Date: Monday, February 20, 2017 @ 08:17:08 Author: eworm Revision: 289313
upgpkg: libarchive 3.3.0-1 new upstream release Modified: libarchive/trunk/PKGBUILD Deleted: libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch libarchive/trunk/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch libarchive/trunk/0020-Add-support-for-building-with-OpenSSL-1.1.patch -----------------------------------------------------------------------+ 0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch | 190 ---- 0002-fixes-a-heap-buffer-overflow.patch | 24 0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch | 205 ----- 0020-Add-support-for-building-with-OpenSSL-1.1.patch | 394 ---------- PKGBUILD | 31 5 files changed, 4 insertions(+), 840 deletions(-) Deleted: 0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch =================================================================== --- 0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch 2017-02-20 08:16:41 UTC (rev 289312) +++ 0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch 2017-02-20 08:17:08 UTC (rev 289313) @@ -1,190 +0,0 @@ -From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001 -From: Peter Wu <[email protected]> -Date: Fri, 23 Dec 2016 12:45:43 +0100 -Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives - -Assume that anything with a trailing slash is a directory. This avoids -creating regular files when a directory is expected and could occur -when the External File Attributes (EFA) field in the Central Directory -contains bogus values: - - - Jar file: observed to have OS MS-DOS (0) and EFA 0. - - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010. - After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least - it successfully creates a directory instead of a regular file. - -A test case has been added for the first case (based on -test_read_format_zip_nofiletype). ---- - Makefile.am | 2 + - libarchive/archive_read_support_format_zip.c | 36 ++++++++------- - libarchive/test/CMakeLists.txt | 1 + - libarchive/test/test_read_format_zip_jar.c | 59 +++++++++++++++++++++++++ - libarchive/test/test_read_format_zip_jar.jar.uu | 6 +++ - 5 files changed, 88 insertions(+), 16 deletions(-) - create mode 100644 libarchive/test/test_read_format_zip_jar.c - create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu - -diff --git a/Makefile.am b/Makefile.am -index 614f864..6ed0495 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \ - libarchive/test/test_read_format_zip_encryption_header.c \ - libarchive/test/test_read_format_zip_filename.c \ - libarchive/test/test_read_format_zip_high_compression.c \ -+ libarchive/test/test_read_format_zip_jar.c \ - libarchive/test/test_read_format_zip_mac_metadata.c \ - libarchive/test/test_read_format_zip_malformed.c \ - libarchive/test/test_read_format_zip_msdos.c \ -@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\ - libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \ - libarchive/test/test_read_format_zip_high_compression.zip.uu \ - libarchive/test/test_read_format_zip_length_at_end.zip.uu \ -+ libarchive/test/test_read_format_zip_jar.jar.uu \ - libarchive/test/test_read_format_zip_mac_metadata.zip.uu \ - libarchive/test/test_read_format_zip_malformed1.zip.uu \ - libarchive/test/test_read_format_zip_msdos.zip.uu \ -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 9796fca..d19e791 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry, - zip_entry->mode |= AE_IFREG; - } - -- if ((zip_entry->mode & AE_IFMT) == 0) { -- /* Especially in streaming mode, we can end up -- here without having seen proper mode information. -- Guess from the filename. */ -+ /* If the mode is totally empty, set some sane default. */ -+ if (zip_entry->mode == 0) { -+ zip_entry->mode |= 0664; -+ } -+ -+ /* Make sure that entries with a trailing '/' are marked as directories -+ * even if the External File Attributes contains bogus values. If this -+ * is not a directory and there is no type, assume regularfile. */ -+ if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) { -+ int has_slash; -+ - wp = archive_entry_pathname_w(entry); - if (wp != NULL) { - len = wcslen(wp); -- if (len > 0 && wp[len - 1] == L'/') -- zip_entry->mode |= AE_IFDIR; -- else -- zip_entry->mode |= AE_IFREG; -+ has_slash = len > 0 && wp[len - 1] == L'/'; - } else { - cp = archive_entry_pathname(entry); - len = (cp != NULL)?strlen(cp):0; -- if (len > 0 && cp[len - 1] == '/') -- zip_entry->mode |= AE_IFDIR; -- else -- zip_entry->mode |= AE_IFREG; -+ has_slash = len > 0 && cp[len - 1] == '/'; - } -- if (zip_entry->mode == AE_IFDIR) { -- zip_entry->mode |= 0775; -- } else if (zip_entry->mode == AE_IFREG) { -- zip_entry->mode |= 0664; -+ /* Correct file type as needed. */ -+ if (has_slash) { -+ zip_entry->mode &= ~AE_IFMT; -+ zip_entry->mode |= AE_IFDIR; -+ zip_entry->mode |= 0111; -+ } else if ((zip_entry->mode & AE_IFMT) == 0) { -+ zip_entry->mode |= AE_IFREG; - } - } - -diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt -index ab9a8a4..3c2671d 100644 ---- a/libarchive/test/CMakeLists.txt -+++ b/libarchive/test/CMakeLists.txt -@@ -169,6 +169,7 @@ IF(ENABLE_TEST) - test_read_format_zip_encryption_partially.c - test_read_format_zip_filename.c - test_read_format_zip_high_compression.c -+ test_read_format_zip_jar.c - test_read_format_zip_mac_metadata.c - test_read_format_zip_malformed.c - test_read_format_zip_msdos.c -diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c -new file mode 100644 -index 0000000..ffb520e ---- /dev/null -+++ b/libarchive/test/test_read_format_zip_jar.c -@@ -0,0 +1,59 @@ -+/*- -+ * Copyright (c) 2016 Peter Wu -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+#include "test.h" -+__FBSDID("$FreeBSD$"); -+ -+/* -+ * Issue 822: jar files have an empty External File Attributes field which -+ * is misinterpreted as regular file type due to OS MS-DOS. -+ */ -+ -+DEFINE_TEST(test_read_format_zip_jar) -+{ -+ const char *refname = "test_read_format_zip_jar.jar"; -+ char *p; -+ size_t s; -+ struct archive *a; -+ struct archive_entry *ae; -+ char data[16]; -+ -+ extract_reference_file(refname); -+ p = slurpfile(&s, refname); -+ -+ assert((a = archive_read_new()) != NULL); -+ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a)); -+ assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1)); -+ -+ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); -+ assertEqualString("somedir/", archive_entry_pathname(ae)); -+ assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae)); -+ assertEqualInt(0, archive_entry_size(ae)); -+ assertEqualIntA(a, 0, archive_read_data(a, data, 16)); -+ -+ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); -+ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); -+ assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a)); -+ free(p); -+} -diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu -new file mode 100644 -index 0000000..0778c93 ---- /dev/null -+++ b/libarchive/test/test_read_format_zip_jar.jar.uu -@@ -0,0 +1,6 @@ -+begin 640 test_read_format_zip_jar.jar -+M4$L#! H @ $AQETD ( 0 <V]M961I<B_^R@ 4$L! -+M @H "@ " 2'&720 @ ! '-O -+@;65D:7(O_LH %!+!08 0 ! #H J -+ -+end Deleted: 0002-fixes-a-heap-buffer-overflow.patch =================================================================== --- 0002-fixes-a-heap-buffer-overflow.patch 2017-02-20 08:16:41 UTC (rev 289312) +++ 0002-fixes-a-heap-buffer-overflow.patch 2017-02-20 08:17:08 UTC (rev 289313) @@ -1,24 +0,0 @@ -From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001 -From: Martin Matuska <[email protected]> -Date: Thu, 19 Jan 2017 22:00:18 +0100 -Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1() - Fixes a heap buffer overflow reported in Secunia SA74169 - ---- - libarchive/archive_read_support_format_lha.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c -index 52a5531..d77a7c2 100644 ---- a/libarchive/archive_read_support_format_lha.c -+++ b/libarchive/archive_read_support_format_lha.c -@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) - /* Get a real compressed file size. */ - lha->compsize -= extdsize - 2; - -+ if (lha->compsize < 0) -+ goto invalid; /* Invalid compressed file size */ -+ - if (sum_calculated != headersum) { - archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "LHa header sum error"); Deleted: 0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch =================================================================== --- 0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch 2017-02-20 08:16:41 UTC (rev 289312) +++ 0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch 2017-02-20 08:17:08 UTC (rev 289313) @@ -1,205 +0,0 @@ -From aa8f77083954fe0f41327ab856be59c370d4c13b Mon Sep 17 00:00:00 2001 -From: Brad King <[email protected]> -Date: Thu, 17 Nov 2016 15:26:41 -0500 -Subject: [PATCH 019/149] Add infrastructure to adapt between OpenSSL 1.1 and - older versions - -Add private forwarding headers for `openssl/{evp,hmac}.h` to give us a -central place to add adaptation code to work across multiple -incompatible OpenSSL versions. Provide compatibility implementations of -some OpenSSL 1.1 APIs when using older OpenSSL versions. ---- - Makefile.am | 2 ++ - libarchive/CMakeLists.txt | 2 ++ - libarchive/archive_cryptor_private.h | 2 +- - libarchive/archive_digest_private.h | 2 +- - libarchive/archive_hmac_private.h | 2 +- - libarchive/archive_openssl_evp_private.h | 51 ++++++++++++++++++++++++++++++ - libarchive/archive_openssl_hmac_private.h | 52 +++++++++++++++++++++++++++++++ - 7 files changed, 110 insertions(+), 3 deletions(-) - create mode 100644 libarchive/archive_openssl_evp_private.h - create mode 100644 libarchive/archive_openssl_hmac_private.h - -diff --git a/Makefile.am b/Makefile.am -index 441bdbb9..68fbc076 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -118,6 +118,8 @@ libarchive_la_SOURCES= \ - libarchive/archive_hmac.c \ - libarchive/archive_hmac_private.h \ - libarchive/archive_match.c \ -+ libarchive/archive_openssl_evp_private.h \ -+ libarchive/archive_openssl_hmac_private.h \ - libarchive/archive_options.c \ - libarchive/archive_options_private.h \ - libarchive/archive_pack_dev.h \ -diff --git a/libarchive/CMakeLists.txt b/libarchive/CMakeLists.txt -index 4cc9a2ca..744be433 100644 ---- a/libarchive/CMakeLists.txt -+++ b/libarchive/CMakeLists.txt -@@ -38,6 +38,8 @@ SET(libarchive_SOURCES - archive_hmac.c - archive_hmac_private.h - archive_match.c -+ archive_openssl_evp_private.h -+ archive_openssl_hmac_private.h - archive_options.c - archive_options_private.h - archive_pack_dev.h -diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h -index 37eaad36..1c1a8c0d 100644 ---- a/libarchive/archive_cryptor_private.h -+++ b/libarchive/archive_cryptor_private.h -@@ -99,7 +99,7 @@ typedef struct { - } archive_crypto_ctx; - - #elif defined(HAVE_LIBCRYPTO) --#include <openssl/evp.h> -+#include "archive_openssl_evp_private.h" - #define AES_BLOCK_SIZE 16 - #define AES_MAX_KEY_SIZE 32 - -diff --git a/libarchive/archive_digest_private.h b/libarchive/archive_digest_private.h -index 77fad580..00697ae5 100644 ---- a/libarchive/archive_digest_private.h -+++ b/libarchive/archive_digest_private.h -@@ -134,7 +134,7 @@ - defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) ||\ - defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) - #define ARCHIVE_CRYPTO_OPENSSL 1 --#include <openssl/evp.h> -+#include "archive_openssl_evp_private.h" - #endif - - /* Windows crypto headers */ -diff --git a/libarchive/archive_hmac_private.h b/libarchive/archive_hmac_private.h -index 64de743c..f36d6940 100644 ---- a/libarchive/archive_hmac_private.h -+++ b/libarchive/archive_hmac_private.h -@@ -70,7 +70,7 @@ typedef struct { - typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; - - #elif defined(HAVE_LIBCRYPTO) --#include <openssl/hmac.h> -+#include "archive_openssl_hmac_private.h" - - typedef HMAC_CTX archive_hmac_sha1_ctx; - -diff --git a/libarchive/archive_openssl_evp_private.h b/libarchive/archive_openssl_evp_private.h -new file mode 100644 -index 00000000..0e97e276 ---- /dev/null -+++ b/libarchive/archive_openssl_evp_private.h -@@ -0,0 +1,51 @@ -+/*- -+ * Copyright (c) 2003-2007 Tim Kientzle -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+#ifndef ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED -+#define ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED -+ -+#include <openssl/evp.h> -+#include <openssl/opensslv.h> -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#include <stdlib.h> /* malloc, free */ -+#include <string.h> /* memset */ -+static inline EVP_MD_CTX *EVP_MD_CTX_new(void) -+{ -+ EVP_MD_CTX *ctx = (EVP_MD_CTX *)malloc(sizeof(EVP_MD_CTX)); -+ if (ctx != NULL) { -+ memset(ctx, 0, sizeof(*ctx)); -+ } -+ return ctx; -+} -+ -+static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -+{ -+ EVP_MD_CTX_cleanup(ctx); -+ memset(ctx, 0, sizeof(*ctx)); -+ free(ctx); -+} -+#endif -+ -+#endif -diff --git a/libarchive/archive_openssl_hmac_private.h b/libarchive/archive_openssl_hmac_private.h -new file mode 100644 -index 00000000..d4ae0d17 ---- /dev/null -+++ b/libarchive/archive_openssl_hmac_private.h -@@ -0,0 +1,52 @@ -+/*- -+ * Copyright (c) 2003-2007 Tim Kientzle -+ * All rights reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions -+ * are met: -+ * 1. Redistributions of source code must retain the above copyright -+ * notice, this list of conditions and the following disclaimer. -+ * 2. Redistributions in binary form must reproduce the above copyright -+ * notice, this list of conditions and the following disclaimer in the -+ * documentation and/or other materials provided with the distribution. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR -+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, -+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -+ */ -+#ifndef ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED -+#define ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED -+ -+#include <openssl/hmac.h> -+#include <openssl/opensslv.h> -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+#include <stdlib.h> /* malloc, free */ -+#include <string.h> /* memset */ -+static inline HMAC_CTX *HMAC_CTX_new(void) -+{ -+ HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof(HMAC_CTX)); -+ if (ctx != NULL) { -+ memset(ctx, 0, sizeof(*ctx)); -+ HMAC_CTX_init(ctx); -+ } -+ return ctx; -+} -+ -+static inline void HMAC_CTX_free(HMAC_CTX *ctx) -+{ -+ HMAC_CTX_cleanup(ctx); -+ memset(ctx, 0, sizeof(*ctx)); -+ free(ctx); -+} -+#endif -+ -+#endif --- -2.11.1 - Deleted: 0020-Add-support-for-building-with-OpenSSL-1.1.patch =================================================================== --- 0020-Add-support-for-building-with-OpenSSL-1.1.patch 2017-02-20 08:16:41 UTC (rev 289312) +++ 0020-Add-support-for-building-with-OpenSSL-1.1.patch 2017-02-20 08:17:08 UTC (rev 289313) @@ -1,394 +0,0 @@ -From 89a6ed13be1c8813764c40ea2c42c472ec3aabf9 Mon Sep 17 00:00:00 2001 -From: Tomas Mraz <[email protected]> -Date: Thu, 17 Nov 2016 15:44:44 -0500 -Subject: [PATCH 020/149] Add support for building with OpenSSL 1.1 - -OpenSSL 1.1 made some CTX structures opaque. Port our code to use the -structures only through pointers via OpenSSL 1.1 APIs. Use our adaption -layer to make this work with OpenSSL 1.0 and below. - -Closes: #810 -Patch-from: https://bugzilla.redhat.com/1383744 ---- - libarchive/archive_cryptor.c | 9 +++-- - libarchive/archive_cryptor_private.h | 2 +- - libarchive/archive_digest.c | 74 ++++++++++++++++++++++++++---------- - libarchive/archive_digest_private.h | 12 +++--- - libarchive/archive_hmac.c | 14 ++++--- - libarchive/archive_hmac_private.h | 2 +- - 6 files changed, 75 insertions(+), 38 deletions(-) - -diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c -index 0be30c60..2a51dfe1 100644 ---- a/libarchive/archive_cryptor.c -+++ b/libarchive/archive_cryptor.c -@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx) - static int - aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) - { -+ ctx->ctx = EVP_CIPHER_CTX_new(); - - switch (key_len) { - case 16: ctx->type = EVP_aes_128_ecb(); break; -@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) - memcpy(ctx->key, key, key_len); - memset(ctx->nonce, 0, sizeof(ctx->nonce)); - ctx->encr_pos = AES_BLOCK_SIZE; -- EVP_CIPHER_CTX_init(&ctx->ctx); -+ EVP_CIPHER_CTX_init(ctx->ctx); - return 0; - } - -@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) - int outl = 0; - int r; - -- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL); -+ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL); - if (r == 0) - return -1; -- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, -+ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, - AES_BLOCK_SIZE); - if (r == 0 || outl != AES_BLOCK_SIZE) - return -1; -@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) - static int - aes_ctr_release(archive_crypto_ctx *ctx) - { -- EVP_CIPHER_CTX_cleanup(&ctx->ctx); -+ EVP_CIPHER_CTX_free(ctx->ctx); - memset(ctx->key, 0, ctx->key_len); - memset(ctx->nonce, 0, sizeof(ctx->nonce)); - return 0; -diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h -index 1c1a8c0d..0ca544b5 100644 ---- a/libarchive/archive_cryptor_private.h -+++ b/libarchive/archive_cryptor_private.h -@@ -104,7 +104,7 @@ typedef struct { - #define AES_MAX_KEY_SIZE 32 - - typedef struct { -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *type; - uint8_t key[AES_MAX_KEY_SIZE]; - unsigned key_len; -diff --git a/libarchive/archive_digest.c b/libarchive/archive_digest.c -index f009d317..41539230 100644 ---- a/libarchive/archive_digest.c -+++ b/libarchive/archive_digest.c -@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ctx *ctx, void *md) - static int - __archive_openssl_md5init(archive_md5_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_md5()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_md5()); - return (ARCHIVE_OK); - } - -@@ -215,7 +217,7 @@ static int - __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - -@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_ctx *ctx, void *md) - * this is meant to cope with that. Real fix is probably to fix - * archive_write_set_format_xar.c - */ -- if (ctx->digest) -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_rmd160_ctx *ctx, void *md) - static int - __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_ripemd160()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_ripemd160()); - return (ARCHIVE_OK); - } - -@@ -367,14 +374,18 @@ static int - __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_ctx *ctx, void *md) - static int - __archive_openssl_sha1init(archive_sha1_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha1()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha1()); - return (ARCHIVE_OK); - } - -@@ -517,7 +530,7 @@ static int - __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - -@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1_ctx *ctx, void *md) - * this is meant to cope with that. Real fix is probably to fix - * archive_write_set_format_xar.c - */ -- if (ctx->digest) -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha256_ctx *ctx, void *md) - static int - __archive_openssl_sha256init(archive_sha256_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha256()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha256()); - return (ARCHIVE_OK); - } - -@@ -741,14 +759,18 @@ static int - __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha384_ctx *ctx, void *md) - static int - __archive_openssl_sha384init(archive_sha384_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha384()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha384()); - return (ARCHIVE_OK); - } - -@@ -936,14 +960,18 @@ static int - __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha512_ctx *ctx, void *md) - static int - __archive_openssl_sha512init(archive_sha512_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha512()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha512()); - return (ARCHIVE_OK); - } - -@@ -1155,14 +1185,18 @@ static int - __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -diff --git a/libarchive/archive_digest_private.h b/libarchive/archive_digest_private.h -index 00697ae5..b58ffb34 100644 ---- a/libarchive/archive_digest_private.h -+++ b/libarchive/archive_digest_private.h -@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx; - #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) - typedef struct md5_ctx archive_md5_ctx; - #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) --typedef EVP_MD_CTX archive_md5_ctx; -+typedef EVP_MD_CTX *archive_md5_ctx; - #elif defined(ARCHIVE_CRYPTO_MD5_WIN) - typedef Digest_CTX archive_md5_ctx; - #else -@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx; - #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) - typedef struct ripemd160_ctx archive_rmd160_ctx; - #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) --typedef EVP_MD_CTX archive_rmd160_ctx; -+typedef EVP_MD_CTX *archive_rmd160_ctx; - #else - typedef unsigned char archive_rmd160_ctx; - #endif -@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) - typedef struct sha1_ctx archive_sha1_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) --typedef EVP_MD_CTX archive_sha1_ctx; -+typedef EVP_MD_CTX *archive_sha1_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA1_WIN) - typedef Digest_CTX archive_sha1_ctx; - #else -@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) - typedef struct sha256_ctx archive_sha256_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) --typedef EVP_MD_CTX archive_sha256_ctx; -+typedef EVP_MD_CTX *archive_sha256_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA256_WIN) - typedef Digest_CTX archive_sha256_ctx; - #else -@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) - typedef struct sha384_ctx archive_sha384_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) --typedef EVP_MD_CTX archive_sha384_ctx; -+typedef EVP_MD_CTX *archive_sha384_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA384_WIN) - typedef Digest_CTX archive_sha384_ctx; - #else -@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) - typedef struct sha512_ctx archive_sha512_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) --typedef EVP_MD_CTX archive_sha512_ctx; -+typedef EVP_MD_CTX *archive_sha512_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA512_WIN) - typedef Digest_CTX archive_sha512_ctx; - #else -diff --git a/libarchive/archive_hmac.c b/libarchive/archive_hmac.c -index 7857c0ff..1e0ae283 100644 ---- a/libarchive/archive_hmac.c -+++ b/libarchive/archive_hmac.c -@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) - static int - __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) - { -- HMAC_CTX_init(ctx); -- HMAC_Init(ctx, key, key_len, EVP_sha1()); -+ *ctx = HMAC_CTX_new(); -+ if (*ctx == NULL) -+ return -1; -+ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL); - return 0; - } - -@@ -185,22 +187,22 @@ static void - __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, - size_t data_len) - { -- HMAC_Update(ctx, data, data_len); -+ HMAC_Update(*ctx, data, data_len); - } - - static void - __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) - { - unsigned int len = (unsigned int)*out_len; -- HMAC_Final(ctx, out, &len); -+ HMAC_Final(*ctx, out, &len); - *out_len = len; - } - - static void - __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) - { -- HMAC_CTX_cleanup(ctx); -- memset(ctx, 0, sizeof(*ctx)); -+ HMAC_CTX_free(*ctx); -+ *ctx = NULL; - } - - #else -diff --git a/libarchive/archive_hmac_private.h b/libarchive/archive_hmac_private.h -index f36d6940..eb45c4ef 100644 ---- a/libarchive/archive_hmac_private.h -+++ b/libarchive/archive_hmac_private.h -@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; - #elif defined(HAVE_LIBCRYPTO) - #include "archive_openssl_hmac_private.h" - --typedef HMAC_CTX archive_hmac_sha1_ctx; -+typedef HMAC_CTX* archive_hmac_sha1_ctx; - - #else - --- -2.11.1 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2017-02-20 08:16:41 UTC (rev 289312) +++ PKGBUILD 2017-02-20 08:17:08 UTC (rev 289313) @@ -2,8 +2,8 @@ # Maintainer: Dan McGee <[email protected]> pkgname=libarchive -pkgver=3.2.2 -pkgrel=5 +pkgver=3.3.0 +pkgrel=1 pkgdesc="library that can create and read several streaming archive formats" arch=('i686' 'x86_64') url="http://libarchive.org/"; @@ -11,32 +11,9 @@ depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib') options=('strip' 'debug' 'libtool') provides=('libarchive.so') -source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"; - '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch' - '0002-fixes-a-heap-buffer-overflow.patch' - '0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch' - '0020-Add-support-for-building-with-OpenSSL-1.1.patch') -sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4' - '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5' - 'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4' - '1f19b9e8f46657edcaf185ad8686a42a37ba34be630e2c04cb5c03cfb7596bed' - '458b94b24e8332df34db8a2d832ee96ffb19740bc718040ecbea3025a20a27e5') +source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz";) +sha256sums=('046045c5d52413579e7dadb2f8464b2ca3feadb9f68380bf535b4885cf32eaee') -prepare() { - cd "$pkgname-$pkgver" - - # Issue #822: Try harder to detect directories in zip archives - patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch - - # Fail with negative lha->compsize in lha_read_file_header_1() - # Fixes a heap buffer overflow reported in Secunia SA74169 - patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch - - # Fix compatibility with OpenSSL 1.1 - patch -p1 -i "$srcdir/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch" - patch -p1 -i "$srcdir/0020-Add-support-for-building-with-OpenSSL-1.1.patch" -} - build() { cd "$pkgname-$pkgver"
