[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1

Tue, 20 Feb 2024 08:36:34 -0800 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17818898#comment-17818898
 ] 

Tilman Hausherr edited comment on COMPRESS-661 at 2/20/24 4:35 PM:
-------------------------------------------------------------------

Might be this one:
https://github.com/apache/commons-compress/commit/92d382e3cd6f1199340121ee8ad3bdf95f2154d0
FilterInputStream delegates markSupported(), but InputStream returns false. If 
I'm right then the solution would be to return false instead of not having 
markSupported() in ArchiveInputStream.


was (Author: tilman):
Might be this one:
https://github.com/apache/commons-compress/commit/92d382e3cd6f1199340121ee8ad3bdf95f2154d0
FilterInputStream delegates markSupported(), while InputStream returns false. 
If I'm right then the solution would be to return false.

> commons-compress 1.26.0 breaks Apache Tika 2.9.1
> ------------------------------------------------
>
>                 Key: COMPRESS-661
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-661
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>    Affects Versions: 1.26.0
>            Reporter: Alexander Veit
>            Priority: Critical
>         Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our 
> deployments in order to fix these security vulnerabilities. But unfortunately 
> now Apache Tika is broken:
> {noformat}
>   org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from 
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
>     at 
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
>     at 
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
>     at 
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
>     at app//org.apache.tika.Tika.parseToString(Tika.java:525)
>     at app//org.apache.tika.Tika.parseToString(Tika.java:495)
>     at ...
>   Caused by: java.io.IOException: Resetting to invalid mark
>     at 
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
>     at 
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
>     at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
>     ... 42 more
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to