[arch-commits] Commit in zziplib/trunk (CVE-2017-5979.patch PKGBUILD)

[Antonio Rojas]

    Date: Saturday, July 29, 2017 @ 11:29:12
  Author: arojas
Revision: 301393

Update to 0.13.67

Modified:
  zziplib/trunk/PKGBUILD
Deleted:
  zziplib/trunk/CVE-2017-5979.patch

---------------------+
 CVE-2017-5979.patch |   13 -------------
 PKGBUILD            |   19 +++++--------------
 2 files changed, 5 insertions(+), 27 deletions(-)

Deleted: CVE-2017-5979.patch
===================================================================
--- CVE-2017-5979.patch	2017-07-29 11:26:12 UTC (rev 301392)
+++ CVE-2017-5979.patch	2017-07-29 11:29:12 UTC (rev 301393)
@@ -1,13 +0,0 @@
-Index: zziplib-0.13.62/zzip/fseeko.c
-===================================================================
---- zziplib-0.13.62.orig/zzip/fseeko.c
-+++ zziplib-0.13.62/zzip/fseeko.c
-@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
-         return 0;
-     /* we read out chunks of 8 KiB in the hope to match disk granularity */
-     ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
--    ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
-+    ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
-     if (! entry)
-         return 0;
-     ___ unsigned char *buffer = malloc(pagesize);

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2017-07-29 11:26:12 UTC (rev 301392)
+++ PKGBUILD	2017-07-29 11:29:12 UTC (rev 301393)
@@ -4,8 +4,8 @@
 # Contributor: Roman Kyrylych <Roman.Kyrylych at gmail.com>
 
 pkgname=zziplib
-pkgver=0.13.66
-pkgrel=2
+pkgver=0.13.67
+pkgrel=1
 pkgdesc="A lightweight library that offers the ability to easily extract data from files archived in a single zip file"
 arch=('i686' 'x86_64')
 url="http://zziplib.sourceforge.net"
@@ -12,19 +12,10 @@
 license=('LGPL' 'MPL')
 depends=('zlib')
 makedepends=('python2' 'xmlto' 'zip')
-source=($pkgname-$pkgver.tar.gz::"https://github.com/gdraheim/zziplib/archive/v$pkgver.tar.gz"
-        CVE-2017-5979.patch)
-sha256sums=('59b18c7c4ed348ba8d63fa7e194e6b012cd94197265b7a7b3afb539d8206bd7d'
-            '6c649cc35eb040dc9f667faa1484e61fdb8600eccc293d79dca5a3cd8fdb1ee4')
-sha512sums=('893885d85293269fd8ff14d61eaae5f7d07689a16dd9c07c1ae8d46ea2b2f94a13d6aab19670efa7716cafe5e9f8efb1cbc1254bd9e860c836faa35736bdbe20'
-            'b11e940f6d0d0806e6408a06c465180c5a250449ea837108663049a0f395c2d8b5ff30614fa364a56f2686dd1ee2da120aa47dfb7d80698db43c00ae7a5ebd27')
+source=($pkgname-$pkgver.tar.gz::"https://github.com/gdraheim/zziplib/archive/v$pkgver.tar.gz")
+sha256sums=('1278178bdabac832da6bbf161033d890d335a2e38493c5af553ff5ce7b9b0220')
+sha512sums=('a34b801a18a2051aa3898a572508ffd327521b69878413af679b10f6a68b37e770651884ae611bf9c01ce14013c6a1e06adeadd3ef6219d4b9278f1b9e7a6459')
 
-prepare() {
-  cd ${pkgname}-${pkgver}
-  # extracted from opensuse
-  patch -p1 < "${srcdir}/CVE-2017-5979.patch"
-}
-
 build() {
   cd ${pkgname}-${pkgver}
   export PYTHON=/usr/bin/python2