aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--main/libarchive/APKBUILD23
-rw-r--r--main/libarchive/CVE-2017-5601.patch21
-rw-r--r--main/libarchive/libressl.patch22
3 files changed, 28 insertions, 38 deletions
diff --git a/main/libarchive/APKBUILD b/main/libarchive/APKBUILD
index d976f795ab..e7b4138b8a 100644
--- a/main/libarchive/APKBUILD
+++ b/main/libarchive/APKBUILD
@@ -1,24 +1,17 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libarchive
-pkgver=3.2.2
-pkgrel=1
+pkgver=3.3.1
+pkgrel=0
pkgdesc="library that can create and read several streaming archive formats"
url="http://libarchive.org/"
arch="all"
license="BSD"
-depends=""
-depends_dev="zlib-dev bzip2-dev xz-dev acl-dev libressl-dev expat-dev"
-makedepends="$depends_dev"
+makedepends="zlib-dev bzip2-dev xz-dev lz4-dev acl-dev libressl-dev expat-dev"
subpackages="$pkgname-dev $pkgname-doc $pkgname-tools"
source="http://www.libarchive.org/downloads/$pkgname-$pkgver.tar.gz
- CVE-2017-5601.patch
+ libressl.patch
"
-
-# secfixes:
-# 3.2.2-r1:
-# - CVE-2017-5601.patch
-
builddir="$srcdir/$pkgname-$pkgver"
build () {
@@ -44,9 +37,5 @@ tools() {
mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}
-md5sums="1ec00b7dcaf969dd2a5712f85f23c764 libarchive-3.2.2.tar.gz
-165d8eb95d6083dfd3e8f2453a644497 CVE-2017-5601.patch"
-sha256sums="691c194ee132d1f0f7a42541f091db811bc2e56f7107e9121be2bc8c04f1060f libarchive-3.2.2.tar.gz
-572abfaf0e252f855a500bfc17eb711f26be6e94133a8e3bbf929e49b0450533 CVE-2017-5601.patch"
-sha512sums="a67920c37d49cf9478032d77fc4fa21827cebb96e9b83d9ecb8466328834052e4ab3d3a9bc4e2edf405d6cb14ffd648c9fa100b578257f6e5842c99bbea558a7 libarchive-3.2.2.tar.gz
-c450b0a9eb952b292d3749acd7041b59a0fa72b8f5a284ceaab6665a95336a5b39182addd59628661caf911a6461726ebe1c85c7d39b7d9da84ed6f736ef3e6e CVE-2017-5601.patch"
+sha512sums="90702b393b6f0943f42438e277b257af45eee4fa82420431f6a4f5f48bb846f2a72c8ff084dc3ee9c87bdf8b57f4d8dddf7814870fe2604fe86c55d8d744c164 libarchive-3.3.1.tar.gz
+749cd7ef6ed9e12b3ac1f2ffc302e3d2fca0bf6634f77e7ae155ae1b51415744b908d6a014c1bbf1abc8d1eeee191781a21aebd4dd680dd21e6b96da7e0547f0 libressl.patch"
diff --git a/main/libarchive/CVE-2017-5601.patch b/main/libarchive/CVE-2017-5601.patch
deleted file mode 100644
index 4103c2a02e..0000000000
--- a/main/libarchive/CVE-2017-5601.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-commit 98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
-Author: Martin Matuska <martin@matuska.org>
-Date: Thu Jan 19 22:00:18 2017 +0100
-
- Fail with negative lha->compsize in lha_read_file_header_1()
- Fixes a heap buffer overflow reported in Secunia SA74169
-
-diff --git a/libarchive/archive_read_support_format_lha.c b/libarchive/archive_read_support_format_lha.c
-index 52a5531b..d77a7c2e 100644
---- a/libarchive/archive_read_support_format_lha.c
-+++ b/libarchive/archive_read_support_format_lha.c
-@@ -924,6 +924,9 @@ lha_read_file_header_1(struct archive_read *a, struct lha *lha)
- /* Get a real compressed file size. */
- lha->compsize -= extdsize - 2;
-
-+ if (lha->compsize < 0)
-+ goto invalid; /* Invalid compressed file size */
-+
- if (sum_calculated != headersum) {
- archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
- "LHa header sum error");
diff --git a/main/libarchive/libressl.patch b/main/libarchive/libressl.patch
new file mode 100644
index 0000000000..05b7c1b4eb
--- /dev/null
+++ b/main/libarchive/libressl.patch
@@ -0,0 +1,22 @@
+--- a/libarchive/archive_openssl_hmac_private.h
++++ b/libarchive/archive_openssl_hmac_private.h
+@@ -28,7 +28,7 @@
+ #include <openssl/hmac.h>
+ #include <openssl/opensslv.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #include <stdlib.h> /* malloc, free */
+ #include <string.h> /* memset */
+ static inline HMAC_CTX *HMAC_CTX_new(void)
+--- a/libarchive/archive_openssl_evp_private.h
++++ b/libarchive/archive_openssl_evp_private.h
+@@ -28,7 +28,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/opensslv.h>
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #include <stdlib.h> /* malloc, free */
+ #include <string.h> /* memset */
+ static inline EVP_MD_CTX *EVP_MD_CTX_new(void)