(#23509) libarchive: security, remove old versions, bump deps

* libarchive: remove vulnerable unused versions All versions<3.7.0 have some CVEs, let's remove all versions not used in CCI which are vulnerable. * libarchive: bump deps expat<2.6.2 have known security issues libxml2<2.12.5 have known security issues * libarchive: remove vulnerable version 3.6.2 only used in qarchive recipe * use version range for expat
conan-io · Apr 17, 2024 · c4495e4 · c4495e4
1 parent 61455ce
commit c4495e4
Show file tree

Hide file tree

Showing 17 changed files with 3 additions and 1,133 deletions.
diff --git a/recipes/libarchive/all/conandata.yml b/recipes/libarchive/all/conandata.yml
@@ -8,27 +8,6 @@ sources:
   "3.7.1":
     url: "https://github.com/libarchive/libarchive/releases/download/v3.7.1/libarchive-3.7.1.tar.xz"
     sha256: "b17403ce670ff18d8e06fea05a9ea9accf70678c88f1b9392a2e29b51127895f"
-  "3.6.2":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.6.2/libarchive-3.6.2.tar.xz"
-    sha256: "9e2c1b80d5fbe59b61308fdfab6c79b5021d7ff4ff2489fb12daf0a96a83551d"
-  "3.6.1":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.6.1/libarchive-3.6.1.tar.xz"
-    sha256: "5a411aceb978f43e626f0c2d1812ddd8807b645ed892453acabd532376c148e6"
-  "3.6.0":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.6.0/libarchive-3.6.0.tar.xz"
-    sha256: "df283917799cb88659a5b33c0a598f04352d61936abcd8a48fe7b64e74950de7"
-  "3.5.2":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.5.2/libarchive-3.5.2.tar.xz"
-    sha256: "f0b19ff39c3c9a5898a219497ababbadab99d8178acc980155c7e1271089b5a0"
-  "3.5.1":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.5.1/libarchive-3.5.1.tar.xz"
-    sha256: "0e17d3a8d0b206018693b27f08029b598f6ef03600c2b5d10c94ce58692e299b"
-  "3.4.3":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.4.3/libarchive-3.4.3.tar.xz"
-    sha256: "0bfc3fd40491768a88af8d9b86bf04a9e95b6d41a94f9292dbc0ec342288c05f"
-  "3.4.0":
-    url: "https://github.com/libarchive/libarchive/releases/download/v3.4.0/libarchive-3.4.0.tar.gz"
-    sha256: "8643d50ed40c759f5412a3af4e353cffbce4fdf3b5cf321cb72cacf06b2d825e"
 patches:
   "3.7.3":
     - patch_file: "patches/0001-3.7.3-zlib-winapi.patch"
@@ -73,67 +52,3 @@ patches:
     - patch_file: "patches/0006-3.7.1-fix-msvc-build.patch"
       patch_description: "Fix MSVC build"
       patch_type: "conan"
-  "3.6.2":
-    - patch_file: "patches/0001-3.6.2-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.6.2-cmake.patch"
-      patch_description: "Make CMake build-system compatible with Conan"
-      patch_type: "conan"
-    - patch_file: "patches/0005-3.6.2-try-compile-cmakedeps.patch"
-      patch_description: "Patch try_compile check to work with imported CMake targets from Conan packages"
-      patch_type: "conan"
-    - patch_file: "patches/0006-3.6.2-fix-msvc-build.patch"
-      patch_description: "Fix MSVC build"
-      patch_type: "conan"
-  "3.6.1":
-    - patch_file: "patches/0001-3.6.0-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.6.0-cmake.patch"
-      patch_description: "Make CMake build-system compatible with Conan"
-      patch_type: "conan"
-    - patch_file: "patches/0004-3.6.0-android.patch"
-      patch_description: "Add missing include directory for Android"
-      patch_type: "portability"
-  "3.6.0":
-    - patch_file: "patches/0001-3.6.0-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.6.0-cmake.patch"
-      patch_description: "Make CMake cooperate with Conan"
-      patch_type: "conan"
-    - patch_file: "patches/0004-3.6.0-android.patch"
-      patch_description: "Add missing include directory for Android"
-      patch_type: "portability"
-  "3.5.2":
-    - patch_file: "patches/0001-3.4.3-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.5.2-cmake.patch"
-      patch_description: "Make CMake cooperate with Conan"
-      patch_type: "conan"
-  "3.5.1":
-    - patch_file: "patches/0001-3.4.3-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.5.1-cmake.patch"
-      patch_description: "Make CMake cooperate with Conan"
-      patch_type: "conan"
-  "3.4.3":
-    - patch_file: "patches/0001-3.4.3-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.4.3-cmake.patch"
-      patch_description: "Make CMake cooperate with Conan"
-      patch_type: "conan"
-  "3.4.0":
-    - patch_file: "patches/0001-3.4.0-zlib-winapi.patch"
-      patch_description: "Remove broken ZLIB WINAPI check"
-      patch_type: "portability"
-    - patch_file: "patches/0002-3.4.0-msvc-no-we4061.patch"
-      patch_description: "Remove MSVC compiler warning e4061"
-      patch_type: "portability"
-    - patch_file: "patches/0003-3.4.0-cmake.patch"
-      patch_description: "Make CMake cooperate with Conan"
-      patch_type: "conan"
diff --git a/recipes/libarchive/all/conanfile.py b/recipes/libarchive/all/conanfile.py
@@ -69,8 +69,6 @@ def export_sources(self):
     def config_options(self):
         if self.settings.os == "Windows":
             del self.options.fPIC
-        if Version(self.version) < "3.4.2":
-            del self.options.with_mbedtls
         if Version(self.version) < "3.7.3":
             del self.options.with_pcre2
 
@@ -89,9 +87,9 @@ def requirements(self):
         if self.options.with_bzip2:
             self.requires("bzip2/1.0.8")
         if self.options.with_libxml2:
-            self.requires("libxml2/2.12.3")
+            self.requires("libxml2/2.12.5")
         if self.options.with_expat:
-            self.requires("expat/2.5.0")
+            self.requires("expat/[>=2.6.2 <3]")
         if self.options.with_iconv:
             self.requires("libiconv/1.17")
         if self.options.with_pcreposix:
@@ -158,8 +156,7 @@ def generate(self):
         tc.variables["ENABLE_UNZIP"] = False
         # too strict check
         tc.variables["ENABLE_WERROR"] = False
-        if Version(self.version) >= "3.4.2":
-            tc.variables["ENABLE_MBEDTLS"] = self.options.with_mbedtls
+        tc.variables["ENABLE_MBEDTLS"] = self.options.with_mbedtls
         if Version(self.version) >= "3.7.3":
             tc.variables["ENABLE_PCRE2POSIX"] = self.options.with_pcre2
         tc.variables["ENABLE_XATTR"] = self.options.with_xattr

diff --git a/recipes/libarchive/all/patches/0001-3.4.0-zlib-winapi.patch b/recipes/libarchive/all/patches/0001-3.4.0-zlib-winapi.patch
diff --git a/recipes/libarchive/all/patches/0001-3.4.3-zlib-winapi.patch b/recipes/libarchive/all/patches/0001-3.4.3-zlib-winapi.patch
diff --git a/recipes/libarchive/all/patches/0001-3.6.0-zlib-winapi.patch b/recipes/libarchive/all/patches/0001-3.6.0-zlib-winapi.patch
diff --git a/recipes/libarchive/all/patches/0001-3.6.2-zlib-winapi.patch b/recipes/libarchive/all/patches/0001-3.6.2-zlib-winapi.patch
diff --git a/recipes/libarchive/all/patches/0002-3.4.0-msvc-no-we4061.patch b/recipes/libarchive/all/patches/0002-3.4.0-msvc-no-we4061.patch
diff --git a/recipes/libarchive/all/patches/0003-3.4.0-cmake.patch b/recipes/libarchive/all/patches/0003-3.4.0-cmake.patch