Date: Saturday, March 14, 2015 @ 14:14:34 Author: foutrelis Revision: 129243
upgpkg: librsync 1.0.0-1 - New upstream release. - Fixes CVE-2014-8242: librsync: MD4 collision file corruption (FS#44175). Modified: librsync/trunk/PKGBUILD Deleted: librsync/trunk/lfs-overflow.patch --------------------+ PKGBUILD | 22 ++++++++++---------- lfs-overflow.patch | 55 --------------------------------------------------- 2 files changed, 11 insertions(+), 66 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2015-03-14 13:09:34 UTC (rev 129242) +++ PKGBUILD 2015-03-14 13:14:34 UTC (rev 129243) @@ -4,25 +4,25 @@ # Contributor: Christoph 'delmonico' Neuroth <[email protected]> pkgname=librsync -pkgver=0.9.7 -pkgrel=7 +pkgver=1.0.0 +pkgrel=1 pkgdesc="A free software library that implements the rsync remote-delta algorithm (rdiff)" arch=('i686' 'x86_64') url="http://librsync.sourceforge.net/"; -license=('GPL') +license=('LGPL') depends=('popt' 'zlib' 'bzip2') -source=(http://downloads.sourceforge.net/sourceforge/librsync/$pkgname-$pkgver.tar.gz - lfs-overflow.patch) -sha256sums=('6633e4605662763a03bb6388529cbdfd3b11a9ec55b8845351c1bd9a92bc41d6' - 'bda94f0aa550498673a459326656798b9f327c8687fa924415cf7b08e8fd2f38') +provides=('librsync.so') +source=($pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz) +sha256sums=('2195998516960ce84d93f88ee3bfd92f430a16cdba4b5d34560a39fa13fcafd9') build() { cd "$srcdir/$pkgname-$pkgver" - # Patch for large files (https://bugzilla.redhat.com/show_bug.cgi?id=207940) - patch -Np1 -i "$srcdir/lfs-overflow.patch" - - ./configure --prefix=/usr --mandir=/usr/share/man --enable-shared + ./autogen.sh + ./configure \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --enable-shared make } Deleted: lfs-overflow.patch =================================================================== --- lfs-overflow.patch 2015-03-14 13:09:34 UTC (rev 129242) +++ lfs-overflow.patch 2015-03-14 13:14:34 UTC (rev 129243) @@ -1,55 +0,0 @@ -Files over 4 Gig in size encountered an error resulting in an unsuccessful copy as -per (upstream) Bug Request ID: 1110812. - -The assignment 'len = job->basis_len' sometimes overflows. Made changes so that -assignment is done only when appropriate. - -rs_mdfour variables B and C were observed to overflow their 'int' definition. -This has been changed to 'unsigned int', which is now consistent with like coding -in the openssl package. - ---- librsync-0.9.7/mdfour.h 2004-02-08 00:17:57.000000000 +0100 -+++ librsync-0.9.7/mdfour.h.lfs_overflow 2006-03-10 11:44:10.000000000 +0100 -@@ -1,7 +1,7 @@ - /*= -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- - * - * librsync -- the library for network deltas -- * $Id: mdfour.h,v 1.7 2003/10/17 16:15:21 abo Exp $ -+ * $Id: mdfour.h,v 1.8 2006/03/10 10:44:10 abo Exp $ - * - * Copyright (C) 2000, 2001 by Martin Pool <[email protected]> - * Copyright (C) 2002, 2003 by Donovan Baarda <[email protected]> -@@ -24,7 +24,7 @@ - #include "types.h" - - struct rs_mdfour { -- int A, B, C, D; -+ unsigned int A, B, C, D; - #if HAVE_UINT64 - uint64_t totalN; - #else ---- librsync-0.9.7/patch.c 2004-09-17 23:35:50.000000000 +0200 -+++ librsync-0.9.7/patch.c.lfs_overflow 2006-03-10 11:44:10.000000000 +0100 -@@ -1,7 +1,7 @@ - /*= -*- c-basic-offset: 4; indent-tabs-mode: nil; -*- - * - * librsync -- the library for network deltas -- * $Id: patch.c,v 1.30 2004/09/10 02:48:58 mbp Exp $ -+ * $Id: patch.c,v 1.31 2006/03/10 10:44:10 abo Exp $ - * - * Copyright (C) 2000, 2001 by Martin Pool <[email protected]> - * -@@ -214,12 +214,9 @@ - void *buf, *ptr; - rs_buffers_t *buffs = job->stream; - -- len = job->basis_len; -- - /* copy only as much as will fit in the output buffer, so that we - * don't have to block or store the input. */ -- if (len > buffs->avail_out) -- len = buffs->avail_out; -+ len = (buffs->avail_out < job->basis_len) ? buffs->avail_out : job->basis_len; - - if (!len) - return RS_BLOCKED;
