* [PR PATCH] matio: update to 1.5.23.
@ 2023-01-12 16:14 mhmdanas
2023-01-15 11:51 ` paper42
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: mhmdanas @ 2023-01-12 16:14 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1487 bytes --]
There is a new pull request by mhmdanas against master on the void-packages repository
https://github.com/mhmdanas/void-packages matio-1.5.23
https://github.com/void-linux/void-packages/pull/41601
matio: update to 1.5.23.
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
The currently packaged matio release includes a number of vulnerabilities fixed
in in the latest version (see https://github.com/tbeu/matio/releases/tag/v1.5.18
and https://github.com/tbeu/matio/releases/tag/v1.5.22), so this PR should
probably be merged soon.
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/41601.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-matio-1.5.23-41601.patch --]
[-- Type: text/x-diff, Size: 4710 bytes --]
From 2f5137cb91249695d1fdab880bd90eb17bd8c5b3 Mon Sep 17 00:00:00 2001
From: mhmdanas <triallax@tutanota.com>
Date: Fri, 6 Jan 2023 00:33:29 +0000
Subject: [PATCH 1/2] matio: update to 1.5.23.
---
common/shlibs | 2 +-
srcpkgs/matio/patches/CVE-2019-20020.patch | 45 ----------------------
srcpkgs/matio/template | 8 ++--
3 files changed, 5 insertions(+), 50 deletions(-)
delete mode 100644 srcpkgs/matio/patches/CVE-2019-20020.patch
diff --git a/common/shlibs b/common/shlibs
index 0a803960ab55..c5931178a3da 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3921,7 +3921,7 @@ libhidrd_opt.so.0 hidrd-0.2.0_1
libhidrd_strm.so.0 hidrd-0.2.0_1
libhidrd_fmt.so.0 hidrd-0.2.0_1
libjcat.so.1 libjcat-0.1.2_1
-libmatio.so.9 matio-1.5.17_2
+libmatio.so.11 matio-1.5.23_1
libportal.so.1 libportal-0.6_1
libportal-gtk3.so.1 libportal-gtk3-0.6_1
libportal-gtk4.so.1 libportal-gtk4-0.6_1
diff --git a/srcpkgs/matio/patches/CVE-2019-20020.patch b/srcpkgs/matio/patches/CVE-2019-20020.patch
deleted file mode 100644
index abcedd6fed20..000000000000
--- a/srcpkgs/matio/patches/CVE-2019-20020.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 8138e767bf6df7cccf1664f3a854e596628fdb2d Mon Sep 17 00:00:00 2001
-From: Nathan Owens <ndowens04@gmail.com>
-Date: Sat, 28 Dec 2019 18:25:58 -0600
-Subject: [PATCH] matio: CVE-2019-20020 patch
-
-Signed-off-by: Nathan Owens <ndowens04@gmail.com>
----
- src/mat5.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/src/mat5.c b/src/mat5.c
-index abdb351..776f233 100644
---- a/src/mat5.c
-+++ b/src/mat5.c
-@@ -980,10 +980,26 @@ ReadNextCell( mat_t *mat, matvar_t *matvar )
- /* Rank and Dimension */
- if ( uncomp_buf[0] == MAT_T_INT32 ) {
- int j;
-+ size_t size;
- cells[i]->rank = uncomp_buf[1];
- nbytes -= cells[i]->rank;
- cells[i]->rank /= 4;
-- cells[i]->dims = (size_t*)malloc(cells[i]->rank*sizeof(*cells[i]->dims));
-+ if ( 0 == do_clean && cells[i]->rank > 13 ) {
-+ int rank = cells[i]->rank;
-+ cells[i]->rank = 0;
-+ Mat_Critical("%d is not a valid rank", rank);
-+ continue;
-+ }
-+ err = SafeMul(&size, cells[i]->rank, sizeof(*cells[i]->dims));
-+ if ( err ) {
-+ if ( do_clean )
-+ free(dims);
-+ Mat_VarFree(cells[i]);
-+ cells[i] = NULL;
-+ Mat_Critical("Integer multiplication overflow");
-+ continue;
-+ }
-+ cells[i]->dims = (size_t*)malloc(size);
- if ( mat->byteswap ) {
- for ( j = 0; j < cells[i]->rank; j++ )
- cells[i]->dims[j] = Mat_uint32Swap(dims + j);
---
-2.24.1
-
diff --git a/srcpkgs/matio/template b/srcpkgs/matio/template
index d22e883530b0..18188e9fb288 100644
--- a/srcpkgs/matio/template
+++ b/srcpkgs/matio/template
@@ -1,7 +1,7 @@
# Template file for 'matio'
pkgname=matio
-version=1.5.17
-revision=2
+version=1.5.23
+revision=1
build_style=gnu-configure
configure_args="--disable-static"
hostmakedepends="libtool"
@@ -10,8 +10,8 @@ short_desc="MATLAB MAT file I/O library"
maintainer="Florian Eich <flrn@nrmncr.net>"
license="BSD-2-Clause"
homepage="https://github.com/tbeu/matio"
-distfiles="https://github.com/tbeu/matio/releases/download/v${version}/${pkgname}-${version}.tar.gz"
-checksum=5e455527d370ab297c4abe5a2ab4d599c93ac7c1a0c85d841cc5c22f8221c400
+distfiles="https://github.com/tbeu/matio/releases/download/v${version}/matio-${version}.tar.gz"
+checksum=9f91eae661df46ea53c311a1b2dcff72051095b023c612d7cbfc09406c9f4d6e
if [ "$CROSS_BUILD" ]; then
configure_args+=" ac_cv_va_copy=C99"
From 1c69ee9aac3606ba514d5bb0d6d5a98862968706 Mon Sep 17 00:00:00 2001
From: mhmdanas <triallax@tutanota.com>
Date: Thu, 12 Jan 2023 16:10:33 +0000
Subject: [PATCH 2/2] vips: revbump for matio-1.5.23.
---
srcpkgs/vips/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/vips/template b/srcpkgs/vips/template
index aa2d766ebfe2..a922b7bb0135 100644
--- a/srcpkgs/vips/template
+++ b/srcpkgs/vips/template
@@ -1,7 +1,7 @@
# Template file for 'vips'
pkgname=vips
version=8.12.1
-revision=3
+revision=4
build_style=gnu-configure
build_helper=gir
# TODO: As of version 8.11 vips supports loading its support for OpenSlide,
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: matio: update to 1.5.23.
2023-01-12 16:14 [PR PATCH] matio: update to 1.5.23 mhmdanas
@ 2023-01-15 11:51 ` paper42
2023-01-18 19:23 ` [PR PATCH] [Updated] " mhmdanas
2023-01-21 18:53 ` [PR PATCH] [Merged]: " Piraty
2 siblings, 0 replies; 4+ messages in thread
From: paper42 @ 2023-01-15 11:51 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 163 bytes --]
New comment by paper42 on void-packages repository
https://github.com/void-linux/void-packages/pull/41601#issuecomment-1383129612
Comment:
please rebase this PR
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Updated] matio: update to 1.5.23.
2023-01-12 16:14 [PR PATCH] matio: update to 1.5.23 mhmdanas
2023-01-15 11:51 ` paper42
@ 2023-01-18 19:23 ` mhmdanas
2023-01-21 18:53 ` [PR PATCH] [Merged]: " Piraty
2 siblings, 0 replies; 4+ messages in thread
From: mhmdanas @ 2023-01-18 19:23 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1492 bytes --]
There is an updated pull request by mhmdanas against master on the void-packages repository
https://github.com/mhmdanas/void-packages matio-1.5.23
https://github.com/void-linux/void-packages/pull/41601
matio: update to 1.5.23.
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
The currently packaged matio release includes a number of vulnerabilities fixed
in in the latest version (see https://github.com/tbeu/matio/releases/tag/v1.5.18
and https://github.com/tbeu/matio/releases/tag/v1.5.22), so this PR should
probably be merged soon.
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
A patch file from https://github.com/void-linux/void-packages/pull/41601.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-matio-1.5.23-41601.patch --]
[-- Type: text/x-diff, Size: 4702 bytes --]
From 1b6af45263c6904f5b07590ca4dc02641e2521d2 Mon Sep 17 00:00:00 2001
From: mhmdanas <triallax@tutanota.com>
Date: Fri, 6 Jan 2023 00:33:29 +0000
Subject: [PATCH 1/2] matio: update to 1.5.23.
---
common/shlibs | 2 +-
srcpkgs/matio/patches/CVE-2019-20020.patch | 45 ----------------------
srcpkgs/matio/template | 8 ++--
3 files changed, 5 insertions(+), 50 deletions(-)
delete mode 100644 srcpkgs/matio/patches/CVE-2019-20020.patch
diff --git a/common/shlibs b/common/shlibs
index 32b6337a4f92..37c8dd7d7fdb 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -3921,7 +3921,7 @@ libhidrd_opt.so.0 hidrd-0.2.0_1
libhidrd_strm.so.0 hidrd-0.2.0_1
libhidrd_fmt.so.0 hidrd-0.2.0_1
libjcat.so.1 libjcat-0.1.2_1
-libmatio.so.9 matio-1.5.17_2
+libmatio.so.11 matio-1.5.23_1
libportal.so.1 libportal-0.6_1
libportal-gtk3.so.1 libportal-gtk3-0.6_1
libportal-gtk4.so.1 libportal-gtk4-0.6_1
diff --git a/srcpkgs/matio/patches/CVE-2019-20020.patch b/srcpkgs/matio/patches/CVE-2019-20020.patch
deleted file mode 100644
index abcedd6fed20..000000000000
--- a/srcpkgs/matio/patches/CVE-2019-20020.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 8138e767bf6df7cccf1664f3a854e596628fdb2d Mon Sep 17 00:00:00 2001
-From: Nathan Owens <ndowens04@gmail.com>
-Date: Sat, 28 Dec 2019 18:25:58 -0600
-Subject: [PATCH] matio: CVE-2019-20020 patch
-
-Signed-off-by: Nathan Owens <ndowens04@gmail.com>
----
- src/mat5.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/src/mat5.c b/src/mat5.c
-index abdb351..776f233 100644
---- a/src/mat5.c
-+++ b/src/mat5.c
-@@ -980,10 +980,26 @@ ReadNextCell( mat_t *mat, matvar_t *matvar )
- /* Rank and Dimension */
- if ( uncomp_buf[0] == MAT_T_INT32 ) {
- int j;
-+ size_t size;
- cells[i]->rank = uncomp_buf[1];
- nbytes -= cells[i]->rank;
- cells[i]->rank /= 4;
-- cells[i]->dims = (size_t*)malloc(cells[i]->rank*sizeof(*cells[i]->dims));
-+ if ( 0 == do_clean && cells[i]->rank > 13 ) {
-+ int rank = cells[i]->rank;
-+ cells[i]->rank = 0;
-+ Mat_Critical("%d is not a valid rank", rank);
-+ continue;
-+ }
-+ err = SafeMul(&size, cells[i]->rank, sizeof(*cells[i]->dims));
-+ if ( err ) {
-+ if ( do_clean )
-+ free(dims);
-+ Mat_VarFree(cells[i]);
-+ cells[i] = NULL;
-+ Mat_Critical("Integer multiplication overflow");
-+ continue;
-+ }
-+ cells[i]->dims = (size_t*)malloc(size);
- if ( mat->byteswap ) {
- for ( j = 0; j < cells[i]->rank; j++ )
- cells[i]->dims[j] = Mat_uint32Swap(dims + j);
---
-2.24.1
-
diff --git a/srcpkgs/matio/template b/srcpkgs/matio/template
index d22e883530b0..18188e9fb288 100644
--- a/srcpkgs/matio/template
+++ b/srcpkgs/matio/template
@@ -1,7 +1,7 @@
# Template file for 'matio'
pkgname=matio
-version=1.5.17
-revision=2
+version=1.5.23
+revision=1
build_style=gnu-configure
configure_args="--disable-static"
hostmakedepends="libtool"
@@ -10,8 +10,8 @@ short_desc="MATLAB MAT file I/O library"
maintainer="Florian Eich <flrn@nrmncr.net>"
license="BSD-2-Clause"
homepage="https://github.com/tbeu/matio"
-distfiles="https://github.com/tbeu/matio/releases/download/v${version}/${pkgname}-${version}.tar.gz"
-checksum=5e455527d370ab297c4abe5a2ab4d599c93ac7c1a0c85d841cc5c22f8221c400
+distfiles="https://github.com/tbeu/matio/releases/download/v${version}/matio-${version}.tar.gz"
+checksum=9f91eae661df46ea53c311a1b2dcff72051095b023c612d7cbfc09406c9f4d6e
if [ "$CROSS_BUILD" ]; then
configure_args+=" ac_cv_va_copy=C99"
From 1bec3e70278c4e2e5d1fe2e266e66f80c4dbd2f1 Mon Sep 17 00:00:00 2001
From: mhmdanas <triallax@tutanota.com>
Date: Thu, 12 Jan 2023 16:10:33 +0000
Subject: [PATCH 2/2] vips: revbump for matio-1.5.23.
---
srcpkgs/vips/template | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/srcpkgs/vips/template b/srcpkgs/vips/template
index 5e47bcaced1e..2dde7d3b7e32 100644
--- a/srcpkgs/vips/template
+++ b/srcpkgs/vips/template
@@ -1,7 +1,7 @@
# Template file for 'vips'
pkgname=vips
version=8.14.1
-revision=1
+revision=2
build_style=meson
build_helper=gir
# TODO: As of version 8.11 vips supports loading its support for OpenSlide,
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PR PATCH] [Merged]: matio: update to 1.5.23.
2023-01-12 16:14 [PR PATCH] matio: update to 1.5.23 mhmdanas
2023-01-15 11:51 ` paper42
2023-01-18 19:23 ` [PR PATCH] [Updated] " mhmdanas
@ 2023-01-21 18:53 ` Piraty
2 siblings, 0 replies; 4+ messages in thread
From: Piraty @ 2023-01-21 18:53 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 1329 bytes --]
There's a merged pull request on the void-packages repository
matio: update to 1.5.23.
https://github.com/void-linux/void-packages/pull/41601
Description:
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **briefly**
The currently packaged matio release includes a number of vulnerabilities fixed
in in the latest version (see https://github.com/tbeu/matio/releases/tag/v1.5.18
and https://github.com/tbeu/matio/releases/tag/v1.5.22), so this PR should
probably be merged soon.
<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->
<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
- aarch64-musl
- armv7l
- armv6l-musl
-->
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-01-21 18:53 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-12 16:14 [PR PATCH] matio: update to 1.5.23 mhmdanas
2023-01-15 11:51 ` paper42
2023-01-18 19:23 ` [PR PATCH] [Updated] " mhmdanas
2023-01-21 18:53 ` [PR PATCH] [Merged]: " Piraty
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).