diff options
Diffstat (limited to 'meta/recipes-extended/libarchive')
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch | 37 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch | 37 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/bug929.patch | 38 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/configurehack.patch | 55 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch | 153 | ||||
-rw-r--r-- | meta/recipes-extended/libarchive/libarchive_3.7.3.bb (renamed from meta/recipes-extended/libarchive/libarchive_3.3.2.bb) | 42 |
6 files changed, 74 insertions, 288 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch deleted file mode 100644 index e85fec40aa..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14166.patch +++ /dev/null @@ -1,37 +0,0 @@ -libarchive-3.3.2: Fix CVE-2017-14166 - -[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/935 - -archive_read_support_format_xar: heap-based buffer overflow in xml_data - -Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71] -CVE: CVE-2017-14166 -Bug: 935 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c -index 7a22beb..93eeacc 100644 ---- a/libarchive/archive_read_support_format_xar.c -+++ b/libarchive/archive_read_support_format_xar.c -@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) - uint64_t l; - int digit; - -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - digit = *p - '0'; - while (digit >= 0 && digit < 10 && char_cnt-- > 0) { -@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) - { - int64_t l; - int digit; -- -+ -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - while (char_cnt-- > 0) { - if (*p >= '0' && *p <= '7') diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch deleted file mode 100644 index 72e1546435..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/CVE-2017-14502.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001 -From: Joerg Sonnenberger <joerg@bec.de> -Date: Sat, 9 Sep 2017 17:47:32 +0200 -Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR - archives. - -Reported-By: OSS-Fuzz issue 573 - -CVE: CVE-2017-14502 - -Upstream-Status: Backport - -Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com> ---- - libarchive/archive_read_support_format_rar.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c -index cbb14c3..751de69 100644 ---- a/libarchive/archive_read_support_format_rar.c -+++ b/libarchive/archive_read_support_format_rar.c -@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct archive_entry *entry, - return (ARCHIVE_FATAL); - } - filename[filename_size++] = '\0'; -- filename[filename_size++] = '\0'; -+ /* -+ * Do not increment filename_size here as the computations below -+ * add the space for the terminating NUL explicitly. -+ */ -+ filename[filename_size] = '\0'; - - /* Decoded unicode form is UTF-16BE, so we have to update a string - * conversion object for it. */ --- -1.9.1 - diff --git a/meta/recipes-extended/libarchive/libarchive/bug929.patch b/meta/recipes-extended/libarchive/libarchive/bug929.patch deleted file mode 100644 index 2f3254c8dc..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/bug929.patch +++ /dev/null @@ -1,38 +0,0 @@ -libarchive-3.3.2: Fix bug929 - -[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/929 - -archive_read_support_format_cpio: header_newc(): Avoid overflow when reading corrupt -cpio archive - -A cpio "newc" archive with a namelength of "FFFFFFFF", if read on a -system with a 32-bit size_t, would result in namelength + name_pad -overflowing 32 bits and libarchive attempting to copy 2^32-1 bytes -from a 2-byte buffer, with appropriately hilarious results. - -Check for this overflow and fail; there's no legitimate reason for a -cpio archive to contain a file with a name over 4 billion characters -in length. - -Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/bac4659e0b970990e7e3f3a3d239294e96311630] -Bug: 929 -Signed-off-by: Andrej Valek <andrej.valek@siemens.com> - -diff --git a/libarchive/archive_read_support_format_cpio.c b/libarchive/archive_read_support_format_cpio.c -index ad9f782..1faa64d 100644 ---- a/libarchive/archive_read_support_format_cpio.c -+++ b/libarchive/archive_read_support_format_cpio.c -@@ -633,6 +633,13 @@ header_newc(struct archive_read *a, struct cpio *cpio, - /* Pad name to 2 more than a multiple of 4. */ - *name_pad = (2 - *namelength) & 3; - -+ /* Make sure that the padded name length fits into size_t. */ -+ if ((size_t)(*namelength + *name_pad) < *namelength) { -+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, -+ "cpio archive has invalid namelength"); -+ return (ARCHIVE_FATAL); -+ } -+ - /* - * Note: entry_bytes_remaining is at least 64 bits and - * therefore guaranteed to be big enough for a 33-bit file diff --git a/meta/recipes-extended/libarchive/libarchive/configurehack.patch b/meta/recipes-extended/libarchive/libarchive/configurehack.patch new file mode 100644 index 0000000000..45fddd9147 --- /dev/null +++ b/meta/recipes-extended/libarchive/libarchive/configurehack.patch @@ -0,0 +1,55 @@ +To work with autoconf 2.73, tweak the macro ordering in configure.in. + +Upstream-Status: Pending +Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> +--- + configure.ac | 26 +++++++++++++------------- + 1 file changed, 13 insertions(+), 13 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 503bb75..e3101da 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -414,6 +414,19 @@ if test "x$with_bz2lib" != "xno"; then + esac + fi + ++# Checks for typedefs, structures, and compiler characteristics. ++AC_C_CONST ++# la_TYPE_UID_T defaults to "int", which is incorrect for MinGW ++# and MSVC. Use a customized version. ++la_TYPE_UID_T ++AC_TYPE_MODE_T ++# AC_TYPE_OFF_T defaults to "long", which limits us to 4GB files on ++# most systems... default to "long long" instead. ++AC_CHECK_TYPE(off_t, [long long]) ++AC_TYPE_SIZE_T ++AC_CHECK_TYPE(id_t, [unsigned long]) ++AC_CHECK_TYPE(uintptr_t, [unsigned int]) ++ + AC_ARG_WITH([libb2], + AS_HELP_STRING([--without-libb2], [Don't build support for BLAKE2 through libb2])) + +@@ -678,19 +691,6 @@ fi + + AC_SUBST(DEAD_CODE_REMOVAL) + +-# Checks for typedefs, structures, and compiler characteristics. +-AC_C_CONST +-# la_TYPE_UID_T defaults to "int", which is incorrect for MinGW +-# and MSVC. Use a customized version. +-la_TYPE_UID_T +-AC_TYPE_MODE_T +-# AC_TYPE_OFF_T defaults to "long", which limits us to 4GB files on +-# most systems... default to "long long" instead. +-AC_CHECK_TYPE(off_t, [long long]) +-AC_TYPE_SIZE_T +-AC_CHECK_TYPE(id_t, [unsigned long]) +-AC_CHECK_TYPE(uintptr_t, [unsigned int]) +- + # Check for tm_gmtoff in struct tm + AC_CHECK_MEMBERS([struct tm.tm_gmtoff, struct tm.__tm_gmtoff],,, + [ +-- +2.34.1 + diff --git a/meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch b/meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch deleted file mode 100644 index cd7be5127a..0000000000 --- a/meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch +++ /dev/null @@ -1,153 +0,0 @@ -From 47f7566f6829c2b14e21bbbba699916de4998c72 Mon Sep 17 00:00:00 2001 -From: Patrick Ohly <patrick.ohly@intel.com> -Date: Mon, 24 Oct 2016 12:54:48 +0200 -Subject: [PATCH 1/1] non-recursive extract and list - -Sometimes it makes sense to extract or list a directory contained in -an archive without also doing the same for the content of the -directory, i.e. allowing -n (= --no-recursion) in combination with the -x and t modes. - -bsdtar uses the match functionality in libarchive to track include -matches. A new libarchive API call -archive_match_include_directories_recursively() gets introduced to -influence the matching behavior, with the default behavior as before. - -Non-recursive matching can be achieved by anchoring the path match at -both start and end. Asking for a directory which itself isn't in the -archive when in non-recursive mode is an error and handled by the -existing mechanism for tracking unused inclusion entries. - -Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/812] - -Signed-off-by: Patrick Ohly <patrick.ohly@intel.com> - ---- - libarchive/archive.h | 2 ++ - libarchive/archive_match.c | 30 +++++++++++++++++++++++++++++- - tar/bsdtar.1 | 3 +-- - tar/bsdtar.c | 12 ++++++++++-- - 4 files changed, 42 insertions(+), 5 deletions(-) - -diff --git a/libarchive/archive.h b/libarchive/archive.h -index 32710201..59fb4aa6 100644 ---- a/libarchive/archive.h -+++ b/libarchive/archive.h -@@ -1093,6 +1093,8 @@ __LA_DECL int archive_match_excluded(struct archive *, - */ - __LA_DECL int archive_match_path_excluded(struct archive *, - struct archive_entry *); -+/* Control recursive inclusion of directory content when directory is included. Default on. */ -+__LA_DECL int archive_match_include_directories_recursively(struct archive *, int _enabled); - /* Add exclusion pathname pattern. */ - __LA_DECL int archive_match_exclude_pattern(struct archive *, const char *); - __LA_DECL int archive_match_exclude_pattern_w(struct archive *, -diff --git a/libarchive/archive_match.c b/libarchive/archive_match.c -index be72066e..bb6a3407 100644 ---- a/libarchive/archive_match.c -+++ b/libarchive/archive_match.c -@@ -93,6 +93,9 @@ struct archive_match { - /* exclusion/inclusion set flag. */ - int setflag; - -+ /* Recursively include directory content? */ -+ int recursive_include; -+ - /* - * Matching filename patterns. - */ -@@ -223,6 +226,7 @@ archive_match_new(void) - return (NULL); - a->archive.magic = ARCHIVE_MATCH_MAGIC; - a->archive.state = ARCHIVE_STATE_NEW; -+ a->recursive_include = 1; - match_list_init(&(a->inclusions)); - match_list_init(&(a->exclusions)); - __archive_rb_tree_init(&(a->exclusion_tree), &rb_ops_mbs); -@@ -471,6 +475,28 @@ archive_match_path_excluded(struct archive *_a, - } - - /* -+ * When recursive inclusion of directory content is enabled, -+ * an inclusion pattern that matches a directory will also -+ * include everything beneath that directory. Enabled by default. -+ * -+ * For compatibility with GNU tar, exclusion patterns always -+ * match if a subset of the full patch matches (i.e., they are -+ * are not rooted at the beginning of the path) and thus there -+ * is no corresponding non-recursive exclusion mode. -+ */ -+int -+archive_match_include_directories_recursively(struct archive *_a, int _enabled) -+{ -+ struct archive_match *a; -+ -+ archive_check_magic(_a, ARCHIVE_MATCH_MAGIC, -+ ARCHIVE_STATE_NEW, "archive_match_include_directories_recursively"); -+ a = (struct archive_match *)_a; -+ a->recursive_include = _enabled; -+ return (ARCHIVE_OK); -+} -+ -+/* - * Utility functions to get statistic information for inclusion patterns. - */ - int -@@ -781,7 +807,9 @@ static int - match_path_inclusion(struct archive_match *a, struct match *m, - int mbs, const void *pn) - { -- int flag = PATHMATCH_NO_ANCHOR_END; -+ int flag = a->recursive_include ? -+ PATHMATCH_NO_ANCHOR_END : /* Prefix match is good enough. */ -+ 0; /* Full match required. */ - int r; - - if (mbs) { -diff --git a/tar/bsdtar.1 b/tar/bsdtar.1 -index 132e1145..1dd2a847 100644 ---- a/tar/bsdtar.1 -+++ b/tar/bsdtar.1 -@@ -386,8 +386,7 @@ and the default behavior in c, r, and u modes or if - .Nm - is run in x mode as root. - .It Fl n , Fl Fl norecurse , Fl Fl no-recursion --(c, r, u modes only) --Do not recursively archive the contents of directories. -+Do not recursively archive (c, r, u), extract (x) or list (t) the contents of directories. - .It Fl Fl newer Ar date - (c, r, u modes only) - Only include files and directories newer than the specified date. -diff --git a/tar/bsdtar.c b/tar/bsdtar.c -index 11dedbf9..d014cc3e 100644 ---- a/tar/bsdtar.c -+++ b/tar/bsdtar.c -@@ -794,8 +794,6 @@ main(int argc, char **argv) - break; - } - } -- if (bsdtar->flags & OPTFLAG_NO_SUBDIRS) -- only_mode(bsdtar, "-n", "cru"); - if (bsdtar->flags & OPTFLAG_STDOUT) - only_mode(bsdtar, "-O", "xt"); - if (bsdtar->flags & OPTFLAG_UNLINK_FIRST) -@@ -845,6 +843,16 @@ main(int argc, char **argv) - only_mode(bsdtar, buff, "cru"); - } - -+ /* -+ * When creating an archive from a directory tree, the directory -+ * walking code will already avoid entering directories when -+ * recursive inclusion of directory content is disabled, therefore -+ * changing the matching behavior has no effect for creation modes. -+ * It is relevant for extraction or listing. -+ */ -+ archive_match_include_directories_recursively(bsdtar->matching, -+ !(bsdtar->flags & OPTFLAG_NO_SUBDIRS)); -+ - /* Filename "-" implies stdio. */ - if (strcmp(bsdtar->filename, "-") == 0) - bsdtar->filename = NULL; --- -2.11.0 - diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.2.bb b/meta/recipes-extended/libarchive/libarchive_3.7.3.bb index 5eded35c64..bea91b6e97 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.3.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.7.3.bb @@ -2,20 +2,15 @@ SUMMARY = "Support for reading various archive formats" DESCRIPTION = "C library and command-line tools for reading and writing tar, cpio, zip, ISO, and other archive formats" HOMEPAGE = "http://www.libarchive.org/" SECTION = "devel" -LICENSE = "BSD" -LIC_FILES_CHKSUM = "file://COPYING;md5=ed99aca006bc346974bb745a35336425" +LICENSE = "BSD-2-Clause" +LIC_FILES_CHKSUM = "file://COPYING;md5=d499814247adaee08d88080841cb5665" DEPENDS = "e2fsprogs-native" -PACKAGECONFIG ?= "zlib bz2" - -PACKAGECONFIG_append_class-target = "\ - libxml2 \ - ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)} \ -" +PACKAGECONFIG ?= "zlib bz2 xz zstd ${@bb.utils.filter('DISTRO_FEATURES', 'acl xattr', d)}" DEPENDS_BZIP2 = "bzip2-replacement-native" -DEPENDS_BZIP2_class-target = "bzip2" +DEPENDS_BZIP2:class-target = "bzip2" PACKAGECONFIG[acl] = "--enable-acl,--disable-acl,acl," PACKAGECONFIG[xattr] = "--enable-xattr,--disable-xattr,attr," @@ -23,30 +18,31 @@ PACKAGECONFIG[zlib] = "--with-zlib,--without-zlib,zlib," PACKAGECONFIG[bz2] = "--with-bz2lib,--without-bz2lib,${DEPENDS_BZIP2}," PACKAGECONFIG[xz] = "--with-lzma,--without-lzma,xz," PACKAGECONFIG[openssl] = "--with-openssl,--without-openssl,openssl," +PACKAGECONFIG[libb2] = "--with-libb2,--without-libb2,libb2," PACKAGECONFIG[libxml2] = "--with-xml2,--without-xml2,libxml2," PACKAGECONFIG[expat] = "--with-expat,--without-expat,expat," PACKAGECONFIG[lzo] = "--with-lzo2,--without-lzo2,lzo," PACKAGECONFIG[nettle] = "--with-nettle,--without-nettle,nettle," PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4," +PACKAGECONFIG[mbedtls] = "--with-mbedtls,--without-mbedtls,mbedtls," +PACKAGECONFIG[zstd] = "--with-zstd,--without-zstd,zstd," + +EXTRA_OECONF += "--enable-largefile --without-iconv" -EXTRA_OECONF += "--enable-largefile" +SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz" +SRC_URI += "file://configurehack.patch" +UPSTREAM_CHECK_URI = "http://libarchive.org/" -SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ - file://bug929.patch \ - file://CVE-2017-14166.patch \ - file://CVE-2017-14502.patch \ - file://non-recursive-extract-and-list.patch \ - " +SRC_URI[sha256sum] = "f27a97bc22ceb996e72502df47dc19f99f9a0f09181ae909f09f3c9eb17b67e2" -SRC_URI[md5sum] = "4583bd6b2ebf7e0e8963d90879eb1b27" -SRC_URI[sha256sum] = "ed2dbd6954792b2c054ccf8ec4b330a54b85904a80cef477a1c74643ddafa0ce" +CVE_STATUS[CVE-2023-30571] = "upstream-wontfix: upstream has documented that reported function is not thread-safe" inherit autotools update-alternatives pkgconfig CPPFLAGS += "-I${WORKDIR}/extra-includes" do_configure[cleandirs] += "${WORKDIR}/extra-includes" -do_configure_prepend() { +do_configure:prepend() { # We just need the headers for some type constants, so no need to # build all of e2fsprogs for the target cp -R ${STAGING_INCDIR_NATIVE}/ext2fs ${WORKDIR}/extra-includes/ @@ -55,16 +51,16 @@ do_configure_prepend() { ALTERNATIVE_PRIORITY = "80" PACKAGES =+ "bsdtar" -FILES_bsdtar = "${bindir}/bsdtar" +FILES:bsdtar = "${bindir}/bsdtar" -ALTERNATIVE_bsdtar = "tar" +ALTERNATIVE:bsdtar = "tar" ALTERNATIVE_LINK_NAME[tar] = "${base_bindir}/tar" ALTERNATIVE_TARGET[tar] = "${bindir}/bsdtar" PACKAGES =+ "bsdcpio" -FILES_bsdcpio = "${bindir}/bsdcpio" +FILES:bsdcpio = "${bindir}/bsdcpio" -ALTERNATIVE_bsdcpio = "cpio" +ALTERNATIVE:bsdcpio = "cpio" ALTERNATIVE_LINK_NAME[cpio] = "${base_bindir}/cpio" ALTERNATIVE_TARGET[cpio] = "${bindir}/bsdcpio" |