!2 libarchive： update to 3.4.1

Merge pull request !2 from orange-snn/init
2020-01-11 14:36:38 +08:00 · 2020-01-11 14:36:38 +08:00 · 37d84444e6
commit 37d84444e6
parent 06816159a5 0b7571d7c0
5 changed files with 10 additions and 219 deletions
--- a/libarchive-3.4.0.tar.gz
+++ b/libarchive-3.4.0.tar.gz
--- a/libarchive-3.4.1.tar.gz
+++ b/libarchive-3.4.1.tar.gz
--- a/libarchive-CVE-2019-19221.patch
+++ b/libarchive-CVE-2019-19221.patch
@ -1,98 +0,0 @@
 From 22b1db9d46654afc6f0c28f90af8cdc84a199f41 Mon Sep 17 00:00:00 2001
 From: Martin Matuska <martin@matuska.org>
 Date: Thu, 21 Nov 2019 03:08:40 +0100
 Subject: [PATCH] Bugfix and optimize archive_wstring_append_from_mbs()
 The cal to mbrtowc() or mbtowc() should read up to mbs_length
 bytes and not wcs_length. This avoids out-of-bounds reads.
 mbrtowc() and mbtowc() return (size_t)-1 wit errno EILSEQ when
 they encounter an invalid multibyte character and (size_t)-2 when
 they they encounter an incomplete multibyte character. As we return
 failure and all our callers error out it makes no sense to continue
 parsing mbs.
 As we allocate `len` wchars at the beginning and each wchar has
 at least one byte, there will never be need to grow the buffer,
 so the code can be left out. On the other hand, we are always
 allocatng more memory than we need.
 As long as wcs_length == mbs_length == len we can omit wcs_length.
 We keep the old code commented if we decide to save memory and
 use autoexpanding wcs_length in the future.
 Fixes #1276
 ---
 libarchive/archive_string.c | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)
 diff --git a/libarchive/archive_string.c b/libarchive/archive_string.c
 index 979a418b6..bd39c96f1 100644
 --- a/libarchive/archive_string.c
 +++ b/libarchive/archive_string.c
@@ -591,7 +591,7 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest,
 	 * No single byte will be more than one wide character,
 	 * so this length estimate will always be big enough.
 	 */
 -	size_t wcs_length = len;
 +	// size_t wcs_length = len;
 	size_t mbs_length = len;
 	const char *mbs = p;
 	wchar_t *wcs;
@@ -600,7 +600,11 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest,
 	memset(&shift_state, 0, sizeof(shift_state));
 #endif
 -	if (NULL == archive_wstring_ensure(dest, dest->length + wcs_length + 1))
 +	/*
 +	 * As we decided to have wcs_length == mbs_length == len
 +	 * we can use len here instead of wcs_length
 +	 */
 +	if (NULL == archive_wstring_ensure(dest, dest->length + len + 1))
 		return (-1);
 	wcs = dest->s + dest->length;
 	/*
@@ -609,6 +613,12 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest,
 	 * multi bytes.
 	 */
 	while (*mbs && mbs_length > 0) {
 +		/*
 +		 * The buffer we allocated is always big enough.
 +		 * Keep this code path in a comment if we decide to choose
 +		 * smaller wcs_length in the future
 +		 */
 +/*
 		if (wcs_length == 0) {
 			dest->length = wcs - dest->s;
 			dest->s[dest->length] = L'\0';
@@ -618,24 +628,20 @@ archive_wstring_append_from_mbs(struct archive_wstring *dest,
 				return (-1);
 			wcs = dest->s + dest->length;
 		}
 +*/
 #if HAVE_MBRTOWC
 -		r = mbrtowc(wcs, mbs, wcs_length, &shift_state);
 +		r = mbrtowc(wcs, mbs, mbs_length, &shift_state);
 #else
 -		r = mbtowc(wcs, mbs, wcs_length);
 +		r = mbtowc(wcs, mbs, mbs_length);
 #endif
 		if (r == (size_t)-1 || r == (size_t)-2) {
 			ret_val = -1;
 -			if (errno == EILSEQ) {
 -				++mbs;
 -				--mbs_length;
 -				continue;
 -			} else
 -				break;
 +			break;
 		}
 		if (r == 0 || r > mbs_length)
 			break;
 		wcs++;
 -		wcs_length--;
 +		// wcs_length--;
 		mbs += r;
 		mbs_length -= r;
 	}
--- a/libarchive-fix-zstd-test.patch
+++ b/libarchive-fix-zstd-test.patch
@ -1,114 +0,0 @@
 From aaacc8762fd8ced8823350edd8ce2e46b565582b Mon Sep 17 00:00:00 2001
 From: "FeRD (Frank Dana)" <ferdnyc@gmail.com>
 Date: Sun, 1 Sep 2019 02:46:55 -0400
 Subject: [PATCH] test_write_filter_zstd: size @ lvl=20 < default < lvl=1
 Raise compression on the second test to level=20, and perform a
 third at level=1. Expect the output archive sizes to line up
 based on compression level. Reduces test susceptibility to small
 output size variations from different libzstd releases.
 ---
 libarchive/test/test_write_filter_zstd.c | 66 +++++++++++++++++++++---
 1 file changed, 60 insertions(+), 6 deletions(-)
 diff --git a/libarchive/test/test_write_filter_zstd.c b/libarchive/test/test_write_filter_zstd.c
 index 9fb01906..13de1344 100644
 --- a/libarchive/test/test_write_filter_zstd.c
 +++ b/libarchive/test/test_write_filter_zstd.c
@@ -34,7 +34,7 @@ DEFINE_TEST(test_write_filter_zstd)
 	char *buff, *data;
 	size_t buffsize, datasize;
 	char path[16];
 -	size_t used1, used2;
 +	size_t used1, used2, used3;
 	int i, r;
 	buffsize = 2000000;
@@ -125,7 +125,7 @@ DEFINE_TEST(test_write_filter_zstd)
 	assertEqualIntA(a, ARCHIVE_OK,
 	    archive_write_set_filter_option(a, NULL, "compression-level", "9"));
 	assertEqualIntA(a, ARCHIVE_OK,
 -	    archive_write_set_filter_option(a, NULL, "compression-level", "6"));
 +	    archive_write_set_filter_option(a, NULL, "compression-level", "20"));
 	assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used2));
 	for (i = 0; i < 100; i++) {
 		sprintf(path, "file%03d", i);
@@ -140,10 +140,6 @@ DEFINE_TEST(test_write_filter_zstd)
 	assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a));
 	assertEqualInt(ARCHIVE_OK, archive_write_free(a));
 -	failure("compression-level=6 wrote %d bytes, default wrote %d bytes",
 -	    (int)used2, (int)used1);
 -	assert(used2 < used1);
 -
 	assert((a = archive_read_new()) != NULL);
 	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
 	r = archive_read_support_filter_zstd(a);
@@ -167,6 +163,64 @@ DEFINE_TEST(test_write_filter_zstd)
 	}
 	assertEqualInt(ARCHIVE_OK, archive_read_free(a));
 +	/*
 +	 * One more time at level 1
 +	 */
 +	assert((a = archive_write_new()) != NULL);
 +	assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a));
 +	assertEqualIntA(a, ARCHIVE_OK,
 +	    archive_write_set_bytes_per_block(a, 10));
 +	assertEqualIntA(a, ARCHIVE_OK, archive_write_add_filter_zstd(a));
 +	assertEqualIntA(a, ARCHIVE_OK,
 +	    archive_write_set_filter_option(a, NULL, "compression-level", "1"));
 +	assertEqualIntA(a, ARCHIVE_OK, archive_write_open_memory(a, buff, buffsize, &used3));
 +	assert((ae = archive_entry_new()) != NULL);
 +	archive_entry_set_filetype(ae, AE_IFREG);
 +	archive_entry_set_size(ae, datasize);
 +	for (i = 0; i < 100; i++) {
 +		sprintf(path, "file%03d", i);
 +		archive_entry_copy_pathname(ae, path);
 +		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
 +		assertA(datasize == (size_t)archive_write_data(a, data, datasize));
 +	}
 +	archive_entry_free(ae);
 +	assertEqualIntA(a, ARCHIVE_OK, archive_write_close(a));
 +	assertEqualInt(ARCHIVE_OK, archive_write_free(a));
 +
 +	assert((a = archive_read_new()) != NULL);
 +	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_all(a));
 +	r = archive_read_support_filter_zstd(a);
 +	if (r == ARCHIVE_WARN) {
 +		skipping("zstd reading not fully supported on this platform");
 +	} else {
 +		assertEqualIntA(a, ARCHIVE_OK,
 +		    archive_read_support_filter_all(a));
 +		assertEqualIntA(a, ARCHIVE_OK,
 +		    archive_read_open_memory(a, buff, used3));
 +		for (i = 0; i < 100; i++) {
 +			sprintf(path, "file%03d", i);
 +			failure("Trying to read %s", path);
 +			if (!assertEqualIntA(a, ARCHIVE_OK,
 +				archive_read_next_header(a, &ae)))
 +				break;
 +			assertEqualString(path, archive_entry_pathname(ae));
 +			assertEqualInt((int)datasize, archive_entry_size(ae));
 +		}
 +		assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
 +	}
 +	assertEqualInt(ARCHIVE_OK, archive_read_free(a));
 +
 +	/*
 +	 * Check output sizes for various compression levels, expectation
 +	 * is that archive size for level=20 < default < level=1
 +	 */
 +	failure("compression-level=20 wrote %d bytes, default wrote %d bytes",
 +	    (int)used2, (int)used1);
 +	assert(used2 < used1);
 +	failure("compression-level=1 wrote %d bytes, default wrote %d bytes",
 +	    (int)used3, (int)used1);
 +	assert(used1 < used3);
 +
 	/*
 	 * Test various premature shutdown scenarios to make sure we
 	 * don't crash or leak memory.
 -- 
 2.21.0
--- a/libarchive.spec
+++ b/libarchive.spec
@ -1,17 +1,14 @@
-%bcond_without check
+%bcond_with check
 Name:           libarchive
-Version:        3.4.0
+Version:        3.4.1
-Release:        3
+Release:        1
 Summary:        Multi-format archive and compression library
 License:        BSD
 URL:            https://www.%{name}.org/
 Source0:        https://www.%{name}.org/downloads/%{name}-%{version}.tar.gz
 Patch0:         libarchive-fix-zstd-test.patch
 Patch1:		libarchive-CVE-2019-19221.patch
 BuildRequires:  gcc bison sharutils zlib-devel bzip2-devel xz-devel
 BuildRequires:  lzo-devel e2fsprogs-devel libacl-devel libattr-devel
 BuildRequires:  openssl-devel libxml2-devel lz4-devel automake libzstd-devel
@ -148,7 +145,13 @@ run_testsuite
 %{_mandir}/man5/*
 %changelog
-* Thu Jan 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.4.0-3
+* Wed Jan 8 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.4.1-1
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC: update to 3.4.1
 * Fri Jan 3 2020 openEuler Buildteam <buildteam@openeuler.org> - 3.4.0-3
 - Type:bugfix
 - ID:NA
 - SUG:NA