Re: UPDATE: archivers/libzip 1.2.0 => 1.3.0

Thu, 07 Sep 2017 12:55:42 -0700 


On 09/07/17 09:01, Stuart Henderson wrote:

On 2017/09/03 17:58, Brian Callahan wrote:

Hi ports --

Attached is an update to libzip. One function was added to the library, so
minor bump.

Security:
* CVE-2017-12858: Fix double free().
* CVS-2017-14107: Improve EOCD64 parsing.

Other fixes:
* Improve file progress callback code
* Fix zip_fdopen()

OK?

~Brian

Index: Makefile
===================================================================
RCS file: /cvs/ports/archivers/libzip/Makefile,v
retrieving revision 1.15
diff -u -p -u -p -r1.15 Makefile
--- Makefile    6 Jul 2017 07:57:33 -0000       1.15
+++ Makefile    3 Sep 2017 14:35:11 -0000
@@ -2,9 +2,9 @@
COMMENT= library for reading, creating and modifying zip archives -DISTNAME= libzip-1.2.0 
+DISTNAME=              libzip-1.3.0
  CATEGORIES=           archivers
-SHARED_LIBS +=  zip                  2.0      # 4.0
+SHARED_LIBS +=  zip                  2.1      # 5.0
HOMEPAGE= https://www.nih.at/libzip/ 
  MAINTAINER=           Brian Callahan <bcal...@openbsd.org>
@@ -17,5 +17,6 @@ WANTLIB=              c z
  MASTER_SITES=         ${HOMEPAGE}
CONFIGURE_STYLE= gnu 
+CONFIGURE_ARGS=                --without-bzip2
.include <bsd.port.mk> 
Index: distinfo
===================================================================
RCS file: /cvs/ports/archivers/libzip/distinfo,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 distinfo
--- distinfo    6 Jul 2017 07:57:33 -0000       1.9
+++ distinfo    3 Sep 2017 14:35:11 -0000
@@ -1,2 +1,2 @@
-SHA256 (libzip-1.2.0.tar.gz) = bPmEDkJ9uW6/OTZmVDC6sgTJ670BIMMmRZB37ZyQfZ8=
-SIZE (libzip-1.2.0.tar.gz) = 1514966
+SHA256 (libzip-1.3.0.tar.gz) = qRk1D2g8phlN8KhWaYtHfangZBZmW4g/5PwjwORuY5g=
+SIZE (libzip-1.3.0.tar.gz) = 1544247
Index: patches/patch-src_ziptool_c
===================================================================
RCS file: patches/patch-src_ziptool_c
diff -N patches/patch-src_ziptool_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ziptool_c 3 Sep 2017 14:35:11 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+
+time_t == %lld
+
+Index: src/ziptool.c
+--- src/ziptool.c.orig
++++ src/ziptool.c
+@@ -519,7 +519,7 @@ set_file_mtime(int argc, char *argv[]) {
+     idx = strtoull(argv[0], NULL, 10);
+     mtime = (time_t)strtoull(argv[1], NULL, 10);
+     if (zip_file_set_mtime(za, idx, mtime, 0) < 0) {
+-      fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%ld': 
%s\n", idx, mtime, zip_strerror(za));
++      fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%lld': 
%s\n", idx, mtime, zip_strerror(za));

please cast mtime to (long long)


+       return -1;
+     }
+     return 0;
+@@ -539,7 +539,7 @@ set_file_mtime_all(int argc, char *argv[]) {
+     }
+     for (idx = 0; idx < (zip_uint64_t)num_entries; idx++) {
+       if (zip_file_set_mtime(za, idx, mtime, 0) < 0) {
+-          fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%ld': 
%s\n", idx, mtime, zip_strerror(za));
++          fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%lld': 
%s\n", idx, mtime, zip_strerror(za));
+           return -1;
+       }
+     }

same



Sure. OK?

~Brian


Index: Makefile
===================================================================
RCS file: /cvs/ports/archivers/libzip/Makefile,v
retrieving revision 1.15
diff -u -p -u -p -r1.15 Makefile
--- Makefile	6 Jul 2017 07:57:33 -0000	1.15
+++ Makefile	7 Sep 2017 19:53:09 -0000
@@ -2,9 +2,9 @@
 
 COMMENT=		library for reading, creating and modifying zip archives
 
-DISTNAME=		libzip-1.2.0
+DISTNAME=		libzip-1.3.0
 CATEGORIES=		archivers
-SHARED_LIBS +=  zip                  2.0      # 4.0
+SHARED_LIBS +=  zip                  2.1      # 5.0
 
 HOMEPAGE=		https://www.nih.at/libzip/
 MAINTAINER=		Brian Callahan <bcal...@openbsd.org>
@@ -17,5 +17,6 @@ WANTLIB=		c z
 MASTER_SITES=		${HOMEPAGE}
 
 CONFIGURE_STYLE=	gnu
+CONFIGURE_ARGS=		--without-bzip2
 
 .include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/archivers/libzip/distinfo,v
retrieving revision 1.9
diff -u -p -u -p -r1.9 distinfo
--- distinfo	6 Jul 2017 07:57:33 -0000	1.9
+++ distinfo	7 Sep 2017 19:53:09 -0000
@@ -1,2 +1,2 @@
-SHA256 (libzip-1.2.0.tar.gz) = bPmEDkJ9uW6/OTZmVDC6sgTJ670BIMMmRZB37ZyQfZ8=
-SIZE (libzip-1.2.0.tar.gz) = 1514966
+SHA256 (libzip-1.3.0.tar.gz) = qRk1D2g8phlN8KhWaYtHfangZBZmW4g/5PwjwORuY5g=
+SIZE (libzip-1.3.0.tar.gz) = 1544247
Index: patches/patch-src_ziptool_c
===================================================================
RCS file: patches/patch-src_ziptool_c
diff -N patches/patch-src_ziptool_c
--- /dev/null	1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ziptool_c	7 Sep 2017 19:53:09 -0000
@@ -0,0 +1,25 @@
+$OpenBSD$
+
+time_t == %lld
+
+Index: src/ziptool.c
+--- src/ziptool.c.orig
++++ src/ziptool.c
+@@ -519,7 +519,7 @@ set_file_mtime(int argc, char *argv[]) {
+     idx = strtoull(argv[0], NULL, 10);
+     mtime = (time_t)strtoull(argv[1], NULL, 10);
+     if (zip_file_set_mtime(za, idx, mtime, 0) < 0) {
+-	fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%ld': %s\n", idx, mtime, zip_strerror(za));
++	fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%lld': %s\n", idx, (long long) mtime, zip_strerror(za));
+ 	return -1;
+     }
+     return 0;
+@@ -539,7 +539,7 @@ set_file_mtime_all(int argc, char *argv[]) {
+     }
+     for (idx = 0; idx < (zip_uint64_t)num_entries; idx++) {
+ 	if (zip_file_set_mtime(za, idx, mtime, 0) < 0) {
+-	    fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%ld': %s\n", idx, mtime, zip_strerror(za));
++	    fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%lld': %s\n", idx, (long long) mtime, zip_strerror(za));
+ 	    return -1;
+ 	}
+     }

Reply via email to