From b4a9cb3e5493b414c2d671e6e5c1e8bcf084915c Mon Sep 17 00:00:00 2001
From: Andreas Sturmlechner <asturm@gentoo.org>
Date: Tue, 24 Oct 2017 01:25:22 +0200
Subject: [PATCH] dev-libs/libzip: Security cleanup, bug #629574

Package-Manager: Portage-2.3.12, Repoman-2.3.3
---
 dev-libs/libzip/Manifest                      |  1 -
 .../files/libzip-1.2.0-CVE-2017-12858.patch   | 37 -----------------
 .../files/libzip-1.2.0-CVE-2017-14107.patch   | 27 ------------
 dev-libs/libzip/libzip-1.2.0-r1.ebuild        | 40 ------------------
 dev-libs/libzip/libzip-1.2.0-r2.ebuild        | 41 -------------------
 dev-libs/libzip/libzip-1.2.0.ebuild           | 39 ------------------
 6 files changed, 185 deletions(-)
 delete mode 100644 dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
 delete mode 100644 dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
 delete mode 100644 dev-libs/libzip/libzip-1.2.0-r1.ebuild
 delete mode 100644 dev-libs/libzip/libzip-1.2.0-r2.ebuild
 delete mode 100644 dev-libs/libzip/libzip-1.2.0.ebuild

diff --git a/dev-libs/libzip/Manifest b/dev-libs/libzip/Manifest
index 4fd8d312a19b3..9206b63f7b6aa 100644
--- a/dev-libs/libzip/Manifest
+++ b/dev-libs/libzip/Manifest
@@ -1,2 +1 @@
-DIST libzip-1.2.0.tar.xz 938284 SHA256 ffc0764395fba3d45dc5a6e32282788854618b9e9838337f8218b596007f1376 SHA512 1ba8626d72e6b47f735568afaf007d1e18beb3ebedf6b69a6b575f9e04d3b84550371191a89be153f8fcedb4a8eac2f996e141da95cdbb52380b6283cc99cf8b WHIRLPOOL 794a462fc4d1529008fccbe6df41c5616b34712ef34721e0cbe555aa12ada7928d22f6e9421de210efdf7b460188a4d6a9a6e53fc0266bcf52d47d6a7e30a5f6
 DIST libzip-1.3.0.tar.xz 955876 SHA256 aa936efe34911be7acac2ab07fb5c8efa53ed9bb4d44ad1fe8bff19630e0d373 SHA512 8e12a23fe62b993ff4592e1b9da152533a363b0603fc1f65e6cbb6121d4260c45f98171effbccb76dec4030b0fcdcd273919755a2496ab462431646ac83bb900 WHIRLPOOL eca44e4c7e3a09d90f7a9c694de01c97fdc97ce7989bd8ccf9acb8e33e10145f6860c4dd5bb282d2ab0a708d9ddb6b7ecde88bf5276365179057c02f534e182d
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
deleted file mode 100644
index 26236510fee8a..0000000000000
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-12858.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001
-From: Thomas Klausner <tk@giga.or.at>
-Date: Mon, 14 Aug 2017 10:55:44 +0200
-Subject: [PATCH] Fix double free().
-
-Found by Brian 'geeknik' Carpenter using AFL.
----
- THANKS           | 1 +
- lib/zip_dirent.c | 3 ---
- 2 files changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/THANKS b/THANKS
-index be0cca9..a80ee1d 100644
---- a/THANKS
-+++ b/THANKS
-@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
- Benjamin Gilbert <bgilbert@backtick.net>
- Boaz Stolk <bstolk@aweta.nl>
- Bogdan <bogiebog@gmail.com>
-+Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
- Chris Nehren <cnehren+libzip@pobox.com>
- Coverity <info@coverity.com>
- Dane Springmeyer <dane.springmeyer@gmail.com>
-diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
-index a369900..e5a7cc9 100644
---- a/lib/zip_dirent.c
-+++ b/lib/zip_dirent.c
-@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
-     }
- 
-     if (!_zip_dirent_process_winzip_aes(zde, error)) {
--	if (!from_buffer) {
--	    _zip_buffer_free(buffer);
--	}
- 	return -1;
-     }
- 
diff --git a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch b/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
deleted file mode 100644
index 3d1f9a0aabc3f..0000000000000
--- a/dev-libs/libzip/files/libzip-1.2.0-CVE-2017-14107.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 9b46957ec98d85a572e9ef98301247f39338a3b5 Mon Sep 17 00:00:00 2001
-From: Thomas Klausner <tk@giga.or.at>
-Date: Tue, 29 Aug 2017 10:25:03 +0200
-Subject: [PATCH] Make eocd checks more consistent between zip and zip64 cases.
-
----
- lib/zip_open.c | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/lib/zip_open.c b/lib/zip_open.c
-index 3bd593b..9d3a4cb 100644
---- a/lib/zip_open.c
-+++ b/lib/zip_open.c
-@@ -847,7 +847,12 @@ _zip_read_eocd64(zip_source_t *src, zip_buffer_t *buffer, zip_uint64_t buf_offse
-         zip_error_set(error, ZIP_ER_SEEK, EFBIG);
-         return NULL;
-     }
--    if ((flags & ZIP_CHECKCONS) && offset+size != eocd_offset) {
-+    if (offset+size > buf_offset + eocd_offset) {
-+	/* cdir spans past EOCD record */
-+	zip_error_set(error, ZIP_ER_INCONS, 0);
-+	return NULL;
-+    }
-+    if ((flags & ZIP_CHECKCONS) && offset+size != buf_offset + eocd_offset) {
- 	zip_error_set(error, ZIP_ER_INCONS, 0);
- 	return NULL;
-     }
diff --git a/dev-libs/libzip/libzip-1.2.0-r1.ebuild b/dev-libs/libzip/libzip-1.2.0-r1.ebuild
deleted file mode 100644
index 61f933dcd36c2..0000000000000
--- a/dev-libs/libzip/libzip-1.2.0-r1.ebuild
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools
-
-DESCRIPTION="Library for manipulating zip archives"
-HOMEPAGE="http://www.nih.at/libzip/"
-SRC_URI="http://www.nih.at/libzip/${P}.tar.xz"
-
-LICENSE="BSD"
-SLOT="0/5"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="static-libs"
-
-RDEPEND="
-	sys-libs/zlib
-	elibc_musl? ( sys-libs/fts-standalone )
-"
-DEPEND="${RDEPEND}"
-
-DOCS=( AUTHORS NEWS.md API-CHANGES THANKS )
-
-PATCHES=(
-	"${FILESDIR}/${P}-headers.patch"
-	"${FILESDIR}/${P}-fts.patch"
-	"${FILESDIR}/${P}-CVE-2017-12858.patch"
-)
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_install() {
-	default
-	use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die
-	find "${D}" -name '*.la' -delete || die
-}
diff --git a/dev-libs/libzip/libzip-1.2.0-r2.ebuild b/dev-libs/libzip/libzip-1.2.0-r2.ebuild
deleted file mode 100644
index 524782f42c3fc..0000000000000
--- a/dev-libs/libzip/libzip-1.2.0-r2.ebuild
+++ /dev/null
@@ -1,41 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools
-
-DESCRIPTION="Library for manipulating zip archives"
-HOMEPAGE="https://nih.at/libzip/"
-SRC_URI="https://www.nih.at/libzip/${P}.tar.xz"
-
-LICENSE="BSD"
-SLOT="0/5"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="static-libs"
-
-RDEPEND="
-	sys-libs/zlib
-	elibc_musl? ( sys-libs/fts-standalone )
-"
-DEPEND="${RDEPEND}"
-
-DOCS=( AUTHORS NEWS.md API-CHANGES THANKS )
-
-PATCHES=(
-	"${FILESDIR}/${P}-headers.patch"
-	"${FILESDIR}/${P}-fts.patch"
-	"${FILESDIR}/${P}-CVE-2017-12858.patch"
-	"${FILESDIR}/${P}-CVE-2017-14107.patch"
-)
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_install() {
-	default
-	use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die
-	find "${D}" -name '*.la' -delete || die
-}
diff --git a/dev-libs/libzip/libzip-1.2.0.ebuild b/dev-libs/libzip/libzip-1.2.0.ebuild
deleted file mode 100644
index d51ce7650816c..0000000000000
--- a/dev-libs/libzip/libzip-1.2.0.ebuild
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools
-
-DESCRIPTION="Library for manipulating zip archives"
-HOMEPAGE="http://www.nih.at/libzip/"
-SRC_URI="http://www.nih.at/libzip/${P}.tar.xz"
-
-LICENSE="BSD"
-SLOT="0/5"
-KEYWORDS="alpha amd64 ~arm ~arm64 ~hppa ia64 ~mips ppc ppc64 sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~x86-macos"
-IUSE="static-libs"
-
-RDEPEND="
-	sys-libs/zlib
-	elibc_musl? ( sys-libs/fts-standalone )
-"
-DEPEND="${RDEPEND}"
-
-DOCS=( AUTHORS NEWS.md API-CHANGES THANKS )
-
-PATCHES=(
-	"${FILESDIR}/${P}-headers.patch"
-	"${FILESDIR}/${P}-fts.patch"
-)
-
-src_prepare() {
-	default
-	eautoreconf
-}
-
-src_install() {
-	default
-	use static-libs || rm "${ED%/}"/usr/$(get_libdir)/libzip.a || die
-	find "${D}" -name '*.la' -delete || die
-}