[arch-commits] Commit in libarchive/repos (10 files)

Christian Hesse eworm at archlinux.org
Sat Feb 4 17:43:38 UTC 2017


    Date: Saturday, February 4, 2017 @ 17:43:38
  Author: eworm
Revision: 288025

archrelease: copy trunk to testing-i686, testing-x86_64

Added:
  libarchive/repos/testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
    (from rev 288024, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch)
  libarchive/repos/testing-i686/0002-fixes-a-heap-buffer-overflow.patch
    (from rev 288024, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch)
  libarchive/repos/testing-i686/PKGBUILD
    (from rev 288024, libarchive/trunk/PKGBUILD)
  libarchive/repos/testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
    (from rev 288024, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch)
  libarchive/repos/testing-x86_64/0002-fixes-a-heap-buffer-overflow.patch
    (from rev 288024, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch)
  libarchive/repos/testing-x86_64/PKGBUILD
    (from rev 288024, libarchive/trunk/PKGBUILD)
Deleted:
  libarchive/repos/testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
  libarchive/repos/testing-i686/PKGBUILD
  libarchive/repos/testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
  libarchive/repos/testing-x86_64/PKGBUILD

--------------------------------------------------------------------------------------+
 /0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch               |  380 ++++++++++
 /PKGBUILD                                                                            |  110 ++
 testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch   |  190 -----
 testing-i686/0002-fixes-a-heap-buffer-overflow.patch                                 |   24 
 testing-i686/PKGBUILD                                                                |   49 -
 testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch |  190 -----
 testing-x86_64/0002-fixes-a-heap-buffer-overflow.patch                               |   24 
 testing-x86_64/PKGBUILD                                                              |   49 -
 8 files changed, 538 insertions(+), 478 deletions(-)

Deleted: testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
===================================================================
--- testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	2017-02-04 17:43:31 UTC (rev 288024)
+++ testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	2017-02-04 17:43:38 UTC (rev 288025)
@@ -1,190 +0,0 @@
-From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001
-From: Peter Wu <peter at lekensteyn.nl>
-Date: Fri, 23 Dec 2016 12:45:43 +0100
-Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives
-
-Assume that anything with a trailing slash is a directory. This avoids
-creating regular files when a directory is expected and could occur
-when the External File Attributes (EFA) field in the Central Directory
-contains bogus values:
-
- - Jar file: observed to have OS MS-DOS (0) and EFA 0.
- - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010.
-   After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least
-   it successfully creates a directory instead of a regular file.
-
-A test case has been added for the first case (based on
-test_read_format_zip_nofiletype).
----
- Makefile.am                                     |  2 +
- libarchive/archive_read_support_format_zip.c    | 36 ++++++++-------
- libarchive/test/CMakeLists.txt                  |  1 +
- libarchive/test/test_read_format_zip_jar.c      | 59 +++++++++++++++++++++++++
- libarchive/test/test_read_format_zip_jar.jar.uu |  6 +++
- 5 files changed, 88 insertions(+), 16 deletions(-)
- create mode 100644 libarchive/test/test_read_format_zip_jar.c
- create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu
-
-diff --git a/Makefile.am b/Makefile.am
-index 614f864..6ed0495 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \
- 	libarchive/test/test_read_format_zip_encryption_header.c \
- 	libarchive/test/test_read_format_zip_filename.c \
- 	libarchive/test/test_read_format_zip_high_compression.c \
-+	libarchive/test/test_read_format_zip_jar.c \
- 	libarchive/test/test_read_format_zip_mac_metadata.c \
- 	libarchive/test/test_read_format_zip_malformed.c \
- 	libarchive/test/test_read_format_zip_msdos.c \
-@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\
- 	libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \
- 	libarchive/test/test_read_format_zip_high_compression.zip.uu \
- 	libarchive/test/test_read_format_zip_length_at_end.zip.uu \
-+	libarchive/test/test_read_format_zip_jar.jar.uu \
- 	libarchive/test/test_read_format_zip_mac_metadata.zip.uu \
- 	libarchive/test/test_read_format_zip_malformed1.zip.uu \
- 	libarchive/test/test_read_format_zip_msdos.zip.uu \
-diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
-index 9796fca..d19e791 100644
---- a/libarchive/archive_read_support_format_zip.c
-+++ b/libarchive/archive_read_support_format_zip.c
-@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry,
- 		zip_entry->mode |= AE_IFREG;
- 	}
- 
--	if ((zip_entry->mode & AE_IFMT) == 0) {
--		/* Especially in streaming mode, we can end up
--		   here without having seen proper mode information.
--		   Guess from the filename. */
-+	/* If the mode is totally empty, set some sane default. */
-+	if (zip_entry->mode == 0) {
-+		zip_entry->mode |= 0664;
-+	}
-+
-+	/* Make sure that entries with a trailing '/' are marked as directories
-+	 * even if the External File Attributes contains bogus values.  If this
-+	 * is not a directory and there is no type, assume regularfile. */
-+	if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) {
-+		int has_slash;
-+
- 		wp = archive_entry_pathname_w(entry);
- 		if (wp != NULL) {
- 			len = wcslen(wp);
--			if (len > 0 && wp[len - 1] == L'/')
--				zip_entry->mode |= AE_IFDIR;
--			else
--				zip_entry->mode |= AE_IFREG;
-+			has_slash = len > 0 && wp[len - 1] == L'/';
- 		} else {
- 			cp = archive_entry_pathname(entry);
- 			len = (cp != NULL)?strlen(cp):0;
--			if (len > 0 && cp[len - 1] == '/')
--				zip_entry->mode |= AE_IFDIR;
--			else
--				zip_entry->mode |= AE_IFREG;
-+			has_slash = len > 0 && cp[len - 1] == '/';
- 		}
--		if (zip_entry->mode == AE_IFDIR) {
--			zip_entry->mode |= 0775;
--		} else if (zip_entry->mode == AE_IFREG) {
--			zip_entry->mode |= 0664;
-+		/* Correct file type as needed. */
-+		if (has_slash) {
-+			zip_entry->mode &= ~AE_IFMT;
-+			zip_entry->mode |= AE_IFDIR;
-+			zip_entry->mode |= 0111;
-+		} else if ((zip_entry->mode & AE_IFMT) == 0) {
-+			zip_entry->mode |= AE_IFREG;
- 		}
- 	}
- 
-diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
-index ab9a8a4..3c2671d 100644
---- a/libarchive/test/CMakeLists.txt
-+++ b/libarchive/test/CMakeLists.txt
-@@ -169,6 +169,7 @@ IF(ENABLE_TEST)
-     test_read_format_zip_encryption_partially.c
-     test_read_format_zip_filename.c
-     test_read_format_zip_high_compression.c
-+    test_read_format_zip_jar.c
-     test_read_format_zip_mac_metadata.c
-     test_read_format_zip_malformed.c
-     test_read_format_zip_msdos.c
-diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c
-new file mode 100644
-index 0000000..ffb520e
---- /dev/null
-+++ b/libarchive/test/test_read_format_zip_jar.c
-@@ -0,0 +1,59 @@
-+/*-
-+ * Copyright (c) 2016 Peter Wu
-+ * All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+#include "test.h"
-+__FBSDID("$FreeBSD$");
-+
-+/*
-+ * Issue 822: jar files have an empty External File Attributes field which
-+ * is misinterpreted as regular file type due to OS MS-DOS.
-+ */
-+
-+DEFINE_TEST(test_read_format_zip_jar)
-+{
-+	const char *refname = "test_read_format_zip_jar.jar";
-+	char *p;
-+	size_t s;
-+	struct archive *a;
-+	struct archive_entry *ae;
-+	char data[16];
-+
-+	extract_reference_file(refname);
-+	p = slurpfile(&s, refname);
-+
-+	assert((a = archive_read_new()) != NULL);
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a));
-+	assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1));
-+
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
-+	assertEqualString("somedir/", archive_entry_pathname(ae));
-+	assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae));
-+	assertEqualInt(0, archive_entry_size(ae));
-+	assertEqualIntA(a, 0, archive_read_data(a, data, 16));
-+
-+	assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae));
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
-+	free(p);
-+}
-diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu
-new file mode 100644
-index 0000000..0778c93
---- /dev/null
-+++ b/libarchive/test/test_read_format_zip_jar.jar.uu
-@@ -0,0 +1,6 @@
-+begin 640 test_read_format_zip_jar.jar
-+M4$L#! H   @  $AQETD                (  0 <V]M961I<B_^R@  4$L!
-+M @H "@  "   2'&720                @ !                    '-O
-+@;65D:7(O_LH  %!+!08      0 ! #H    J        
-+ 
-+end

Copied: libarchive/repos/testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (from rev 288024, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch)
===================================================================
--- testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	                        (rev 0)
+++ testing-i686/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	2017-02-04 17:43:38 UTC (rev 288025)
@@ -0,0 +1,190 @@
+From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001
+From: Peter Wu <peter at lekensteyn.nl>
+Date: Fri, 23 Dec 2016 12:45:43 +0100
+Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives
+
+Assume that anything with a trailing slash is a directory. This avoids
+creating regular files when a directory is expected and could occur
+when the External File Attributes (EFA) field in the Central Directory
+contains bogus values:
+
+ - Jar file: observed to have OS MS-DOS (0) and EFA 0.
+ - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010.
+   After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least
+   it successfully creates a directory instead of a regular file.
+
+A test case has been added for the first case (based on
+test_read_format_zip_nofiletype).
+---
+ Makefile.am                                     |  2 +
+ libarchive/archive_read_support_format_zip.c    | 36 ++++++++-------
+ libarchive/test/CMakeLists.txt                  |  1 +
+ libarchive/test/test_read_format_zip_jar.c      | 59 +++++++++++++++++++++++++
+ libarchive/test/test_read_format_zip_jar.jar.uu |  6 +++
+ 5 files changed, 88 insertions(+), 16 deletions(-)
+ create mode 100644 libarchive/test/test_read_format_zip_jar.c
+ create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu
+
+diff --git a/Makefile.am b/Makefile.am
+index 614f864..6ed0495 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \
+ 	libarchive/test/test_read_format_zip_encryption_header.c \
+ 	libarchive/test/test_read_format_zip_filename.c \
+ 	libarchive/test/test_read_format_zip_high_compression.c \
++	libarchive/test/test_read_format_zip_jar.c \
+ 	libarchive/test/test_read_format_zip_mac_metadata.c \
+ 	libarchive/test/test_read_format_zip_malformed.c \
+ 	libarchive/test/test_read_format_zip_msdos.c \
+@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\
+ 	libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \
+ 	libarchive/test/test_read_format_zip_high_compression.zip.uu \
+ 	libarchive/test/test_read_format_zip_length_at_end.zip.uu \
++	libarchive/test/test_read_format_zip_jar.jar.uu \
+ 	libarchive/test/test_read_format_zip_mac_metadata.zip.uu \
+ 	libarchive/test/test_read_format_zip_malformed1.zip.uu \
+ 	libarchive/test/test_read_format_zip_msdos.zip.uu \
+diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
+index 9796fca..d19e791 100644
+--- a/libarchive/archive_read_support_format_zip.c
++++ b/libarchive/archive_read_support_format_zip.c
+@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry,
+ 		zip_entry->mode |= AE_IFREG;
+ 	}
+ 
+-	if ((zip_entry->mode & AE_IFMT) == 0) {
+-		/* Especially in streaming mode, we can end up
+-		   here without having seen proper mode information.
+-		   Guess from the filename. */
++	/* If the mode is totally empty, set some sane default. */
++	if (zip_entry->mode == 0) {
++		zip_entry->mode |= 0664;
++	}
++
++	/* Make sure that entries with a trailing '/' are marked as directories
++	 * even if the External File Attributes contains bogus values.  If this
++	 * is not a directory and there is no type, assume regularfile. */
++	if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) {
++		int has_slash;
++
+ 		wp = archive_entry_pathname_w(entry);
+ 		if (wp != NULL) {
+ 			len = wcslen(wp);
+-			if (len > 0 && wp[len - 1] == L'/')
+-				zip_entry->mode |= AE_IFDIR;
+-			else
+-				zip_entry->mode |= AE_IFREG;
++			has_slash = len > 0 && wp[len - 1] == L'/';
+ 		} else {
+ 			cp = archive_entry_pathname(entry);
+ 			len = (cp != NULL)?strlen(cp):0;
+-			if (len > 0 && cp[len - 1] == '/')
+-				zip_entry->mode |= AE_IFDIR;
+-			else
+-				zip_entry->mode |= AE_IFREG;
++			has_slash = len > 0 && cp[len - 1] == '/';
+ 		}
+-		if (zip_entry->mode == AE_IFDIR) {
+-			zip_entry->mode |= 0775;
+-		} else if (zip_entry->mode == AE_IFREG) {
+-			zip_entry->mode |= 0664;
++		/* Correct file type as needed. */
++		if (has_slash) {
++			zip_entry->mode &= ~AE_IFMT;
++			zip_entry->mode |= AE_IFDIR;
++			zip_entry->mode |= 0111;
++		} else if ((zip_entry->mode & AE_IFMT) == 0) {
++			zip_entry->mode |= AE_IFREG;
+ 		}
+ 	}
+ 
+diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
+index ab9a8a4..3c2671d 100644
+--- a/libarchive/test/CMakeLists.txt
++++ b/libarchive/test/CMakeLists.txt
+@@ -169,6 +169,7 @@ IF(ENABLE_TEST)
+     test_read_format_zip_encryption_partially.c
+     test_read_format_zip_filename.c
+     test_read_format_zip_high_compression.c
++    test_read_format_zip_jar.c
+     test_read_format_zip_mac_metadata.c
+     test_read_format_zip_malformed.c
+     test_read_format_zip_msdos.c
+diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c
+new file mode 100644
+index 0000000..ffb520e
+--- /dev/null
++++ b/libarchive/test/test_read_format_zip_jar.c
+@@ -0,0 +1,59 @@
++/*-
++ * Copyright (c) 2016 Peter Wu
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++/*
++ * Issue 822: jar files have an empty External File Attributes field which
++ * is misinterpreted as regular file type due to OS MS-DOS.
++ */
++
++DEFINE_TEST(test_read_format_zip_jar)
++{
++	const char *refname = "test_read_format_zip_jar.jar";
++	char *p;
++	size_t s;
++	struct archive *a;
++	struct archive_entry *ae;
++	char data[16];
++
++	extract_reference_file(refname);
++	p = slurpfile(&s, refname);
++
++	assert((a = archive_read_new()) != NULL);
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a));
++	assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1));
++
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
++	assertEqualString("somedir/", archive_entry_pathname(ae));
++	assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae));
++	assertEqualInt(0, archive_entry_size(ae));
++	assertEqualIntA(a, 0, archive_read_data(a, data, 16));
++
++	assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae));
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
++	free(p);
++}
+diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu
+new file mode 100644
+index 0000000..0778c93
+--- /dev/null
++++ b/libarchive/test/test_read_format_zip_jar.jar.uu
+@@ -0,0 +1,6 @@
++begin 640 test_read_format_zip_jar.jar
++M4$L#! H   @  $AQETD                (  0 <V]M961I<B_^R@  4$L!
++M @H "@  "   2'&720                @ !                    '-O
++@;65D:7(O_LH  %!+!08      0 ! #H    J        
++ 
++end

Copied: libarchive/repos/testing-i686/0002-fixes-a-heap-buffer-overflow.patch (from rev 288024, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch)
===================================================================
--- testing-i686/0002-fixes-a-heap-buffer-overflow.patch	                        (rev 0)
+++ testing-i686/0002-fixes-a-heap-buffer-overflow.patch	2017-02-04 17:43:38 UTC (rev 288025)
@@ -0,0 +1,24 @@
+From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin at matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
+ Fixes a heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index 52a5531..d77a7c2 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ 	/* Get a real compressed file size. */
+ 	lha->compsize -= extdsize - 2;
+ 
++	if (lha->compsize < 0)
++		goto invalid;	/* Invalid compressed file size */
++
+ 	if (sum_calculated != headersum) {
+ 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ 		    "LHa header sum error");

Deleted: testing-i686/PKGBUILD
===================================================================
--- testing-i686/PKGBUILD	2017-02-04 17:43:31 UTC (rev 288024)
+++ testing-i686/PKGBUILD	2017-02-04 17:43:38 UTC (rev 288025)
@@ -1,49 +0,0 @@
-# $Id$
-# Maintainer: Dan McGee <dan at archlinux.org>
-
-pkgname=libarchive
-pkgver=3.2.2
-pkgrel=3
-pkgdesc="library that can create and read several streaming archive formats"
-arch=('i686' 'x86_64')
-url="http://libarchive.org/"
-license=('BSD')
-depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib')
-options=('strip' 'debug' 'libtool')
-provides=('libarchive.so')
-source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
-        '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch')
-sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4'
-            '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5')
-
-prepare() {
-  cd "$pkgname-$pkgver"
-
-  # Issue #822: Try harder to detect directories in zip archives
-  patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
-}
-
-build() {
-  cd "$pkgname-$pkgver"
-
-  autoreconf -fi
-  ./configure \
-      --prefix=/usr \
-      --without-xml2 \
-      --without-nettle
-
-  make
-}
-
-check() {
-  cd "$pkgname-$pkgver"
-
-  make check
-}
-
-package() {
-  cd "$pkgname-$pkgver"
-
-  make DESTDIR="$pkgdir" install
-  install -D -m644 COPYING "$pkgdir"/usr/share/licenses/libarchive/COPYING
-}

Copied: libarchive/repos/testing-i686/PKGBUILD (from rev 288024, libarchive/trunk/PKGBUILD)
===================================================================
--- testing-i686/PKGBUILD	                        (rev 0)
+++ testing-i686/PKGBUILD	2017-02-04 17:43:38 UTC (rev 288025)
@@ -0,0 +1,55 @@
+# $Id$
+# Maintainer: Dan McGee <dan at archlinux.org>
+
+pkgname=libarchive
+pkgver=3.2.2
+pkgrel=4
+pkgdesc="library that can create and read several streaming archive formats"
+arch=('i686' 'x86_64')
+url="http://libarchive.org/"
+license=('BSD')
+depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib')
+options=('strip' 'debug' 'libtool')
+provides=('libarchive.so')
+source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
+        '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch'
+        '0002-fixes-a-heap-buffer-overflow.patch')
+sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4'
+            '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5'
+            'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+
+  # Issue #822: Try harder to detect directories in zip archives
+  patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
+
+  # Fail with negative lha->compsize in lha_read_file_header_1()
+  # Fixes a heap buffer overflow reported in Secunia SA74169
+  patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch
+}
+
+build() {
+  cd "$pkgname-$pkgver"
+
+  autoreconf -fi
+  ./configure \
+      --prefix=/usr \
+      --without-xml2 \
+      --without-nettle
+
+  make
+}
+
+check() {
+  cd "$pkgname-$pkgver"
+
+  make check
+}
+
+package() {
+  cd "$pkgname-$pkgver"
+
+  make DESTDIR="$pkgdir" install
+  install -D -m644 COPYING "$pkgdir"/usr/share/licenses/libarchive/COPYING
+}

Deleted: testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
===================================================================
--- testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	2017-02-04 17:43:31 UTC (rev 288024)
+++ testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	2017-02-04 17:43:38 UTC (rev 288025)
@@ -1,190 +0,0 @@
-From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001
-From: Peter Wu <peter at lekensteyn.nl>
-Date: Fri, 23 Dec 2016 12:45:43 +0100
-Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives
-
-Assume that anything with a trailing slash is a directory. This avoids
-creating regular files when a directory is expected and could occur
-when the External File Attributes (EFA) field in the Central Directory
-contains bogus values:
-
- - Jar file: observed to have OS MS-DOS (0) and EFA 0.
- - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010.
-   After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least
-   it successfully creates a directory instead of a regular file.
-
-A test case has been added for the first case (based on
-test_read_format_zip_nofiletype).
----
- Makefile.am                                     |  2 +
- libarchive/archive_read_support_format_zip.c    | 36 ++++++++-------
- libarchive/test/CMakeLists.txt                  |  1 +
- libarchive/test/test_read_format_zip_jar.c      | 59 +++++++++++++++++++++++++
- libarchive/test/test_read_format_zip_jar.jar.uu |  6 +++
- 5 files changed, 88 insertions(+), 16 deletions(-)
- create mode 100644 libarchive/test/test_read_format_zip_jar.c
- create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu
-
-diff --git a/Makefile.am b/Makefile.am
-index 614f864..6ed0495 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \
- 	libarchive/test/test_read_format_zip_encryption_header.c \
- 	libarchive/test/test_read_format_zip_filename.c \
- 	libarchive/test/test_read_format_zip_high_compression.c \
-+	libarchive/test/test_read_format_zip_jar.c \
- 	libarchive/test/test_read_format_zip_mac_metadata.c \
- 	libarchive/test/test_read_format_zip_malformed.c \
- 	libarchive/test/test_read_format_zip_msdos.c \
-@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\
- 	libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \
- 	libarchive/test/test_read_format_zip_high_compression.zip.uu \
- 	libarchive/test/test_read_format_zip_length_at_end.zip.uu \
-+	libarchive/test/test_read_format_zip_jar.jar.uu \
- 	libarchive/test/test_read_format_zip_mac_metadata.zip.uu \
- 	libarchive/test/test_read_format_zip_malformed1.zip.uu \
- 	libarchive/test/test_read_format_zip_msdos.zip.uu \
-diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
-index 9796fca..d19e791 100644
---- a/libarchive/archive_read_support_format_zip.c
-+++ b/libarchive/archive_read_support_format_zip.c
-@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry,
- 		zip_entry->mode |= AE_IFREG;
- 	}
- 
--	if ((zip_entry->mode & AE_IFMT) == 0) {
--		/* Especially in streaming mode, we can end up
--		   here without having seen proper mode information.
--		   Guess from the filename. */
-+	/* If the mode is totally empty, set some sane default. */
-+	if (zip_entry->mode == 0) {
-+		zip_entry->mode |= 0664;
-+	}
-+
-+	/* Make sure that entries with a trailing '/' are marked as directories
-+	 * even if the External File Attributes contains bogus values.  If this
-+	 * is not a directory and there is no type, assume regularfile. */
-+	if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) {
-+		int has_slash;
-+
- 		wp = archive_entry_pathname_w(entry);
- 		if (wp != NULL) {
- 			len = wcslen(wp);
--			if (len > 0 && wp[len - 1] == L'/')
--				zip_entry->mode |= AE_IFDIR;
--			else
--				zip_entry->mode |= AE_IFREG;
-+			has_slash = len > 0 && wp[len - 1] == L'/';
- 		} else {
- 			cp = archive_entry_pathname(entry);
- 			len = (cp != NULL)?strlen(cp):0;
--			if (len > 0 && cp[len - 1] == '/')
--				zip_entry->mode |= AE_IFDIR;
--			else
--				zip_entry->mode |= AE_IFREG;
-+			has_slash = len > 0 && cp[len - 1] == '/';
- 		}
--		if (zip_entry->mode == AE_IFDIR) {
--			zip_entry->mode |= 0775;
--		} else if (zip_entry->mode == AE_IFREG) {
--			zip_entry->mode |= 0664;
-+		/* Correct file type as needed. */
-+		if (has_slash) {
-+			zip_entry->mode &= ~AE_IFMT;
-+			zip_entry->mode |= AE_IFDIR;
-+			zip_entry->mode |= 0111;
-+		} else if ((zip_entry->mode & AE_IFMT) == 0) {
-+			zip_entry->mode |= AE_IFREG;
- 		}
- 	}
- 
-diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
-index ab9a8a4..3c2671d 100644
---- a/libarchive/test/CMakeLists.txt
-+++ b/libarchive/test/CMakeLists.txt
-@@ -169,6 +169,7 @@ IF(ENABLE_TEST)
-     test_read_format_zip_encryption_partially.c
-     test_read_format_zip_filename.c
-     test_read_format_zip_high_compression.c
-+    test_read_format_zip_jar.c
-     test_read_format_zip_mac_metadata.c
-     test_read_format_zip_malformed.c
-     test_read_format_zip_msdos.c
-diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c
-new file mode 100644
-index 0000000..ffb520e
---- /dev/null
-+++ b/libarchive/test/test_read_format_zip_jar.c
-@@ -0,0 +1,59 @@
-+/*-
-+ * Copyright (c) 2016 Peter Wu
-+ * All rights reserved.
-+ *
-+ * Redistribution and use in source and binary forms, with or without
-+ * modification, are permitted provided that the following conditions
-+ * are met:
-+ * 1. Redistributions of source code must retain the above copyright
-+ *    notice, this list of conditions and the following disclaimer.
-+ * 2. Redistributions in binary form must reproduce the above copyright
-+ *    notice, this list of conditions and the following disclaimer in the
-+ *    documentation and/or other materials provided with the distribution.
-+ *
-+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
-+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
-+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-+ */
-+#include "test.h"
-+__FBSDID("$FreeBSD$");
-+
-+/*
-+ * Issue 822: jar files have an empty External File Attributes field which
-+ * is misinterpreted as regular file type due to OS MS-DOS.
-+ */
-+
-+DEFINE_TEST(test_read_format_zip_jar)
-+{
-+	const char *refname = "test_read_format_zip_jar.jar";
-+	char *p;
-+	size_t s;
-+	struct archive *a;
-+	struct archive_entry *ae;
-+	char data[16];
-+
-+	extract_reference_file(refname);
-+	p = slurpfile(&s, refname);
-+
-+	assert((a = archive_read_new()) != NULL);
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a));
-+	assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1));
-+
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
-+	assertEqualString("somedir/", archive_entry_pathname(ae));
-+	assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae));
-+	assertEqualInt(0, archive_entry_size(ae));
-+	assertEqualIntA(a, 0, archive_read_data(a, data, 16));
-+
-+	assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae));
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
-+	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
-+	free(p);
-+}
-diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu
-new file mode 100644
-index 0000000..0778c93
---- /dev/null
-+++ b/libarchive/test/test_read_format_zip_jar.jar.uu
-@@ -0,0 +1,6 @@
-+begin 640 test_read_format_zip_jar.jar
-+M4$L#! H   @  $AQETD                (  0 <V]M961I<B_^R@  4$L!
-+M @H "@  "   2'&720                @ !                    '-O
-+@;65D:7(O_LH  %!+!08      0 ! #H    J        
-+ 
-+end

Copied: libarchive/repos/testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch (from rev 288024, libarchive/trunk/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch)
===================================================================
--- testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	                        (rev 0)
+++ testing-x86_64/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch	2017-02-04 17:43:38 UTC (rev 288025)
@@ -0,0 +1,190 @@
+From 2ecf8d1c1e1bdfc20b0aada90e356054a3054693 Mon Sep 17 00:00:00 2001
+From: Peter Wu <peter at lekensteyn.nl>
+Date: Fri, 23 Dec 2016 12:45:43 +0100
+Subject: [PATCH] Issue #822: Try harder to detect directories in zip archives
+
+Assume that anything with a trailing slash is a directory. This avoids
+creating regular files when a directory is expected and could occur
+when the External File Attributes (EFA) field in the Central Directory
+contains bogus values:
+
+ - Jar file: observed to have OS MS-DOS (0) and EFA 0.
+ - dex2jar-2.0.zip: observed to have OS Unix (3), but EFA 0xffff0010.
+   After this patch, bsdtar tv still shows mode drwsrwsrwt, but at least
+   it successfully creates a directory instead of a regular file.
+
+A test case has been added for the first case (based on
+test_read_format_zip_nofiletype).
+---
+ Makefile.am                                     |  2 +
+ libarchive/archive_read_support_format_zip.c    | 36 ++++++++-------
+ libarchive/test/CMakeLists.txt                  |  1 +
+ libarchive/test/test_read_format_zip_jar.c      | 59 +++++++++++++++++++++++++
+ libarchive/test/test_read_format_zip_jar.jar.uu |  6 +++
+ 5 files changed, 88 insertions(+), 16 deletions(-)
+ create mode 100644 libarchive/test/test_read_format_zip_jar.c
+ create mode 100644 libarchive/test/test_read_format_zip_jar.jar.uu
+
+diff --git a/Makefile.am b/Makefile.am
+index 614f864..6ed0495 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -483,6 +483,7 @@ libarchive_test_SOURCES= \
+ 	libarchive/test/test_read_format_zip_encryption_header.c \
+ 	libarchive/test/test_read_format_zip_filename.c \
+ 	libarchive/test/test_read_format_zip_high_compression.c \
++	libarchive/test/test_read_format_zip_jar.c \
+ 	libarchive/test/test_read_format_zip_mac_metadata.c \
+ 	libarchive/test/test_read_format_zip_malformed.c \
+ 	libarchive/test/test_read_format_zip_msdos.c \
+@@ -801,6 +802,7 @@ libarchive_test_EXTRA_DIST=\
+ 	libarchive/test/test_read_format_zip_filename_utf8_ru2.zip.uu \
+ 	libarchive/test/test_read_format_zip_high_compression.zip.uu \
+ 	libarchive/test/test_read_format_zip_length_at_end.zip.uu \
++	libarchive/test/test_read_format_zip_jar.jar.uu \
+ 	libarchive/test/test_read_format_zip_mac_metadata.zip.uu \
+ 	libarchive/test/test_read_format_zip_malformed1.zip.uu \
+ 	libarchive/test/test_read_format_zip_msdos.zip.uu \
+diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c
+index 9796fca..d19e791 100644
+--- a/libarchive/archive_read_support_format_zip.c
++++ b/libarchive/archive_read_support_format_zip.c
+@@ -864,29 +864,33 @@ zip_read_local_file_header(struct archive_read *a, struct archive_entry *entry,
+ 		zip_entry->mode |= AE_IFREG;
+ 	}
+ 
+-	if ((zip_entry->mode & AE_IFMT) == 0) {
+-		/* Especially in streaming mode, we can end up
+-		   here without having seen proper mode information.
+-		   Guess from the filename. */
++	/* If the mode is totally empty, set some sane default. */
++	if (zip_entry->mode == 0) {
++		zip_entry->mode |= 0664;
++	}
++
++	/* Make sure that entries with a trailing '/' are marked as directories
++	 * even if the External File Attributes contains bogus values.  If this
++	 * is not a directory and there is no type, assume regularfile. */
++	if ((zip_entry->mode & AE_IFMT) != AE_IFDIR) {
++		int has_slash;
++
+ 		wp = archive_entry_pathname_w(entry);
+ 		if (wp != NULL) {
+ 			len = wcslen(wp);
+-			if (len > 0 && wp[len - 1] == L'/')
+-				zip_entry->mode |= AE_IFDIR;
+-			else
+-				zip_entry->mode |= AE_IFREG;
++			has_slash = len > 0 && wp[len - 1] == L'/';
+ 		} else {
+ 			cp = archive_entry_pathname(entry);
+ 			len = (cp != NULL)?strlen(cp):0;
+-			if (len > 0 && cp[len - 1] == '/')
+-				zip_entry->mode |= AE_IFDIR;
+-			else
+-				zip_entry->mode |= AE_IFREG;
++			has_slash = len > 0 && cp[len - 1] == '/';
+ 		}
+-		if (zip_entry->mode == AE_IFDIR) {
+-			zip_entry->mode |= 0775;
+-		} else if (zip_entry->mode == AE_IFREG) {
+-			zip_entry->mode |= 0664;
++		/* Correct file type as needed. */
++		if (has_slash) {
++			zip_entry->mode &= ~AE_IFMT;
++			zip_entry->mode |= AE_IFDIR;
++			zip_entry->mode |= 0111;
++		} else if ((zip_entry->mode & AE_IFMT) == 0) {
++			zip_entry->mode |= AE_IFREG;
+ 		}
+ 	}
+ 
+diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt
+index ab9a8a4..3c2671d 100644
+--- a/libarchive/test/CMakeLists.txt
++++ b/libarchive/test/CMakeLists.txt
+@@ -169,6 +169,7 @@ IF(ENABLE_TEST)
+     test_read_format_zip_encryption_partially.c
+     test_read_format_zip_filename.c
+     test_read_format_zip_high_compression.c
++    test_read_format_zip_jar.c
+     test_read_format_zip_mac_metadata.c
+     test_read_format_zip_malformed.c
+     test_read_format_zip_msdos.c
+diff --git a/libarchive/test/test_read_format_zip_jar.c b/libarchive/test/test_read_format_zip_jar.c
+new file mode 100644
+index 0000000..ffb520e
+--- /dev/null
++++ b/libarchive/test/test_read_format_zip_jar.c
+@@ -0,0 +1,59 @@
++/*-
++ * Copyright (c) 2016 Peter Wu
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++/*
++ * Issue 822: jar files have an empty External File Attributes field which
++ * is misinterpreted as regular file type due to OS MS-DOS.
++ */
++
++DEFINE_TEST(test_read_format_zip_jar)
++{
++	const char *refname = "test_read_format_zip_jar.jar";
++	char *p;
++	size_t s;
++	struct archive *a;
++	struct archive_entry *ae;
++	char data[16];
++
++	extract_reference_file(refname);
++	p = slurpfile(&s, refname);
++
++	assert((a = archive_read_new()) != NULL);
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_zip_seekable(a));
++	assertEqualIntA(a, ARCHIVE_OK, read_open_memory_seek(a, p, s, 1));
++
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_next_header(a, &ae));
++	assertEqualString("somedir/", archive_entry_pathname(ae));
++	assertEqualInt(AE_IFDIR | 0775, archive_entry_mode(ae));
++	assertEqualInt(0, archive_entry_size(ae));
++	assertEqualIntA(a, 0, archive_read_data(a, data, 16));
++
++	assertEqualIntA(a, ARCHIVE_EOF, archive_read_next_header(a, &ae));
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_close(a));
++	assertEqualIntA(a, ARCHIVE_OK, archive_read_free(a));
++	free(p);
++}
+diff --git a/libarchive/test/test_read_format_zip_jar.jar.uu b/libarchive/test/test_read_format_zip_jar.jar.uu
+new file mode 100644
+index 0000000..0778c93
+--- /dev/null
++++ b/libarchive/test/test_read_format_zip_jar.jar.uu
+@@ -0,0 +1,6 @@
++begin 640 test_read_format_zip_jar.jar
++M4$L#! H   @  $AQETD                (  0 <V]M961I<B_^R@  4$L!
++M @H "@  "   2'&720                @ !                    '-O
++@;65D:7(O_LH  %!+!08      0 ! #H    J        
++ 
++end

Copied: libarchive/repos/testing-x86_64/0002-fixes-a-heap-buffer-overflow.patch (from rev 288024, libarchive/trunk/0002-fixes-a-heap-buffer-overflow.patch)
===================================================================
--- testing-x86_64/0002-fixes-a-heap-buffer-overflow.patch	                        (rev 0)
+++ testing-x86_64/0002-fixes-a-heap-buffer-overflow.patch	2017-02-04 17:43:38 UTC (rev 288025)
@@ -0,0 +1,24 @@
+From 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 Mon Sep 17 00:00:00 2001
+From: Martin Matuska <martin at matuska.org>
+Date: Thu, 19 Jan 2017 22:00:18 +0100
+Subject: [PATCH] Fail with negative lha->compsize in lha_read_file_header_1()
+ Fixes a heap buffer overflow reported in Secunia SA74169
+
+---
+ libarchive/archive_read_support_format_lha.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
+index 52a5531..d77a7c2 100644
+--- a/libarchive/archive_read_support_format_lha.c
++++ b/libarchive/archive_read_support_format_lha.c
+@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
+ 	/* Get a real compressed file size. */
+ 	lha->compsize -= extdsize - 2;
+ 
++	if (lha->compsize < 0)
++		goto invalid;	/* Invalid compressed file size */
++
+ 	if (sum_calculated != headersum) {
+ 		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+ 		    "LHa header sum error");

Deleted: testing-x86_64/PKGBUILD
===================================================================
--- testing-x86_64/PKGBUILD	2017-02-04 17:43:31 UTC (rev 288024)
+++ testing-x86_64/PKGBUILD	2017-02-04 17:43:38 UTC (rev 288025)
@@ -1,49 +0,0 @@
-# $Id$
-# Maintainer: Dan McGee <dan at archlinux.org>
-
-pkgname=libarchive
-pkgver=3.2.2
-pkgrel=3
-pkgdesc="library that can create and read several streaming archive formats"
-arch=('i686' 'x86_64')
-url="http://libarchive.org/"
-license=('BSD')
-depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib')
-options=('strip' 'debug' 'libtool')
-provides=('libarchive.so')
-source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
-        '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch')
-sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4'
-            '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5')
-
-prepare() {
-  cd "$pkgname-$pkgver"
-
-  # Issue #822: Try harder to detect directories in zip archives
-  patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
-}
-
-build() {
-  cd "$pkgname-$pkgver"
-
-  autoreconf -fi
-  ./configure \
-      --prefix=/usr \
-      --without-xml2 \
-      --without-nettle
-
-  make
-}
-
-check() {
-  cd "$pkgname-$pkgver"
-
-  make check
-}
-
-package() {
-  cd "$pkgname-$pkgver"
-
-  make DESTDIR="$pkgdir" install
-  install -D -m644 COPYING "$pkgdir"/usr/share/licenses/libarchive/COPYING
-}

Copied: libarchive/repos/testing-x86_64/PKGBUILD (from rev 288024, libarchive/trunk/PKGBUILD)
===================================================================
--- testing-x86_64/PKGBUILD	                        (rev 0)
+++ testing-x86_64/PKGBUILD	2017-02-04 17:43:38 UTC (rev 288025)
@@ -0,0 +1,55 @@
+# $Id$
+# Maintainer: Dan McGee <dan at archlinux.org>
+
+pkgname=libarchive
+pkgver=3.2.2
+pkgrel=4
+pkgdesc="library that can create and read several streaming archive formats"
+arch=('i686' 'x86_64')
+url="http://libarchive.org/"
+license=('BSD')
+depends=('acl' 'attr' 'bzip2' 'expat' 'lz4' 'lzo' 'openssl' 'xz' 'zlib')
+options=('strip' 'debug' 'libtool')
+provides=('libarchive.so')
+source=("$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz"
+        '0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch'
+        '0002-fixes-a-heap-buffer-overflow.patch')
+sha256sums=('edfc2ee7d42dd03228d0fa3bb9cbaade454557b326b2608b2e32c27aae62bdd4'
+            '79bd6b3889131ab36501af2c9460ccb940ba95d568a72578163fb5d212a7a7e5'
+            'e6177bd052090a2111d62c7c68157df71cebf4ad359aad02ce89d5585c9e64a4')
+
+prepare() {
+  cd "$pkgname-$pkgver"
+
+  # Issue #822: Try harder to detect directories in zip archives
+  patch -Np1 < "$srcdir"/0001-issue-822-try-harder-to-detect-directories-in-zip-archives.patch
+
+  # Fail with negative lha->compsize in lha_read_file_header_1()
+  # Fixes a heap buffer overflow reported in Secunia SA74169
+  patch -Np1 < "$srcdir"/0002-fixes-a-heap-buffer-overflow.patch
+}
+
+build() {
+  cd "$pkgname-$pkgver"
+
+  autoreconf -fi
+  ./configure \
+      --prefix=/usr \
+      --without-xml2 \
+      --without-nettle
+
+  make
+}
+
+check() {
+  cd "$pkgname-$pkgver"
+
+  make check
+}
+
+package() {
+  cd "$pkgname-$pkgver"
+
+  make DESTDIR="$pkgdir" install
+  install -D -m644 COPYING "$pkgdir"/usr/share/licenses/libarchive/COPYING
+}



More information about the arch-commits mailing list