From: Michał Górny Date: Tue, 10 Mar 2020 16:04:16 +0000 (+0100) Subject: app-arch/libarchive: Remove vulnerable version X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=8b9c888890857e04acd24efb8339c634dfd99b92;p=gentoo.git app-arch/libarchive: Remove vulnerable version Bug: https://bugs.gentoo.org/710358 Signed-off-by: Michał Górny --- diff --git a/app-arch/libarchive/Manifest b/app-arch/libarchive/Manifest index b9aec85d5126..dc4b48a9a98e 100644 --- a/app-arch/libarchive/Manifest +++ b/app-arch/libarchive/Manifest @@ -1,2 +1 @@ -DIST libarchive-3.4.0.tar.gz 6908093 BLAKE2B 6da5798ceabb542d8b877b3d672f6e6431ed7340ec0160a5d8cef28591b516b55d426002379eddc632a478bfd2f034a358f8552f55c9f066fd7f5c31c218b462 SHA512 2f9e2a551a6bcab56fb1a030b5d656df7299a3d151465aa02f0420d344d2fada49dee4755b3abff9095f62519e14dc9af8afa1695ecc6d5fdb4f0b28e6ede852 DIST libarchive-3.4.2.tar.gz 6979481 BLAKE2B eea90e4751ae487cd1a9b0eecd16598d1b81ffff665ae97a160e3858c8ffe60b82003f081af644f3f32260d0e1d3f3077240125e8279bf8111a79d93c68ac25d SHA512 a8922e54f2e985889d205ee8a0594c1d30dad950438b602a5be6bb1b274a735ad20a48ed484efd458013a0810d26ee4ae76e3a6c820823243d24ea0593ed7021 diff --git a/app-arch/libarchive/files/libarchive-3.4.0-without_zlib_build_fix.patch b/app-arch/libarchive/files/libarchive-3.4.0-without_zlib_build_fix.patch deleted file mode 100644 index e0a3167390f0..000000000000 --- a/app-arch/libarchive/files/libarchive-3.4.0-without_zlib_build_fix.patch +++ /dev/null @@ -1,160 +0,0 @@ -From 64333cef68d7bcc67bef6ecf177fbeaa549b9139 Mon Sep 17 00:00:00 2001 -From: Martin Matuska -Date: Sat, 29 Jun 2019 00:20:58 +0200 -Subject: [PATCH] Unbreak compilation without zlib - -Fixes #1214 ---- - libarchive/archive_read_support_filter_gzip.c | 54 ++++++++++++------- - libarchive/test/test_read_format_raw.c | 4 ++ - 2 files changed, 39 insertions(+), 19 deletions(-) - -diff --git a/libarchive/archive_read_support_filter_gzip.c b/libarchive/archive_read_support_filter_gzip.c -index 458b6f729..9fa9e2b0d 100644 ---- a/libarchive/archive_read_support_filter_gzip.c -+++ b/libarchive/archive_read_support_filter_gzip.c -@@ -131,12 +131,20 @@ archive_read_support_filter_gzip(struct archive *_a) - */ - static ssize_t - peek_at_header(struct archive_read_filter *filter, int *pbits, -- struct private_data *state) -+#ifdef HAVE_ZLIB_H -+ struct private_data *state -+#else -+ void *state -+#endif -+ ) - { - const unsigned char *p; - ssize_t avail, len; - int bits = 0; - int header_flags; -+#ifndef HAVE_ZLIB_H -+ (void)state; /* UNUSED */ -+#endif - - /* Start by looking at the first ten bytes of the header, which - * is all fixed layout. */ -@@ -153,8 +161,10 @@ peek_at_header(struct archive_read_filter *filter, int *pbits, - bits += 3; - header_flags = p[3]; - /* Bytes 4-7 are mod time in little endian. */ -+#ifdef HAVE_ZLIB_H - if (state) - state->mtime = archive_le32dec(p + 4); -+#endif - /* Byte 8 is deflate flags. */ - /* XXXX TODO: return deflate flags back to consume_header for use - in initializing the decompressor. */ -@@ -171,7 +181,9 @@ peek_at_header(struct archive_read_filter *filter, int *pbits, - - /* Null-terminated optional filename. */ - if (header_flags & 8) { -+#ifdef HAVE_ZLIB_H - ssize_t file_start = len; -+#endif - do { - ++len; - if (avail < len) -@@ -181,11 +193,13 @@ peek_at_header(struct archive_read_filter *filter, int *pbits, - return (0); - } while (p[len - 1] != 0); - -+#ifdef HAVE_ZLIB_H - if (state) { - /* Reset the name in case of repeat header reads. */ - free(state->name); - state->name = strdup((const char *)&p[file_start]); - } -+#endif - } - - /* Null-terminated optional comment. */ -@@ -236,24 +250,6 @@ gzip_bidder_bid(struct archive_read_filter_bidder *self, - return (0); - } - --static int --gzip_read_header(struct archive_read_filter *self, struct archive_entry *entry) --{ -- struct private_data *state; -- -- state = (struct private_data *)self->data; -- -- /* A mtime of 0 is considered invalid/missing. */ -- if (state->mtime != 0) -- archive_entry_set_mtime(entry, state->mtime, 0); -- -- /* If the name is available, extract it. */ -- if (state->name) -- archive_entry_set_pathname(entry, state->name); -- -- return (ARCHIVE_OK); --} -- - #ifndef HAVE_ZLIB_H - - /* -@@ -277,6 +273,24 @@ gzip_bidder_init(struct archive_read_filter *self) - - #else - -+static int -+gzip_read_header(struct archive_read_filter *self, struct archive_entry *entry) -+{ -+ struct private_data *state; -+ -+ state = (struct private_data *)self->data; -+ -+ /* A mtime of 0 is considered invalid/missing. */ -+ if (state->mtime != 0) -+ archive_entry_set_mtime(entry, state->mtime, 0); -+ -+ /* If the name is available, extract it. */ -+ if (state->name) -+ archive_entry_set_pathname(entry, state->name); -+ -+ return (ARCHIVE_OK); -+} -+ - /* - * Initialize the filter object. - */ -@@ -306,7 +320,9 @@ gzip_bidder_init(struct archive_read_filter *self) - self->read = gzip_filter_read; - self->skip = NULL; /* not supported */ - self->close = gzip_filter_close; -+#ifdef HAVE_ZLIB_H - self->read_header = gzip_read_header; -+#endif - - state->in_stream = 0; /* We're not actually within a stream yet. */ - -diff --git a/libarchive/test/test_read_format_raw.c b/libarchive/test/test_read_format_raw.c -index 0dac8bfba..3961723b4 100644 ---- a/libarchive/test/test_read_format_raw.c -+++ b/libarchive/test/test_read_format_raw.c -@@ -36,7 +36,9 @@ DEFINE_TEST(test_read_format_raw) - const char *reffile1 = "test_read_format_raw.data"; - const char *reffile2 = "test_read_format_raw.data.Z"; - const char *reffile3 = "test_read_format_raw.bufr"; -+#ifdef HAVE_ZLIB_H - const char *reffile4 = "test_read_format_raw.data.gz"; -+#endif - - /* First, try pulling data out of an uninterpretable file. */ - extract_reference_file(reffile1); -@@ -119,6 +121,7 @@ DEFINE_TEST(test_read_format_raw) - assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); - assertEqualInt(ARCHIVE_OK, archive_read_free(a)); - -+#ifdef HAVE_ZLIB_H - /* Fourth, try with gzip which has metadata. */ - extract_reference_file(reffile4); - assert((a = archive_read_new()) != NULL); -@@ -144,4 +147,5 @@ DEFINE_TEST(test_read_format_raw) - assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); - assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); - assertEqualInt(ARCHIVE_OK, archive_read_free(a)); -+#endif - } diff --git a/app-arch/libarchive/libarchive-3.4.0.ebuild b/app-arch/libarchive/libarchive-3.4.0.ebuild deleted file mode 100644 index 1c960f7b3326..000000000000 --- a/app-arch/libarchive/libarchive-3.4.0.ebuild +++ /dev/null @@ -1,135 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -inherit libtool multilib-minimal toolchain-funcs - -DESCRIPTION="Multi-format archive and compression library" -HOMEPAGE="https://www.libarchive.org/" -SRC_URI="https://www.libarchive.org/downloads/${P}.tar.gz" - -LICENSE="BSD BSD-2 BSD-4 public-domain" -SLOT="0/13" -KEYWORDS="~alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv kernel_linux libressl lz4 +lzma lzo nettle static-libs +threads xattr +zlib zstd" - -RDEPEND=" - acl? ( virtual/acl[${MULTILIB_USEDEP}] ) - blake2? ( app-crypt/libb2[${MULTILIB_USEDEP}] ) - bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] ) - expat? ( dev-libs/expat[${MULTILIB_USEDEP}] ) - !expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] ) - iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] ) - kernel_linux? ( - xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] ) - ) - !libressl? ( dev-libs/openssl:0=[${MULTILIB_USEDEP}] ) - libressl? ( dev-libs/libressl:0=[${MULTILIB_USEDEP}] ) - lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] ) - lzma? ( app-arch/xz-utils[threads=,${MULTILIB_USEDEP}] ) - lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] ) - nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] ) - zlib? ( sys-libs/zlib[${MULTILIB_USEDEP}] ) - zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )" -DEPEND="${RDEPEND} - kernel_linux? ( - virtual/os-headers - e2fsprogs? ( sys-fs/e2fsprogs ) - )" - -PATCHES=( - "${FILESDIR}"/${PN}-3.3.3-libressl.patch - "${FILESDIR}"/${P}-without_zlib_build_fix.patch #693202 -) - -# Various test problems, starting with the fact that sandbox -# explodes on long paths. https://bugs.gentoo.org/598806 -RESTRICT="test" - -src_prepare() { - default - elibtoolize # is required for Solaris sol2_ld linker fix -} - -multilib_src_configure() { - export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923 - - local myconf=( - $(use_enable acl) - $(use_enable static-libs static) - $(use_enable xattr) - $(use_with blake2 libb2) - $(use_with bzip2 bz2lib) - $(use_with expat) - $(use_with !expat xml2) - $(use_with iconv) - $(use_with lz4) - $(use_with lzma) - $(use_with lzo lzo2) - $(use_with nettle) - $(use_with zlib) - $(use_with zstd) - - # Windows-specific - --without-cng - ) - if multilib_is_native_abi ; then - myconf+=( - --enable-bsdcat=$(tc-is-static-only && echo static || echo shared) - --enable-bsdcpio=$(tc-is-static-only && echo static || echo shared) - --enable-bsdtar=$(tc-is-static-only && echo static || echo shared) - ) - else - myconf+=( - --disable-bsdcat - --disable-bsdcpio - --disable-bsdtar - ) - fi - - ECONF_SOURCE="${S}" econf "${myconf[@]}" -} - -multilib_src_compile() { - if multilib_is_native_abi ; then - emake - else - emake libarchive.la - fi -} - -multilib_src_test() { - # Replace the default src_test so that it builds tests in parallel - multilib_is_native_abi && emake check -} - -multilib_src_install() { - if multilib_is_native_abi ; then - emake DESTDIR="${D}" install - - # Create symlinks for FreeBSD - if ! use prefix && [[ ${CHOST} == *-freebsd* ]]; then - # Exclude cat for the time being #589876 - for bin in cpio tar; do - dosym bsd${bin} /usr/bin/${bin} - echo '.so bsd${bin}.1' > "${T}"/${bin}.1 - doman "${T}"/${bin}.1 - done - fi - else - local install_targets=( - install-includeHEADERS - install-libLTLIBRARIES - install-pkgconfigDATA - ) - emake DESTDIR="${D}" "${install_targets[@]}" - fi - - # Libs.private: should be used from libarchive.pc instead - find "${ED}" -type f -name "*.la" -delete || die -} - -multilib_src_install_all() { - cd "${S}" || die - einstalldocs -}