Index: head/archivers/libzip/Makefile =================================================================== --- head/archivers/libzip/Makefile (revision 450773) +++ head/archivers/libzip/Makefile (revision 450774) @@ -1,24 +1,23 @@ # Created by: Alexander Zhuravlev # $FreeBSD$ PORTNAME= libzip -PORTVERSION= 1.1.3 -PORTREVISION= 1 +PORTVERSION= 1.3.0 CATEGORIES= archivers devel MASTER_SITES= https://www.nih.at/libzip/ MAINTAINER= rakuco@FreeBSD.org COMMENT= C library for reading, creating, and modifying ZIP archives LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE CPE_VENDOR= nih GNU_CONFIGURE= yes USES= cpe libtool pathfix perl5 tar:xz USE_PERL5= build USE_LDCONFIG= yes INSTALL_TARGET= install-strip .include Index: head/archivers/libzip/distinfo =================================================================== --- head/archivers/libzip/distinfo (revision 450773) +++ head/archivers/libzip/distinfo (revision 450774) @@ -1,3 +1,3 @@ -TIMESTAMP = 1477213191 -SHA256 (libzip-1.1.3.tar.xz) = 729a295a59a9fd6e5b9fe9fd291d36ae391a9d2be0b0824510a214cfaa05ceee -SIZE (libzip-1.1.3.tar.xz) = 460128 +TIMESTAMP = 1506503583 +SHA256 (libzip-1.3.0.tar.xz) = aa936efe34911be7acac2ab07fb5c8efa53ed9bb4d44ad1fe8bff19630e0d373 +SIZE (libzip-1.3.0.tar.xz) = 955876 Index: head/archivers/libzip/files/patch-CVE-2017-14107 =================================================================== --- head/archivers/libzip/files/patch-CVE-2017-14107 (revision 450773) +++ head/archivers/libzip/files/patch-CVE-2017-14107 (nonexistent) @@ -1,27 +0,0 @@ -From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001 -From: Thomas Klausner -Date: Tue, 29 Aug 2017 10:25:03 +0200 -Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases. - ---- - lib/zip_open.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/zip_open.c b/lib/zip_open.c -index 3bd593b..9d3a4cb 100644 ---- lib/zip_open.c -+++ lib/zip_open.c -@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse - zip_error_set(error, ZIP_ER_SEEK, EFBIG); - return NULL; - } -- if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) { -+ if (offset+size > buf_offset + eocd_offset) { -+ /* cdir spans past EOCD record */ -+ zip_error_set(error, ZIP_ER_INCONS, 0); -+ return NULL; -+ } -+ if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) { - zip_error_set(error, ZIP_ER_INCONS, 0); - return NULL; - } Property changes on: head/archivers/libzip/files/patch-CVE-2017-14107 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/archivers/libzip/files/patch-lib__Makefile.in =================================================================== --- head/archivers/libzip/files/patch-lib__Makefile.in (revision 450773) +++ head/archivers/libzip/files/patch-lib__Makefile.in (revision 450774) @@ -1,23 +1,23 @@ ---- lib/Makefile.in.orig 2016-02-19 14:21:44 UTC -+++ lib/Makefile.in -@@ -367,8 +367,8 @@ AM_CFLAGS = @CFLAG_VISIBILITY@ +--- lib/Makefile.in.orig 2017-09-02 18:10:43.000000000 +0200 ++++ lib/Makefile.in 2017-09-27 11:19:40.288590998 +0200 +@@ -496,8 +496,8 @@ AM_CFLAGS = @CFLAG_VISIBILITY@ libincludedir = ${libdir}/@PACKAGE@/include lib_LTLIBRARIES = libzip.la - noinst_HEADERS = zipint.h + noinst_HEADERS = zipint.h gladman-fcrypt.h -include_HEADERS = zip.h -nodist_libinclude_HEADERS = zipconf.h +include_HEADERS = zip.h zipconf.h +nodist_libinclude_HEADERS = # also update CMakeLists.txt when changing version - libzip_la_LDFLAGS = -no-undefined -version-info 4:0:0 -@@ -882,8 +882,7 @@ info: info-am + libzip_la_LDFLAGS = -no-undefined -version-info 5:0:0 +@@ -1926,8 +1926,7 @@ info: info-recursive info-am: -install-data-am: install-includeHEADERS \ - install-nodist_libincludeHEADERS +install-data-am: install-includeHEADERS - install-dvi: install-dvi-am + install-dvi: install-dvi-recursive Index: head/archivers/libzip/pkg-plist =================================================================== --- head/archivers/libzip/pkg-plist (revision 450773) +++ head/archivers/libzip/pkg-plist (revision 450774) @@ -1,116 +1,120 @@ bin/zipcmp bin/zipmerge bin/ziptool include/zip.h include/zipconf.h lib/libzip.a lib/libzip.so -lib/libzip.so.4 -lib/libzip.so.4.0.0 +lib/libzip.so.5 +lib/libzip.so.5.0.0 libdata/pkgconfig/libzip.pc man/man1/zipcmp.1.gz man/man1/zipmerge.1.gz man/man1/ziptool.1.gz man/man3/ZIP_SOURCE_GET_ARGS.3.gz man/man3/libzip.3.gz man/man3/zip_add.3.gz man/man3/zip_add_dir.3.gz man/man3/zip_close.3.gz man/man3/zip_delete.3.gz man/man3/zip_dir_add.3.gz man/man3/zip_discard.3.gz man/man3/zip_error_clear.3.gz man/man3/zip_error_code_system.3.gz man/man3/zip_error_code_zip.3.gz man/man3/zip_error_fini.3.gz man/man3/zip_error_get.3.gz man/man3/zip_error_get_sys_type.3.gz man/man3/zip_error_init.3.gz man/man3/zip_error_init_with_code.3.gz man/man3/zip_error_set.3.gz man/man3/zip_error_strerror.3.gz man/man3/zip_error_system_type.3.gz man/man3/zip_error_to_data.3.gz man/man3/zip_error_to_str.3.gz man/man3/zip_errors.3.gz man/man3/zip_fclose.3.gz man/man3/zip_fdopen.3.gz man/man3/zip_file_add.3.gz man/man3/zip_file_error_clear.3.gz man/man3/zip_file_error_get.3.gz man/man3/zip_file_extra_field_delete.3.gz man/man3/zip_file_extra_field_delete_by_id.3.gz man/man3/zip_file_extra_field_get.3.gz man/man3/zip_file_extra_field_get_by_id.3.gz man/man3/zip_file_extra_field_set.3.gz man/man3/zip_file_extra_fields_count.3.gz man/man3/zip_file_extra_fields_count_by_id.3.gz man/man3/zip_file_get_comment.3.gz man/man3/zip_file_get_error.3.gz man/man3/zip_file_get_external_attributes.3.gz man/man3/zip_file_rename.3.gz man/man3/zip_file_replace.3.gz man/man3/zip_file_set_comment.3.gz +man/man3/zip_file_set_encryption.3.gz man/man3/zip_file_set_external_attributes.3.gz man/man3/zip_file_set_mtime.3.gz man/man3/zip_file_strerror.3.gz man/man3/zip_fopen.3.gz man/man3/zip_fopen_encrypted.3.gz man/man3/zip_fopen_index.3.gz man/man3/zip_fopen_index_encrypted.3.gz man/man3/zip_fread.3.gz +man/man3/zip_fseek.3.gz +man/man3/zip_ftell.3.gz man/man3/zip_get_archive_comment.3.gz man/man3/zip_get_archive_flag.3.gz man/man3/zip_get_error.3.gz man/man3/zip_get_file_comment.3.gz man/man3/zip_get_name.3.gz man/man3/zip_get_num_entries.3.gz man/man3/zip_get_num_files.3.gz man/man3/zip_name_locate.3.gz man/man3/zip_open.3.gz man/man3/zip_open_from_source.3.gz +man/man3/zip_register_progress_callback.3.gz man/man3/zip_rename.3.gz man/man3/zip_replace.3.gz man/man3/zip_set_archive_comment.3.gz man/man3/zip_set_archive_flag.3.gz man/man3/zip_set_default_password.3.gz man/man3/zip_set_file_comment.3.gz man/man3/zip_set_file_compression.3.gz man/man3/zip_source.3.gz man/man3/zip_source_begin_write.3.gz man/man3/zip_source_buffer.3.gz man/man3/zip_source_close.3.gz man/man3/zip_source_commit_write.3.gz man/man3/zip_source_error.3.gz man/man3/zip_source_file.3.gz man/man3/zip_source_filep.3.gz man/man3/zip_source_free.3.gz man/man3/zip_source_function.3.gz man/man3/zip_source_function_create.3.gz man/man3/zip_source_is_deleted.3.gz man/man3/zip_source_keep.3.gz man/man3/zip_source_make_command_bitmap.3.gz man/man3/zip_source_open.3.gz man/man3/zip_source_read.3.gz man/man3/zip_source_rollback_write.3.gz man/man3/zip_source_seek.3.gz man/man3/zip_source_seek_compute_offset.3.gz man/man3/zip_source_seek_write.3.gz man/man3/zip_source_stat.3.gz man/man3/zip_source_tell.3.gz man/man3/zip_source_tell_write.3.gz man/man3/zip_source_win32a.3.gz man/man3/zip_source_win32a_create.3.gz man/man3/zip_source_win32handle.3.gz man/man3/zip_source_win32handle_create.3.gz man/man3/zip_source_win32w.3.gz man/man3/zip_source_win32w_create.3.gz man/man3/zip_source_write.3.gz man/man3/zip_source_zip.3.gz man/man3/zip_stat.3.gz man/man3/zip_stat_index.3.gz man/man3/zip_stat_init.3.gz man/man3/zip_strerror.3.gz man/man3/zip_unchange.3.gz man/man3/zip_unchange_all.3.gz man/man3/zip_unchange_archive.3.gz