From 22470f17986a85112e6604a2d90075058523c826 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Fri, 21 Jun 2019 00:07:01 +0000 Subject: system/libarchive: sec bump to 3.4.0 --- system/libarchive/APKBUILD | 13 +++++------- system/libarchive/CVE-2017-14166.patch | 36 ---------------------------------- 2 files changed, 5 insertions(+), 44 deletions(-) delete mode 100644 system/libarchive/CVE-2017-14166.patch (limited to 'system') diff --git a/system/libarchive/APKBUILD b/system/libarchive/APKBUILD index 02e845f81..6679a3a6a 100644 --- a/system/libarchive/APKBUILD +++ b/system/libarchive/APKBUILD @@ -1,7 +1,7 @@ # Contributor: Sergei Lukin # Maintainer: A. Wilcox pkgname=libarchive -pkgver=3.3.3 +pkgver=3.4.0 pkgrel=0 pkgdesc="Library for creating and reading streaming archives" url="https://libarchive.org/" @@ -11,16 +11,15 @@ license="BSD-2-Clause AND BSD-3-Clause AND Public-Domain" makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev openssl-dev expat-dev attr-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" -source="https://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz - seek-error.patch" -builddir="$srcdir/$pkgname-$pkgver" +source="https://github.com/libarchive/libarchive/releases/download/v$pkgver/$pkgname-$pkgver.tar.gz + seek-error.patch + " # secfixes: # 3.3.2-r1: # - CVE-2017-14166 build () { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ @@ -38,12 +37,10 @@ build () { } check() { - cd "$builddir" make check } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } @@ -56,5 +53,5 @@ tools() { ln -s bsdcpio "$subpkgdir"/usr/bin/cpio } -sha512sums="9d12b47d6976efa9f98e62c25d8b85fd745d4e9ca7b7e6d36bfe095dfe5c4db017d4e785d110f3758f5938dad6f1a1b009267fd7e82cb7212e93e1aea237bab7 libarchive-3.3.3.tar.gz +sha512sums="2f9e2a551a6bcab56fb1a030b5d656df7299a3d151465aa02f0420d344d2fada49dee4755b3abff9095f62519e14dc9af8afa1695ecc6d5fdb4f0b28e6ede852 libarchive-3.4.0.tar.gz ff2567f243ba7e9ce20bc4f7fa422a922c5c23049004efdd8f71f29f93ab9be9aadd4c100e8c6dca318442d583fbad9bd6466017a23f83af18b9808c718b9fce seek-error.patch" diff --git a/system/libarchive/CVE-2017-14166.patch b/system/libarchive/CVE-2017-14166.patch deleted file mode 100644 index b729ae41e..000000000 --- a/system/libarchive/CVE-2017-14166.patch +++ /dev/null @@ -1,36 +0,0 @@ -From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001 -From: Joerg Sonnenberger -Date: Tue, 5 Sep 2017 18:12:19 +0200 -Subject: [PATCH] Do something sensible for empty strings to make fuzzers - happy. - ---- - libarchive/archive_read_support_format_xar.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/libarchive/archive_read_support_format_xar.c b/libarchive/archive_read_support_format_xar.c -index 7a22beb9d..93eeacc5e 100644 ---- a/libarchive/archive_read_support_format_xar.c -+++ b/libarchive/archive_read_support_format_xar.c -@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt) - uint64_t l; - int digit; - -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - digit = *p - '0'; - while (digit >= 0 && digit < 10 && char_cnt-- > 0) { -@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt) - { - int64_t l; - int digit; -- -+ -+ if (char_cnt == 0) -+ return (0); -+ - l = 0; - while (char_cnt-- > 0) { - if (*p >= '0' && *p <= '7') -- cgit v1.2.3-60-g2f50