svn commit: r452586 - in branches/2017Q4/archivers/arj: . files

Alex Kozlov ak at FreeBSD.org
Sat Oct 21 10:48:21 UTC 2017 

Author: ak
Date: Sat Oct 21 10:48:20 2017
New Revision: 452586
URL: https://svnweb.freebsd.org/changeset/ports/452586

Log:
  MFH: r452421
  
  - Fix buffer overflow (CVE-2015-2782)
  - Fix absolute path directory traversal (CVE-2015-0557)
  - Fix symlink directory traversal (CVE-2015-0556)
  - Fix build on armv6
  - Fix parallel build
  - Make build reproducible
  
  PR:	221589
  Submitted by:	mikael.urankar at gmail.com
  Obtained from:	debian patchset 16
  Approved by:	garga (maintainer)
  
  Approved by:	ports-secteam (security, build fix blanket)

Added:
  branches/2017Q4/archivers/arj/files/patch-arjtypes.c
     - copied unchanged from r452421, head/archivers/arj/files/patch-arjtypes.c
Deleted:
  branches/2017Q4/archivers/arj/files/patch-arj__arcv.c
  branches/2017Q4/archivers/arj/files/patch-arj__proc.c
  branches/2017Q4/archivers/arj/files/patch-arj__proc.h
  branches/2017Q4/archivers/arj/files/patch-fardata.c
Modified:
  branches/2017Q4/archivers/arj/Makefile
  branches/2017Q4/archivers/arj/distinfo
Directory Properties:
  branches/2017Q4/   (props changed)

Modified: branches/2017Q4/archivers/arj/Makefile
==============================================================================
--- branches/2017Q4/archivers/arj/Makefile	Sat Oct 21 10:36:05 2017	(r452585)
+++ branches/2017Q4/archivers/arj/Makefile	Sat Oct 21 10:48:20 2017	(r452586)
@@ -3,9 +3,12 @@
 
 PORTNAME=	arj
 PORTVERSION=	3.10.22
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	archivers
-MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022
+MASTER_SITES=	SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022:source \
+		DEBIAN_POOL:patch
+DISTFILES=	${PORTNAME}-${PORTVERSION}.tar.gz:source \
+		${PORTNAME}_${PORTVERSION}-16.debian.tar.xz:patch
 
 MAINTAINER=	garga at FreeBSD.org
 COMMENT=	Open source implementation of the ARJ archiver
@@ -14,6 +17,17 @@ LICENSE=	GPLv2
 
 PORTSCOUT=	skipv:3.10g
 
+EXTRA_PATCHES=	${WRKDIR}/debian/patches/*.patch
+IGNORE_PATCHES=	002_no_remove_static_const.patch  \
+		doc_refer_robert_k_jung.patch \
+		gnu_build_cross.patch \
+		gnu_build_fix.patch \
+		gnu_build_flags.patch \
+		gnu_build_pie.patch \
+		gnu_build_strip.patch \
+		hurd_no_fcntl_getlk.patch
+PATCH_STRIP=	-p1
+
 USES=		alias gmake
 USE_AUTOTOOLS=	autoconf
 CONFIGURE_WRKSRC=	${WRKSRC}/gnu
@@ -21,7 +35,6 @@ MAKEFILE=	GNUmakefile
 MAKE_ARGS=	LOCALE="${LANGUAGE}"
 ALL_TARGET=	prepare all
 STRIP=		# empty
-MAKE_JOBS_UNSAFE=	yes
 
 CFLAGS+=	-fPIC
 LANGUAGE?=	en
@@ -29,6 +42,9 @@ LANGUAGE?=	en
 PORTDOCS=	*
 
 OPTIONS_DEFINE=	DOCS
+
+pre-patch:
+	@${RM} ${IGNORE_PATCHES:S,^,${WRKDIR}/debian/patches/,}
 
 post-patch:
 	@${REINPLACE_CMD} -e 's!/etc!${LOCALBASE}/etc!' \

Modified: branches/2017Q4/archivers/arj/distinfo
==============================================================================
--- branches/2017Q4/archivers/arj/distinfo	Sat Oct 21 10:36:05 2017	(r452585)
+++ branches/2017Q4/archivers/arj/distinfo	Sat Oct 21 10:48:20 2017	(r452586)
@@ -1,2 +1,5 @@
+TIMESTAMP = 1508345026
 SHA256 (arj-3.10.22.tar.gz) = 589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db
 SIZE (arj-3.10.22.tar.gz) = 431467
+SHA256 (arj_3.10.22-16.debian.tar.xz) = 2d9cc5aeb2ac44d000d2e3399846f1c3ce468e17e3af4bfb505b9a6eaf88a502
+SIZE (arj_3.10.22-16.debian.tar.xz) = 19452

Copied: branches/2017Q4/archivers/arj/files/patch-arjtypes.c (from r452421, head/archivers/arj/files/patch-arjtypes.c)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2017Q4/archivers/arj/files/patch-arjtypes.c	Sat Oct 21 10:48:20 2017	(r452586, copy of r452421, head/archivers/arj/files/patch-arjtypes.c)
@@ -0,0 +1,15 @@
+--- arjtypes.c	2005-06-23 UTC
++++ arjtypes.c
+@@ -138,8 +138,11 @@ static int isleapyear(int year)
+ static unsigned long ts_unix2dos(const long ts)
+ {
+  struct tm *stm;
++ time_t _ts;
+ 
+- stm=arj_localtime((time_t*)&ts);
++ _ts = ts;
++
++ stm=arj_localtime(&_ts);
+  return(get_tstamp(stm->tm_year+1900, stm->tm_mon+1, stm->tm_mday,
+         stm->tm_hour, stm->tm_min, stm->tm_sec));
+ }

More information about the svn-ports-branches mailing list