Merge pull request #397 from flatcar/krnowak/libarchive-update

Update app-arch/libarchive
2025-08-18 21:11:08 +02:00 · 2022-12-08 12:50:18 +01:00 · 2022-12-08 12:50:18 +01:00 · fed5a37dec
commit fed5a37dec
parent eaad06ebc7 6bf8f7603c
8 changed files with 88 additions and 262 deletions
--- a/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list
+++ b/sdk_container/src/third_party/portage-stable/.github/workflows/packages-list
@ -5,6 +5,7 @@ app-alternatives/yacc
 app-arch/bzip2
 app-arch/cpio
 app-arch/libarchive
 app-arch/unzip
 app-arch/xz-utils
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/Manifest
@ -1,6 +1,2 @@
-DIST libarchive-3.5.3.tar.gz 7038767 BLAKE2B a9f8b44c42efadb29cba2597c201bf9064d69632db92dad07df3f1bc9667257d8578c2ae7fae65ffc53e075466e3d326e4fe77d18d3f06656a4a255324a81fba SHA512 889879e869f7391e3b85b5e3c2bbad3c1a5e50ec7b62c0be8f2817e2dfa8410e6eb409a3c4dce2675b9e7134bae3f129475e331bc3d15d637b91412c7eb026a2
+DIST libarchive-3.6.1.tar.xz 5241148 BLAKE2B e7b79e97545dabeac164069e87adbd2081d3bd75c22f80b3797c6e487a477b3f6347b6fc14c76668eb69f2f2e5dcdd5a33a694e0a292ce426b8d0d93435218cf SHA512 2e5a72edc468080c0e8f29e07d9c33826ffb246fa040ec42399bedeecf698b7555f69ffd15057ad79c0f50cd4926d43174599d99632b1b99ec6cd159c43a70b8
-DIST libarchive-3.5.3.tar.gz.asc 833 BLAKE2B 2a2af61d25201feef727d05554b3b1553779afeb155d1d68a3e2b64e71eca6ca06cd6d9c77cc98c2d40c0d654c7de535d9901e55f527cb74dc8933a402207553 SHA512 1a6c930e62961ee97d2983ad7f7aded61dd65668737cc7fc42b3f2f32a699931fe74c1b7abe4686e061e7b39500a67adea929f390a8dcb2037d0d58f3b30441d
+DIST libarchive-3.6.1.tar.xz.asc 833 BLAKE2B 8a1ca13491f3b29b322ab281a80eaef9ca2cca680e18a0ed5ff626e8808b6c9a5eb4cdd6eaf00fb771f361d84d7785c103a9a0665d812f1f27ac66f5d1a2e1da SHA512 0411a9bdc9bb058b289b5cc102a220216420bf01ea213e771a16246ed48e670f3426e8555bac27262b686b40b7b2239907c4eef2bf43d812d73a69ccb2a5b00c
 DIST libarchive-3.6.0.tar.gz 8570393 BLAKE2B 57a8e1681485a489dc9d3823cc8c9b0d68e7d84510a3eff0b6adc268825bb9aa6179d8a810b249c3f72e3674e1df6e5ba2ed0043196458bedc3c1d880c5d4a0b SHA512 700579c5dd15b61333cc4dbf01ebfbd26d6e8c20d5cbe6525683634418fec5c87a5a1e28a81cc59ad7c94218682e406aa3b55d81036bd9fa31d83d989c6d764c
 DIST libarchive-3.6.0.tar.gz.asc 833 BLAKE2B 0b3600e998ccf3e3862523116db071f5c43165a422f292053d7be14a67a294b4b9ed76a939156ad0f494443d9a6a6dde46e73c1107d50c7e150030c7627d8851 SHA512 2450a3463ec1b4b2c590139ea2b6f0db0afbd8ff7939da5d90c5adfb3d27618ca36b03596b707211de82341ca157acaf510fc51ee26d6901d46e15341406acd2
 DIST libarchive-3.6.1.tar.gz 7431598 BLAKE2B 1f060edb3d7579e406db1e757af8193d6b23c56a07dd7392cacfc37d6634de1a732a4845a38e4c7a539a634475e54f202689c4a46f1c27655e91211783a6364f SHA512 58f7ac0c52116f73326a07dec10ff232be33b318862078785dc39f1fb2f8773b5194eabfa14764bb51ce6a5a1aa8820526e7f4c76087a6f4fcbe7789a22275b4
 DIST libarchive-3.6.1.tar.gz.asc 833 BLAKE2B 6b8ebcfbffdc51b693ba51d1c24bc89b9f8da81257535427ccae7791f7849197685e450b62fdb0972c4313244bf89b659662f678c68e73467bd256873b1ca83c SHA512 4120b21113a21c0afce16be72ac3bd41e744e99c713a2cf005d128c4b2382e9dcac638d4615771b9deceee0e1c99806499aaea35227fd4e435d15e672b4d6624
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/files/libarchive-3.6.1-CVE-2022-36227.patch
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/files/libarchive-3.6.1-CVE-2022-36227.patch
@ -0,0 +1,35 @@
 From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
 From: obiwac <obiwac@gmail.com>
 Date: Fri, 22 Jul 2022 22:41:10 +0200
 Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
 ---
 libarchive/archive_write.c | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
 index 66592e826..27626b541 100644
 --- a/libarchive/archive_write.c
 +++ b/libarchive/archive_write.c
@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
 	struct archive_write_filter *f;
 	f = calloc(1, sizeof(*f));
 +
 +	if (f == NULL)
 +		return (NULL);
 +
 	f->archive = _a;
 	f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
 	if (a->filter_first == NULL)
@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
 	a->client_data = client_data;
 	client_filter = __archive_write_allocate_filter(_a);
 +
 +	if (client_filter == NULL)
 +		return (ARCHIVE_FATAL);
 +
 	client_filter->open = archive_write_client_open;
 	client_filter->write = archive_write_client_write;
 	client_filter->close = archive_write_client_close;
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/files/libarchive-3.6.1-glibc-2.36.patch
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/files/libarchive-3.6.1-glibc-2.36.patch
@ -0,0 +1,39 @@
 https://github.com/libarchive/libarchive/pull/1761
 https://bugs.gentoo.org/863227
 From a2f68263a1da5ad227bcb9cd8fa91b93c8b6c99f Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 25 Jul 2022 10:56:53 -0700
 Subject: [PATCH] libarchive: Do not include sys/mount.h when linux/fs.h is
 present
 These headers are in conflict and only one is needed by
 archive_read_disk_posix.c therefore include linux/fs.h if it exists
 otherwise include sys/mount.h
 It also helps compiling with glibc 2.36
 where sys/mount.h conflicts with linux/mount.h see [1]
 [1] https://sourceware.org/glibc/wiki/Release/2.36
 --- a/libarchive/archive_read_disk_posix.c
 +++ b/libarchive/archive_read_disk_posix.c
@@ -34,9 +34,6 @@ __FBSDID("$FreeBSD$");
 #ifdef HAVE_SYS_PARAM_H
 #include <sys/param.h>
 #endif
 -#ifdef HAVE_SYS_MOUNT_H
 -#include <sys/mount.h>
 -#endif
 #ifdef HAVE_SYS_STAT_H
 #include <sys/stat.h>
 #endif
@@ -54,6 +51,8 @@ __FBSDID("$FreeBSD$");
 #endif
 #ifdef HAVE_LINUX_FS_H
 #include <linux/fs.h>
 +#elif HAVE_SYS_MOUNT_H
 +#include <sys/mount.h>
 #endif
 /*
  * Some Linux distributions have both linux/ext2_fs.h and ext2fs/ext2_fs.h.
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.5.3.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.5.3.ebuild
@ -1,126 +0,0 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI=8
 inherit multilib-minimal toolchain-funcs verify-sig
 DESCRIPTION="Multi-format archive and compression library"
 HOMEPAGE="https://www.libarchive.org/"
 SRC_URI="
 	https://www.libarchive.org/downloads/${P}.tar.gz
 	verify-sig? ( https://www.libarchive.org/downloads/${P}.tar.gz.asc )
 "
 LICENSE="BSD BSD-2 BSD-4 public-domain"
 SLOT="0/13"
 KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
 VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
 RDEPEND="
 	sys-libs/zlib[${MULTILIB_USEDEP}]
 	acl? ( virtual/acl[${MULTILIB_USEDEP}] )
 	blake2? ( app-crypt/libb2[${MULTILIB_USEDEP}] )
 	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
 	expat? ( dev-libs/expat[${MULTILIB_USEDEP}] )
 	!expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] )
 	iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] )
 	kernel_linux? (
 		xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] )
 	)
 	dev-libs/openssl:0=[${MULTILIB_USEDEP}]
 	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
 	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
 	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
 	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
 	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
 "
 DEPEND="${RDEPEND}
 	kernel_linux? (
 		virtual/os-headers
 		e2fsprogs? ( sys-fs/e2fsprogs )
 	)
 "
 BDEPEND="
 	verify-sig? ( sec-keys/openpgp-keys-libarchive )
 "
 multilib_src_configure() {
 	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
 	local myconf=(
 		$(use_enable acl)
 		$(use_enable static-libs static)
 		$(use_enable xattr)
 		$(use_with blake2 libb2)
 		$(use_with bzip2 bz2lib)
 		$(use_with expat)
 		$(use_with !expat xml2)
 		$(use_with iconv)
 		$(use_with lz4)
 		$(use_with lzma)
 		$(use_with lzo lzo2)
 		$(use_with nettle)
 		--with-zlib
 		$(use_with zstd)
 		# Windows-specific
 		--without-cng
 	)
 	if multilib_is_native_abi ; then
 		myconf+=(
 			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
 			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
 			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
 		)
 	else
 		myconf+=(
 			--disable-bsdcat
 			--disable-bsdcpio
 			--disable-bsdtar
 		)
 	fi
 	ECONF_SOURCE="${S}" econf "${myconf[@]}"
 }
 multilib_src_compile() {
 	if multilib_is_native_abi ; then
 		emake
 	else
 		emake libarchive.la
 	fi
 }
 src_test() {
 	mkdir -p "${T}"/bin || die
 	# tests fail when lbzip2[symlink] is used in place of ref bunzip2
 	ln -s "${BROOT}/bin/bunzip2" "${T}"/bin || die
 	local -x PATH=${T}/bin:${PATH}
 	multilib-minimal_src_test
 }
 multilib_src_test() {
 	# sandbox is breaking long symlink behavior
 	local -x SANDBOX_ON=0
 	local -x LD_PRELOAD=
 	# some locales trigger different output that breaks tests
 	local -x LC_ALL=C
 	emake check
 }
 multilib_src_install() {
 	if multilib_is_native_abi ; then
 		emake DESTDIR="${D}" install
 	else
 		local install_targets=(
 			install-includeHEADERS
 			install-libLTLIBRARIES
 			install-pkgconfigDATA
 		)
 		emake DESTDIR="${D}" "${install_targets[@]}"
 	fi
 	# Libs.private: should be used from libarchive.pc instead
 	find "${ED}" -type f -name "*.la" -delete || die
 }
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.0.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.0.ebuild
@ -1,126 +0,0 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 EAPI=8
 inherit multilib-minimal toolchain-funcs verify-sig
 DESCRIPTION="Multi-format archive and compression library"
 HOMEPAGE="https://www.libarchive.org/"
 SRC_URI="
 	https://www.libarchive.org/downloads/${P}.tar.gz
 	verify-sig? ( https://www.libarchive.org/downloads/${P}.tar.gz.asc )
 "
 LICENSE="BSD BSD-2 BSD-4 public-domain"
 SLOT="0/13"
 KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
 VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
 RDEPEND="
 	sys-libs/zlib[${MULTILIB_USEDEP}]
 	acl? ( virtual/acl[${MULTILIB_USEDEP}] )
 	blake2? ( app-crypt/libb2[${MULTILIB_USEDEP}] )
 	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
 	expat? ( dev-libs/expat[${MULTILIB_USEDEP}] )
 	!expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] )
 	iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] )
 	kernel_linux? (
 		xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] )
 	)
 	dev-libs/openssl:0=[${MULTILIB_USEDEP}]
 	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
 	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
 	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
 	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
 	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
 "
 DEPEND="${RDEPEND}
 	kernel_linux? (
 		virtual/os-headers
 		e2fsprogs? ( sys-fs/e2fsprogs )
 	)
 "
 BDEPEND="
 	verify-sig? ( sec-keys/openpgp-keys-libarchive )
 "
 multilib_src_configure() {
 	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
 	local myconf=(
 		$(use_enable acl)
 		$(use_enable static-libs static)
 		$(use_enable xattr)
 		$(use_with blake2 libb2)
 		$(use_with bzip2 bz2lib)
 		$(use_with expat)
 		$(use_with !expat xml2)
 		$(use_with iconv)
 		$(use_with lz4)
 		$(use_with lzma)
 		$(use_with lzo lzo2)
 		$(use_with nettle)
 		--with-zlib
 		$(use_with zstd)
 		# Windows-specific
 		--without-cng
 	)
 	if multilib_is_native_abi ; then
 		myconf+=(
 			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
 			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
 			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
 		)
 	else
 		myconf+=(
 			--disable-bsdcat
 			--disable-bsdcpio
 			--disable-bsdtar
 		)
 	fi
 	ECONF_SOURCE="${S}" econf "${myconf[@]}"
 }
 multilib_src_compile() {
 	if multilib_is_native_abi ; then
 		emake
 	else
 		emake libarchive.la
 	fi
 }
 src_test() {
 	mkdir -p "${T}"/bin || die
 	# tests fail when lbzip2[symlink] is used in place of ref bunzip2
 	ln -s "${BROOT}/bin/bunzip2" "${T}"/bin || die
 	local -x PATH=${T}/bin:${PATH}
 	multilib-minimal_src_test
 }
 multilib_src_test() {
 	# sandbox is breaking long symlink behavior
 	local -x SANDBOX_ON=0
 	local -x LD_PRELOAD=
 	# some locales trigger different output that breaks tests
 	local -x LC_ALL=C
 	emake check
 }
 multilib_src_install() {
 	if multilib_is_native_abi ; then
 		emake DESTDIR="${D}" install
 	else
 		local install_targets=(
 			install-includeHEADERS
 			install-libLTLIBRARIES
 			install-pkgconfigDATA
 		)
 		emake DESTDIR="${D}" "${install_targets[@]}"
 	fi
 	# Libs.private: should be used from libarchive.pc instead
 	find "${ED}" -type f -name "*.la" -delete || die
 }
--- a/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.1-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-arch/libarchive/libarchive-3.6.1-r1.ebuild
@ -7,13 +7,13 @@ inherit multilib-minimal toolchain-funcs verify-sig
 DESCRIPTION="Multi-format archive and compression library"
 HOMEPAGE="https://www.libarchive.org/"
 SRC_URI="
-	https://www.libarchive.de/downloads/${P}.tar.gz
+	https://www.libarchive.de/downloads/${P}.tar.xz
-	verify-sig? ( https://www.libarchive.de/downloads/${P}.tar.gz.asc )
+	verify-sig? ( https://www.libarchive.de/downloads/${P}.tar.xz.asc )
 "
 LICENSE="BSD BSD-2 BSD-4 public-domain"
 SLOT="0/13"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
 IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
 VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
@ -38,13 +38,19 @@ RDEPEND="
 DEPEND="${RDEPEND}
 	kernel_linux? (
 		virtual/os-headers
-		e2fsprogs? ( sys-fs/e2fsprogs )
+		e2fsprogs? ( sys-fs/e2fsprogs[${MULTILIB_USEDEP}] )
 	)
 "
 BDEPEND="
 	verify-sig? ( sec-keys/openpgp-keys-libarchive )
 "
 PATCHES=(
 	"${FILESDIR}"/${P}-glibc-2.36.patch
 	# https://github.com/libarchive/libarchive/pull/1759
 	"${FILESDIR}"/${P}-CVE-2022-36227.patch
 )
 multilib_src_configure() {
 	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
--- a/sdk_container/src/third_party/portage-stable/changelog/security/2022-12-07-libarchive-update.md
+++ b/sdk_container/src/third_party/portage-stable/changelog/security/2022-12-07-libarchive-update.md
@ -0,0 +1 @@
 - libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))
		`@ -0,0 +1 @@`
							`- libarchive ([CVE-2022-36227](https://nvd.nist.gov/vuln/detail/CVE-2022-36227))`