[gentoo-commits] repo/gentoo:master commit in: dev-libs/libmspack/, dev-libs/libmspack/files/

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libmspack/, dev-libs/libmspack/files/

[Maciej Mrozowski]

commit:     f6f41d931a86fc8b6aad0078b3a8a20e7ebff8bf
Author:     Maciej Mrozowski <reavertm <AT> gentoo <DOT> org>
AuthorDate: Thu Aug 24 19:59:13 2017 +0000
Commit:     Maciej Mrozowski <reavertm <AT> gentoo <DOT> org>
CommitDate: Thu Aug 24 19:59:27 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f6f41d93

dev-libs/libmspack: CVE-2017-6419, bug 628684.

Package-Manager: Portage-2.3.6, Repoman-2.3.3

 .../files/libmspack-0.5_alpha-CVE-2017-6419.patch  | 41 ++++++++++++++++++
 dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild   | 50 ++++++++++++++++++++++
 2 files changed, 91 insertions(+)

diff --git a/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch b/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch
new file mode 100644
index 00000000000..1b81fdcbfcd
--- /dev/null
+++ b/dev-libs/libmspack/files/libmspack-0.5_alpha-CVE-2017-6419.patch
@@ -0,0 +1,41 @@
+From a83773682e856ad6529ba6db8d1792e6d515d7f1 Mon Sep 17 00:00:00 2001
+From: Mickey Sola <msola@sourcefire.com>
+Date: Wed, 29 Mar 2017 14:55:26 -0400
+Subject: [PATCH] fixing potential OOB window write when unpacking chm files
+
+---
+ libclamav/libmspack-0.5alpha/mspack/lzxd.c | 11 +++++++++--
+ libclamav/libmspack.c                      |  6 +++++-
+ 2 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/libclamav/libmspack-0.5alpha/mspack/lzxd.c b/libclamav/libmspack-0.5alpha/mspack/lzxd.c
+index 2281e7b9d..45105a583 100644
+--- a/mspack/lzxd.c
++++ b/mspack/lzxd.c
+@@ -766,8 +766,13 @@ int lzxd_decompress(struct lzxd_stream *lzx, off_t out_bytes) {
+       case LZX_BLOCKTYPE_UNCOMPRESSED:
+ 	/* as this_run is limited not to wrap a frame, this also means it
+ 	 * won't wrap the window (as the window is a multiple of 32k) */
++        if (window_posn + this_run > lzx->window_size) {
++                D(("match ran over window boundary"))
++                return lzx->error = MSPACK_ERR_DECRUNCH;
++        }
+ 	rundest = &window[window_posn];
+ 	window_posn += this_run;
++
+ 	while (this_run > 0) {
+ 	  if ((i = i_end - i_ptr) == 0) {
+ 	    READ_IF_NEEDED;
+@@ -888,8 +893,10 @@ void lzxd_free(struct lzxd_stream *lzx) {
+   struct mspack_system *sys;
+   if (lzx) {
+     sys = lzx->sys;
+-    sys->free(lzx->inbuf);
+-    sys->free(lzx->window);
++    if(lzx->inbuf)
++        sys->free(lzx->inbuf);
++    if(lzx->window)
++        sys->free(lzx->window);
+     sys->free(lzx);
+   }
+ }

diff --git a/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild b/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild
new file mode 100644
index 00000000000..f8c7bd3ce1d
--- /dev/null
+++ b/dev-libs/libmspack/libmspack-0.5_alpha-r1.ebuild
@@ -0,0 +1,50 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit eutils multilib-minimal
+
+MY_PV="${PV/_alpha/alpha}"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="A library for Microsoft compression formats"
+HOMEPAGE="https://www.cabextract.org.uk/libmspack/"
+SRC_URI="https://www.cabextract.org.uk/libmspack/libmspack-${MY_PV}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="debug doc static-libs"
+
+DEPEND=""
+RDEPEND=""
+
+PATCHES=(
+	"${FILESDIR}/${P}-CVE-2017-6419.patch"
+)
+
+S="${WORKDIR}/${MY_P}"
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		$(use_enable debug) \
+		$(use_enable static-libs static)
+}
+
+multilib_src_test() {
+	if multilib_is_native_abi; then
+		default
+		cd "${S}"/test && "${BUILD_DIR}"/test/cabd_test || die
+	fi
+}
+
+multilib_src_install_all() {
+	DOCS=(AUTHORS ChangeLog NEWS README TODO)
+	prune_libtool_files --all
+	use doc && HTML_DOCS=(doc/*)
+	default_src_install
+	if use doc; then
+		rm "${ED}"/usr/share/doc/"${PF}"/html/{Makefile*,Doxyfile*} || die
+	fi
+}

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libmspack/, dev-libs/libmspack/files/

[Thomas Deutschmann]

commit:     7aa54c300dea240135ddb44ee1c53f20311ebab5
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 16 11:00:45 2018 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Tue Oct 16 11:00:59 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7aa54c30

dev-libs/libmspack: remove workaround for parallel make issue

With this commit, a patch was added to fix the parallel make issue.

Package-Manager: Portage-2.3.51, Repoman-2.3.11
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 .../libmspack-0.7.1_alpha-fix-parallel-build.patch   | 20 ++++++++++++++++++++
 dev-libs/libmspack/libmspack-0.7.1_alpha.ebuild      |  9 +++++----
 2 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/dev-libs/libmspack/files/libmspack-0.7.1_alpha-fix-parallel-build.patch b/dev-libs/libmspack/files/libmspack-0.7.1_alpha-fix-parallel-build.patch
new file mode 100644
index 00000000000..38935a8d26f
--- /dev/null
+++ b/dev-libs/libmspack/files/libmspack-0.7.1_alpha-fix-parallel-build.patch
@@ -0,0 +1,20 @@
+From 43099fb1bba26792fe98b4157c950db9c333134d Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Tue, 16 Oct 2018 11:25:24 +0100
+Subject: [PATCH] Fix parallel builds by adding adding libmschmd.la explicitly
+ to test_chmd_test_DEPENDENCIES
+
+---
+diff --git a/libmspack/Makefile.am b/libmspack/Makefile.am
+index ba19535..6130bc2 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -89,7 +89,7 @@ test_chmd_order_SOURCES =	test/chmd_order.c test/md5.c test/md5.h \
+ test_chmd_order_LDADD =		libmschmd.la
+ test_chmd_test_SOURCES =	test/chmd_test.c libmschmd.la
+ test_chmd_test_LDADD =		libmschmd.la
+-test_chmd_test_DEPENDENCIES = 	test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm
++test_chmd_test_DEPENDENCIES = 	libmschmd.la test/test_files/chmd/cve-2015-4467-reset-interval-zero.chm
+ test_chminfo_SOURCES =		test/chminfo.c libmschmd.la
+ test_chminfo_LDADD =		libmschmd.la
+ test_kwajd_test_SOURCES =	test/kwajd_test.c libmspack.la

diff --git a/dev-libs/libmspack/libmspack-0.7.1_alpha.ebuild b/dev-libs/libmspack/libmspack-0.7.1_alpha.ebuild
index 115ef509e1a..4a10f210590 100644
--- a/dev-libs/libmspack/libmspack-0.7.1_alpha.ebuild
+++ b/dev-libs/libmspack/libmspack-0.7.1_alpha.ebuild
@@ -3,7 +3,7 @@
 
 EAPI="7"
 
-inherit eutils multilib-minimal
+inherit autotools multilib-minimal
 
 MY_PV="${PV/_alpha/alpha}"
 MY_P="${PN}-${MY_PV}"
@@ -22,18 +22,19 @@ RDEPEND="
 	utils? ( !app-arch/mscompress )
 "
 
+PATCHES=( "${FILESDIR}"/${P}-fix-parallel-build.patch )
+
 S="${WORKDIR}/${MY_P}"
 
 src_prepare() {
 	default
 
+	eautoreconf
+
 	multilib_copy_sources
 }
 
 multilib_src_configure() {
-	# https://github.com/kyz/libmspack/issues/19
-	export MAKEOPTS=-j1
-
 	ECONF_SOURCE="${S}" econf \
 		$(use_enable debug) \
 		$(use_enable static-libs static)

[gentoo-commits] repo/gentoo:master commit in: dev-libs/libmspack/, dev-libs/libmspack/files/

[Sam James]

commit:     992db41a4e6b51729b78139139cd24910b156a65
Author:     John Helmert III <jchelmert3 <AT> posteo <DOT> net>
AuthorDate: Sun Dec 27 06:29:30 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Tue Dec 29 01:59:31 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=992db41a

dev-libs/libmspack: security cleanup (drop <0.10.1_alpha)

Bug: https://bugs.gentoo.org/711218
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: John Helmert III <jchelmert3 <AT> posteo.net>
Closes: https://github.com/gentoo/gentoo/pull/18824
Signed-off-by: Sam James <sam <AT> gentoo.org>

 dev-libs/libmspack/Manifest                        |  1 -
 .../libmspack-0.9.1_alpha-fix-bigendian.patch      | 17 -----
 dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild | 75 ----------------------
 3 files changed, 93 deletions(-)

diff --git a/dev-libs/libmspack/Manifest b/dev-libs/libmspack/Manifest
index d2797cb1e3b..698014b9766 100644
--- a/dev-libs/libmspack/Manifest
+++ b/dev-libs/libmspack/Manifest
@@ -1,2 +1 @@
 DIST libmspack-0.10.1alpha.tar.gz 963274 BLAKE2B 39bcb3b7ea419d6d00850b70c217c802a2095dd4398038e594ae7c01ca12e71508218c1cfca5ae8b102636ab9517b13d55c1e411b31e87d28aa46331cd0127e6 SHA512 a7b5f7caa49190c5021f3e768b92f2e51cc0ce685c9ab6ed6fb36de885c73231b58d47a8a3b5c5aa5c9ac56c25c500eb683d84dbf11f09f97f6cb4fff5adc245
-DIST libmspack-0.9.1alpha.tar.gz 494651 BLAKE2B 4543215efbcac9cd2703cd56f2297645463831cc2dfa6b38d87c5f48f39676347bb20739e0e389e021983d910b9be99bfd369fb30d36090f3f72f09532d6bd1d SHA512 4e39c2be8768c5c0b0d0798c9322ff022173f5e05af1636c18541bbc9f58c1ae1af59252d5631340fca601495c5b1e5abed0ad83481387421d2df5efb75cd49a

diff --git a/dev-libs/libmspack/files/libmspack-0.9.1_alpha-fix-bigendian.patch b/dev-libs/libmspack/files/libmspack-0.9.1_alpha-fix-bigendian.patch
deleted file mode 100644
index c134fa0760d..00000000000
--- a/dev-libs/libmspack/files/libmspack-0.9.1_alpha-fix-bigendian.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-https://github.com/kyz/libmspack/commit/c19e707936947b45cf05bc9aaee68517c6c2aca6
-
----
- configure.ac  | 1 +
- 1 files changed, 1 insertions(+)
-
-diff --git a/libmspack/configure.ac b/libmspack/configure.ac
---- a/configure.ac
-+++ b/configure.ac
-@@ -30,6 +30,7 @@ AC_CHECK_HEADERS([inttypes.h])
- # Checks for typedefs, structures, and compiler characteristics.
- AC_C_CONST
- AC_C_INLINE
-+AC_C_BIGENDIAN
- AC_TYPE_MODE_T
- AC_TYPE_OFF_T
- AC_TYPE_SIZE_T

diff --git a/dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild b/dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild
deleted file mode 100644
index f4e6fbcc16b..00000000000
--- a/dev-libs/libmspack/libmspack-0.9.1_alpha-r1.ebuild
+++ /dev/null
@@ -1,75 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="7"
-
-inherit autotools multilib-minimal
-
-if [[ ${PV} == "9999" ]] ; then
-	EGIT_REPO_URI="https://github.com/kyz/libmspack.git"
-	inherit git-r3
-	MY_P="${PN}-9999"
-else
-	KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ppc ppc64 s390 sparc x86 ~x64-solaris"
-	MY_PV="${PV/_alpha/alpha}"
-	MY_P="${PN}-${MY_PV}"
-	SRC_URI="https://www.cabextract.org.uk/libmspack/libmspack-${MY_PV}.tar.gz"
-fi
-
-DESCRIPTION="A library for Microsoft compression formats"
-HOMEPAGE="https://www.cabextract.org.uk/libmspack/"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-IUSE="debug doc static-libs"
-
-DEPEND=""
-RDEPEND=""
-
-PATCHES=( "${FILESDIR}"/${P}-fix-bigendian.patch )
-
-S="${WORKDIR}/${MY_P}"
-
-src_prepare() {
-	if [[ ${PV} == "9999" ]] ; then
-		# Re-create file layout from release tarball
-		pushd "${WORKDIR}" &>/dev/null || die
-		cp -aL "${S}"/${PN} "${WORKDIR}"/${PN}-source || die
-		rm -r "${S}" || die
-		mv "${WORKDIR}"/${PN}-source "${S}" || die
-		popd &>/dev/null || die
-	fi
-
-	default
-
-	eautoreconf
-
-	multilib_copy_sources
-}
-
-multilib_src_configure() {
-	ECONF_SOURCE="${S}" econf \
-		$(use_enable debug) \
-		$(use_enable static-libs static)
-}
-
-multilib_src_test() {
-	if multilib_is_native_abi; then
-		default
-		cd "${S}"/test && "${BUILD_DIR}"/test/cabd_test || die
-	fi
-}
-
-multilib_src_install_all() {
-	DOCS=(AUTHORS ChangeLog NEWS README TODO)
-	use doc && HTML_DOCS=(doc/*)
-	default_src_install
-	if use doc; then
-		rm "${ED}"/usr/share/doc/"${PF}"/html/{Makefile*,Doxyfile*} || die
-	fi
-
-	find "${ED}" -name '*.la' -delete || die
-	if ! use static-libs ; then
-		find "${ED}" -name "*.a" -delete || die
-	fi
-}