Page MenuHomeSolus
Files F11038518

D882.id1988.diff
No OneTemporary
Actions

D882.id1988.diff
View Options

diff --git a/abi_symbols b/abi_symbols
--- a/abi_symbols
+++ b/abi_symbols
@@ -1,97 +1,100 @@
-libzip.so.4:zip_add
-libzip.so.4:zip_add_dir
-libzip.so.4:zip_archive_set_tempdir
-libzip.so.4:zip_close
-libzip.so.4:zip_delete
-libzip.so.4:zip_dir_add
-libzip.so.4:zip_discard
-libzip.so.4:zip_error_clear
-libzip.so.4:zip_error_code_system
-libzip.so.4:zip_error_code_zip
-libzip.so.4:zip_error_fini
-libzip.so.4:zip_error_get
-libzip.so.4:zip_error_get_sys_type
-libzip.so.4:zip_error_init
-libzip.so.4:zip_error_init_with_code
-libzip.so.4:zip_error_set
-libzip.so.4:zip_error_strerror
-libzip.so.4:zip_error_system_type
-libzip.so.4:zip_error_to_data
-libzip.so.4:zip_error_to_str
-libzip.so.4:zip_fclose
-libzip.so.4:zip_fdopen
-libzip.so.4:zip_file_add
-libzip.so.4:zip_file_error_clear
-libzip.so.4:zip_file_error_get
-libzip.so.4:zip_file_extra_field_delete
-libzip.so.4:zip_file_extra_field_delete_by_id
-libzip.so.4:zip_file_extra_field_get
-libzip.so.4:zip_file_extra_field_get_by_id
-libzip.so.4:zip_file_extra_field_set
-libzip.so.4:zip_file_extra_fields_count
-libzip.so.4:zip_file_extra_fields_count_by_id
-libzip.so.4:zip_file_get_comment
-libzip.so.4:zip_file_get_error
-libzip.so.4:zip_file_get_external_attributes
-libzip.so.4:zip_file_rename
-libzip.so.4:zip_file_replace
-libzip.so.4:zip_file_set_comment
-libzip.so.4:zip_file_set_external_attributes
-libzip.so.4:zip_file_set_mtime
-libzip.so.4:zip_file_strerror
-libzip.so.4:zip_fopen
-libzip.so.4:zip_fopen_encrypted
-libzip.so.4:zip_fopen_index
-libzip.so.4:zip_fopen_index_encrypted
-libzip.so.4:zip_fread
-libzip.so.4:zip_get_archive_comment
-libzip.so.4:zip_get_archive_flag
-libzip.so.4:zip_get_error
-libzip.so.4:zip_get_file_comment
-libzip.so.4:zip_get_name
-libzip.so.4:zip_get_num_entries
-libzip.so.4:zip_get_num_files
-libzip.so.4:zip_name_locate
-libzip.so.4:zip_open
-libzip.so.4:zip_open_from_source
-libzip.so.4:zip_rename
-libzip.so.4:zip_replace
-libzip.so.4:zip_set_archive_comment
-libzip.so.4:zip_set_archive_flag
-libzip.so.4:zip_set_default_password
-libzip.so.4:zip_set_file_comment
-libzip.so.4:zip_set_file_compression
-libzip.so.4:zip_source_begin_write
-libzip.so.4:zip_source_buffer
-libzip.so.4:zip_source_buffer_create
-libzip.so.4:zip_source_close
-libzip.so.4:zip_source_commit_write
-libzip.so.4:zip_source_error
-libzip.so.4:zip_source_file
-libzip.so.4:zip_source_file_create
-libzip.so.4:zip_source_filep
-libzip.so.4:zip_source_filep_create
-libzip.so.4:zip_source_free
-libzip.so.4:zip_source_function
-libzip.so.4:zip_source_function_create
-libzip.so.4:zip_source_is_deleted
-libzip.so.4:zip_source_keep
-libzip.so.4:zip_source_make_command_bitmap
-libzip.so.4:zip_source_open
-libzip.so.4:zip_source_read
-libzip.so.4:zip_source_rollback_write
-libzip.so.4:zip_source_seek
-libzip.so.4:zip_source_seek_compute_offset
-libzip.so.4:zip_source_seek_write
-libzip.so.4:zip_source_stat
-libzip.so.4:zip_source_tell
-libzip.so.4:zip_source_tell_write
-libzip.so.4:zip_source_write
-libzip.so.4:zip_source_zip
-libzip.so.4:zip_stat
-libzip.so.4:zip_stat_index
-libzip.so.4:zip_stat_init
-libzip.so.4:zip_strerror
-libzip.so.4:zip_unchange
-libzip.so.4:zip_unchange_all
-libzip.so.4:zip_unchange_archive
+libzip.so.5:zip_add
+libzip.so.5:zip_add_dir
+libzip.so.5:zip_close
+libzip.so.5:zip_delete
+libzip.so.5:zip_dir_add
+libzip.so.5:zip_discard
+libzip.so.5:zip_error_clear
+libzip.so.5:zip_error_code_system
+libzip.so.5:zip_error_code_zip
+libzip.so.5:zip_error_fini
+libzip.so.5:zip_error_get
+libzip.so.5:zip_error_get_sys_type
+libzip.so.5:zip_error_init
+libzip.so.5:zip_error_init_with_code
+libzip.so.5:zip_error_set
+libzip.so.5:zip_error_strerror
+libzip.so.5:zip_error_system_type
+libzip.so.5:zip_error_to_data
+libzip.so.5:zip_error_to_str
+libzip.so.5:zip_fclose
+libzip.so.5:zip_fdopen
+libzip.so.5:zip_file_add
+libzip.so.5:zip_file_error_clear
+libzip.so.5:zip_file_error_get
+libzip.so.5:zip_file_extra_field_delete
+libzip.so.5:zip_file_extra_field_delete_by_id
+libzip.so.5:zip_file_extra_field_get
+libzip.so.5:zip_file_extra_field_get_by_id
+libzip.so.5:zip_file_extra_field_set
+libzip.so.5:zip_file_extra_fields_count
+libzip.so.5:zip_file_extra_fields_count_by_id
+libzip.so.5:zip_file_get_comment
+libzip.so.5:zip_file_get_error
+libzip.so.5:zip_file_get_external_attributes
+libzip.so.5:zip_file_rename
+libzip.so.5:zip_file_replace
+libzip.so.5:zip_file_set_comment
+libzip.so.5:zip_file_set_encryption
+libzip.so.5:zip_file_set_external_attributes
+libzip.so.5:zip_file_set_mtime
+libzip.so.5:zip_file_strerror
+libzip.so.5:zip_fopen
+libzip.so.5:zip_fopen_encrypted
+libzip.so.5:zip_fopen_index
+libzip.so.5:zip_fopen_index_encrypted
+libzip.so.5:zip_fread
+libzip.so.5:zip_fseek
+libzip.so.5:zip_ftell
+libzip.so.5:zip_get_archive_comment
+libzip.so.5:zip_get_archive_flag
+libzip.so.5:zip_get_error
+libzip.so.5:zip_get_file_comment
+libzip.so.5:zip_get_name
+libzip.so.5:zip_get_num_entries
+libzip.so.5:zip_get_num_files
+libzip.so.5:zip_name_locate
+libzip.so.5:zip_open
+libzip.so.5:zip_open_from_source
+libzip.so.5:zip_register_progress_callback
+libzip.so.5:zip_rename
+libzip.so.5:zip_replace
+libzip.so.5:zip_set_archive_comment
+libzip.so.5:zip_set_archive_flag
+libzip.so.5:zip_set_default_password
+libzip.so.5:zip_set_file_comment
+libzip.so.5:zip_set_file_compression
+libzip.so.5:zip_source_begin_write
+libzip.so.5:zip_source_buffer
+libzip.so.5:zip_source_buffer_create
+libzip.so.5:zip_source_close
+libzip.so.5:zip_source_commit_write
+libzip.so.5:zip_source_error
+libzip.so.5:zip_source_file
+libzip.so.5:zip_source_file_create
+libzip.so.5:zip_source_filep
+libzip.so.5:zip_source_filep_create
+libzip.so.5:zip_source_free
+libzip.so.5:zip_source_function
+libzip.so.5:zip_source_function_create
+libzip.so.5:zip_source_is_deleted
+libzip.so.5:zip_source_keep
+libzip.so.5:zip_source_make_command_bitmap
+libzip.so.5:zip_source_open
+libzip.so.5:zip_source_read
+libzip.so.5:zip_source_rollback_write
+libzip.so.5:zip_source_seek
+libzip.so.5:zip_source_seek_compute_offset
+libzip.so.5:zip_source_seek_write
+libzip.so.5:zip_source_stat
+libzip.so.5:zip_source_tell
+libzip.so.5:zip_source_tell_write
+libzip.so.5:zip_source_write
+libzip.so.5:zip_source_zip
+libzip.so.5:zip_stat
+libzip.so.5:zip_stat_index
+libzip.so.5:zip_stat_init
+libzip.so.5:zip_strerror
+libzip.so.5:zip_unchange
+libzip.so.5:zip_unchange_all
+libzip.so.5:zip_unchange_archive
diff --git a/files/security/CVE-2017-12858.patch b/files/security/CVE-2017-12858.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2017-12858.patch
@@ -0,0 +1,38 @@
+From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <tk@giga.or.at>
+Date: Mon, 14 Aug 2017 10:55:44 +0200
+Subject: [PATCH] Fix double free().
+
+Found by Brian 'geeknik' Carpenter using AFL.
+---
+ THANKS | 1 +
+ lib/zip_dirent.c | 3 ---
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/THANKS b/THANKS
+index be0cca9..a80ee1d 100644
+--- a/THANKS
++++ b/THANKS
+@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
+ Benjamin Gilbert <bgilbert@backtick.net>
+ Boaz Stolk <bstolk@aweta.nl>
+ Bogdan <bogiebog@gmail.com>
++Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
+ Chris Nehren <cnehren+libzip@pobox.com>
+ Coverity <info@coverity.com>
+ Dane Springmeyer <dane.springmeyer@gmail.com>
+diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
+index a369900..e5a7cc9 100644
+--- a/lib/zip_dirent.c
++++ b/lib/zip_dirent.c
+@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
+ }
+
+ if (!_zip_dirent_process_winzip_aes(zde, error)) {
+- if (!from_buffer) {
+- _zip_buffer_free(buffer);
+- }
+ return -1;
+ }
+
+
diff --git a/package.yml b/package.yml
--- a/package.yml
+++ b/package.yml
@@ -1,8 +1,8 @@
name : libzip
-version : 1.1.3
-release : 4
+version : 1.2.0
+release : 5
source :
- - http://www.nih.at/libzip/libzip-1.1.3.tar.xz : 729a295a59a9fd6e5b9fe9fd291d36ae391a9d2be0b0824510a214cfaa05ceee
+ - https://nih.at/libzip/libzip-1.2.0.tar.xz : ffc0764395fba3d45dc5a6e32282788854618b9e9838337f8218b596007f1376
license : BSD
component : programming
summary : libzip is a C library for reading, creating, and modifying zip archives.
@@ -11,6 +11,7 @@
builddeps :
- pkgconfig(zlib)
setup : |
+ %patch -p1 < $pkgfiles/security/CVE-2017-12858.patch
%configure --disable-static
build : |
%make
@@ -18,3 +19,5 @@
%make_install
mv $installdir/%libdir%/libzip/include/zipconf.h $installdir/usr/include/
rm -rf $installdir/%libdir%/libzip
+check : |
+ %make check
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
--- a/pspec_x86_64.xml
+++ b/pspec_x86_64.xml
@@ -2,8 +2,8 @@
<Source>
<Name>libzip</Name>
<Packager>
- <Name>Joshua Strobl</Name>
- <Email>joshua@stroblindustries.com</Email>
+ <Name>Pierre-Yves</Name>
+ <Email>pyu@riseup.net</Email>
</Packager>
<License>BSD</License>
<PartOf>programming</PartOf>
@@ -31,7 +31,7 @@
</Description>
<PartOf>programming.devel</PartOf>
<RuntimeDependencies>
- <Dependency release="4">libzip</Dependency>
+ <Dependency release="5">libzip</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="header">/usr/include/</Path>
@@ -40,12 +40,12 @@
</Files>
</Package>
<History>
- <Update release="4">
- <Date>2016-08-06</Date>
- <Version>1.1.3</Version>
+ <Update release="5">
+ <Date>2017-08-29</Date>
+ <Version>1.2.0</Version>
<Comment>Packaging update</Comment>
- <Name>Joshua Strobl</Name>
- <Email>joshua@stroblindustries.com</Email>
+ <Name>Pierre-Yves</Name>
+ <Email>pyu@riseup.net</Email>
</Update>
</History>
</PISI>
\ No newline at end of file

File Metadata

Mime Type
text/plain
Expires
Thu, Aug 10, 11:01 PM (1 d, 4 h ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5822025
Default Alt Text
D882.id1988.diff (9 KB)

Event Timeline

Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.