backport upstream patch to fix possibly malicious past commit (see https://github.com/libarchive/libarchive/pull/2101 ) [release 3.7.2-2mamba;Fri Apr 05 2024]

This commit is contained in:
Silvan Calarco 2024-04-06 00:52:20 +02:00
parent f878bdcf64
commit 7b4b4208f7
2 changed files with 34 additions and 2 deletions

View File

@ -0,0 +1,27 @@
From 6110e9c82d8ba830c3440f36b990483ceaaea52c Mon Sep 17 00:00:00 2001
From: Ed Maste <emaste@freebsd.org>
Date: Fri, 29 Mar 2024 18:02:06 -0400
Subject: [PATCH] tar: make error reporting more robust and use correct errno
(#2101)
As discussed in #1609.
---
tar/read.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/tar/read.c b/tar/read.c
index af3d3f423..a7f14a07b 100644
--- a/tar/read.c
+++ b/tar/read.c
@@ -371,8 +371,9 @@ read_archive(struct bsdtar *bsdtar, char mode, struct archive *writer)
if (r != ARCHIVE_OK) {
if (!bsdtar->verbose)
safe_fprintf(stderr, "%s", archive_entry_pathname(entry));
- fprintf(stderr, ": %s: ", archive_error_string(a));
- fprintf(stderr, "%s", strerror(errno));
+ safe_fprintf(stderr, ": %s: %s",
+ archive_error_string(a),
+ strerror(archive_errno(a)));
if (!bsdtar->verbose)
fprintf(stderr, "\n");
bsdtar->return_value = 1;

View File

@ -1,6 +1,6 @@
Name: libarchive Name: libarchive
Version: 3.7.2 Version: 3.7.2
Release: 1mamba Release: 2mamba
Summary: Single library to read/write tar, cpio, pax, zip, iso9660, etc. Summary: Single library to read/write tar, cpio, pax, zip, iso9660, etc.
Group: System/Libraries Group: System/Libraries
Vendor: openmamba Vendor: openmamba
@ -8,11 +8,11 @@ Distribution: openmamba
Packager: Silvan Calarco <silvan.calarco@mambasoft.it> Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
URL: https://libarchive.org/ URL: https://libarchive.org/
Source: https://github.com/libarchive/libarchive.git/v%{version}/libarchive-%{version}.tar.bz2 Source: https://github.com/libarchive/libarchive.git/v%{version}/libarchive-%{version}.tar.bz2
Patch0: libarchive-3.7.2-backport_bsdtar_make_error_reporting_more_robust.patch
License: BSD License: BSD
## AUTOBUILDREQ-BEGIN ## AUTOBUILDREQ-BEGIN
BuildRequires: glibc-devel BuildRequires: glibc-devel
BuildRequires: libacl-devel BuildRequires: libacl-devel
BuildRequires: libattr-devel
BuildRequires: libb2-devel BuildRequires: libb2-devel
BuildRequires: libbzip2-devel BuildRequires: libbzip2-devel
BuildRequires: libgomp-devel BuildRequires: libgomp-devel
@ -60,6 +60,8 @@ This package contains the following programs built on libarchive:
%prep %prep
%setup -q %setup -q
%patch 0 -p1 -b .backport_bsdtar_make_error_reporting_more_robust
autoreconf -f -i autoreconf -f -i
%build %build
@ -120,6 +122,9 @@ mv %{buildroot}%{_mandir}/man5/tar.5 %{buildroot}%{_mandir}/man5/archive_tar.5
%{_mandir}/man1/bsdunzip.1* %{_mandir}/man1/bsdunzip.1*
%changelog %changelog
* Fri Apr 05 2024 Silvan Calarco <silvan.calarco@mambasoft.it> 3.7.2-2mamba
- backport upstream patch to fix possibly malicious past commit (see https://github.com/libarchive/libarchive/pull/2101 )
* Tue Sep 12 2023 Automatic Build System <autodist@mambasoft.it> 3.7.2-1mamba * Tue Sep 12 2023 Automatic Build System <autodist@mambasoft.it> 3.7.2-1mamba
- automatic version update by autodist - automatic version update by autodist