From 1fe7aef6facf013a94eac853717f4da4d5d3c5b3 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Tue, 6 Dec 2022 09:09:23 +0000
Subject: gentoo auto-resync : 06:12:2022 - 09:09:23

---
 app-arch/libarchive/Manifest                       |   3 +-
 .../files/libarchive-3.6.1-CVE-2022-36227.patch    |  35 ++++++
 app-arch/libarchive/libarchive-3.6.1-r1.ebuild     | 132 +++++++++++++++++++++
 app-arch/libarchive/libarchive-3.6.1.ebuild        | 130 --------------------
 4 files changed, 169 insertions(+), 131 deletions(-)
 create mode 100644 app-arch/libarchive/files/libarchive-3.6.1-CVE-2022-36227.patch
 create mode 100644 app-arch/libarchive/libarchive-3.6.1-r1.ebuild
 delete mode 100644 app-arch/libarchive/libarchive-3.6.1.ebuild

(limited to 'app-arch/libarchive')

diff --git a/app-arch/libarchive/Manifest b/app-arch/libarchive/Manifest
index 886fedb0137e..45ade1b66c48 100644
--- a/app-arch/libarchive/Manifest
+++ b/app-arch/libarchive/Manifest
@@ -1,5 +1,6 @@
+AUX libarchive-3.6.1-CVE-2022-36227.patch 1124 BLAKE2B 2c92c81409acded94372e93f020098b6c0c6256e0d4c414a971870303d46f0b0dc98b3282b69af066c2089ac3b81a8adb2bc978fa8819767cd4ab99dc613ea74 SHA512 76e34e646dd0550ad04ebd789134c8e7ac02c95222c55f02afe5a8e74552209fd59c02873ac1230086f92ec7a67ddca23be607e0c60d944b215bdf49018a2761
 AUX libarchive-3.6.1-glibc-2.36.patch 1145 BLAKE2B 41d1d8cd22baf02810e9b405562a1d6ae696cea58352d35c5dc09f5691d6b9e0ad422477049cb3c7c18048fb92e83020100595a848ee0b56ee8fb5a26e96c822 SHA512 fd6060c67ae2ed509fb96218bb828c75065c8d8571bfce4e1c4ccd349eb58c6e38ccc3cee5ba7a8560f967d302113b2b8b7787e1bcc6d966c98162596c140c4c
 DIST libarchive-3.6.1.tar.xz 5241148 BLAKE2B e7b79e97545dabeac164069e87adbd2081d3bd75c22f80b3797c6e487a477b3f6347b6fc14c76668eb69f2f2e5dcdd5a33a694e0a292ce426b8d0d93435218cf SHA512 2e5a72edc468080c0e8f29e07d9c33826ffb246fa040ec42399bedeecf698b7555f69ffd15057ad79c0f50cd4926d43174599d99632b1b99ec6cd159c43a70b8
 DIST libarchive-3.6.1.tar.xz.asc 833 BLAKE2B 8a1ca13491f3b29b322ab281a80eaef9ca2cca680e18a0ed5ff626e8808b6c9a5eb4cdd6eaf00fb771f361d84d7785c103a9a0665d812f1f27ac66f5d1a2e1da SHA512 0411a9bdc9bb058b289b5cc102a220216420bf01ea213e771a16246ed48e670f3426e8555bac27262b686b40b7b2239907c4eef2bf43d812d73a69ccb2a5b00c
-EBUILD libarchive-3.6.1.ebuild 3511 BLAKE2B d4e9c007a0022d56f5585fd31a7f797656de0f94fb368f1f3cb504bbe2dd044b45bfb9aa0c4eabfb6f81a36ce78ebf7de5054adc5a01d96aaddc82473c5b60a6 SHA512 1918a04a77d52157a1feaa7de655c30a5117175a982cdb2d42ee5ec8087470250c5d31aa3a7534163bdca8b9dc2fb8fc7784c3b22185817cfbc1d791e4691b29
+EBUILD libarchive-3.6.1-r1.ebuild 3606 BLAKE2B 28095f55ca8667fd02376ed812b8506c83543dc4095f5f03b5a0cf43ee58753306186a3146043a396da1c619329da9f97b35754d3df5a4c1938bff2b166ebe62 SHA512 1c7751ccf6d7c68777f76c305ce0e3917ca0a597ea9c7a718bb52dc2ba19e1ea8172efb528e24f8d073925f4e54148f23f7a42595c3fcd18bbee064544c08cd8
 MISC metadata.xml 1224 BLAKE2B 538433528de5543ad8e912ce0d072340be3f6eeefe16320ef48b3c30a35ebdff4a32055edf89f36e4479ab1468c620871fcb5ba91bd66e81798093b4d0345949 SHA512 9f53d623a02334f675c06edea2829ce52e78d85e3894e684ae920a678eb47046393b7a93808c7e1761d30a69faa5986cd4922ae7ef8f1e2ef221de39869bd12b
diff --git a/app-arch/libarchive/files/libarchive-3.6.1-CVE-2022-36227.patch b/app-arch/libarchive/files/libarchive-3.6.1-CVE-2022-36227.patch
new file mode 100644
index 000000000000..da71a196b875
--- /dev/null
+++ b/app-arch/libarchive/files/libarchive-3.6.1-CVE-2022-36227.patch
@@ -0,0 +1,35 @@
+From bff38efe8c110469c5080d387bec62a6ca15b1a5 Mon Sep 17 00:00:00 2001
+From: obiwac <obiwac@gmail.com>
+Date: Fri, 22 Jul 2022 22:41:10 +0200
+Subject: [PATCH] libarchive: Handle a `calloc` returning NULL (fixes #1754)
+
+---
+ libarchive/archive_write.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/libarchive/archive_write.c b/libarchive/archive_write.c
+index 66592e826..27626b541 100644
+--- a/libarchive/archive_write.c
++++ b/libarchive/archive_write.c
+@@ -201,6 +201,10 @@ __archive_write_allocate_filter(struct archive *_a)
+ 	struct archive_write_filter *f;
+ 
+ 	f = calloc(1, sizeof(*f));
++
++	if (f == NULL)
++		return (NULL);
++
+ 	f->archive = _a;
+ 	f->state = ARCHIVE_WRITE_FILTER_STATE_NEW;
+ 	if (a->filter_first == NULL)
+@@ -548,6 +552,10 @@ archive_write_open2(struct archive *_a, void *client_data,
+ 	a->client_data = client_data;
+ 
+ 	client_filter = __archive_write_allocate_filter(_a);
++
++	if (client_filter == NULL)
++		return (ARCHIVE_FATAL);
++
+ 	client_filter->open = archive_write_client_open;
+ 	client_filter->write = archive_write_client_write;
+ 	client_filter->close = archive_write_client_close;
diff --git a/app-arch/libarchive/libarchive-3.6.1-r1.ebuild b/app-arch/libarchive/libarchive-3.6.1-r1.ebuild
new file mode 100644
index 000000000000..886252808767
--- /dev/null
+++ b/app-arch/libarchive/libarchive-3.6.1-r1.ebuild
@@ -0,0 +1,132 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+inherit multilib-minimal toolchain-funcs verify-sig
+
+DESCRIPTION="Multi-format archive and compression library"
+HOMEPAGE="https://www.libarchive.org/"
+SRC_URI="
+	https://www.libarchive.de/downloads/${P}.tar.xz
+	verify-sig? ( https://www.libarchive.de/downloads/${P}.tar.xz.asc )
+"
+
+LICENSE="BSD BSD-2 BSD-4 public-domain"
+SLOT="0/13"
+KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
+IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
+VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
+
+RDEPEND="
+	sys-libs/zlib[${MULTILIB_USEDEP}]
+	acl? ( virtual/acl[${MULTILIB_USEDEP}] )
+	blake2? ( app-crypt/libb2[${MULTILIB_USEDEP}] )
+	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
+	expat? ( dev-libs/expat[${MULTILIB_USEDEP}] )
+	!expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] )
+	iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] )
+	kernel_linux? (
+		xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] )
+	)
+	dev-libs/openssl:0=[${MULTILIB_USEDEP}]
+	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
+	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
+	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
+	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
+	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
+"
+DEPEND="${RDEPEND}
+	kernel_linux? (
+		virtual/os-headers
+		e2fsprogs? ( sys-fs/e2fsprogs[${MULTILIB_USEDEP}] )
+	)
+"
+BDEPEND="
+	verify-sig? ( sec-keys/openpgp-keys-libarchive )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-glibc-2.36.patch
+	# https://github.com/libarchive/libarchive/pull/1759
+	"${FILESDIR}"/${P}-CVE-2022-36227.patch
+)
+
+multilib_src_configure() {
+	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
+
+	local myconf=(
+		$(use_enable acl)
+		$(use_enable static-libs static)
+		$(use_enable xattr)
+		$(use_with blake2 libb2)
+		$(use_with bzip2 bz2lib)
+		$(use_with expat)
+		$(use_with !expat xml2)
+		$(use_with iconv)
+		$(use_with lz4)
+		$(use_with lzma)
+		$(use_with lzo lzo2)
+		$(use_with nettle)
+		--with-zlib
+		$(use_with zstd)
+
+		# Windows-specific
+		--without-cng
+	)
+	if multilib_is_native_abi ; then
+		myconf+=(
+			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
+			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
+		)
+	else
+		myconf+=(
+			--disable-bsdcat
+			--disable-bsdcpio
+			--disable-bsdtar
+		)
+	fi
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_compile() {
+	if multilib_is_native_abi ; then
+		emake
+	else
+		emake libarchive.la
+	fi
+}
+
+src_test() {
+	mkdir -p "${T}"/bin || die
+	# tests fail when lbzip2[symlink] is used in place of ref bunzip2
+	ln -s "${BROOT}/bin/bunzip2" "${T}"/bin || die
+	local -x PATH=${T}/bin:${PATH}
+	multilib-minimal_src_test
+}
+
+multilib_src_test() {
+	# sandbox is breaking long symlink behavior
+	local -x SANDBOX_ON=0
+	local -x LD_PRELOAD=
+	# some locales trigger different output that breaks tests
+	local -x LC_ALL=C
+	emake check
+}
+
+multilib_src_install() {
+	if multilib_is_native_abi ; then
+		emake DESTDIR="${D}" install
+	else
+		local install_targets=(
+			install-includeHEADERS
+			install-libLTLIBRARIES
+			install-pkgconfigDATA
+		)
+		emake DESTDIR="${D}" "${install_targets[@]}"
+	fi
+
+	# Libs.private: should be used from libarchive.pc instead
+	find "${ED}" -type f -name "*.la" -delete || die
+}
diff --git a/app-arch/libarchive/libarchive-3.6.1.ebuild b/app-arch/libarchive/libarchive-3.6.1.ebuild
deleted file mode 100644
index 2c65539abe4b..000000000000
--- a/app-arch/libarchive/libarchive-3.6.1.ebuild
+++ /dev/null
@@ -1,130 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-inherit multilib-minimal toolchain-funcs verify-sig
-
-DESCRIPTION="Multi-format archive and compression library"
-HOMEPAGE="https://www.libarchive.org/"
-SRC_URI="
-	https://www.libarchive.de/downloads/${P}.tar.xz
-	verify-sig? ( https://www.libarchive.de/downloads/${P}.tar.xz.asc )
-"
-
-LICENSE="BSD BSD-2 BSD-4 public-domain"
-SLOT="0/13"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86 ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris"
-IUSE="acl blake2 +bzip2 +e2fsprogs expat +iconv lz4 +lzma lzo nettle static-libs xattr zstd"
-VERIFY_SIG_OPENPGP_KEY_PATH=${BROOT}/usr/share/openpgp-keys/libarchive.org.asc
-
-RDEPEND="
-	sys-libs/zlib[${MULTILIB_USEDEP}]
-	acl? ( virtual/acl[${MULTILIB_USEDEP}] )
-	blake2? ( app-crypt/libb2[${MULTILIB_USEDEP}] )
-	bzip2? ( app-arch/bzip2[${MULTILIB_USEDEP}] )
-	expat? ( dev-libs/expat[${MULTILIB_USEDEP}] )
-	!expat? ( dev-libs/libxml2[${MULTILIB_USEDEP}] )
-	iconv? ( virtual/libiconv[${MULTILIB_USEDEP}] )
-	kernel_linux? (
-		xattr? ( sys-apps/attr[${MULTILIB_USEDEP}] )
-	)
-	dev-libs/openssl:0=[${MULTILIB_USEDEP}]
-	lz4? ( >=app-arch/lz4-0_p131:0=[${MULTILIB_USEDEP}] )
-	lzma? ( >=app-arch/xz-utils-5.2.5-r1[${MULTILIB_USEDEP}] )
-	lzo? ( >=dev-libs/lzo-2[${MULTILIB_USEDEP}] )
-	nettle? ( dev-libs/nettle:0=[${MULTILIB_USEDEP}] )
-	zstd? ( app-arch/zstd[${MULTILIB_USEDEP}] )
-"
-DEPEND="${RDEPEND}
-	kernel_linux? (
-		virtual/os-headers
-		e2fsprogs? ( sys-fs/e2fsprogs[${MULTILIB_USEDEP}] )
-	)
-"
-BDEPEND="
-	verify-sig? ( sec-keys/openpgp-keys-libarchive )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-glibc-2.36.patch
-)
-
-multilib_src_configure() {
-	export ac_cv_header_ext2fs_ext2_fs_h=$(usex e2fsprogs) #354923
-
-	local myconf=(
-		$(use_enable acl)
-		$(use_enable static-libs static)
-		$(use_enable xattr)
-		$(use_with blake2 libb2)
-		$(use_with bzip2 bz2lib)
-		$(use_with expat)
-		$(use_with !expat xml2)
-		$(use_with iconv)
-		$(use_with lz4)
-		$(use_with lzma)
-		$(use_with lzo lzo2)
-		$(use_with nettle)
-		--with-zlib
-		$(use_with zstd)
-
-		# Windows-specific
-		--without-cng
-	)
-	if multilib_is_native_abi ; then
-		myconf+=(
-			--enable-bsdcat="$(tc-is-static-only && echo static || echo shared)"
-			--enable-bsdcpio="$(tc-is-static-only && echo static || echo shared)"
-			--enable-bsdtar="$(tc-is-static-only && echo static || echo shared)"
-		)
-	else
-		myconf+=(
-			--disable-bsdcat
-			--disable-bsdcpio
-			--disable-bsdtar
-		)
-	fi
-
-	ECONF_SOURCE="${S}" econf "${myconf[@]}"
-}
-
-multilib_src_compile() {
-	if multilib_is_native_abi ; then
-		emake
-	else
-		emake libarchive.la
-	fi
-}
-
-src_test() {
-	mkdir -p "${T}"/bin || die
-	# tests fail when lbzip2[symlink] is used in place of ref bunzip2
-	ln -s "${BROOT}/bin/bunzip2" "${T}"/bin || die
-	local -x PATH=${T}/bin:${PATH}
-	multilib-minimal_src_test
-}
-
-multilib_src_test() {
-	# sandbox is breaking long symlink behavior
-	local -x SANDBOX_ON=0
-	local -x LD_PRELOAD=
-	# some locales trigger different output that breaks tests
-	local -x LC_ALL=C
-	emake check
-}
-
-multilib_src_install() {
-	if multilib_is_native_abi ; then
-		emake DESTDIR="${D}" install
-	else
-		local install_targets=(
-			install-includeHEADERS
-			install-libLTLIBRARIES
-			install-pkgconfigDATA
-		)
-		emake DESTDIR="${D}" "${install_targets[@]}"
-	fi
-
-	# Libs.private: should be used from libarchive.pc instead
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-- 
cgit v1.2.3