diff options
-rw-r--r-- | main/libarchive/APKBUILD | 23 | ||||
-rw-r--r-- | main/libarchive/CVE-2017-5601.patch | 21 | ||||
-rw-r--r-- | main/libarchive/libressl.patch | 22 |
3 files changed, 28 insertions, 38 deletions
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD index d976f795ab..e7b4138b8a 100644 --- a/main/libarchive/APKBUILD +++ b/main/libarchive/APKBUILD @@ -1,24 +1,17 @@ # Contributor: Sergei Lukin <sergej.lukin@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=libarchive -pkgver=3.2.2 -pkgrel=1 +pkgver=3.3.1 +pkgrel=0 pkgdesc="library that can create and read several streaming archive formats" url="http://libarchive.org/" arch="all" license="BSD" -depends="" -depends_dev="zlib-dev bzip2-dev xz-dev acl-dev libressl-dev expat-dev" -makedepends="$depends_dev" +makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev libressl-dev expat-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-tools" source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz - CVE-2017-5601.patch + libressl.patch " - -# secfixes: -# 3.2.2-r1: -# - CVE-2017-5601.patch - builddir="$srcdir/$pkgname-$pkgver" build () { @@ -44,9 +37,5 @@ tools() { mv "$pkgdir"/usr/bin "$subpkgdir"/usr/ } -md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz -165d8eb95d6083dfd3e8f2453a644497 CVE-2017-5601.patch" -sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz -572abfaf0e252f855a500bfc17eb711f26be6e94133a8e3bbf929e49b0450533 CVE-2017-5601.patch" -sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz -c450b0a9eb952b292d3749acd7041b59a0fa72b8f5a284ceaab6665a95336a5b39182addd59628661caf911a6461726ebe1c85c7d39b7d9da84ed6f736ef3e6e CVE-2017-5601.patch" +sha512sums="90702b393b6f0943f42438e277b257af45eee4fa82420431f6a4f5f48bb846f2a72c8ff084dc3ee9c87bdf8b57f4d8dddf7814870fe2604fe86c55d8d744c164 libarchive-3.3.1.tar.gz +749cd7ef6ed9e12b3ac1f2ffc302e3d2fca0bf6634f77e7ae155ae1b51415744b908d6a014c1bbf1abc8d1eeee191781a21aebd4dd680dd21e6b96da7e0547f0 libressl.patch" diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch deleted file mode 100644 index 4103c2a02e..0000000000 --- a/main/libarchive/CVE-2017-5601.patch +++ /dev/null @@ -1,21 +0,0 @@ -commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9 -Author: Martin Matuska <martin@matuska.org> -Date: Thu Jan 19 22:00:18 2017 +0100 - - Fail with negative lha->compsize in lha_read_file_header_1() - Fixes a heap buffer overflow reported in Secunia SA74169 - -diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c -index 52a5531b..d77a7c2e 100644 ---- a/libarchive/archive_read_support_format_lha.c -+++ b/libarchive/archive_read_support_format_lha.c -@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha) - /* Get a real compressed file size. */ - lha->compsize -= extdsize - 2; - -+ if (lha->compsize < 0) -+ goto invalid; /* Invalid compressed file size */ -+ - if (sum_calculated != headersum) { - archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC, - "LHa header sum error"); diff --git a/main/libarchive/libressl.patch b/main/libarchive/libressl.patch new file mode 100644 index 0000000000..05b7c1b4eb --- /dev/null +++ b/main/libarchive/libressl.patch @@ -0,0 +1,22 @@ +--- a/libarchive/archive_openssl_hmac_private.h ++++ b/libarchive/archive_openssl_hmac_private.h +@@ -28,7 +28,7 @@ + #include <openssl/hmac.h> + #include <openssl/opensslv.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #include <stdlib.h> /* malloc, free */ + #include <string.h> /* memset */ + static inline HMAC_CTX *HMAC_CTX_new(void) +--- a/libarchive/archive_openssl_evp_private.h ++++ b/libarchive/archive_openssl_evp_private.h +@@ -28,7 +28,7 @@ + #include <openssl/evp.h> + #include <openssl/opensslv.h> + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + #include <stdlib.h> /* malloc, free */ + #include <string.h> /* memset */ + static inline EVP_MD_CTX *EVP_MD_CTX_new(void) |