Bug#1051322: libarchive: Use native order of the files in ISO images

Wed, 06 Sep 2023 01:24:15 -0700 

Package: libarchive13
Version: 3.6.2-1
Severity: normal
Tags: patch

Hello maintainers of libarchive,

While building the Debian Live ISO images, I've seen that the output of 'bsdtar
-tf myfile.ISO' has a reordering of the hardlinks and symlinks that are inside
the ISO image [1].

At [1] I've provided a minimal example to generate 2 ISO files with a small
difference.
With 'bsdtar -tf filename' it can be seen that the linked files are not
processed in the native order in the ISO file.
For comparison, 'isoinfo' outputs the files in the native order.

I've traced it down to a key collision issue and provide a patch.
For a 100% solution, it would need a 128-bit key, but I didn't want to walk
that road, given the current size of ISO images.

If you prefer it, I can also generate a MR.

With kind regards,
Roland Clobus

[1] https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/350


-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.4.0-3-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libarchive13 depends on:
ii  libacl1     2.3.1-3
ii  libbz2-1.0  1.0.8-5+b1
ii  libc6       2.37-7
ii  liblz4-1    1.9.4-1
ii  liblzma5    5.4.4-0.1
ii  libnettle8  3.9.1-2
ii  libxml2     2.9.14+dfsg-1.3
ii  libzstd1    1.5.5+dfsg2-1
ii  zlib1g      1:1.2.13.dfsg-3

libarchive13 recommends no packages.

Versions of packages libarchive13 suggests:
pn  lrzip  <none>

-- no debconf information

diff --git a/libarchive/archive_read_support_format_iso9660.c 
b/libarchive/archive_read_support_format_iso9660.c
index 33bf330c..1690b800 100644
--- a/libarchive/archive_read_support_format_iso9660.c
+++ b/libarchive/archive_read_support_format_iso9660.c
@@ -3015,6 +3015,11 @@ heap_add_entry(struct archive_read *a, struct heap_queue 
*heap,
        uint64_t file_key, parent_key;
        int hole, parent;
 
+       /* Reserve 16 bits for possible key collisions (needed for linked 
items) */
+       /* For ISO files with more than 65535 entries, reordering will still 
occur */
+       key <<= 16;
+       key += heap->used & 0xFFFF;
+
        /* Expand our pending files list as necessary. */
        if (heap->used >= heap->allocated) {
                struct file_info **new_pending_files;

Reply via email to