# HG changeset patch # User Rich Burridge # Date 1467848604 25200 # Node ID 3b2a73b969a9ac8b0521f95acfe7466d33185535 # Parent 64e0f06b8b9e63c978fc0c5b2569540e169e8247 23640205 Update libarchive to version 3.2.1 23635980 problem in LIBRARY/LIBARCHIVE diff -r 64e0f06b8b9e -r 3b2a73b969a9 components/libarchive/Makefile --- a/components/libarchive/Makefile Wed Jul 06 07:39:23 2016 -0700 +++ b/components/libarchive/Makefile Wed Jul 06 16:43:24 2016 -0700 @@ -23,17 +23,17 @@ include ../../make-rules/shared-macros.mk COMPONENT_NAME= libarchive -COMPONENT_VERSION= 3.1.2 +COMPONENT_VERSION= 3.2.1 COMPONENT_SRC= $(COMPONENT_NAME)-$(COMPONENT_VERSION) COMPONENT_PROJECT_URL= http://www.libarchive.org/ COMPONENT_ARCHIVE= $(COMPONENT_SRC).tar.gz COMPONENT_ARCHIVE_HASH= \ - sha256:eb87eacd8fe49e8d90c8fdc189813023ccc319c5e752b01fb6ad0cc7b2c53d5e + sha256:72ee1a4e3fd534525f13a0ba1aa7b05b203d186e0c6072a8a4738649d0b3cfd2 COMPONENT_ARCHIVE_URL= \ $(COMPONENT_PROJECT_URL)downloads/$(COMPONENT_ARCHIVE) COMPONENT_BUGDB= library/libarchive -TPNO= 24584 +TPNO= 29683 include $(WS_MAKE_RULES)/prep.mk include $(WS_MAKE_RULES)/configure.mk @@ -52,6 +52,9 @@ CONFIGURE_OPTIONS += --with-xml2 CONFIGURE_OPTIONS += --with-zlib +# We still have an older version of xz that doesn't support this. +CONFIGURE_OPTIONS += "ac_cv_lzma_has_mt=no" + # libarchive's Makefile hard-codes some gcc-only flags in COMMON_CFLAGS, then # appends CFLAGS to that. Reset the former here so we can build with Studio. COMPONENT_BUILD_ARGS += COMMON_CFLAGS='' @@ -59,6 +62,11 @@ COMPONENT_TEST_ARGS += COMMON_CFLAGS='' COMPONENT_TEST_ARGS += CFLAGS="$(CFLAGS)" +# Get correct libarchive.so from the proto area. +TEST_LIBPATH.32 = $(PROTOUSRLIBDIR) +TEST_LIBPATH.64 = $(PROTOUSRLIBDIR64) +COMPONENT_TEST_ENV += LD_LIBRARY_PATH=$(TEST_LIBPATH.$(BITS)) + # We need GNU awk for the following to work; hence the PATH tweak. # We then convert BSD-style section numbers in the libarchive man pages to # Solaris-style section numbers. @@ -73,12 +81,19 @@ PKG_PROTO_DIRS += $(COMPONENT_SRC)/doc/man +# Needed for "gmake test" to work successfully. +# If SHELLOPTS is exported (as it is by the userland makefiles), +# then all shell options get exported to child invocations of bash, +# which results in test failures due to nounset and xtrace being +# set unexpectedly, and errors such as "$1: unbound variable" and +# diffs failing due to script tracing in output files. +unexport SHELLOPTS + build: $(BUILD_32_and_64) install: $(INSTALL_32_and_64) -test: $(TEST_32_and_64) - +test: install $(TEST_32_and_64) REQUIRED_PACKAGES += compress/bzip2 REQUIRED_PACKAGES += compress/xz diff -r 64e0f06b8b9e -r 3b2a73b969a9 components/libarchive/libarchive.license --- a/components/libarchive/libarchive.license Wed Jul 06 07:39:23 2016 -0700 +++ b/components/libarchive/libarchive.license Wed Jul 06 16:43:24 2016 -0700 @@ -92,7 +92,7 @@ /*- * Copyright (c) 1985, 1986, 1992, 1993 - * The Regents of the University of California. All rights reserved. + * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * Diomidis Spinellis and James A. Woods, derived from original @@ -110,6 +110,7 @@ * may be used to endorse or promote products derived from this software * without specific prior written permission. * + * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE diff -r 64e0f06b8b9e -r 3b2a73b969a9 components/libarchive/libarchive.p5m --- a/components/libarchive/libarchive.p5m Wed Jul 06 07:39:23 2016 -0700 +++ b/components/libarchive/libarchive.p5m Wed Jul 06 16:43:24 2016 -0700 @@ -65,6 +65,7 @@ file path=usr/share/man/man3archive/archive_entry_stat.3archive file path=usr/share/man/man3archive/archive_entry_time.3archive file path=usr/share/man/man3archive/archive_read.3archive +file path=usr/share/man/man3archive/archive_read_add_passphrase.3archive file path=usr/share/man/man3archive/archive_read_data.3archive file path=usr/share/man/man3archive/archive_read_disk.3archive file path=usr/share/man/man3archive/archive_read_extract.3archive @@ -88,6 +89,7 @@ file path=usr/share/man/man3archive/archive_write_new.3archive file path=usr/share/man/man3archive/archive_write_open.3archive file path=usr/share/man/man3archive/archive_write_set_options.3archive +file path=usr/share/man/man3archive/archive_write_set_passphrase.3archive file path=usr/share/man/man3lib/libarchive.3lib file path=usr/share/man/man3lib/libarchive_changes.3lib file path=usr/share/man/man3lib/libarchive_internals.3lib diff -r 64e0f06b8b9e -r 3b2a73b969a9 components/libarchive/patches/CVE-2016-1541.patch --- a/components/libarchive/patches/CVE-2016-1541.patch Wed Jul 06 07:39:23 2016 -0700 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,49 +0,0 @@ -Fix for CVE-2016-1541. - -More information at: - - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541 - -Patch based on committed changes at: - - https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 - -and adjusted to work with the version of libarchive we currently have. - ---- libarchive-3.1.2/libarchive/archive_read_support_format_zip.c.orig 2016-05-25 07:28:45.920088332 -0700 -+++ libarchive-3.1.2/libarchive/archive_read_support_format_zip.c 2016-05-25 07:32:19.394552995 -0700 -@@ -560,6 +560,11 @@ - - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if (rsrc->uncompressed_size != rsrc->compressed_size) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Malformed OS X metadata entry: inconsistent size"); -+ return (ARCHIVE_FATAL); -+ } - #ifdef HAVE_ZLIB_H - case 8: /* Deflate compression. */ - #endif -@@ -581,6 +586,13 @@ - return (ARCHIVE_WARN); - } - -+ if (rsrc->compressed_size > (4 * 1024 * 1024)) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "Mac metadata is too large: %jd > 4M bytes", -+ (intmax_t)rsrc->compressed_size); -+ return (ARCHIVE_WARN); -+ } -+ - metadata = malloc((size_t)rsrc->uncompressed_size); - if (metadata == NULL) { - archive_set_error(&a->archive, ENOMEM, -@@ -619,6 +631,8 @@ - bytes_avail = remaining_bytes; - switch(rsrc->compression) { - case 0: /* No compression. */ -+ if ((size_t)bytes_avail > metadata_bytes) -+ bytes_avail = metadata_bytes; - memcpy(mp, p, bytes_avail); - bytes_used = (size_t)bytes_avail; - metadata_bytes -= bytes_used; diff -r 64e0f06b8b9e -r 3b2a73b969a9 components/libarchive/patches/fix-tests.patch --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/components/libarchive/patches/fix-tests.patch Wed Jul 06 16:43:24 2016 -0700 @@ -0,0 +1,44 @@ +Version related tests fail because we have: + +#define ZLIB_VERSION "1.2.8-T4mods" + +in /usr/include/zlib.h instead of the normal: + +#define ZLIB_VERSION "1.2.8" + +This patch has been submitted upstream. See: +https://github.com/libarchive/libarchive/issues/720 + +--- libarchive-3.2.0/tar/test/test_version.c.orig 2016-06-17 15:01:20.182487097 -0700 ++++ libarchive-3.2.0/tar/test/test_version.c 2016-06-17 16:09:37.869258356 -0700 +@@ -88,7 +88,7 @@ + if (*q == 'a' || *q == 'b' || *q == 'c' || *q == 'd') + ++q; + /* Skip arbitrary third-party version numbers. */ +- while (s > 0 && (*q == ' ' || *q == '/' || *q == '.' || isalnum(*q))) { ++ while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' || isalnum(*q))) { + ++q; + --s; + } +--- libarchive-3.2.0/cpio/test/test_option_version.c.orig 2016-06-17 16:33:58.917721419 -0700 ++++ libarchive-3.2.0/cpio/test/test_option_version.c 2016-06-17 16:34:20.005855444 -0700 +@@ -75,7 +75,7 @@ + if (*q == 'a' || *q == 'b' || *q == 'c' || *q == 'd') + ++q; + /* Skip arbitrary third-party version numbers. */ +- while (s > 0 && (*q == ' ' || *q == '/' || *q == '.' || isalnum(*q))) { ++ while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' || isalnum(*q))) { + ++q; + --s; + } +--- libarchive-3.2.0/cat/test/test_version.c.orig 2016-06-17 16:36:09.148321710 -0700 ++++ libarchive-3.2.0/cat/test/test_version.c 2016-06-17 16:36:25.036590222 -0700 +@@ -83,7 +83,7 @@ + if (*q == 'a' || *q == 'b' || *q == 'c' || *q == 'd') + ++q; + /* Skip arbitrary third-party version numbers. */ +- while (s > 0 && (*q == ' ' || *q == '/' || *q == '.' || isalnum(*q))) { ++ while (s > 0 && (*q == ' ' || *q == '-' || *q == '/' || *q == '.' || isalnum(*q))) { + ++q; + --s; + }