From 79ad2633a3dd8c5bfb7d554c46244ec7e33b1e65 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy Date: Wed, 9 Feb 2022 19:04:27 +0200 Subject: [PATCH] Package 0.13.72 - Fixes CVE-2020-18442 - Resolves: rhbz#1973831 - Switch build to CMake, drop 32-bit patches as checks integrated in CMake already Signed-off-by: Alexander Bokovoy --- .gitignore | 1 + multilib-32.patch | 29 ------------------- multilib-64.patch | 29 ------------------- remove_ldflags_pkconfig_files.patch | 11 -------- sources | 2 +- zziplib.spec | 44 ++++++++--------------------- 6 files changed, 14 insertions(+), 102 deletions(-) delete mode 100644 multilib-32.patch delete mode 100644 multilib-64.patch delete mode 100644 remove_ldflags_pkconfig_files.patch diff --git a/.gitignore b/.gitignore index 2b7387c..061bb6d 100644 --- a/.gitignore +++ b/.gitignore @@ -6,3 +6,4 @@ zziplib-0.13.49.tar.bz2 /v0.13.68.tar.gz /v0.13.69.tar.gz /v0.13.71.tar.gz +/v0.13.72.tar.gz diff --git a/multilib-32.patch b/multilib-32.patch deleted file mode 100644 index ae99a59..0000000 --- a/multilib-32.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- ./a/zzip/_config.h 2021-07-21 14:18:09.000000000 +0200 -+++ ./b/zzip/_config.h 2021-07-21 14:46:24.037432969 +0200 -@@ -138,9 +138,12 @@ - - /* whether the system defaults to 32bit off_t but can do 64bit when requested - */ -+#if __WORDSIZE == 32 - #ifndef ZZIP_LARGEFILE_SENSITIVE - #define ZZIP_LARGEFILE_SENSITIVE 1 - #endif -+#endif -+/* #undef LARGEFILE_SENSITIVE */ - - /* Define to the sub-directory where libtool stores uninstalled libraries. */ - #ifndef ZZIP_LT_OBJDIR -@@ -227,9 +230,13 @@ - #endif - - /* Number of bits in a file offset, on hosts where this is settable. */ -+#if __WORDSIZE == 32 - #ifndef ZZIP__FILE_OFFSET_BITS - #define ZZIP__FILE_OFFSET_BITS 64 - #endif -+#endif -+/* #undef _FILE_OFFSET_BITS */ -+ - - /* Define for large files, on AIX-style hosts. */ - /* #undef _LARGE_FILES */ diff --git a/multilib-64.patch b/multilib-64.patch deleted file mode 100644 index 5285e3a..0000000 --- a/multilib-64.patch +++ /dev/null @@ -1,29 +0,0 @@ ---- ./a/zzip/_config.h 2021-07-21 14:18:14.000000000 +0200 -+++ ./b/zzip/_config.h 2021-07-21 14:46:24.037432969 +0200 -@@ -138,6 +138,11 @@ - - /* whether the system defaults to 32bit off_t but can do 64bit when requested - */ -+#if __WORDSIZE == 32 -+#ifndef ZZIP_LARGEFILE_SENSITIVE -+#define ZZIP_LARGEFILE_SENSITIVE 1 -+#endif -+#endif - /* #undef LARGEFILE_SENSITIVE */ - - /* Define to the sub-directory where libtool stores uninstalled libraries. */ -@@ -225,8 +230,14 @@ - #endif - - /* Number of bits in a file offset, on hosts where this is settable. */ -+#if __WORDSIZE == 32 -+#ifndef ZZIP__FILE_OFFSET_BITS -+#define ZZIP__FILE_OFFSET_BITS 64 -+#endif -+#endif - /* #undef _FILE_OFFSET_BITS */ - -+ - /* Define for large files, on AIX-style hosts. */ - /* #undef _LARGE_FILES */ - diff --git a/remove_ldflags_pkconfig_files.patch b/remove_ldflags_pkconfig_files.patch deleted file mode 100644 index 65af4e5..0000000 --- a/remove_ldflags_pkconfig_files.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/configure -+++ b/configure -@@ -19143,7 +19143,7 @@ Name: @PACKAGE_NAME@ - Description: @PACKAGE_DESCRIPTION@ - Version: @PACKAGE_VERSION@ - Requires: @PACKAGE_REQUIRES@ --Libs: -L\${libdir} @LDFLAGS@ @LIBS@ -+Libs: -L\${libdir} @LIBS@ - Cflags: -I\${includedir} @CPPFLAGS@ - AXEOF - fi # DONE generate $pkgconfig_generate.in diff --git a/sources b/sources index 562f581..daf2dbb 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (v0.13.71.tar.gz) = e035d0ac26dca78335ae3defc652543ff7b353a1a95d76ed1beeb21a08e16f287a62d488f528cfbb77d5b558581b68d439aa0823577524e9aa61a3cf5f208cb5 +SHA512 (v0.13.72.tar.gz) = 4bb089e74813c6fac9657cd96e44e4a6469bf86aba3980d885c4573e8db45e74fd07bbdfcec9f36297c72227c8c0b2c37dab1bc4326cef8529960e482fe501c8 diff --git a/zziplib.spec b/zziplib.spec index 0742089..a2f59f1 100644 --- a/zziplib.spec +++ b/zziplib.spec @@ -1,15 +1,11 @@ Summary: Lightweight library to easily extract data from zip files Name: zziplib -Version: 0.13.71 -Release: 7%{?dist} +Version: 0.13.72 +Release: 1%{?dist} License: LGPLv2+ or MPLv1.1 URL: http://zziplib.sourceforge.net/ Source: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz -Patch1: remove_ldflags_pkconfig_files.patch -Patch100: multilib-32.patch -Patch101: multilib-64.patch - BuildRequires: make BuildRequires: gcc BuildRequires: perl-interpreter @@ -20,8 +16,7 @@ BuildRequires: xmlto BuildRequires: zlib-devel BuildRequires: SDL-devel BuildRequires: pkgconfig -#BuildRequires: autoconf -#BuildRequires: automake +BuildRequires: cmake %description The zziplib library is intentionally lightweight, it offers the ability to @@ -62,35 +57,14 @@ zziplib library. %prep %setup -q -%patch1 -p1 %build -export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" -%configure \ - --disable-static \ - --enable-sdl \ - --enable-frame-pointer -# Remove rpath on 64bit archs -sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool -sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool -# Only patch generated _config.h on non-i686 and armv7hl -# These platforms have a correct _config.h already - - -pushd %{_builddir}/zziplib-%{version} -%ifarch i686 armv7hl - patch -p2 < %{PATCH100} -%else - patch -p2 < %{PATCH101} -%endif -popd - - -%make_build +%cmake -B "%{_vpath_builddir}" +%make_build -C "%{_vpath_builddir}" %install -%make_install +%make_install -C "%{_vpath_builddir}" %ldconfig_scriptlets @@ -111,6 +85,12 @@ popd %{_mandir}/man3/* %changelog +* Wed Feb 09 2022 Alexander Bokovoy - 0.13.72-1 +- 0.13.72 +- Fixes CVE-2020-18442 +- Resolves: rhbz#1973831 +- Switch build to CMake, drop 32-bit patches as checks integrated in CMake already + * Sat Feb 05 2022 Leigh Scott - 0.13.71-7 - Fix pkgconfig files