Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package apache-commons-compress for openSUSE:Factory checked in at 2021-07-22 22:42:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/apache-commons-compress (Old) and /work/SRC/openSUSE:Factory/.apache-commons-compress.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "apache-commons-compress" Thu Jul 22 22:42:47 2021 rev:4 rq:907250 version:1.21 Changes: -------- --- /work/SRC/openSUSE:Factory/apache-commons-compress/apache-commons-compress.changes 2019-09-11 10:16:15.319541571 +0200 +++ /work/SRC/openSUSE:Factory/.apache-commons-compress.new.1899/apache-commons-compress.changes 2021-07-22 22:43:08.227217268 +0200 @@ -1,0 +2,28 @@ +Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fst...@suse.com> + +- Updated to 1.21 + * When reading a specially crafted 7Z archive, the construction of + the list of codecs that decompress an entry can result in an + infinite loop. This could be used to mount a denial of service + attack against services that use Compress' sevenz package. + (CVE-2021-35515, bsc#1188463) + * When reading a specially crafted 7Z archive, Compress can be + made to allocate large amounts of memory that finally leads to + an out of memory error even for very small inputs. This could + be used to mount a denial of service attack against services + that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464) + * When reading a specially crafted TAR archive, Compress can be + made to allocate large amounts of memory that finally leads to + an out of memory error even for very small inputs. This could be + used to mount a denial of service attack against services that + use Compress' tar package. (CVE-2021-35517, bsc#1188465) + * When reading a specially crafted ZIP archive, Compress can be + made to allocate large amounts of memory that finally leads to + an out of memory error even for very small inputs. This could + be used to mount a denial of service attack against services + that use Compress' zip package. (CVE-2021-36090, bsc#1188466) +- New dependency on asm3 for Pack200 compressor +- Rebased patch fix_java_8_compatibility.patch to a new context and + added some new ocurrences + +------------------------------------------------------------------- Old: ---- commons-compress-1.19-src.tar.gz commons-compress-1.19-src.tar.gz.asc New: ---- commons-compress-1.21-src.tar.gz commons-compress-1.21-src.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ apache-commons-compress.spec ++++++ --- /var/tmp/diff_new_pack.EKEgv2/_old 2021-07-22 22:43:09.555215537 +0200 +++ /var/tmp/diff_new_pack.EKEgv2/_new 2021-07-22 22:43:09.555215537 +0200 @@ -1,7 +1,7 @@ # -# spec file for package apache +# spec file # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,12 +19,12 @@ %global base_name compress %global short_name commons-%{base_name} Name: apache-%{short_name} -Version: 1.19 +Version: 1.21 Release: 0 Summary: Java API for working with compressed files and archivers License: Apache-2.0 Group: Development/Libraries/Java -URL: http://commons.apache.org/proper/commons-compress/ +URL: https://commons.apache.org/proper/commons-compress/ Source0: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz Source1: http://archive.apache.org/dist/commons/compress/source/%{short_name}-%{version}-src.tar.gz.asc Source2: %{name}-build.xml @@ -32,11 +32,11 @@ Patch1: 0002-Remove-ZSTD-compressor.patch Patch2: fix_java_8_compatibility.patch BuildRequires: ant +BuildRequires: asm3 BuildRequires: fdupes -BuildRequires: java-devel >= 1.7 +BuildRequires: java-devel >= 1.8 BuildRequires: javapackages-local BuildRequires: xz-java -Requires: mvn(org.tukaani:xz) Provides: %{short_name} = %{version}-%{release} Obsoletes: %{short_name} < %{version}-%{release} Provides: jakarta-%{short_name} = %{version}-%{release} @@ -47,7 +47,7 @@ The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. In version 1.14 read-only support for Brotli decompression has been added, -but it has been removed form this package. +but it has been removed from this package. %package javadoc Summary: API documentation for %{name} @@ -74,13 +74,6 @@ # Restore Java 8 compatibility %patch2 -p1 -# remove osgi tests, we don't have deps for them -%pom_remove_dep org.ops4j.pax.exam:::test -%pom_remove_dep :org.apache.felix.framework::test -%pom_remove_dep :javax.inject::test -%pom_remove_dep :slf4j-api::test -rm src/test/java/org/apache/commons/compress/OsgiITest.java - # NPE with jdk10 %pom_remove_plugin :maven-javadoc-plugin @@ -91,7 +84,7 @@ %build mkdir -p lib -build-jar-repository -s lib xz-java +build-jar-repository -s lib xz-java asm3 %{ant} package javadoc %install ++++++ apache-commons-compress-build.xml ++++++ --- /var/tmp/diff_new_pack.EKEgv2/_old 2021-07-22 22:43:09.583215501 +0200 +++ /var/tmp/diff_new_pack.EKEgv2/_new 2021-07-22 22:43:09.583215501 +0200 @@ -9,7 +9,7 @@ <property file="build.properties"/> <property name="build.name" value="commons-compress"/> - <property name="build.version" value="1.19"/> + <property name="build.version" value="1.21"/> <property name="build.finalName" value="${build.name}-${build.version}"/> <property name="build.dir" value="target"/> <property name="build.javadocDir" value="${build.dir}/site/apidocs"/> @@ -18,18 +18,15 @@ <property name="build.resourceDir.0" value="src/main/resources"/> <property name="build.resourceDir.1" value="."/> - <property name="commons.javadoc.javaee.link" value="http://docs.oracle.com/javaee/6/api/"/> - <property name="commons.javadoc.java.link" value="http://docs.oracle.com/javase/7/docs/api/"/> - <property name="commons.osgi.dynamicImport" value=""/> <property name="commons.osgi.excludeDependencies" value="true"/> - <property name="commons.osgi.export" value="org.apache.commons.compress;version="${build.version}",org.apache.commons.compress.archivers;version="${build.version}",org.apache.commons.compress.archivers.ar;version="${build.version}",org.apache.commons.compress.archivers.arj;version="${build.version}",org.apache.commons.compress.archivers.cpio;version="${build.version}",org.apache.commons.compress.archivers.dump;version="${build.version}",org.apache.commons.compress.archivers.examples;version="${build.version}",org.apache.commons.compress.archivers.jar;version="${build.version}",org.apache.commons.compress.archivers.sevenz;version="${build.version}",org.apache.commons.compress.archivers.tar;version="${build.version}",org.apache.commons.compress.archivers.zip;version="${build.version}",org.apache.commons.compress.changes;version="${build.version}",org.apache.commons .compress.compressors;version="${build.version}",org.apache.commons.compress.compressors.bzip2;version="${build.version}",org.apache.commons.compress.compressors.deflate;version="${build.version}",org.apache.commons.compress.compressors.deflate64;version="${build.version}",org.apache.commons.compress.compressors.gzip;version="${build.version}",org.apache.commons.compress.compressors.lz4;version="${build.version}",org.apache.commons.compress.compressors.lz77support;version="${build.version}",org.apache.commons.compress.compressors.lzma;version="${build.version}",org.apache.commons.compress.compressors.lzw;version="${build.version}",org.apache.commons.compress.compressors.pack200;version="${build.version}",org.apache.commons.compress.compressors.snappy;version="${build.version}",org.apache.commons.compress.compressors.xz;version="${build.version}",org.apache.commons. compress.compressors.z;version="${build.version}",org.apache.commons.compress.parallel;version="${build.version}",org.apache.commons.compress.utils;version="${build.version}""/> - <property name="commons.osgi.import" value="org.tukaani.xz;resolution:=optional,javax.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional,org.brotli.dec;resolution:=optional,com.github.luben.zstd;resolution:=optional"/> + <property name="commons.osgi.export" value="org.apache.commons.compress;version="${build.version}",org.apache.commons.compress.archivers;version="${build.version}",org.apache.commons.compress.archivers.ar;version="${build.version}",org.apache.commons.compress.archivers.arj;version="${build.version}",org.apache.commons.compress.archivers.cpio;version="${build.version}",org.apache.commons.compress.archivers.dump;version="${build.version}",org.apache.commons.compress.archivers.examples;version="${build.version}",org.apache.commons.compress.archivers.jar;version="${build.version}",org.apache.commons.compress.archivers.sevenz;version="${build.version}",org.apache.commons.compress.archivers.tar;version="${build.version}",org.apache.commons.compress.archivers.zip;version="${build.version}",org.apache.commons.compress.changes;version="${build.version}",org.apache.commons .compress.compressors;version="${build.version}",org.apache.commons.compress.compressors.bzip2;version="${build.version}",org.apache.commons.compress.compressors.deflate;version="${build.version}",org.apache.commons.compress.compressors.deflate64;version="${build.version}",org.apache.commons.compress.compressors.gzip;version="${build.version}",org.apache.commons.compress.compressors.lz4;version="${build.version}",org.apache.commons.compress.compressors.lz77support;version="${build.version}",org.apache.commons.compress.compressors.lzma;version="${build.version}",org.apache.commons.compress.compressors.lzw;version="${build.version}",org.apache.commons.compress.compressors.pack200;version="${build.version}",org.apache.commons.compress.compressors.snappy;version="${build.version}",org.apache.commons.compress.compressors.xz;version="${build.version}",org.apache.commons. compress.compressors.z;version="${build.version}",org.apache.commons.compress.harmony.archive.internal.nls;version="${build.version}",org.apache.commons.compress.harmony.pack200;version="${build.version}",org.apache.commons.compress.harmony.unpack200;version="${build.version}",org.apache.commons.compress.harmony.unpack200.bytecode;version="${build.version}",org.apache.commons.compress.harmony.unpack200.bytecode.forms;version="${build.version}",org.apache.commons.compress.java.util.jar;version="${build.version}",org.apache.commons.compress.parallel;version="${build.version}",org.apache.commons.compress.utils;version="${build.version}""/> + <property name="commons.osgi.import" value="org.tukaani.xz;resolution:=optional,org.objectweb.asm;resolution:=optional,javax.crypto;resolution:=optional,javax.crypto.spec;resolution:=optional"/> <property name="commons.osgi.private" value=""/> <property name="commons.osgi.symbolicName" value="org.apache.commons.compress"/> - <property name="compiler.source" value="1.7"/> - <property name="compiler.target" value="1.7"/> + <property name="compiler.source" value="1.8"/> + <property name="compiler.target" value="1.8"/> <!-- ====================================================================== --> @@ -108,8 +105,6 @@ linksource="true" breakiterator="false"> <classpath refid="build.classpath"/> - <!-- <link href="${commons.javadoc.java.link}"/> --> - <!-- <link href="${commons.javadoc.javaee.link}"/> --> </javadoc> </target> ++++++ commons-compress-1.19-src.tar.gz -> commons-compress-1.21-src.tar.gz ++++++ /work/SRC/openSUSE:Factory/apache-commons-compress/commons-compress-1.19-src.tar.gz /work/SRC/openSUSE:Factory/.apache-commons-compress.new.1899/commons-compress-1.21-src.tar.gz differ: char 13, line 1 ++++++ fix_java_8_compatibility.patch ++++++ --- /var/tmp/diff_new_pack.EKEgv2/_old 2021-07-22 22:43:09.615215459 +0200 +++ /var/tmp/diff_new_pack.EKEgv2/_new 2021-07-22 22:43:09.615215459 +0200 @@ -1,8 +1,6 @@ -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java -@@ -19,6 +19,7 @@ package org.apache.commons.compress.arch +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/BoundedSeekableByteChannelInputStream.java 2021-07-19 16:32:46.529020782 +0200 +@@ -19,6 +19,7 @@ import java.io.IOException; import java.io.InputStream; @@ -10,7 +8,7 @@ import java.nio.ByteBuffer; import java.nio.channels.SeekableByteChannel; -@@ -69,7 +70,7 @@ class BoundedSeekableByteChannelInputStr +@@ -83,7 +84,7 @@ } else { buf = ByteBuffer.allocate(bytesToRead); bytesRead = channel.read(buf); @@ -19,23 +17,21 @@ } if (bytesRead >= 0) { buf.get(b, off, bytesRead); -@@ -79,9 +80,9 @@ class BoundedSeekableByteChannelInputStr +@@ -93,9 +94,9 @@ } - private int read(int len) throws IOException { + private int read(final int len) throws IOException { - buffer.rewind().limit(len); + ((Buffer)buffer).rewind().limit(len); - int read = channel.read(buffer); + final int read = channel.read(buffer); - buffer.flip(); + ((Buffer)buffer).flip(); return read; } -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java -@@ -25,6 +25,7 @@ import java.io.File; +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZFile.java 2021-07-19 16:20:02.675782684 +0200 +@@ -26,6 +26,7 @@ import java.io.FilterInputStream; import java.io.IOException; import java.io.InputStream; @@ -43,10 +39,19 @@ import java.nio.ByteBuffer; import java.nio.ByteOrder; import java.nio.CharBuffer; -@@ -1305,9 +1306,9 @@ public class SevenZFile implements Close +@@ -499,7 +500,7 @@ + while (pos > minPos) { + pos--; + channel.position(pos); +- nidBuf.rewind(); ++ ((Buffer)nidBuf).rewind(); + if (channel.read(nidBuf) < 1) { + throw new EOFException(); + } +@@ -2016,9 +2017,9 @@ } - private void readFully(ByteBuffer buf) throws IOException { + private void readFully(final ByteBuffer buf) throws IOException { - buf.rewind(); + ((Buffer)buf).rewind(); IOUtils.readFully(channel, buf); @@ -55,19 +60,17 @@ } @Override -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java -@@ -24,6 +24,7 @@ import java.io.DataOutputStream; - import java.io.File; +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/sevenz/SevenZOutputFile.java 2021-07-19 16:14:03.565317437 +0200 +@@ -26,6 +26,7 @@ import java.io.IOException; + import java.io.InputStream; import java.io.OutputStream; +import java.nio.Buffer; import java.nio.ByteBuffer; import java.nio.ByteOrder; import java.nio.channels.SeekableByteChannel; -@@ -288,7 +289,7 @@ public class SevenZOutputFile implements +@@ -341,7 +342,7 @@ crc32.reset(); crc32.update(bb.array(), SevenZFile.sevenZSignature.length + 6, 20); bb.putInt(SevenZFile.sevenZSignature.length + 2, (int) crc32.getValue()); @@ -76,7 +79,7 @@ channel.write(bb); } -@@ -772,7 +773,7 @@ public class SevenZOutputFile implements +@@ -826,7 +827,7 @@ private final ByteBuffer buffer = ByteBuffer.allocate(BUF_SIZE); @Override public void write(final int b) throws IOException { @@ -85,7 +88,7 @@ buffer.put((byte) b).flip(); channel.write(buffer); compressedCrc32.update(b); -@@ -790,7 +791,7 @@ public class SevenZOutputFile implements +@@ -844,7 +845,7 @@ if (len > BUF_SIZE) { channel.write(ByteBuffer.wrap(b, off, len)); } else { @@ -94,10 +97,8 @@ buffer.put(b, off, len).flip(); channel.write(buffer); } -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/NioZipEncoding.java 2021-07-19 16:14:03.565317437 +0200 @@ -20,6 +20,7 @@ package org.apache.commons.compress.archivers.zip; @@ -106,7 +107,7 @@ import java.nio.ByteBuffer; import java.nio.CharBuffer; import java.nio.charset.Charset; -@@ -121,8 +122,8 @@ class NioZipEncoding implements ZipEncod +@@ -121,8 +122,8 @@ enc.encode(cb, out, true); // may have caused underflow, but that's been ignored traditionally @@ -117,11 +118,9 @@ return out; } -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java -@@ -25,6 +25,7 @@ import java.io.IOException; +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipArchiveInputStream.java 2021-07-19 16:14:03.565317437 +0200 +@@ -25,6 +25,7 @@ import java.io.InputStream; import java.io.PushbackInputStream; import java.math.BigInteger; @@ -129,16 +128,16 @@ import java.nio.ByteBuffer; import java.util.Arrays; import java.util.zip.CRC32; -@@ -220,7 +221,7 @@ public class ZipArchiveInputStream exten - this.allowStoredEntriesWithDataDescriptor = +@@ -256,7 +257,7 @@ allowStoredEntriesWithDataDescriptor; + this.skipSplitSig = skipSplitSig; // haven't read anything so far - buf.limit(0); + ((Buffer)buf).limit(0); } public ZipArchiveEntry getNextZipEntry() throws IOException { -@@ -522,13 +523,13 @@ public class ZipArchiveInputStream exten +@@ -596,13 +597,13 @@ } if (buf.position() >= buf.limit()) { @@ -155,7 +154,7 @@ count(l); current.bytesReadFromStream += l; -@@ -719,7 +720,7 @@ public class ZipArchiveInputStream exten +@@ -795,7 +796,7 @@ } inf.reset(); @@ -164,7 +163,7 @@ current = null; lastStoredEntry = null; } -@@ -784,7 +785,7 @@ public class ZipArchiveInputStream exten +@@ -860,7 +861,7 @@ } final int length = in.read(buf.array()); if (length > 0) { @@ -173,10 +172,8 @@ count(buf.limit()); inf.setInput(buf.array(), 0, buf.limit()); } -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipEncodingHelper.java 2021-07-19 16:29:53.519835167 +0200 @@ -18,6 +18,7 @@ package org.apache.commons.compress.archivers.zip; @@ -185,10 +182,10 @@ import java.nio.ByteBuffer; import java.nio.charset.Charset; import java.nio.charset.StandardCharsets; -@@ -85,8 +86,8 @@ public abstract class ZipEncodingHelper +@@ -85,8 +86,8 @@ } - static ByteBuffer growBufferBy(ByteBuffer buffer, int increment) { + static ByteBuffer growBufferBy(final ByteBuffer buffer, final int increment) { - buffer.limit(buffer.position()); - buffer.rewind(); + ((Buffer)buffer).limit(buffer.position()); @@ -196,11 +193,9 @@ final ByteBuffer on = ByteBuffer.allocate(buffer.capacity() + increment); -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java -@@ -25,6 +25,7 @@ import java.io.File; +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/archivers/zip/ZipFile.java 2021-07-19 16:28:13.175147502 +0200 +@@ -25,6 +25,7 @@ import java.io.IOException; import java.io.InputStream; import java.io.SequenceInputStream; @@ -208,16 +203,16 @@ import java.nio.ByteBuffer; import java.nio.channels.FileChannel; import java.nio.channels.SeekableByteChannel; -@@ -693,7 +694,7 @@ public class ZipFile implements Closeabl - +@@ -713,7 +714,7 @@ positionAtCentralDirectory(); + centralDirectoryStartOffset = archive.position(); - wordBbuf.rewind(); + ((Buffer)wordBbuf).rewind(); IOUtils.readFully(archive, wordBbuf); long sig = ZipLong.getValue(wordBuf); -@@ -704,7 +705,7 @@ public class ZipFile implements Closeabl +@@ -724,7 +725,7 @@ while (sig == CFH_SIG) { readCentralDirectoryEntry(noUTF8Flag); @@ -226,7 +221,7 @@ IOUtils.readFully(archive, wordBbuf); sig = ZipLong.getValue(wordBuf); } -@@ -723,7 +724,7 @@ public class ZipFile implements Closeabl +@@ -743,7 +744,7 @@ private void readCentralDirectoryEntry(final Map<ZipArchiveEntry, NameAndComment> noUTF8Flag) throws IOException { @@ -235,7 +230,7 @@ IOUtils.readFully(archive, cfhBbuf); int off = 0; final Entry ze = new Entry(); -@@ -961,7 +962,7 @@ public class ZipFile implements Closeabl +@@ -1100,7 +1101,7 @@ archive.position() > ZIP64_EOCDL_LENGTH; if (searchedForZip64EOCD) { archive.position(archive.position() - ZIP64_EOCDL_LENGTH); @@ -244,38 +239,85 @@ IOUtils.readFully(archive, wordBbuf); found = Arrays.equals(ZipArchiveOutputStream.ZIP64_EOCD_LOC_SIG, wordBuf); -@@ -990,10 +991,10 @@ public class ZipFile implements Closeabl +@@ -1128,11 +1129,11 @@ + private void positionAtCentralDirectory64() throws IOException { - skipBytes(ZIP64_EOCDL_LOCATOR_OFFSET - - WORD /* signature has already been read */); -- dwordBbuf.rewind(); + if (isSplitZipArchive) { +- wordBbuf.rewind(); ++ ((Buffer)wordBbuf).rewind(); + IOUtils.readFully(archive, wordBbuf); + final long diskNumberOfEOCD = ZipLong.getValue(wordBuf); + +- dwordBbuf.rewind(); ++ ((Buffer)dwordBbuf).rewind(); + IOUtils.readFully(archive, dwordBbuf); + final long relativeOffsetOfEOCD = ZipEightByteInteger.getLongValue(dwordBuf); + ((ZipSplitReadOnlySeekableByteChannel) archive) +@@ -1140,12 +1141,12 @@ + } else { + skipBytes(ZIP64_EOCDL_LOCATOR_OFFSET + - WORD /* signature has already been read */); +- dwordBbuf.rewind(); + ((Buffer)dwordBbuf).rewind(); - IOUtils.readFully(archive, dwordBbuf); - archive.position(ZipEightByteInteger.getLongValue(dwordBuf)); + IOUtils.readFully(archive, dwordBbuf); + archive.position(ZipEightByteInteger.getLongValue(dwordBuf)); + } + - wordBbuf.rewind(); + ((Buffer)wordBbuf).rewind(); IOUtils.readFully(archive, wordBbuf); if (!Arrays.equals(wordBuf, ZipArchiveOutputStream.ZIP64_EOCD_SIG)) { throw new ZipException("Archive's ZIP64 end of central " -@@ -1001,7 +1002,7 @@ public class ZipFile implements Closeabl - } - skipBytes(ZIP64_EOCD_CFD_LOCATOR_OFFSET - - WORD /* signature has already been read */); -- dwordBbuf.rewind(); -+ ((Buffer)dwordBbuf).rewind(); - IOUtils.readFully(archive, dwordBbuf); - archive.position(ZipEightByteInteger.getLongValue(dwordBuf)); - } -@@ -1016,7 +1017,7 @@ public class ZipFile implements Closeabl - private void positionAtCentralDirectory32() +@@ -1155,13 +1156,13 @@ + if (isSplitZipArchive) { + skipBytes(ZIP64_EOCD_CFD_DISK_OFFSET + - WORD /* signature has already been read */); +- wordBbuf.rewind(); ++ ((Buffer)wordBbuf).rewind(); + IOUtils.readFully(archive, wordBbuf); + centralDirectoryStartDiskNumber = ZipLong.getValue(wordBuf); + + skipBytes(ZIP64_EOCD_CFD_LOCATOR_RELATIVE_OFFSET); + +- dwordBbuf.rewind(); ++ ((Buffer)dwordBbuf).rewind(); + IOUtils.readFully(archive, dwordBbuf); + centralDirectoryStartRelativeOffset = ZipEightByteInteger.getLongValue(dwordBuf); + ((ZipSplitReadOnlySeekableByteChannel) archive) +@@ -1169,7 +1170,7 @@ + } else { + skipBytes(ZIP64_EOCD_CFD_LOCATOR_OFFSET + - WORD /* signature has already been read */); +- dwordBbuf.rewind(); ++ ((Buffer)dwordBbuf).rewind(); + IOUtils.readFully(archive, dwordBbuf); + centralDirectoryStartDiskNumber = 0; + centralDirectoryStartRelativeOffset = ZipEightByteInteger.getLongValue(dwordBuf); +@@ -1188,20 +1189,20 @@ throws IOException { - skipBytes(CFD_LOCATOR_OFFSET); -- wordBbuf.rewind(); + if (isSplitZipArchive) { + skipBytes(CFD_DISK_OFFSET); +- shortBbuf.rewind(); ++ ((Buffer)shortBbuf).rewind(); + IOUtils.readFully(archive, shortBbuf); + centralDirectoryStartDiskNumber = ZipShort.getValue(shortBuf); + + skipBytes(CFD_LOCATOR_RELATIVE_OFFSET); + +- wordBbuf.rewind(); ++ ((Buffer)wordBbuf).rewind(); + IOUtils.readFully(archive, wordBbuf); + centralDirectoryStartRelativeOffset = ZipLong.getValue(wordBuf); + ((ZipSplitReadOnlySeekableByteChannel) archive) + .position(centralDirectoryStartDiskNumber, centralDirectoryStartRelativeOffset); + } else { + skipBytes(CFD_LOCATOR_OFFSET); +- wordBbuf.rewind(); + ((Buffer)wordBbuf).rewind(); - IOUtils.readFully(archive, wordBbuf); - archive.position(ZipLong.getValue(wordBuf)); - } -@@ -1050,9 +1051,9 @@ public class ZipFile implements Closeabl + IOUtils.readFully(archive, wordBbuf); + centralDirectoryStartDiskNumber = 0; + centralDirectoryStartRelativeOffset = ZipLong.getValue(wordBuf); +@@ -1238,9 +1239,9 @@ for (; off >= stopSearching; off--) { archive.position(off); try { @@ -284,13 +326,13 @@ IOUtils.readFully(archive, wordBbuf); - wordBbuf.flip(); + ((Buffer)wordBbuf).flip(); - } catch (EOFException ex) { // NOSONAR + } catch (final EOFException ex) { // NOSONAR break; } -@@ -1153,9 +1154,9 @@ public class ZipFile implements Closeabl - private int[] setDataOffset(ZipArchiveEntry ze) throws IOException { - final long offset = ze.getLocalHeaderOffset(); - archive.position(offset + LFH_OFFSET_FOR_FILENAME_LENGTH); +@@ -1352,9 +1353,9 @@ + } else { + archive.position(offset + LFH_OFFSET_FOR_FILENAME_LENGTH); + } - wordBbuf.rewind(); + ((Buffer)wordBbuf).rewind(); IOUtils.readFully(archive, wordBbuf); @@ -299,7 +341,7 @@ wordBbuf.get(shortBuf); final int fileNameLen = ZipShort.getValue(shortBuf); wordBbuf.get(shortBuf); -@@ -1180,7 +1181,7 @@ public class ZipFile implements Closeabl +@@ -1382,7 +1383,7 @@ */ private boolean startsWithLocalFileHeader() throws IOException { archive.position(0); @@ -308,38 +350,18 @@ IOUtils.readFully(archive, wordBbuf); return Arrays.equals(wordBuf, ZipArchiveOutputStream.LFH_SIG); } -@@ -1223,7 +1224,7 @@ public class ZipFile implements Closeabl - singleByteBuffer = ByteBuffer.allocate(1); - } - else { -- singleByteBuffer.rewind(); -+ ((Buffer)singleByteBuffer).rewind(); - } - int read = read(loc, singleByteBuffer); - if (read < 0) { -@@ -1262,7 +1263,7 @@ public class ZipFile implements Closeabl - archive.position(pos); - read = archive.read(buf); - } -- buf.flip(); -+ ((Buffer)buf).flip(); - return read; - } - } -@@ -1284,7 +1285,7 @@ public class ZipFile implements Closeabl +@@ -1418,7 +1419,7 @@ @Override - protected int read(long pos, ByteBuffer buf) throws IOException { - int read = archive.read(buf, pos); + protected int read(final long pos, final ByteBuffer buf) throws IOException { + final int read = archive.read(buf, pos); - buf.flip(); + ((Buffer)buf).flip(); return read; } } -Index: commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java -=================================================================== ---- commons-compress-1.19-src.orig/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java -+++ commons-compress-1.19-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java -@@ -21,6 +21,7 @@ package org.apache.commons.compress.util +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/FixedLengthBlockOutputStream.java 2021-07-19 16:16:51.850472686 +0200 +@@ -21,6 +21,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.OutputStream; @@ -347,16 +369,16 @@ import java.nio.ByteBuffer; import java.nio.ByteOrder; import java.nio.channels.ClosedChannelException; -@@ -88,7 +89,7 @@ public class FixedLengthBlockOutputStrea +@@ -88,7 +89,7 @@ } private void writeBlock() throws IOException { - buffer.flip(); + ((Buffer)buffer).flip(); - int i = out.write(buffer); - boolean hasRemaining = buffer.hasRemaining(); + final int i = out.write(buffer); + final boolean hasRemaining = buffer.hasRemaining(); if (i != blockSize || hasRemaining) { -@@ -97,7 +98,7 @@ public class FixedLengthBlockOutputStrea +@@ -97,7 +98,7 @@ blockSize, i); throw new IOException(msg); } @@ -365,16 +387,16 @@ } @Override -@@ -142,7 +143,7 @@ public class FixedLengthBlockOutputStrea +@@ -142,7 +143,7 @@ // fill up the reset of buffer and write the block. if (buffer.position() != 0) { - int n = buffer.remaining(); + final int n = buffer.remaining(); - src.limit(src.position() + n); + ((Buffer)src).limit(src.position() + n); buffer.put(src); writeBlock(); srcLeft -= n; -@@ -150,12 +151,12 @@ public class FixedLengthBlockOutputStrea +@@ -150,12 +151,12 @@ // whilst we have enough bytes in src for complete blocks, // write them directly from src without copying them to buffer while (srcLeft >= blockSize) { @@ -389,15 +411,31 @@ buffer.put(src); } return srcRemaining; -@@ -240,9 +241,9 @@ public class FixedLengthBlockOutputStrea - - try { - int pos = buffer.position(); -- int len = buffer.limit() - pos; -+ int len = ((Buffer)buffer).limit() - pos; +@@ -242,7 +243,7 @@ + final int pos = buffer.position(); + final int len = buffer.limit() - pos; out.write(buffer.array(), buffer.arrayOffset() + pos, len); - buffer.position(buffer.limit()); + ((Buffer)buffer).position(buffer.limit()); return len; - } catch (IOException e) { + } catch (final IOException e) { try { +--- commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/IOUtils.java 2020-01-22 16:10:15.000000000 +0100 ++++ commons-compress-1.21-src/src/main/java/org/apache/commons/compress/utils/IOUtils.java 2021-07-19 17:09:11.659891748 +0200 +@@ -25,6 +25,7 @@ + import java.io.IOException; + import java.io.InputStream; + import java.io.OutputStream; ++import java.nio.Buffer; + import java.nio.ByteBuffer; + import java.nio.channels.ReadableByteChannel; + import java.nio.file.Files; +@@ -372,7 +373,7 @@ + break; + } + output.write(b.array(), 0, readNow); +- b.rewind(); ++ ((Buffer)b).rewind(); + read += readNow; + } + return output.toByteArray();