update to 3.5.2

backport-CVE-2021-36976.patch

@@ -1,57 +0,0 @@
-From a7ce8a6aa7b710986ab918761c8d2ff1b0e9f537 Mon Sep 17 00:00:00 2001
-From: Samanta Navarro <ferivoz@riseup.net>
-Date: Sat, 28 Aug 2021 11:58:00 +0000
-Subject: [PATCH] Fix size_t cast in read_mac_metadata_blob
-
-The size_t data type on 32 bit systems is smaller than int64_t. Check
-the int64_t value before casting to size_t. If the value is too large
-then stop operation instead of continuing operation with truncated
-value.
----
- libarchive/archive_read_support_format_tar.c | 12 +++++++++---
- 1 file changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c
-index 96d8101..7290df0 100644
---- a/libarchive/archive_read_support_format_tar.c
-+++ b/libarchive/archive_read_support_format_tar.c
-@@ -1396,6 +1396,7 @@ read_mac_metadata_blob(struct archive_read *a, struct tar *tar,
-     struct archive_entry *entry, const void *h, size_t *unconsumed)
- {
- 	int64_t size;
-+	size_t msize;
- 	const void *data;
- 	const char *p, *name;
- 	const wchar_t *wp, *wname;
-@@ -1434,6 +1435,11 @@ read_mac_metadata_blob(struct archive_read *a, struct tar *tar,
- 
-  	/* Read the body as a Mac OS metadata blob. */
- 	size = archive_entry_size(entry);
-+	msize = (size_t)size;
-+	if (size < 0 || (uintmax_t)msize != (uintmax_t)size) {
-+		*unconsumed = 0;
-+		return (ARCHIVE_FATAL);
-+	}
- 
- 	/*
- 	 * TODO: Look beyond the body here to peek at the next header.
-@@ -1447,13 +1453,13 @@ read_mac_metadata_blob(struct archive_read *a, struct tar *tar,
- 	 * Q: Is the above idea really possible?  Even
- 	 * when there are GNU or pax extension entries?
- 	 */
--	data = __archive_read_ahead(a, (size_t)size, NULL);
-+	data = __archive_read_ahead(a, msize, NULL);
- 	if (data == NULL) {
- 		*unconsumed = 0;
- 		return (ARCHIVE_FATAL);
- 	}
--	archive_entry_copy_mac_metadata(entry, data, (size_t)size);
--	*unconsumed = (size_t)((size + 511) & ~ 511);
-+	archive_entry_copy_mac_metadata(entry, data, msize);
-+	*unconsumed = (msize + 511) & ~ 511;
- 	tar_flush_unconsumed(a, unconsumed);
- 	return (tar_read_header(a, tar, entry, unconsumed));
- }
--- 
-2.27.0
-

backport-libarchive-3.5.2-symlink-fix.patch

@@ -0,0 +1,193 @@
+commit 8a1bd5c18e896f0411a991240ce0d772bb02c840
+Author: Martin Matuska <martin@matuska.org>
+Date:   Fri Aug 27 10:56:28 2021 +0200
+
+    Fix following symlinks when processing the fixup list
+    
+    The previous fix in b41daecb5 was incomplete. Fixup entries are
+    given the original path without calling cleanup_pathname().
+    To make sure we don't follow a symlink, we must strip trailing
+    slashes from the path.
+    
+    The fixup entries are always directories. Make sure we try to modify
+    only directories by providing O_DIRECTORY to open() (if supported)
+    and if it fails to check directory via lstat().
+    
+    Fixes #1566
+
+diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c
+index fcd733af..aadc5871 100644
+--- a/libarchive/archive_write_disk_posix.c
++++ b/libarchive/archive_write_disk_posix.c
+@@ -2462,6 +2462,7 @@ _archive_write_disk_close(struct archive *_a)
+ 	struct archive_write_disk *a = (struct archive_write_disk *)_a;
+ 	struct fixup_entry *next, *p;
+ 	struct stat st;
++	char *c;
+ 	int fd, ret;
+ 
+ 	archive_check_magic(&a->archive, ARCHIVE_WRITE_DISK_MAGIC,
+@@ -2475,24 +2476,49 @@ _archive_write_disk_close(struct archive *_a)
+ 	while (p != NULL) {
+ 		fd = -1;
+ 		a->pst = NULL; /* Mark stat cache as out-of-date. */
+-		if (p->fixup &
+-		    (TODO_TIMES | TODO_MODE_BASE | TODO_ACLS | TODO_FFLAGS)) {
+-			fd = open(p->name,
+-			    O_WRONLY | O_BINARY | O_NOFOLLOW | O_CLOEXEC);
++
++		/* We must strip trailing slashes from the path to avoid
++		   dereferencing symbolic links to directories */
++		c = p->name;
++		while (*c != '\0')
++			c++;
++		while (c != p->name && *(c - 1) == '/') {
++			c--;
++			*c = '\0';
++		}
++
++		if (p->fixup == 0)
++			goto skip_fixup_entry;
++		else {
++			fd = open(p->name, O_BINARY | O_NOFOLLOW | O_RDONLY
++#if defined(O_DIRECTORY)
++			    | O_DIRECTORY
++#endif
++			    | O_CLOEXEC);
++			/*
++		 `	 * If we don't support O_DIRECTORY,
++			 * or open() has failed, we must stat()
++			 * to verify that we are opening a directory
++			 */
++#if defined(O_DIRECTORY)
+ 			if (fd == -1) {
+-				/* If we cannot lstat, skip entry */
+-				if (lstat(p->name, &st) != 0)
++				if (lstat(p->name, &st) != 0 ||
++				    !S_ISDIR(st.st_mode)) {
+ 					goto skip_fixup_entry;
+-				/*
+-				 * If we deal with a symbolic link, mark
+-				 * it in the fixup mode to ensure no
+-				 * modifications are made to its target.
+-				 */
+-				if (S_ISLNK(st.st_mode)) {
+-					p->mode &= ~S_IFMT;
+-					p->mode |= S_IFLNK;
+ 				}
+ 			}
++#else
++#if HAVE_FSTAT
++			if (fd > 0 && (
++			    fstat(fd, &st) != 0 || !S_ISDIR(st.st_mode))) {
++				goto skip_fixup_entry;
++			} else
++#endif
++			if (lstat(p->name, &st) != 0 ||
++			    !S_ISDIR(st.st_mode)) {
++				goto skip_fixup_entry;
++			}
++#endif
+ 		}
+ 		if (p->fixup & TODO_TIMES) {
+ 			set_times(a, fd, p->mode, p->name,
+@@ -2504,14 +2530,13 @@ _archive_write_disk_close(struct archive *_a)
+ 		if (p->fixup & TODO_MODE_BASE) {
+ #ifdef HAVE_FCHMOD
+ 			if (fd >= 0)
+-				fchmod(fd, p->mode);
++				fchmod(fd, p->mode & 07777);
+ 			else
+ #endif
+ #ifdef HAVE_LCHMOD
+-			lchmod(p->name, p->mode);
++			lchmod(p->name, p->mode & 07777);
+ #else
+-			if (!S_ISLNK(p->mode))
+-				chmod(p->name, p->mode);
++			chmod(p->name, p->mode & 07777);
+ #endif
+ 		}
+ 		if (p->fixup & TODO_ACLS)
+@@ -2664,7 +2689,6 @@ new_fixup(struct archive_write_disk *a, const char *pathname)
+ 	fe->next = a->fixup_list;
+ 	a->fixup_list = fe;
+ 	fe->fixup = 0;
+-	fe->mode = 0;
+ 	fe->name = strdup(pathname);
+ 	return (fe);
+ }
+diff --git a/libarchive/test/test_write_disk_fixup.c b/libarchive/test/test_write_disk_fixup.c
+index c399c984..b83b7307 100644
+--- a/libarchive/test/test_write_disk_fixup.c
++++ b/libarchive/test/test_write_disk_fixup.c
+@@ -47,26 +47,50 @@ DEFINE_TEST(test_write_disk_fixup)
+ 	/*
+ 	 * Create a file
+ 	 */
+-	assertMakeFile("victim", 0600, "a");
++	assertMakeFile("file", 0600, "a");
++
++	/*
++	 * Create a directory
++	 */
++	assertMakeDir("dir", 0700);
+ 
+ 	/*
+ 	 * Create a directory and a symlink with the same name
+ 	 */
+ 
+-	/* Directory: dir */
++	/* Directory: dir1 */
++        assert((ae = archive_entry_new()) != NULL);
++        archive_entry_copy_pathname(ae, "dir1/");
++        archive_entry_set_mode(ae, AE_IFDIR | 0555);
++	assertEqualIntA(ad, 0, archive_write_header(ad, ae));
++	assertEqualIntA(ad, 0, archive_write_finish_entry(ad));
++        archive_entry_free(ae);
++
++	/* Directory: dir2 */
+         assert((ae = archive_entry_new()) != NULL);
+-        archive_entry_copy_pathname(ae, "dir");
+-        archive_entry_set_mode(ae, AE_IFDIR | 0606);
++        archive_entry_copy_pathname(ae, "dir2/");
++        archive_entry_set_mode(ae, AE_IFDIR | 0555);
+ 	assertEqualIntA(ad, 0, archive_write_header(ad, ae));
+ 	assertEqualIntA(ad, 0, archive_write_finish_entry(ad));
+         archive_entry_free(ae);
+ 
+-	/* Symbolic Link: dir -> foo */
++	/* Symbolic Link: dir1 -> dir */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "dir1");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_set_size(ae, 0);
++	archive_entry_copy_symlink(ae, "dir");
++	assertEqualIntA(ad, 0, r = archive_write_header(ad, ae));
++	if (r >= ARCHIVE_WARN)
++		assertEqualIntA(ad, 0, archive_write_finish_entry(ad));
++	archive_entry_free(ae);
++
++	/* Symbolic Link: dir2 -> file */
+ 	assert((ae = archive_entry_new()) != NULL);
+-	archive_entry_copy_pathname(ae, "dir");
++	archive_entry_copy_pathname(ae, "dir2");
+ 	archive_entry_set_mode(ae, AE_IFLNK | 0777);
+ 	archive_entry_set_size(ae, 0);
+-	archive_entry_copy_symlink(ae, "victim");
++	archive_entry_copy_symlink(ae, "file");
+ 	assertEqualIntA(ad, 0, r = archive_write_header(ad, ae));
+ 	if (r >= ARCHIVE_WARN)
+ 		assertEqualIntA(ad, 0, archive_write_finish_entry(ad));
+@@ -75,7 +99,9 @@ DEFINE_TEST(test_write_disk_fixup)
+ 	assertEqualInt(ARCHIVE_OK, archive_write_free(ad));
+ 
+ 	/* Test the entries on disk. */
+-	assertIsSymlink("dir", "victim", 0);
+-	assertFileMode("victim", 0600);
++	assertIsSymlink("dir1", "dir", 0);
++	assertIsSymlink("dir2", "file", 0);
++	assertFileMode("dir", 0700);
++	assertFileMode("file", 0600);
+ #endif
+ }

libarchive-uninitialized-value.patch

@@ -1,25 +0,0 @@
-From 1ab606af27d6b3fa07a638b7f04efadbc8ef75b4 Mon Sep 17 00:00:00 2001
-From: zhangnaru <zhangnaru@huawei.com>
-Date: Tue, 28 Jul 2020 15:05:03 +0800
-Subject: [PATCH] libarchive-uninitialized-value
-
----
- libarchive/filter_fork_posix.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/libarchive/filter_fork_posix.c b/libarchive/filter_fork_posix.c
-index ac255c4..62085a7 100644
---- a/libarchive/filter_fork_posix.c
-+++ b/libarchive/filter_fork_posix.c
-@@ -76,7 +76,7 @@ int
- __archive_create_child(const char *cmd, int *child_stdin, int *child_stdout,
- 		pid_t *out_child)
- {
--	pid_t child;
-+	pid_t child = -1;
- 	int stdin_pipe[2], stdout_pipe[2], tmp;
- #if HAVE_POSIX_SPAWNP
- 	posix_spawn_file_actions_t actions;
--- 
-2.23.0
-

libarchive.spec

@@ -1,8 +1,8 @@
 %bcond_with check
 
 Name:           libarchive
-Version:        3.5.1
+Version:        3.5.2
-Release:        2
+Release:        1
 Summary:        Multi-format archive and compression library
 
 License:        BSD
@@ -13,11 +13,7 @@ BuildRequires:  gcc bison sharutils zlib-devel bzip2-devel xz-devel
 BuildRequires:  lzo-devel e2fsprogs-devel libacl-devel libattr-devel
 BuildRequires:  openssl-devel libxml2-devel lz4-devel automake libzstd-devel
 
-Provides:       bsdtar bsdcpio bsdcat
+Patch6000:      backport-libarchive-3.5.2-symlink-fix.patch
-Obsoletes:      bsdtar bsdcpio bsdcat
-
-Patch6001:      libarchive-uninitialized-value.patch
-Patch6002:      backport-CVE-2021-36976.patch
 
 %description
 %{name} is an open-source BSD-licensed C programming library that 
@@ -36,6 +32,33 @@ applications that want to make use of %{name}.
 
 %package_help
 
+%package -n bsdtar
+Summary:        Manipulate tape archives
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+ 
+%description -n bsdtar
+The bsdtar package contains standalone bsdtar utility split off regular
+libarchive packages.
+ 
+ 
+%package -n bsdcpio
+Summary:        Copy files to and from archives
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+ 
+%description -n bsdcpio
+The bsdcpio package contains standalone bsdcpio utility split off regular
+libarchive packages.
+ 
+ 
+%package -n bsdcat
+Summary:        Expand files to standard output
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+ 
+%description -n bsdcat
+The bsdcat program typically takes a filename as an argument or reads standard
+input when used in a pipe.  In both cases decompressed data it written to
+standard output.
+
 %prep
 %autosetup -n %{name}-%{version} -p1
 
@@ -129,9 +152,6 @@ run_testsuite
 %{!?_licensedir:%global license %%doc}
 %license COPYING
 %{_libdir}/%{name}.so.13*
-%{_bindir}/bsdtar
-%{_bindir}/bsdcpio
-%{_bindir}/bsdcat
 
 %files devel
 %defattr(-,root,root)
@@ -147,7 +167,28 @@ run_testsuite
 %{_mandir}/man3/*
 %{_mandir}/man5/*
 
+%files -n bsdtar
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc NEWS README.md
+%{_bindir}/bsdtar
+ 
+%files -n bsdcpio
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc NEWS README.md
+%{_bindir}/bsdcpio
+ 
+%files -n bsdcat
+%{!?_licensedir:%global license %%doc}
+%license COPYING
+%doc NEWS README.md
+%{_bindir}/bsdcat
+
 %changelog
+* Fri Nov 26 2021 xingxing <xingxing@huawei.com> - 3.5.2-1
+- Upgrade to version 3.5.2
+
 * Thu Oct 14 2021 yangcheng <yagcheng87@huawei.com> - 3.5.1-2
 - Type:CVE
 - ID:CVE-2021-36976