[jira] [Comment Edited] (COMPRESS-661) commons-compress 1.26.0 breaks Apache Tika 2.9.1

Tue, 05 Mar 2024 00:59:48 -0800 


    [ 
https://issues.apache.org/jira/browse/COMPRESS-661?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17823501#comment-17823501
 ] 

Tilman Hausherr edited comment on COMPRESS-661 at 3/5/24 8:56 AM:
------------------------------------------------------------------

I built it locally and the tika build problems still occur if I revert my 
workaround. They could be fixed by adding this at the end of 
ArchiveInputStream.java
{code:java}
    /**
     * @return Always returns false.
     */
    @Override
    public boolean markSupported() {
        return false;
    }

    /**
     * Does nothing.
     */
    @Override
    public synchronized void reset() {
    }

    /**
     * Does nothing.
     * 
     * @param readlimit
     */
    @Override
    public synchronized void mark(int readlimit) {        
    }
{code}



was (Author: tilman):
I built it locally and the tika build problems still occur. They could be fixed 
by adding this at the end of ArchiveInputStream.java
{code:java}
    /**
     * @return Always returns false.
     */
    @Override
    public boolean markSupported() {
        return false;
    }

    /**
     * Does nothing.
     */
    @Override
    public synchronized void reset() {
    }

    /**
     * Does nothing.
     * 
     * @param readlimit
     */
    @Override
    public synchronized void mark(int readlimit) {        
    }
{code}


> commons-compress 1.26.0 breaks Apache Tika 2.9.1
> ------------------------------------------------
>
>                 Key: COMPRESS-661
>                 URL: https://issues.apache.org/jira/browse/COMPRESS-661
>             Project: Commons Compress
>          Issue Type: Bug
>          Components: Compressors
>    Affects Versions: 1.26.0
>            Reporter: Alexander Veit
>            Priority: Critical
>         Attachments: testARofText.ar
>
>
> Apache Commons Compress 1.26.0 fixes
> * https://www.cve.org/CVERecord?id=CVE-2024-25710 and
> * https://www.cve.org/CVERecord?id=CVE-2024-26308.
> We have tried to replace Apache Commons Compress 1.25.0 with 1.26.0 in our 
> deployments in order to fix these security vulnerabilities. But unfortunately 
> now Apache Tika is broken:
> {noformat}
>   org.apache.tika.exception.TikaException: TIKA-198: Illegal IOException from 
> org.apache.tika.parser.iwork.IWorkPackageParser@41fcb910
>     at 
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:304)
>     at 
> app//org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
>     at 
> app//org.apache.tika.parser.AutoDetectParser.parse(AutoDetectParser.java:203)
>     at app//org.apache.tika.Tika.parseToString(Tika.java:525)
>     at app//org.apache.tika.Tika.parseToString(Tika.java:495)
>     at ...
>   Caused by: java.io.IOException: Resetting to invalid mark
>     at 
> java.base/java.io.BufferedInputStream.reset(BufferedInputStream.java:446)
>     at 
> org.apache.tika.parser.iwork.IWorkPackageParser.parse(IWorkPackageParser.java:97)
>     at org.apache.tika.parser.CompositeParser.parse(CompositeParser.java:298)
>     ... 42 more
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to