Date: Friday, April 8, 2022 @ 12:50:56 Author: eworm Revision: 441752
upgpkg: libarchive 3.6.1-1: new upstream release Modified: libarchive/trunk/PKGBUILD Deleted: libarchive/trunk/0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch -----------------------------------------------------------------+ 0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch | 27 ---------- PKGBUILD | 18 +----- 2 files changed, 5 insertions(+), 40 deletions(-) Deleted: 0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch =================================================================== --- 0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch 2022-04-08 12:39:24 UTC (rev 441751) +++ 0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch 2022-04-08 12:50:56 UTC (rev 441752) @@ -1,27 +0,0 @@ -From cfaa28168a07ea4a53276b63068f94fce37d6aff Mon Sep 17 00:00:00 2001 -From: Tim Kientzle <[email protected]> -Date: Thu, 24 Mar 2022 10:35:00 +0100 -Subject: [PATCH 1/1] ZIP reader: fix possible out-of-bounds read in - zipx_lzma_alone_init() - -Fixes #1672 ---- - libarchive/archive_read_support_format_zip.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/libarchive/archive_read_support_format_zip.c b/libarchive/archive_read_support_format_zip.c -index 38ada70b..9d6c900b 100644 ---- a/libarchive/archive_read_support_format_zip.c -+++ b/libarchive/archive_read_support_format_zip.c -@@ -1667,7 +1667,7 @@ zipx_lzma_alone_init(struct archive_read *a, struct zip *zip) - */ - - /* Read magic1,magic2,lzma_params from the ZIPX stream. */ -- if((p = __archive_read_ahead(a, 9, NULL)) == NULL) { -+ if(zip->entry_bytes_remaining < 9 || (p = __archive_read_ahead(a, 9, NULL)) == NULL) { - archive_set_error(&a->archive, ARCHIVE_ERRNO_FILE_FORMAT, - "Truncated lzma data"); - return (ARCHIVE_FATAL); --- -2.35.1 - Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-04-08 12:39:24 UTC (rev 441751) +++ PKGBUILD 2022-04-08 12:50:56 UTC (rev 441752) @@ -2,8 +2,8 @@ # Maintainer: Dan McGee <[email protected]> pkgname=libarchive -pkgver=3.6.0 -pkgrel=2 +pkgver=3.6.1 +pkgrel=1 pkgdesc='Multi-format archive and compression library' arch=('x86_64') url='https://libarchive.org/' @@ -12,18 +12,10 @@ provides=('libarchive.so') options=('debug') validpgpkeys=('A5A45B12AD92D964B89EEE2DEC560C81CEC2276E') # Martin Matuska <[email protected]> -source=("https://github.com/${pkgname}/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"{,.asc} - '0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch') -sha256sums=('df283917799cb88659a5b33c0a598f04352d61936abcd8a48fe7b64e74950de7' - 'SKIP' - 'fb0ccefdce771ac1f19e4d2f991f6ed4201313f55af0dcbb3abb0e7b0f25696e') +source=("https://github.com/${pkgname}/${pkgname}/releases/download/v${pkgver}/${pkgname}-${pkgver}.tar.xz"{,.asc}) +sha256sums=('5a411aceb978f43e626f0c2d1812ddd8807b645ed892453acabd532376c148e6' + 'SKIP') -prepare() { - cd "${pkgname}-${pkgver}" - - patch -Np1 < ../0001-ZIP-reader-fix-possible-out-of-bounds-read-in-zipx_l.patch -} - build() { cd "${pkgname}-${pkgver}"
