main/libarchive: security upgrade to 3.3.3

CVE-2017-14501, CVE-2017-14502, CVE-2017-14503

Drop uneeded patches

Ref #10745

3 files changed, 8 insertions, 57 deletions

diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index af538103646..4717b32c382 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -1,21 +1,22 @@
 # Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libarchive
-pkgver=3.3.2
-pkgrel=4
+pkgver=3.3.3
+pkgrel=0
 pkgdesc="library that can create and read several streaming archive formats"
 url="http://libarchive.org/"
 arch="all"
 license="BSD"
 makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev"
 subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
-source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
-	libressl-2.7.patch
-	CVE-2017-14166.patch
-	"
+source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz"
 builddir="$srcdir/$pkgname-$pkgver"
 
 # secfixes:
+#   3.3.3-r0:
+#     - CVE-2017-14501
+#     - CVE-2017-14502
+#     - CVE-2017-14503
 #   3.3.2-r1:
 #     - CVE-2017-14166
 
@@ -41,6 +42,4 @@ tools() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-sha512sums="1e538cd7d492f54b11c16c56f12c1632ba14302a3737ec0db786272aec0c8020f1e27616a7654d57e26737e5ed9bfc9a62f1fdda61a95c39eb726aa7c2f673e4  libarchive-3.3.2.tar.gz
-cdff266bf494be68b778dc66f8b80b213159d6fd26b6fe9980ede5aa4e4764e449438ae7e1e151f01f5a513b0911774df9c8f22b5b4d8b10c9b2162c365a06bc  libressl-2.7.patch
-7cc9dbafd970c07fb4421b7a72a075cc0a000db77df4432222539c58625c93c45f01a144838b551980bc0c6dc5b4c3ab852eb1433006c3174581ba0897010dbe  CVE-2017-14166.patch"
+sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7  libarchive-3.3.3.tar.gz"
diff --git a/main/libarchive/CVE-2017-14166.patch b/main/libarchive/CVE-2017-14166.patch
deleted file mode 100644
index b729ae41e0a..00000000000
--- a/main/libarchive/CVE-2017-14166.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <joerg@bec.de>
-Date: Tue, 5 Sep 2017 18:12:19 +0200
-Subject: [PATCH] Do something sensible for empty strings to make fuzzers
- happy.
-
----
- libarchive/archive_read_support_format_xar.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
-index 7a22beb9d..93eeacc5e 100644
---- a/libarchive/archive_read_support_format_xar.c
-+++ b/libarchive/archive_read_support_format_xar.c
-@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
- 	uint64_t l;
- 	int digit;
- 
-+	if (char_cnt == 0)
-+		return (0);
-+
- 	l = 0;
- 	digit = *p - '0';
- 	while (digit >= 0 && digit < 10  && char_cnt-- > 0) {
-@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
- {
- 	int64_t l;
- 	int digit;
--        
-+
-+	if (char_cnt == 0)
-+		return (0);
-+
- 	l = 0;
- 	while (char_cnt-- > 0) {
- 		if (*p >= '0' && *p <= '7')
diff --git a/main/libarchive/libressl-2.7.patch b/main/libarchive/libressl-2.7.patch
deleted file mode 100644
index 5ab5610a112..00000000000
--- a/main/libarchive/libressl-2.7.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- a/libarchive/archive_openssl_hmac_private.h.orig	2018-03-22 20:47:12 UTC
-+++ b/libarchive/archive_openssl_hmac_private.h
-@@ -28,7 +28,8 @@
- #include <openssl/hmac.h>
- #include <openssl/opensslv.h>
- 
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
-+    (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- #include <stdlib.h> /* malloc, free */
- #include <string.h> /* memset */
- static inline HMAC_CTX *HMAC_CTX_new(void)