[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
04/14: gnu: libarchive: Remove graft for 3.3.3.
From: |
guix-commits |
Subject: |
04/14: gnu: libarchive: Remove graft for 3.3.3. |
Date: |
Thu, 7 Feb 2019 18:02:42 -0500 (EST) |
mbakke pushed a commit to branch core-updates
in repository guix.
commit a5be549e393962764a9df590dc5ba6a314bfe866
Author: Marius Bakke <address@hidden>
Date: Thu Feb 7 21:31:23 2019 +0100
gnu: libarchive: Remove graft for 3.3.3.
* gnu/packages/patches/libarchive-CVE-2017-14166.patch,
gnu/packages/patches/libarchive-CVE-2017-14502.patch: Delete files.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/backup.scm (libarchive): Update to 3.3.3.
[source](patches): Adjust for 3.3.3.
[replacement]: Remove field.
(libarchive-3.3.3): Remove variable.
---
gnu/local.mk | 2 -
gnu/packages/backup.scm | 26 +++----------
.../patches/libarchive-CVE-2017-14166.patch | 45 ----------------------
.../patches/libarchive-CVE-2017-14502.patch | 40 -------------------
4 files changed, 5 insertions(+), 108 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 9544297..45f108e 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -943,8 +943,6 @@ dist_patch_DATA =
\
%D%/packages/patches/liba52-link-with-libm.patch \
%D%/packages/patches/liba52-set-soname.patch \
%D%/packages/patches/liba52-use-mtune-not-mcpu.patch \
- %D%/packages/patches/libarchive-CVE-2017-14166.patch \
- %D%/packages/patches/libarchive-CVE-2017-14502.patch \
%D%/packages/patches/libarchive-CVE-2018-1000877.patch \
%D%/packages/patches/libarchive-CVE-2018-1000878.patch \
%D%/packages/patches/libarchive-CVE-2018-1000880.patch \
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index c312f23..45b1be2 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -197,18 +197,18 @@ backups (called chunks) to allow easy burning to CD/DVD.")
(define-public libarchive
(package
(name "libarchive")
- (replacement libarchive-3.3.3)
- (version "3.3.2")
+ (version "3.3.3")
(source
(origin
(method url-fetch)
(uri (string-append "https://libarchive.org/downloads/libarchive-"
version ".tar.gz"))
- (patches (search-patches "libarchive-CVE-2017-14166.patch"
- "libarchive-CVE-2017-14502.patch"))
+ (patches (search-patches "libarchive-CVE-2018-1000877.patch"
+ "libarchive-CVE-2018-1000878.patch"
+ "libarchive-CVE-2018-1000880.patch"))
(sha256
(base32
- "1km0mzfl6in7l5vz9kl09a88ajx562rw93ng9h2jqavrailvsbgd"))))
+ "0bhfncid058p7n1n8v29l6wxm3mhdqfassscihbsxfwz3iwb2zms"))))
(build-system gnu-build-system)
(inputs
`(("zlib" ,zlib)
@@ -274,22 +274,6 @@ archive. In particular, note that there is currently no
built-in support for
random access nor for in-place modification.")
(license license:bsd-2)))
-(define-public libarchive-3.3.3
- (package
- (inherit libarchive)
- (version "3.3.3")
- (source
- (origin
- (method url-fetch)
- (uri (string-append "https://libarchive.org/downloads/libarchive-"
- version ".tar.gz"))
- (patches (search-patches "libarchive-CVE-2018-1000877.patch"
- "libarchive-CVE-2018-1000878.patch"
- "libarchive-CVE-2018-1000880.patch"))
- (sha256
- (base32
- "0bhfncid058p7n1n8v29l6wxm3mhdqfassscihbsxfwz3iwb2zms"))))))
-
(define-public rdup
(package
(name "rdup")
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14166.patch
b/gnu/packages/patches/libarchive-CVE-2017-14166.patch
deleted file mode 100644
index a122848..0000000
--- a/gnu/packages/patches/libarchive-CVE-2017-14166.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Fix CVE-2017-14166:
-
-https://github.com/libarchive/libarchive/issues/935
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166
-
-Patch copied from upstream source repository:
-
-https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
-
-From fa7438a0ff4033e4741c807394a9af6207940d71 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <address@hidden>
-Date: Tue, 5 Sep 2017 18:12:19 +0200
-Subject: [PATCH] Do something sensible for empty strings to make fuzzers
- happy.
-
----
- libarchive/archive_read_support_format_xar.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_read_support_format_xar.c
b/libarchive/archive_read_support_format_xar.c
-index 7a22beb9d..93eeacc5e 100644
---- a/libarchive/archive_read_support_format_xar.c
-+++ b/libarchive/archive_read_support_format_xar.c
-@@ -1040,6 +1040,9 @@ atol10(const char *p, size_t char_cnt)
- uint64_t l;
- int digit;
-
-+ if (char_cnt == 0)
-+ return (0);
-+
- l = 0;
- digit = *p - '0';
- while (digit >= 0 && digit < 10 && char_cnt-- > 0) {
-@@ -1054,7 +1057,10 @@ atol8(const char *p, size_t char_cnt)
- {
- int64_t l;
- int digit;
--
-+
-+ if (char_cnt == 0)
-+ return (0);
-+
- l = 0;
- while (char_cnt-- > 0) {
- if (*p >= '0' && *p <= '7')
diff --git a/gnu/packages/patches/libarchive-CVE-2017-14502.patch
b/gnu/packages/patches/libarchive-CVE-2017-14502.patch
deleted file mode 100644
index 8e0508a..0000000
--- a/gnu/packages/patches/libarchive-CVE-2017-14502.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix CVE-2017-14502:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502
-https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
-
-Patch copied from upstream source repository:
-
-https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
-
-From 5562545b5562f6d12a4ef991fae158bf4ccf92b6 Mon Sep 17 00:00:00 2001
-From: Joerg Sonnenberger <address@hidden>
-Date: Sat, 9 Sep 2017 17:47:32 +0200
-Subject: [PATCH] Avoid a read off-by-one error for UTF16 names in RAR
- archives.
-
-Reported-By: OSS-Fuzz issue 573
----
- libarchive/archive_read_support_format_rar.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/libarchive/archive_read_support_format_rar.c
b/libarchive/archive_read_support_format_rar.c
-index cbb14c32..751de697 100644
---- a/libarchive/archive_read_support_format_rar.c
-+++ b/libarchive/archive_read_support_format_rar.c
-@@ -1496,7 +1496,11 @@ read_header(struct archive_read *a, struct
archive_entry *entry,
- return (ARCHIVE_FATAL);
- }
- filename[filename_size++] = '\0';
-- filename[filename_size++] = '\0';
-+ /*
-+ * Do not increment filename_size here as the computations below
-+ * add the space for the terminating NUL explicitly.
-+ */
-+ filename[filename_size] = '\0';
-
- /* Decoded unicode form is UTF-16BE, so we have to update a string
- * conversion object for it. */
---
-2.15.1
-
- branch core-updates updated (8ad8568 -> df2bf40), guix-commits, 2019/02/07
- 01/14: gnu: file: Incorporate grafted changes., guix-commits, 2019/02/07
- 02/14: gnu: sqlite: Remove graft for 3.26.0., guix-commits, 2019/02/07
- 03/14: gnu: python2: Incorporate grafted changes., guix-commits, 2019/02/07
- 05/14: gnu: bison: Update to 3.3.2., guix-commits, 2019/02/07
- 07/14: gnu: binutils: Update to 2.32., guix-commits, 2019/02/07
- 04/14: gnu: libarchive: Remove graft for 3.3.3.,
guix-commits <=
- 13/14: gnu: libxml2: Update to 2.9.9., guix-commits, 2019/02/07
- 10/14: gnu: pcre2: Update to 10.32., guix-commits, 2019/02/07
- 11/14: gnu: python: Update to 3.7.2., guix-commits, 2019/02/07
- 12/14: gnu: openssl: Update to 1.0.2q., guix-commits, 2019/02/07
- 14/14: gnu: libxslt: Update to 1.1.33., guix-commits, 2019/02/07
- 06/14: gnu: mpfr: Update to 4.0.2., guix-commits, 2019/02/07
- 09/14: gnu: mit-krb5: Update to 1.17., guix-commits, 2019/02/07
- 08/14: gnu: libpng: Update to 1.6.36., guix-commits, 2019/02/07