- Security update of libmspack to 0.2alpha

* fixes libmspack MS-ZIP Infinite Loop Denial of Service (SA40719) ok naddy@
2010-08-04 17:36:26 +00:00 · 2010-08-04 17:36:26 +00:00 · 8c385375f7
commit 8c385375f7
parent 16dee66fa3
4 changed files with 20 additions and 27 deletions
--- a/archivers/libmspack/Makefile
+++ b/archivers/libmspack/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.4 2008/10/28 01:23:34 jasper Exp $
+# $OpenBSD: Makefile,v 1.5 2010/08/04 17:36:26 jasper Exp $

 COMMENT=	library for handling microsoft compression formats

-DISTNAME=	libmspack-0.0.20060920alpha
+DISTNAME=	libmspack-0.2alpha
+EPOCH=		0
 SHARED_LIBS +=	mspack               2.0      # .1.0
-PKGNAME=	libmspack-20060920a
 CATEGORIES=	archivers

 HOMEPAGE=	http://www.cabextract.org.uk/libmspack/
--- a/archivers/libmspack/distinfo
+++ b/archivers/libmspack/distinfo
@ -1,5 +1,5 @@
-MD5 (libmspack-0.0.20060920alpha.tar.gz) = cgA9+l2i6EPj1a4MGPfJaQ==
-RMD160 (libmspack-0.0.20060920alpha.tar.gz) = P6Pacllkr4ldYWz5u6reTPPQNHg=
-SHA1 (libmspack-0.0.20060920alpha.tar.gz) = ghOa4OgclgYsMSQLWSSfuCP6/UY=
-SHA256 (libmspack-0.0.20060920alpha.tar.gz) = 4qU5f82AiNp2tyqLv6wVbNPQ3JFnCe1bA0vadHJv4K8=
-SIZE (libmspack-0.0.20060920alpha.tar.gz) = 498217
+MD5 (libmspack-0.2alpha.tar.gz) = pRxluh3JtTCQ1OZeH1XYYA==
+RMD160 (libmspack-0.2alpha.tar.gz) = 9o4mhO77DdG1RPUlj4fW8gNu/UA=
+SHA1 (libmspack-0.2alpha.tar.gz) = cbNNReeH045b+VgWwCAzV79ngP0=
+SHA256 (libmspack-0.2alpha.tar.gz) = AclR6IOqZRj0wv2S9k+6sXY8AKf3dqnM5ngWhHnz4N8=
+SIZE (libmspack-0.2alpha.tar.gz) = 399498
--- a/archivers/libmspack/patches/patch-Makefile_in
+++ b/archivers/libmspack/patches/patch-Makefile_in
@ -1,25 +1,16 @@
-$OpenBSD: patch-Makefile_in,v 1.2 2008/10/28 01:23:34 jasper Exp $
--- Makefile.in.orig	Tue Oct 28 01:43:36 2008
-+++ Makefile.in	Tue Oct 28 01:45:43 2008
-@@ -119,11 +119,7 @@ CCLD = $(CC)
- LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- 	$(AM_LDFLAGS) $(LDFLAGS) -o $@
+$OpenBSD: patch-Makefile_in,v 1.3 2010/08/04 17:36:26 jasper Exp $
+--- Makefile.in.orig	Wed Aug  4 14:17:41 2010
+++ Makefile.in	Wed Aug  4 14:18:12 2010
+@@ -147,11 +147,7 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOO
+ 	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ 	$(LDFLAGS) -o $@
 SOURCES = $(libmscabd_la_SOURCES) $(libmschmd_la_SOURCES) \
 -	$(libmspack_la_SOURCES) $(test_cabd_md5_SOURCES) \
 -	$(test_cabd_memory_SOURCES) $(test_cabd_test_SOURCES) \
-	$(test_cabextract_md5_SOURCES) $(test_cabrip_SOURCES) \
-	$(test_chmd_md5_SOURCES) $(test_chminfo_SOURCES) \
-	$(test_chmx_SOURCES) $(test_multifh_SOURCES)
+-	$(test_cabrip_SOURCES) $(test_chmd_md5_SOURCES) \
+-	$(test_chminfo_SOURCES) $(test_chmx_SOURCES) \
+-	$(test_expand_SOURCES) $(test_multifh_SOURCES)
 +	$(libmspack_la_SOURCES)
 DIST_SOURCES = $(libmscabd_la_SOURCES) $(libmschmd_la_SOURCES) \
 	$(libmspack_la_SOURCES) $(test_cabd_md5_SOURCES) \
 	$(test_cabd_memory_SOURCES) $(test_cabd_test_SOURCES) \
-@@ -247,7 +243,7 @@ target_alias = @target_alias@
- # add "-DMSPACK_NO_DEFAULT_SYSTEM" to remove default mspack_system
- @DEBUG_TRUE@MSPACK_FLAGS = -DDEBUG
- EXTRA_DIST = debian doc test/test_files
-AM_CFLAGS = -std=c99 -Wall -Wsign-compare -Wconversion -pedantic \
-+AM_CFLAGS = -Wall -Wsign-compare -Wconversion -pedantic \
- 			-I$(srcdir)/mspack $(MSPACK_FLAGS)
- 
- lib_LTLIBRARIES = libmspack.la
--- a/archivers/libmspack/pkg/PLIST
+++ b/archivers/libmspack/pkg/PLIST
@ -1,5 +1,7 @@
-@comment $OpenBSD: PLIST,v 1.1.1.1 2006/06/01 08:12:41 jolan Exp $
+@comment $OpenBSD: PLIST,v 1.2 2010/08/04 17:36:26 jasper Exp $
 %%SHARED%%
 include/mspack.h
 lib/libmspack.a
 lib/libmspack.la
+lib/pkgconfig/
+lib/pkgconfig/libmspack.pc