File CVE-2015-8931.patch of Package libarchive.2786

commit b31744df71084a8734f97199e42418f55d08c6c5
Author: Tim Kientzle <kientzle@acm.org>
Date:   Sat May 16 12:16:28 2015 -0700

    Issue #539:  Try a different way to compute max/min time_t values.

Index: libarchive-3.1.2/libarchive/archive_read_support_format_mtree.c
===================================================================
--- libarchive-3.1.2.orig/libarchive/archive_read_support_format_mtree.c
+++ libarchive-3.1.2/libarchive/archive_read_support_format_mtree.c
@@ -137,16 +137,19 @@ get_time_t_max(void)
 #if defined(TIME_T_MAX)
 	return TIME_T_MAX;
 #else
-	static time_t t;
-	time_t a;
-	if (t == 0) {
-		a = 1;
-		while (a > t) {
-			t = a;
-			a = a * 2 + 1;
-		}
+	/* ISO C allows time_t to be a floating-point type,
+	   but POSIX requires an integer type.  The following
+	   should work on any system that follows the POSIX
+	   conventions. */
+	if (((time_t)0) < ((time_t)-1)) {
+		/* Time_t is unsigned */
+		return (~(time_t)0);
+	} else {
+		/* Time_t is signed. */
+		const uintmax_t max_unsigned_time_t = (uintmax_t)(~(time_t)0);
+		const uintmax_t max_signed_time_t = max_unsigned_time_t >> 1;
+		return (time_t)max_signed_time_t;
 	}
-	return t;
 #endif
 }
 
@@ -156,20 +159,16 @@ get_time_t_min(void)
 #if defined(TIME_T_MIN)
 	return TIME_T_MIN;
 #else
-	/* 't' will hold the minimum value, which will be zero (if
-	 * time_t is unsigned) or -2^n (if time_t is signed). */
-	static int computed;
-	static time_t t;
-	time_t a;
-	if (computed == 0) {
-		a = (time_t)-1;
-		while (a < t) {
-			t = a;
-			a = a * 2;
-		}			
-		computed = 1;
+	if (((time_t)0) < ((time_t)-1)) {
+		/* Time_t is unsigned */
+		return (time_t)0;
+	} else {
+		/* Time_t is signed. */
+		const uintmax_t max_unsigned_time_t = (uintmax_t)(~(time_t)0);
+		const uintmax_t max_signed_time_t = max_unsigned_time_t >> 1;
+		const intmax_t min_signed_time_t = (intmax_t)~max_signed_time_t;
+		return (time_t)min_signed_time_t;
 	}
-	return t;
 #endif
 }
 
commit c0c52e9aaafb0860c4151c5374372051e9354301
Author: Tim Kientzle <kientzle@gmail.com>
Date:   Thu Oct 22 21:43:07 2015 -0700

    Don't try to be smart about probing the min/max tim_t values.
    Just assume that a signed time_t is really a 64-bit or 32-bit integer.

diff --git a/libarchive/archive_read_support_format_mtree.c b/libarchive/archive_read_support_format_mtree.c
index b5f8e30..3abe198 100644
--- a/libarchive/archive_read_support_format_mtree.c
+++ b/libarchive/archive_read_support_format_mtree.c
@@ -148,9 +148,12 @@ get_time_t_max(void)
 		return (~(time_t)0);
 	} else {
 		/* Time_t is signed. */
-		const uintmax_t max_unsigned_time_t = (uintmax_t)(~(time_t)0);
-		const uintmax_t max_signed_time_t = max_unsigned_time_t >> 1;
-		return (time_t)max_signed_time_t;
+		/* Assume it's the same as int64_t or int32_t */
+		if (sizeof(time_t) == sizeof(int64_t)) {
+			return (time_t)INT64_MAX;
+		} else {
+			return (time_t)INT32_MAX;
+		}
 	}
 #endif
 }
@@ -166,10 +169,11 @@ get_time_t_min(void)
 		return (time_t)0;
 	} else {
 		/* Time_t is signed. */
-		const uintmax_t max_unsigned_time_t = (uintmax_t)(~(time_t)0);
-		const uintmax_t max_signed_time_t = max_unsigned_time_t >> 1;
-		const intmax_t min_signed_time_t = (intmax_t)~max_signed_time_t;
-		return (time_t)min_signed_time_t;
+		if (sizeof(time_t) == sizeof(int64_t)) {
+			return (time_t)INT64_MIN;
+		} else {
+			return (time_t)INT32_MIN;
+		}
 	}
 #endif
 }
@@ -1561,7 +1565,7 @@ parse_keyword(struct archive_read *a, struct mtree *mtree,
 			int64_t m;
 			int64_t my_time_t_max = get_time_t_max();
 			int64_t my_time_t_min = get_time_t_min();
-			long ns;
+			long ns = 0;
 
 			*parsed_kws |= MTREE_HAS_MTIME;
 			m = mtree_atol10(&val);
openSUSE Build Service is sponsored by