Date: Tuesday, March 29, 2022 @ 14:29:24 Author: eworm Revision: 440888
archrelease: copy trunk to testing-x86_64 Added: libarchive/repos/testing-x86_64/ libarchive/repos/testing-x86_64/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch (from rev 440887, libarchive/trunk/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch) libarchive/repos/testing-x86_64/PKGBUILD (from rev 440887, libarchive/trunk/PKGBUILD) -----------------------------------------------------------------+ 0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch | 27 +++++ PKGBUILD | 49 ++++++++++ 2 files changed, 76 insertions(+) Copied: libarchive/repos/testing-x86_64/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch (from rev 440887, libarchive/trunk/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch) =================================================================== --- testing-x86_64/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch (rev 0) +++ testing-x86_64/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch 2022-03-29 14:29:24 UTC (rev 440888) @@ -0,0 +1,27 @@ +From cfaa28168a07ea4a53276b63068f94fce37d6aff Mon Sep 17 00:00:00 2001 +From: Tim Kientzle <kient...@acm.org> +Date: Thu, 24 Mar 2022 10:35:00 +0100 +Subject: [PATCH 1/1] ZIP reader: fix possible out-of-bounds read in + zipx_lzma_alone_init() + +Fixes #1672 +--- + libarchive/archive_read_support_format_zip.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c +index 38ada70b..9d6c900b 100644 +--- a/libarchive/archive_read_support_format_zip.c ++++ b/libarchive/archive_read_support_format_zip.c +@@ -1667,7 +1667,7 @@ zipx_lzma_alone_init(struct archive_read *a, struct zip *zip) + */ + + /* Read magic1,magic2,lzma_params from the ZIPX stream. */ +- if((p = __archive_read_ahead(a, 9, NULL)) == NULL) { ++ if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) { + archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, + "Truncated lzma data"); + return (ARCHIVE_FATAL); +-- +2.35.1 + Copied: libarchive/repos/testing-x86_64/PKGBUILD (from rev 440887, libarchive/trunk/PKGBUILD) =================================================================== --- testing-x86_64/PKGBUILD (rev 0) +++ testing-x86_64/PKGBUILD 2022-03-29 14:29:24 UTC (rev 440888) @@ -0,0 +1,49 @@ +# Maintainer: Bartłomiej Piotrowski <bpiotrow...@archlinux.org> +# Maintainer: Dan McGee <d...@archlinux.org> + +pkgname=libarchive +pkgver=3.6.0 +pkgrel=2 +pkgdesc='Multi-format archive and compression library' +arch=('x86_64') +url='https://libarchive.org/' +license=('BSD') +depends=('acl' 'libacl.so' 'bzip2' 'expat' 'lz4' 'openssl' 'xz' 'zlib' 'zstd') +provides=('libarchive.so') +options=('debug') +validpgpkeys=('A5A45B12AD92D964B89EEE2DEC560C81CEC2276E') # Martin Matuska <m...@freebsd.org> +source=("https://github.com/${pkgname}/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"{,.asc} + '0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch') +sha256sums=('df283917799cb88659a5b33c0a598f04352d61936abcd8a48fe7b64e74950de7' + 'SKIP' + 'fb0ccefdce771ac1f19e4d2f991f6ed4201313f55af0dcbb3abb0e7b0f25696e') + +prepare() { + cd "${pkgname}-${pkgver}" + + patch -Np1 < ../0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch +} + +build() { + cd "${pkgname}-${pkgver}" + + ./configure \ + --prefix=/usr \ + --without-xml2 \ + --without-nettle \ + --disable-static + make +} + +check() { + cd "${pkgname}-${pkgver}" + + make check +} + +package() { + cd "${pkgname}-${pkgver}" + + make DESTDIR="$pkgdir" install + install -Dm0644 COPYING "$pkgdir/usr/share/licenses/libarchive/COPYING" +}