diff -Nru libarchive-3.2.1/debian/changelog libarchive-3.2.1/debian/changelog --- libarchive-3.2.1/debian/changelog 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/changelog 2016-10-16 13:41:59.000000000 +0000 @@ -1,3 +1,33 @@ +libarchive (3.2.1-5) unstable; urgency=medium + + * Cherry-pick upstream commits 7f17c791, eec077f5, e37b620f + - Fixes for upstream issues 747, 761, 767 also known as + CVE-2016-8689, CVE-2016-8688, CVE-2016-8687 + (Closes: #840934, #840935, #840936) + + -- Andreas Henriksson Sun, 16 Oct 2016 15:41:59 +0200 + +libarchive (3.2.1-4) unstable; urgency=medium + + * Bump debhelper compat to 10 + * Install manpages via debian/*.install + * libarchive-dev: ship examples/ directory (Closes: #659650) + * Use the "fail-missing" dh_install option + * Cherry-pick upstream commits for CVE-2016-5418 (Closes: #837714) + + -- Andreas Henriksson Thu, 06 Oct 2016 23:01:41 +0200 + +libarchive (3.2.1-3) unstable; urgency=medium + + [ Michael Biebl ] + * (Re)add debian/libarchive13.symbols (Closes: #838775) + + [ Andreas Henriksson ] + * Mark leaked private symbols as optional for now until fixed upstream + * Fail to build when symbols file is outdated + + -- Andreas Henriksson Thu, 06 Oct 2016 18:18:41 +0200 + libarchive (3.2.1-2) unstable; urgency=medium * The "welcome Peter to the team" upload diff -Nru libarchive-3.2.1/debian/compat libarchive-3.2.1/debian/compat --- libarchive-3.2.1/debian/compat 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/compat 2016-10-16 13:41:59.000000000 +0000 @@ -1 +1 @@ -9 +10 diff -Nru libarchive-3.2.1/debian/control libarchive-3.2.1/debian/control --- libarchive-3.2.1/debian/control 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/control 2016-10-16 13:41:59.000000000 +0000 @@ -3,7 +3,7 @@ Maintainer: Debian Libarchive Maintainers Uploaders: Andreas Henriksson , Peter Pentchev -Build-Depends: debhelper (>= 9), +Build-Depends: debhelper (>= 10), pkg-config, libbz2-dev, liblz4-dev, @@ -16,8 +16,7 @@ sharutils, nettle-dev, liblzo2-dev, - locales | locales-all, - dh-autoreconf + locales | locales-all Standards-Version: 3.9.8 Section: libs Homepage: http://www.libarchive.org/ diff -Nru libarchive-3.2.1/debian/libarchive13.symbols libarchive-3.2.1/debian/libarchive13.symbols --- libarchive-3.2.1/debian/libarchive13.symbols 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/libarchive13.symbols 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,463 @@ +libarchive.so.13 libarchive13 #MINVER# +* Build-Depends-Package: libarchive-dev +# these optional symbols should be removed once libarchive stops leaking private symbols, see https://github.com/libarchive/libarchive/pull/738 + (regex|optional)__archive_.*@Base 3.0 + (regex|optional)__libarchive_.*@Base 3.0 + (regex|optional)_archive_.*@Base 3.0 + archive_acl_add_entry@Base 3.0.4 + archive_acl_add_entry_w_len@Base 3.0.4 + archive_acl_clear@Base 3.0.4 + archive_acl_copy@Base 3.0.4 + archive_acl_count@Base 3.0.4 + archive_acl_next@Base 3.0.4 + archive_acl_parse_l@Base 3.0.4 + archive_acl_parse_w@Base 3.0.4 + archive_acl_reset@Base 3.0.4 + archive_acl_text_l@Base 3.0.4 + archive_acl_text_w@Base 3.0.4 + archive_bzlib_version@Base 3.2.1 + archive_clear_error@Base 3.0.4 + archive_compression@Base 3.0.4 + archive_compression_name@Base 3.0.4 + archive_copy_error@Base 3.0.4 + archive_entry_acl@Base 3.0.4 + archive_entry_acl_add_entry@Base 3.0.4 + archive_entry_acl_add_entry_w@Base 3.0.4 + archive_entry_acl_clear@Base 3.0.4 + archive_entry_acl_count@Base 3.0.4 + archive_entry_acl_next@Base 3.0.4 + archive_entry_acl_reset@Base 3.0.4 + archive_entry_acl_text@Base 3.0.4 + archive_entry_acl_text_w@Base 3.0.4 + archive_entry_atime@Base 3.0.4 + archive_entry_atime_is_set@Base 3.0.4 + archive_entry_atime_nsec@Base 3.0.4 + archive_entry_birthtime@Base 3.0.4 + archive_entry_birthtime_is_set@Base 3.0.4 + archive_entry_birthtime_nsec@Base 3.0.4 + archive_entry_clear@Base 3.0.4 + archive_entry_clone@Base 3.0.4 + archive_entry_copy_fflags_text@Base 3.0.4 + archive_entry_copy_fflags_text_w@Base 3.0.4 + archive_entry_copy_gname@Base 3.0.4 + archive_entry_copy_gname_w@Base 3.0.4 + archive_entry_copy_hardlink@Base 3.0.4 + archive_entry_copy_hardlink_w@Base 3.0.4 + archive_entry_copy_link@Base 3.0.4 + archive_entry_copy_link_w@Base 3.0.4 + archive_entry_copy_mac_metadata@Base 3.0.4 + archive_entry_copy_pathname@Base 3.0.4 + archive_entry_copy_pathname_w@Base 3.0.4 + archive_entry_copy_sourcepath@Base 3.0.4 + archive_entry_copy_sourcepath_w@Base 3.0.4 + archive_entry_copy_stat@Base 3.0.4 + archive_entry_copy_symlink@Base 3.0.4 + archive_entry_copy_symlink_w@Base 3.0.4 + archive_entry_copy_uname@Base 3.0.4 + archive_entry_copy_uname_w@Base 3.0.4 + archive_entry_ctime@Base 3.0.4 + archive_entry_ctime_is_set@Base 3.0.4 + archive_entry_ctime_nsec@Base 3.0.4 + archive_entry_dev@Base 3.0.4 + archive_entry_dev_is_set@Base 3.0.4 + archive_entry_devmajor@Base 3.0.4 + archive_entry_devminor@Base 3.0.4 + archive_entry_fflags@Base 3.0.4 + archive_entry_fflags_text@Base 3.0.4 + archive_entry_filetype@Base 3.0.4 + archive_entry_free@Base 3.0.4 + archive_entry_gid@Base 3.0.4 + archive_entry_gname@Base 3.0.4 + archive_entry_gname_utf8@Base 3.2.1 + archive_entry_gname_w@Base 3.0.4 + archive_entry_hardlink@Base 3.0.4 + archive_entry_hardlink_utf8@Base 3.2.1 + archive_entry_hardlink_w@Base 3.0.4 + archive_entry_ino64@Base 3.0.4 + archive_entry_ino@Base 3.0.4 + archive_entry_ino_is_set@Base 3.0.4 + archive_entry_is_data_encrypted@Base 3.2.1 + archive_entry_is_encrypted@Base 3.2.1 + archive_entry_is_metadata_encrypted@Base 3.2.1 + archive_entry_linkify@Base 3.0.4 + archive_entry_linkresolver_free@Base 3.0.4 + archive_entry_linkresolver_new@Base 3.0.4 + archive_entry_linkresolver_set_strategy@Base 3.0.4 + archive_entry_mac_metadata@Base 3.0.4 + archive_entry_mode@Base 3.0.4 + archive_entry_mtime@Base 3.0.4 + archive_entry_mtime_is_set@Base 3.0.4 + archive_entry_mtime_nsec@Base 3.0.4 + archive_entry_new2@Base 3.0.4 + archive_entry_new@Base 3.0.4 + archive_entry_nlink@Base 3.0.4 + archive_entry_partial_links@Base 3.0.4 + archive_entry_pathname@Base 3.0.4 + archive_entry_pathname_utf8@Base 3.2.1 + archive_entry_pathname_w@Base 3.0.4 + archive_entry_perm@Base 3.0.4 + archive_entry_rdev@Base 3.0.4 + archive_entry_rdevmajor@Base 3.0.4 + archive_entry_rdevminor@Base 3.0.4 + archive_entry_set_atime@Base 3.0.4 + archive_entry_set_birthtime@Base 3.0.4 + archive_entry_set_ctime@Base 3.0.4 + archive_entry_set_dev@Base 3.0.4 + archive_entry_set_devmajor@Base 3.0.4 + archive_entry_set_devminor@Base 3.0.4 + archive_entry_set_fflags@Base 3.0.4 + archive_entry_set_filetype@Base 3.0.4 + archive_entry_set_gid@Base 3.0.4 + archive_entry_set_gname@Base 3.0.4 + archive_entry_set_gname_utf8@Base 3.2.1 + archive_entry_set_hardlink@Base 3.0.4 + archive_entry_set_hardlink_utf8@Base 3.2.1 + archive_entry_set_ino64@Base 3.0.4 + archive_entry_set_ino@Base 3.0.4 + archive_entry_set_is_data_encrypted@Base 3.2.1 + archive_entry_set_is_metadata_encrypted@Base 3.2.1 + archive_entry_set_link@Base 3.0.4 + archive_entry_set_link_utf8@Base 3.2.1 + archive_entry_set_mode@Base 3.0.4 + archive_entry_set_mtime@Base 3.0.4 + archive_entry_set_nlink@Base 3.0.4 + archive_entry_set_pathname@Base 3.0.4 + archive_entry_set_pathname_utf8@Base 3.2.1 + archive_entry_set_perm@Base 3.0.4 + archive_entry_set_rdev@Base 3.0.4 + archive_entry_set_rdevmajor@Base 3.0.4 + archive_entry_set_rdevminor@Base 3.0.4 + archive_entry_set_size@Base 3.0.4 + archive_entry_set_symlink@Base 3.0.4 + archive_entry_set_symlink_utf8@Base 3.2.1 + archive_entry_set_uid@Base 3.0.4 + archive_entry_set_uname@Base 3.0.4 + archive_entry_set_uname_utf8@Base 3.2.1 + archive_entry_size@Base 3.0.4 + archive_entry_size_is_set@Base 3.0.4 + archive_entry_sourcepath@Base 3.0.4 + archive_entry_sourcepath_w@Base 3.0.4 + archive_entry_sparse_add_entry@Base 3.0.4 + archive_entry_sparse_clear@Base 3.0.4 + archive_entry_sparse_count@Base 3.0.4 + archive_entry_sparse_next@Base 3.0.4 + archive_entry_sparse_reset@Base 3.0.4 + archive_entry_stat@Base 3.0.4 + archive_entry_strmode@Base 3.0.4 + archive_entry_symlink@Base 3.0.4 + archive_entry_symlink_utf8@Base 3.2.1 + archive_entry_symlink_w@Base 3.0.4 + archive_entry_uid@Base 3.0.4 + archive_entry_uname@Base 3.0.4 + archive_entry_uname_utf8@Base 3.2.1 + archive_entry_uname_w@Base 3.0.4 + archive_entry_unset_atime@Base 3.0.4 + archive_entry_unset_birthtime@Base 3.0.4 + archive_entry_unset_ctime@Base 3.0.4 + archive_entry_unset_mtime@Base 3.0.4 + archive_entry_unset_size@Base 3.0.4 + archive_entry_update_gname_utf8@Base 3.0.4 + archive_entry_update_hardlink_utf8@Base 3.0.4 + archive_entry_update_link_utf8@Base 3.0.4 + archive_entry_update_pathname_utf8@Base 3.0.4 + archive_entry_update_symlink_utf8@Base 3.0.4 + archive_entry_update_uname_utf8@Base 3.0.4 + archive_entry_xattr_add_entry@Base 3.0.4 + archive_entry_xattr_clear@Base 3.0.4 + archive_entry_xattr_count@Base 3.0.4 + archive_entry_xattr_next@Base 3.0.4 + archive_entry_xattr_reset@Base 3.0.4 + archive_errno@Base 3.0.4 + archive_error_string@Base 3.0.4 + archive_file_count@Base 3.0.4 + archive_filter_bytes@Base 3.0.4 + archive_filter_code@Base 3.0.4 + archive_filter_count@Base 3.0.4 + archive_filter_name@Base 3.0.4 + archive_format@Base 3.0.4 + archive_format_name@Base 3.0.4 + archive_free@Base 3.2.1 + archive_liblz4_version@Base 3.2.1 + archive_liblzma_version@Base 3.2.1 + archive_match_exclude_entry@Base 3.0.4 + archive_match_exclude_pattern@Base 3.0.4 + archive_match_exclude_pattern_from_file@Base 3.0.4 + archive_match_exclude_pattern_from_file_w@Base 3.0.4 + archive_match_exclude_pattern_w@Base 3.0.4 + archive_match_excluded@Base 3.0.4 + archive_match_free@Base 3.0.4 + archive_match_include_date@Base 3.0.4 + archive_match_include_date_w@Base 3.0.4 + archive_match_include_file_time@Base 3.0.4 + archive_match_include_file_time_w@Base 3.0.4 + archive_match_include_gid@Base 3.0.4 + archive_match_include_gname@Base 3.0.4 + archive_match_include_gname_w@Base 3.0.4 + archive_match_include_pattern@Base 3.0.4 + archive_match_include_pattern_from_file@Base 3.0.4 + archive_match_include_pattern_from_file_w@Base 3.0.4 + archive_match_include_pattern_w@Base 3.0.4 + archive_match_include_time@Base 3.0.4 + archive_match_include_uid@Base 3.0.4 + archive_match_include_uname@Base 3.0.4 + archive_match_include_uname_w@Base 3.0.4 + archive_match_new@Base 3.0.4 + archive_match_owner_excluded@Base 3.0.4 + archive_match_path_excluded@Base 3.0.4 + archive_match_path_unmatched_inclusions@Base 3.0.4 + archive_match_path_unmatched_inclusions_next@Base 3.0.4 + archive_match_path_unmatched_inclusions_next_w@Base 3.0.4 + archive_match_time_excluded@Base 3.0.4 + archive_mstring_clean@Base 3.0.4 + archive_mstring_copy@Base 3.0.4 + archive_mstring_copy_mbs@Base 3.0.4 + archive_mstring_copy_mbs_len@Base 3.0.4 + archive_mstring_copy_mbs_len_l@Base 3.0.4 + archive_mstring_copy_utf8@Base 3.2.1 + archive_mstring_copy_wcs@Base 3.0.4 + archive_mstring_copy_wcs_len@Base 3.0.4 + archive_mstring_get_mbs@Base 3.0.4 + archive_mstring_get_mbs_l@Base 3.0.4 + archive_mstring_get_utf8@Base 3.0.4 + archive_mstring_get_wcs@Base 3.0.4 + archive_mstring_update_utf8@Base 3.0.4 + archive_position_compressed@Base 3.0.4 + archive_position_uncompressed@Base 3.0.4 + archive_random@Base 3.2.1 + archive_read_add_callback_data@Base 3.1.2 + archive_read_add_passphrase@Base 3.2.1 + archive_read_append_callback_data@Base 3.1.2 + archive_read_append_filter@Base 3.1.2 + archive_read_append_filter_program@Base 3.1.2 + archive_read_append_filter_program_signature@Base 3.1.2 + archive_read_close@Base 3.0.4 + archive_read_data@Base 3.0.4 + archive_read_data_block@Base 3.0.4 + archive_read_data_into_fd@Base 3.0.4 + archive_read_data_skip@Base 3.0.4 + archive_read_disk_can_descend@Base 3.0.4 + archive_read_disk_current_filesystem@Base 3.0.4 + archive_read_disk_current_filesystem_is_remote@Base 3.0.4 + archive_read_disk_current_filesystem_is_synthetic@Base 3.0.4 + archive_read_disk_descend@Base 3.0.4 + archive_read_disk_entry_from_file@Base 3.0.4 + archive_read_disk_gname@Base 3.0.4 + archive_read_disk_new@Base 3.0.4 + archive_read_disk_open@Base 3.0.4 + archive_read_disk_open_w@Base 3.0.4 + archive_read_disk_set_atime_restored@Base 3.0.4 + archive_read_disk_set_behavior@Base 3.0.4 + archive_read_disk_set_gname_lookup@Base 3.0.4 + archive_read_disk_set_matching@Base 3.0.4 + archive_read_disk_set_metadata_filter_callback@Base 3.0.4 + archive_read_disk_set_standard_lookup@Base 3.0.4 + archive_read_disk_set_symlink_hybrid@Base 3.0.4 + archive_read_disk_set_symlink_logical@Base 3.0.4 + archive_read_disk_set_symlink_physical@Base 3.0.4 + archive_read_disk_set_uname_lookup@Base 3.0.4 + archive_read_disk_uname@Base 3.0.4 + archive_read_extract2@Base 3.0.4 + archive_read_extract@Base 3.0.4 + archive_read_extract_set_progress_callback@Base 3.0.4 + archive_read_extract_set_skip_file@Base 3.0.4 + archive_read_finish@Base 3.0.4 + archive_read_format_capabilities@Base 3.2.1 + archive_read_free@Base 3.0.4 + archive_read_has_encrypted_entries@Base 3.2.1 + archive_read_header_position@Base 3.0.4 + archive_read_new@Base 3.0.4 + archive_read_next_header2@Base 3.0.4 + archive_read_next_header@Base 3.0.4 + archive_read_open1@Base 3.0.4 + archive_read_open2@Base 3.0.4 + archive_read_open@Base 3.0.4 + archive_read_open_FILE@Base 3.0.4 + archive_read_open_fd@Base 3.0.4 + archive_read_open_file@Base 3.0.4 + archive_read_open_filename@Base 3.0.4 + archive_read_open_filename_w@Base 3.0.4 + archive_read_open_filenames@Base 3.1.2 + archive_read_open_memory2@Base 3.0.4 + archive_read_open_memory@Base 3.0.4 + archive_read_prepend_callback_data@Base 3.1.2 + archive_read_set_callback_data2@Base 3.1.2 + archive_read_set_callback_data@Base 3.0.4 + archive_read_set_close_callback@Base 3.0.4 + archive_read_set_filter_option@Base 3.0.4 + archive_read_set_format@Base 3.1.2 + archive_read_set_format_option@Base 3.0.4 + archive_read_set_open_callback@Base 3.0.4 + archive_read_set_option@Base 3.0.4 + archive_read_set_options@Base 3.0.4 + archive_read_set_passphrase_callback@Base 3.2.1 + archive_read_set_read_callback@Base 3.0.4 + archive_read_set_seek_callback@Base 3.0.4 + archive_read_set_skip_callback@Base 3.0.4 + archive_read_set_switch_callback@Base 3.1.2 + archive_read_support_compression_all@Base 3.0.4 + archive_read_support_compression_bzip2@Base 3.0.4 + archive_read_support_compression_compress@Base 3.0.4 + archive_read_support_compression_gzip@Base 3.0.4 + archive_read_support_compression_lzip@Base 3.0.4 + archive_read_support_compression_lzma@Base 3.0.4 + archive_read_support_compression_none@Base 3.0.4 + archive_read_support_compression_program@Base 3.0.4 + archive_read_support_compression_program_signature@Base 3.0.4 + archive_read_support_compression_rpm@Base 3.0.4 + archive_read_support_compression_uu@Base 3.0.4 + archive_read_support_compression_xz@Base 3.0.4 + archive_read_support_filter_all@Base 3.0.4 + archive_read_support_filter_bzip2@Base 3.0.4 + archive_read_support_filter_compress@Base 3.0.4 + archive_read_support_filter_grzip@Base 3.1.2 + archive_read_support_filter_gzip@Base 3.0.4 + archive_read_support_filter_lrzip@Base 3.1.2 + archive_read_support_filter_lz4@Base 3.2.1 + archive_read_support_filter_lzip@Base 3.0.4 + archive_read_support_filter_lzma@Base 3.0.4 + archive_read_support_filter_lzop@Base 3.1.2 + archive_read_support_filter_none@Base 3.0.4 + archive_read_support_filter_program@Base 3.0.4 + archive_read_support_filter_program_signature@Base 3.0.4 + archive_read_support_filter_rpm@Base 3.0.4 + archive_read_support_filter_uu@Base 3.0.4 + archive_read_support_filter_xz@Base 3.0.4 + archive_read_support_format_7zip@Base 3.0.4 + archive_read_support_format_all@Base 3.0.4 + archive_read_support_format_ar@Base 3.0.4 + archive_read_support_format_by_code@Base 3.0.4 + archive_read_support_format_cab@Base 3.0.4 + archive_read_support_format_cpio@Base 3.0.4 + archive_read_support_format_empty@Base 3.0.4 + archive_read_support_format_gnutar@Base 3.0.4 + archive_read_support_format_iso9660@Base 3.0.4 + archive_read_support_format_lha@Base 3.0.4 + archive_read_support_format_mtree@Base 3.0.4 + archive_read_support_format_rar@Base 3.0.4 + archive_read_support_format_raw@Base 3.0.4 + archive_read_support_format_tar@Base 3.0.4 + archive_read_support_format_warc@Base 3.2.1 + archive_read_support_format_xar@Base 3.0.4 + archive_read_support_format_zip@Base 3.0.4 + archive_read_support_format_zip_seekable@Base 3.0.4 + archive_read_support_format_zip_streamable@Base 3.0.4 + archive_seek_data@Base 3.1.2 + archive_set_error@Base 3.0.4 + archive_strappend_char@Base 3.0.4 + archive_strcat@Base 3.0.4 + archive_string_append_from_wcs@Base 3.0.4 + archive_string_concat@Base 3.0.4 + archive_string_conversion_charset_name@Base 3.0.4 + archive_string_conversion_free@Base 3.0.4 + archive_string_conversion_from_charset@Base 3.0.4 + archive_string_conversion_set_opt@Base 3.0.4 + archive_string_conversion_to_charset@Base 3.0.4 + archive_string_default_conversion_for_read@Base 3.0.4 + archive_string_default_conversion_for_write@Base 3.0.4 + archive_string_ensure@Base 3.0.4 + archive_string_free@Base 3.0.4 + archive_string_sprintf@Base 3.0.4 + archive_string_vsprintf@Base 3.0.4 + archive_strncat@Base 3.0.4 + archive_strncat_l@Base 3.0.4 + archive_strncpy_l@Base 3.0.4 + archive_utility_string_sort@Base 3.2.1 + archive_version_details@Base 3.2.1 + archive_version_number@Base 3.0.4 + archive_version_string@Base 3.0.4 + archive_write_add_filter@Base 3.0.4 + archive_write_add_filter_b64encode@Base 3.1.2 + archive_write_add_filter_by_name@Base 3.1.2 + archive_write_add_filter_bzip2@Base 3.0.4 + archive_write_add_filter_compress@Base 3.0.4 + archive_write_add_filter_grzip@Base 3.1.2 + archive_write_add_filter_gzip@Base 3.0.4 + archive_write_add_filter_lrzip@Base 3.1.2 + archive_write_add_filter_lz4@Base 3.2.1 + archive_write_add_filter_lzip@Base 3.0.4 + archive_write_add_filter_lzma@Base 3.0.4 + archive_write_add_filter_lzop@Base 3.1.2 + archive_write_add_filter_none@Base 3.0.4 + archive_write_add_filter_program@Base 3.0.4 + archive_write_add_filter_uuencode@Base 3.1.2 + archive_write_add_filter_xz@Base 3.0.4 + archive_write_close@Base 3.0.4 + archive_write_data@Base 3.0.4 + archive_write_data_block@Base 3.0.4 + archive_write_disk_gid@Base 3.0.4 + archive_write_disk_new@Base 3.0.4 + archive_write_disk_set_acls@Base 3.1.2 + archive_write_disk_set_group_lookup@Base 3.0.4 + archive_write_disk_set_options@Base 3.0.4 + archive_write_disk_set_skip_file@Base 3.0.4 + archive_write_disk_set_standard_lookup@Base 3.0.4 + archive_write_disk_set_user_lookup@Base 3.0.4 + archive_write_disk_uid@Base 3.0.4 + archive_write_fail@Base 3.1.2 + archive_write_finish@Base 3.0.4 + archive_write_finish_entry@Base 3.0.4 + archive_write_free@Base 3.0.4 + archive_write_get_bytes_in_last_block@Base 3.0.4 + archive_write_get_bytes_per_block@Base 3.0.4 + archive_write_header@Base 3.0.4 + archive_write_new@Base 3.0.4 + archive_write_open@Base 3.0.4 + archive_write_open_FILE@Base 3.0.4 + archive_write_open_fd@Base 3.0.4 + archive_write_open_file@Base 3.0.4 + archive_write_open_filename@Base 3.0.4 + archive_write_open_filename_w@Base 3.0.4 + archive_write_open_memory@Base 3.0.4 + archive_write_set_bytes_in_last_block@Base 3.0.4 + archive_write_set_bytes_per_block@Base 3.0.4 + archive_write_set_compression_bzip2@Base 3.0.4 + archive_write_set_compression_compress@Base 3.0.4 + archive_write_set_compression_gzip@Base 3.0.4 + archive_write_set_compression_lzip@Base 3.0.4 + archive_write_set_compression_lzma@Base 3.0.4 + archive_write_set_compression_none@Base 3.0.4 + archive_write_set_compression_program@Base 3.0.4 + archive_write_set_compression_xz@Base 3.0.4 + archive_write_set_filter_option@Base 3.0.4 + archive_write_set_format@Base 3.0.4 + archive_write_set_format_7zip@Base 3.0.4 + archive_write_set_format_ar_bsd@Base 3.0.4 + archive_write_set_format_ar_svr4@Base 3.0.4 + archive_write_set_format_by_name@Base 3.0.4 + archive_write_set_format_cpio@Base 3.0.4 + archive_write_set_format_cpio_newc@Base 3.0.4 + archive_write_set_format_filter_by_ext@Base 3.2.1 + archive_write_set_format_filter_by_ext_def@Base 3.2.1 + archive_write_set_format_gnutar@Base 3.0.4 + archive_write_set_format_iso9660@Base 3.0.4 + archive_write_set_format_mtree@Base 3.0.4 + archive_write_set_format_mtree_classic@Base 3.1.2 + archive_write_set_format_option@Base 3.0.4 + archive_write_set_format_pax@Base 3.0.4 + archive_write_set_format_pax_restricted@Base 3.0.4 + archive_write_set_format_raw@Base 3.2.1 + archive_write_set_format_shar@Base 3.0.4 + archive_write_set_format_shar_dump@Base 3.0.4 + archive_write_set_format_ustar@Base 3.0.4 + archive_write_set_format_v7tar@Base 3.1.2 + archive_write_set_format_warc@Base 3.2.1 + archive_write_set_format_xar@Base 3.0.4 + archive_write_set_format_zip@Base 3.0.4 + archive_write_set_option@Base 3.0.4 + archive_write_set_options@Base 3.0.4 + archive_write_set_passphrase@Base 3.2.1 + archive_write_set_passphrase_callback@Base 3.2.1 + archive_write_set_skip_file@Base 3.0.4 + archive_write_zip_set_compression_deflate@Base 3.1.2 + archive_write_zip_set_compression_store@Base 3.1.2 + archive_wstrappend_wchar@Base 3.0.4 + archive_wstrcat@Base 3.0.4 + archive_wstring_append_from_mbs@Base 3.0.4 + archive_wstring_concat@Base 3.0.4 + archive_wstring_ensure@Base 3.0.4 + archive_wstring_free@Base 3.0.4 + archive_wstrncat@Base 3.0.4 + archive_zlib_version@Base 3.2.1 +# these optional symbols should be removed once libarchive stops leaking private symbols, see https://github.com/libarchive/libarchive/pull/738 + (optional)pack_find@Base 3.0 + (optional)pack_native@Base 3.0 diff -Nru libarchive-3.2.1/debian/libarchive-dev.docs libarchive-3.2.1/debian/libarchive-dev.docs --- libarchive-3.2.1/debian/libarchive-dev.docs 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/libarchive-dev.docs 2016-10-16 13:41:59.000000000 +0000 @@ -1,2 +1,3 @@ NEWS README +examples diff -Nru libarchive-3.2.1/debian/libarchive-dev.install libarchive-3.2.1/debian/libarchive-dev.install --- libarchive-3.2.1/debian/libarchive-dev.install 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/libarchive-dev.install 2016-10-16 13:41:59.000000000 +0000 @@ -2,3 +2,5 @@ usr/lib/*/lib*.a usr/lib/*/lib*.so usr/lib/*/pkgconfig/* +debian/tmp/usr/share/man/man3/* +debian/tmp/usr/share/man/man5/* diff -Nru libarchive-3.2.1/debian/libarchive-dev.manpages libarchive-3.2.1/debian/libarchive-dev.manpages --- libarchive-3.2.1/debian/libarchive-dev.manpages 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/libarchive-dev.manpages 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -debian/tmp/usr/share/man/man3/* -debian/tmp/usr/share/man/man5/* diff -Nru libarchive-3.2.1/debian/libarchive-tools.install libarchive-3.2.1/debian/libarchive-tools.install --- libarchive-3.2.1/debian/libarchive-tools.install 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/libarchive-tools.install 2016-10-16 13:41:59.000000000 +0000 @@ -1,3 +1,6 @@ usr/bin/bsdcat usr/bin/bsdcpio usr/bin/bsdtar +debian/tmp/usr/share/man/man1/bsdtar.1 +debian/tmp/usr/share/man/man1/bsdcat.1 +debian/tmp/usr/share/man/man1/bsdcpio.1 diff -Nru libarchive-3.2.1/debian/libarchive-tools.manpages libarchive-3.2.1/debian/libarchive-tools.manpages --- libarchive-3.2.1/debian/libarchive-tools.manpages 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/libarchive-tools.manpages 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -debian/tmp/usr/share/man/man1/bsdtar.1 -debian/tmp/usr/share/man/man1/bsdcat.1 -debian/tmp/usr/share/man/man1/bsdcpio.1 diff -Nru libarchive-3.2.1/debian/patches/Candidate.patch libarchive-3.2.1/debian/patches/Candidate.patch --- libarchive-3.2.1/debian/patches/Candidate.patch 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Candidate.patch 2016-10-16 13:41:59.000000000 +0000 @@ -1,11 +1,17 @@ -Description: Fix a typo in an internal structure field name. -Forwarded: https://github.com/libarchive/libarchive/pull/737 -Author: Peter Pentchev -Last-Update: 2016-07-05 +From: Debian Libarchive Maintainers +Date: Sun, 16 Oct 2016 15:37:48 +0200 +Subject: Candidate +--- + libarchive/archive_read_add_passphrase.c | 22 +++++++++++----------- + libarchive/archive_read_private.h | 2 +- + 2 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/libarchive/archive_read_add_passphrase.c b/libarchive/archive_read_add_passphrase.c +index f67f1eb..cf821b5 100644 --- a/libarchive/archive_read_add_passphrase.c +++ b/libarchive/archive_read_add_passphrase.c -@@ -125,7 +125,7 @@ +@@ -125,7 +125,7 @@ void __archive_read_reset_passphrase(struct archive_read *a) { @@ -14,7 +20,7 @@ } /* -@@ -137,31 +137,31 @@ +@@ -137,31 +137,31 @@ __archive_read_next_passphrase(struct archive_read *a) struct archive_read_passphrase *p; const char *passphrase; @@ -55,7 +61,7 @@ p = NULL; if (p != NULL) -@@ -177,7 +177,7 @@ +@@ -177,7 +177,7 @@ __archive_read_next_passphrase(struct archive_read *a) if (p == NULL) return (NULL); insert_passphrase_to_head(a, p); @@ -64,9 +70,11 @@ } } else passphrase = NULL; +diff --git a/libarchive/archive_read_private.h b/libarchive/archive_read_private.h +index 9b61a53..8eb5435 100644 --- a/libarchive/archive_read_private.h +++ b/libarchive/archive_read_private.h -@@ -221,7 +221,7 @@ +@@ -221,7 +221,7 @@ struct archive_read { struct { struct archive_read_passphrase *first; struct archive_read_passphrase **last; diff -Nru libarchive-3.2.1/debian/patches/Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch libarchive-3.2.1/debian/patches/Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch --- libarchive-3.2.1/debian/patches/Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,30 @@ +From: Tim Kientzle +Date: Tue, 9 Aug 2016 21:35:38 -0400 +Subject: Correct the usage of PATH_MAX as reported in Issue #744. + +--- + libarchive/archive_write_disk_posix.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c +index 50121a4..492528f 100644 +--- a/libarchive/archive_write_disk_posix.c ++++ b/libarchive/archive_write_disk_posix.c +@@ -1798,7 +1798,7 @@ edit_deep_directories(struct archive_write_disk *a) + char *tail = a->name; + + /* If path is short, avoid the open() below. */ +- if (strlen(tail) <= PATH_MAX) ++ if (strlen(tail) < PATH_MAX) + return; + + /* Try to record our starting dir. */ +@@ -1808,7 +1808,7 @@ edit_deep_directories(struct archive_write_disk *a) + return; + + /* As long as the path is too long... */ +- while (strlen(tail) > PATH_MAX) { ++ while (strlen(tail) >= PATH_MAX) { + /* Locate a dir prefix shorter than PATH_MAX. */ + tail += PATH_MAX - 8; + while (tail > a->name && *tail != '/') diff -Nru libarchive-3.2.1/debian/patches/CPPCheck.patch libarchive-3.2.1/debian/patches/CPPCheck.patch --- libarchive-3.2.1/debian/patches/CPPCheck.patch 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/patches/CPPCheck.patch 2016-10-16 13:41:59.000000000 +0000 @@ -1,11 +1,17 @@ -Description: Fix two minor complaints by cppcheck -Forwarded: https://github.com/libarchive/libarchive/pull/739 -Author: Peter Pentchev -Last-Update: 2016-07-17 +From: Debian Libarchive Maintainers +Date: Sun, 16 Oct 2016 15:37:49 +0200 +Subject: CPPCheck +--- + libarchive/archive_ppmd7_private.h | 2 +- + libarchive/test/test_fuzz.c | 10 +++++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/libarchive/archive_ppmd7_private.h b/libarchive/archive_ppmd7_private.h +index 3a6b9eb..06c99e8 100644 --- a/libarchive/archive_ppmd7_private.h +++ b/libarchive/archive_ppmd7_private.h -@@ -19,7 +19,7 @@ +@@ -19,7 +19,7 @@ If you need the compatibility with original PPMd var.H, you can use external Ran #define PPMD7_MAX_ORDER 64 #define PPMD7_MIN_MEM_SIZE (1 << 11) @@ -14,9 +20,11 @@ struct CPpmd7_Context_; +diff --git a/libarchive/test/test_fuzz.c b/libarchive/test/test_fuzz.c +index 76fda62..602b894 100644 --- a/libarchive/test/test_fuzz.c +++ b/libarchive/test/test_fuzz.c -@@ -110,13 +110,17 @@ +@@ -110,13 +110,17 @@ test_fuzz(const struct files *filesets) for (i = 0; filesets[n].names[i] != NULL; ++i) { tmp = slurpfile(&size, filesets[n].names[i]); diff -Nru libarchive-3.2.1/debian/patches/Do-not-use-SIGRTMAX.patch libarchive-3.2.1/debian/patches/Do-not-use-SIGRTMAX.patch --- libarchive-3.2.1/debian/patches/Do-not-use-SIGRTMAX.patch 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Do-not-use-SIGRTMAX.patch 2016-10-16 13:41:59.000000000 +0000 @@ -1,14 +1,16 @@ -Description: Do not use SIGRTMAX, allocate a static array. - SIGRTMAX doesn't exist on all systems, so compute the largest used - signal number. Don't bother with dynamically allocating the array, just - use a static array instead. Fix ctype use. -Origin: upstream; https://github.com/libarchive/libarchive/commit/4cdc276b602d70acd995414ea444cacbc33cb021 -Author: Joerg Sonnenberger -Last-Update: 2017-07-08 +From: Debian Libarchive Maintainers +Date: Sun, 16 Oct 2016 15:37:48 +0200 +Subject: Do-not-use-SIGRTMAX +--- + libarchive_fe/passphrase.c | 23 ++++++++++++++--------- + 1 file changed, 14 insertions(+), 9 deletions(-) + +diff --git a/libarchive_fe/passphrase.c b/libarchive_fe/passphrase.c +index 1eae0b8..06503af 100644 --- a/libarchive_fe/passphrase.c +++ b/libarchive_fe/passphrase.c -@@ -121,14 +121,15 @@ +@@ -121,14 +121,15 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) #else /* _WIN32 && !__CYGWIN__ */ @@ -26,7 +28,7 @@ #include #ifdef TCSASOFT -@@ -142,11 +143,18 @@ +@@ -142,11 +143,18 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) # define _POSIX_VDISABLE VDISABLE #endif @@ -46,7 +48,7 @@ signo[s] = 1; } -@@ -166,12 +174,8 @@ +@@ -166,12 +174,8 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) return(NULL); } @@ -60,7 +62,7 @@ signo[i] = 0; nr = -1; save_errno = 0; -@@ -198,6 +202,7 @@ +@@ -198,6 +202,7 @@ restart: sigemptyset(&sa.sa_mask); sa.sa_flags = 0; /* don't restart system calls */ sa.sa_handler = handler; @@ -68,7 +70,7 @@ (void)sigaction(SIGALRM, &sa, &savealrm); (void)sigaction(SIGHUP, &sa, &savehup); (void)sigaction(SIGINT, &sa, &saveint); -@@ -276,7 +281,7 @@ +@@ -276,7 +281,7 @@ restart: * If we were interrupted by a signal, resend it to ourselves * now that we have restored the signal handlers. */ diff -Nru libarchive-3.2.1/debian/patches/Fixes-for-Issue-745-and-Issue-746-from-Doran-Moppert.patch libarchive-3.2.1/debian/patches/Fixes-for-Issue-745-and-Issue-746-from-Doran-Moppert.patch --- libarchive-3.2.1/debian/patches/Fixes-for-Issue-745-and-Issue-746-from-Doran-Moppert.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Fixes-for-Issue-745-and-Issue-746-from-Doran-Moppert.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,434 @@ +From: Tim Kientzle +Date: Sun, 11 Sep 2016 13:21:57 -0700 +Subject: Fixes for Issue #745 and Issue #746 from Doran Moppert. + +--- + libarchive/archive_write_disk_posix.c | 294 ++++++++++++++++++++++++++-------- + 1 file changed, 227 insertions(+), 67 deletions(-) + +diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c +index fa1f94f..50121a4 100644 +--- a/libarchive/archive_write_disk_posix.c ++++ b/libarchive/archive_write_disk_posix.c +@@ -326,12 +326,14 @@ struct archive_write_disk { + + #define HFS_BLOCKS(s) ((s) >> 12) + ++static int check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); + static int check_symlinks(struct archive_write_disk *); + static int create_filesystem_object(struct archive_write_disk *); + static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname); + #if defined(HAVE_FCHDIR) && defined(PATH_MAX) + static void edit_deep_directories(struct archive_write_disk *ad); + #endif ++static int cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags); + static int cleanup_pathname(struct archive_write_disk *); + static int create_dir(struct archive_write_disk *, char *); + static int create_parent_dir(struct archive_write_disk *, char *); +@@ -2014,6 +2016,10 @@ create_filesystem_object(struct archive_write_disk *a) + const char *linkname; + mode_t final_mode, mode; + int r; ++ /* these for check_symlinks_fsobj */ ++ char *linkname_copy; /* non-const copy of linkname */ ++ struct archive_string error_string; ++ int error_number; + + /* We identify hard/symlinks according to the link names. */ + /* Since link(2) and symlink(2) don't handle modes, we're done here. */ +@@ -2022,6 +2028,27 @@ create_filesystem_object(struct archive_write_disk *a) + #if !HAVE_LINK + return (EPERM); + #else ++ archive_string_init(&error_string); ++ linkname_copy = strdup(linkname); ++ if (linkname_copy == NULL) { ++ return (EPERM); ++ } ++ /* TODO: consider using the cleaned-up path as the link target? */ ++ r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags); ++ if (r != ARCHIVE_OK) { ++ archive_set_error(&a->archive, error_number, "%s", error_string.s); ++ free(linkname_copy); ++ /* EPERM is more appropriate than error_number for our callers */ ++ return (EPERM); ++ } ++ r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags); ++ if (r != ARCHIVE_OK) { ++ archive_set_error(&a->archive, error_number, "%s", error_string.s); ++ free(linkname_copy); ++ /* EPERM is more appropriate than error_number for our callers */ ++ return (EPERM); ++ } ++ free(linkname_copy); + r = link(linkname, a->name) ? errno : 0; + /* + * New cpio and pax formats allow hardlink entries +@@ -2362,115 +2389,228 @@ current_fixup(struct archive_write_disk *a, const char *pathname) + * recent paths. + */ + /* TODO: Extend this to support symlinks on Windows Vista and later. */ ++ ++/* ++ * Checks the given path to see if any elements along it are symlinks. Returns ++ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg. ++ */ + static int +-check_symlinks(struct archive_write_disk *a) ++check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) + { + #if !defined(HAVE_LSTAT) + /* Platform doesn't have lstat, so we can't look for symlinks. */ + (void)a; /* UNUSED */ ++ (void)path; /* UNUSED */ ++ (void)error_number; /* UNUSED */ ++ (void)error_string; /* UNUSED */ ++ (void)flags; /* UNUSED */ + return (ARCHIVE_OK); + #else +- char *pn; ++ int res = ARCHIVE_OK; ++ char *tail; ++ char *head; ++ int last; + char c; + int r; + struct stat st; ++ int restore_pwd; ++ ++ /* Nothing to do here if name is empty */ ++ if(path[0] == '\0') ++ return (ARCHIVE_OK); + + /* + * Guard against symlink tricks. Reject any archive entry whose + * destination would be altered by a symlink. ++ * ++ * Walk the filename in chunks separated by '/'. For each segment: ++ * - if it doesn't exist, continue ++ * - if it's symlink, abort or remove it ++ * - if it's a directory and it's not the last chunk, cd into it ++ * As we go: ++ * head points to the current (relative) path ++ * tail points to the temporary \0 terminating the segment we're currently examining ++ * c holds what used to be in *tail ++ * last is 1 if this is the last tail + */ +- /* Whatever we checked last time doesn't need to be re-checked. */ +- pn = a->name; +- if (archive_strlen(&(a->path_safe)) > 0) { +- char *p = a->path_safe.s; +- while ((*pn != '\0') && (*p == *pn)) +- ++p, ++pn; +- } ++ restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC); ++ __archive_ensure_cloexec_flag(restore_pwd); ++ if (restore_pwd < 0) ++ return (ARCHIVE_FATAL); ++ head = path; ++ tail = path; ++ last = 0; ++ /* TODO: reintroduce a safe cache here? */ + /* Skip the root directory if the path is absolute. */ +- if(pn == a->name && pn[0] == '/') +- ++pn; +- c = pn[0]; +- /* Keep going until we've checked the entire name. */ +- while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) { ++ if(tail == path && tail[0] == '/') ++ ++tail; ++ /* Keep going until we've checked the entire name. ++ * head, tail, path all alias the same string, which is ++ * temporarily zeroed at tail, so be careful restoring the ++ * stashed (c=tail[0]) for error messages. ++ * Exiting the loop with break is okay; continue is not. ++ */ ++ while (!last) { ++ /* Skip the separator we just consumed, plus any adjacent ones */ ++ while (*tail == '/') ++ ++tail; + /* Skip the next path element. */ +- while (*pn != '\0' && *pn != '/') +- ++pn; +- c = pn[0]; +- pn[0] = '\0'; ++ while (*tail != '\0' && *tail != '/') ++ ++tail; ++ /* is this the last path component? */ ++ last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0'); ++ /* temporarily truncate the string here */ ++ c = tail[0]; ++ tail[0] = '\0'; + /* Check that we haven't hit a symlink. */ +- r = lstat(a->name, &st); ++ r = lstat(head, &st); + if (r != 0) { ++ tail[0] = c; + /* We've hit a dir that doesn't exist; stop now. */ + if (errno == ENOENT) { + break; + } else { +- /* Note: This effectively disables deep directory ++ /* Treat any other error as fatal - best to be paranoid here ++ * Note: This effectively disables deep directory + * support when security checks are enabled. + * Otherwise, very long pathnames that trigger + * an error here could evade the sandbox. + * TODO: We could do better, but it would probably + * require merging the symlink checks with the + * deep-directory editing. */ +- return (ARCHIVE_FAILED); ++ if (error_number) *error_number = errno; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Could not stat %s", ++ path); ++ res = ARCHIVE_FAILED; ++ break; ++ } ++ } else if (S_ISDIR(st.st_mode)) { ++ if (!last) { ++ if (chdir(head) != 0) { ++ tail[0] = c; ++ if (error_number) *error_number = errno; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Could not chdir %s", ++ path); ++ res = (ARCHIVE_FATAL); ++ break; ++ } ++ /* Our view is now from inside this dir: */ ++ head = tail + 1; + } + } else if (S_ISLNK(st.st_mode)) { +- if (c == '\0') { ++ if (last) { + /* + * Last element is symlink; remove it + * so we can overwrite it with the + * item being extracted. + */ +- if (unlink(a->name)) { +- archive_set_error(&a->archive, errno, +- "Could not remove symlink %s", +- a->name); +- pn[0] = c; +- return (ARCHIVE_FAILED); ++ if (unlink(head)) { ++ tail[0] = c; ++ if (error_number) *error_number = errno; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Could not remove symlink %s", ++ path); ++ res = ARCHIVE_FAILED; ++ break; + } +- a->pst = NULL; + /* + * Even if we did remove it, a warning + * is in order. The warning is silly, + * though, if we're just replacing one + * symlink with another symlink. + */ +- if (!S_ISLNK(a->mode)) { +- archive_set_error(&a->archive, 0, +- "Removing symlink %s", +- a->name); ++ tail[0] = c; ++ /* FIXME: not sure how important this is to restore ++ if (!S_ISLNK(path)) { ++ if (error_number) *error_number = 0; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Removing symlink %s", ++ path); + } ++ */ + /* Symlink gone. No more problem! */ +- pn[0] = c; +- return (0); +- } else if (a->flags & ARCHIVE_EXTRACT_UNLINK) { ++ res = ARCHIVE_OK; ++ break; ++ } else if (flags & ARCHIVE_EXTRACT_UNLINK) { + /* User asked us to remove problems. */ +- if (unlink(a->name) != 0) { +- archive_set_error(&a->archive, 0, +- "Cannot remove intervening symlink %s", +- a->name); +- pn[0] = c; +- return (ARCHIVE_FAILED); ++ if (unlink(head) != 0) { ++ tail[0] = c; ++ if (error_number) *error_number = 0; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Cannot remove intervening symlink %s", ++ path); ++ res = ARCHIVE_FAILED; ++ break; + } +- a->pst = NULL; ++ tail[0] = c; + } else { +- archive_set_error(&a->archive, 0, +- "Cannot extract through symlink %s", +- a->name); +- pn[0] = c; +- return (ARCHIVE_FAILED); ++ tail[0] = c; ++ if (error_number) *error_number = 0; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Cannot extract through symlink %s", ++ path); ++ res = ARCHIVE_FAILED; ++ break; + } + } +- pn[0] = c; +- if (pn[0] != '\0') +- pn++; /* Advance to the next segment. */ ++ /* be sure to always maintain this */ ++ tail[0] = c; ++ if (tail[0] != '\0') ++ tail++; /* Advance to the next segment. */ + } +- pn[0] = c; +- /* We've checked and/or cleaned the whole path, so remember it. */ +- archive_strcpy(&a->path_safe, a->name); +- return (ARCHIVE_OK); ++ /* Catches loop exits via break */ ++ tail[0] = c; ++#ifdef HAVE_FCHDIR ++ /* If we changed directory above, restore it here. */ ++ if (restore_pwd >= 0) { ++ r = fchdir(restore_pwd); ++ if (r != 0) { ++ if(error_number) *error_number = errno; ++ if(error_string) ++ archive_string_sprintf(error_string, ++ "chdir() failure"); ++ } ++ close(restore_pwd); ++ restore_pwd = -1; ++ if (r != 0) { ++ res = (ARCHIVE_FATAL); ++ } ++ } ++#endif ++ /* TODO: reintroduce a safe cache here? */ ++ return res; + #endif + } + ++/* ++ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise ++ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED} ++ */ ++static int ++check_symlinks(struct archive_write_disk *a) ++{ ++ struct archive_string error_string; ++ int error_number; ++ int rc; ++ archive_string_init(&error_string); ++ rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags); ++ if (rc != ARCHIVE_OK) { ++ archive_set_error(&a->archive, error_number, "%s", error_string.s); ++ } ++ archive_string_free(&error_string); ++ a->pst = NULL; /* to be safe */ ++ return rc; ++} ++ ++ + #if defined(__CYGWIN__) + /* + * 1. Convert a path separator from '\' to '/' . +@@ -2544,15 +2684,17 @@ cleanup_pathname_win(struct archive_write_disk *a) + * is set) if the path is absolute. + */ + static int +-cleanup_pathname(struct archive_write_disk *a) ++cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags) + { + char *dest, *src; + char separator = '\0'; + +- dest = src = a->name; ++ dest = src = path; + if (*src == '\0') { +- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, +- "Invalid empty pathname"); ++ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Invalid empty pathname"); + return (ARCHIVE_FAILED); + } + +@@ -2561,9 +2703,11 @@ cleanup_pathname(struct archive_write_disk *a) + #endif + /* Skip leading '/'. */ + if (*src == '/') { +- if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { +- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, +- "Path is absolute"); ++ if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) { ++ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Path is absolute"); + return (ARCHIVE_FAILED); + } + +@@ -2590,10 +2734,11 @@ cleanup_pathname(struct archive_write_disk *a) + } else if (src[1] == '.') { + if (src[2] == '/' || src[2] == '\0') { + /* Conditionally warn about '..' */ +- if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { +- archive_set_error(&a->archive, +- ARCHIVE_ERRNO_MISC, +- "Path contains '..'"); ++ if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) { ++ if (error_number) *error_number = ARCHIVE_ERRNO_MISC; ++ if (error_string) ++ archive_string_sprintf(error_string, ++ "Path contains '..'"); + return (ARCHIVE_FAILED); + } + } +@@ -2624,7 +2769,7 @@ cleanup_pathname(struct archive_write_disk *a) + * We've just copied zero or more path elements, not including the + * final '/'. + */ +- if (dest == a->name) { ++ if (dest == path) { + /* + * Nothing got copied. The path must have been something + * like '.' or '/' or './' or '/././././/./'. +@@ -2639,6 +2784,21 @@ cleanup_pathname(struct archive_write_disk *a) + return (ARCHIVE_OK); + } + ++static int ++cleanup_pathname(struct archive_write_disk *a) ++{ ++ struct archive_string error_string; ++ int error_number; ++ int rc; ++ archive_string_init(&error_string); ++ rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags); ++ if (rc != ARCHIVE_OK) { ++ archive_set_error(&a->archive, error_number, "%s", error_string.s); ++ } ++ archive_string_free(&error_string); ++ return rc; ++} ++ + /* + * Create the parent directory of the specified path, assuming path + * is already in mutable storage. diff -Nru libarchive-3.2.1/debian/patches/Fix-the-test-cases-for-Issue-745-and-Issue-746.patch libarchive-3.2.1/debian/patches/Fix-the-test-cases-for-Issue-745-and-Issue-746.patch --- libarchive-3.2.1/debian/patches/Fix-the-test-cases-for-Issue-745-and-Issue-746.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Fix-the-test-cases-for-Issue-745-and-Issue-746.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,80 @@ +From: Tim Kientzle +Date: Sun, 11 Sep 2016 13:19:05 -0700 +Subject: Fix the test cases for Issue #745 and Issue #746 + +Thanks to Doran Moppert for pointing out the inconsistencies here. +--- + libarchive/test/test_write_disk_secure745.c | 5 ++++- + libarchive/test/test_write_disk_secure746.c | 16 ++++++++++------ + 2 files changed, 14 insertions(+), 7 deletions(-) + +diff --git a/libarchive/test/test_write_disk_secure745.c b/libarchive/test/test_write_disk_secure745.c +index fa6939b..870b064 100644 +--- a/libarchive/test/test_write_disk_secure745.c ++++ b/libarchive/test/test_write_disk_secure745.c +@@ -58,7 +58,7 @@ DEFINE_TEST(test_write_disk_secure745) + /* Create a symlink pointing to the target directory */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "sym"); +- archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_set_mode(ae, AE_IFLNK | 0777); + archive_entry_copy_symlink(ae, "../target"); + assert(0 == archive_write_header(a, ae)); + archive_entry_free(ae); +@@ -72,5 +72,8 @@ DEFINE_TEST(test_write_disk_secure745) + + /* Permission of target dir should not have changed. */ + assertFileMode("../target", 0700); ++ ++ assert(0 == archive_write_close(a)); ++ archive_write_free(a); + #endif + } +diff --git a/libarchive/test/test_write_disk_secure746.c b/libarchive/test/test_write_disk_secure746.c +index 0daf1b0..460aafe 100644 +--- a/libarchive/test/test_write_disk_secure746.c ++++ b/libarchive/test/test_write_disk_secure746.c +@@ -63,11 +63,11 @@ DEFINE_TEST(test_write_disk_secure746a) + /* Attempt to hardlink to the target directory. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "bar"); +- archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_set_mode(ae, AE_IFREG | 0777); + archive_entry_set_size(ae, 8); + archive_entry_copy_hardlink(ae, "../target/foo"); + assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); +- assertEqualInt(ARCHIVE_FAILED, archive_write_data(a, "modified", 8)); ++ assertEqualInt(ARCHIVE_FATAL, archive_write_data(a, "modified", 8)); + archive_entry_free(ae); + + /* Verify that target file contents are unchanged. */ +@@ -105,21 +105,25 @@ DEFINE_TEST(test_write_disk_secure746b) + /* Create a symlink to the target directory. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "symlink"); ++ archive_entry_set_mode(ae, AE_IFLNK | 0777); + archive_entry_copy_symlink(ae, "../target"); +- assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); + archive_entry_free(ae); + + /* Attempt to hardlink to the target directory via the symlink. */ + assert((ae = archive_entry_new()) != NULL); + archive_entry_copy_pathname(ae, "bar"); +- archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_set_mode(ae, AE_IFREG | 0777); + archive_entry_set_size(ae, 8); + archive_entry_copy_hardlink(ae, "symlink/foo"); +- assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); +- assertEqualInt(ARCHIVE_FAILED, archive_write_data(a, "modified", 8)); ++ assertEqualIntA(a, ARCHIVE_FAILED, archive_write_header(a, ae)); ++ assertEqualIntA(a, ARCHIVE_FATAL, archive_write_data(a, "modified", 8)); + archive_entry_free(ae); + + /* Verify that target file contents are unchanged. */ + assertTextFileContents("unmodified", "../target/foo"); ++ ++ assertEqualIntA(a, ARCHIVE_FATAL, archive_write_close(a)); ++ archive_write_free(a); + #endif + } diff -Nru libarchive-3.2.1/debian/patches/Issue-744-part-of-Issue-743-Enforce-sandbox-with-very-lon.patch libarchive-3.2.1/debian/patches/Issue-744-part-of-Issue-743-Enforce-sandbox-with-very-lon.patch --- libarchive-3.2.1/debian/patches/Issue-744-part-of-Issue-743-Enforce-sandbox-with-very-lon.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Issue-744-part-of-Issue-743-Enforce-sandbox-with-very-lon.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,51 @@ +From: Tim Kientzle +Date: Sun, 21 Aug 2016 17:11:45 -0700 +Subject: Issue #744 (part of Issue #743): Enforce sandbox with very long + pathnames + +Because check_symlinks is handled separately from the deep-directory +support, very long pathnames cause problems. Previously, the code +ignored most failures to lstat() a path component. In particular, +this led to check_symlinks always passing for very long paths, which +in turn provides a way to evade the symlink checks in the sandboxing +code. + +We now fail on unrecognized lstat() failures, which plugs this +hole at the cost of disabling deep directory support when the +user requests sandboxing. + +TODO: This probably cannot be completely fixed without +entirely reimplementing the deep directory support to +integrate the symlink checks. I want to reimplement the +deep directory hanlding someday anyway; openat() and +related system calls now provide a much cleaner way to +handle deep directories than the chdir approach used by this +code. +--- + libarchive/archive_write_disk_posix.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/libarchive/archive_write_disk_posix.c b/libarchive/archive_write_disk_posix.c +index 6737cd7..fa1f94f 100644 +--- a/libarchive/archive_write_disk_posix.c ++++ b/libarchive/archive_write_disk_posix.c +@@ -2401,8 +2401,18 @@ check_symlinks(struct archive_write_disk *a) + r = lstat(a->name, &st); + if (r != 0) { + /* We've hit a dir that doesn't exist; stop now. */ +- if (errno == ENOENT) ++ if (errno == ENOENT) { + break; ++ } else { ++ /* Note: This effectively disables deep directory ++ * support when security checks are enabled. ++ * Otherwise, very long pathnames that trigger ++ * an error here could evade the sandbox. ++ * TODO: We could do better, but it would probably ++ * require merging the symlink checks with the ++ * deep-directory editing. */ ++ return (ARCHIVE_FAILED); ++ } + } else if (S_ISLNK(st.st_mode)) { + if (c == '\0') { + /* diff -Nru libarchive-3.2.1/debian/patches/Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch libarchive-3.2.1/debian/patches/Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch --- libarchive-3.2.1/debian/patches/Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,136 @@ +From: Tim Kientzle +Date: Sun, 18 Sep 2016 17:27:47 -0700 +Subject: Issue 747 (and others?): Avoid OOB read when parsing multiple long + lines + +The mtree bidder needs to look several lines ahead +in the input. It does this by extending the read-ahead +and parsing subsequent lines from the same growing buffer. +A bookkeeping error when extending the read-ahead would +sometimes lead it to significantly over-count the +size of the line being read. +--- + Makefile.am | 1 + + libarchive/archive_read_support_format_mtree.c | 11 +++++- + libarchive/test/CMakeLists.txt | 1 + + libarchive/test/test_read_format_mtree_crash747.c | 44 ++++++++++++++++++++++ + .../test_read_format_mtree_crash747.mtree.bz2.uu | 6 +++ + 5 files changed, 62 insertions(+), 1 deletion(-) + create mode 100644 libarchive/test/test_read_format_mtree_crash747.c + create mode 100644 libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu + +diff --git a/Makefile.am b/Makefile.am +index 78e7956..6256d47 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -449,6 +449,7 @@ libarchive_test_SOURCES= \ + libarchive/test/test_read_format_lha_bugfix_0.c \ + libarchive/test/test_read_format_lha_filename.c \ + libarchive/test/test_read_format_mtree.c \ ++ libarchive/test/test_read_format_mtree_crash747.c \ + libarchive/test/test_read_format_pax_bz2.c \ + libarchive/test/test_read_format_rar.c \ + libarchive/test/test_read_format_rar_encryption_data.c \ +diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c +index 8c3be9a..ae58e87 100644 +--- a/libarchive/archive_read_support_format_mtree.c ++++ b/libarchive/archive_read_support_format_mtree.c +@@ -301,6 +301,15 @@ get_line_size(const char *b, ssize_t avail, ssize_t *nlsize) + return (avail); + } + ++/* ++ * <---------------- ravail ---------------------> ++ * <-- diff ------> <--- avail -----------------> ++ * <---- len -----------> ++ * | Previous lines | line being parsed nl extra | ++ * ^ ++ * b ++ * ++ */ + static ssize_t + next_line(struct archive_read *a, + const char **b, ssize_t *avail, ssize_t *ravail, ssize_t *nl) +@@ -339,7 +348,7 @@ next_line(struct archive_read *a, + *b += diff; + *avail -= diff; + tested = len;/* Skip some bytes we already determinated. */ +- len = get_line_size(*b, *avail, nl); ++ len = get_line_size(*b + len, *avail - len, nl); + if (len >= 0) + len += tested; + } +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index f50c078..1ad3108 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -138,6 +138,7 @@ IF(ENABLE_TEST) + test_read_format_lha_bugfix_0.c + test_read_format_lha_filename.c + test_read_format_mtree.c ++ test_read_format_mtree_crash747.c + test_read_format_pax_bz2.c + test_read_format_rar.c + test_read_format_rar_encryption_data.c +diff --git a/libarchive/test/test_read_format_mtree_crash747.c b/libarchive/test/test_read_format_mtree_crash747.c +new file mode 100644 +index 0000000..c082845 +--- /dev/null ++++ b/libarchive/test/test_read_format_mtree_crash747.c +@@ -0,0 +1,44 @@ ++/*- ++ * Copyright (c) 2003-2016 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++ ++ ++/* ++ * Reproduce the crash reported in Github Issue #747. ++ */ ++DEFINE_TEST(test_read_format_mtree_crash747) ++{ ++ const char *reffile = "test_read_format_mtree_crash747.mtree.bz2"; ++ struct archive *a; ++ ++ extract_reference_file(reffile); ++ ++ assert((a = archive_read_new()) != NULL); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_filter_bzip2(a)); ++ assertEqualIntA(a, ARCHIVE_OK, archive_read_support_format_mtree(a)); ++ assertEqualIntA(a, ARCHIVE_FATAL, archive_read_open_filename(a, reffile, 10240)); ++ assertEqualInt(ARCHIVE_OK, archive_read_free(a)); ++} ++ +diff --git a/libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu b/libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu +new file mode 100644 +index 0000000..84f3895 +--- /dev/null ++++ b/libarchive/test/test_read_format_mtree_crash747.mtree.bz2.uu +@@ -0,0 +1,6 @@ ++begin 600 test_read_format_mtree_crash747.mtree.bz2 ++M0EIH.3%!62936:OH@(@``'/[@,`0`@!``'^```)A@9\`$`@@`'4)049!IIH! ++MM021-0,F@&@6````9%>$(K!GIC*XFR0`$```J0+:$XP```!D-F)H[#SE9+2' ++4+E"L=ASXUI%R(I"HD'ZA(5?1`Q`` ++` ++end diff -Nru libarchive-3.2.1/debian/patches/Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch libarchive-3.2.1/debian/patches/Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch --- libarchive-3.2.1/debian/patches/Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,65 @@ +From: Tim Kientzle +Date: Sun, 18 Sep 2016 18:14:58 -0700 +Subject: Issue 761: Heap overflow reading corrupted 7Zip files + +The sample file that demonstrated this had multiple 'EmptyStream' +attributes. The first one ended up being used to calculate +certain statistics, then was overwritten by the second which +was incompatible with those statistics. + +The fix here is to reject any header with multiple EmptyStream +attributes. While here, also reject headers with multiple +EmptyFile, AntiFile, Name, or Attributes markers. +--- + libarchive/archive_read_support_format_7zip.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/libarchive/archive_read_support_format_7zip.c b/libarchive/archive_read_support_format_7zip.c +index 1dfe52b..c0a536c 100644 +--- a/libarchive/archive_read_support_format_7zip.c ++++ b/libarchive/archive_read_support_format_7zip.c +@@ -2431,6 +2431,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, + + switch (type) { + case kEmptyStream: ++ if (h->emptyStreamBools != NULL) ++ return (-1); + h->emptyStreamBools = calloc((size_t)zip->numFiles, + sizeof(*h->emptyStreamBools)); + if (h->emptyStreamBools == NULL) +@@ -2451,6 +2453,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, + return (-1); + break; + } ++ if (h->emptyFileBools != NULL) ++ return (-1); + h->emptyFileBools = calloc(empty_streams, + sizeof(*h->emptyFileBools)); + if (h->emptyFileBools == NULL) +@@ -2465,6 +2469,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, + return (-1); + break; + } ++ if (h->antiBools != NULL) ++ return (-1); + h->antiBools = calloc(empty_streams, + sizeof(*h->antiBools)); + if (h->antiBools == NULL) +@@ -2491,6 +2497,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, + if ((ll & 1) || ll < zip->numFiles * 4) + return (-1); + ++ if (zip->entry_names != NULL) ++ return (-1); + zip->entry_names = malloc(ll); + if (zip->entry_names == NULL) + return (-1); +@@ -2543,6 +2551,8 @@ read_Header(struct archive_read *a, struct _7z_header_info *h, + if ((p = header_bytes(a, 2)) == NULL) + return (-1); + allAreDefined = *p; ++ if (h->attrBools != NULL) ++ return (-1); + h->attrBools = calloc((size_t)zip->numFiles, + sizeof(*h->attrBools)); + if (h->attrBools == NULL) diff -Nru libarchive-3.2.1/debian/patches/Issue-767-Buffer-overflow-printing-a-filename.patch libarchive-3.2.1/debian/patches/Issue-767-Buffer-overflow-printing-a-filename.patch --- libarchive-3.2.1/debian/patches/Issue-767-Buffer-overflow-printing-a-filename.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Issue-767-Buffer-overflow-printing-a-filename.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,37 @@ +From: Tim Kientzle +Date: Sun, 21 Aug 2016 10:51:43 -0700 +Subject: Issue #767: Buffer overflow printing a filename + +The safe_fprintf function attempts to ensure clean output for an +arbitrary sequence of bytes by doing a trial conversion of the +multibyte characters to wide characters -- if the resulting wide +character is printable then we pass through the corresponding bytes +unaltered, otherwise, we convert them to C-style ASCII escapes. + +The stack trace in Issue #767 suggest that the 20-byte buffer +was getting overflowed trying to format a non-printable multibyte +character. This should only happen if there is a valid multibyte +character of more than 5 bytes that was unprintable. (Each byte +would get expanded to a four-charcter octal-style escape of the form +"\123" resulting in >20 characters for the >5 byte multibyte character.) + +I've not been able to reproduce this, but have expanded the conversion +buffer to 128 bytes on the belief that no multibyte character set +has a single character of more than 32 bytes. +--- + tar/util.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tar/util.c b/tar/util.c +index 9ff22f2..2b4aebe 100644 +--- a/tar/util.c ++++ b/tar/util.c +@@ -182,7 +182,7 @@ safe_fprintf(FILE *f, const char *fmt, ...) + } + + /* If our output buffer is full, dump it and keep going. */ +- if (i > (sizeof(outbuff) - 20)) { ++ if (i > (sizeof(outbuff) - 128)) { + outbuff[i] = '\0'; + fprintf(f, "%s", outbuff); + i = 0; diff -Nru libarchive-3.2.1/debian/patches/series libarchive-3.2.1/debian/patches/series --- libarchive-3.2.1/debian/patches/series 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/patches/series 2016-10-16 13:41:59.000000000 +0000 @@ -3,3 +3,11 @@ Typos.patch Candidate.patch CPPCheck.patch +Issue-744-part-of-Issue-743-Enforce-sandbox-with-very-lon.patch +Fixes-for-Issue-745-and-Issue-746-from-Doran-Moppert.patch +Test-cases-for-Github-Issue-744-745-and-746.patch +Fix-the-test-cases-for-Issue-745-and-Issue-746.patch +Correct-the-usage-of-PATH_MAX-as-reported-in-Issue-744.patch +Issue-761-Heap-overflow-reading-corrupted-7Zip-files.patch +Issue-747-and-others-Avoid-OOB-read-when-parsing-multiple.patch +Issue-767-Buffer-overflow-printing-a-filename.patch diff -Nru libarchive-3.2.1/debian/patches/Test-cases-for-Github-Issue-744-745-and-746.patch libarchive-3.2.1/debian/patches/Test-cases-for-Github-Issue-744-745-and-746.patch --- libarchive-3.2.1/debian/patches/Test-cases-for-Github-Issue-744-745-and-746.patch 1970-01-01 00:00:00.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Test-cases-for-Github-Issue-744-745-and-746.patch 2016-10-16 13:41:59.000000000 +0000 @@ -0,0 +1,416 @@ +From: Tim Kientzle +Date: Tue, 9 Aug 2016 21:31:36 -0400 +Subject: Test cases for Github Issue #744, #745, and #746. + +--- + Makefile.am | 3 + + libarchive/test/CMakeLists.txt | 3 + + libarchive/test/main.c | 25 ++++++ + libarchive/test/test.h | 3 + + libarchive/test/test_write_disk_secure744.c | 95 +++++++++++++++++++++ + libarchive/test/test_write_disk_secure745.c | 76 +++++++++++++++++ + libarchive/test/test_write_disk_secure746.c | 125 ++++++++++++++++++++++++++++ + 7 files changed, 330 insertions(+) + create mode 100644 libarchive/test/test_write_disk_secure744.c + create mode 100644 libarchive/test/test_write_disk_secure745.c + create mode 100644 libarchive/test/test_write_disk_secure746.c + +diff --git a/Makefile.am b/Makefile.am +index b02797f..78e7956 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -509,6 +509,9 @@ libarchive_test_SOURCES= \ + libarchive/test/test_write_disk_no_hfs_compression.c \ + libarchive/test/test_write_disk_perms.c \ + libarchive/test/test_write_disk_secure.c \ ++ libarchive/test/test_write_disk_secure744.c \ ++ libarchive/test/test_write_disk_secure745.c \ ++ libarchive/test/test_write_disk_secure746.c \ + libarchive/test/test_write_disk_sparse.c \ + libarchive/test/test_write_disk_symlink.c \ + libarchive/test/test_write_disk_times.c \ +diff --git a/libarchive/test/CMakeLists.txt b/libarchive/test/CMakeLists.txt +index 124aa3a..f50c078 100644 +--- a/libarchive/test/CMakeLists.txt ++++ b/libarchive/test/CMakeLists.txt +@@ -198,6 +198,9 @@ IF(ENABLE_TEST) + test_write_disk_no_hfs_compression.c + test_write_disk_perms.c + test_write_disk_secure.c ++ test_write_disk_secure744.c ++ test_write_disk_secure745.c ++ test_write_disk_secure746.c + test_write_disk_sparse.c + test_write_disk_symlink.c + test_write_disk_times.c +diff --git a/libarchive/test/main.c b/libarchive/test/main.c +index 0f50e94..468d945 100644 +--- a/libarchive/test/main.c ++++ b/libarchive/test/main.c +@@ -1435,6 +1435,31 @@ assertion_file_size(const char *file, int line, const char *pathname, long size) + return (0); + } + ++/* Verify mode of 'pathname'. */ ++int ++assertion_file_mode(const char *file, int line, const char *pathname, int expected_mode) ++{ ++ int mode; ++ int r; ++ ++ assertion_count(file, line); ++#if defined(_WIN32) && !defined(__CYGWIN__) ++ failure_start(file, line, "assertFileMode not yet implemented for Windows"); ++#else ++ { ++ struct stat st; ++ r = lstat(pathname, &st); ++ mode = (int)(st.st_mode & 0777); ++ } ++ if (r == 0 && mode == expected_mode) ++ return (1); ++ failure_start(file, line, "File %s has mode %o, expected %o", ++ pathname, mode, expected_mode); ++#endif ++ failure_finish(NULL); ++ return (0); ++} ++ + /* Assert that 'pathname' is a dir. If mode >= 0, verify that too. */ + int + assertion_is_dir(const char *file, int line, const char *pathname, int mode) +diff --git a/libarchive/test/test.h b/libarchive/test/test.h +index 1117d6a..2fe09ff 100644 +--- a/libarchive/test/test.h ++++ b/libarchive/test/test.h +@@ -182,6 +182,8 @@ + assertion_file_nlinks(__FILE__, __LINE__, pathname, nlinks) + #define assertFileSize(pathname, size) \ + assertion_file_size(__FILE__, __LINE__, pathname, size) ++#define assertFileMode(pathname, mode) \ ++ assertion_file_mode(__FILE__, __LINE__, pathname, mode) + #define assertTextFileContents(text, pathname) \ + assertion_text_file_contents(__FILE__, __LINE__, text, pathname) + #define assertFileContainsLinesAnyOrder(pathname, lines) \ +@@ -246,6 +248,7 @@ int assertion_file_mtime_recent(const char *, int, const char *); + int assertion_file_nlinks(const char *, int, const char *, int); + int assertion_file_not_exists(const char *, int, const char *); + int assertion_file_size(const char *, int, const char *, long); ++int assertion_file_mode(const char *, int, const char *, int); + int assertion_is_dir(const char *, int, const char *, int); + int assertion_is_hardlink(const char *, int, const char *, const char *); + int assertion_is_not_hardlink(const char *, int, const char *, const char *); +diff --git a/libarchive/test/test_write_disk_secure744.c b/libarchive/test/test_write_disk_secure744.c +new file mode 100644 +index 0000000..08c725e +--- /dev/null ++++ b/libarchive/test/test_write_disk_secure744.c +@@ -0,0 +1,95 @@ ++/*- ++ * Copyright (c) 2003-2007,2016 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++__FBSDID("$FreeBSD$"); ++ ++#define UMASK 022 ++ ++/* ++ * Github Issue #744 describes a bug in the sandboxing code that ++ * causes very long pathnames to not get checked for symlinks. ++ */ ++ ++DEFINE_TEST(test_write_disk_secure744) ++{ ++#if defined(_WIN32) && !defined(__CYGWIN__) ++ skipping("archive_write_disk security checks not supported on Windows"); ++#else ++ struct archive *a; ++ struct archive_entry *ae; ++ size_t buff_size = 8192; ++ char *buff = malloc(buff_size); ++ char *p = buff; ++ int n = 0; ++ int t; ++ ++ assert(buff != NULL); ++ ++ /* Start with a known umask. */ ++ assertUmask(UMASK); ++ ++ /* Create an archive_write_disk object. */ ++ assert((a = archive_write_disk_new()) != NULL); ++ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); ++ ++ while (p + 500 < buff + buff_size) { ++ memset(p, 'x', 100); ++ p += 100; ++ p[0] = '\0'; ++ ++ buff[0] = ((n / 1000) % 10) + '0'; ++ buff[1] = ((n / 100) % 10)+ '0'; ++ buff[2] = ((n / 10) % 10)+ '0'; ++ buff[3] = ((n / 1) % 10)+ '0'; ++ buff[4] = '_'; ++ ++n; ++ ++ /* Create a symlink pointing to the testworkdir */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, buff); ++ archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_copy_symlink(ae, testworkdir); ++ assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae)); ++ archive_entry_free(ae); ++ ++ *p++ = '/'; ++ sprintf(p, "target%d", n); ++ ++ /* Try to create a file through the symlink, should fail. */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, buff); ++ archive_entry_set_mode(ae, S_IFDIR | 0777); ++ ++ t = archive_write_header(a, ae); ++ archive_entry_free(ae); ++ failure("Attempt to create target%d via %d-character symlink should have failed", n, (int)strlen(buff)); ++ if(!assertEqualInt(ARCHIVE_FAILED, t)) { ++ break; ++ } ++ } ++ archive_free(a); ++ free(buff); ++#endif ++} +diff --git a/libarchive/test/test_write_disk_secure745.c b/libarchive/test/test_write_disk_secure745.c +new file mode 100644 +index 0000000..fa6939b +--- /dev/null ++++ b/libarchive/test/test_write_disk_secure745.c +@@ -0,0 +1,76 @@ ++/*- ++ * Copyright (c) 2003-2007,2016 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++__FBSDID("$FreeBSD$"); ++ ++#define UMASK 022 ++ ++/* ++ * Github Issue #745 describes a bug in the sandboxing code that ++ * allows one to use a symlink to edit the permissions on a file or ++ * directory outside of the sandbox. ++ */ ++ ++DEFINE_TEST(test_write_disk_secure745) ++{ ++#if defined(_WIN32) && !defined(__CYGWIN__) ++ skipping("archive_write_disk security checks not supported on Windows"); ++#else ++ struct archive *a; ++ struct archive_entry *ae; ++ ++ /* Start with a known umask. */ ++ assertUmask(UMASK); ++ ++ /* Create an archive_write_disk object. */ ++ assert((a = archive_write_disk_new()) != NULL); ++ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); ++ ++ /* The target dir: The one we're going to try to change permission on */ ++ assertMakeDir("target", 0700); ++ ++ /* The sandbox dir we're going to run inside of. */ ++ assertMakeDir("sandbox", 0700); ++ assertChdir("sandbox"); ++ ++ /* Create a symlink pointing to the target directory */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "sym"); ++ archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_copy_symlink(ae, "../target"); ++ assert(0 == archive_write_header(a, ae)); ++ archive_entry_free(ae); ++ ++ /* Try to alter the target dir through the symlink; this should fail. */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "sym"); ++ archive_entry_set_mode(ae, S_IFDIR | 0777); ++ assert(0 == archive_write_header(a, ae)); ++ archive_entry_free(ae); ++ ++ /* Permission of target dir should not have changed. */ ++ assertFileMode("../target", 0700); ++#endif ++} +diff --git a/libarchive/test/test_write_disk_secure746.c b/libarchive/test/test_write_disk_secure746.c +new file mode 100644 +index 0000000..0daf1b0 +--- /dev/null ++++ b/libarchive/test/test_write_disk_secure746.c +@@ -0,0 +1,125 @@ ++/*- ++ * Copyright (c) 2003-2007,2016 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#include "test.h" ++__FBSDID("$FreeBSD$"); ++ ++#define UMASK 022 ++ ++/* ++ * Github Issue #746 describes a problem in which hardlink targets are ++ * not adequately checked and can be used to modify entries outside of ++ * the sandbox. ++ */ ++ ++/* ++ * Verify that ARCHIVE_EXTRACT_SECURE_NODOTDOT disallows '..' in hardlink ++ * targets. ++ */ ++DEFINE_TEST(test_write_disk_secure746a) ++{ ++#if defined(_WIN32) && !defined(__CYGWIN__) ++ skipping("archive_write_disk security checks not supported on Windows"); ++#else ++ struct archive *a; ++ struct archive_entry *ae; ++ ++ /* Start with a known umask. */ ++ assertUmask(UMASK); ++ ++ /* The target directory we're going to try to affect. */ ++ assertMakeDir("target", 0700); ++ assertMakeFile("target/foo", 0700, "unmodified"); ++ ++ /* The sandbox dir we're going to work within. */ ++ assertMakeDir("sandbox", 0700); ++ assertChdir("sandbox"); ++ ++ /* Create an archive_write_disk object. */ ++ assert((a = archive_write_disk_new()) != NULL); ++ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NODOTDOT); ++ ++ /* Attempt to hardlink to the target directory. */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "bar"); ++ archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_set_size(ae, 8); ++ archive_entry_copy_hardlink(ae, "../target/foo"); ++ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); ++ assertEqualInt(ARCHIVE_FAILED, archive_write_data(a, "modified", 8)); ++ archive_entry_free(ae); ++ ++ /* Verify that target file contents are unchanged. */ ++ assertTextFileContents("unmodified", "../target/foo"); ++#endif ++} ++ ++/* ++ * Verify that ARCHIVE_EXTRACT_SECURE_NOSYMLINK disallows symlinks in hardlink ++ * targets. ++ */ ++DEFINE_TEST(test_write_disk_secure746b) ++{ ++#if defined(_WIN32) && !defined(__CYGWIN__) ++ skipping("archive_write_disk security checks not supported on Windows"); ++#else ++ struct archive *a; ++ struct archive_entry *ae; ++ ++ /* Start with a known umask. */ ++ assertUmask(UMASK); ++ ++ /* The target directory we're going to try to affect. */ ++ assertMakeDir("target", 0700); ++ assertMakeFile("target/foo", 0700, "unmodified"); ++ ++ /* The sandbox dir we're going to work within. */ ++ assertMakeDir("sandbox", 0700); ++ assertChdir("sandbox"); ++ ++ /* Create an archive_write_disk object. */ ++ assert((a = archive_write_disk_new()) != NULL); ++ archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS); ++ ++ /* Create a symlink to the target directory. */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "symlink"); ++ archive_entry_copy_symlink(ae, "../target"); ++ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); ++ archive_entry_free(ae); ++ ++ /* Attempt to hardlink to the target directory via the symlink. */ ++ assert((ae = archive_entry_new()) != NULL); ++ archive_entry_copy_pathname(ae, "bar"); ++ archive_entry_set_mode(ae, S_IFREG | 0777); ++ archive_entry_set_size(ae, 8); ++ archive_entry_copy_hardlink(ae, "symlink/foo"); ++ assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae)); ++ assertEqualInt(ARCHIVE_FAILED, archive_write_data(a, "modified", 8)); ++ archive_entry_free(ae); ++ ++ /* Verify that target file contents are unchanged. */ ++ assertTextFileContents("unmodified", "../target/foo"); ++#endif ++} diff -Nru libarchive-3.2.1/debian/patches/Typos.patch libarchive-3.2.1/debian/patches/Typos.patch --- libarchive-3.2.1/debian/patches/Typos.patch 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/patches/Typos.patch 2016-10-16 13:41:59.000000000 +0000 @@ -1,11 +1,36 @@ -Description: Fix some typographical errors. -Forwarded: https://github.com/libarchive/libarchive/pull/736 -Author: Peter Pentchev -Last-Update: 2016-07-05 +From: Debian Libarchive Maintainers +Date: Sun, 16 Oct 2016 15:37:48 +0200 +Subject: Typos +--- + libarchive/archive_match.c | 2 +- + libarchive/archive_read_disk_posix.c | 6 +++--- + libarchive/archive_read_disk_windows.c | 6 +++--- + libarchive/archive_read_support_filter_lz4.c | 2 +- + libarchive/archive_read_support_format_warc.c | 2 +- + libarchive/archive_util.c | 2 +- + libarchive/archive_write_set_format_iso9660.c | 2 +- + libarchive/test/test_read_format_rar.c | 2 +- + 8 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/libarchive/archive_match.c b/libarchive/archive_match.c +index 4c41bad..0719cbd 100644 +--- a/libarchive/archive_match.c ++++ b/libarchive/archive_match.c +@@ -655,7 +655,7 @@ add_pattern_from_file(struct archive_match *a, struct match_list *mlist, + } + } + +- /* If something error happend, report it immediately. */ ++ /* If an error occurred, report it immediately. */ + if (r < ARCHIVE_OK) { + archive_copy_error(&(a->archive), ar); + archive_read_free(ar); +diff --git a/libarchive/archive_read_disk_posix.c b/libarchive/archive_read_disk_posix.c +index 22a1f14..0be11ea 100644 --- a/libarchive/archive_read_disk_posix.c +++ b/libarchive/archive_read_disk_posix.c -@@ -938,7 +938,7 @@ +@@ -938,7 +938,7 @@ next_entry(struct archive_read_disk *a, struct tree *t, r = archive_match_path_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, @@ -14,7 +39,7 @@ return (r); } if (r) { -@@ -1041,7 +1041,7 @@ +@@ -1041,7 +1041,7 @@ next_entry(struct archive_read_disk *a, struct tree *t, r = archive_match_time_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, @@ -23,7 +48,7 @@ return (r); } if (r) { -@@ -1067,7 +1067,7 @@ +@@ -1067,7 +1067,7 @@ next_entry(struct archive_read_disk *a, struct tree *t, r = archive_match_owner_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, @@ -32,9 +57,11 @@ return (r); } if (r) { +diff --git a/libarchive/archive_read_disk_windows.c b/libarchive/archive_read_disk_windows.c +index 566d264..1fd158f 100644 --- a/libarchive/archive_read_disk_windows.c +++ b/libarchive/archive_read_disk_windows.c -@@ -803,7 +803,7 @@ +@@ -803,7 +803,7 @@ next_entry(struct archive_read_disk *a, struct tree *t, r = archive_match_path_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, @@ -43,7 +70,7 @@ return (r); } if (r) { -@@ -875,7 +875,7 @@ +@@ -875,7 +875,7 @@ next_entry(struct archive_read_disk *a, struct tree *t, r = archive_match_time_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, @@ -52,7 +79,7 @@ return (r); } if (r) { -@@ -901,7 +901,7 @@ +@@ -901,7 +901,7 @@ next_entry(struct archive_read_disk *a, struct tree *t, r = archive_match_owner_excluded(a->matching, entry); if (r < 0) { archive_set_error(&(a->archive), errno, @@ -61,20 +88,11 @@ return (r); } if (r) { ---- a/libarchive/archive_match.c -+++ b/libarchive/archive_match.c -@@ -655,7 +655,7 @@ - } - } - -- /* If something error happend, report it immediately. */ -+ /* If an error occurred, report it immediately. */ - if (r < ARCHIVE_OK) { - archive_copy_error(&(a->archive), ar); - archive_read_free(ar); +diff --git a/libarchive/archive_read_support_filter_lz4.c b/libarchive/archive_read_support_filter_lz4.c +index e877917..37b2f59 100644 --- a/libarchive/archive_read_support_filter_lz4.c +++ b/libarchive/archive_read_support_filter_lz4.c -@@ -595,7 +595,7 @@ +@@ -595,7 +595,7 @@ lz4_filter_read_data_block(struct archive_read_filter *self, const void **p) #endif } @@ -83,9 +101,11 @@ if (uncompressed_size < 0) { archive_set_error(&(self->archive->archive), ARCHIVE_ERRNO_MISC, "lz4 decompression failed"); +diff --git a/libarchive/archive_read_support_format_warc.c b/libarchive/archive_read_support_format_warc.c +index 46a59ea..10d38c6 100644 --- a/libarchive/archive_read_support_format_warc.c +++ b/libarchive/archive_read_support_format_warc.c -@@ -318,7 +318,7 @@ +@@ -318,7 +318,7 @@ start_over: } memcpy(w->pool.str, fnam.str, fnam.len); w->pool.str[fnam.len] = '\0'; @@ -94,9 +114,11 @@ fnam.str = w->pool.str; /* snarf mtime or deduce from rtime +diff --git a/libarchive/archive_util.c b/libarchive/archive_util.c +index cc3d1c4..6b3bd61 100644 --- a/libarchive/archive_util.c +++ b/libarchive/archive_util.c -@@ -580,7 +580,7 @@ +@@ -580,7 +580,7 @@ void __archive_ensure_cloexec_flag(int fd) { #if defined(_WIN32) && !defined(__CYGWIN__) @@ -105,9 +127,11 @@ #else int flags; +diff --git a/libarchive/archive_write_set_format_iso9660.c b/libarchive/archive_write_set_format_iso9660.c +index cb3e54e..c20e088 100644 --- a/libarchive/archive_write_set_format_iso9660.c +++ b/libarchive/archive_write_set_format_iso9660.c -@@ -436,7 +436,7 @@ +@@ -436,7 +436,7 @@ struct iso_option { * Type : string * Default: Auto detect * : We check a size of boot image; @@ -116,9 +140,11 @@ * : we assume boot_type is 'fd'; * : otherwise boot_type is 'no-emulation'. * COMPAT : +diff --git a/libarchive/test/test_read_format_rar.c b/libarchive/test/test_read_format_rar.c +index 5870323..6392d8f 100644 --- a/libarchive/test/test_read_format_rar.c +++ b/libarchive/test/test_read_format_rar.c -@@ -3603,7 +3603,7 @@ +@@ -3603,7 +3603,7 @@ DEFINE_TEST(test_read_format_rar_multivolume_uncompressed_files) assertEqualIntA(a, 0, archive_read_data(a, buff, sizeof(buff))); /* diff -Nru libarchive-3.2.1/debian/rules libarchive-3.2.1/debian/rules --- libarchive-3.2.1/debian/rules 2016-07-25 15:59:27.000000000 +0000 +++ libarchive-3.2.1/debian/rules 2016-10-16 13:41:59.000000000 +0000 @@ -10,10 +10,10 @@ .PHONY: build %: - dh $@ --parallel --with autoreconf + dh $@ build: - dh $@ --parallel --with autoreconf + dh $@ override_dh_auto_configure: dh_auto_configure -- --without-openssl --with-nettle \ @@ -23,6 +23,13 @@ override_dh_autoreconf: dh_autoreconf build/autogen.sh +override_dh_makeshlibs: + dh_makeshlibs -- -c4 + +override_dh_install: + find debian -name '*.la' -delete + dh_install --fail-missing + override_dh_auto_test: ifeq (,$(findstring nocheck,$(DEB_BUILD_OPTIONS))) ifneq (,$(shell locale -a | grep en_US.utf8))