On 2017/09/03 17:58, Brian Callahan wrote:
> Hi ports --
>
> Attached is an update to libzip. One function was added to the library, so
> minor bump.
>
> Security:
> * CVE-2017-12858: Fix double free().
> * CVS-2017-14107: Improve EOCD64 parsing.
>
> Other fixes:
> * Improve file progress callback code
> * Fix zip_fdopen()
>
> OK?
>
> ~Brian
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/archivers/libzip/Makefile,v
> retrieving revision 1.15
> diff -u -p -u -p -r1.15 Makefile
> --- Makefile 6 Jul 2017 07:57:33 -0000 1.15
> +++ Makefile 3 Sep 2017 14:35:11 -0000
> @@ -2,9 +2,9 @@
>
> COMMENT= library for reading, creating and modifying zip archives
>
> -DISTNAME= libzip-1.2.0
> +DISTNAME= libzip-1.3.0
> CATEGORIES= archivers
> -SHARED_LIBS += zip 2.0 # 4.0
> +SHARED_LIBS += zip 2.1 # 5.0
>
> HOMEPAGE= https://www.nih.at/libzip/
> MAINTAINER= Brian Callahan <bcallah@openbsd.org>
> @@ -17,5 +17,6 @@ WANTLIB= c z
> MASTER_SITES= ${HOMEPAGE}
>
> CONFIGURE_STYLE= gnu
> +CONFIGURE_ARGS= --without-bzip2
>
> .include <bsd.port.mk>
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/archivers/libzip/distinfo,v
> retrieving revision 1.9
> diff -u -p -u -p -r1.9 distinfo
> --- distinfo 6 Jul 2017 07:57:33 -0000 1.9
> +++ distinfo 3 Sep 2017 14:35:11 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (libzip-1.2.0.tar.gz) = bPmEDkJ9uW6/OTZmVDC6sgTJ670BIMMmRZB37ZyQfZ8=
> -SIZE (libzip-1.2.0.tar.gz) = 1514966
> +SHA256 (libzip-1.3.0.tar.gz) = qRk1D2g8phlN8KhWaYtHfangZBZmW4g/5PwjwORuY5g=
> +SIZE (libzip-1.3.0.tar.gz) = 1544247
> Index: patches/patch-src_ziptool_c
> ===================================================================
> RCS file: patches/patch-src_ziptool_c
> diff -N patches/patch-src_ziptool_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_ziptool_c 3 Sep 2017 14:35:11 -0000
> @@ -0,0 +1,25 @@
> +$OpenBSD$
> +
> +time_t == %lld
> +
> +Index: src/ziptool.c
> +--- src/ziptool.c.orig
> ++++ src/ziptool.c
> +@@ -519,7 +519,7 @@ set_file_mtime(int argc, char *argv[]) {
> + idx = strtoull(argv[0], NULL, 10);
> + mtime = (time_t)strtoull(argv[1], NULL, 10);
> + if (zip_file_set_mtime(za, idx, mtime, 0) < 0) {
> +- fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%ld': %s\n", idx, mtime, zip_strerror(za));
> ++ fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%lld': %s\n", idx, mtime, zip_strerror(za));
please cast mtime to (long long)
> + return -1;
> + }
> + return 0;
> +@@ -539,7 +539,7 @@ set_file_mtime_all(int argc, char *argv[]) {
> + }
> + for (idx = 0; idx < (zip_uint64_t)num_entries; idx++) {
> + if (zip_file_set_mtime(za, idx, mtime, 0) < 0) {
> +- fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%ld': %s\n", idx, mtime, zip_strerror(za));
> ++ fprintf(stderr, "can't set file mtime at index '%" PRIu64 "' to '%lld': %s\n", idx, mtime, zip_strerror(za));
> + return -1;
> + }
> + }
same
No comments:
Post a Comment