svn commit: r452586 - in branches/2017Q4/archivers/arj: . files
Alex Kozlov
ak at FreeBSD.org
Sat Oct 21 10:48:21 UTC 2017
Author: ak
Date: Sat Oct 21 10:48:20 2017
New Revision: 452586
URL: https://svnweb.freebsd.org/changeset/ports/452586
Log:
MFH: r452421
- Fix buffer overflow (CVE-2015-2782)
- Fix absolute path directory traversal (CVE-2015-0557)
- Fix symlink directory traversal (CVE-2015-0556)
- Fix build on armv6
- Fix parallel build
- Make build reproducible
PR: 221589
Submitted by: mikael.urankar at gmail.com
Obtained from: debian patchset 16
Approved by: garga (maintainer)
Approved by: ports-secteam (security, build fix blanket)
Added:
branches/2017Q4/archivers/arj/files/patch-arjtypes.c
- copied unchanged from r452421, head/archivers/arj/files/patch-arjtypes.c
Deleted:
branches/2017Q4/archivers/arj/files/patch-arj__arcv.c
branches/2017Q4/archivers/arj/files/patch-arj__proc.c
branches/2017Q4/archivers/arj/files/patch-arj__proc.h
branches/2017Q4/archivers/arj/files/patch-fardata.c
Modified:
branches/2017Q4/archivers/arj/Makefile
branches/2017Q4/archivers/arj/distinfo
Directory Properties:
branches/2017Q4/ (props changed)
Modified: branches/2017Q4/archivers/arj/Makefile
==============================================================================
--- branches/2017Q4/archivers/arj/Makefile Sat Oct 21 10:36:05 2017 (r452585)
+++ branches/2017Q4/archivers/arj/Makefile Sat Oct 21 10:48:20 2017 (r452586)
@@ -3,9 +3,12 @@
PORTNAME= arj
PORTVERSION= 3.10.22
-PORTREVISION= 4
+PORTREVISION= 5
CATEGORIES= archivers
-MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022
+MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022:source \
+ DEBIAN_POOL:patch
+DISTFILES= ${PORTNAME}-${PORTVERSION}.tar.gz:source \
+ ${PORTNAME}_${PORTVERSION}-16.debian.tar.xz:patch
MAINTAINER= garga at FreeBSD.org
COMMENT= Open source implementation of the ARJ archiver
@@ -14,6 +17,17 @@ LICENSE= GPLv2
PORTSCOUT= skipv:3.10g
+EXTRA_PATCHES= ${WRKDIR}/debian/patches/*.patch
+IGNORE_PATCHES= 002_no_remove_static_const.patch \
+ doc_refer_robert_k_jung.patch \
+ gnu_build_cross.patch \
+ gnu_build_fix.patch \
+ gnu_build_flags.patch \
+ gnu_build_pie.patch \
+ gnu_build_strip.patch \
+ hurd_no_fcntl_getlk.patch
+PATCH_STRIP= -p1
+
USES= alias gmake
USE_AUTOTOOLS= autoconf
CONFIGURE_WRKSRC= ${WRKSRC}/gnu
@@ -21,7 +35,6 @@ MAKEFILE= GNUmakefile
MAKE_ARGS= LOCALE="${LANGUAGE}"
ALL_TARGET= prepare all
STRIP= # empty
-MAKE_JOBS_UNSAFE= yes
CFLAGS+= -fPIC
LANGUAGE?= en
@@ -29,6 +42,9 @@ LANGUAGE?= en
PORTDOCS= *
OPTIONS_DEFINE= DOCS
+
+pre-patch:
+ @${RM} ${IGNORE_PATCHES:S,^,${WRKDIR}/debian/patches/,}
post-patch:
@${REINPLACE_CMD} -e 's!/etc!${LOCALBASE}/etc!' \
Modified: branches/2017Q4/archivers/arj/distinfo
==============================================================================
--- branches/2017Q4/archivers/arj/distinfo Sat Oct 21 10:36:05 2017 (r452585)
+++ branches/2017Q4/archivers/arj/distinfo Sat Oct 21 10:48:20 2017 (r452586)
@@ -1,2 +1,5 @@
+TIMESTAMP = 1508345026
SHA256 (arj-3.10.22.tar.gz) = 589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db
SIZE (arj-3.10.22.tar.gz) = 431467
+SHA256 (arj_3.10.22-16.debian.tar.xz) = 2d9cc5aeb2ac44d000d2e3399846f1c3ce468e17e3af4bfb505b9a6eaf88a502
+SIZE (arj_3.10.22-16.debian.tar.xz) = 19452
Copied: branches/2017Q4/archivers/arj/files/patch-arjtypes.c (from r452421, head/archivers/arj/files/patch-arjtypes.c)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/2017Q4/archivers/arj/files/patch-arjtypes.c Sat Oct 21 10:48:20 2017 (r452586, copy of r452421, head/archivers/arj/files/patch-arjtypes.c)
@@ -0,0 +1,15 @@
+--- arjtypes.c 2005-06-23 UTC
++++ arjtypes.c
+@@ -138,8 +138,11 @@ static int isleapyear(int year)
+ static unsigned long ts_unix2dos(const long ts)
+ {
+ struct tm *stm;
++ time_t _ts;
+
+- stm=arj_localtime((time_t*)&ts);
++ _ts = ts;
++
++ stm=arj_localtime(&_ts);
+ return(get_tstamp(stm->tm_year+1900, stm->tm_mon+1, stm->tm_mday,
+ stm->tm_hour, stm->tm_min, stm->tm_sec));
+ }
More information about the svn-ports-all
mailing list