* [PR PATCH] zziplib: update to 0.13.70.
@ 2020-04-14 17:21 mobinmob
2020-04-14 17:24 ` xtraeme
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 17:21 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 479 bytes --]
There is a new pull request by mobinmob against master on the void-packages repository
https://github.com/mobinmob/void-packages zziplib
https://github.com/void-linux/void-packages/pull/20984
zziplib: update to 0.13.70.
- Use cmake (per upstream recomendation).
- Do not build static libs (upstream default).
- Do not build docs (seems the python scripts are broken).
- Use python3.
A patch file from https://github.com/void-linux/void-packages/pull/20984.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-zziplib-20984.patch --]
[-- Type: text/x-diff, Size: 10940 bytes --]
From 639c7c98b52d6fc6c850227e9bdb5c71697bd21a Mon Sep 17 00:00:00 2001
From: mobinmob <mobinmob@disroot.org>
Date: Tue, 14 Apr 2020 20:17:41 +0300
Subject: [PATCH] zziplib: update to 0.13.70.
---
.../zziplib/patches/0001-CVE-2018-17828.patch | 91 ---------
srcpkgs/zziplib/patches/CVE-2018-16548.patch | 172 ------------------
srcpkgs/zziplib/template | 15 +-
3 files changed, 6 insertions(+), 272 deletions(-)
delete mode 100644 srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch
delete mode 100644 srcpkgs/zziplib/patches/CVE-2018-16548.patch
diff --git a/srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch b/srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch
deleted file mode 100644
index 24ed5125d3a..00000000000
--- a/srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 535fa8d4deedc1da59884ce4f2fcc6528bf07251 Mon Sep 17 00:00:00 2001
-From: Nathan Owens <ndowens04@gmail.com>
-Date: Sat, 12 Jan 2019 22:29:49 -0600
-Subject: [PATCH] CVE-2018-17828
-
----
- bins/unzzipcat-big.c | 57 ++++++++++++++++++++++++++++++++++++++++++-
- test/test.zip | Bin 1361 -> 0 bytes
- 2 files changed, 56 insertions(+), 1 deletion(-)
- delete mode 100644 test/test.zip
-
-diff --git bins/unzzipcat-big.c bins/unzzipcat-big.c
-index 982d262..88c4d65 100644
---- bins/unzzipcat-big.c
-+++ bins/unzzipcat-big.c
-@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
- }
- }
-
-+/*
-+ * NAME: remove_dotdotslash
-+ * PURPOSE: To remove any "../" components from the given pathname
-+ * ARGUMENTS: path: path name with maybe "../" components
-+ * RETURNS: Nothing, "path" is modified in-place
-+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
-+ * Also, "path" is not used after creating it.
-+ * So modifying "path" in-place is safe to do.
-+ */
-+static inline void
-+remove_dotdotslash(char *path)
-+{
-+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
-+ char *dotdotslash;
-+ int warned = 0;
-+
-+ dotdotslash = path;
-+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
-+ {
-+ /*
-+ * Remove only if at the beginning of the pathname ("../path/name")
-+ * or when preceded by a slash ("path/../name"),
-+ * otherwise not ("path../name..")!
-+ */
-+ if (dotdotslash == path || dotdotslash[-1] == '/')
-+ {
-+ char *src, *dst;
-+ if (!warned)
-+ {
-+ /* Note: the first time through the pathname is still intact */
-+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
-+ warned = 1;
-+ }
-+ /* We cannot use strcpy(), as there "The strings may not overlap" */
-+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
-+ ;
-+ }
-+ else
-+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
-+ }
-+}
-+
- static void makedirs(const char* name)
- {
- char* p = strrchr(name, '/');
-@@ -70,6 +112,16 @@ static void makedirs(const char* name)
-
- static FILE* create_fopen(char* name, char* mode, int subdirs)
- {
-+ char *name_stripped;
-+ FILE *fp;
-+ int mustfree = 0;
-+
-+ if ((name_stripped = strdup(name)) != NULL)
-+ {
-+ remove_dotdotslash(name_stripped);
-+ name = name_stripped;
-+ mustfree = 1;
-+ }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
-@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
- free (dir_name);
- }
- }
-- return fopen(name, mode);
-+ fp = fopen(name, mode);
-+ if (mustfree)
-+ free(name_stripped);
-+ return fp;
- }
diff --git a/srcpkgs/zziplib/patches/CVE-2018-16548.patch b/srcpkgs/zziplib/patches/CVE-2018-16548.patch
deleted file mode 100644
index 2bdca93ae00..00000000000
--- a/srcpkgs/zziplib/patches/CVE-2018-16548.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 59c36ebe29fddd832c7afecc26dc5fe3e61faf1f Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 13:55:35 +0200
-Subject: [PATCH 1/3] One more free() to avoid memory leak.
-
----
- zzip/zip.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git zzip/zip.c zzip/zip.c
-index 14e2e06..a28456f 100644
---- zzip/zip.c
-+++ zzip/zip.c
-@@ -575,6 +575,8 @@ __zzip_parse_root_directory(int fd,
- if (hdr_return)
- *hdr_return = hdr0;
- } /* else zero (sane) entries */
-+ else
-+ free(hdr0);
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
- # else
---
-2.20.1
-
-
-From 490d6e72031790da0a4d229d13f7d5a389789977 Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 11:49:28 +0200
-Subject: [PATCH 2/3] Avoid memory leak from __zzip_parse_root_directory().
-
----
- zzip/zip.c | 28 ++++++++++++++++++++--------
- 1 file changed, 20 insertions(+), 8 deletions(-)
-
-diff --git zzip/zip.c zzip/zip.c
-index a28456f..51a1a4d 100644
---- zzip/zip.c
-+++ zzip/zip.c
-@@ -82,7 +82,8 @@ int __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
- int __zzip_parse_root_directory(int fd,
- struct _disk_trailer *trailer,
- struct zzip_dir_hdr **hdr_return,
-- zzip_plugin_io_t io);
-+ zzip_plugin_io_t io,
-+ zzip_off_t filesize);
-
- _zzip_inline static char *__zzip_aligned4(char *p);
-
-@@ -406,7 +407,8 @@ int
- __zzip_parse_root_directory(int fd,
- struct _disk_trailer *trailer,
- struct zzip_dir_hdr **hdr_return,
-- zzip_plugin_io_t io)
-+ zzip_plugin_io_t io,
-+ zzip_off_t filesize)
- {
- auto struct zzip_disk_entry dirent;
- struct zzip_dir_hdr *hdr;
-@@ -421,7 +423,8 @@ __zzip_parse_root_directory(int fd,
- zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer);
- __correct_rootseek(zz_rootseek, zz_rootsize, trailer);
-
-- if (zz_entries < 0 || zz_rootseek < 0 || zz_rootsize < 0)
-+ if (zz_entries <= 0 || zz_rootsize < 0 ||
-+ zz_rootseek < 0 || zz_rootseek >= filesize)
- return ZZIP_CORRUPTED;
-
- hdr0 = (struct zzip_dir_hdr *) malloc(zz_rootsize);
-@@ -472,9 +475,15 @@ __zzip_parse_root_directory(int fd,
- } else
- {
- if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
-+ {
-+ free(hdr0);
- return ZZIP_DIR_SEEK;
-+ }
- if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
-+ {
-+ free(hdr0);
- return ZZIP_DIR_READ;
-+ }
- d = &dirent;
- }
-
-@@ -574,13 +583,16 @@ __zzip_parse_root_directory(int fd,
-
- if (hdr_return)
- *hdr_return = hdr0;
-+ else
-+ {
-+ /* If it is not assigned to *hdr_return, it will never be free()'d */
-+ free(hdr0);
-+ }
- } /* else zero (sane) entries */
-- else
-- free(hdr0);
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
-- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
-+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
- # else
-- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
-+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
- # endif
- }
-
-@@ -757,7 +769,7 @@ __zzip_dir_parse(ZZIP_DIR * dir)
- (long) _disk_trailer_rootseek(&trailer));
-
- if ((rv = __zzip_parse_root_directory(dir->fd, &trailer, &dir->hdr0,
-- dir->io)) != 0)
-+ dir->io, filesize)) != 0)
- { goto error; }
- error:
- return rv;
---
-2.20.1
-
-
-From aab49d23bc28d13183cb62e71b884e24595cbe65 Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 11:32:04 +0200
-Subject: [PATCH 3/3] Avoid memory leak from __zzip_parse_root_directory().
-
----
- zzip/zip.c | 25 +++++++++++++++++++++++--
- 1 file changed, 23 insertions(+), 2 deletions(-)
-
-diff --git zzip/zip.c zzip/zip.c
-index 51a1a4d..a685280 100644
---- zzip/zip.c
-+++ zzip/zip.c
-@@ -587,13 +587,34 @@ __zzip_parse_root_directory(int fd,
- {
- /* If it is not assigned to *hdr_return, it will never be free()'d */
- free(hdr0);
-+ /* Make sure we don't free it again in case of error */
-+ hdr0 = NULL;
- }
- } /* else zero (sane) entries */
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
-- return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
-+ if (entries != zz_entries)
-+ {
-+ /* If it was assigned to *hdr_return, undo assignment */
-+ if (p_reclen && hdr_return)
-+ *hdr_return = NULL;
-+ /* Free it, if it was not already free()'d */
-+ if (hdr0 != NULL)
-+ free(hdr0);
-+ return ZZIP_CORRUPTED;
-+ }
- # else
-- return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
-+ if (((entries & (unsigned)0xFFFF) != zz_entries)
-+ {
-+ /* If it was assigned to *hdr_return, undo assignment */
-+ if (p_reclen && hdr_return)
-+ *hdr_return = NULL;
-+ /* Free it, if it was not already free()'d */
-+ if (hdr0 != NULL)
-+ free(hdr0);
-+ return ZZIP_CORRUPTED;
-+ }
- # endif
-+ return 0;
- }
-
- /* ------------------------- high-level interface ------------------------- */
---
-2.20.1
-
diff --git a/srcpkgs/zziplib/template b/srcpkgs/zziplib/template
index c8d693a9440..eabe4c659ab 100644
--- a/srcpkgs/zziplib/template
+++ b/srcpkgs/zziplib/template
@@ -1,20 +1,18 @@
# Template file for 'zziplib'
pkgname=zziplib
-version=0.13.69
-revision=2
-build_style=gnu-configure
-hostmakedepends="pkg-config python"
+version=0.13.70
+revision=1
+build_style=cmake
+configure_args=" -DZZIPDOCS=OFF"
+hostmakedepends="pkg-config python3 tar zip gzip"
makedepends="zlib-devel"
short_desc="Lightweight library to extract data from zip files"
maintainer="Orphaned <orphan@voidlinux.org>"
license="LGPL-2.1-or-later, MPL-1.1"
homepage="https://github.com/gdraheim/zziplib"
distfiles="https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz"
-checksum=846246d7cdeee405d8d21e2922c6e97f55f24ecbe3b6dcf5778073a88f120544
+checksum=a1457262d7a237dc50ce1f98ca57242bc714055ff81146f419ee53cdea1bf029
-pre_configure() {
- sed -i '/SUBDIRS/s/docs//' Makefile.in
-}
post_install() {
sed -i "s|\(-specs=.*hardened-ld\)||g" -i ${DESTDIR}/usr/lib/pkgconfig/*.pc
}
@@ -25,7 +23,6 @@ zziplib-devel_package() {
pkg_install() {
vmove usr/include
vmove usr/lib/pkgconfig
- vmove "usr/lib/*.a"
vmove "usr/lib/*.so"
vmove usr/share
}
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
@ 2020-04-14 17:24 ` xtraeme
2020-04-14 17:26 ` mobinmob
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: xtraeme @ 2020-04-14 17:24 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 307 bytes --]
New comment by xtraeme on void-packages repository
https://github.com/void-linux/void-packages/pull/20984#issuecomment-613573789
Comment:
upstream recommending disabling static libs is because of glibc. But we do support musl, so static libs are still useful in case you want to make a static executable.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
2020-04-14 17:24 ` xtraeme
@ 2020-04-14 17:26 ` mobinmob
2020-04-14 17:26 ` [PR PATCH] [Closed]: " mobinmob
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 17:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 317 bytes --]
New comment by mobinmob on void-packages repository
https://github.com/void-linux/void-packages/pull/20984#issuecomment-613574610
Comment:
> upstream recommending disabling static libs is because of glibc. But we do support musl, so static libs are still useful in case you want to make a static executable.
OK,
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PR PATCH] [Closed]: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
2020-04-14 17:24 ` xtraeme
2020-04-14 17:26 ` mobinmob
@ 2020-04-14 17:26 ` mobinmob
2020-04-14 17:26 ` mobinmob
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 17:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 326 bytes --]
There's a closed pull request on the void-packages repository
zziplib: update to 0.13.70.
https://github.com/void-linux/void-packages/pull/20984
Description:
- Use cmake (per upstream recomendation).
- Do not build static libs (upstream default).
- Do not build docs (seems the python scripts are broken).
- Use python3.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
` (2 preceding siblings ...)
2020-04-14 17:26 ` [PR PATCH] [Closed]: " mobinmob
@ 2020-04-14 17:26 ` mobinmob
2020-04-14 17:53 ` mobinmob
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 17:26 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 346 bytes --]
New comment by mobinmob on void-packages repository
https://github.com/void-linux/void-packages/pull/20984#issuecomment-613574610
Comment:
> upstream recommending disabling static libs is because of glibc. But we do support musl, so static libs are still useful in case you want to make a static executable.
Thank you, I will enable them ;)
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
` (3 preceding siblings ...)
2020-04-14 17:26 ` mobinmob
@ 2020-04-14 17:53 ` mobinmob
2020-04-14 18:01 ` xtraeme
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 17:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 248 bytes --]
New comment by mobinmob on void-packages repository
https://github.com/void-linux/void-packages/pull/20984#issuecomment-613587932
Comment:
It does not build a static lib even with the relevant switch in configure_args (-DBUILD_STATIC_LIBS=ON).
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
` (4 preceding siblings ...)
2020-04-14 17:53 ` mobinmob
@ 2020-04-14 18:01 ` xtraeme
2020-04-14 20:15 ` [PR PATCH] [Updated] " mobinmob
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: xtraeme @ 2020-04-14 18:01 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 175 bytes --]
New comment by xtraeme on void-packages repository
https://github.com/void-linux/void-packages/pull/20984#issuecomment-613591844
Comment:
in that case we can't do anything.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PR PATCH] [Updated] zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
` (5 preceding siblings ...)
2020-04-14 18:01 ` xtraeme
@ 2020-04-14 20:15 ` mobinmob
2020-04-14 20:19 ` mobinmob
2020-04-14 23:27 ` [PR PATCH] [Merged]: " xtraeme
8 siblings, 0 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 20:15 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 484 bytes --]
There is an updated pull request by mobinmob against master on the void-packages repository
https://github.com/mobinmob/void-packages zziplib
https://github.com/void-linux/void-packages/pull/20984
zziplib: update to 0.13.70.
- Use cmake (per upstream recomendation).
- Do not build static libs (upstream default).
- Do not build docs (seems the python scripts are broken).
- Use python3.
A patch file from https://github.com/void-linux/void-packages/pull/20984.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-zziplib-20984.patch --]
[-- Type: text/x-diff, Size: 11014 bytes --]
From f8c7076c3d569f540157bf6275f8254060b99ecd Mon Sep 17 00:00:00 2001
From: mobinmob <mobinmob@disroot.org>
Date: Tue, 14 Apr 2020 20:17:41 +0300
Subject: [PATCH] zziplib: update to 0.13.70.
---
.../zziplib/patches/0001-CVE-2018-17828.patch | 91 ---------
srcpkgs/zziplib/patches/CVE-2018-16548.patch | 172 ------------------
srcpkgs/zziplib/template | 20 +-
3 files changed, 11 insertions(+), 272 deletions(-)
delete mode 100644 srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch
delete mode 100644 srcpkgs/zziplib/patches/CVE-2018-16548.patch
diff --git a/srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch b/srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch
deleted file mode 100644
index 24ed5125d3a..00000000000
--- a/srcpkgs/zziplib/patches/0001-CVE-2018-17828.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From 535fa8d4deedc1da59884ce4f2fcc6528bf07251 Mon Sep 17 00:00:00 2001
-From: Nathan Owens <ndowens04@gmail.com>
-Date: Sat, 12 Jan 2019 22:29:49 -0600
-Subject: [PATCH] CVE-2018-17828
-
----
- bins/unzzipcat-big.c | 57 ++++++++++++++++++++++++++++++++++++++++++-
- test/test.zip | Bin 1361 -> 0 bytes
- 2 files changed, 56 insertions(+), 1 deletion(-)
- delete mode 100644 test/test.zip
-
-diff --git bins/unzzipcat-big.c bins/unzzipcat-big.c
-index 982d262..88c4d65 100644
---- bins/unzzipcat-big.c
-+++ bins/unzzipcat-big.c
-@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out)
- }
- }
-
-+/*
-+ * NAME: remove_dotdotslash
-+ * PURPOSE: To remove any "../" components from the given pathname
-+ * ARGUMENTS: path: path name with maybe "../" components
-+ * RETURNS: Nothing, "path" is modified in-place
-+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it!
-+ * Also, "path" is not used after creating it.
-+ * So modifying "path" in-place is safe to do.
-+ */
-+static inline void
-+remove_dotdotslash(char *path)
-+{
-+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */
-+ char *dotdotslash;
-+ int warned = 0;
-+
-+ dotdotslash = path;
-+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
-+ {
-+ /*
-+ * Remove only if at the beginning of the pathname ("../path/name")
-+ * or when preceded by a slash ("path/../name"),
-+ * otherwise not ("path../name..")!
-+ */
-+ if (dotdotslash == path || dotdotslash[-1] == '/')
-+ {
-+ char *src, *dst;
-+ if (!warned)
-+ {
-+ /* Note: the first time through the pathname is still intact */
-+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path);
-+ warned = 1;
-+ }
-+ /* We cannot use strcpy(), as there "The strings may not overlap" */
-+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++)
-+ ;
-+ }
-+ else
-+ dotdotslash +=3; /* skip this instance to prevent infinite loop */
-+ }
-+}
-+
- static void makedirs(const char* name)
- {
- char* p = strrchr(name, '/');
-@@ -70,6 +112,16 @@ static void makedirs(const char* name)
-
- static FILE* create_fopen(char* name, char* mode, int subdirs)
- {
-+ char *name_stripped;
-+ FILE *fp;
-+ int mustfree = 0;
-+
-+ if ((name_stripped = strdup(name)) != NULL)
-+ {
-+ remove_dotdotslash(name_stripped);
-+ name = name_stripped;
-+ mustfree = 1;
-+ }
- if (subdirs)
- {
- char* p = strrchr(name, '/');
-@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs)
- free (dir_name);
- }
- }
-- return fopen(name, mode);
-+ fp = fopen(name, mode);
-+ if (mustfree)
-+ free(name_stripped);
-+ return fp;
- }
diff --git a/srcpkgs/zziplib/patches/CVE-2018-16548.patch b/srcpkgs/zziplib/patches/CVE-2018-16548.patch
deleted file mode 100644
index 2bdca93ae00..00000000000
--- a/srcpkgs/zziplib/patches/CVE-2018-16548.patch
+++ /dev/null
@@ -1,172 +0,0 @@
-From 59c36ebe29fddd832c7afecc26dc5fe3e61faf1f Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 13:55:35 +0200
-Subject: [PATCH 1/3] One more free() to avoid memory leak.
-
----
- zzip/zip.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git zzip/zip.c zzip/zip.c
-index 14e2e06..a28456f 100644
---- zzip/zip.c
-+++ zzip/zip.c
-@@ -575,6 +575,8 @@ __zzip_parse_root_directory(int fd,
- if (hdr_return)
- *hdr_return = hdr0;
- } /* else zero (sane) entries */
-+ else
-+ free(hdr0);
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
- # else
---
-2.20.1
-
-
-From 490d6e72031790da0a4d229d13f7d5a389789977 Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 11:49:28 +0200
-Subject: [PATCH 2/3] Avoid memory leak from __zzip_parse_root_directory().
-
----
- zzip/zip.c | 28 ++++++++++++++++++++--------
- 1 file changed, 20 insertions(+), 8 deletions(-)
-
-diff --git zzip/zip.c zzip/zip.c
-index a28456f..51a1a4d 100644
---- zzip/zip.c
-+++ zzip/zip.c
-@@ -82,7 +82,8 @@ int __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize,
- int __zzip_parse_root_directory(int fd,
- struct _disk_trailer *trailer,
- struct zzip_dir_hdr **hdr_return,
-- zzip_plugin_io_t io);
-+ zzip_plugin_io_t io,
-+ zzip_off_t filesize);
-
- _zzip_inline static char *__zzip_aligned4(char *p);
-
-@@ -406,7 +407,8 @@ int
- __zzip_parse_root_directory(int fd,
- struct _disk_trailer *trailer,
- struct zzip_dir_hdr **hdr_return,
-- zzip_plugin_io_t io)
-+ zzip_plugin_io_t io,
-+ zzip_off_t filesize)
- {
- auto struct zzip_disk_entry dirent;
- struct zzip_dir_hdr *hdr;
-@@ -421,7 +423,8 @@ __zzip_parse_root_directory(int fd,
- zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer);
- __correct_rootseek(zz_rootseek, zz_rootsize, trailer);
-
-- if (zz_entries < 0 || zz_rootseek < 0 || zz_rootsize < 0)
-+ if (zz_entries <= 0 || zz_rootsize < 0 ||
-+ zz_rootseek < 0 || zz_rootseek >= filesize)
- return ZZIP_CORRUPTED;
-
- hdr0 = (struct zzip_dir_hdr *) malloc(zz_rootsize);
-@@ -472,9 +475,15 @@ __zzip_parse_root_directory(int fd,
- } else
- {
- if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
-+ {
-+ free(hdr0);
- return ZZIP_DIR_SEEK;
-+ }
- if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent))
-+ {
-+ free(hdr0);
- return ZZIP_DIR_READ;
-+ }
- d = &dirent;
- }
-
-@@ -574,13 +583,16 @@ __zzip_parse_root_directory(int fd,
-
- if (hdr_return)
- *hdr_return = hdr0;
-+ else
-+ {
-+ /* If it is not assigned to *hdr_return, it will never be free()'d */
-+ free(hdr0);
-+ }
- } /* else zero (sane) entries */
-- else
-- free(hdr0);
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
-- return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
-+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
- # else
-- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0);
-+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
- # endif
- }
-
-@@ -757,7 +769,7 @@ __zzip_dir_parse(ZZIP_DIR * dir)
- (long) _disk_trailer_rootseek(&trailer));
-
- if ((rv = __zzip_parse_root_directory(dir->fd, &trailer, &dir->hdr0,
-- dir->io)) != 0)
-+ dir->io, filesize)) != 0)
- { goto error; }
- error:
- return rv;
---
-2.20.1
-
-
-From aab49d23bc28d13183cb62e71b884e24595cbe65 Mon Sep 17 00:00:00 2001
-From: jmoellers <josef.moellers@suse.com>
-Date: Fri, 7 Sep 2018 11:32:04 +0200
-Subject: [PATCH 3/3] Avoid memory leak from __zzip_parse_root_directory().
-
----
- zzip/zip.c | 25 +++++++++++++++++++++++--
- 1 file changed, 23 insertions(+), 2 deletions(-)
-
-diff --git zzip/zip.c zzip/zip.c
-index 51a1a4d..a685280 100644
---- zzip/zip.c
-+++ zzip/zip.c
-@@ -587,13 +587,34 @@ __zzip_parse_root_directory(int fd,
- {
- /* If it is not assigned to *hdr_return, it will never be free()'d */
- free(hdr0);
-+ /* Make sure we don't free it again in case of error */
-+ hdr0 = NULL;
- }
- } /* else zero (sane) entries */
- # ifndef ZZIP_ALLOW_MODULO_ENTRIES
-- return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
-+ if (entries != zz_entries)
-+ {
-+ /* If it was assigned to *hdr_return, undo assignment */
-+ if (p_reclen && hdr_return)
-+ *hdr_return = NULL;
-+ /* Free it, if it was not already free()'d */
-+ if (hdr0 != NULL)
-+ free(hdr0);
-+ return ZZIP_CORRUPTED;
-+ }
- # else
-- return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0;
-+ if (((entries & (unsigned)0xFFFF) != zz_entries)
-+ {
-+ /* If it was assigned to *hdr_return, undo assignment */
-+ if (p_reclen && hdr_return)
-+ *hdr_return = NULL;
-+ /* Free it, if it was not already free()'d */
-+ if (hdr0 != NULL)
-+ free(hdr0);
-+ return ZZIP_CORRUPTED;
-+ }
- # endif
-+ return 0;
- }
-
- /* ------------------------- high-level interface ------------------------- */
---
-2.20.1
-
diff --git a/srcpkgs/zziplib/template b/srcpkgs/zziplib/template
index c8d693a9440..2f0fe1e317d 100644
--- a/srcpkgs/zziplib/template
+++ b/srcpkgs/zziplib/template
@@ -1,20 +1,23 @@
# Template file for 'zziplib'
pkgname=zziplib
-version=0.13.69
-revision=2
-build_style=gnu-configure
-hostmakedepends="pkg-config python"
+version=0.13.70
+revision=1
+build_style=cmake
+configure_args=" -DZZIPDOCS=OFF"
+hostmakedepends="pkg-config python3 tar zip gzip"
makedepends="zlib-devel"
short_desc="Lightweight library to extract data from zip files"
maintainer="Orphaned <orphan@voidlinux.org>"
license="LGPL-2.1-or-later, MPL-1.1"
homepage="https://github.com/gdraheim/zziplib"
distfiles="https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz"
-checksum=846246d7cdeee405d8d21e2922c6e97f55f24ecbe3b6dcf5778073a88f120544
+checksum=a1457262d7a237dc50ce1f98ca57242bc714055ff81146f419ee53cdea1bf029
+
+if [ "$CROSS_BUILD" ]; then
+ configure_args+=" -DZZIPTEST=OFF"
+fi
+
-pre_configure() {
- sed -i '/SUBDIRS/s/docs//' Makefile.in
-}
post_install() {
sed -i "s|\(-specs=.*hardened-ld\)||g" -i ${DESTDIR}/usr/lib/pkgconfig/*.pc
}
@@ -25,7 +28,6 @@ zziplib-devel_package() {
pkg_install() {
vmove usr/include
vmove usr/lib/pkgconfig
- vmove "usr/lib/*.a"
vmove "usr/lib/*.so"
vmove usr/share
}
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
` (6 preceding siblings ...)
2020-04-14 20:15 ` [PR PATCH] [Updated] " mobinmob
@ 2020-04-14 20:19 ` mobinmob
2020-04-14 23:27 ` [PR PATCH] [Merged]: " xtraeme
8 siblings, 0 replies; 10+ messages in thread
From: mobinmob @ 2020-04-14 20:19 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 249 bytes --]
New comment by mobinmob on void-packages repository
https://github.com/void-linux/void-packages/pull/20984#issuecomment-613660211
Comment:
I disabled tests in CROSS_BUILD. They depend on a generated binary and fail. Tested locally (aarch64-musl).
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PR PATCH] [Merged]: zziplib: update to 0.13.70.
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
` (7 preceding siblings ...)
2020-04-14 20:19 ` mobinmob
@ 2020-04-14 23:27 ` xtraeme
8 siblings, 0 replies; 10+ messages in thread
From: xtraeme @ 2020-04-14 23:27 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 326 bytes --]
There's a merged pull request on the void-packages repository
zziplib: update to 0.13.70.
https://github.com/void-linux/void-packages/pull/20984
Description:
- Use cmake (per upstream recomendation).
- Do not build static libs (upstream default).
- Do not build docs (seems the python scripts are broken).
- Use python3.
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2020-04-14 23:27 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-14 17:21 [PR PATCH] zziplib: update to 0.13.70 mobinmob
2020-04-14 17:24 ` xtraeme
2020-04-14 17:26 ` mobinmob
2020-04-14 17:26 ` [PR PATCH] [Closed]: " mobinmob
2020-04-14 17:26 ` mobinmob
2020-04-14 17:53 ` mobinmob
2020-04-14 18:01 ` xtraeme
2020-04-14 20:15 ` [PR PATCH] [Updated] " mobinmob
2020-04-14 20:19 ` mobinmob
2020-04-14 23:27 ` [PR PATCH] [Merged]: " xtraeme
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).