From owner-svn-ports-all@freebsd.org Thu Oct 19 13:47:43 2017 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A547DE3C3CA; Thu, 19 Oct 2017 13:47:43 +0000 (UTC) (envelope-from ak@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 814DA6AA33; Thu, 19 Oct 2017 13:47:43 +0000 (UTC) (envelope-from ak@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v9JDlg0T064388; Thu, 19 Oct 2017 13:47:42 GMT (envelope-from ak@FreeBSD.org) Received: (from ak@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v9JDlgXC064385; Thu, 19 Oct 2017 13:47:42 GMT (envelope-from ak@FreeBSD.org) Message-Id: <201710191347.v9JDlgXC064385@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ak set sender to ak@FreeBSD.org using -f From: Alex Kozlov Date: Thu, 19 Oct 2017 13:47:42 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r452421 - in head/archivers/arj: . files X-SVN-Group: ports-head X-SVN-Commit-Author: ak X-SVN-Commit-Paths: in head/archivers/arj: . files X-SVN-Commit-Revision: 452421 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Oct 2017 13:47:43 -0000 Author: ak Date: Thu Oct 19 13:47:42 2017 New Revision: 452421 URL: https://svnweb.freebsd.org/changeset/ports/452421 Log: - Fix buffer overflow (CVE-2015-2782) - Fix absolute path directory traversal (CVE-2015-0557) - Fix symlink directory traversal (CVE-2015-0556) - Fix build on armv6 - Fix parallel build - Make build reproducible PR: 221589 Submitted by: mikael.urankar@gmail.com Obtained from: debian patchset 16 Approved by: garga (maintainer) Added: head/archivers/arj/files/patch-arjtypes.c (contents, props changed) Deleted: head/archivers/arj/files/patch-arj__arcv.c head/archivers/arj/files/patch-arj__proc.c head/archivers/arj/files/patch-arj__proc.h head/archivers/arj/files/patch-fardata.c Modified: head/archivers/arj/Makefile head/archivers/arj/distinfo Modified: head/archivers/arj/Makefile ============================================================================== --- head/archivers/arj/Makefile Thu Oct 19 13:33:34 2017 (r452420) +++ head/archivers/arj/Makefile Thu Oct 19 13:47:42 2017 (r452421) @@ -3,9 +3,12 @@ PORTNAME= arj PORTVERSION= 3.10.22 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= archivers -MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022 +MASTER_SITES= SF/${PORTNAME}/${PORTNAME}/2.78_3.10%20build%2022:source \ + DEBIAN_POOL:patch +DISTFILES= ${PORTNAME}-${PORTVERSION}.tar.gz:source \ + ${PORTNAME}_${PORTVERSION}-16.debian.tar.xz:patch MAINTAINER= garga@FreeBSD.org COMMENT= Open source implementation of the ARJ archiver @@ -14,6 +17,17 @@ LICENSE= GPLv2 PORTSCOUT= skipv:3.10g +EXTRA_PATCHES= ${WRKDIR}/debian/patches/*.patch +IGNORE_PATCHES= 002_no_remove_static_const.patch \ + doc_refer_robert_k_jung.patch \ + gnu_build_cross.patch \ + gnu_build_fix.patch \ + gnu_build_flags.patch \ + gnu_build_pie.patch \ + gnu_build_strip.patch \ + hurd_no_fcntl_getlk.patch +PATCH_STRIP= -p1 + USES= alias gmake USE_AUTOTOOLS= autoconf CONFIGURE_WRKSRC= ${WRKSRC}/gnu @@ -21,7 +35,6 @@ MAKEFILE= GNUmakefile MAKE_ARGS= LOCALE="${LANGUAGE}" ALL_TARGET= prepare all STRIP= # empty -MAKE_JOBS_UNSAFE= yes CFLAGS+= -fPIC LANGUAGE?= en @@ -29,6 +42,9 @@ LANGUAGE?= en PORTDOCS= * OPTIONS_DEFINE= DOCS + +pre-patch: + @${RM} ${IGNORE_PATCHES:S,^,${WRKDIR}/debian/patches/,} post-patch: @${REINPLACE_CMD} -e 's!/etc!${LOCALBASE}/etc!' \ Modified: head/archivers/arj/distinfo ============================================================================== --- head/archivers/arj/distinfo Thu Oct 19 13:33:34 2017 (r452420) +++ head/archivers/arj/distinfo Thu Oct 19 13:47:42 2017 (r452421) @@ -1,2 +1,5 @@ +TIMESTAMP = 1508345026 SHA256 (arj-3.10.22.tar.gz) = 589e4c9bccc8669e7b6d8d6fcd64e01f6a2c21fe10aad56a83304ecc3b96a7db SIZE (arj-3.10.22.tar.gz) = 431467 +SHA256 (arj_3.10.22-16.debian.tar.xz) = 2d9cc5aeb2ac44d000d2e3399846f1c3ce468e17e3af4bfb505b9a6eaf88a502 +SIZE (arj_3.10.22-16.debian.tar.xz) = 19452 Added: head/archivers/arj/files/patch-arjtypes.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/archivers/arj/files/patch-arjtypes.c Thu Oct 19 13:47:42 2017 (r452421) @@ -0,0 +1,15 @@ +--- arjtypes.c 2005-06-23 UTC ++++ arjtypes.c +@@ -138,8 +138,11 @@ static int isleapyear(int year) + static unsigned long ts_unix2dos(const long ts) + { + struct tm *stm; ++ time_t _ts; + +- stm=arj_localtime((time_t*)&ts); ++ _ts = ts; ++ ++ stm=arj_localtime(&_ts); + return(get_tstamp(stm->tm_year+1900, stm->tm_mon+1, stm->tm_mday, + stm->tm_hour, stm->tm_min, stm->tm_sec)); + }