!79 [sync] PR-75: 【轻量级 PR】：The libzsta.a library should be packaged to access advanced experimental features

From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen

backport-0001-CVE-2022-4899.patch

@@ -0,0 +1,79 @@
+From f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa Mon Sep 17 00:00:00 2001
+From: Elliot Gorokhovsky <embg@fb.com>
+Date: Fri, 29 Jul 2022 14:44:22 -0700
+Subject: [PATCH] Disallow empty output directory
+
+Reference:https://github.com/facebook/zstd/commit/f9f27de91c89d826c6a39c3ef44fb1b02f9a43aa
+Conflict:NA
+---
+ programs/zstdcli.c                             | 18 ++++++++++++++++--
+ tests/cli-tests/basic/output_dir.sh            |  7 +++++++
+ .../cli-tests/basic/output_dir.sh.stderr.exact |  2 ++
+ .../cli-tests/basic/output_dir.sh.stdout.exact |  2 ++
+ 4 files changed, 27 insertions(+), 2 deletions(-)
+ create mode 100755 tests/cli-tests/basic/output_dir.sh
+ create mode 100644 tests/cli-tests/basic/output_dir.sh.stderr.exact
+ create mode 100644 tests/cli-tests/basic/output_dir.sh.stdout.exact
+
+diff --git a/programs/zstdcli.c b/programs/zstdcli.c
+index 239aaf4..fb87dec 100644
+--- a/programs/zstdcli.c
++++ b/programs/zstdcli.c
+@@ -931,9 +931,23 @@ int main(int const argCount, const char* argv[])
+                 if (longCommandWArg(&argument, "--stream-size=")) { streamSrcSize = readSizeTFromChar(&argument); continue; }
+                 if (longCommandWArg(&argument, "--target-compressed-block-size=")) { targetCBlockSize = readSizeTFromChar(&argument); continue; }
+                 if (longCommandWArg(&argument, "--size-hint=")) { srcSizeHint = readSizeTFromChar(&argument); continue; }
+-                if (longCommandWArg(&argument, "--output-dir-flat")) { NEXT_FIELD(outDirName); continue; }
++                if (longCommandWArg(&argument, "--output-dir-flat")) {
++                    NEXT_FIELD(outDirName);
++                    if (strlen(outDirName) == 0) {
++                        DISPLAY("error: output dir cannot be empty string (did you mean to pass '.' instead?)\n");
++                        CLEAN_RETURN(1);
++                    }
++                    continue;
++                }
+ #ifdef UTIL_HAS_MIRRORFILELIST
+-                if (longCommandWArg(&argument, "--output-dir-mirror")) { NEXT_FIELD(outMirroredDirName); continue; }
++                if (longCommandWArg(&argument, "--output-dir-mirror")) {
++                    NEXT_FIELD(outMirroredDirName);
++                    if (strlen(outMirroredDirName) == 0) {
++                        DISPLAY("error: output dir cannot be empty string (did you mean to pass '.' instead?)\n");
++                        CLEAN_RETURN(1);
++                    }
++                    continue;
++                }
+ #endif
+ #ifndef ZSTD_NOTRACE
+                 if (longCommandWArg(&argument, "--trace")) { char const* traceFile; NEXT_FIELD(traceFile); TRACE_enable(traceFile); continue; }
+diff --git a/tests/cli-tests/basic/output_dir.sh b/tests/cli-tests/basic/output_dir.sh
+new file mode 100755
+index 0000000..a8819d2
+--- /dev/null
++++ b/tests/cli-tests/basic/output_dir.sh
+@@ -0,0 +1,7 @@
++#!/bin/sh
++
++println "+ zstd -r * --output-dir-mirror=\"\""
++zstd -r * --output-dir-mirror="" && die "Should not allow empty output dir!"
++println "+ zstd -r * --output-dir-flat=\"\""
++zstd -r * --output-dir-flat="" && die "Should not allow empty output dir!"
++exit 0
+diff --git a/tests/cli-tests/basic/output_dir.sh.stderr.exact b/tests/cli-tests/basic/output_dir.sh.stderr.exact
+new file mode 100644
+index 0000000..e12b504
+--- /dev/null
++++ b/tests/cli-tests/basic/output_dir.sh.stderr.exact
+@@ -0,0 +1,2 @@
++error: output dir cannot be empty string (did you mean to pass '.' instead?)
++error: output dir cannot be empty string (did you mean to pass '.' instead?)
+diff --git a/tests/cli-tests/basic/output_dir.sh.stdout.exact b/tests/cli-tests/basic/output_dir.sh.stdout.exact
+new file mode 100644
+index 0000000..1e478cd
+--- /dev/null
++++ b/tests/cli-tests/basic/output_dir.sh.stdout.exact
+@@ -0,0 +1,2 @@
+++ zstd -r * --output-dir-mirror=""
+++ zstd -r * --output-dir-flat=""
+-- 
+2.33.0
+

backport-0002-CVE-2022-4899.patch

@@ -0,0 +1,65 @@
+From e1873ad576cb478fff0e6e44ad99599cd5fd2846 Mon Sep 17 00:00:00 2001
+From: Elliot Gorokhovsky <embg@fb.com>
+Date: Fri, 29 Jul 2022 11:10:47 -0700
+Subject: [PATCH] Fix buffer underflow for null dir1
+
+Reference:https://github.com/facebook/zstd/commit/e1873ad576cb478fff0e6e44ad99599cd5fd2846
+Conflict:NA
+---
+ programs/util.c | 38 +++++++++++++++++++-------------------
+ 1 file changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/programs/util.c b/programs/util.c
+index f53eb03fbe..b874344c4d 100644
+--- a/programs/util.c
++++ b/programs/util.c
+@@ -870,30 +870,30 @@ static const char * trimPath(const char *pathname)
+ 
+ static char* mallocAndJoin2Dir(const char *dir1, const char *dir2)
+ {
+-    const size_t dir1Size = strlen(dir1);
+-    const size_t dir2Size = strlen(dir2);
+-    char *outDirBuffer, *buffer, trailingChar;
+-
+     assert(dir1 != NULL && dir2 != NULL);
+-    outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
+-    CONTROL(outDirBuffer != NULL);
++    {   const size_t dir1Size = strlen(dir1);
++        const size_t dir2Size = strlen(dir2);
++        char *outDirBuffer, *buffer;
+ 
+-    memcpy(outDirBuffer, dir1, dir1Size);
+-    outDirBuffer[dir1Size] = '\0';
++        outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
++        CONTROL(outDirBuffer != NULL);
+ 
+-    if (dir2[0] == '.')
+-        return outDirBuffer;
++        memcpy(outDirBuffer, dir1, dir1Size);
++        outDirBuffer[dir1Size] = '\0';
+ 
+-    buffer = outDirBuffer + dir1Size;
+-    trailingChar = *(buffer - 1);
+-    if (trailingChar != PATH_SEP) {
+-        *buffer = PATH_SEP;
+-        buffer++;
+-    }
+-    memcpy(buffer, dir2, dir2Size);
+-    buffer[dir2Size] = '\0';
++        if (dir2[0] == '.')
++            return outDirBuffer;
+ 
+-    return outDirBuffer;
++        buffer = outDirBuffer + dir1Size;
++        if (dir1Size > 0 && *(buffer - 1) != PATH_SEP) {
++            *buffer = PATH_SEP;
++            buffer++;
++        }
++        memcpy(buffer, dir2, dir2Size);
++        buffer[dir2Size] = '\0';
++
++        return outDirBuffer;
++    }
+ }
+ 
+ /* this function will return NULL if input srcFileName is not valid name for mirrored output path */

backport-CVE-2021-24032.patch

@@ -1,88 +0,0 @@
-From a774c5797399040af62db21d8a9b9769e005430e Mon Sep 17 00:00:00 2001
-From: "W. Felix Handte" <w@felixhandte.com>
-Date: Thu, 11 Feb 2021 15:50:13 -0500
-Subject: [PATCH] Use umask() to Constrain Created File Permissions
-
-This commit addresses #2491.
-
-Note that a downside of this solution is that it is global: `umask()` affects
-all file creation calls in the process. I believe this is safe since
-`fileio.c` functions should only ever be used in the zstd binary, and these
-are (almost) the only files ever created by zstd, and AIUI they're only
-created in a single thread. So we can get away with messing with global state.
-
-Note that this doesn't change the permissions of files created by `dibio.c`.
-I'm not sure what those should be...
----
- programs/fileio.c | 9 +++------
- programs/util.c   | 9 +++++++++
- programs/util.h   | 7 ++++++-
- 3 files changed, 18 insertions(+), 7 deletions(-)
-
-diff --git a/programs/fileio.c b/programs/fileio.c
-index 51956f681..30a2879a7 100644
---- a/programs/fileio.c
-+++ b/programs/fileio.c
-@@ -679,14 +679,11 @@ FIO_openDstFile(FIO_ctx_t* fCtx, FIO_prefs_t* const prefs,
-             FIO_removeFile(dstFileName);
-     }   }
- 
--    {   FILE* const f = fopen( dstFileName, "wb" );
-+    {   const int old_umask = UTIL_umask(0177); /* u-x,go-rwx */
-+        FILE* const f = fopen( dstFileName, "wb" );
-+        UTIL_umask(old_umask);
-         if (f == NULL) {
-             DISPLAYLEVEL(1, "zstd: %s: %s\n", dstFileName, strerror(errno));
--        } else if (srcFileName != NULL
--               && strcmp (srcFileName, stdinmark)
--               && strcmp(dstFileName, nulmark) ) {
--            /* reduce rights on newly created dst file while compression is ongoing */
--            UTIL_chmod(dstFileName, NULL, 00600);
-         }
-         return f;
-     }
-diff --git a/programs/util.c b/programs/util.c
-index 460d9bf11..7208d66d2 100644
---- a/programs/util.c
-+++ b/programs/util.c
-@@ -159,6 +159,15 @@ int UTIL_chmod(char const* filename, const stat_t* statbuf, mode_t permissions)
-     return chmod(filename, permissions);
- }
- 
-+int UTIL_umask(int mode) {
-+#if PLATFORM_POSIX_VERSION > 0
-+    return umask(mode);
-+#else
-+    /* do nothing, fake return value */
-+    return mode;
-+#endif
-+}
-+
- int UTIL_setFileStat(const char *filename, const stat_t *statbuf)
- {
-     int res = 0;
-diff --git a/programs/util.h b/programs/util.h
-index d2077c9ac..0e696f003 100644
---- a/programs/util.h
-+++ b/programs/util.h
-@@ -22,7 +22,7 @@ extern "C" {
- #include "platform.h"     /* PLATFORM_POSIX_VERSION, ZSTD_NANOSLEEP_SUPPORT, ZSTD_SETPRIORITY_SUPPORT */
- #include <stddef.h>       /* size_t, ptrdiff_t */
- #include <sys/types.h>    /* stat, utime */
--#include <sys/stat.h>     /* stat, chmod */
-+#include <sys/stat.h>     /* stat, chmod, umask */
- #include "../lib/common/mem.h"          /* U64 */
- 
- 
-@@ -152,6 +152,11 @@ U64 UTIL_getFileSizeStat(const stat_t* statbuf);
-  */
- int UTIL_chmod(char const* filename, const stat_t* statbuf, mode_t permissions);
- 
-+/**
-+ * Wraps umask(). Does nothing when the platform doesn't have that concept.
-+ */
-+int UTIL_umask(int mode);
-+
- /*
-  * In the absence of a pre-existing stat result on the file in question, these
-  * functions will do a stat() call internally and then use that result to

zstd.spec

@@ -1,14 +1,15 @@
 %bcond_without pzstd
 
 Name:            zstd
-Version:         1.4.8
-Release:	 2
+Version:         1.5.0
+Release:	 5
 Summary:         A fast lossless compression algorithm
 License:         BSD and GPLv2
 URL:             https://github.com/facebook/zstd
 Source0:         https://github.com/facebook/zstd/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 
-Patch6000:       backport-CVE-2021-24032.patch
+Patch6000:       backport-0001-CVE-2022-4899.patch
+Patch6001:       backport-0002-CVE-2022-4899.patch
 
 BuildRequires:   gtest-devel gcc-c++ pkg-config
 
@@ -50,9 +51,7 @@ done
 %endif
 
 %check
-%ifarch %{arm}
-make -C tests test-zstd
-%endif
+make -C tests test
 %if %{with pzstd}
 make -C contrib/pzstd test CXXFLAGS="$RPM_OPT_FLAGS -std=c++11"
 %endif
@@ -77,18 +76,33 @@ install -D -m644 programs/zstd.1 %{buildroot}%{_mandir}/man1/pzstd.1
 
 %exclude %{_bindir}/%{name}less
 %exclude %{_bindir}/%{name}grep
-%exclude %{_libdir}/libzstd.a
 
 %files devel
 %{_includedir}/*.h
 
 %{_libdir}/pkgconfig/libzstd.pc
 %{_libdir}/libzstd.so
+%{_libdir}/libzstd.a
 
 %files help
 %{_mandir}/man1/*.1*
 
 %changelog
+* Mon Dec 9 2024 luckky <guodashun1@huawei.com> - 1.5.0-5
+* The libzsta.a library should be packaged to access advanced experimental features
+
+* Tue Apr 4 2023 zhoupengcheng <zhoupengcheng11@huawei.com> - 1.5.0-4
+* fix CVE-2022-4899
+
+* Thu Feb 16 2023 wangjiang <wangjiang37@h-partners.com> - 1.5.0-3
+- enable check
+
+* Tue Oct 25 2022 yanglongkang <yanglongkang@h-partners.com> - 1.5.0-2
+- rebuild for next release
+
+* Tue Dec 21 2021 shixuantong <shixuantong@huawei.com> - 1.5.0-1
+- update version to 1.5.0
+
 * Tue Mar 16 2021 shixuantong <shixuantong@huawei.com> - 1.4.8-2
 - fix CVE-2021-24032