svn commit: r452421 - in head/archivers/arj: . files
Alex Kozlov
ak at FreeBSD.org
Thu Oct 19 13:47:43 UTC 2017
Author: ak
Date: Thu Oct 19 13:47:42 2017
New Revision: 452421
URL: https://svnweb.freebsd.org/changeset/ports/452421
Log:
- Fix buffer overflow (CVE-2015-2782)
- Fix absolute path directory traversal (CVE-2015-0557)
- Fix symlink directory traversal (CVE-2015-0556)
- Fix build on armv6
- Fix parallel build
- Make build reproducible
PR: 221589
Submitted by: mikael.urankar at gmail.com
Obtained from: debian patchset 16
Approved by: garga (maintainer)
Added:
head/archivers/arj/files/patch-arjtypes.c (contents, props changed)
Deleted:
head/archivers/arj/files/patch-arj__arcv.c
head/archivers/arj/files/patch-arj__proc.c
head/archivers/arj/files/patch-arj__proc.h
head/archivers/arj/files/patch-fardata.c
Modified:
head/archivers/arj/Makefile
head/archivers/arj/distinfo
Modified: head/archivers/arj/Makefile
==============================================================================
--- head/archivers/arj/Makefile Thu Oct 19 13:33:34 2017 (r452420)
+++ head/archivers/arj/Makefile Thu Oct 19 13:47:42 2017 (r452421)
@@ -3,9 +3,12 @@
PORTNAME= arj
PORTVERSION= 3.10.22
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= archivers
-MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022
+MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022:source \
+ DEBIAN_POOL:patch
+DISTFILES= ${PORTNAME}-${PORTVERSION}.tar.gz:source \
+ ${PORTNAME}_${PORTVERSION}-16.debian.tar.xz:patch
MAINTAINER= garga at FreeBSD.org
COMMENT= Open source implementation of the ARJ archiver
@@ -14,6 +17,17 @@ LICENSE= GPLv2
PORTSCOUT= skipv:3.10g
+EXTRA_PATCHES= ${WRKDIR}/debian/patches/*.patch
+IGNORE_PATCHES= 002_no_remove_static_const.patch \
+ doc_refer_robert_k_jung.patch \
+ gnu_build_cross.patch \
+ gnu_build_fix.patch \
+ gnu_build_flags.patch \
+ gnu_build_pie.patch \
+ gnu_build_strip.patch \
+ hurd_no_fcntl_getlk.patch
+PATCH_STRIP= -p1
+
USES= alias gmake
USE_AUTOTOOLS= autoconf
CONFIGURE_WRKSRC= ${WRKSRC}/gnu
@@ -21,7 +35,6 @@ MAKEFILE= GNUmakefile
MAKE_ARGS= LOCALE="${LANGUAGE}"
ALL_TARGET= prepare all
STRIP= # empty
-MAKE_JOBS_UNSAFE= yes
CFLAGS+= -fPIC
LANGUAGE?= en
@@ -29,6 +42,9 @@ LANGUAGE?= en
PORTDOCS= *
OPTIONS_DEFINE= DOCS
+
+pre-patch:
+ @${RM} ${IGNORE_PATCHES:S,^,${WRKDIR}/debian/patches/,}
post-patch:
@${REINPLACE_CMD} -e 's!/etc!${LOCALBASE}/etc!' \
Modified: head/archivers/arj/distinfo
==============================================================================
--- head/archivers/arj/distinfo Thu Oct 19 13:33:34 2017 (r452420)
+++ head/archivers/arj/distinfo Thu Oct 19 13:47:42 2017 (r452421)
@@ -1,2 +1,5 @@
+TIMESTAMP = 1508345026
SHA256 (arj-3.10.22.tar.gz) = 589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db
SIZE (arj-3.10.22.tar.gz) = 431467
+SHA256 (arj_3.10.22-16.debian.tar.xz) = 2d9cc5aeb2ac44d000d2e3399846f1c3ce468e17e3af4bfb505b9a6eaf88a502
+SIZE (arj_3.10.22-16.debian.tar.xz) = 19452
Added: head/archivers/arj/files/patch-arjtypes.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/archivers/arj/files/patch-arjtypes.c Thu Oct 19 13:47:42 2017 (r452421)
@@ -0,0 +1,15 @@
+--- arjtypes.c 2005-06-23 UTC
++++ arjtypes.c
+@@ -138,8 +138,11 @@ static int isleapyear(int year)
+ static unsigned long ts_unix2dos(const long ts)
+ {
+ struct tm *stm;
++ time_t _ts;
+
+- stm=arj_localtime((time_t*)&ts);
++ _ts = ts;
++
++ stm=arj_localtime(&_ts);
+ return(get_tstamp(stm->tm_year+1900, stm->tm_mon+1, stm->tm_mday,
+ stm->tm_hour, stm->tm_min, stm->tm_sec));
+ }
More information about the svn-ports-all
mailing list