| 1 |
commit: b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c |
| 2 |
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Mon Oct 23 23:25:22 2017 +0000 |
| 4 |
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Mon Oct 23 23:25:22 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b4a9cb3e |
| 7 |
|
| 8 |
dev-libs/libzip: Security cleanup, bug #629574 |
| 9 |
|
| 10 |
Package-Manager: Portage-2.3.12, Repoman-2.3.3 |
| 11 |
|
| 12 |
dev-libs/libzip/Manifest | 1 - |
| 13 |
.../libzip/files/libzip-1.2.0-CVE-2017-12858.patch | 37 ------------------- |
| 14 |
.../libzip/files/libzip-1.2.0-CVE-2017-14107.patch | 27 -------------- |
| 15 |
dev-libs/libzip/libzip-1.2.0-r1.ebuild | 40 --------------------- |
| 16 |
dev-libs/libzip/libzip-1.2.0-r2.ebuild | 41 ---------------------- |
| 17 |
dev-libs/libzip/libzip-1.2.0.ebuild | 39 -------------------- |
| 18 |
6 files changed, 185 deletions(-) |
| 19 |
|
| 20 |
diff --git a/dev-libs/libzip/Manifest b/dev-libs/libzip/Manifest |
| 21 |
index 4fd8d312a19..9206b63f7b6 100644 |
| 22 |
--- a/dev-libs/libzip/Manifest |
| 23 |
+++ b/dev-libs/libzip/Manifest |
| 24 |
@@ -1,2 +1 @@ |
| 25 |
-DIST libzip-1.2.0.tar.xz 938284 SHA256 ffc0764395fba3d45dc5a6e32282788854618b9e9838337f8218b596007f1376 SHA512 1ba8626d72e6b47f735568afaf007d1e18beb3ebedf6b69a6b575f9e04d3b84550371191a89be153f8fcedb4a8eac2f996e141da95cdbb52380b6283cc99cf8b WHIRLPOOL 794a462fc4d1529008fccbe6df41c5616b34712ef34721e0cbe555aa12ada7928d22f6e9421de210efdf7b460188a4d6a9a6e53fc0266bcf52d47d6a7e30a5f6 |
| 26 |
DIST libzip-1.3.0.tar.xz 955876 SHA256 aa936efe34911be7acac2ab07fb5c8efa53ed9bb4d44ad1fe8bff19630e0d373 SHA512 8e12a23fe62b993ff4592e1b9da152533a363b0603fc1f65e6cbb6121d4260c45f98171effbccb76dec4030b0fcdcd273919755a2496ab462431646ac83bb900 WHIRLPOOL eca44e4c7e3a09d90f7a9c694de01c97fdc97ce7989bd8ccf9acb8e33e10145f6860c4dd5bb282d2ab0a708d9ddb6b7ecde88bf5276365179057c02f534e182d |
| 27 |
|
| 28 |
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch |
| 29 |
deleted file mode 100644 |
| 30 |
index 26236510fee..00000000000 |
| 31 |
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch |
| 32 |
+++ /dev/null |
| 33 |
@@ -1,37 +0,0 @@ |
| 34 |
-From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001 |
| 35 |
-From: Thomas Klausner <tk@×××××××.at> |
| 36 |
-Date: Mon, 14 Aug 2017 10:55:44 +0200 |
| 37 |
-Subject: [PATCH] Fix double free(). |
| 38 |
- |
| 39 |
-Found by Brian 'geeknik' Carpenter using AFL. |
| 40 |
---- |
| 41 |
- THANKS | 1 + |
| 42 |
- lib/zip_dirent.c | 3 --- |
| 43 |
- 2 files changed, 1 insertion(+), 3 deletions(-) |
| 44 |
- |
| 45 |
-diff --git a/THANKS b/THANKS |
| 46 |
-index be0cca9..a80ee1d 100644 |
| 47 |
---- a/THANKS |
| 48 |
-+++ b/THANKS |
| 49 |
-@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@×××××××.hu> |
| 50 |
- Benjamin Gilbert <bgilbert@××××××××.net> |
| 51 |
- Boaz Stolk <bstolk@×××××.nl> |
| 52 |
- Bogdan <bogiebog@×××××.com> |
| 53 |
-+Brian 'geeknik' Carpenter <geeknik@××××××××××.ch> |
| 54 |
- Chris Nehren <cnehren+libzip@×××××.com> |
| 55 |
- Coverity <info@××××××××.com> |
| 56 |
- Dane Springmeyer <dane.springmeyer@×××××.com> |
| 57 |
-diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c |
| 58 |
-index a369900..e5a7cc9 100644 |
| 59 |
---- a/lib/zip_dirent.c |
| 60 |
-+++ b/lib/zip_dirent.c |
| 61 |
-@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo |
| 62 |
- } |
| 63 |
- |
| 64 |
- if (!_zip_dirent_process_winzip_aes(zde, error)) { |
| 65 |
-- if (!from_buffer) { |
| 66 |
-- _zip_buffer_free(buffer); |
| 67 |
-- } |
| 68 |
- return -1; |
| 69 |
- } |
| 70 |
- |
| 71 |
|
| 72 |
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch |
| 73 |
deleted file mode 100644 |
| 74 |
index 3d1f9a0aabc..00000000000 |
| 75 |
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch |
| 76 |
+++ /dev/null |
| 77 |
@@ -1,27 +0,0 @@ |
| 78 |
-From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 |
| 79 |
-From: Thomas Klausner <tk@×××××××.at> |
| 80 |
-Date: Tue, 29 Aug 2017 10:25:03 +0200 |
| 81 |
-Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. |
| 82 |
- |
| 83 |
---- |
| 84 |
- lib/zip_open.c | 7 ++++++- |
| 85 |
- 1 file changed, 6 insertions(+), 1 deletion(-) |
| 86 |
- |
| 87 |
-diff --git a/lib/zip_open.c b/lib/zip_open.c |
| 88 |
-index 3bd593b..9d3a4cb 100644 |
| 89 |
---- a/lib/zip_open.c |
| 90 |
-+++ b/lib/zip_open.c |
| 91 |
-@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse |
| 92 |
- zip_error_set(error, ZIP_ER_SEEK, EFBIG); |
| 93 |
- return NULL; |
| 94 |
- } |
| 95 |
-- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { |
| 96 |
-+ if (offset+size > buf_offset + eocd_offset) { |
| 97 |
-+ /* cdir spans past EOCD record */ |
| 98 |
-+ zip_error_set(error, ZIP_ER_INCONS, 0); |
| 99 |
-+ return NULL; |
| 100 |
-+ } |
| 101 |
-+ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { |
| 102 |
- zip_error_set(error, ZIP_ER_INCONS, 0); |
| 103 |
- return NULL; |
| 104 |
- } |
| 105 |
|
| 106 |
diff --git a/dev-libs/libzip/libzip-1.2.0-r1.ebuild b/dev-libs/libzip/libzip-1.2.0-r1.ebuild |
| 107 |
deleted file mode 100644 |
| 108 |
index 61f933dcd36..00000000000 |
| 109 |
--- a/dev-libs/libzip/libzip-1.2.0-r1.ebuild |
| 110 |
+++ /dev/null |
| 111 |
@@ -1,40 +0,0 @@ |
| 112 |
-# Copyright 1999-2017 Gentoo Foundation |
| 113 |
-# Distributed under the terms of the GNU General Public License v2 |
| 114 |
- |
| 115 |
-EAPI=6 |
| 116 |
- |
| 117 |
-inherit autotools |
| 118 |
- |
| 119 |
-DESCRIPTION="Library for manipulating zip archives" |
| 120 |
-HOMEPAGE="http://www.nih.at/libzip/" |
| 121 |
-SRC_URI="http://www.nih.at/libzip/${P}.tar.xz" |
| 122 |
- |
| 123 |
-LICENSE="BSD" |
| 124 |
-SLOT="0/5" |
| 125 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
| 126 |
-IUSE="static-libs" |
| 127 |
- |
| 128 |
-RDEPEND=" |
| 129 |
- sys-libs/zlib |
| 130 |
- elibc_musl? ( sys-libs/fts-standalone ) |
| 131 |
-" |
| 132 |
-DEPEND="${RDEPEND}" |
| 133 |
- |
| 134 |
-DOCS=( AUTHORS NEWS.md API-CHANGES THANKS ) |
| 135 |
- |
| 136 |
-PATCHES=( |
| 137 |
- "${FILESDIR}/${P}-headers.patch" |
| 138 |
- "${FILESDIR}/${P}-fts.patch" |
| 139 |
- "${FILESDIR}/${P}-CVE-2017-12858.patch" |
| 140 |
-) |
| 141 |
- |
| 142 |
-src_prepare() { |
| 143 |
- default |
| 144 |
- eautoreconf |
| 145 |
-} |
| 146 |
- |
| 147 |
-src_install() { |
| 148 |
- default |
| 149 |
- use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die |
| 150 |
- find "${D}" -name '*.la' -delete || die |
| 151 |
-} |
| 152 |
|
| 153 |
diff --git a/dev-libs/libzip/libzip-1.2.0-r2.ebuild b/dev-libs/libzip/libzip-1.2.0-r2.ebuild |
| 154 |
deleted file mode 100644 |
| 155 |
index 524782f42c3..00000000000 |
| 156 |
--- a/dev-libs/libzip/libzip-1.2.0-r2.ebuild |
| 157 |
+++ /dev/null |
| 158 |
@@ -1,41 +0,0 @@ |
| 159 |
-# Copyright 1999-2017 Gentoo Foundation |
| 160 |
-# Distributed under the terms of the GNU General Public License v2 |
| 161 |
- |
| 162 |
-EAPI=6 |
| 163 |
- |
| 164 |
-inherit autotools |
| 165 |
- |
| 166 |
-DESCRIPTION="Library for manipulating zip archives" |
| 167 |
-HOMEPAGE="https://nih.at/libzip/" |
| 168 |
-SRC_URI="https://www.nih.at/libzip/${P}.tar.xz" |
| 169 |
- |
| 170 |
-LICENSE="BSD" |
| 171 |
-SLOT="0/5" |
| 172 |
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
| 173 |
-IUSE="static-libs" |
| 174 |
- |
| 175 |
-RDEPEND=" |
| 176 |
- sys-libs/zlib |
| 177 |
- elibc_musl? ( sys-libs/fts-standalone ) |
| 178 |
-" |
| 179 |
-DEPEND="${RDEPEND}" |
| 180 |
- |
| 181 |
-DOCS=( AUTHORS NEWS.md API-CHANGES THANKS ) |
| 182 |
- |
| 183 |
-PATCHES=( |
| 184 |
- "${FILESDIR}/${P}-headers.patch" |
| 185 |
- "${FILESDIR}/${P}-fts.patch" |
| 186 |
- "${FILESDIR}/${P}-CVE-2017-12858.patch" |
| 187 |
- "${FILESDIR}/${P}-CVE-2017-14107.patch" |
| 188 |
-) |
| 189 |
- |
| 190 |
-src_prepare() { |
| 191 |
- default |
| 192 |
- eautoreconf |
| 193 |
-} |
| 194 |
- |
| 195 |
-src_install() { |
| 196 |
- default |
| 197 |
- use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die |
| 198 |
- find "${D}" -name '*.la' -delete || die |
| 199 |
-} |
| 200 |
|
| 201 |
diff --git a/dev-libs/libzip/libzip-1.2.0.ebuild b/dev-libs/libzip/libzip-1.2.0.ebuild |
| 202 |
deleted file mode 100644 |
| 203 |
index d51ce765081..00000000000 |
| 204 |
--- a/dev-libs/libzip/libzip-1.2.0.ebuild |
| 205 |
+++ /dev/null |
| 206 |
@@ -1,39 +0,0 @@ |
| 207 |
-# Copyright 1999-2017 Gentoo Foundation |
| 208 |
-# Distributed under the terms of the GNU General Public License v2 |
| 209 |
- |
| 210 |
-EAPI=6 |
| 211 |
- |
| 212 |
-inherit autotools |
| 213 |
- |
| 214 |
-DESCRIPTION="Library for manipulating zip archives" |
| 215 |
-HOMEPAGE="http://www.nih.at/libzip/" |
| 216 |
-SRC_URI="http://www.nih.at/libzip/${P}.tar.xz" |
| 217 |
- |
| 218 |
-LICENSE="BSD" |
| 219 |
-SLOT="0/5" |
| 220 |
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" |
| 221 |
-IUSE="static-libs" |
| 222 |
- |
| 223 |
-RDEPEND=" |
| 224 |
- sys-libs/zlib |
| 225 |
- elibc_musl? ( sys-libs/fts-standalone ) |
| 226 |
-" |
| 227 |
-DEPEND="${RDEPEND}" |
| 228 |
- |
| 229 |
-DOCS=( AUTHORS NEWS.md API-CHANGES THANKS ) |
| 230 |
- |
| 231 |
-PATCHES=( |
| 232 |
- "${FILESDIR}/${P}-headers.patch" |
| 233 |
- "${FILESDIR}/${P}-fts.patch" |
| 234 |
-) |
| 235 |
- |
| 236 |
-src_prepare() { |
| 237 |
- default |
| 238 |
- eautoreconf |
| 239 |
-} |
| 240 |
- |
| 241 |
-src_install() { |
| 242 |
- default |
| 243 |
- use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die |
| 244 |
- find "${D}" -name '*.la' -delete || die |
| 245 |
-} |
Archives