Date: Saturday, February 11, 2017 @ 10:10:07 Author: pierre Revision: 288602
archrelease: copy trunk to staging-i686, staging-x86_64 Added: libarchive/repos/staging-i686/ libarchive/repos/staging-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (from rev 288601, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch) libarchive/repos/staging-i686/0002-fixes-a-heap-buffer-overflow.patch (from rev 288601, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch) libarchive/repos/staging-i686/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch (from rev 288601, libarchive/trunk/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch) libarchive/repos/staging-i686/0020-Add-support-for-building-with-OpenSSL-1.1.patch (from rev 288601, libarchive/trunk/0020-Add-support-for-building-with-OpenSSL-1.1.patch) libarchive/repos/staging-i686/PKGBUILD (from rev 288601, libarchive/trunk/PKGBUILD) libarchive/repos/staging-x86_64/ libarchive/repos/staging-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (from rev 288601, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch) libarchive/repos/staging-x86_64/0002-fixes-a-heap-buffer-overflow.patch (from rev 288601, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch) libarchive/repos/staging-x86_64/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch (from rev 288601, libarchive/trunk/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch) libarchive/repos/staging-x86_64/0020-Add-support-for-building-with-OpenSSL-1.1.patch (from rev 288601, libarchive/trunk/0020-Add-support-for-building-with-OpenSSL-1.1.patch) libarchive/repos/staging-x86_64/PKGBUILD (from rev 288601, libarchive/trunk/PKGBUILD) --------------------------------------------------------------------------------------+ staging-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch | 190 ++++ staging-i686/0002-fixes-a-heap-buffer-overflow.patch | 24 staging-i686/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch | 205 +++++ staging-i686/0020-Add-support-for-building-with-OpenSSL-1.1.patch | 394 ++++++++++ staging-i686/PKGBUILD | 64 + staging-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch | 190 ++++ staging-x86_64/0002-fixes-a-heap-buffer-overflow.patch | 24 staging-x86_64/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch | 205 +++++ staging-x86_64/0020-Add-support-for-building-with-OpenSSL-1.1.patch | 394 ++++++++++ staging-x86_64/PKGBUILD | 64 + 10 files changed, 1754 insertions(+) Copied: libarchive/repos/staging-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (from rev 288601, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch) =================================================================== --- staging-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (rev 0) +++ staging-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,190 @@ +From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001 +From: Peter Wu <pe...@lekensteyn.nl> +Date: Fri, 23 Dec 2016 12:45:43 +0100 +Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives + +Assume that anything with a trailing slash is a directory. This avoids +creating regular files when a directory is expected and could occur +when the External File Attributes (EFA) field in the Central Directory +contains bogus values: + + - Jar file: observed to have OS MS-DOS (0) and EFA 0. + - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010. + After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least + it successfully creates a directory instead of a regular file. + +A test case has been added for the first case (based on +test_read_format_zip_nofiletype). +--- + Makefile.am | 2 + + libarchive/archive_read_support_format_zip.c | 36 ++++++++------- + libarchive/test/CMakeLists.txt | 1 + + libarchive/test/test_read_format_zip_jar.c | 59 +++++++++++++++++++++++++ + libarchive/test/test_read_format_zip_jar.jar.uu | 6 +++ + 5 files changed, 88 insertions(+), 16 deletions(-) + create mode 100644 libarchive/test/test_read_format_zip_jar.c + create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu + +diff --git a/Makefile.am b/Makefile.am +index 614f864..6ed0495 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \ + libarchive/test/test_read_format_zip_encryption_header.c \ + libarchive/test/test_read_format_zip_filename.c \ + libarchive/test/test_read_format_zip_high_compression.c \ ++ libarchive/test/test_read_format_zip_jar.c \ + libarchive/test/test_read_format_zip_mac_metadata.c \ + libarchive/test/test_read_format_zip_malformed.c \ + libarchive/test/test_read_format_zip_msdos.c \ +@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \ + libarchive/test/test_read_format_zip_high_compression.zip.uu \ + libarchive/test/test_read_format_zip_length_at_end.zip.uu \ ++ libarchive/test/test_read_format_zip_jar.jar.uu \ + libarchive/test/test_read_format_zip_mac_metadata.zip.uu \ + libarchive/test/test_read_format_zip_malformed1.zip.uu \ + libarchive/test/test_read_format_zip_msdos.zip.uu \ +diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c +index 9796fca..d19e791 100644 +--- a/libarchive/archive_read_support_format_zip.c ++++ b/libarchive/archive_read_support_format_zip.c +@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry, + zip_entry->mode |= AE_IFREG; + } + +- if ((zip_entry->mode & AE_IFMT) == 0) { +- /* Especially in streaming mode, we can end up +- here without having seen proper mode information. +- Guess from the filename. */ ++ /* If the mode is totally empty, set some sane default. */ ++ if (zip_entry->mode == 0) { ++ zip_entry->mode |= 0664; ++ } ++ ++ /* Make sure that entries with a trailing '/' are marked as directories ++ * even if the External File Attributes contains bogus values. If this ++ * is not a directory and there is no type, assume regularfile. */ ++ if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) { ++ int has_slash; ++ + wp = archive_entry_pathname_w(entry); + if (wp != NULL) { + len = wcslen(wp); +- if (len > 0 && wp[len - 1] == L'/') +- zip_entry->mode |= AE_IFDIR; +- else +- zip_entry->mode |= AE_IFREG; ++ has_slash = len > 0 && wp[len - 1] == L'/'; + } else { + cp = archive_entry_pathname(entry); + len = (cp != NULL)?strlen(cp):0; +- if (len > 0 && cp[len - 1] == '/') +- zip_entry->mode |= AE_IFDIR; +- else +- zip_entry->mode |= AE_IFREG; ++ has_slash = len > 0 && cp[len - 1] == '/'; + } +- if (zip_entry->mode == AE_IFDIR) { +- zip_entry->mode |= 0775; +- } else if (zip_entry->mode == AE_IFREG) { +- zip_entry->mode |= 0664; ++ /* Correct file type as needed. */ ++ if (has_slash) { ++ zip_entry->mode &= ~AE_IFMT; ++ zip_entry->mode |= AE_IFDIR; ++ zip_entry->mode |= 0111; ++ } else if ((zip_entry->mode & AE_IFMT) == 0) { ++ zip_entry->mode |= AE_IFREG; + } + } + +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index ab9a8a4..3c2671d 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -169,6 +169,7 @@ IF(ENABLE_TEST) + test_read_format_zip_encryption_partially.c + test_read_format_zip_filename.c + test_read_format_zip_high_compression.c ++ test_read_format_zip_jar.c + test_read_format_zip_mac_metadata.c + test_read_format_zip_malformed.c + test_read_format_zip_msdos.c +diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c +new file mode 100644 +index 0000000..ffb520e +--- /dev/null ++++ b/libarchive/test/test_read_format_zip_jar.c +@@ -0,0 +1,59 @@ ++/*- ++ * Copyright (c) 2016 Peter Wu ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++__FBSDID("$FreeBSD$"); ++ ++/* ++ * Issue 822: jar files have an empty External File Attributes field which ++ * is misinterpreted as regular file type due to OS MS-DOS. ++ */ ++ ++DEFINE_TEST(test_read_format_zip_jar) ++{ ++ const char *refname = "test_read_format_zip_jar.jar"; ++ char *p; ++ size_t s; ++ struct archive *a; ++ struct archive_entry *ae; ++ char data[16]; ++ ++ extract_reference_file(refname); ++ p = slurpfile(&s, refname); ++ ++ assert((a = archive_read_new()) != NULL); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a)); ++ assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1)); ++ ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); ++ assertEqualString("somedir/", archive_entry_pathname(ae)); ++ assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae)); ++ assertEqualInt(0, archive_entry_size(ae)); ++ assertEqualIntA(a, 0, archive_read_data(a, data, 16)); ++ ++ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a)); ++ free(p); ++} +diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu +new file mode 100644 +index 0000000..0778c93 +--- /dev/null ++++ b/libarchive/test/test_read_format_zip_jar.jar.uu +@@ -0,0 +1,6 @@ ++begin 640 test_read_format_zip_jar.jar ++M4$L#! H @ $AQETD ( 0 <V]M961I<B_^R@ 4$L! ++M @H "@ " 2'&720 @ ! '-O ++@;65D:7(O_LH %!+!08 0 ! #H J ++ ++end Copied: libarchive/repos/staging-i686/0002-fixes-a-heap-buffer-overflow.patch (from rev 288601, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch) =================================================================== --- staging-i686/0002-fixes-a-heap-buffer-overflow.patch (rev 0) +++ staging-i686/0002-fixes-a-heap-buffer-overflow.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,24 @@ +From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001 +From: Martin Matuska <mar...@matuska.org> +Date: Thu, 19 Jan 2017 22:00:18 +0100 +Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1() + Fixes a heap buffer overflow reported in Secunia SA74169 + +--- + libarchive/archive_read_support_format_lha.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c +index 52a5531..d77a7c2 100644 +--- a/libarchive/archive_read_support_format_lha.c ++++ b/libarchive/archive_read_support_format_lha.c +@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) + /* Get a real compressed file size. */ + lha->compsize -= extdsize - 2; + ++ if (lha->compsize < 0) ++ goto invalid; /* Invalid compressed file size */ ++ + if (sum_calculated != headersum) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "LHa header sum error"); Copied: libarchive/repos/staging-i686/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch (from rev 288601, libarchive/trunk/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch) =================================================================== --- staging-i686/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch (rev 0) +++ staging-i686/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,205 @@ +From aa8f77083954fe0f41327ab856be59c370d4c13b Mon Sep 17 00:00:00 2001 +From: Brad King <brad.k...@kitware.com> +Date: Thu, 17 Nov 2016 15:26:41 -0500 +Subject: [PATCH 019/149] Add infrastructure to adapt between OpenSSL 1.1 and + older versions + +Add private forwarding headers for `openssl/{evp,hmac}.h` to give us a +central place to add adaptation code to work across multiple +incompatible OpenSSL versions. Provide compatibility implementations of +some OpenSSL 1.1 APIs when using older OpenSSL versions. +--- + Makefile.am | 2 ++ + libarchive/CMakeLists.txt | 2 ++ + libarchive/archive_cryptor_private.h | 2 +- + libarchive/archive_digest_private.h | 2 +- + libarchive/archive_hmac_private.h | 2 +- + libarchive/archive_openssl_evp_private.h | 51 ++++++++++++++++++++++++++++++ + libarchive/archive_openssl_hmac_private.h | 52 +++++++++++++++++++++++++++++++ + 7 files changed, 110 insertions(+), 3 deletions(-) + create mode 100644 libarchive/archive_openssl_evp_private.h + create mode 100644 libarchive/archive_openssl_hmac_private.h + +diff --git a/Makefile.am b/Makefile.am +index 441bdbb9..68fbc076 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -118,6 +118,8 @@ libarchive_la_SOURCES= \ + libarchive/archive_hmac.c \ + libarchive/archive_hmac_private.h \ + libarchive/archive_match.c \ ++ libarchive/archive_openssl_evp_private.h \ ++ libarchive/archive_openssl_hmac_private.h \ + libarchive/archive_options.c \ + libarchive/archive_options_private.h \ + libarchive/archive_pack_dev.h \ +diff --git a/libarchive/CMakeLists.txt b/libarchive/CMakeLists.txt +index 4cc9a2ca..744be433 100644 +--- a/libarchive/CMakeLists.txt ++++ b/libarchive/CMakeLists.txt +@@ -38,6 +38,8 @@ SET(libarchive_SOURCES + archive_hmac.c + archive_hmac_private.h + archive_match.c ++ archive_openssl_evp_private.h ++ archive_openssl_hmac_private.h + archive_options.c + archive_options_private.h + archive_pack_dev.h +diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h +index 37eaad36..1c1a8c0d 100644 +--- a/libarchive/archive_cryptor_private.h ++++ b/libarchive/archive_cryptor_private.h +@@ -99,7 +99,7 @@ typedef struct { + } archive_crypto_ctx; + + #elif defined(HAVE_LIBCRYPTO) +-#include <openssl/evp.h> ++#include "archive_openssl_evp_private.h" + #define AES_BLOCK_SIZE 16 + #define AES_MAX_KEY_SIZE 32 + +diff --git a/libarchive/archive_digest_private.h b/libarchive/archive_digest_private.h +index 77fad580..00697ae5 100644 +--- a/libarchive/archive_digest_private.h ++++ b/libarchive/archive_digest_private.h +@@ -134,7 +134,7 @@ + defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) ||\ + defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) + #define ARCHIVE_CRYPTO_OPENSSL 1 +-#include <openssl/evp.h> ++#include "archive_openssl_evp_private.h" + #endif + + /* Windows crypto headers */ +diff --git a/libarchive/archive_hmac_private.h b/libarchive/archive_hmac_private.h +index 64de743c..f36d6940 100644 +--- a/libarchive/archive_hmac_private.h ++++ b/libarchive/archive_hmac_private.h +@@ -70,7 +70,7 @@ typedef struct { + typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; + + #elif defined(HAVE_LIBCRYPTO) +-#include <openssl/hmac.h> ++#include "archive_openssl_hmac_private.h" + + typedef HMAC_CTX archive_hmac_sha1_ctx; + +diff --git a/libarchive/archive_openssl_evp_private.h b/libarchive/archive_openssl_evp_private.h +new file mode 100644 +index 00000000..0e97e276 +--- /dev/null ++++ b/libarchive/archive_openssl_evp_private.h +@@ -0,0 +1,51 @@ ++/*- ++ * Copyright (c) 2003-2007 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED ++#define ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED ++ ++#include <openssl/evp.h> ++#include <openssl/opensslv.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#include <stdlib.h> /* malloc, free */ ++#include <string.h> /* memset */ ++static inline EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ EVP_MD_CTX *ctx = (EVP_MD_CTX *)malloc(sizeof(EVP_MD_CTX)); ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++ return ctx; ++} ++ ++static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ memset(ctx, 0, sizeof(*ctx)); ++ free(ctx); ++} ++#endif ++ ++#endif +diff --git a/libarchive/archive_openssl_hmac_private.h b/libarchive/archive_openssl_hmac_private.h +new file mode 100644 +index 00000000..d4ae0d17 +--- /dev/null ++++ b/libarchive/archive_openssl_hmac_private.h +@@ -0,0 +1,52 @@ ++/*- ++ * Copyright (c) 2003-2007 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED ++#define ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED ++ ++#include <openssl/hmac.h> ++#include <openssl/opensslv.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#include <stdlib.h> /* malloc, free */ ++#include <string.h> /* memset */ ++static inline HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof(HMAC_CTX)); ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_init(ctx); ++ } ++ return ctx; ++} ++ ++static inline void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ HMAC_CTX_cleanup(ctx); ++ memset(ctx, 0, sizeof(*ctx)); ++ free(ctx); ++} ++#endif ++ ++#endif +-- +2.11.1 + Copied: libarchive/repos/staging-i686/0020-Add-support-for-building-with-OpenSSL-1.1.patch (from rev 288601, libarchive/trunk/0020-Add-support-for-building-with-OpenSSL-1.1.patch) =================================================================== --- staging-i686/0020-Add-support-for-building-with-OpenSSL-1.1.patch (rev 0) +++ staging-i686/0020-Add-support-for-building-with-OpenSSL-1.1.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,394 @@ +From 89a6ed13be1c8813764c40ea2c42c472ec3aabf9 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tm...@redhat.com> +Date: Thu, 17 Nov 2016 15:44:44 -0500 +Subject: [PATCH 020/149] Add support for building with OpenSSL 1.1 + +OpenSSL 1.1 made some CTX structures opaque. Port our code to use the +structures only through pointers via OpenSSL 1.1 APIs. Use our adaption +layer to make this work with OpenSSL 1.0 and below. + +Closes: #810 +Patch-from: https://bugzilla.redhat.com/1383744 +--- + libarchive/archive_cryptor.c | 9 +++-- + libarchive/archive_cryptor_private.h | 2 +- + libarchive/archive_digest.c | 74 ++++++++++++++++++++++++++---------- + libarchive/archive_digest_private.h | 12 +++--- + libarchive/archive_hmac.c | 14 ++++--- + libarchive/archive_hmac_private.h | 2 +- + 6 files changed, 75 insertions(+), 38 deletions(-) + +diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c +index 0be30c60..2a51dfe1 100644 +--- a/libarchive/archive_cryptor.c ++++ b/libarchive/archive_cryptor.c +@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx) + static int + aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) + { ++ ctx->ctx = EVP_CIPHER_CTX_new(); + + switch (key_len) { + case 16: ctx->type = EVP_aes_128_ecb(); break; +@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) + memcpy(ctx->key, key, key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + ctx->encr_pos = AES_BLOCK_SIZE; +- EVP_CIPHER_CTX_init(&ctx->ctx); ++ EVP_CIPHER_CTX_init(ctx->ctx); + return 0; + } + +@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) + int outl = 0; + int r; + +- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL); ++ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL); + if (r == 0) + return -1; +- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, ++ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, + AES_BLOCK_SIZE); + if (r == 0 || outl != AES_BLOCK_SIZE) + return -1; +@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) + static int + aes_ctr_release(archive_crypto_ctx *ctx) + { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + memset(ctx->key, 0, ctx->key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + return 0; +diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h +index 1c1a8c0d..0ca544b5 100644 +--- a/libarchive/archive_cryptor_private.h ++++ b/libarchive/archive_cryptor_private.h +@@ -104,7 +104,7 @@ typedef struct { + #define AES_MAX_KEY_SIZE 32 + + typedef struct { +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *type; + uint8_t key[AES_MAX_KEY_SIZE]; + unsigned key_len; +diff --git a/libarchive/archive_digest.c b/libarchive/archive_digest.c +index f009d317..41539230 100644 +--- a/libarchive/archive_digest.c ++++ b/libarchive/archive_digest.c +@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ctx *ctx, void *md) + static int + __archive_openssl_md5init(archive_md5_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_md5()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_md5()); + return (ARCHIVE_OK); + } + +@@ -215,7 +217,7 @@ static int + __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_ctx *ctx, void *md) + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_rmd160_ctx *ctx, void *md) + static int + __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_ripemd160()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_ripemd160()); + return (ARCHIVE_OK); + } + +@@ -367,14 +374,18 @@ static int + __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_ctx *ctx, void *md) + static int + __archive_openssl_sha1init(archive_sha1_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha1()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha1()); + return (ARCHIVE_OK); + } + +@@ -517,7 +530,7 @@ static int + __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1_ctx *ctx, void *md) + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha256_ctx *ctx, void *md) + static int + __archive_openssl_sha256init(archive_sha256_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha256()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha256()); + return (ARCHIVE_OK); + } + +@@ -741,14 +759,18 @@ static int + __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha384_ctx *ctx, void *md) + static int + __archive_openssl_sha384init(archive_sha384_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha384()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha384()); + return (ARCHIVE_OK); + } + +@@ -936,14 +960,18 @@ static int + __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha512_ctx *ctx, void *md) + static int + __archive_openssl_sha512init(archive_sha512_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha512()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha512()); + return (ARCHIVE_OK); + } + +@@ -1155,14 +1185,18 @@ static int + __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +diff --git a/libarchive/archive_digest_private.h b/libarchive/archive_digest_private.h +index 00697ae5..b58ffb34 100644 +--- a/libarchive/archive_digest_private.h ++++ b/libarchive/archive_digest_private.h +@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) + typedef struct md5_ctx archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) +-typedef EVP_MD_CTX archive_md5_ctx; ++typedef EVP_MD_CTX *archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_WIN) + typedef Digest_CTX archive_md5_ctx; + #else +@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx; + #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) + typedef struct ripemd160_ctx archive_rmd160_ctx; + #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) +-typedef EVP_MD_CTX archive_rmd160_ctx; ++typedef EVP_MD_CTX *archive_rmd160_ctx; + #else + typedef unsigned char archive_rmd160_ctx; + #endif +@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) + typedef struct sha1_ctx archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) +-typedef EVP_MD_CTX archive_sha1_ctx; ++typedef EVP_MD_CTX *archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_WIN) + typedef Digest_CTX archive_sha1_ctx; + #else +@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) + typedef struct sha256_ctx archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) +-typedef EVP_MD_CTX archive_sha256_ctx; ++typedef EVP_MD_CTX *archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_WIN) + typedef Digest_CTX archive_sha256_ctx; + #else +@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) + typedef struct sha384_ctx archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) +-typedef EVP_MD_CTX archive_sha384_ctx; ++typedef EVP_MD_CTX *archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_WIN) + typedef Digest_CTX archive_sha384_ctx; + #else +@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) + typedef struct sha512_ctx archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) +-typedef EVP_MD_CTX archive_sha512_ctx; ++typedef EVP_MD_CTX *archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_WIN) + typedef Digest_CTX archive_sha512_ctx; + #else +diff --git a/libarchive/archive_hmac.c b/libarchive/archive_hmac.c +index 7857c0ff..1e0ae283 100644 +--- a/libarchive/archive_hmac.c ++++ b/libarchive/archive_hmac.c +@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) + static int + __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) + { +- HMAC_CTX_init(ctx); +- HMAC_Init(ctx, key, key_len, EVP_sha1()); ++ *ctx = HMAC_CTX_new(); ++ if (*ctx == NULL) ++ return -1; ++ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL); + return 0; + } + +@@ -185,22 +187,22 @@ static void + __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, + size_t data_len) + { +- HMAC_Update(ctx, data, data_len); ++ HMAC_Update(*ctx, data, data_len); + } + + static void + __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) + { + unsigned int len = (unsigned int)*out_len; +- HMAC_Final(ctx, out, &len); ++ HMAC_Final(*ctx, out, &len); + *out_len = len; + } + + static void + __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) + { +- HMAC_CTX_cleanup(ctx); +- memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_free(*ctx); ++ *ctx = NULL; + } + + #else +diff --git a/libarchive/archive_hmac_private.h b/libarchive/archive_hmac_private.h +index f36d6940..eb45c4ef 100644 +--- a/libarchive/archive_hmac_private.h ++++ b/libarchive/archive_hmac_private.h +@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; + #elif defined(HAVE_LIBCRYPTO) + #include "archive_openssl_hmac_private.h" + +-typedef HMAC_CTX archive_hmac_sha1_ctx; ++typedef HMAC_CTX* archive_hmac_sha1_ctx; + + #else + +-- +2.11.1 + Copied: libarchive/repos/staging-i686/PKGBUILD (from rev 288601, libarchive/trunk/PKGBUILD) =================================================================== --- staging-i686/PKGBUILD (rev 0) +++ staging-i686/PKGBUILD 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,64 @@ +# $Id$ +# Maintainer: Dan McGee <d...@archlinux.org> + +pkgname=libarchive +pkgver=3.2.2 +pkgrel=5 +pkgdesc="library that can create and read several streaming archive formats" +arch=('i686' 'x86_64') +url="http://libarchive.org/" +license=('BSD') +depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib') +options=('strip' 'debug' 'libtool') +provides=('libarchive.so') +source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz" + '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch' + '0002-fixes-a-heap-buffer-overflow.patch' + '0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch' + '0020-Add-support-for-building-with-OpenSSL-1.1.patch') +sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4' + '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5' + 'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4' + '1f19b9e8f46657edcaf185ad8686a42a37ba34be630e2c04cb5c03cfb7596bed' + '458b94b24e8332df34db8a2d832ee96ffb19740bc718040ecbea3025a20a27e5') + +prepare() { + cd "$pkgname-$pkgver" + + # Issue #822: Try harder to detect directories in zip archives + patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch + + # Fail with negative lha->compsize in lha_read_file_header_1() + # Fixes a heap buffer overflow reported in Secunia SA74169 + patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch + + # Fix compatibility with OpenSSL 1.1 + patch -p1 -i "$srcdir/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch" + patch -p1 -i "$srcdir/0020-Add-support-for-building-with-OpenSSL-1.1.patch" +} + +build() { + cd "$pkgname-$pkgver" + + autoreconf -fi + ./configure \ + --prefix=/usr \ + --without-xml2 \ + --without-nettle + + make +} + +check() { + cd "$pkgname-$pkgver" + + # bsdcpio_test fails + #make check +} + +package() { + cd "$pkgname-$pkgver" + + make DESTDIR="$pkgdir" install + install -D -m644 COPYING "$pkgdir"/usr/share/licenses/libarchive/COPYING +} Copied: libarchive/repos/staging-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (from rev 288601, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch) =================================================================== --- staging-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (rev 0) +++ staging-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,190 @@ +From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001 +From: Peter Wu <pe...@lekensteyn.nl> +Date: Fri, 23 Dec 2016 12:45:43 +0100 +Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives + +Assume that anything with a trailing slash is a directory. This avoids +creating regular files when a directory is expected and could occur +when the External File Attributes (EFA) field in the Central Directory +contains bogus values: + + - Jar file: observed to have OS MS-DOS (0) and EFA 0. + - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010. + After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least + it successfully creates a directory instead of a regular file. + +A test case has been added for the first case (based on +test_read_format_zip_nofiletype). +--- + Makefile.am | 2 + + libarchive/archive_read_support_format_zip.c | 36 ++++++++------- + libarchive/test/CMakeLists.txt | 1 + + libarchive/test/test_read_format_zip_jar.c | 59 +++++++++++++++++++++++++ + libarchive/test/test_read_format_zip_jar.jar.uu | 6 +++ + 5 files changed, 88 insertions(+), 16 deletions(-) + create mode 100644 libarchive/test/test_read_format_zip_jar.c + create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu + +diff --git a/Makefile.am b/Makefile.am +index 614f864..6ed0495 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \ + libarchive/test/test_read_format_zip_encryption_header.c \ + libarchive/test/test_read_format_zip_filename.c \ + libarchive/test/test_read_format_zip_high_compression.c \ ++ libarchive/test/test_read_format_zip_jar.c \ + libarchive/test/test_read_format_zip_mac_metadata.c \ + libarchive/test/test_read_format_zip_malformed.c \ + libarchive/test/test_read_format_zip_msdos.c \ +@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\ + libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \ + libarchive/test/test_read_format_zip_high_compression.zip.uu \ + libarchive/test/test_read_format_zip_length_at_end.zip.uu \ ++ libarchive/test/test_read_format_zip_jar.jar.uu \ + libarchive/test/test_read_format_zip_mac_metadata.zip.uu \ + libarchive/test/test_read_format_zip_malformed1.zip.uu \ + libarchive/test/test_read_format_zip_msdos.zip.uu \ +diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c +index 9796fca..d19e791 100644 +--- a/libarchive/archive_read_support_format_zip.c ++++ b/libarchive/archive_read_support_format_zip.c +@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry, + zip_entry->mode |= AE_IFREG; + } + +- if ((zip_entry->mode & AE_IFMT) == 0) { +- /* Especially in streaming mode, we can end up +- here without having seen proper mode information. +- Guess from the filename. */ ++ /* If the mode is totally empty, set some sane default. */ ++ if (zip_entry->mode == 0) { ++ zip_entry->mode |= 0664; ++ } ++ ++ /* Make sure that entries with a trailing '/' are marked as directories ++ * even if the External File Attributes contains bogus values. If this ++ * is not a directory and there is no type, assume regularfile. */ ++ if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) { ++ int has_slash; ++ + wp = archive_entry_pathname_w(entry); + if (wp != NULL) { + len = wcslen(wp); +- if (len > 0 && wp[len - 1] == L'/') +- zip_entry->mode |= AE_IFDIR; +- else +- zip_entry->mode |= AE_IFREG; ++ has_slash = len > 0 && wp[len - 1] == L'/'; + } else { + cp = archive_entry_pathname(entry); + len = (cp != NULL)?strlen(cp):0; +- if (len > 0 && cp[len - 1] == '/') +- zip_entry->mode |= AE_IFDIR; +- else +- zip_entry->mode |= AE_IFREG; ++ has_slash = len > 0 && cp[len - 1] == '/'; + } +- if (zip_entry->mode == AE_IFDIR) { +- zip_entry->mode |= 0775; +- } else if (zip_entry->mode == AE_IFREG) { +- zip_entry->mode |= 0664; ++ /* Correct file type as needed. */ ++ if (has_slash) { ++ zip_entry->mode &= ~AE_IFMT; ++ zip_entry->mode |= AE_IFDIR; ++ zip_entry->mode |= 0111; ++ } else if ((zip_entry->mode & AE_IFMT) == 0) { ++ zip_entry->mode |= AE_IFREG; + } + } + +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index ab9a8a4..3c2671d 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -169,6 +169,7 @@ IF(ENABLE_TEST) + test_read_format_zip_encryption_partially.c + test_read_format_zip_filename.c + test_read_format_zip_high_compression.c ++ test_read_format_zip_jar.c + test_read_format_zip_mac_metadata.c + test_read_format_zip_malformed.c + test_read_format_zip_msdos.c +diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c +new file mode 100644 +index 0000000..ffb520e +--- /dev/null ++++ b/libarchive/test/test_read_format_zip_jar.c +@@ -0,0 +1,59 @@ ++/*- ++ * Copyright (c) 2016 Peter Wu ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++__FBSDID("$FreeBSD$"); ++ ++/* ++ * Issue 822: jar files have an empty External File Attributes field which ++ * is misinterpreted as regular file type due to OS MS-DOS. ++ */ ++ ++DEFINE_TEST(test_read_format_zip_jar) ++{ ++ const char *refname = "test_read_format_zip_jar.jar"; ++ char *p; ++ size_t s; ++ struct archive *a; ++ struct archive_entry *ae; ++ char data[16]; ++ ++ extract_reference_file(refname); ++ p = slurpfile(&s, refname); ++ ++ assert((a = archive_read_new()) != NULL); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a)); ++ assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1)); ++ ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae)); ++ assertEqualString("somedir/", archive_entry_pathname(ae)); ++ assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae)); ++ assertEqualInt(0, archive_entry_size(ae)); ++ assertEqualIntA(a, 0, archive_read_data(a, data, 16)); ++ ++ assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a)); ++ free(p); ++} +diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu +new file mode 100644 +index 0000000..0778c93 +--- /dev/null ++++ b/libarchive/test/test_read_format_zip_jar.jar.uu +@@ -0,0 +1,6 @@ ++begin 640 test_read_format_zip_jar.jar ++M4$L#! H @ $AQETD ( 0 <V]M961I<B_^R@ 4$L! ++M @H "@ " 2'&720 @ ! '-O ++@;65D:7(O_LH %!+!08 0 ! #H J ++ ++end Copied: libarchive/repos/staging-x86_64/0002-fixes-a-heap-buffer-overflow.patch (from rev 288601, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch) =================================================================== --- staging-x86_64/0002-fixes-a-heap-buffer-overflow.patch (rev 0) +++ staging-x86_64/0002-fixes-a-heap-buffer-overflow.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,24 @@ +From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001 +From: Martin Matuska <mar...@matuska.org> +Date: Thu, 19 Jan 2017 22:00:18 +0100 +Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1() + Fixes a heap buffer overflow reported in Secunia SA74169 + +--- + libarchive/archive_read_support_format_lha.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c +index 52a5531..d77a7c2 100644 +--- a/libarchive/archive_read_support_format_lha.c ++++ b/libarchive/archive_read_support_format_lha.c +@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) + /* Get a real compressed file size. */ + lha->compsize -= extdsize - 2; + ++ if (lha->compsize < 0) ++ goto invalid; /* Invalid compressed file size */ ++ + if (sum_calculated != headersum) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, + "LHa header sum error"); Copied: libarchive/repos/staging-x86_64/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch (from rev 288601, libarchive/trunk/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch) =================================================================== --- staging-x86_64/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch (rev 0) +++ staging-x86_64/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,205 @@ +From aa8f77083954fe0f41327ab856be59c370d4c13b Mon Sep 17 00:00:00 2001 +From: Brad King <brad.k...@kitware.com> +Date: Thu, 17 Nov 2016 15:26:41 -0500 +Subject: [PATCH 019/149] Add infrastructure to adapt between OpenSSL 1.1 and + older versions + +Add private forwarding headers for `openssl/{evp,hmac}.h` to give us a +central place to add adaptation code to work across multiple +incompatible OpenSSL versions. Provide compatibility implementations of +some OpenSSL 1.1 APIs when using older OpenSSL versions. +--- + Makefile.am | 2 ++ + libarchive/CMakeLists.txt | 2 ++ + libarchive/archive_cryptor_private.h | 2 +- + libarchive/archive_digest_private.h | 2 +- + libarchive/archive_hmac_private.h | 2 +- + libarchive/archive_openssl_evp_private.h | 51 ++++++++++++++++++++++++++++++ + libarchive/archive_openssl_hmac_private.h | 52 +++++++++++++++++++++++++++++++ + 7 files changed, 110 insertions(+), 3 deletions(-) + create mode 100644 libarchive/archive_openssl_evp_private.h + create mode 100644 libarchive/archive_openssl_hmac_private.h + +diff --git a/Makefile.am b/Makefile.am +index 441bdbb9..68fbc076 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -118,6 +118,8 @@ libarchive_la_SOURCES= \ + libarchive/archive_hmac.c \ + libarchive/archive_hmac_private.h \ + libarchive/archive_match.c \ ++ libarchive/archive_openssl_evp_private.h \ ++ libarchive/archive_openssl_hmac_private.h \ + libarchive/archive_options.c \ + libarchive/archive_options_private.h \ + libarchive/archive_pack_dev.h \ +diff --git a/libarchive/CMakeLists.txt b/libarchive/CMakeLists.txt +index 4cc9a2ca..744be433 100644 +--- a/libarchive/CMakeLists.txt ++++ b/libarchive/CMakeLists.txt +@@ -38,6 +38,8 @@ SET(libarchive_SOURCES + archive_hmac.c + archive_hmac_private.h + archive_match.c ++ archive_openssl_evp_private.h ++ archive_openssl_hmac_private.h + archive_options.c + archive_options_private.h + archive_pack_dev.h +diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h +index 37eaad36..1c1a8c0d 100644 +--- a/libarchive/archive_cryptor_private.h ++++ b/libarchive/archive_cryptor_private.h +@@ -99,7 +99,7 @@ typedef struct { + } archive_crypto_ctx; + + #elif defined(HAVE_LIBCRYPTO) +-#include <openssl/evp.h> ++#include "archive_openssl_evp_private.h" + #define AES_BLOCK_SIZE 16 + #define AES_MAX_KEY_SIZE 32 + +diff --git a/libarchive/archive_digest_private.h b/libarchive/archive_digest_private.h +index 77fad580..00697ae5 100644 +--- a/libarchive/archive_digest_private.h ++++ b/libarchive/archive_digest_private.h +@@ -134,7 +134,7 @@ + defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) ||\ + defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) + #define ARCHIVE_CRYPTO_OPENSSL 1 +-#include <openssl/evp.h> ++#include "archive_openssl_evp_private.h" + #endif + + /* Windows crypto headers */ +diff --git a/libarchive/archive_hmac_private.h b/libarchive/archive_hmac_private.h +index 64de743c..f36d6940 100644 +--- a/libarchive/archive_hmac_private.h ++++ b/libarchive/archive_hmac_private.h +@@ -70,7 +70,7 @@ typedef struct { + typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; + + #elif defined(HAVE_LIBCRYPTO) +-#include <openssl/hmac.h> ++#include "archive_openssl_hmac_private.h" + + typedef HMAC_CTX archive_hmac_sha1_ctx; + +diff --git a/libarchive/archive_openssl_evp_private.h b/libarchive/archive_openssl_evp_private.h +new file mode 100644 +index 00000000..0e97e276 +--- /dev/null ++++ b/libarchive/archive_openssl_evp_private.h +@@ -0,0 +1,51 @@ ++/*- ++ * Copyright (c) 2003-2007 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED ++#define ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED ++ ++#include <openssl/evp.h> ++#include <openssl/opensslv.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#include <stdlib.h> /* malloc, free */ ++#include <string.h> /* memset */ ++static inline EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ EVP_MD_CTX *ctx = (EVP_MD_CTX *)malloc(sizeof(EVP_MD_CTX)); ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++ return ctx; ++} ++ ++static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ memset(ctx, 0, sizeof(*ctx)); ++ free(ctx); ++} ++#endif ++ ++#endif +diff --git a/libarchive/archive_openssl_hmac_private.h b/libarchive/archive_openssl_hmac_private.h +new file mode 100644 +index 00000000..d4ae0d17 +--- /dev/null ++++ b/libarchive/archive_openssl_hmac_private.h +@@ -0,0 +1,52 @@ ++/*- ++ * Copyright (c) 2003-2007 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED ++#define ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED ++ ++#include <openssl/hmac.h> ++#include <openssl/opensslv.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#include <stdlib.h> /* malloc, free */ ++#include <string.h> /* memset */ ++static inline HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof(HMAC_CTX)); ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_init(ctx); ++ } ++ return ctx; ++} ++ ++static inline void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ HMAC_CTX_cleanup(ctx); ++ memset(ctx, 0, sizeof(*ctx)); ++ free(ctx); ++} ++#endif ++ ++#endif +-- +2.11.1 + Copied: libarchive/repos/staging-x86_64/0020-Add-support-for-building-with-OpenSSL-1.1.patch (from rev 288601, libarchive/trunk/0020-Add-support-for-building-with-OpenSSL-1.1.patch) =================================================================== --- staging-x86_64/0020-Add-support-for-building-with-OpenSSL-1.1.patch (rev 0) +++ staging-x86_64/0020-Add-support-for-building-with-OpenSSL-1.1.patch 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,394 @@ +From 89a6ed13be1c8813764c40ea2c42c472ec3aabf9 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tm...@redhat.com> +Date: Thu, 17 Nov 2016 15:44:44 -0500 +Subject: [PATCH 020/149] Add support for building with OpenSSL 1.1 + +OpenSSL 1.1 made some CTX structures opaque. Port our code to use the +structures only through pointers via OpenSSL 1.1 APIs. Use our adaption +layer to make this work with OpenSSL 1.0 and below. + +Closes: #810 +Patch-from: https://bugzilla.redhat.com/1383744 +--- + libarchive/archive_cryptor.c | 9 +++-- + libarchive/archive_cryptor_private.h | 2 +- + libarchive/archive_digest.c | 74 ++++++++++++++++++++++++++---------- + libarchive/archive_digest_private.h | 12 +++--- + libarchive/archive_hmac.c | 14 ++++--- + libarchive/archive_hmac_private.h | 2 +- + 6 files changed, 75 insertions(+), 38 deletions(-) + +diff --git a/libarchive/archive_cryptor.c b/libarchive/archive_cryptor.c +index 0be30c60..2a51dfe1 100644 +--- a/libarchive/archive_cryptor.c ++++ b/libarchive/archive_cryptor.c +@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx) + static int + aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) + { ++ ctx->ctx = EVP_CIPHER_CTX_new(); + + switch (key_len) { + case 16: ctx->type = EVP_aes_128_ecb(); break; +@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) + memcpy(ctx->key, key, key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + ctx->encr_pos = AES_BLOCK_SIZE; +- EVP_CIPHER_CTX_init(&ctx->ctx); ++ EVP_CIPHER_CTX_init(ctx->ctx); + return 0; + } + +@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) + int outl = 0; + int r; + +- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL); ++ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL); + if (r == 0) + return -1; +- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, ++ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, + AES_BLOCK_SIZE); + if (r == 0 || outl != AES_BLOCK_SIZE) + return -1; +@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_ctx *ctx) + static int + aes_ctr_release(archive_crypto_ctx *ctx) + { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + memset(ctx->key, 0, ctx->key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + return 0; +diff --git a/libarchive/archive_cryptor_private.h b/libarchive/archive_cryptor_private.h +index 1c1a8c0d..0ca544b5 100644 +--- a/libarchive/archive_cryptor_private.h ++++ b/libarchive/archive_cryptor_private.h +@@ -104,7 +104,7 @@ typedef struct { + #define AES_MAX_KEY_SIZE 32 + + typedef struct { +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *type; + uint8_t key[AES_MAX_KEY_SIZE]; + unsigned key_len; +diff --git a/libarchive/archive_digest.c b/libarchive/archive_digest.c +index f009d317..41539230 100644 +--- a/libarchive/archive_digest.c ++++ b/libarchive/archive_digest.c +@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ctx *ctx, void *md) + static int + __archive_openssl_md5init(archive_md5_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_md5()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_md5()); + return (ARCHIVE_OK); + } + +@@ -215,7 +217,7 @@ static int + __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_ctx *ctx, void *md) + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_rmd160_ctx *ctx, void *md) + static int + __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_ripemd160()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_ripemd160()); + return (ARCHIVE_OK); + } + +@@ -367,14 +374,18 @@ static int + __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_ctx *ctx, void *md) + static int + __archive_openssl_sha1init(archive_sha1_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha1()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha1()); + return (ARCHIVE_OK); + } + +@@ -517,7 +530,7 @@ static int + __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1_ctx *ctx, void *md) + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha256_ctx *ctx, void *md) + static int + __archive_openssl_sha256init(archive_sha256_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha256()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha256()); + return (ARCHIVE_OK); + } + +@@ -741,14 +759,18 @@ static int + __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha384_ctx *ctx, void *md) + static int + __archive_openssl_sha384init(archive_sha384_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha384()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha384()); + return (ARCHIVE_OK); + } + +@@ -936,14 +960,18 @@ static int + __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha512_ctx *ctx, void *md) + static int + __archive_openssl_sha512init(archive_sha512_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha512()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha512()); + return (ARCHIVE_OK); + } + +@@ -1155,14 +1185,18 @@ static int + __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +diff --git a/libarchive/archive_digest_private.h b/libarchive/archive_digest_private.h +index 00697ae5..b58ffb34 100644 +--- a/libarchive/archive_digest_private.h ++++ b/libarchive/archive_digest_private.h +@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) + typedef struct md5_ctx archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) +-typedef EVP_MD_CTX archive_md5_ctx; ++typedef EVP_MD_CTX *archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_WIN) + typedef Digest_CTX archive_md5_ctx; + #else +@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx; + #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) + typedef struct ripemd160_ctx archive_rmd160_ctx; + #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) +-typedef EVP_MD_CTX archive_rmd160_ctx; ++typedef EVP_MD_CTX *archive_rmd160_ctx; + #else + typedef unsigned char archive_rmd160_ctx; + #endif +@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) + typedef struct sha1_ctx archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) +-typedef EVP_MD_CTX archive_sha1_ctx; ++typedef EVP_MD_CTX *archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_WIN) + typedef Digest_CTX archive_sha1_ctx; + #else +@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) + typedef struct sha256_ctx archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) +-typedef EVP_MD_CTX archive_sha256_ctx; ++typedef EVP_MD_CTX *archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_WIN) + typedef Digest_CTX archive_sha256_ctx; + #else +@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) + typedef struct sha384_ctx archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) +-typedef EVP_MD_CTX archive_sha384_ctx; ++typedef EVP_MD_CTX *archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_WIN) + typedef Digest_CTX archive_sha384_ctx; + #else +@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) + typedef struct sha512_ctx archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) +-typedef EVP_MD_CTX archive_sha512_ctx; ++typedef EVP_MD_CTX *archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_WIN) + typedef Digest_CTX archive_sha512_ctx; + #else +diff --git a/libarchive/archive_hmac.c b/libarchive/archive_hmac.c +index 7857c0ff..1e0ae283 100644 +--- a/libarchive/archive_hmac.c ++++ b/libarchive/archive_hmac.c +@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) + static int + __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) + { +- HMAC_CTX_init(ctx); +- HMAC_Init(ctx, key, key_len, EVP_sha1()); ++ *ctx = HMAC_CTX_new(); ++ if (*ctx == NULL) ++ return -1; ++ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL); + return 0; + } + +@@ -185,22 +187,22 @@ static void + __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, + size_t data_len) + { +- HMAC_Update(ctx, data, data_len); ++ HMAC_Update(*ctx, data, data_len); + } + + static void + __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) + { + unsigned int len = (unsigned int)*out_len; +- HMAC_Final(ctx, out, &len); ++ HMAC_Final(*ctx, out, &len); + *out_len = len; + } + + static void + __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) + { +- HMAC_CTX_cleanup(ctx); +- memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_free(*ctx); ++ *ctx = NULL; + } + + #else +diff --git a/libarchive/archive_hmac_private.h b/libarchive/archive_hmac_private.h +index f36d6940..eb45c4ef 100644 +--- a/libarchive/archive_hmac_private.h ++++ b/libarchive/archive_hmac_private.h +@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; + #elif defined(HAVE_LIBCRYPTO) + #include "archive_openssl_hmac_private.h" + +-typedef HMAC_CTX archive_hmac_sha1_ctx; ++typedef HMAC_CTX* archive_hmac_sha1_ctx; + + #else + +-- +2.11.1 + Copied: libarchive/repos/staging-x86_64/PKGBUILD (from rev 288601, libarchive/trunk/PKGBUILD) =================================================================== --- staging-x86_64/PKGBUILD (rev 0) +++ staging-x86_64/PKGBUILD 2017-02-11 10:10:07 UTC (rev 288602) @@ -0,0 +1,64 @@ +# $Id$ +# Maintainer: Dan McGee <d...@archlinux.org> + +pkgname=libarchive +pkgver=3.2.2 +pkgrel=5 +pkgdesc="library that can create and read several streaming archive formats" +arch=('i686' 'x86_64') +url="http://libarchive.org/" +license=('BSD') +depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib') +options=('strip' 'debug' 'libtool') +provides=('libarchive.so') +source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz" + '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch' + '0002-fixes-a-heap-buffer-overflow.patch' + '0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch' + '0020-Add-support-for-building-with-OpenSSL-1.1.patch') +sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4' + '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5' + 'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4' + '1f19b9e8f46657edcaf185ad8686a42a37ba34be630e2c04cb5c03cfb7596bed' + '458b94b24e8332df34db8a2d832ee96ffb19740bc718040ecbea3025a20a27e5') + +prepare() { + cd "$pkgname-$pkgver" + + # Issue #822: Try harder to detect directories in zip archives + patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch + + # Fail with negative lha->compsize in lha_read_file_header_1() + # Fixes a heap buffer overflow reported in Secunia SA74169 + patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch + + # Fix compatibility with OpenSSL 1.1 + patch -p1 -i "$srcdir/0019-Add-infrastructure-to-adapt-between-OpenSSL-1.1-and-.patch" + patch -p1 -i "$srcdir/0020-Add-support-for-building-with-OpenSSL-1.1.patch" +} + +build() { + cd "$pkgname-$pkgver" + + autoreconf -fi + ./configure \ + --prefix=/usr \ + --without-xml2 \ + --without-nettle + + make +} + +check() { + cd "$pkgname-$pkgver" + + # bsdcpio_test fails + #make check +} + +package() { + cd "$pkgname-$pkgver" + + make DESTDIR="$pkgdir" install + install -D -m644 COPYING "$pkgdir"/usr/share/licenses/libarchive/COPYING +}