Memory safety and security fixes

cmcgee1024 · cmcgee1024 · commit 2212cbe31801 · 2024-06-14T08:25:51.000-04:00
Reduce the use of unsafe swift constructs in favour of ones that
are memory safe. In the HTTP client remove the use of the unsafe
mutable pointer in favour of direct Data conversion before writing
the downloaded file to disk.

Upgrade the version of libarchive to 3.7.4, which includes some
security fixes that could have an impact on swiftly.
diff --git a/Sources/SwiftlyCore/HTTPClient.swift b/Sources/SwiftlyCore/HTTPClient.swift
@@ -166,8 +166,9 @@ public struct SwiftlyHTTPClient {
         for try await buffer in response.body {
             receivedBytes += buffer.readableBytes
 
-            try buffer.withUnsafeReadableBytes { bufferPtr in
-                try fileHandle.write(contentsOf: bufferPtr)
+            let byteData = buffer.getData(at: buffer.readerIndex, length: buffer.readableBytes)
+            if let data = byteData {
+                try fileHandle.write(contentsOf: data)
             }
 
             let now = Date()
diff --git a/scripts/install-libarchive.sh b/scripts/install-libarchive.sh
@@ -3,7 +3,7 @@
 set -o errexit
 
 # TODO detect platform
-LIBARCHIVE_VERSION=3.6.1
+LIBARCHIVE_VERSION=3.7.4
 
 mkdir /tmp/archive-build
 pushd /tmp/archive-build
