pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: libarchive-2.8.4nb3 has a multiple-vulnerabilities vulnerability
On 4/24/14, 8:51 AM, Havard Eidnes wrote:
>>> he, could you file a pullup ticket for your commit?
>>
>> Already done, wiz@ pinged me about it a little earlier.
>
> ...and I see now also already pulled up.
>
> Regards,
>
> - Håvard
Thanks everyone for getting this fixed!
Unfortunately, after updating the tree from CVS it won't compile
with clang for me because the return type of the heap_add_entry
function has changed from void to int, and there is an empty return in
heap_add_entry. Here's the clang error:
===
libarchive/archive_read_support_format_iso9660.c:2680:4: error: non-void
function 'heap_add_entry' should return a value [-Wreturn-type]
return;
^
===
This is on Mac OS X Mavericks (10.9.2) with a clang that reports the
following:
===
$ clang -v
Apple LLVM version 5.1 (clang-503.0.40) (based on LLVM 3.4svn)
Target: x86_64-apple-darwin13.1.0
Thread model: posix
===
Below is a patch for archivers/libarchive against the stable branch
(pkgsrc-2014Q1) to fix this.
Thanks,
Lewis
Index: files/libarchive/archive_read_support_format_iso9660.c
===================================================================
RCS file:
/cvsroot/pkgsrc/archivers/libarchive/files/libarchive/archive_read_support_format_iso9660.c,v
retrieving revision 1.3.34.1
diff -b -u -r1.3.34.1 archive_read_support_format_iso9660.c
--- files/libarchive/archive_read_support_format_iso9660.c 24 Apr 2014
09:34:06 -0000 1.3.34.1
+++ files/libarchive/archive_read_support_format_iso9660.c 24 Apr 2014
21:05:49 -0000
@@ -2677,7 +2677,7 @@
parent_key = heap->files[parent]->key;
if (file_key >= parent_key) {
heap->files[hole] = file;
- return;
+ return (ARCHIVE_OK);
}
// Move parent into hole <==> move hole up tree.
heap->files[hole] = heap->files[parent];
Home |
Main Index |
Thread Index |
Old Index