[arch-commits] Commit in zziplib/trunk (CVE-2017-5979.patch PKGBUILD)
Levente Polyak
anthraxx at archlinux.org
Fri May 12 19:39:54 UTC 2017
Date: Friday, May 12, 2017 @ 19:39:53
Author: anthraxx
Revision: 295871
upgpkg: zziplib 0.13.66-2 (fix CVE-2017-5979)
Added:
zziplib/trunk/CVE-2017-5979.patch
Modified:
zziplib/trunk/PKGBUILD
---------------------+
CVE-2017-5979.patch | 13 +++++++++++++
PKGBUILD | 18 +++++++++++++++---
2 files changed, 28 insertions(+), 3 deletions(-)
Added: CVE-2017-5979.patch
===================================================================
--- CVE-2017-5979.patch (rev 0)
+++ CVE-2017-5979.patch 2017-05-12 19:39:53 UTC (rev 295871)
@@ -0,0 +1,13 @@
+Index: zziplib-0.13.62/zzip/fseeko.c
+===================================================================
+--- zziplib-0.13.62.orig/zzip/fseeko.c
++++ zziplib-0.13.62/zzip/fseeko.c
+@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk)
+ return 0;
+ /* we read out chunks of 8 KiB in the hope to match disk granularity */
+ ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */
+- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry));
++ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry));
+ if (! entry)
+ return 0;
+ ___ unsigned char *buffer = malloc(pagesize);
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-05-12 18:55:36 UTC (rev 295870)
+++ PKGBUILD 2017-05-12 19:39:53 UTC (rev 295871)
@@ -5,7 +5,7 @@
pkgname=zziplib
pkgver=0.13.66
-pkgrel=1
+pkgrel=2
pkgdesc="A lightweight library that offers the ability to easily extract data from files archived in a single zip file"
arch=('i686' 'x86_64')
url="http://zziplib.sourceforge.net"
@@ -12,9 +12,19 @@
license=('LGPL' 'MPL')
depends=('zlib')
makedepends=('python2' 'xmlto' 'zip')
-source=($pkgname-$pkgver.tar.gz::"https://github.com/gdraheim/zziplib/archive/v$pkgver.tar.gz")
-md5sums=('0990b8e409834b62475b4de901fe3f6a')
+source=($pkgname-$pkgver.tar.gz::"https://github.com/gdraheim/zziplib/archive/v$pkgver.tar.gz"
+ CVE-2017-5979.patch)
+sha256sums=('59b18c7c4ed348ba8d63fa7e194e6b012cd94197265b7a7b3afb539d8206bd7d'
+ '6c649cc35eb040dc9f667faa1484e61fdb8600eccc293d79dca5a3cd8fdb1ee4')
+sha512sums=('893885d85293269fd8ff14d61eaae5f7d07689a16dd9c07c1ae8d46ea2b2f94a13d6aab19670efa7716cafe5e9f8efb1cbc1254bd9e860c836faa35736bdbe20'
+ 'b11e940f6d0d0806e6408a06c465180c5a250449ea837108663049a0f395c2d8b5ff30614fa364a56f2686dd1ee2da120aa47dfb7d80698db43c00ae7a5ebd27')
+prepare() {
+ cd ${pkgname}-${pkgver}
+ # extracted from opensuse
+ patch -p1 < "${srcdir}/CVE-2017-5979.patch"
+}
+
build() {
cd ${pkgname}-${pkgver}
export PYTHON=/usr/bin/python2
@@ -31,3 +41,5 @@
# chmod 644 "${pkgdir}"/usr/share/man/man3/*
chown -R root:root "${pkgdir}/usr/share/man/man3"
}
+
+# vim: set ts=2 sw=2 et:
More information about the arch-commits
mailing list