From 9ec49790dbb040c07ff232e073dfbb9969f53024 Mon Sep 17 00:00:00 2001 From: CentOS Buildsys Date: Jul 22 2013 14:44:15 +0000 Subject: import libarchive-3.1.2-5.el7.src.rpm --- diff --git a/.libarchive.metadata b/.libarchive.metadata new file mode 100644 index 0000000..158fc8e --- /dev/null +++ b/.libarchive.metadata @@ -0,0 +1 @@ +6a991777ecb0f890be931cec4aec856d1a195489 SOURCES/libarchive-3.1.2.tar.gz diff --git a/README.md b/README.md deleted file mode 100644 index 0e7897f..0000000 --- a/README.md +++ /dev/null @@ -1,5 +0,0 @@ -The master branch has no content - -Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6 - -If you find this file in a distro specific branch, it means that no content has been checked in yet diff --git a/SOURCES/libarchive-3.1.2-testsuite.patch b/SOURCES/libarchive-3.1.2-testsuite.patch new file mode 100644 index 0000000..8a9841c --- /dev/null +++ b/SOURCES/libarchive-3.1.2-testsuite.patch @@ -0,0 +1,150 @@ +diff --git a/cpio/test/test_extract_cpio_lzo.c b/cpio/test/test_extract_cpio_lzo.c +index f351ba7..99476af 100644 +--- a/cpio/test/test_extract_cpio_lzo.c ++++ b/cpio/test/test_extract_cpio_lzo.c +@@ -27,7 +27,7 @@ __FBSDID("$FreeBSD$"); + + DEFINE_TEST(test_extract_cpio_lzo) + { +- const char *reffile = "test_extract.cpio.lrz"; ++ const char *reffile = "test_extract.cpio.lzo"; + int f; + + extract_reference_file(reffile); +diff --git a/libarchive/test/test_write_filter_lzop.c b/libarchive/test/test_write_filter_lzop.c +index 9e840bd..a32932c 100644 +--- a/libarchive/test/test_write_filter_lzop.c ++++ b/libarchive/test/test_write_filter_lzop.c +@@ -39,7 +39,7 @@ DEFINE_TEST(test_write_filter_lzop) + size_t buffsize, datasize; + char path[16]; + size_t used1, used2; +- int i, r, use_prog = 0; ++ int i, r, use_prog = 0, filecount; + + assert((a = archive_write_new()) != NULL); + r = archive_write_add_filter_lzop(a); +@@ -58,9 +58,10 @@ DEFINE_TEST(test_write_filter_lzop) + + datasize = 10000; + assert(NULL != (data = (char *)calloc(1, datasize))); ++ filecount = 10; + + /* +- * Write a 100 files and read them all back. ++ * Write a filecount files and read them all back. + */ + assert((a = archive_write_new()) != NULL); + assertEqualIntA(a, ARCHIVE_OK, archive_write_set_format_ustar(a)); +@@ -77,7 +78,7 @@ DEFINE_TEST(test_write_filter_lzop) + assert((ae = archive_entry_new()) != NULL); + archive_entry_set_filetype(ae, AE_IFREG); + archive_entry_set_size(ae, datasize); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + archive_entry_copy_pathname(ae, path); + assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); +@@ -97,7 +98,7 @@ DEFINE_TEST(test_write_filter_lzop) + } else { + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used1)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +@@ -133,7 +134,7 @@ DEFINE_TEST(test_write_filter_lzop) + archive_write_set_options(a, "lzop:compression-level=9")); + assertEqualIntA(a, ARCHIVE_OK, + archive_write_open_memory(a, buff, buffsize, &used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, path); +@@ -161,7 +162,7 @@ DEFINE_TEST(test_write_filter_lzop) + archive_read_support_filter_all(a)); + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +@@ -186,7 +187,7 @@ DEFINE_TEST(test_write_filter_lzop) + archive_write_set_filter_option(a, NULL, "compression-level", "1")); + assertEqualIntA(a, ARCHIVE_OK, + archive_write_open_memory(a, buff, buffsize, &used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, path); +@@ -216,7 +217,7 @@ DEFINE_TEST(test_write_filter_lzop) + } else { + assertEqualIntA(a, ARCHIVE_OK, + archive_read_open_memory(a, buff, used2)); +- for (i = 0; i < 100; i++) { ++ for (i = 0; i < filecount; i++) { + sprintf(path, "file%03d", i); + if (!assertEqualInt(ARCHIVE_OK, + archive_read_next_header(a, &ae))) +diff --git a/tar/test/test_option_b.c b/tar/test/test_option_b.c +index be2ae65..7164d4c 100644 +--- a/tar/test/test_option_b.c ++++ b/tar/test/test_option_b.c +@@ -25,8 +25,14 @@ + #include "test.h" + __FBSDID("$FreeBSD$"); + ++static char *ustar_opt = " --format=ustar"; ++ + DEFINE_TEST(test_option_b) + { ++ char *testprog_ustar = malloc(strlen(testprog) + strlen(ustar_opt) + 2); ++ strcpy(testprog_ustar, testprog); ++ strcat(testprog_ustar, ustar_opt); ++ + assertMakeFile("file1", 0644, "file1"); + if (systemf("cat file1 > test_cat.out 2> test_cat.err") != 0) { + skipping("Platform doesn't have cat"); +@@ -36,7 +42,7 @@ DEFINE_TEST(test_option_b) + /* + * Bsdtar does not pad if the output is going directly to a disk file. + */ +- assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog)); ++ assertEqualInt(0, systemf("%s -cf archive1.tar file1 >test1.out 2>test1.err", testprog_ustar)); + failure("bsdtar does not pad archives written directly to regular files"); + assertFileSize("archive1.tar", 2048); + assertEmptyFile("test1.out"); +@@ -46,24 +52,24 @@ DEFINE_TEST(test_option_b) + * Bsdtar does pad to the block size if the output is going to a socket. + */ + /* Default is -b 20 */ +- assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - file1 2>test2.err | cat >archive2.tar ", testprog_ustar)); + failure("bsdtar does pad archives written to pipes"); + assertFileSize("archive2.tar", 10240); + assertEmptyFile("test2.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 20 file1 2>test3.err | cat >archive3.tar ", testprog_ustar)); + assertFileSize("archive3.tar", 10240); + assertEmptyFile("test3.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 10 file1 2>test4.err | cat >archive4.tar ", testprog_ustar)); + assertFileSize("archive4.tar", 5120); + assertEmptyFile("test4.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 1 file1 2>test5.err | cat >archive5.tar ", testprog_ustar)); + assertFileSize("archive5.tar", 2048); + assertEmptyFile("test5.err"); + +- assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog)); ++ assertEqualInt(0, systemf("%s -cf - -b 8192 file1 2>test6.err | cat >archive6.tar ", testprog_ustar)); + assertFileSize("archive6.tar", 4194304); + assertEmptyFile("test6.err"); + diff --git a/SOURCES/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch b/SOURCES/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch new file mode 100644 index 0000000..78427ce --- /dev/null +++ b/SOURCES/libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch @@ -0,0 +1,32 @@ +From 22531545514043e04633e1c015c7540b9de9dbe4 Mon Sep 17 00:00:00 2001 +From: Tim Kientzle +Date: Fri, 22 Mar 2013 23:48:41 -0700 +Subject: [PATCH] Limit write requests to at most INT_MAX. This prevents a + certain common programming error (passing -1 to write) from leading to other + problems deeper in the library. + +--- + libarchive/archive_write.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c +index eede5e0..be85621 100644 +--- a/libarchive/archive_write.c ++++ b/libarchive/archive_write.c +@@ -673,8 +673,13 @@ static ssize_t + _archive_write_data(struct archive *_a, const void *buff, size_t s) + { + struct archive_write *a = (struct archive_write *)_a; ++ const size_t max_write = INT_MAX; ++ + archive_check_magic(&a->archive, ARCHIVE_WRITE_MAGIC, + ARCHIVE_STATE_DATA, "archive_write_data"); ++ /* In particular, this catches attempts to pass negative values. */ ++ if (s > max_write) ++ s = max_write; + archive_clear_error(&a->archive); + return ((a->format_write_data)(a, buff, s)); + } +-- +1.8.1 + diff --git a/SPECS/libarchive.spec b/SPECS/libarchive.spec new file mode 100644 index 0000000..861ae85 --- /dev/null +++ b/SPECS/libarchive.spec @@ -0,0 +1,290 @@ +Name: libarchive +Version: 3.1.2 +Release: 5%{?dist} +Summary: A library for handling streaming archive formats + +Group: System Environment/Libraries +License: BSD +URL: http://www.libarchive.org/ +Source0: http://www.libarchive.org/downloads/%{name}-%{version}.tar.gz +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + + +BuildRequires: bison +BuildRequires: sharutils +BuildRequires: zlib-devel +BuildRequires: bzip2-devel +BuildRequires: xz-devel +BuildRequires: lzo-devel +BuildRequires: e2fsprogs-devel +BuildRequires: libacl-devel +BuildRequires: libattr-devel +BuildRequires: openssl-devel +BuildRequires: libxml2-devel +BuildRequires: automake autoconf libtool + + +# CVE-2013-0211 libarchive: read buffer overflow on 64-bit systems +# https://bugzilla.redhat.com/show_bug.cgi?id=927105 +Patch0: libarchive-3.1.3-CVE-2013-0211_read_buffer_overflow.patch + +Patch1: libarchive-3.1.2-testsuite.patch + +%description +Libarchive is a programming library that can create and read several different +streaming archive formats, including most popular tar variants, several cpio +formats, and both BSD and GNU ar variants. It can also write shar archives and +read ISO9660 CDROM images and ZIP archives. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + + +%package -n bsdtar +Summary: Manipulate tape archives +Group: Applications/File +Requires: %{name} = %{version}-%{release} + +%description -n bsdtar +The bsdtar package contains standalone bsdtar utility split off regular +libarchive packages. + + +%package -n bsdcpio +Summary: Copy files to and from archives +Group: Applications/File +Requires: %{name} = %{version}-%{release} + +%description -n bsdcpio +The bsdcpio package contains standalone bsdcpio utility split off regular +libarchive packages. + + +%prep +%setup -q -n %{name}-%{version} +%patch0 -p1 -b .CVE-2013-0211 +# fix bugs in testsuite +# ~> upstream ~> 26629c191a & b539b2e597 & 9caa49246 +%patch1 -p1 -b .fix-testsuite + + +%build +build/autogen.sh +%configure --disable-static --disable-rpath +# remove rpaths +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool + +test -z "$V" && verbose_make="V=1" +make %{?_smp_mflags} $verbose_make + + +%install +rm -rf $RPM_BUILD_ROOT +make install DESTDIR=$RPM_BUILD_ROOT +find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' + + +%check +run_testsuite() +{ + LD_LIBRARY_PATH=`pwd`/.libs make check -j1 + res=$? + echo $res + if [ $res -ne 0 ]; then + # error happened - try to extract in koji as much info as possible + cat test-suite.log + echo "=========================" + err=`cat test-suite.log | grep "Details for failing tests" | cut -d: -f2` + for i in $err; do + find $i -printf "%p\n ~> a: %a\n ~> c: %c\n ~> t: %t\n ~> %s B\n" + echo "-------------------------" + cat $i/*.log + done + return 1 + else + return 0 + fi +} + +# On a ppc/ppc64 is some race condition causing 'make check' fail on ppc +# when both 32 and 64 builds are done in parallel on the same machine in +# koji. Try to run once again if failed. +%ifarch ppc +run_testsuite || run_testsuite +%else +run_testsuite +%endif + + +%clean +rm -rf $RPM_BUILD_ROOT + + +%post -p /sbin/ldconfig + + +%postun -p /sbin/ldconfig + + +%files +%defattr(-,root,root,-) +%doc COPYING README NEWS +%{_libdir}/libarchive.so.13* +%{_mandir}/*/cpio.* +%{_mandir}/*/mtree.* +%{_mandir}/*/tar.* + +%files devel +%defattr(-,root,root,-) +%doc +%{_includedir}/*.h +%{_mandir}/*/archive* +%{_mandir}/*/libarchive* +%{_libdir}/libarchive.so +%{_libdir}/pkgconfig/libarchive.pc + +%files -n bsdtar +%defattr(-,root,root,-) +%doc COPYING README NEWS +%{_bindir}/bsdtar +%{_mandir}/*/bsdtar* + +%files -n bsdcpio +%defattr(-,root,root,-) +%doc COPYING README NEWS +%{_bindir}/bsdcpio +%{_mandir}/*/bsdcpio* + + +%changelog +* Mon Jul 22 2013 Pavel Raiskup - 3.1.2-5 +- try to workaround racy testsuite fail + +* Sun Jun 30 2013 Pavel Raiskup - 3.1.2-4 +- enable testsuite in the %%check phase + +* Mon Jun 24 2013 Pavel Raiskup - 3.1.2-3 +- bsdtar/bsdcpio should require versioned libarchive + +* Wed Apr 3 2013 Tomas Bzatek - 3.1.2-2 +- Remove libunistring-devel build require + +* Thu Mar 28 2013 Tomas Bzatek - 3.1.2-1 +- Update to 3.1.2 +- Fix CVE-2013-0211: read buffer overflow on 64-bit systems (#927105) + +* Thu Feb 14 2013 Fedora Release Engineering - 3.1.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Jan 14 2013 Tomas Bzatek - 3.1.1-1 +- Update to 3.1.1 +- NEWS seems to be valid UTF-8 nowadays + +* Wed Oct 03 2012 Pavel Raiskup - 3.0.4-3 +- better install manual pages for libarchive/bsdtar/bsdcpio (# ... ) +- several fedora-review fixes ...: +- Source0 has moved to github.com +- remove trailing white spaces +- repair summary to better describe bsdtar/cpiotar utilities + +* Thu Jul 19 2012 Fedora Release Engineering - 3.0.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Mon May 7 2012 Tomas Bzatek - 3.0.4-1 +- Update to 3.0.4 + +* Wed Feb 1 2012 Tomas Bzatek - 3.0.3-2 +- Enable bsdtar and bsdcpio in separate subpackages (#786400) + +* Fri Jan 13 2012 Tomas Bzatek - 3.0.3-1 +- Update to 3.0.3 + +* Fri Jan 13 2012 Fedora Release Engineering - 3.0.0-0.3.a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Nov 15 2011 Rex Dieter 3.0.0-0.2.a +- track files/sonames closer, so abi bumps aren't a surprise +- tighten subpkg deps via %%_isa + +* Mon Nov 14 2011 Tomas Bzatek - 3.0.0-0.1.a +- Update to 3.0.0a (alpha release) + +* Mon Sep 5 2011 Tomas Bzatek - 2.8.5-1 +- Update to 2.8.5 + +* Mon Feb 07 2011 Fedora Release Engineering - 2.8.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Jan 13 2011 Tomas Bzatek - 2.8.4-2 +- Rebuild for new xz-libs + +* Wed Jun 30 2010 Tomas Bzatek - 2.8.4-1 +- Update to 2.8.4 + +* Fri Jun 25 2010 Tomas Bzatek - 2.8.3-2 +- Fix ISO9660 reader data type mismatches (#597243) + +* Tue Mar 16 2010 Tomas Bzatek - 2.8.3-1 +- Update to 2.8.3 + +* Mon Mar 8 2010 Tomas Bzatek - 2.8.1-1 +- Update to 2.8.1 + +* Fri Feb 5 2010 Tomas Bzatek - 2.8.0-1 +- Update to 2.8.0 + +* Wed Jan 6 2010 Tomas Bzatek - 2.7.902a-1 +- Update to 2.7.902a + +* Fri Aug 21 2009 Tomas Mraz - 2.7.1-2 +- rebuilt with new openssl + +* Fri Aug 7 2009 Tomas Bzatek 2.7.1-1 +- Update to 2.7.1 +- Drop deprecated lzma dependency, libxz handles both formats + +* Mon Jul 27 2009 Tomas Bzatek 2.7.0-3 +- Enable XZ compression format + +* Fri Jul 24 2009 Fedora Release Engineering - 2.7.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Tue May 12 2009 Tomas Bzatek 2.7.0-1 +- Update to 2.7.0 + +* Fri Mar 6 2009 Tomas Bzatek 2.6.2-1 +- Update to 2.6.2 + +* Wed Feb 25 2009 Fedora Release Engineering - 2.6.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Feb 16 2009 Tomas Bzatek 2.6.1-1 +- Update to 2.6.1 + +* Thu Jan 8 2009 Tomas Bzatek 2.6.0-1 +- Update to 2.6.0 + +* Mon Dec 15 2008 Tomas Bzatek 2.5.904a-1 +- Update to 2.5.904a + +* Tue Dec 9 2008 Tomas Bzatek 2.5.903a-2 +- Add LZMA support + +* Mon Dec 8 2008 Tomas Bzatek 2.5.903a-1 +- Update to 2.5.903a + +* Tue Jul 22 2008 Tomas Bzatek 2.5.5-1 +- Update to 2.5.5 + +* Wed Apr 2 2008 Tomas Bzatek 2.4.17-1 +- Update to 2.4.17 + +* Wed Mar 19 2008 Tomas Bzatek 2.4.14-1 +- Initial packaging