From 6c8c32bb84724dd5bd40bb56ddf36565e9b2f5f6 Mon Sep 17 00:00:00 2001 From: DistroBaker Date: Fri, 22 Jan 2021 10:41:39 +0000 Subject: [PATCH] Merged update from upstream sources This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/zziplib.git#1192b9170b48cf58fa568f4b44d2d5bf6d0818a7 --- .gitignore | 1 + CVE-2018-16548.part1.patch | 71 -------- CVE-2018-16548.part2.patch | 50 ------ CVE-2018-16548.part3.patch | 22 --- CVE-2018-17828.part2.patch | 55 ------ CVE-2018-17828.patch | 341 ------------------------------------- sources | 2 +- zziplib.spec | 40 ++--- 8 files changed, 17 insertions(+), 565 deletions(-) delete mode 100644 CVE-2018-16548.part1.patch delete mode 100644 CVE-2018-16548.part2.patch delete mode 100644 CVE-2018-16548.part3.patch delete mode 100644 CVE-2018-17828.part2.patch delete mode 100644 CVE-2018-17828.patch diff --git a/.gitignore b/.gitignore index a810290..2b7387c 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ zziplib-0.13.49.tar.bz2 /v0.13.67.tar.gz /v0.13.68.tar.gz /v0.13.69.tar.gz +/v0.13.71.tar.gz diff --git a/CVE-2018-16548.part1.patch b/CVE-2018-16548.part1.patch deleted file mode 100644 index 25c2b74..0000000 --- a/CVE-2018-16548.part1.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 9411bde3e4a70a81ff3ffd256b71927b2d90dcbb Mon Sep 17 00:00:00 2001 -From: jmoellers -Date: Fri, 7 Sep 2018 11:32:04 +0200 -Subject: [PATCH] Avoid memory leak from __zzip_parse_root_directory(). - ---- - test/test.zip | Bin 1361 -> 1361 bytes - zzip/zip.c | 36 ++++++++++++++++++++++++++++++++++-- - 2 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/zzip/zip.c b/zzip/zip.c -index 88b833b..a685280 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -475,9 +475,15 @@ __zzip_parse_root_directory(int fd, - } else - { - if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) -+ { -+ free(hdr0); - return ZZIP_DIR_SEEK; -+ } - if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) -+ { -+ free(hdr0); - return ZZIP_DIR_READ; -+ } - d = &dirent; - } - -@@ -577,12 +583,38 @@ __zzip_parse_root_directory(int fd, - - if (hdr_return) - *hdr_return = hdr0; -+ else -+ { -+ /* If it is not assigned to *hdr_return, it will never be free()'d */ -+ free(hdr0); -+ /* Make sure we don't free it again in case of error */ -+ hdr0 = NULL; -+ } - } /* else zero (sane) entries */ - # ifndef ZZIP_ALLOW_MODULO_ENTRIES -- return (entries != zz_entries ? ZZIP_CORRUPTED : 0); -+ if (entries != zz_entries) -+ { -+ /* If it was assigned to *hdr_return, undo assignment */ -+ if (p_reclen && hdr_return) -+ *hdr_return = NULL; -+ /* Free it, if it was not already free()'d */ -+ if (hdr0 != NULL) -+ free(hdr0); -+ return ZZIP_CORRUPTED; -+ } - # else -- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); -+ if (((entries & (unsigned)0xFFFF) != zz_entries) -+ { -+ /* If it was assigned to *hdr_return, undo assignment */ -+ if (p_reclen && hdr_return) -+ *hdr_return = NULL; -+ /* Free it, if it was not already free()'d */ -+ if (hdr0 != NULL) -+ free(hdr0); -+ return ZZIP_CORRUPTED; -+ } - # endif -+ return 0; - } - - /* ------------------------- high-level interface ------------------------- */ diff --git a/CVE-2018-16548.part2.patch b/CVE-2018-16548.part2.patch deleted file mode 100644 index b9bea26..0000000 --- a/CVE-2018-16548.part2.patch +++ /dev/null @@ -1,50 +0,0 @@ -From d2e5d5c53212e54a97ad64b793a4389193fec687 Mon Sep 17 00:00:00 2001 -From: jmoellers -Date: Fri, 7 Sep 2018 11:49:28 +0200 -Subject: [PATCH] Avoid memory leak from __zzip_parse_root_directory(). - ---- - zzip/zip.c | 25 ++----------------------- - 1 file changed, 2 insertions(+), 23 deletions(-) - -diff --git a/zzip/zip.c b/zzip/zip.c -index a685280..51a1a4d 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -587,34 +587,13 @@ __zzip_parse_root_directory(int fd, - { - /* If it is not assigned to *hdr_return, it will never be free()'d */ - free(hdr0); -- /* Make sure we don't free it again in case of error */ -- hdr0 = NULL; - } - } /* else zero (sane) entries */ - # ifndef ZZIP_ALLOW_MODULO_ENTRIES -- if (entries != zz_entries) -- { -- /* If it was assigned to *hdr_return, undo assignment */ -- if (p_reclen && hdr_return) -- *hdr_return = NULL; -- /* Free it, if it was not already free()'d */ -- if (hdr0 != NULL) -- free(hdr0); -- return ZZIP_CORRUPTED; -- } -+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; - # else -- if (((entries & (unsigned)0xFFFF) != zz_entries) -- { -- /* If it was assigned to *hdr_return, undo assignment */ -- if (p_reclen && hdr_return) -- *hdr_return = NULL; -- /* Free it, if it was not already free()'d */ -- if (hdr0 != NULL) -- free(hdr0); -- return ZZIP_CORRUPTED; -- } -+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; - # endif -- return 0; - } - - /* ------------------------- high-level interface ------------------------- */ diff --git a/CVE-2018-16548.part3.patch b/CVE-2018-16548.part3.patch deleted file mode 100644 index f2f8214..0000000 --- a/CVE-2018-16548.part3.patch +++ /dev/null @@ -1,22 +0,0 @@ -From 0e1dadb05c1473b9df2d7b8f298dab801778ef99 Mon Sep 17 00:00:00 2001 -From: jmoellers -Date: Fri, 7 Sep 2018 13:55:35 +0200 -Subject: [PATCH] One more free() to avoid memory leak. - ---- - zzip/zip.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/zzip/zip.c b/zzip/zip.c -index 51a1a4d..bc6c080 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -589,6 +589,8 @@ __zzip_parse_root_directory(int fd, - free(hdr0); - } - } /* else zero (sane) entries */ -+ else -+ free(hdr0); - # ifndef ZZIP_ALLOW_MODULO_ENTRIES - return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; - # else diff --git a/CVE-2018-17828.part2.patch b/CVE-2018-17828.part2.patch deleted file mode 100644 index 111167c..0000000 --- a/CVE-2018-17828.part2.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c -index c45cb72..ff564a5 100644 ---- a/bins/unzip-mem.c -+++ b/bins/unzip-mem.c -@@ -88,10 +88,49 @@ static void zzip_mem_entry_pipe(ZZIP_MEM_DISK* disk, - } - } - -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void zzip_mem_entry_make(ZZIP_MEM_DISK* disk, - ZZIP_MEM_ENTRY* entry) - { -- FILE* file = fopen (entry->zz_name, "wb"); -+ char name_stripped[PATH_MAX]; -+ FILE* file; -+ -+ strncpy(name_stripped, entry->zz_name, PATH_MAX); -+ remove_dotdotslash(name_stripped); -+ -+ file = fopen (name_stripped, "wb"); - if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); } - perror (entry->zz_name); - if (status < EXIT_WARNINGS) status = EXIT_WARNINGS; diff --git a/CVE-2018-17828.patch b/CVE-2018-17828.patch deleted file mode 100644 index a340295..0000000 --- a/CVE-2018-17828.patch +++ /dev/null @@ -1,341 +0,0 @@ -From 81dfa6b3e08f6934885ba5c98939587d6850d08e Mon Sep 17 00:00:00 2001 -From: Josef Moellers -Date: Thu, 4 Oct 2018 14:21:48 +0200 -Subject: [PATCH] Fix issue #62: Remove any "../" components from pathnames of - extracted files. [CVE-2018-17828] - ---- - bins/unzzipcat-big.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - bins/unzzipcat-mem.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - bins/unzzipcat-mix.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - bins/unzzipcat-zip.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - 4 files changed, 224 insertions(+), 4 deletions(-) - -diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c -index 982d262..88c4d65 100644 ---- a/bins/unzzipcat-big.c -+++ b/bins/unzzipcat-big.c -@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -70,6 +112,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - -diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c -index 9bc966b..793bde8 100644 ---- a/bins/unzzipcat-mem.c -+++ b/bins/unzzipcat-mem.c -@@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -75,6 +117,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - static int unzzip_cat (int argc, char ** argv, int extract) -diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c -index 91c2f00..73b6ed6 100644 ---- a/bins/unzzipcat-mix.c -+++ b/bins/unzzipcat-mix.c -@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -86,6 +128,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - static int unzzip_cat (int argc, char ** argv, int extract) -diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c -index 2810f85..7f7f3fa 100644 ---- a/bins/unzzipcat-zip.c -+++ b/bins/unzzipcat-zip.c -@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -86,6 +128,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - static int unzzip_cat (int argc, char ** argv, int extract) diff --git a/sources b/sources index 4a02881..562f581 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v0.13.69.tar.gz) = ade026289737f43ca92a8746818d87dd7618d473dbce159546ce9071c9e4cbe164a6b1c9efff16efb7aa0327b2ec6b34f3256c6bda19cd6e325703fffc810ef0 +SHA512 (v0.13.71.tar.gz) = e035d0ac26dca78335ae3defc652543ff7b353a1a95d76ed1beeb21a08e16f287a62d488f528cfbb77d5b558581b68d439aa0823577524e9aa61a3cf5f208cb5 diff --git a/zziplib.spec b/zziplib.spec index 6ff3d16..a379384 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -1,22 +1,17 @@ Summary: Lightweight library to easily extract data from zip files Name: zziplib -Version: 0.13.69 -Release: 9%{?dist} +Version: 0.13.71 +Release: 1%{?dist} License: LGPLv2+ or MPLv1.1 URL: http://zziplib.sourceforge.net/ Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz Patch0: zziplib-0.13.69-multilib.patch -Patch1: CVE-2018-17828.patch -Patch2: CVE-2018-17828.part2.patch -Patch3: CVE-2018-16548.part1.patch -Patch4: CVE-2018-16548.part2.patch -Patch5: CVE-2018-16548.part3.patch - +BuildRequires: make BuildRequires: gcc BuildRequires: perl-interpreter -BuildRequires: python2 -BuildRequires: python2-rpm-macros +BuildRequires: python +BuildRequires: python-rpm-macros BuildRequires: zip BuildRequires: xmlto BuildRequires: zlib-devel @@ -65,32 +60,21 @@ zziplib library. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 - -# Force py2 for the build -find . -name '*.py' | xargs sed -i 's@#! /usr/bin/python@#! %__python2@g;s@#! /usr/bin/env python@#! %__python2@g' %build export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -export PYTHON=%__python2 %configure \ --disable-static \ --enable-sdl \ - --enable-frame-pointer \ - --enable-builddir=_builddir + --enable-frame-pointer # Remove rpath on 64bit archs -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool # Only patch generated _config.h on non-i686 and armv7hl # These platforms have a correct _config.h already + %ifnarch i686 armv7hl -cd _builddir %apply_patch %{PATCH0} -p2 -cd .. %endif %make_build @@ -118,6 +102,12 @@ cd .. %{_mandir}/man3/* %changelog +* Thu Jan 21 2021 Jakub Martisko - 0.13.71-1 +- Rebase to 0.13.71 +- Drop the CVE patches, they are now part of the upstream package +- Build no longer requires python2 +- Resolves: 1807565 + * Wed Jul 29 2020 Fedora Release Engineering - 0.13.69-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild