import libarchive-3.3.2-7.el8

2019-11-05 15:55:22 -05:00 · 2019-11-05 15:55:22 -05:00 · ed02cf7654
commit ed02cf7654
parent 1754f29e1b
8 changed files with 504 additions and 1 deletions
--- a/SOURCES/fix-few-obvious-resource-leaks-covscan.patch
+++ b/SOURCES/fix-few-obvious-resource-leaks-covscan.patch
@ -0,0 +1,146 @@
 From 9d178fe573818764a2d15e0a39691f5eb4e300f6 Mon Sep 17 00:00:00 2001
 From: Ondrej Dubaj <odubaj@redhat.com>
 Date: Mon, 27 May 2019 10:52:51 +0200
 Subject: [PATCH] Fix a few obvious resource leaks and strcpy() misuses
 Per Coverity report.
 ---
 cpio/cpio.c                                      |  4 +++-
 libarchive/archive_acl.c                         |  8 ++++++--
 libarchive/archive_write_set_format_iso9660.c    |  4 ++--
 libarchive/archive_write_set_format_mtree.c      |  4 ++--
 libarchive/archive_write_set_format_pax.c        |  6 ++++--
 libarchive/archive_write_set_format_xar.c        | 10 ++++++----
 6 files changed, 23 insertions(+), 13 deletions(-)
 diff --git a/cpio/cpio.c b/cpio/cpio.c
 index 5beedd0..6696bb5 100644
 --- a/cpio/cpio.c
 +++ b/cpio/cpio.c
@@ -744,8 +744,10 @@ file_to_archive(struct cpio *cpio, const char *srcpath)
 	}
 	if (cpio->option_rename)
 		destpath = cpio_rename(destpath);
 -	if (destpath == NULL)
 +	if (destpath == NULL) {
 +		archive_entry_free(entry);
 		return (0);
 +	}
 	archive_entry_copy_pathname(entry, destpath);
 	/*
 diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
 index b8b6b63..503f379 100644
 --- a/libarchive/archive_acl.c
 +++ b/libarchive/archive_acl.c
@@ -753,8 +753,10 @@ archive_acl_to_text_w(struct archive_acl *acl, ssize_t *text_len, int flags,
 			append_entry_w(&wp, prefix, ap->type, ap->tag, flags,
 			    wname, ap->permset, id);
 			count++;
 -		} else if (r < 0 && errno == ENOMEM)
 +		} else if (r < 0 && errno == ENOMEM) {
 +			free(ws);
 			return (NULL);
 +		}
 	}
 	/* Add terminating character */
@@ -975,8 +977,10 @@ archive_acl_to_text_l(struct archive_acl *acl, ssize_t *text_len, int flags,
 			prefix = NULL;
 		r = archive_mstring_get_mbs_l(
 		    &ap->name, &name, &len, sc);
 -		if (r != 0)
 +		if (r != 0) {
 +			free(s);
 			return (NULL);
 +		}
 		if (count > 0)
 			*p++ = separator;
 		if (name == NULL ||
 diff --git a/libarchive/archive_write_set_format_iso9660.c b/libarchive/archive_write_set_format_iso9660.c
 index c0ca435..badc88b 100644
 --- a/libarchive/archive_write_set_format_iso9660.c
 +++ b/libarchive/archive_write_set_format_iso9660.c
@@ -4899,10 +4899,10 @@ isofile_gen_utility_names(struct archive_write *a, struct isofile *file)
 		if (p[0] == '/') {
 			if (p[1] == '/')
 				/* Convert '//' --> '/' */
 -				strcpy(p, p+1);
 +				memmove(p, p+1, strlen(p+1) + 1);
 			else if (p[1] == '.' && p[2] == '/')
 				/* Convert '/./' --> '/' */
 -				strcpy(p, p+2);
 +				memmove(p, p+2, strlen(p+2) + 1);
 			else if (p[1] == '.' && p[2] == '.' && p[3] == '/') {
 				/* Convert 'dir/dir1/../dir2/'
 				 *     --> 'dir/dir2/'
 diff --git a/libarchive/archive_write_set_format_mtree.c b/libarchive/archive_write_set_format_mtree.c
 index 493d473..0f2431e 100644
 --- a/libarchive/archive_write_set_format_mtree.c
 +++ b/libarchive/archive_write_set_format_mtree.c
@@ -1810,10 +1810,10 @@ mtree_entry_setup_filenames(struct archive_write *a, struct mtree_entry *file,
 		if (p[0] == '/') {
 			if (p[1] == '/')
 				/* Convert '//' --> '/' */
 -				strcpy(p, p+1);
 +				memmove(p, p+1, strlen(p+1) + 1);
 			else if (p[1] == '.' && p[2] == '/')
 				/* Convert '/./' --> '/' */
 -				strcpy(p, p+2);
 +				memmove(p, p+2, strlen(p+2) + 1);
 			else if (p[1] == '.' && p[2] == '.' && p[3] == '/') {
 				/* Convert 'dir/dir1/../dir2/'
 				 *     --> 'dir/dir2/'
 diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
 index 0eaf733..4863e46 100644
 --- a/libarchive/archive_write_set_format_pax.c
 +++ b/libarchive/archive_write_set_format_pax.c
@@ -522,11 +522,13 @@ add_pax_acl(struct archive_write *a,
 		    ARCHIVE_ERRNO_FILE_FORMAT, "%s %s %s",
 		    "Can't translate ", attr, " to UTF-8");
 		return(ARCHIVE_WARN);
 -	} else if (*p != '\0') {
 +	}
 +
 +	if (*p != '\0') {
 		add_pax_attr(&(pax->pax_header),
 		    attr, p);
 -		free(p);
 	}
 +	free(p);
 	return(ARCHIVE_OK);
 }
 diff --git a/libarchive/archive_write_set_format_xar.c b/libarchive/archive_write_set_format_xar.c
 index 495f0d4..56cd33c 100644
 --- a/libarchive/archive_write_set_format_xar.c
 +++ b/libarchive/archive_write_set_format_xar.c
@@ -2120,10 +2120,10 @@ file_gen_utility_names(struct archive_write *a, struct file *file)
 		if (p[0] == '/') {
 			if (p[1] == '/')
 				/* Convert '//' --> '/' */
 -				strcpy(p, p+1);
 +				memmove(p, p+1, strlen(p+1) + 1);
 			else if (p[1] == '.' && p[2] == '/')
 				/* Convert '/./' --> '/' */
 -				strcpy(p, p+2);
 +				memmove(p, p+2, strlen(p+2) + 1);
 			else if (p[1] == '.' && p[2] == '.' && p[3] == '/') {
 				/* Convert 'dir/dir1/../dir2/'
 				 *     --> 'dir/dir2/'
@@ -3169,8 +3169,10 @@ save_xattrs(struct archive_write *a, struct file *file)
 			checksum_update(&(xar->a_sumwrk),
 			    xar->wbuff, size);
 			if (write_to_temp(a, xar->wbuff, size)
 -			    != ARCHIVE_OK)
 -				return (ARCHIVE_FATAL);
 +			    != ARCHIVE_OK) {
 +					free(heap);
 +					return (ARCHIVE_FATAL);
 +			}
 			if (r == ARCHIVE_OK) {
 				xar->stream.next_out = xar->wbuff;
 				xar->stream.avail_out = sizeof(xar->wbuff);
 -- 
 2.17.1
--- a/SOURCES/fix-use-after-free-in-delayed-newc.patch
+++ b/SOURCES/fix-use-after-free-in-delayed-newc.patch
@ -0,0 +1,78 @@
 From 6a71cce7ed735f83f9a6a6bad8beaa47f8d14734 Mon Sep 17 00:00:00 2001
 From: Ondrej Dubaj <odubaj@redhat.com>
 Date: Mon, 27 May 2019 10:06:14 +0200
 Subject: [PATCH 1/2] Fix use-after-free in delayed link processing (newc
 format)
 During archiving, if some of the "delayed" hard link entries
 happened to disappear on filesystem (or become unreadable) for
 some reason (most probably race), the old code free()d the 'entry'
 and continued with the loop;  the next loop though dereferenced
 'entry' and crashed the archiver.
 Per report from Coverity.
 ---
 tar/write.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)
 diff --git a/tar/write.c b/tar/write.c
 index 9c24566..3970de2 100644
 --- a/tar/write.c
 +++ b/tar/write.c
@@ -540,8 +540,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 			lafe_warnc(archive_errno(disk),
 			    "%s", archive_error_string(disk));
 			bsdtar->return_value = 1;
 -			archive_entry_free(entry);
 -			continue;
 +			goto next_entry;
 		}
 		/*
@@ -559,13 +558,13 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 				bsdtar->return_value = 1;
 			else
 				archive_read_close(disk);
 -			archive_entry_free(entry);
 -			continue;
 +			goto next_entry;
 		}
 		write_file(bsdtar, a, entry);
 -		archive_entry_free(entry);
 		archive_read_close(disk);
 +next_entry:
 +		archive_entry_free(entry);
 		entry = NULL;
 		archive_entry_linkify(bsdtar->resolver, &entry, &sparse_entry);
 	}
 -- 
 2.17.1
 From a999ca882aeb8fce4f4f2ee1317f528984b47e8e Mon Sep 17 00:00:00 2001
 From: Ondrej Dubaj <odubaj@redhat.com>
 Date: Mon, 27 May 2019 10:34:48 +0200
 Subject: [PATCH 2/2] call missing archive_read_close() in write_archive()
 ---
 tar/write.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)
 diff --git a/tar/write.c b/tar/write.c
 index 3970de2..63c619c 100644
 --- a/tar/write.c
 +++ b/tar/write.c
@@ -556,8 +556,7 @@ write_archive(struct archive *a, struct bsdtar *bsdtar)
 			    "%s", archive_error_string(disk));
 			if (r == ARCHIVE_FATAL)
 				bsdtar->return_value = 1;
 -			else
 -				archive_read_close(disk);
 +			archive_read_close(disk);
 			goto next_entry;
 		}
 -- 
 2.17.1
--- a/SOURCES/libarchive-3.1.2-CVE-2017-14503.patch
+++ b/SOURCES/libarchive-3.1.2-CVE-2017-14503.patch
@ -0,0 +1,29 @@
 From 2c8c83b9731ff822fad6cc8c670ea5519c366a14 Mon Sep 17 00:00:00 2001
 From: Joerg Sonnenberger <joerg@bec.de>
 Date: Thu, 19 Jul 2018 21:14:53 +0200
 Subject: [PATCH] Reject LHA archive entries with negative size.
 ---
 libarchive/archive_read_support_format_lha.c | 6 ++++++
 1 file changed, 6 insertions(+)
 diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
 index b8ef4ae1..95c99bb1 100644
 --- a/libarchive/archive_read_support_format_lha.c
 +++ b/libarchive/archive_read_support_format_lha.c
@@ -701,6 +701,12 @@ archive_read_format_lha_read_header(struct archive_read *a,
 	 * Prepare variables used to read a file content.
 	 */
 	lha->entry_bytes_remaining = lha->compsize;
 +	if (lha->entry_bytes_remaining < 0) {
 +		archive_set_error(&a->archive,
 +		    ARCHIVE_ERRNO_FILE_FORMAT,
 +		    "Invalid LHa entry size");
 +		return (ARCHIVE_FATAL);
 +	}
 	lha->entry_offset = 0;
 	lha->entry_crc_calculated = 0;
 -- 
 2.20.1
--- a/SOURCES/libarchive-3.1.2-CVE-2019-1000019.patch
+++ b/SOURCES/libarchive-3.1.2-CVE-2019-1000019.patch
@ -0,0 +1,58 @@
 From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
 From: Daniel Axtens <dja@axtens.net>
 Date: Tue, 1 Jan 2019 16:01:40 +1100
 Subject: [PATCH 2/2] 7zip: fix crash when parsing certain archives
 Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
 would sometimes fail to return at least 'minimum' bytes. This can cause
 the crc32() invocation in header_bytes to read off into invalid memory.
 A specially crafted archive can use this to cause a crash.
 An ASAN trace is below, but ASAN is not required - an uninstrumented
 binary will also crash.
 ==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
 ==7719==The signal is caused by a READ memory access.
    #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
    #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
    #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
    #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
    #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
    #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
    #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
    #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
    #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
    #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
    #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
    #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
    #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
 This was primarly done with afl and FairFuzz. Some early corpus entries
 may have been generated by qsym.
 ---
 libarchive/archive_read_support_format_7zip.c | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)
 diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
 index bccbf896..b6d1505d 100644
 --- a/libarchive/archive_read_support_format_7zip.c
 +++ b/libarchive/archive_read_support_format_7zip.c
@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
 	if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
 		/* Copy mode. */
 -		/*
 -		 * Note: '1' here is a performance optimization.
 -		 * Recall that the decompression layer returns a count of
 -		 * available bytes; asking for more than that forces the
 -		 * decompressor to combine reads by copying data.
 -		 */
 -		*buff = __archive_read_ahead(a, 1, &bytes_avail);
 +		*buff = __archive_read_ahead(a, minimum, &bytes_avail);
 		if (bytes_avail <= 0) {
 			archive_set_error(&a->archive,
 			    ARCHIVE_ERRNO_FILE_FORMAT,
 -- 
 2.20.1
--- a/SOURCES/libarchive-3.1.2-CVE-2019-1000020.patch
+++ b/SOURCES/libarchive-3.1.2-CVE-2019-1000020.patch
@ -0,0 +1,59 @@
 From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
 From: Daniel Axtens <dja@axtens.net>
 Date: Tue, 1 Jan 2019 17:10:49 +1100
 Subject: [PATCH 1/2] iso9660: Fail when expected Rockridge extensions is
 missing
 A corrupted or malicious ISO9660 image can cause read_CE() to loop
 forever.
 read_CE() calls parse_rockridge(), expecting a Rockridge extension
 to be read. However, parse_rockridge() is structured as a while
 loop starting with a sanity check, and if the sanity check fails
 before the loop has run, the function returns ARCHIVE_OK without
 advancing the position in the file. This causes read_CE() to retry
 indefinitely.
 Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
 extension. As someone with no real knowledge of the format, this
 seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
 it to a fatal error immediately anyway.
 Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
 ---
 libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
 index 28acfefb..bad8f1df 100644
 --- a/libarchive/archive_read_support_format_iso9660.c
 +++ b/libarchive/archive_read_support_format_iso9660.c
@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
     const unsigned char *p, const unsigned char *end)
 {
 	struct iso9660 *iso9660;
 +	int entry_seen = 0;
 	iso9660 = (struct iso9660 *)(a->format->data);
@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
 		}
 		p += p[2];
 +		entry_seen = 1;
 +	}
 +
 +	if (entry_seen)
 +		return (ARCHIVE_OK);
 +	else {
 +		archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +				  "Tried to parse Rockridge extensions, but none found");
 +		return (ARCHIVE_WARN);
 	}
 -	return (ARCHIVE_OK);
 }
 static int
 -- 
 2.20.1
--- a/SOURCES/libarchive-3.3.2-CVE-2018-1000877.patch
+++ b/SOURCES/libarchive-3.3.2-CVE-2018-1000877.patch
@ -0,0 +1,34 @@
 From 88311f46cdfc719d26bb99d3b47944eb92ceae02 Mon Sep 17 00:00:00 2001
 From: Ondrej Dubaj <odubaj@redhat.com>
 Date: Tue, 30 Apr 2019 11:50:33 +0200
 Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
 new_size can be 0 with a malicious or corrupted RAR archive.
 realloc(area, 0) is equivalent to free(area), so the region would
 be free()d here and the free()d again in the cleanup function.
 Found with a setup running AFL, afl-rb, and qsym.
 ---
 libarchive/archive_read_support_format_rar.c | 5 +++++
 1 file changed, 5 insertions(+)
 diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
 index c4a8278..3f88eef 100644
 --- a/libarchive/archive_read_support_format_rar.c
 +++ b/libarchive/archive_read_support_format_rar.c
@@ -2317,6 +2317,11 @@ parse_codes(struct archive_read *a)
       new_size = DICTIONARY_MAX_SIZE;
     else
       new_size = rar_fls((unsigned int)rar->unp_size) << 1;
 +    if (new_size == 0) {
 +    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +                      "Zero window size is invalid.");
 +    return (ARCHIVE_FATAL);
 +    }
     new_window = realloc(rar->lzss.window, new_size);
     if (new_window == NULL) {
       archive_set_error(&a->archive, ENOMEM,
 -- 
 2.17.1
--- a/SOURCES/libarchive-3.3.2-CVE-2018-1000878.patch
+++ b/SOURCES/libarchive-3.3.2-CVE-2018-1000878.patch
@ -0,0 +1,75 @@
 From d00ccaf8c20efbd009964e3e2697d26907d14163 Mon Sep 17 00:00:00 2001
 From: Ondrej Dubaj <odubaj@redhat.com>
 Date: Tue, 30 Apr 2019 11:36:08 +0200
 Subject: [PATCH] rar: file split across multi-part archives must match
 Fuzzing uncovered some UAF and memory overrun bugs where a file in a
 single file archive reported that it was split across multiple
 volumes. This was caused by ppmd7 operations calling
 rar_br_fillup. This would invoke rar_read_ahead, which would in some
 situations invoke archive_read_format_rar_read_header.  That would
 check the new file name against the old file name, and if they didn't
 match up it would free the ppmd7 buffer and allocate a new
 one. However, because the ppmd7 decoder wasn't actually done with the
 buffer, it would continue to used the freed buffer. Both reads and
 writes to the freed region can be observed.
 This is quite tricky to solve: once the buffer has been freed it is
 too late, as the ppmd7 decoder functions almost universally assume
 success - there's no way for ppmd_read to signal error, nor are there
 good ways for functions like Range_Normalise to propagate them. So we
 can't detect after the fact that we're in an invalid state - e.g. by
 checking rar->cursor, we have to prevent ourselves from ever ending up
 there. So, when we are in the dangerous part or rar_read_ahead that
 assumes a valid split, we set a flag force read_header to either go
 down the path for split files or bail. This means that the ppmd7
 decoder keeps a valid buffer and just runs out of data.
 Found with a combination of AFL, afl-rb and qsym.
 ---
 libarchive/archive_read_support_format_rar.c | 9 +++++++++
 1 file changed, 9 insertions(+)
 diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
 index cbb14c3..c4a8278 100644
 --- a/libarchive/archive_read_support_format_rar.c
 +++ b/libarchive/archive_read_support_format_rar.c
@@ -258,6 +258,7 @@ struct rar
   struct data_block_offsets *dbo;
   unsigned int cursor;
   unsigned int nodes;
 +  char filename_must_match;
   /* LZSS members */
   struct huffman_code maincode;
@@ -1570,6 +1571,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
     }
     return ret;
   }
 +  else if (rar->filename_must_match)
 +  {
 +    archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
 +      "Mismatch of file parts split across multi-volume archive");
 +    return (ARCHIVE_FATAL);
 +  }
   rar->filename_save = (char*)realloc(rar->filename_save,
                                       filename_size + 1);
@@ -2938,12 +2945,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
     else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
       rar->file_flags & FHD_SPLIT_AFTER)
     {
 +      rar->filename_must_match = 1;
       ret = archive_read_format_rar_read_header(a, a->entry);
       if (ret == (ARCHIVE_EOF))
       {
         rar->has_endarc_header = 1;
         ret = archive_read_format_rar_read_header(a, a->entry);
       }
 +      rar->filename_must_match = 0;
       if (ret != (ARCHIVE_OK))
         return NULL;
       return rar_read_ahead(a, min, avail);
 -- 
 2.17.1
--- a/SPECS/libarchive.spec
+++ b/SPECS/libarchive.spec
@ -2,13 +2,21 @@
 Name:           libarchive
 Version:        3.3.2
-Release:        3%{?dist}
+Release:        7%{?dist}
 Summary:        A library for handling streaming archive formats
 License:        BSD
 URL:            http://www.libarchive.org/
 Source0:        http://www.libarchive.org/downloads/%{name}-%{version}.tar.gz
 Patch0:        libarchive-3.1.2-CVE-2017-14503.patch
 Patch1:        libarchive-3.1.2-CVE-2019-1000019.patch
 Patch2:        libarchive-3.1.2-CVE-2019-1000020.patch
 Patch3:        libarchive-3.3.2-CVE-2018-1000878.patch
 Patch4:        libarchive-3.3.2-CVE-2018-1000877.patch
 Patch5:        fix-use-after-free-in-delayed-newc.patch
 Patch6:        fix-few-obvious-resource-leaks-covscan.patch
 BuildRequires:  gcc
 BuildRequires:  bison
 BuildRequires:  sharutils
@ -211,6 +219,22 @@ run_testsuite
 %changelog
 * Mon May 27 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.3.2-7
 - fix use-after-free in delayed newc link processing (#1602575)
 - fix a few obvious resource leaks and strcpy() misuses (#1602575)
 * Tue Apr 30 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.3.2-6
 - fixed use after free in RAR decoder (#1700752)
 - fixed double free in RAR decoder (#1700753)
 * Tue Apr 02 2019 Ondrej Dubaj <odubaj@redhat.com> - 3.3.2-5
 - release bump due to gating (#1680768)
 * Fri Feb 22 2019 Pavel Raiskup <praiskup@redhat.com> - 3.3.2-4
 - fix out-of-bounds read within lha_read_data_none() (CVE-2017-14503)
 - fix crash on crafted 7zip archives (CVE-2019-1000019)
 - fix infinite loop in ISO9660 (CVE-2019-1000020)
 * Wed Jul 18 2018 Pavel Raiskup <praiskup@redhat.com> - 3.3.2-3
 - drop use of %%ldconfig_scriptlets