rebase: mostly for security issues

Version: 3.2.2-1

.gitignore

@@ -1 +1 @@
-/libarchive-3.2.1.tar.gz
+/libarchive-3.2.2.tar.gz

RHBZ#1378666.patch

@@ -1,38 +0,0 @@
-From e37b620fe8f14535d737e89a4dcabaed4517bf1a Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 21 Aug 2016 10:51:43 -0700
-Subject: [PATCH] Issue #767:  Buffer overflow printing a filename
-
-The safe_fprintf function attempts to ensure clean output for an
-arbitrary sequence of bytes by doing a trial conversion of the
-multibyte characters to wide characters -- if the resulting wide
-character is printable then we pass through the corresponding bytes
-unaltered, otherwise, we convert them to C-style ASCII escapes.
-
-The stack trace in Issue #767 suggest that the 20-byte buffer
-was getting overflowed trying to format a non-printable multibyte
-character.  This should only happen if there is a valid multibyte
-character of more than 5 bytes that was unprintable.  (Each byte
-would get expanded to a four-charcter octal-style escape of the form
-"\123" resulting in >20 characters for the >5 byte multibyte character.)
-
-I've not been able to reproduce this, but have expanded the conversion
-buffer to 128 bytes on the belief that no multibyte character set
-has a single character of more than 32 bytes.
----
- tar/util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/tar/util.c b/tar/util.c
-index 9ff22f2..2b4aebe 100644
---- a/tar/util.c
-+++ b/tar/util.c
-@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...)
- 		}
- 
- 		/* If our output buffer is full, dump it and keep going. */
--		if (i > (sizeof(outbuff) - 20)) {
-+		if (i > (sizeof(outbuff) - 128)) {
- 			outbuff[i] = '\0';
- 			fprintf(f, "%s", outbuff);
- 			i = 0;

RHBZ#1378668.patch

@@ -1,66 +0,0 @@
-From 7f17c791dcfd8c0416e2cd2485b19410e47ef126 Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 18 Sep 2016 18:14:58 -0700
-Subject: [PATCH] Issue 761:  Heap overflow reading corrupted 7Zip files
-
-The sample file that demonstrated this had multiple 'EmptyStream'
-attributes.  The first one ended up being used to calculate
-certain statistics, then was overwritten by the second which
-was incompatible with those statistics.
-
-The fix here is to reject any header with multiple EmptyStream
-attributes.  While here, also reject headers with multiple
-EmptyFile, AntiFile, Name, or Attributes markers.
----
- libarchive/archive_read_support_format_7zip.c | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
-index 1dfe52b..c0a536c 100644
---- a/libarchive/archive_read_support_format_7zip.c
-+++ b/libarchive/archive_read_support_format_7zip.c
-@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- 
- 		switch (type) {
- 		case kEmptyStream:
-+			if (h->emptyStreamBools != NULL)
-+				return (-1);
- 			h->emptyStreamBools = calloc((size_t)zip->numFiles,
- 			    sizeof(*h->emptyStreamBools));
- 			if (h->emptyStreamBools == NULL)
-@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- 					return (-1);
- 				break;
- 			}
-+			if (h->emptyFileBools != NULL)
-+				return (-1);
- 			h->emptyFileBools = calloc(empty_streams,
- 			    sizeof(*h->emptyFileBools));
- 			if (h->emptyFileBools == NULL)
-@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- 					return (-1);
- 				break;
- 			}
-+			if (h->antiBools != NULL)
-+				return (-1);
- 			h->antiBools = calloc(empty_streams,
- 			    sizeof(*h->antiBools));
- 			if (h->antiBools == NULL)
-@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- 			if ((ll & 1) || ll < zip->numFiles * 4)
- 				return (-1);
- 
-+			if (zip->entry_names != NULL)
-+				return (-1);
- 			zip->entry_names = malloc(ll);
- 			if (zip->entry_names == NULL)
- 				return (-1);
-@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h,
- 			if ((p = header_bytes(a, 2)) == NULL)
- 				return (-1);
- 			allAreDefined = *p;
-+			if (h->attrBools != NULL)
-+				return (-1);
- 			h->attrBools = calloc((size_t)zip->numFiles,
- 			    sizeof(*h->attrBools));
- 			if (h->attrBools == NULL)

RHBZ#1378669.patch

@@ -1,137 +0,0 @@
-From eec077f52bfa2d3f7103b4b74d52572ba8a15aca Mon Sep 17 00:00:00 2001
-From: Tim Kientzle <kientzle@acm.org>
-Date: Sun, 18 Sep 2016 17:27:47 -0700
-Subject: [PATCH] Issue 747 (and others?):  Avoid OOB read when parsing
- multiple long lines
-
-The mtree bidder needs to look several lines ahead
-in the input.  It does this by extending the read-ahead
-and parsing subsequent lines from the same growing buffer.
-A bookkeeping error when extending the read-ahead would
-sometimes lead it to significantly over-count the
-size of the line being read.
----
- Makefile.am                                        |  1 +
- libarchive/archive_read_support_format_mtree.c     | 11 +++++-
- libarchive/test/CMakeLists.txt                     |  1 +
- libarchive/test/test_read_format_mtree_crash747.c  | 44 ++++++++++++++++++++++
- .../test_read_format_mtree_crash747.mtree.bz2.uu   |  6 +++
- 5 files changed, 62 insertions(+), 1 deletion(-)
- create mode 100644 libarchive/test/test_read_format_mtree_crash747.c
- create mode 100644 libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu
-
-diff --git a/Makefile.am b/Makefile.am
-index e161c5d..90c9ae1 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -449,6 +449,7 @@ libarchive_test_SOURCES= \
- 	libarchive/test/test_read_format_lha_bugfix_0.c \
- 	libarchive/test/test_read_format_lha_filename.c \
- 	libarchive/test/test_read_format_mtree.c \
-+	libarchive/test/test_read_format_mtree_crash747.c \
- 	libarchive/test/test_read_format_pax_bz2.c \
- 	libarchive/test/test_read_format_rar.c \
- 	libarchive/test/test_read_format_rar_encryption_data.c \
-diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c
-index 8c3be9a..ae58e87 100644
---- a/libarchive/archive_read_support_format_mtree.c
-+++ b/libarchive/archive_read_support_format_mtree.c
-@@ -301,6 +301,15 @@ get_line_size(const char *b, ssize_t avail, ssize_t *nlsize)
- 	return (avail);
- }
- 
-+/*
-+ *  <---------------- ravail --------------------->
-+ *  <-- diff ------> <---  avail ----------------->
-+ *                   <---- len ----------->
-+ * | Previous lines | line being parsed  nl extra |
-+ *                  ^
-+ *                  b
-+ *
-+ */
- static ssize_t
- next_line(struct archive_read *a,
-     const char **b, ssize_t *avail, ssize_t *ravail, ssize_t *nl)
-@@ -339,7 +348,7 @@ next_line(struct archive_read *a,
- 		*b += diff;
- 		*avail -= diff;
- 		tested = len;/* Skip some bytes we already determinated. */
--		len = get_line_size(*b, *avail, nl);
-+		len = get_line_size(*b + len, *avail - len, nl);
- 		if (len >= 0)
- 			len += tested;
- 	}
-diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
-index 345e42a..0cb5966 100644
---- a/libarchive/test/CMakeLists.txt
-+++ b/libarchive/test/CMakeLists.txt
-@@ -138,6 +138,7 @@ IF(ENABLE_TEST)
-     test_read_format_lha_bugfix_0.c
-     test_read_format_lha_filename.c
-     test_read_format_mtree.c
-+    test_read_format_mtree_crash747.c
-     test_read_format_pax_bz2.c
-     test_read_format_rar.c
-     test_read_format_rar_encryption_data.c
-diff --git a/libarchive/test/test_read_format_mtree_crash747.c b/libarchive/test/test_read_format_mtree_crash747.c
-new file mode 100644
-index 0000000..c082845
---- /dev/null
-+++ b/libarchive/test/test_read_format_mtree_crash747.c
-@@ -0,0 +1,44 @@
-+/*-
-+ * Copyright (c) 2003-2016 Tim Kientzle
-+ * All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+#include "test.h"
-+
-+
-+/*
-+ * Reproduce the crash reported in Github Issue #747.
-+ */
-+DEFINE_TEST(test_read_format_mtree_crash747)
-+{
-+	const char *reffile = "test_read_format_mtree_crash747.mtree.bz2";
-+	struct archive *a;
-+
-+	extract_reference_file(reffile);
-+
-+	assert((a = archive_read_new()) != NULL);
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_bzip2(a));
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_mtree(a));
-+	assertEqualIntA(a, ARCHIVE_FATAL, archive_read_open_filename(a, reffile, 10240));
-+	assertEqualInt(ARCHIVE_OK, archive_read_free(a));
-+}
-+
-diff --git a/libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu b/libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu
-new file mode 100644
-index 0000000..84f3895
---- /dev/null
-+++ b/libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu
-@@ -0,0 +1,6 @@
-+begin 600 test_read_format_mtree_crash747.mtree.bz2
-+M0EIH.3%!62936:OH@(@``'/[@,`0`@!``'^```)A@9\`$`@@`'4)049!IIH!
-+MM021-0,F@&@6````9%>$(K!GIC*XFR0`$```J0+:$XP```!D-F)H[#SE9+2'
-+4+E"L=ASXUI%R(I"HD'ZA(5?1`Q``
-+`
-+end

libarchive.spec

@@ -1,18 +1,15 @@
+%{warn:TODO: package README after https://github.com/libarchive/libarchive/pull/809
+}
+
 Name:           libarchive
-Version:        3.2.1
+Version:        3.2.2
-Release:        5%{?dist}
+Release:        1%{?dist}
 Summary:        A library for handling streaming archive formats
 
 License:        BSD
 URL:            http://www.libarchive.org/
 Source0:        http://www.libarchive.org/downloads/%{name}-%{version}.tar.gz
 
-# heap based buffer overflow in detect_form (archive_read_support_format_mtree.c)
-Patch0:         RHBZ#1378669.patch
-# heap based buffer overflow in read_header (archive_read_support_format_7zip.c)
-Patch1:         RHBZ#1378668.patch
-# stack based buffer overflow in bsdtar_expand_char (util.c)
-Patch2:         RHBZ#1378666.patch
 # Make it build with OpenSSL 1.1.0
 Patch3:         libarchive-3.2.1-openssl-1.1.patch
 
@@ -183,7 +180,7 @@ run_testsuite
 %files
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc README NEWS
+%doc NEWS
 %{_libdir}/libarchive.so.13*
 %{_mandir}/*/cpio.*
 %{_mandir}/*/mtree.*
@@ -199,27 +196,30 @@ run_testsuite
 %files -n bsdtar
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc README NEWS
+%doc NEWS
 %{_bindir}/bsdtar
 %{_mandir}/*/bsdtar*
 
 %files -n bsdcpio
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc README NEWS
+%doc NEWS
 %{_bindir}/bsdcpio
 %{_mandir}/*/bsdcpio*
 
 %files -n bsdcat
 %{!?_licensedir:%global license %%doc}
 %license COPYING
-%doc README NEWS
+%doc NEWS
 %{_bindir}/bsdcat
 %{_mandir}/*/bsdcat*
 
 
 
 %changelog
+* Tue Oct 25 2016 Pavel Raiskup <praiskup@redhat.com> - 3.2.2-1
+- minor rebase to 3.2.2
+
 * Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 3.2.1-5
 - rebuild with OpenSSL 1.1.0
 

sources

@@ -1 +1 @@
-afa257047d1941a565216edbf0171e72  libarchive-3.2.1.tar.gz
+1ec00b7dcaf969dd2a5712f85f23c764  libarchive-3.2.2.tar.gz