SECURITY update to 2.4.14. (FreeBSD-SA-07:05.libarchive)

This fixes various vulnerabilities in handling corrupt tar files.

archivers/libarchive/Makefile

@@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.4 2008/01/27 17:17:04 naddy Exp $
+# $OpenBSD: Makefile,v 1.5 2008/03/18 21:43:35 naddy Exp $
 
 COMMENT=	library for reading and writing streaming archives
 
-V=		2.4.12
+V=		2.4.14
 DISTNAME=	libarchive-$V
-SHARED_LIBS +=  archive              1.2      # .6.12
+SHARED_LIBS +=  archive              1.3      # .6.14
 CATEGORIES=	archivers
 HOMEPAGE=	http://people.freebsd.org/~kientzle/libarchive/
 

archivers/libarchive/distinfo

@@ -1,10 +1,10 @@
-MD5 (libarchive-2.4.12.tar.gz) = P43Gc3vA/QMbfmSxQ+reAg==
-MD5 (libarchive-catpages-2.4.12.tar.gz) = czUUZ0HH2dJlJYLq9mZvYA==
-RMD160 (libarchive-2.4.12.tar.gz) = kzDL62ohMOpHbc4ySwEFBuwU6ag=
-RMD160 (libarchive-catpages-2.4.12.tar.gz) = 5XW/cb4yp7Ajq5AFxHd5zQd9XRU=
-SHA1 (libarchive-2.4.12.tar.gz) = eM5W6CMnelV07lTQVVW3m6w6Z5w=
-SHA1 (libarchive-catpages-2.4.12.tar.gz) = h4nsjec+Ed05aaz9AZdtWdqvv94=
-SHA256 (libarchive-2.4.12.tar.gz) = xHMdSHeckVNsiuOyi2THhcSzIqb4smw8zM8qx0Pvc4w=
-SHA256 (libarchive-catpages-2.4.12.tar.gz) = pfVWDk6T7EnJR0jvXTpCLtZk88zj3l568XNqzujZ1oM=
-SIZE (libarchive-2.4.12.tar.gz) = 823753
-SIZE (libarchive-catpages-2.4.12.tar.gz) = 50962
+MD5 (libarchive-2.4.14.tar.gz) = 5KpNXVDq5nrN9wrz6hPLaw==
+MD5 (libarchive-catpages-2.4.14.tar.gz) = UtePlBNvtVJCqU0sJYcYkQ==
+RMD160 (libarchive-2.4.14.tar.gz) = iCna3WhV5YXp16NIeVqVG1+LOUQ=
+RMD160 (libarchive-catpages-2.4.14.tar.gz) = TZ53xd7+E7c3u7yXwluCALTi/1s=
+SHA1 (libarchive-2.4.14.tar.gz) = 1OSGAXZyVua4iYvw2Yaa62TIrXY=
+SHA1 (libarchive-catpages-2.4.14.tar.gz) = rPvSR91mun3Upylps8U+nFn1J0E=
+SHA256 (libarchive-2.4.14.tar.gz) = O/sIRfIbJeSgCJfrKIZNVcjDSubzJ12AerFELUJTVzw=
+SHA256 (libarchive-catpages-2.4.14.tar.gz) = DT/X+fGrz9u5C1FAQU4nYeK85eD3MPUahn9Te7/FMDQ=
+SIZE (libarchive-2.4.14.tar.gz) = 833049
+SIZE (libarchive-catpages-2.4.14.tar.gz) = 50955

archivers/libarchive/patches/patch-cpio_test_test_option_L_c

@@ -0,0 +1,31 @@
+$OpenBSD: patch-cpio_test_test_option_L_c,v 1.1 2008/03/18 21:43:35 naddy Exp $
+--- cpio/test/test_option_L.c.orig	Tue Mar 18 21:31:39 2008
++++ cpio/test/test_option_L.c	Tue Mar 18 21:32:55 2008
+@@ -59,23 +59,23 @@ DEFINE_TEST(test_option_L)
+ 	assert(!S_ISLNK(st.st_mode));
+ 
+ 	r = systemf("cat filelist | %s -o --quiet >archive.out 2>archive.err", testprog);
+-	failure("Error invoking %s -o --quiet %s", testprog);
++	failure("Error invoking %s -o --quiet", testprog);
+ 	assertEqualInt(r, 0);
+ 
+ 	assertEqualInt(0, mkdir("unpack", 0755));
+ 	r = systemf("cat archive.out | (cd unpack ; %s -i >unpack.out 2>unpack.err)", testprog);
+-	failure("Error invoking %s -i %s", testprog);
++	failure("Error invoking %s -i", testprog);
+ 	assertEqualInt(r, 0);
+ 	assertEqualInt(0, lstat("unpack/symlink", &st));
+ 	assert(S_ISLNK(st.st_mode));
+ 
+ 	r = systemf("cat filelist | %s -oL --quiet >archive-L.out 2>archive-L.err", testprog);
+-	failure("Error invoking %s -oL --quiet %s", testprog);
++	failure("Error invoking %s -oL --quiet", testprog);
+ 	assertEqualInt(r, 0);
+ 
+ 	assertEqualInt(0, mkdir("unpack-L", 0755));
+ 	r = systemf("cat archive-L.out | (cd unpack-L ; %s -i >unpack-L.out 2>unpack-L.err)", testprog);
+-	failure("Error invoking %s -i %s < archive-L.out", testprog);
++	failure("Error invoking %s -i < archive-L.out", testprog);
+ 	assertEqualInt(r, 0);
+ 	assertEqualInt(0, lstat("unpack-L/symlink", &st));
+ 	assert(!S_ISLNK(st.st_mode));

archivers/libarchive/patches/patch-libarchive_test_main_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-libarchive_test_main_c,v 1.4 2008/01/27 17:17:04 naddy Exp $
---- libarchive/test/main.c.orig	Tue Jan  1 23:42:46 2008
-+++ libarchive/test/main.c	Sun Jan 27 16:39:51 2008
-@@ -306,8 +306,8 @@ test_assert_equal_wstring(const char *file, int line,
+$OpenBSD: patch-libarchive_test_main_c,v 1.5 2008/03/18 21:43:35 naddy Exp $
+--- libarchive/test/main.c.orig	Tue Feb 19 06:52:30 2008
++++ libarchive/test/main.c	Tue Mar 18 20:00:19 2008
+@@ -304,8 +304,8 @@ test_assert_equal_wstring(const char *file, int line,
  		return;
  	fprintf(stderr, "%s:%d: Assertion failed: Unicode strings not equal\n",
  	    file, line);

archivers/libarchive/patches/patch-libarchive_test_test_entry_c

@@ -0,0 +1,12 @@
+$OpenBSD: patch-libarchive_test_test_entry_c,v 1.1 2008/03/18 21:43:35 naddy Exp $
+--- libarchive/test/test_entry.c.orig	Fri Feb 15 07:27:47 2008
++++ libarchive/test/test_entry.c	Tue Mar 18 21:45:19 2008
+@@ -676,7 +676,7 @@ DEFINE_TEST(test_entry)
+ 	 * Exercise the character-conversion logic, if we can.
+ 	 */
+ 	failure("Can't exercise charset-conversion logic.");
+-	if (assert(NULL != setlocale(LC_ALL, "de_DE.UTF-8"))) {
++	if (NULL != setlocale(LC_ALL, "de_DE.UTF-8")) {
+ 		/* A filename that cannot be converted to wide characters. */
+ 		archive_entry_copy_pathname(e, "abc\314\214mno\374xyz");
+ 		failure("Converting invalid chars to Unicode should fail.");

archivers/libarchive/patches/patch-libarchive_test_test_pax_filename_encoding_c

@@ -0,0 +1,12 @@
+$OpenBSD: patch-libarchive_test_test_pax_filename_encoding_c,v 1.1 2008/03/18 21:43:35 naddy Exp $
+--- libarchive/test/test_pax_filename_encoding.c.orig	Tue Mar 18 21:05:02 2008
++++ libarchive/test/test_pax_filename_encoding.c	Tue Mar 18 21:06:03 2008
+@@ -60,7 +60,7 @@ DEFINE_TEST(test_pax_filename_encoding)
+ 	 */
+ 	/* If it doesn't exist, just warn and return. */
+ 	failure("We need a suitable locale for the encoding tests.");
+-	if (!assert(NULL != setlocale(LC_ALL, "de_DE.UTF-8")))
++	if (NULL == setlocale(LC_ALL, "de_DE.UTF-8"))
+ 		return;
+ 
+ 	assert((a = archive_write_new()) != NULL);