summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2019-06-21 00:07:01 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2019-06-21 00:07:01 +0000
commit22470f17986a85112e6604a2d90075058523c826 (patch)
treea90ac93e6c6f4b79a9e6632ec00a3cf6c925b715
parent9e64f0ee62884d880115c912e52bbc8390999ee9 (diff)
downloadpackages-22470f17986a85112e6604a2d90075058523c826.tar.gz
packages-22470f17986a85112e6604a2d90075058523c826.tar.bz2
packages-22470f17986a85112e6604a2d90075058523c826.tar.xz
packages-22470f17986a85112e6604a2d90075058523c826.zip
system/libarchive: sec bump to 3.4.0
-rw-r--r--system/libarchive/APKBUILD13
-rw-r--r--system/libarchive/CVE-2017-14166.patch36
2 files changed, 5 insertions, 44 deletions
diff --git a/system/libarchive/APKBUILD b/system/libarchive/APKBUILD
index 02e845f81..6679a3a6a 100644
--- a/system/libarchive/APKBUILD
+++ b/system/libarchive/APKBUILD
@@ -1,7 +1,7 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=libarchive
-pkgver=3.3.3
+pkgver=3.4.0
pkgrel=0
pkgdesc="Library for creating and reading streaming archives"
url="https://libarchive.org/"
@@ -11,16 +11,15 @@ license="BSD-2-Clause AND BSD-3-Clause AND Public-Domain"
makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev
attr-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
-source="https://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
- seek-error.patch"
-builddir="$srcdir/$pkgname-$pkgver"
+source="https://github.com/libarchive/libarchive/releases/download/v$pkgver/$pkgname-$pkgver.tar.gz
+ seek-error.patch
+ "
# secfixes:
# 3.3.2-r1:
# - CVE-2017-14166
build () {
- cd "$builddir"
./configure \
--build=$CBUILD \
--host=$CHOST \
@@ -38,12 +37,10 @@ build () {
}
check() {
- cd "$builddir"
make check
}
package() {
- cd "$builddir"
make DESTDIR="$pkgdir" install
}
@@ -56,5 +53,5 @@ tools() {
ln -s bsdcpio "$subpkgdir"/usr/bin/cpio
}
-sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz
+sha512sums="2f9e2a551a6bcab56fb1a030b5d656df7299a3d151465aa02f0420d344d2fada49dee4755b3abff9095f62519e14dc9af8afa1695ecc6d5fdb4f0b28e6ede852 libarchive-3.4.0.tar.gz
ff2567f243ba7e9ce20bc4f7fa422a922c5c23049004efdd8f71f29f93ab9be9aadd4c100e8c6dca318442d583fbad9bd6466017a23f83af18b9808c718b9fce seek-error.patch"
diff --git a/system/libarchive/CVE-2017-14166.patch b/system/libarchive/CVE-2017-14166.patch
deleted file mode 100644
index b729ae41e..000000000
--- a/system/libarchive/CVE-2017-14166.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <joerg@bec.de>
-Date: Tue, 5 Sep 2017 18:12:19 +0200
-Subject: [PATCH] Do something sensible for empty strings to make fuzzers
- happy.
-
----
- libarchive/archive_read_support_format_xar.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c
-index 7a22beb9d..93eeacc5e 100644
---- a/libarchive/archive_read_support_format_xar.c
-+++ b/libarchive/archive_read_support_format_xar.c
-@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
- uint64_t l;
- int digit;
-
-+ if (char_cnt == 0)
-+ return (0);
-+
- l = 0;
- digit = *p - '0';
- while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
-@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
- {
- int64_t l;
- int digit;
--
-+
-+ if (char_cnt == 0)
-+ return (0);
-+
- l = 0;
- while (char_cnt-- > 0) {
- if (*p >= '0' && *p <= '7')