summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended
diff options
context:
space:
mode:
authorZang Ruochen <zangrc.fnst@cn.fujitsu.com>2019-08-27 10:45:16 +0800
committerRichard Purdie <richard.purdie@linuxfoundation.org>2019-08-28 11:31:21 +0100
commit662c64166fcba75bc6ed9ae59f492788982ff6f8 (patch)
tree41b22a25adda70a1877b0e9e45b350be2104f087 /meta/recipes-extended
parentdeafb85ecdeaf9582885ec26428347c002ff3841 (diff)
downloadpoky-662c64166fcba75bc6ed9ae59f492788982ff6f8.tar.gz
libarchive:upgrade 3.3.3 -> 3.4.0
-libarchive/CVE-2018-1000877.patch -libarchive/CVE-2018-1000878.patch -libarchive/CVE-2018-1000879.patch -libarchive/CVE-2018-1000880.patch -libarchive/CVE-2019-1000019.patch -libarchive/CVE-2019-1000020.patch -libarchive/bug1066.patch -libarchive/non-recursive-extract-and-list.patch Removed since these are included in 3.4.0. -License-Update: Copyright year updated to 2018. (From OE-Core rev: 4f8fa80b6c57f29c68678cabcac5d114d1ff0500) Signed-off-by: Zang Ruochen <zangrc.fnst@cn.fujitsu.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended')
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch38
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch79
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch50
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch44
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch59
-rw-r--r--meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch61
-rw-r--r--meta/recipes-extended/libarchive/libarchive/bug1066.patch54
-rw-r--r--meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch153
-rw-r--r--meta/recipes-extended/libarchive/libarchive_3.4.0.bb (renamed from meta/recipes-extended/libarchive/libarchive_3.3.3.bb)14
9 files changed, 3 insertions, 549 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
deleted file mode 100644
index ce638370bd..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000877.patch
+++ /dev/null
@@ -1,38 +0,0 @@
1CVE: CVE-2018-1000877
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 021efa522ad729ff0f5806c4ce53e4a6cc1daa31 Mon Sep 17 00:00:00 2001
6From: Daniel Axtens <dja@axtens.net>
7Date: Tue, 20 Nov 2018 17:56:29 +1100
8Subject: [PATCH] Avoid a double-free when a window size of 0 is specified
9
10new_size can be 0 with a malicious or corrupted RAR archive.
11
12realloc(area, 0) is equivalent to free(area), so the region would
13be free()d here and the free()d again in the cleanup function.
14
15Found with a setup running AFL, afl-rb, and qsym.
16---
17 libarchive/archive_read_support_format_rar.c | 5 +++++
18 1 file changed, 5 insertions(+)
19
20diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
21index 23452222..6f419c27 100644
22--- a/libarchive/archive_read_support_format_rar.c
23+++ b/libarchive/archive_read_support_format_rar.c
24@@ -2300,6 +2300,11 @@ parse_codes(struct archive_read *a)
25 new_size = DICTIONARY_MAX_SIZE;
26 else
27 new_size = rar_fls((unsigned int)rar->unp_size) << 1;
28+ if (new_size == 0) {
29+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
30+ "Zero window size is invalid.");
31+ return (ARCHIVE_FATAL);
32+ }
33 new_window = realloc(rar->lzss.window, new_size);
34 if (new_window == NULL) {
35 archive_set_error(&a->archive, ENOMEM,
36--
372.20.0
38
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
deleted file mode 100644
index 7468fd3c93..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000878.patch
+++ /dev/null
@@ -1,79 +0,0 @@
1CVE: CVE-2018-1000878
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From bfcfe6f04ed20db2504db8a254d1f40a1d84eb28 Mon Sep 17 00:00:00 2001
6From: Daniel Axtens <dja@axtens.net>
7Date: Tue, 4 Dec 2018 00:55:22 +1100
8Subject: [PATCH] rar: file split across multi-part archives must match
9
10Fuzzing uncovered some UAF and memory overrun bugs where a file in a
11single file archive reported that it was split across multiple
12volumes. This was caused by ppmd7 operations calling
13rar_br_fillup. This would invoke rar_read_ahead, which would in some
14situations invoke archive_read_format_rar_read_header. That would
15check the new file name against the old file name, and if they didn't
16match up it would free the ppmd7 buffer and allocate a new
17one. However, because the ppmd7 decoder wasn't actually done with the
18buffer, it would continue to used the freed buffer. Both reads and
19writes to the freed region can be observed.
20
21This is quite tricky to solve: once the buffer has been freed it is
22too late, as the ppmd7 decoder functions almost universally assume
23success - there's no way for ppmd_read to signal error, nor are there
24good ways for functions like Range_Normalise to propagate them. So we
25can't detect after the fact that we're in an invalid state - e.g. by
26checking rar->cursor, we have to prevent ourselves from ever ending up
27there. So, when we are in the dangerous part or rar_read_ahead that
28assumes a valid split, we set a flag force read_header to either go
29down the path for split files or bail. This means that the ppmd7
30decoder keeps a valid buffer and just runs out of data.
31
32Found with a combination of AFL, afl-rb and qsym.
33---
34 libarchive/archive_read_support_format_rar.c | 9 +++++++++
35 1 file changed, 9 insertions(+)
36
37diff --git a/libarchive/archive_read_support_format_rar.c b/libarchive/archive_read_support_format_rar.c
38index 6f419c27..a8cc5c94 100644
39--- a/libarchive/archive_read_support_format_rar.c
40+++ b/libarchive/archive_read_support_format_rar.c
41@@ -258,6 +258,7 @@ struct rar
42 struct data_block_offsets *dbo;
43 unsigned int cursor;
44 unsigned int nodes;
45+ char filename_must_match;
46
47 /* LZSS members */
48 struct huffman_code maincode;
49@@ -1560,6 +1561,12 @@ read_header(struct archive_read *a, struct archive_entry *entry,
50 }
51 return ret;
52 }
53+ else if (rar->filename_must_match)
54+ {
55+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
56+ "Mismatch of file parts split across multi-volume archive");
57+ return (ARCHIVE_FATAL);
58+ }
59
60 rar->filename_save = (char*)realloc(rar->filename_save,
61 filename_size + 1);
62@@ -2933,12 +2940,14 @@ rar_read_ahead(struct archive_read *a, size_t min, ssize_t *avail)
63 else if (*avail == 0 && rar->main_flags & MHD_VOLUME &&
64 rar->file_flags & FHD_SPLIT_AFTER)
65 {
66+ rar->filename_must_match = 1;
67 ret = archive_read_format_rar_read_header(a, a->entry);
68 if (ret == (ARCHIVE_EOF))
69 {
70 rar->has_endarc_header = 1;
71 ret = archive_read_format_rar_read_header(a, a->entry);
72 }
73+ rar->filename_must_match = 0;
74 if (ret != (ARCHIVE_OK))
75 return NULL;
76 return rar_read_ahead(a, min, avail);
77--
782.20.0
79
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch
deleted file mode 100644
index 9f25932a1a..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000879.patch
+++ /dev/null
@@ -1,50 +0,0 @@
1CVE: CVE-2018-1000879
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 15bf44fd2c1ad0e3fd87048b3fcc90c4dcff1175 Mon Sep 17 00:00:00 2001
6From: Daniel Axtens <dja@axtens.net>
7Date: Tue, 4 Dec 2018 14:29:42 +1100
8Subject: [PATCH] Skip 0-length ACL fields
9
10Currently, it is possible to create an archive that crashes bsdtar
11with a malformed ACL:
12
13Program received signal SIGSEGV, Segmentation fault.
14archive_acl_from_text_l (acl=<optimised out>, text=0x7e2e92 "", want_type=<optimised out>, sc=<optimised out>) at libarchive/archive_acl.c:1726
151726 switch (*s) {
16(gdb) p n
17$1 = 1
18(gdb) p field[n]
19$2 = {start = 0x0, end = 0x0}
20
21Stop this by checking that the length is not zero before beginning
22the switch statement.
23
24I am pretty sure this is the bug mentioned in the qsym paper [1],
25and I was able to replicate it with a qsym + AFL + afl-rb setup.
26
27[1] https://www.usenix.org/conference/usenixsecurity18/presentation/yun
28---
29 libarchive/archive_acl.c | 5 +++++
30 1 file changed, 5 insertions(+)
31
32diff --git a/libarchive/archive_acl.c b/libarchive/archive_acl.c
33index 512beee1..7beeee86 100644
34--- a/libarchive/archive_acl.c
35+++ b/libarchive/archive_acl.c
36@@ -1723,6 +1723,11 @@ archive_acl_from_text_l(struct archive_acl *acl, const char *text,
37 st = field[n].start + 1;
38 len = field[n].end - field[n].start;
39
40+ if (len == 0) {
41+ ret = ARCHIVE_WARN;
42+ continue;
43+ }
44+
45 switch (*s) {
46 case 'u':
47 if (len == 1 || (len == 4
48--
492.20.0
50
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch
deleted file mode 100644
index bc264a1242..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2018-1000880.patch
+++ /dev/null
@@ -1,44 +0,0 @@
1CVE: CVE-2018-1000880
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 9c84b7426660c09c18cc349f6d70b5f8168b5680 Mon Sep 17 00:00:00 2001
6From: Daniel Axtens <dja@axtens.net>
7Date: Tue, 4 Dec 2018 16:33:42 +1100
8Subject: [PATCH] warc: consume data once read
9
10The warc decoder only used read ahead, it wouldn't actually consume
11data that had previously been printed. This means that if you specify
12an invalid content length, it will just reprint the same data over
13and over and over again until it hits the desired length.
14
15This means that a WARC resource with e.g.
16Content-Length: 666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666666665
17but only a few hundred bytes of data, causes a quasi-infinite loop.
18
19Consume data in subsequent calls to _warc_read.
20
21Found with an AFL + afl-rb + qsym setup.
22---
23 libarchive/archive_read_support_format_warc.c | 5 +++++
24 1 file changed, 5 insertions(+)
25
26diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c
27index e8753853..e8fc8428 100644
28--- a/libarchive/archive_read_support_format_warc.c
29+++ b/libarchive/archive_read_support_format_warc.c
30@@ -386,6 +386,11 @@ _warc_read(struct archive_read *a, const void **buf, size_t *bsz, int64_t *off)
31 return (ARCHIVE_EOF);
32 }
33
34+ if (w->unconsumed) {
35+ __archive_read_consume(a, w->unconsumed);
36+ w->unconsumed = 0U;
37+ }
38+
39 rab = __archive_read_ahead(a, 1U, &nrd);
40 if (nrd < 0) {
41 *bsz = 0U;
42--
432.20.0
44
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch
deleted file mode 100644
index 7f39893c25..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000019.patch
+++ /dev/null
@@ -1,59 +0,0 @@
1CVE: CVE-2019-1000019
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 65a23f5dbee4497064e9bb467f81138a62b0dae1 Mon Sep 17 00:00:00 2001
6From: Daniel Axtens <dja@axtens.net>
7Date: Tue, 1 Jan 2019 16:01:40 +1100
8Subject: [PATCH 2/2] 7zip: fix crash when parsing certain archives
9
10Fuzzing with CRCs disabled revealed that a call to get_uncompressed_data()
11would sometimes fail to return at least 'minimum' bytes. This can cause
12the crc32() invocation in header_bytes to read off into invalid memory.
13
14A specially crafted archive can use this to cause a crash.
15
16An ASAN trace is below, but ASAN is not required - an uninstrumented
17binary will also crash.
18
19==7719==ERROR: AddressSanitizer: SEGV on unknown address 0x631000040000 (pc 0x7fbdb3b3ec1d bp 0x7ffe77a51310 sp 0x7ffe77a51150 T0)
20==7719==The signal is caused by a READ memory access.
21 #0 0x7fbdb3b3ec1c in crc32_z (/lib/x86_64-linux-gnu/libz.so.1+0x2c1c)
22 #1 0x84f5eb in header_bytes (/tmp/libarchive/bsdtar+0x84f5eb)
23 #2 0x856156 in read_Header (/tmp/libarchive/bsdtar+0x856156)
24 #3 0x84e134 in slurp_central_directory (/tmp/libarchive/bsdtar+0x84e134)
25 #4 0x849690 in archive_read_format_7zip_read_header (/tmp/libarchive/bsdtar+0x849690)
26 #5 0x5713b7 in _archive_read_next_header2 (/tmp/libarchive/bsdtar+0x5713b7)
27 #6 0x570e63 in _archive_read_next_header (/tmp/libarchive/bsdtar+0x570e63)
28 #7 0x6f08bd in archive_read_next_header (/tmp/libarchive/bsdtar+0x6f08bd)
29 #8 0x52373f in read_archive (/tmp/libarchive/bsdtar+0x52373f)
30 #9 0x5257be in tar_mode_x (/tmp/libarchive/bsdtar+0x5257be)
31 #10 0x51daeb in main (/tmp/libarchive/bsdtar+0x51daeb)
32 #11 0x7fbdb27cab96 in __libc_start_main /build/glibc-OTsEL5/glibc-2.27/csu/../csu/libc-start.c:310
33 #12 0x41dd09 in _start (/tmp/libarchive/bsdtar+0x41dd09)
34
35This was primarly done with afl and FairFuzz. Some early corpus entries
36may have been generated by qsym.
37---
38 libarchive/archive_read_support_format_7zip.c | 8 +-------
39 1 file changed, 1 insertion(+), 7 deletions(-)
40
41diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c
42index bccbf8966..b6d1505d3 100644
43--- a/libarchive/archive_read_support_format_7zip.c
44+++ b/libarchive/archive_read_support_format_7zip.c
45@@ -2964,13 +2964,7 @@ get_uncompressed_data(struct archive_read *a, const void **buff, size_t size,
46 if (zip->codec == _7Z_COPY && zip->codec2 == (unsigned long)-1) {
47 /* Copy mode. */
48
49- /*
50- * Note: '1' here is a performance optimization.
51- * Recall that the decompression layer returns a count of
52- * available bytes; asking for more than that forces the
53- * decompressor to combine reads by copying data.
54- */
55- *buff = __archive_read_ahead(a, 1, &bytes_avail);
56+ *buff = __archive_read_ahead(a, minimum, &bytes_avail);
57 if (bytes_avail <= 0) {
58 archive_set_error(&a->archive,
59 ARCHIVE_ERRNO_FILE_FORMAT,
diff --git a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch b/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch
deleted file mode 100644
index 25a76fdcd2..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/CVE-2019-1000020.patch
+++ /dev/null
@@ -1,61 +0,0 @@
1CVE: CVE-2019-1000020
2Upstream-Status: Backport
3Signed-off-by: Ross Burton <ross.burton@intel.com>
4
5From 8312eaa576014cd9b965012af51bc1f967b12423 Mon Sep 17 00:00:00 2001
6From: Daniel Axtens <dja@axtens.net>
7Date: Tue, 1 Jan 2019 17:10:49 +1100
8Subject: [PATCH 1/2] iso9660: Fail when expected Rockridge extensions is
9 missing
10
11A corrupted or malicious ISO9660 image can cause read_CE() to loop
12forever.
13
14read_CE() calls parse_rockridge(), expecting a Rockridge extension
15to be read. However, parse_rockridge() is structured as a while
16loop starting with a sanity check, and if the sanity check fails
17before the loop has run, the function returns ARCHIVE_OK without
18advancing the position in the file. This causes read_CE() to retry
19indefinitely.
20
21Make parse_rockridge() return ARCHIVE_WARN if it didn't read an
22extension. As someone with no real knowledge of the format, this
23seems more apt than ARCHIVE_FATAL, but both the call-sites escalate
24it to a fatal error immediately anyway.
25
26Found with a combination of AFL, afl-rb (FairFuzz) and qsym.
27---
28 libarchive/archive_read_support_format_iso9660.c | 11 ++++++++++-
29 1 file changed, 10 insertions(+), 1 deletion(-)
30
31diff --git a/libarchive/archive_read_support_format_iso9660.c b/libarchive/archive_read_support_format_iso9660.c
32index 28acfefbb..bad8f1dfe 100644
33--- a/libarchive/archive_read_support_format_iso9660.c
34+++ b/libarchive/archive_read_support_format_iso9660.c
35@@ -2102,6 +2102,7 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
36 const unsigned char *p, const unsigned char *end)
37 {
38 struct iso9660 *iso9660;
39+ int entry_seen = 0;
40
41 iso9660 = (struct iso9660 *)(a->format->data);
42
43@@ -2257,8 +2258,16 @@ parse_rockridge(struct archive_read *a, struct file_info *file,
44 }
45
46 p += p[2];
47+ entry_seen = 1;
48+ }
49+
50+ if (entry_seen)
51+ return (ARCHIVE_OK);
52+ else {
53+ archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT,
54+ "Tried to parse Rockridge extensions, but none found");
55+ return (ARCHIVE_WARN);
56 }
57- return (ARCHIVE_OK);
58 }
59
60 static int
61
diff --git a/meta/recipes-extended/libarchive/libarchive/bug1066.patch b/meta/recipes-extended/libarchive/libarchive/bug1066.patch
deleted file mode 100644
index 0a662b57b4..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/bug1066.patch
+++ /dev/null
@@ -1,54 +0,0 @@
1libarchive-3.3.3: Fix bug1066
2
3[No upstream tracking] -- https://github.com/libarchive/libarchive/pull/1066
4
5archive_write_set_format_*.c: fix out of bounds read on empty string () filename
6for guntar, pax and v7tar
7
8There is an out of bounds read flaw in the archive_write_gnutar_header,
9archive_write_pax_header and archive_write_v7tar_header functions which
10could leds to cause a denial of service.
11
12Upstream-Status: Backport [https://github.com/libarchive/libarchive/commit/c246ec5d058a3f70a2d3fb765f92fe9db77b25df]
13Bug: 1066
14Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
15
16diff --git a/libarchive/archive_write_set_format_gnutar.c b/libarchive/archive_write_set_format_gnutar.c
17index 2d858c9..1966c53 100644
18--- a/libarchive/archive_write_set_format_gnutar.c
19+++ b/libarchive/archive_write_set_format_gnutar.c
20@@ -339,7 +339,7 @@ archive_write_gnutar_header(struct archive_write *a,
21 * case getting WCS failed. On POSIX, this is a
22 * normal operation.
23 */
24- if (p != NULL && p[strlen(p) - 1] != '/') {
25+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
26 struct archive_string as;
27
28 archive_string_init(&as);
29diff --git a/libarchive/archive_write_set_format_pax.c b/libarchive/archive_write_set_format_pax.c
30index 6a301ac..4cfa8ff 100644
31--- a/libarchive/archive_write_set_format_pax.c
32+++ b/libarchive/archive_write_set_format_pax.c
33@@ -660,7 +660,7 @@ archive_write_pax_header(struct archive_write *a,
34 * case getting WCS failed. On POSIX, this is a
35 * normal operation.
36 */
37- if (p != NULL && p[strlen(p) - 1] != '/') {
38+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
39 struct archive_string as;
40
41 archive_string_init(&as);
42diff --git a/libarchive/archive_write_set_format_v7tar.c b/libarchive/archive_write_set_format_v7tar.c
43index 62b1522..53c0db0 100644
44--- a/libarchive/archive_write_set_format_v7tar.c
45+++ b/libarchive/archive_write_set_format_v7tar.c
46@@ -284,7 +284,7 @@ archive_write_v7tar_header(struct archive_write *a, struct archive_entry *entry)
47 * case getting WCS failed. On POSIX, this is a
48 * normal operation.
49 */
50- if (p != NULL && p[strlen(p) - 1] != '/') {
51+ if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
52 struct archive_string as;
53
54 archive_string_init(&as);
diff --git a/meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch b/meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch
deleted file mode 100644
index cd7be5127a..0000000000
--- a/meta/recipes-extended/libarchive/libarchive/non-recursive-extract-and-list.patch
+++ /dev/null
@@ -1,153 +0,0 @@
1From 47f7566f6829c2b14e21bbbba699916de4998c72 Mon Sep 17 00:00:00 2001
2From: Patrick Ohly <patrick.ohly@intel.com>
3Date: Mon, 24 Oct 2016 12:54:48 +0200
4Subject: [PATCH 1/1] non-recursive extract and list
5
6Sometimes it makes sense to extract or list a directory contained in
7an archive without also doing the same for the content of the
8directory, i.e. allowing -n (= --no-recursion) in combination with the
9x and t modes.
10
11bsdtar uses the match functionality in libarchive to track include
12matches. A new libarchive API call
13archive_match_include_directories_recursively() gets introduced to
14influence the matching behavior, with the default behavior as before.
15
16Non-recursive matching can be achieved by anchoring the path match at
17both start and end. Asking for a directory which itself isn't in the
18archive when in non-recursive mode is an error and handled by the
19existing mechanism for tracking unused inclusion entries.
20
21Upstream-Status: Submitted [https://github.com/libarchive/libarchive/pull/812]
22
23Signed-off-by: Patrick Ohly <patrick.ohly@intel.com>
24
25---
26 libarchive/archive.h | 2 ++
27 libarchive/archive_match.c | 30 +++++++++++++++++++++++++++++-
28 tar/bsdtar.1 | 3 +--
29 tar/bsdtar.c | 12 ++++++++++--
30 4 files changed, 42 insertions(+), 5 deletions(-)
31
32diff --git a/libarchive/archive.h b/libarchive/archive.h
33index 32710201..59fb4aa6 100644
34--- a/libarchive/archive.h
35+++ b/libarchive/archive.h
36@@ -1093,6 +1093,8 @@ __LA_DECL int archive_match_excluded(struct archive *,
37 */
38 __LA_DECL int archive_match_path_excluded(struct archive *,
39 struct archive_entry *);
40+/* Control recursive inclusion of directory content when directory is included. Default on. */
41+__LA_DECL int archive_match_include_directories_recursively(struct archive *, int _enabled);
42 /* Add exclusion pathname pattern. */
43 __LA_DECL int archive_match_exclude_pattern(struct archive *, const char *);
44 __LA_DECL int archive_match_exclude_pattern_w(struct archive *,
45diff --git a/libarchive/archive_match.c b/libarchive/archive_match.c
46index be72066e..bb6a3407 100644
47--- a/libarchive/archive_match.c
48+++ b/libarchive/archive_match.c
49@@ -93,6 +93,9 @@ struct archive_match {
50 /* exclusion/inclusion set flag. */
51 int setflag;
52
53+ /* Recursively include directory content? */
54+ int recursive_include;
55+
56 /*
57 * Matching filename patterns.
58 */
59@@ -223,6 +226,7 @@ archive_match_new(void)
60 return (NULL);
61 a->archive.magic = ARCHIVE_MATCH_MAGIC;
62 a->archive.state = ARCHIVE_STATE_NEW;
63+ a->recursive_include = 1;
64 match_list_init(&(a->inclusions));
65 match_list_init(&(a->exclusions));
66 __archive_rb_tree_init(&(a->exclusion_tree), &rb_ops_mbs);
67@@ -471,6 +475,28 @@ archive_match_path_excluded(struct archive *_a,
68 }
69
70 /*
71+ * When recursive inclusion of directory content is enabled,
72+ * an inclusion pattern that matches a directory will also
73+ * include everything beneath that directory. Enabled by default.
74+ *
75+ * For compatibility with GNU tar, exclusion patterns always
76+ * match if a subset of the full patch matches (i.e., they are
77+ * are not rooted at the beginning of the path) and thus there
78+ * is no corresponding non-recursive exclusion mode.
79+ */
80+int
81+archive_match_include_directories_recursively(struct archive *_a, int _enabled)
82+{
83+ struct archive_match *a;
84+
85+ archive_check_magic(_a, ARCHIVE_MATCH_MAGIC,
86+ ARCHIVE_STATE_NEW, "archive_match_include_directories_recursively");
87+ a = (struct archive_match *)_a;
88+ a->recursive_include = _enabled;
89+ return (ARCHIVE_OK);
90+}
91+
92+/*
93 * Utility functions to get statistic information for inclusion patterns.
94 */
95 int
96@@ -781,7 +807,9 @@ static int
97 match_path_inclusion(struct archive_match *a, struct match *m,
98 int mbs, const void *pn)
99 {
100- int flag = PATHMATCH_NO_ANCHOR_END;
101+ int flag = a->recursive_include ?
102+ PATHMATCH_NO_ANCHOR_END : /* Prefix match is good enough. */
103+ 0; /* Full match required. */
104 int r;
105
106 if (mbs) {
107diff --git a/tar/bsdtar.1 b/tar/bsdtar.1
108index 132e1145..1dd2a847 100644
109--- a/tar/bsdtar.1
110+++ b/tar/bsdtar.1
111@@ -386,8 +386,7 @@ and the default behavior in c, r, and u modes or if
112 .Nm
113 is run in x mode as root.
114 .It Fl n , Fl Fl norecurse , Fl Fl no-recursion
115-(c, r, u modes only)
116-Do not recursively archive the contents of directories.
117+Do not recursively archive (c, r, u), extract (x) or list (t) the contents of directories.
118 .It Fl Fl newer Ar date
119 (c, r, u modes only)
120 Only include files and directories newer than the specified date.
121diff --git a/tar/bsdtar.c b/tar/bsdtar.c
122index 11dedbf9..d014cc3e 100644
123--- a/tar/bsdtar.c
124+++ b/tar/bsdtar.c
125@@ -794,8 +794,6 @@ main(int argc, char **argv)
126 break;
127 }
128 }
129- if (bsdtar->flags & OPTFLAG_NO_SUBDIRS)
130- only_mode(bsdtar, "-n", "cru");
131 if (bsdtar->flags & OPTFLAG_STDOUT)
132 only_mode(bsdtar, "-O", "xt");
133 if (bsdtar->flags & OPTFLAG_UNLINK_FIRST)
134@@ -845,6 +843,16 @@ main(int argc, char **argv)
135 only_mode(bsdtar, buff, "cru");
136 }
137
138+ /*
139+ * When creating an archive from a directory tree, the directory
140+ * walking code will already avoid entering directories when
141+ * recursive inclusion of directory content is disabled, therefore
142+ * changing the matching behavior has no effect for creation modes.
143+ * It is relevant for extraction or listing.
144+ */
145+ archive_match_include_directories_recursively(bsdtar->matching,
146+ !(bsdtar->flags & OPTFLAG_NO_SUBDIRS));
147+
148 /* Filename "-" implies stdio. */
149 if (strcmp(bsdtar->filename, "-") == 0)
150 bsdtar->filename = NULL;
151--
1522.11.0
153
diff --git a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb
index af5ca65297..c789cd44d2 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.3.3.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.4.0.bb
@@ -3,7 +3,7 @@ DESCRIPTION = "C library and command-line tools for reading and writing tar, cpi
3HOMEPAGE = "http://www.libarchive.org/" 3HOMEPAGE = "http://www.libarchive.org/"
4SECTION = "devel" 4SECTION = "devel"
5LICENSE = "BSD" 5LICENSE = "BSD"
6LIC_FILES_CHKSUM = "file://COPYING;md5=ed99aca006bc346974bb745a35336425" 6LIC_FILES_CHKSUM = "file://COPYING;md5=fe01f5e02b1f0cc934d593a7b0ddceb6"
7 7
8DEPENDS = "e2fsprogs-native" 8DEPENDS = "e2fsprogs-native"
9 9
@@ -32,18 +32,10 @@ PACKAGECONFIG[lz4] = "--with-lz4,--without-lz4,lz4,"
32EXTRA_OECONF += "--enable-largefile" 32EXTRA_OECONF += "--enable-largefile"
33 33
34SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \ 34SRC_URI = "http://libarchive.org/downloads/libarchive-${PV}.tar.gz \
35 file://non-recursive-extract-and-list.patch \
36 file://bug1066.patch \
37 file://CVE-2018-1000877.patch \
38 file://CVE-2018-1000878.patch \
39 file://CVE-2018-1000879.patch \
40 file://CVE-2018-1000880.patch \
41 file://CVE-2019-1000019.patch \
42 file://CVE-2019-1000020.patch \
43" 35"
44 36
45SRC_URI[md5sum] = "4038e366ca5b659dae3efcc744e72120" 37SRC_URI[md5sum] = "6046396255bd7cf6d0f6603a9bda39ac"
46SRC_URI[sha256sum] = "ba7eb1781c9fbbae178c4c6bad1c6eb08edab9a1496c64833d1715d022b30e2e" 38SRC_URI[sha256sum] = "8643d50ed40c759f5412a3af4e353cffbce4fdf3b5cf321cb72cacf06b2d825e"
47 39
48inherit autotools update-alternatives pkgconfig 40inherit autotools update-alternatives pkgconfig
49 41