive, dwordBbuf);
centralDirectoryStartRelativeOffset = ZipEightByteInteger.getLongValue(dwordBuf);
((ZipSplitReadOnlySeekableByteChannel) archive)
@@ -1169,7 +1170,7 @@
} else {
skipBytes(ZIP64_EOCD_CFD_LOCATOR_OFFSET skipBytes(ZIP64_EOCD_CFD_LOCATOR_OFFSET
- WORD /* signature has already been read */); - WORD /* signature has already been read */);
- dwordBbuf.rewind(); - dwordBbuf.rewind();
+ ((Buffer)dwordBbuf).rewind(); + ((Buffer)dwordBbuf).rewind();
IOUtils.readFully(archive, dwordBbuf); IOUtils.readFully(archive, dwordBbuf);
archive.position(ZipEightByteInteger.getLongValue(dwordBuf)); centralDirectoryStartDiskNumber = 0;
} centralDirectoryStartRelativeOffset = ZipEightByteInteger.getLongValue(dwordBuf);
@@ -1016,7 +1017,7 @@ public class ZipFile implements Closeabl @@ -1188,20 +1189,20 @@
private void positionAtCentralDirectory32()
throws IOException { throws IOException {
if (isSplitZipArchive) {
skipBytes(CFD_DISK_OFFSET);
- shortBbuf.rewind();
+ ((Buffer)shortBbuf).rewind();
IOUtils.readFully(archive, shortBbuf);
centralDirectoryStartDiskNumber = ZipShort.getValue(shortBuf);
skipBytes(CFD_LOCATOR_RELATIVE_OFFSET);
- wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf);
centralDirectoryStartRelativeOffset = ZipLong.getValue(wordBuf);
((ZipSplitReadOnlySeekableByteChannel) archive)
.position(centralDirectoryStartDiskNumber, centralDirectoryStartRelativeOffset);
} else {
skipBytes(CFD_LOCATOR_OFFSET); skipBytes(CFD_LOCATOR_OFFSET);
- wordBbuf.rewind(); - wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind(); + ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
archive.position(ZipLong.getValue(wordBuf)); centralDirectoryStartDiskNumber = 0;
} centralDirectoryStartRelativeOffset = ZipLong.getValue(wordBuf);
@@ -1050,9 +1051,9 @@ public class ZipFile implements Closeabl @@ -1238,9 +1239,9 @@
for (; off >= stopSearching; off--) { for (; off >= stopSearching; off--) {
archive.position(off); archive.position(off);
try { try {
@ -284,13 +326,13 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
- wordBbuf.flip(); - wordBbuf.flip();
+ ((Buffer)wordBbuf).flip(); + ((Buffer)wordBbuf).flip();
} catch (EOFException ex) { // NOSONAR } catch (final EOFException ex) { // NOSONAR
break; break;
} }
@@ -1153,9 +1154,9 @@ public class ZipFile implements Closeabl @@ -1352,9 +1353,9 @@
private int[] setDataOffset(ZipArchiveEntry ze) throws IOException { } else {
final long offset = ze.getLocalHeaderOffset();
archive.position(offset + LFH_OFFSET_FOR_FILENAME_LENGTH); archive.position(offset + LFH_OFFSET_FOR_FILENAME_LENGTH);
}
- wordBbuf.rewind(); - wordBbuf.rewind();
+ ((Buffer)wordBbuf).rewind(); + ((Buffer)wordBbuf).rewind();
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
@ -299,7 +341,7 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
wordBbuf.get(shortBuf); wordBbuf.get(shortBuf);
final int fileNameLen = ZipShort.getValue(shortBuf); final int fileNameLen = ZipShort.getValue(shortBuf);
wordBbuf.get(shortBuf); wordBbuf.get(shortBuf);
@@ -1180,7 +1181,7 @@ public class ZipFile implements Closeabl @@ -1382,7 +1383,7 @@
*/ */
private boolean startsWithLocalFileHeader() throws IOException { private boolean startsWithLocalFileHeader() throws IOException {
archive.position(0); archive.position(0);
@ -308,38 +350,18 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archi
IOUtils.readFully(archive, wordBbuf); IOUtils.readFully(archive, wordBbuf);
return Arrays.equals(wordBuf, ZipArchiveOutputStream.LFH_SIG); return Arrays.equals(wordBuf, ZipArchiveOutputStream.LFH_SIG);
} }
@@ -1223,7 +1224,7 @@ public class ZipFile implements Closeabl @@ -1418,7 +1419,7 @@
singleByteBuffer = ByteBuffer.allocate(1);
}
else {
- singleByteBuffer.rewind();
+ ((Buffer)singleByteBuffer).rewind();
}
int read = read(loc, singleByteBuffer);
if (read < 0) {
@@ -1262,7 +1263,7 @@ public class ZipFile implements Closeabl
archive.position(pos);
read = archive.read(buf);
}
- buf.flip();
+ ((Buffer)buf).flip();
return read;
}
}
@@ -1284,7 +1285,7 @@ public class ZipFile implements Closeabl
@Override @Override
protected int read(long pos, ByteBuffer buf) throws IOException { protected int read(final long pos, final ByteBuffer buf) throws IOException {
int read = archive.read(buf, pos); final int read = archive.read(buf, pos);
- buf.flip(); - buf.flip();
+ ((Buffer)buf).flip(); + ((Buffer)buf).flip();
return read; return read;
} }
} }
Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java --- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java 2020-01-22 16:10:15.000000000 +0100
=================================================================== +++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java 2021-07-19 16:16:51.850472686 +0200
--- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java @@ -21,6 +21,7 @@
+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java
@@ -21,6 +21,7 @@ package org.apache.commons.compress.util
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
@ -347,16 +369,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.ByteOrder; import java.nio.ByteOrder;
import java.nio.channels.ClosedChannelException; import java.nio.channels.ClosedChannelException;
@@ -88,7 +89,7 @@ public class FixedLengthBlockOutputStrea @@ -88,7 +89,7 @@
} }
private void writeBlock() throws IOException { private void writeBlock() throws IOException {
- buffer.flip(); - buffer.flip();
+ ((Buffer)buffer).flip(); + ((Buffer)buffer).flip();
int i = out.write(buffer); final int i = out.write(buffer);
boolean hasRemaining = buffer.hasRemaining(); final boolean hasRemaining = buffer.hasRemaining();
if (i != blockSize || hasRemaining) { if (i != blockSize || hasRemaining) {
@@ -97,7 +98,7 @@ public class FixedLengthBlockOutputStrea @@ -97,7 +98,7 @@
blockSize, i); blockSize, i);
throw new IOException(msg); throw new IOException(msg);
} }
@ -365,16 +387,16 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils
} }
@Override @Override
@@ -142,7 +143,7 @@ public class FixedLengthBlockOutputStrea @@ -142,7 +143,7 @@
// fill up the reset of buffer and write the block. // fill up the reset of buffer and write the block.
if (buffer.position() != 0) { if (buffer.position() != 0) {
int n = buffer.remaining(); final int n = buffer.remaining();
- src.limit(src.position() + n); - src.limit(src.position() + n);
+ ((Buffer)src).limit(src.position() + n); + ((Buffer)src).limit(src.position() + n);
buffer.put(src); buffer.put(src);
writeBlock(); writeBlock();
srcLeft -= n; srcLeft -= n;
@@ -150,12 +151,12 @@ public class FixedLengthBlockOutputStrea @@ -150,12 +151,12 @@
// whilst we have enough bytes in src for complete blocks, // whilst we have enough bytes in src for complete blocks,
// write them directly from src without copying them to buffer // write them directly from src without copying them to buffer
while (srcLeft >= blockSize) { while (srcLeft >= blockSize) {
@ -389,15 +411,31 @@ Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils
buffer.put(src); buffer.put(src);
} }
return srcRemaining; return srcRemaining;
@@ -240,9 +241,9 @@ public class FixedLengthBlockOutputStrea @@ -242,7 +243,7 @@
final int pos = buffer.position();
try { final int len = buffer.limit() - pos;
int pos = buffer.position();
- int len = buffer.limit() - pos;
+ int len = ((Buffer)buffer).limit() - pos;
out.write(buffer.array(), buffer.arrayOffset() + pos, len); out.write(buffer.array(), buffer.arrayOffset() + pos, len);
- buffer.position(buffer.limit()); - buffer.position(buffer.limit());
+ ((Buffer)buffer).position(buffer.limit()); + ((Buffer)buffer).position(buffer.limit());
return len; return len;
} catch (IOException e) { } catch (final IOException e) {
try { try {
--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/IOUtils.java 2020-01-22 16:10:15.000000000 +0100
+++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/IOUtils.java 2021-07-19 17:09:11.659891748 +0200
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.nio.Buffer;
import java.nio.ByteBuffer;
import java.nio.channels.ReadableByteChannel;
import java.nio.file.Files;
@@ -372,7 +373,7 @@
break;
}
output.write(b.array(), 0, readNow);
- b.rewind();
+ ((Buffer)b).rewind();
read += readNow;
}
return output.toByteArray();