diff options
| author |   Andreas Sturmlechner <asturm@gentoo.org> | 2017-08-24 19:12:33 +0200 |
|---|---|---|
| committer | Andreas Sturmlechner <asturm@gentoo.org> | 2017-08-24 19:16:40 +0200 |
| commit | 8ae28c0fa697b98cc15aace97cf1668df29b5fd7 (patch) | |
| tree | ed7bbf2d595990b92cc5fed2113cc722ec61c34a /dev-libs | |
| parent | app-text/xdvik: [QA] Use relative symlink target(s) (diff) | |
| download | gentoo-8ae28c0fa697b98cc15aace97cf1668df29b5fd7.tar.gz gentoo-8ae28c0fa697b98cc15aace97cf1668df29b5fd7.tar.bz2 gentoo-8ae28c0fa697b98cc15aace97cf1668df29b5fd7.zip | |
dev-libs/libzip: Security revbump for CVE-2017-12858
Package-Manager: Portage-2.3.6, Repoman-2.3.1
Diffstat (limited to 'dev-libs')
| -rw-r--r-- | dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch | 37 | ||||
| -rw-r--r-- | dev-libs/libzip/libzip-1.2.0-r1.ebuild | 40 |
2 files changed, 77 insertions, 0 deletions
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch new file mode 100644 index 000000000000..b7586e45a568 --- /dev/null +++ b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch @@ -0,0 +1,37 @@ +From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001 +From: Thomas Klausner <tk@giga.or.at> +Date: Mon, 14 Aug 2017 10:55:44 +0200 +Subject: [PATCH] Fix double free(). + +Found by Brian 'geeknik' Carpenter using AFL. +--- + THANKS | 1 + + lib/zip_dirent.c | 3 --- + 2 files changed, 1 insertion(+), 3 deletions(-) + +diff --git a/THANKS b/THANKS +index be0cca9..a80ee1d 100644 +--- a/THANKS ++++ b/THANKS +@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu> + Benjamin Gilbert <bgilbert@backtick.net> + Boaz Stolk <bstolk@aweta.nl> + Bogdan <bogiebog@gmail.com> ++Brian 'geeknik' Carpenter <geeknik@protonmail.ch> + Chris Nehren <cnehren+libzip@pobox.com> + Coverity <info@coverity.com> + Dane Springmeyer <dane.springmeyer@gmail.com> +diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c +index a369900..e5a7cc9 100644 +--- a/lib/zip_dirent.c ++++ b/lib/zip_dirent.c +@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo + } + + if (!_zip_dirent_process_winzip_aes(zde, error)) { +- if (!from_buffer) { +- _zip_buffer_free(buffer); +- } + return -1; + } +
\ No newline at end of file diff --git a/dev-libs/libzip/libzip-1.2.0-r1.ebuild b/dev-libs/libzip/libzip-1.2.0-r1.ebuild new file mode 100644 index 000000000000..61f933dcd36c --- /dev/null +++ b/dev-libs/libzip/libzip-1.2.0-r1.ebuild @@ -0,0 +1,40 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools + +DESCRIPTION="Library for manipulating zip archives" +HOMEPAGE="http://www.nih.at/libzip/" +SRC_URI="http://www.nih.at/libzip/${P}.tar.xz" + +LICENSE="BSD" +SLOT="0/5" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos" +IUSE="static-libs" + +RDEPEND=" + sys-libs/zlib + elibc_musl? ( sys-libs/fts-standalone ) +" +DEPEND="${RDEPEND}" + +DOCS=( AUTHORS NEWS.md API-CHANGES THANKS ) + +PATCHES=( + "${FILESDIR}/${P}-headers.patch" + "${FILESDIR}/${P}-fts.patch" + "${FILESDIR}/${P}-CVE-2017-12858.patch" +) + +src_prepare() { + default + eautoreconf +} + +src_install() { + default + use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die + find "${D}" -name '*.la' -delete || die +} |