pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/archivers/zziplib update from 0.13.59 to v0.13.66



details:   https://anonhg.NetBSD.org/pkgsrc/rev/44a4b0c3db88
branches:  trunk
changeset: 362427:44a4b0c3db88
user:      spz <spz%pkgsrc.org@localhost>
date:      Mon May 15 08:40:21 2017 +0000

description:
update from 0.13.59 to v0.13.66
fixing: CVE-2017-5974 CVE-2017-5975 CVE-2017-5976 CVE-2017-5978 CVE-2017-5981

Upstream changelog:
2017-04-24  guidod  <guidod%gmx.de@localhost>
    * common frontend 'unzzip.c' for example code in unzzip*-xx.c
    * expand testcases to cover all of big/mem/mix/zap variants
    * release v0.13.66

2017-04-23  guidod  <guidod%gmx.de@localhost>
    * turn the testsuite from makefile into python unittest format
    * extend 'make check' testsuite to cover non-libzzip extensions
    * fix unzzipcat-seeko and unzzipcat-mem to match the testsuite
    * release v0.13.65

2017-04-20  guidod  <guidod%gmx.de@localhost>
    * check patches in opensuse builds, mostly for some CVE reports

2012-09-15  guidod  <guidod%gmx.de@localhost>
    * zzip.h, plugin.h: "};" at end of extern-C produces build errors with
       the default --pedantic-errors on newer CMake. Thanks to Keith Thompson
       recognizing it - see http://stackoverflow.com/questions/12384280/

2012-03-11  guidod  <guidod%gmx.de@localhost>

        * configure.ac: fallback to libtool -export-dynamic unless being sure to
           use gnu-ld --export-dynamic. The darwin case is a bit special here
           as the c-compiler and linker might be from different worlds.
        * next 0.13.62 - needs a fix for mingw
           (-mconsole is not a linker option, only the gcc should see it)

2010-12-30 guidod <guidod%gmx.de@localhost>
        * done 0.13.60 release, tagged, and announced.
        * prepare 0.13.61

2010-12-29 guidod <guidod%gmx.de@localhost>
        * Makefile.am: allow nonstaic build
        * wrap fd.open like in the Fedora patch

2010-12-28 guidod <guidod%gmx.de@localhost>
        * zziplib.spec - simplify the spec based on distro specs.

2010-12-27 guidod <guidod%gmx.de@localhost>
        * adding fetch.h/fetch.c to msvc8/zziplib.vcproj to allow
          tests with Visual Studio C++ Express 2005

2010-12-27 guidod <guidod%gmx.de@localhost>
        * fix stat.c to check ZZIP_CASELESS instead of the deprecated
          ZZIP_CASEINSENSITIVE. The latter is still recognized for
          compatibility reasons and implicitly mapped to ZZIP_CASELESS.
        * fixes the zziplib-Patches-3078188 which reported the bug.

2010-12-27 guidod <guidod%gmx.de@localhost>
        * apply patches by Peter Breitenlohner for better compatibility
          with AIX host system. Also the Sun Studio compiler insists on
          static inline functions or else assumes extern inline.
        * also fixes zziplib-Patches-3011551 on the AIX problem.

2010-12-27 guidod <guidod%gmx.de@localhost>
        * add hints that the ext_io plugin handlers should be static.

2010-05-09  guidod  <guidod%gmx.de@localhost>

        * zzip/__fnmatch.h: add include <string.h> to make mingw32 happy.
             Patches item #2995373 by Gregory Smith

2010-05-08  guidod  <guidod%gmx.de@localhost>

        * SDL/Makefile.am: fix generation of sdl-uninstalled.pc that was
           not recognized during compilation.

2010-04-05  guidod  <guidod%gmx.de@localhost>

        * Makefile.am: fix "osc rm" and fix "test-sdl" if SDL was not found.
        * configure.ac: SDL example builds on pkgconfig/sdl.pc which

            was introduced with SDL 1.2.11 - CentOs5 ships 1.2.10 which
            does only have "sdl-config" and it made for a mismatch in
            in the build configuration: sdl-devel yes, pkgconfig sdl no.
        * zzip/zip.c (__zzip_parse_root_directory): move the check for
             zzip_disk_entry_check_magic to be after the the check that
             the seek-value is more than a header's size before the end.
             (based on a segfault report by Tulip?nt Gergely when the
              new modulo_entries code is enabled (which is off by default))

2010-03-30  guidod  <guidod%gmx.de@localhost>

        * zzip/Makefile.am:  fixing symlinks for lib* - use only for Linux
            Thanks to Ryan Schmidt (macports):
                ... likes to install some symlinks that don't make sense on Mac OS X:
                $ ls -l /opt/local/lib/*zzip*so*
                lrwxr-xr-x  /opt/local/lib/libzzip*.so.10 -> libzzip*.so.13
                lrwxr-xr-x  /opt/local/lib/libzzip*.so.11 -> libzzip*.so.13
                lrwxr-xr-x  /opt/local/lib/libzzip*.so.12 -> libzzip*.so.13
                Yes, the filenames literally contain an asterisk.

diffstat:

 archivers/zziplib/Makefile                 |  15 ++++++---
 archivers/zziplib/PLIST                    |  10 ++----
 archivers/zziplib/distinfo                 |  17 +++++------
 archivers/zziplib/patches/patch-aa         |  10 +++---
 archivers/zziplib/patches/patch-ba         |  43 ++++++++++++++++-------------
 archivers/zziplib/patches/patch-bb         |  21 ++++++-------
 archivers/zziplib/patches/patch-zzip_zip.c |  27 ------------------
 7 files changed, 61 insertions(+), 82 deletions(-)

diffs (212 lines):

diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/Makefile
--- a/archivers/zziplib/Makefile        Mon May 15 08:38:34 2017 +0000
+++ b/archivers/zziplib/Makefile        Mon May 15 08:40:21 2017 +0000
@@ -1,12 +1,17 @@
-# $NetBSD: Makefile,v 1.19 2014/10/09 14:05:55 wiz Exp $
+# $NetBSD: Makefile,v 1.20 2017/05/15 08:40:21 spz Exp $
 
-DISTNAME=      zziplib-0.13.59
+PKGNAME=        zziplib-${VERSION}
+DISTNAME=      ${PKGNAME}
 CATEGORIES=    archivers
-MASTER_SITES=  ${MASTER_SITE_SOURCEFORGE:=zziplib/}
-EXTRACT_SUFX=  .tar.bz2
+MASTER_SITES=   ${MASTER_SITE_GITHUB:=gdraheim/}
+GITHUB_PROJECT= zziplib
+GITHUB_TAG=    v${VERSION}
+EXTRACT_SUFX=  .tar.gz
+VERSION=       0.13.66
+
 
 MAINTAINER=    pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE=      http://zziplib.sourceforge.net/
+HOMEPAGE=      https://github.com/gdraheim/zziplib
 COMMENT=       Library for ZIP archive handling
 
 LICENSE=       gnu-lgpl-v2 OR mpl-1.1
diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/PLIST
--- a/archivers/zziplib/PLIST   Mon May 15 08:38:34 2017 +0000
+++ b/archivers/zziplib/PLIST   Mon May 15 08:40:21 2017 +0000
@@ -1,11 +1,9 @@
-@comment $NetBSD: PLIST,v 1.7 2010/05/15 06:37:03 adam Exp $
+@comment $NetBSD: PLIST,v 1.8 2017/05/15 08:40:21 spz Exp $
 bin/unzip-mem
 bin/unzzip
-bin/unzzipcat
-bin/unzzipcat-mem
-bin/unzzipcat-seeko
-bin/unzzipdir
-bin/unzzipdir-mem
+bin/unzzip-big
+bin/unzzip-mem
+bin/unzzip-mix
 bin/zzcat
 bin/zzdir
 bin/zzxorcat
diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/distinfo
--- a/archivers/zziplib/distinfo        Mon May 15 08:38:34 2017 +0000
+++ b/archivers/zziplib/distinfo        Mon May 15 08:40:21 2017 +0000
@@ -1,11 +1,10 @@
-$NetBSD: distinfo,v 1.13 2017/02/25 12:16:44 kamil Exp $
+$NetBSD: distinfo,v 1.14 2017/05/15 08:40:21 spz Exp $
 
-SHA1 (zziplib-0.13.59.tar.bz2) = ddbce25cb36c3b4c2b892e2c8a88fa4a0be29a71
-RMD160 (zziplib-0.13.59.tar.bz2) = b96f547039ac005f6e9ca2cf92c388a077b9b21e
-SHA512 (zziplib-0.13.59.tar.bz2) = e417867abd2a35a896c0e04d06a841db3569923fea1fbbb5de615d3357d708cdf5b085c4391b14a0943d8c574100b50c3d0de1f827090ee442fb5bf4010e3c53
-Size (zziplib-0.13.59.tar.bz2) = 691000 bytes
-SHA1 (patch-aa) = e5687abbc3bbffa2b461f6e835baa18090e2c3a8
-SHA1 (patch-ba) = 1f680820112114534318ad46603992b16e183866
-SHA1 (patch-bb) = afdcf01c5aea03f7bfd61492acbe4f3743d50b0a
+SHA1 (zziplib-0.13.66.tar.gz) = ddd7b127a4435b278d5dd5f79ed272a632b5c307
+RMD160 (zziplib-0.13.66.tar.gz) = ca3915a2c0835aa0a4a1ebcb0d286b6402b389ae
+SHA512 (zziplib-0.13.66.tar.gz) = 893885d85293269fd8ff14d61eaae5f7d07689a16dd9c07c1ae8d46ea2b2f94a13d6aab19670efa7716cafe5e9f8efb1cbc1254bd9e860c836faa35736bdbe20
+Size (zziplib-0.13.66.tar.gz) = 1069837 bytes
+SHA1 (patch-aa) = 0dd9535effc69940bfc0853b85685e7ba5f4fb30
+SHA1 (patch-ba) = 84f36580cabf321dc6e58366e8bd07fac9fe277f
+SHA1 (patch-bb) = aeedbec78e30e7d28c02509c934947e6f0d50693
 SHA1 (patch-bc) = 897a79994d90124972afdb9fa803e82520e6ae0e
-SHA1 (patch-zzip_zip.c) = bbceb2ed9cd80620a297d4b8c48624bb2824dafb
diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/patches/patch-aa
--- a/archivers/zziplib/patches/patch-aa        Mon May 15 08:38:34 2017 +0000
+++ b/archivers/zziplib/patches/patch-aa        Mon May 15 08:40:21 2017 +0000
@@ -1,12 +1,12 @@
-$NetBSD: patch-aa,v 1.5 2015/12/08 11:13:04 jperkin Exp $
+$NetBSD: patch-aa,v 1.6 2017/05/15 08:40:21 spz Exp $
 
---- zzip/Makefile.in.orig      2010-03-29 19:40:50.000000000 +0000
+--- zzip/Makefile.in.orig      2017-04-23 23:46:28.000000000 +0000
 +++ zzip/Makefile.in
-@@ -775,6 +775,7 @@ install-data-hook : install-zzipHEADERS
+@@ -892,6 +892,7 @@ install-data-hook : install-zzipHEADERS
        $(DESTDIR)$(includedir)/zzip.h >$(DESTDIR)$(includedir)/zzip-io.h
  
  install-exec-hook:
 +xxx:
        @ for i in . $(DESTDIR)$(libdir)/libzzip*.so.13 \
-         ; do test -d $$i && continue ; lib=`basename "$$i" .so.13` \
-         ; echo "$(DESTDIR)$(libdir): ln -s $$lib.so.13 $$lib.so.10" \
+         ; do test -d $$i && continue ; test -f $$i || continue \
+         ; lib=`basename "$$i" .so.13` \
diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/patches/patch-ba
--- a/archivers/zziplib/patches/patch-ba        Mon May 15 08:38:34 2017 +0000
+++ b/archivers/zziplib/patches/patch-ba        Mon May 15 08:40:21 2017 +0000
@@ -1,20 +1,25 @@
-$NetBSD: patch-ba,v 1.4 2015/12/08 11:13:04 jperkin Exp $
+$NetBSD: patch-ba,v 1.5 2017/05/15 08:40:21 spz Exp $
 
-Use $as_echo to support escape sequences correctly.
-
---- configure.orig     2010-03-29 19:24:41.000000000 +0000
+--- configure.orig     2017-04-23 23:46:28.000000000 +0000
 +++ configure
-@@ -16257,7 +16257,7 @@ fi
- { $as_echo "$as_me:$LINENO: checking link options" >&5
- $as_echo_n "checking link options... " >&6; }
- ZZIPLIB_LDFLAGS=""
--test ".$can_build_shared" != ".no" && ZZIPLIB_LDFLAGS="--export-dynamic"
-+test ".$can_build_shared" != ".no" && ZZIPLIB_LDFLAGS="${EXPORT_SYMBOLS_LDFLAGS}"
- RESOLVES=" # "
- case "$host_os" in mingw*)
-     ZZIPLIB_LDFLAGS="-no-undefined -export-all-symbols -mconsole"
-@@ -20218,24 +20220,24 @@ else
-   { $as_echo "$as_me:$LINENO: creating $ac_prefix_conf_OUT - prefix $ac_prefix_conf_UPP for $ac_prefix_conf_INP defines" >&5
+@@ -13830,13 +13830,14 @@ case "$host_os" in mingw*)
+ ;; *)
+     if test ".$can_build_shared" != ".no" ; then
+       ZZIPLIB_LDFLAGS="-export-dynamic"
+-      if test ".$lt_cv_prog_gnu_ld" == ".yes" ; then
++      if test ".$lt_cv_prog_gnu_ld" = ".yes" ; then
+          ZZIPLIB_LDFLAGS="${wl}--export-dynamic"
+          # TODO: that is for backward compatibility only
+       fi
+     fi
+     RESOLVES=" # "
+ ;; esac
++ZZIPLIB_LDFLAGS="${EXPORT_SYMBOLS_LDFLAGS}"
+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ZZIPLIB_LDFLAGS $RESOLVES" >&5
+ $as_echo "$ZZIPLIB_LDFLAGS $RESOLVES" >&6; }
+ 
+@@ -17539,24 +17542,24 @@ else
+   { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_prefix_conf_OUT - prefix $ac_prefix_conf_UPP for $ac_prefix_conf_INP defines" >&5
  $as_echo "$as_me: creating $ac_prefix_conf_OUT - prefix $ac_prefix_conf_UPP for $ac_prefix_conf_INP defines" >&6;}
    if test -f $ac_prefix_conf_INP ; then
 -    echo "s/^#undef  *\\([ABCDEFGHIJKLMNOPQRSTUVWXYZ_]\\)/#undef $ac_prefix_conf_UPP""_\\1/" > conftest.prefix
@@ -51,10 +56,10 @@
 +    $as_echo '/* once:' $ac_prefix_conf_DEF '*/' >>$tmp/pconfig.h
 +    $as_echo "#endif" >>$tmp/pconfig.h
      if cmp -s $ac_prefix_conf_OUT $tmp/pconfig.h 2>/dev/null; then
-       { $as_echo "$as_me:$LINENO: $ac_prefix_conf_OUT is unchanged" >&5
+       { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_prefix_conf_OUT is unchanged" >&5
  $as_echo "$as_me: $ac_prefix_conf_OUT is unchanged" >&6;}
-@@ -20352,24 +20354,24 @@ else
-   { $as_echo "$as_me:$LINENO: creating $ac_prefix_conf_OUT - prefix $ac_prefix_conf_UPP for $ac_prefix_conf_INP defines" >&5
+@@ -17629,24 +17632,24 @@ else
+   { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_prefix_conf_OUT - prefix $ac_prefix_conf_UPP for $ac_prefix_conf_INP defines" >&5
  $as_echo "$as_me: creating $ac_prefix_conf_OUT - prefix $ac_prefix_conf_UPP for $ac_prefix_conf_INP defines" >&6;}
    if test -f $ac_prefix_conf_INP ; then
 -    echo "s/^#undef  *\\([ABCDEFGHIJKLMNOPQRSTUVWXYZ_]\\)/#undef $ac_prefix_conf_UPP""_\\1/" > conftest.prefix
@@ -91,5 +96,5 @@
 +    $as_echo '/* once:' $ac_prefix_conf_DEF '*/' >>$tmp/pconfig.h
 +    $as_echo "#endif" >>$tmp/pconfig.h
      if cmp -s $ac_prefix_conf_OUT $tmp/pconfig.h 2>/dev/null; then
-       { $as_echo "$as_me:$LINENO: $ac_prefix_conf_OUT is unchanged" >&5
+       { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_prefix_conf_OUT is unchanged" >&5
  $as_echo "$as_me: $ac_prefix_conf_OUT is unchanged" >&6;}
diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/patches/patch-bb
--- a/archivers/zziplib/patches/patch-bb        Mon May 15 08:38:34 2017 +0000
+++ b/archivers/zziplib/patches/patch-bb        Mon May 15 08:40:21 2017 +0000
@@ -1,13 +1,12 @@
-$NetBSD: patch-bb,v 1.3 2010/05/15 06:37:03 adam Exp $
+$NetBSD: patch-bb,v 1.4 2017/05/15 08:40:21 spz Exp $
 
---- configure.ac.orig  2010-03-29 19:24:17.000000000 +0000
+--- configure.ac.orig  2017-04-23 23:46:28.000000000 +0000
 +++ configure.ac
-@@ -279,7 +279,7 @@ AC_SUBST(ZIPTESTS)
- # ---------------------------------------------------------------
- AC_MSG_CHECKING([link options])
- ZZIPLIB_LDFLAGS=""
--test ".$can_build_shared" != ".no" && ZZIPLIB_LDFLAGS="--export-dynamic"
-+test ".$can_build_shared" != ".no" && ZZIPLIB_LDFLAGS="${EXPORT_SYMBOLS_LDFLAGS}"
- RESOLVES=" # "
- case "$host_os" in mingw*)
-     ZZIPLIB_LDFLAGS="-no-undefined -export-all-symbols -mconsole"
+@@ -308,6 +308,7 @@ case "$host_os" in mingw*)
+          # TODO: that is for backward compatibility only
+       fi
+     fi
++    ZZIPLIB_LDFLAGS="${EXPORT_SYMBOLS_LDFLAGS}"
+     RESOLVES=" # "
+ ;; esac
+ AC_MSG_RESULT([$ZZIPLIB_LDFLAGS $RESOLVES])
diff -r 1f7b34307f4f -r 44a4b0c3db88 archivers/zziplib/patches/patch-zzip_zip.c
--- a/archivers/zziplib/patches/patch-zzip_zip.c        Mon May 15 08:38:34 2017 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,27 +0,0 @@
-$NetBSD: patch-zzip_zip.c,v 1.1 2017/02/25 12:16:44 kamil Exp $
-
-Fix inline function error reference:
-work/zziplib-0.13.59/zzip/.libs/libzzip.so: undefined reference to `__zzip_aligned4'
-
-Replace _zzip_inline with regular static inline.
-
---- zzip/zip.c.orig    2009-09-24 21:57:00.000000000 +0000
-+++ zzip/zip.c
-@@ -90,7 +90,7 @@ int __zzip_parse_root_directory(int fd,
-                                 struct zzip_dir_hdr **hdr_return,
-                                 zzip_plugin_io_t io);
- 
--_zzip_inline char *__zzip_aligned4(char *p);
-+static inline char *__zzip_aligned4(char *p);
- 
- /* ------------------------  harden routines ------------------------------ */
- 
-@@ -377,7 +377,7 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
-  * to pointer types but we do need only the lower bits in this implementation,
-  * so we can just cast the value to a long value.
-  */
--_zzip_inline char *
-+static inline char *
- __zzip_aligned4(char *p)
- {
- #define aligned4   __zzip_aligned4



Home | Main Index | Thread Index | Old Index