diff --git a/srcpkgs/zziplib/patches/CVE-2017-5974.patch b/srcpkgs/zziplib/patches/CVE-2017-5974.patch deleted file mode 100644 index 8de66daa013..00000000000 --- a/srcpkgs/zziplib/patches/CVE-2017-5974.patch +++ /dev/null @@ -1,22 +0,0 @@ -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zzip/memdisk.c -+++ zzip/memdisk.c -@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - /* override sizes/offsets with zip64 values for largefile support */ - zzip_extra_zip64 *block = (zzip_extra_zip64 *) - zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64); -- if (block) -+ if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4)) - { -- item->zz_usize = __zzip_get64(block->z_usize); -- item->zz_csize = __zzip_get64(block->z_csize); -- item->zz_offset = __zzip_get64(block->z_offset); -- item->zz_diskstart = __zzip_get32(block->z_diskstart); -+ item->zz_usize = ZZIP_GET64(block->z_usize); -+ item->zz_csize = ZZIP_GET64(block->z_csize); -+ item->zz_offset = ZZIP_GET64(block->z_offset); -+ item->zz_diskstart = ZZIP_GET32(block->z_diskstart); - } - } - /* NOTE: diff --git a/srcpkgs/zziplib/patches/CVE-2017-5975.patch b/srcpkgs/zziplib/patches/CVE-2017-5975.patch deleted file mode 100644 index 87d48901b3f..00000000000 --- a/srcpkgs/zziplib/patches/CVE-2017-5975.patch +++ /dev/null @@ -1,26 +0,0 @@ -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zzip/memdisk.c -+++ zzip/memdisk.c -@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - return 0; /* errno=ENOMEM; */ - ___ struct zzip_file_header *header = - zzip_disk_entry_to_file_header(disk, entry); -+ if (!header) -+ { free(item); return 0; } - /* there is a number of duplicated information in the file header - * or the disk entry block. Theoretically some part may be missing - * that exists in the other, ... but we will prefer the disk entry. -Index: zziplib-0.13.62/zzip/mmapped.c -=================================================================== ---- zzip/mmapped.c -+++ zzip/mmapped.c -@@ -289,6 +289,8 @@ zzip_disk_entry_to_file_header(ZZIP_DISK - (disk->buffer + zzip_disk_entry_fileoffset(entry)); - if (disk->buffer > file_header || file_header >= disk->endbuf) - return 0; -+ if (ZZIP_GET32(file_header) != ZZIP_FILE_HEADER_MAGIC) -+ return 0; - return (struct zzip_file_header *) file_header; - } - diff --git a/srcpkgs/zziplib/patches/CVE-2017-5976.patch b/srcpkgs/zziplib/patches/CVE-2017-5976.patch deleted file mode 100644 index 42bad444351..00000000000 --- a/srcpkgs/zziplib/patches/CVE-2017-5976.patch +++ /dev/null @@ -1,55 +0,0 @@ -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zzip/memdisk.c -+++ zzip/memdisk.c -@@ -201,6 +201,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - { - void *mem = malloc(ext1 + 2); - item->zz_ext[1] = mem; -+ item->zz_extlen[1] = ext1 + 2; - memcpy(mem, ptr1, ext1); - ((char *) (mem))[ext1 + 0] = 0; - ((char *) (mem))[ext1 + 1] = 0; -@@ -209,6 +210,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - { - void *mem = malloc(ext2 + 2); - item->zz_ext[2] = mem; -+ item->zz_extlen[2] = ext2 + 2; - memcpy(mem, ptr2, ext2); - ((char *) (mem))[ext2 + 0] = 0; - ((char *) (mem))[ext2 + 1] = 0; -@@ -245,8 +247,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR - while (1) - { - ZZIP_EXTRA_BLOCK *ext = entry->zz_ext[i]; -- if (ext) -+ if (ext && (entry->zz_extlen[i] >= zzip_extra_block_headerlength)) - { -+ char *endblock = (char *)ext + entry->zz_extlen[i]; -+ - while (*(short *) (ext->z_datatype)) - { - if (datatype == zzip_extra_block_get_datatype(ext)) -@@ -257,6 +261,10 @@ zzip_mem_entry_extra_block(ZZIP_MEM_ENTR - e += zzip_extra_block_headerlength; - e += zzip_extra_block_get_datasize(ext); - ext = (void *) e; -+ if (e >= endblock) -+ { -+ break; -+ } - ____; - } - } -Index: zziplib-0.13.62/zzip/memdisk.h -=================================================================== ---- zzip/memdisk.h -+++ zzip/memdisk.h -@@ -66,6 +66,7 @@ struct _zzip_mem_entry { - int zz_filetype; /* (from "z_filetype") */ - char* zz_comment; /* zero-terminated (from "comment") */ - ZZIP_EXTRA_BLOCK* zz_ext[3]; /* terminated by null in z_datatype */ -+ int zz_extlen[3]; /* length of zz_ext[i] in bytes */ - }; /* the extra blocks are NOT converted */ - - #define _zzip_mem_disk_findfirst(_d_) ((_d_)->list) diff --git a/srcpkgs/zziplib/patches/CVE-2017-5978.patch b/srcpkgs/zziplib/patches/CVE-2017-5978.patch deleted file mode 100644 index 33dc5a17e61..00000000000 --- a/srcpkgs/zziplib/patches/CVE-2017-5978.patch +++ /dev/null @@ -1,31 +0,0 @@ -Index: zziplib-0.13.62/zzip/memdisk.c -=================================================================== ---- zzip/memdisk.c -+++ zzip/memdisk.c -@@ -180,7 +180,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - * that exists in the other, ... but we will prefer the disk entry. - */ - item->zz_comment = zzip_disk_entry_strdup_comment(disk, entry); -- item->zz_name = zzip_disk_entry_strdup_name(disk, entry); -+ item->zz_name = zzip_disk_entry_strdup_name(disk, entry) ?: strdup(""); - item->zz_data = zzip_file_header_to_data(header); - item->zz_flags = zzip_disk_entry_get_flags(entry); - item->zz_compr = zzip_disk_entry_get_compr(entry); -@@ -197,7 +197,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - int /* */ ext2 = zzip_file_header_get_extras(header); - char *_zzip_restrict ptr2 = zzip_file_header_to_extras(header); - -- if (ext1) -+ if (ext1 && ((ptr1 + ext1) < disk->endbuf)) - { - void *mem = malloc(ext1 + 2); - item->zz_ext[1] = mem; -@@ -206,7 +206,7 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI - ((char *) (mem))[ext1 + 0] = 0; - ((char *) (mem))[ext1 + 1] = 0; - } -- if (ext2) -+ if (ext2 && ((ptr2 + ext2) < disk->endbuf)) - { - void *mem = malloc(ext2 + 2); - item->zz_ext[2] = mem; diff --git a/srcpkgs/zziplib/patches/CVE-2017-5979.patch b/srcpkgs/zziplib/patches/CVE-2017-5979.patch deleted file mode 100644 index 815a375357a..00000000000 --- a/srcpkgs/zziplib/patches/CVE-2017-5979.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: zziplib-0.13.62/zzip/fseeko.c -=================================================================== ---- zzip/fseeko.c -+++ zzip/fseeko.c -@@ -255,7 +255,7 @@ zzip_entry_findfirst(FILE * disk) - return 0; - /* we read out chunks of 8 KiB in the hope to match disk granularity */ - ___ zzip_off_t pagesize = PAGESIZE; /* getpagesize() */ -- ___ ZZIP_ENTRY *entry = malloc(sizeof(*entry)); -+ ___ ZZIP_ENTRY *entry = calloc(1, sizeof(*entry)); - if (! entry) - return 0; - ___ unsigned char *buffer = malloc(pagesize); diff --git a/srcpkgs/zziplib/patches/CVE-2017-5981.patch b/srcpkgs/zziplib/patches/CVE-2017-5981.patch deleted file mode 100644 index c6655c8f896..00000000000 --- a/srcpkgs/zziplib/patches/CVE-2017-5981.patch +++ /dev/null @@ -1,14 +0,0 @@ -Index: zziplib-0.13.62/zzip/fseeko.c -=================================================================== ---- zzip/fseeko.c -+++ zzip/fseeko.c -@@ -311,7 +311,8 @@ zzip_entry_findfirst(FILE * disk) - } else - continue; - -- assert(0 <= root && root < mapsize); -+ if (root < 0 || root >= mapsize) -+ goto error; - if (fseeko(disk, root, SEEK_SET) == -1) - goto error; - if (fread(disk_(entry), 1, sizeof(*disk_(entry)), disk) diff --git a/srcpkgs/zziplib/patches/zziplib-unzipcat-NULL-name.patch b/srcpkgs/zziplib/patches/zziplib-unzipcat-NULL-name.patch deleted file mode 100644 index e4bef523180..00000000000 --- a/srcpkgs/zziplib/patches/zziplib-unzipcat-NULL-name.patch +++ /dev/null @@ -1,50 +0,0 @@ -Index: zziplib-0.13.62/bins/unzzipcat.c -=================================================================== ---- bins/unzzipcat.c -+++ bins/unzzipcat.c -@@ -91,8 +91,11 @@ main (int argc, char ** argv) - for (; entry ; entry = zzip_disk_findnext(disk, entry)) - { - char* name = zzip_disk_entry_strdup_name (disk, entry); -- printf ("%s\n", name); -- free (name); -+ if (name) -+ { -+ printf ("%s\n", name); -+ free (name); -+ } - } - return 0; - } -@@ -112,10 +115,13 @@ main (int argc, char ** argv) - for (; entry ; entry = zzip_disk_findnext(disk, entry)) - { - char* name = zzip_disk_entry_strdup_name (disk, entry); -- if (! fnmatch (argv[argn], name, -- FNM_NOESCAPE|FNM_PATHNAME|FNM_PERIOD)) -- zzip_disk_cat_file (disk, name, stdout); -- free (name); -+ if (name) -+ { -+ if (! fnmatch (argv[argn], name, -+ FNM_NOESCAPE|FNM_PATHNAME|FNM_PERIOD)) -+ zzip_disk_cat_file (disk, name, stdout); -+ free (name); -+ } - } - } - return 0; -Index: zziplib-0.13.62/zzip/fseeko.c -=================================================================== ---- zzip/fseeko.c -+++ zzip/fseeko.c -@@ -300,7 +300,8 @@ zzip_entry_findfirst(FILE * disk) - * central directory was written directly before : */ - root = mapoffs - rootsize; - } -- } else if (zzip_disk64_trailer_check_magic(p)) -+ } else if ((p + sizeof(struct zzip_disk64_trailer)) <= (buffer + mapsize) -+ && zzip_disk64_trailer_check_magic(p)) - { - struct zzip_disk64_trailer *trailer = - (struct zzip_disk64_trailer *) p; diff --git a/srcpkgs/zziplib/template b/srcpkgs/zziplib/template index 5845d0e8829..d43ac727b95 100644 --- a/srcpkgs/zziplib/template +++ b/srcpkgs/zziplib/template @@ -1,19 +1,19 @@ # Template file for 'zziplib' pkgname=zziplib -version=0.13.62 -revision=3 +version=0.13.67 +revision=1 build_style=gnu-configure -hostmakedepends="automake libtool pkg-config python" +hostmakedepends="pkg-config python" makedepends="zlib-devel" -short_desc="A lightweight library to extract data from zip files" +short_desc="Lightweight library to extract data from zip files" maintainer="Juan RP " -homepage="http://zziplib.sourceforge.net" +homepage="https://github.com/gdraheim/zziplib" license="LGPL-2.1, MPL-1.1" -distfiles="${SOURCEFORGE_SITE}/${pkgname}/${pkgname}-${version}.tar.bz2" -checksum=a1b8033f1a1fd6385f4820b01ee32d8eca818409235d22caf5119e0078c7525b +distfiles="https://github.com/gdraheim/zziplib/archive/v${version}.tar.gz" +checksum=1278178bdabac832da6bbf161033d890d335a2e38493c5af553ff5ce7b9b0220 pre_configure() { - autoreconf -fi + sed -i '/SUBDIRS/s/docs//' Makefile.in } zziplib-devel_package() { diff --git a/srcpkgs/zziplib/update b/srcpkgs/zziplib/update deleted file mode 100644 index 5a9d7ed82e7..00000000000 --- a/srcpkgs/zziplib/update +++ /dev/null @@ -1 +0,0 @@ -ignore="????.????"