upg zlib

2023-10-25 11:04:08 +03:00 · 2023-10-25 11:04:08 +03:00 · a2fa9adc6a
commit a2fa9adc6a
parent 9ce0581e11
2 changed files with 19 additions and 10 deletions
--- a/zlib/PKGBUILD
+++ b/zlib/PKGBUILD
@ -10,16 +10,19 @@ pkgname=(zlib minizip)
 pkgdesc='Compression library implementing the deflate compression method found in gzip and PKZIP'
 epoch=1
 pkgver=1.3
-pkgrel=01
+pkgrel=02
 url="https://www.zlib.net/"
 depends=('glibc')
 makedepends=('automake' 'autoconf')
 options=('staticlibs')  # needed by binutils testsuite
 #options=('staticlibs' 'debug')   ## uncomment this to have the debug pkg produced
-source=("https://zlib.net/zlib-${pkgver}.tar.gz"{,.asc})
+source=("https://zlib.net/zlib-${pkgver}.tar.gz"{,.asc}
+        zlib-1.3-CVE-2023-45853.patch::https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch)
+

 prepare() {
  cd $pkgbase-$pkgver/contrib/minizip
+  patch -Np3 < "${srcdir}/zlib-1.3-CVE-2023-45853.patch"
  cp Makefile Makefile.orig
  cp ../README.contrib readme.txt
  autoreconf -fiv
@ -68,13 +71,13 @@ license=(Zlib)
 validpgpkeys=('5ED46A6721D365587791E2AA783FCD8E58BCAFBA')

 sha256sums=(ff0ba4c292013dbc27530b3a81e1f9a813cd39de01ca5e0f8bf355702efa593e  # zlib-1.3.tar.gz
-	bf1e20cc852e179fa38093565c3910d5ad9cd44eee4c45dd7e5445adcc0be1c3) # zlib-1.3.tar.gz.asc
-
-##  0859981253c09aac897d298b7ebed07bf9f9dd53f9283a866eecbd53c9aca624  minizip-1:1.3-01-x86_64.pkg.tar.lz
-##  ca8dd48ebcbf0ae6e2fb07df4259178cd37da7ed7f569f7722bb0e79b712a94d  zlib-1:1.3-01-x86_64.pkg.tar.lz
+	bf1e20cc852e179fa38093565c3910d5ad9cd44eee4c45dd7e5445adcc0be1c3  # zlib-1.3.tar.gz.asc
+	7aa0221bf62796c29ae665ef3dd138489e1995b7095924dc035104959da13417) # zlib-1.3-CVE-2023-45853.patch

 # Note to packager: 
 ls -l *pkg.tar.lz 
 echo "you must rename this package to meet SF naming before you move to the repo"
 echo "mv $pkgname-$epoch:$pkgver-$pkgrel-$arch.pkg.tar.lz $pkgname-$epoch_$pkgver-$pkgrel-$arch.pkg.tar.lz"

+##  731add84f49cc773541fd2da4056215265b339daf7957eaed9ee78e60d2185f4  minizip-1_1.3-02-x86_64.pkg.tar.lz
+##  adcb4679cd923d0367ca16a7937610f727cdf33bd06a7a4be7e075cd33978e62  zlib-1_1.3-02-x86_64.pkg.tar.lz
--- a/zlib/PKGBUILD-arch
+++ b/zlib/PKGBUILD-arch
@ -6,7 +6,7 @@ pkgbase=zlib
 pkgname=(zlib minizip)
 epoch=1
 pkgver=1.3
-pkgrel=1
+pkgrel=2
 pkgdesc='Compression library implementing the deflate compression method found in gzip and PKZIP'
 arch=(x86_64)
 license=(Zlib)
@ -15,15 +15,19 @@ options=(
  staticlibs  # needed by binutils testsuite
  debug
 )
-source=(https://github.com/madler/zlib/releases/download/v$pkgver/$pkgname-$pkgver.tar.xz{,.asc})
+source=(https://github.com/madler/zlib/releases/download/v$pkgver/$pkgname-$pkgver.tar.xz{,.asc}
+        zlib-1.3-CVE-2023-45853.patch::https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c.patch)
 sha512sums=('3868ac4da5842dd36c9dad794930675b9082ce15cbd099ddb79c0f6bd20a24aa8f33a123f378f26fe0ae02d91f31f2994dccaac565cedeaffed7b315e6ded2a2'
-            'SKIP')
+            'SKIP'
+            '77de58fec1875b72ba47e2c21ff5cafd3251924baf047b4eb520fdecc63e9414c34d9224dae86982161d7e4f867120c6a7f4c5165adf6b090205513865e82e09')
 b2sums=('5fe0f32339267348a313f23a21e9588bdb180b7415be303c85f5f169444d019e5f176ef7322f6e64297c360acc2a6041c50e2f66d1860e5c392d8970990f176a'
-        'SKIP')
+        'SKIP'
+        'bba55b9074c6ac863b5dc65c3a087a2f5b9190e69106d9b2009ec3bd89e20a940091cb10464b3014c46c3c2e5248d578169164dfb9096b8ebcea08de4feee442')
 validpgpkeys=('5ED46A6721D365587791E2AA783FCD8E58BCAFBA')  # Mark Adler <madler@alumni.caltech.edu>

 prepare() {
  cd $pkgbase-$pkgver/contrib/minizip
+  patch -Np3 < "${srcdir}/zlib-1.3-CVE-2023-45853.patch"
  cp Makefile Makefile.orig
  cp ../README.contrib readme.txt
  autoreconf -fiv
@ -68,3 +72,5 @@ package_minizip() {
  # https://github.com/madler/zlib/pull/229
  rm "$pkgdir/usr/include/minizip/crypt.h"
 }
+
+# vim: ts=2 sw=2 et: