From 535fff1290d36e1be797673df83a2afb6bf8cd20 Mon Sep 17 00:00:00 2001 From: Schrijvers Luc Date: Tue, 7 Apr 2026 11:49:41 +0200 Subject: [PATCH] lrzip, bump to version 0.651 (#13920) --- ...{lrzip-0.631.recipe => lrzip-0.651.recipe} | 64 ++++--- app-arch/lrzip/patches/CVE-2022-33067.patch | 27 +++ app-arch/lrzip/patches/CVE-2023-39741.patch | 23 +++ app-arch/lrzip/patches/lrzip-0.631.patchset | 129 -------------- app-arch/lrzip/patches/lrzip-0.651.patchset | 164 ++++++++++++++++++ 5 files changed, 245 insertions(+), 162 deletions(-) rename app-arch/lrzip/{lrzip-0.631.recipe => lrzip-0.651.recipe} (61%) create mode 100644 app-arch/lrzip/patches/CVE-2022-33067.patch create mode 100644 app-arch/lrzip/patches/CVE-2023-39741.patch delete mode 100644 app-arch/lrzip/patches/lrzip-0.631.patchset create mode 100644 app-arch/lrzip/patches/lrzip-0.651.patchset diff --git a/app-arch/lrzip/lrzip-0.631.recipe b/app-arch/lrzip/lrzip-0.651.recipe similarity index 61% rename from app-arch/lrzip/lrzip-0.631.recipe rename to app-arch/lrzip/lrzip-0.651.recipe index 5fb1c6ac1..b6986ba78 100644 --- a/app-arch/lrzip/lrzip-0.631.recipe +++ b/app-arch/lrzip/lrzip-0.651.recipe @@ -6,74 +6,77 @@ will be able to more effectively compress your files \ You can either choose to optimise for speed (fast compression / decompression) \ or size, but not both." HOMEPAGE="http://lrzip.kolivas.org/" -COPYRIGHT="2016 lrzip Authors" +COPYRIGHT="2016-2022 lrzip Authors" LICENSE="GNU GPL v2" -REVISION="3" -SOURCE_URI="http://ck.kolivas.org/apps/lrzip/lrzip-$portVersion.tar.bz2" -CHECKSUM_SHA256="0d11e268d0d72310d6d73a8ce6bb3d85e26de3f34d8a713055f3f25a77226455" -PATCHES="lrzip-$portVersion.patchset" +REVISION="1" +SOURCE_URI="https://github.com/ckolivas/lrzip/archive/refs/tags/v$portVersion.tar.gz" +CHECKSUM_SHA256="f4c84de778a059123040681fd47c17565fcc4fec0ccc68fcf32d97fad16cd892" +SOURCE_FILENAME="lrzip-v$portVersion.tar.gz" +PATCHES="lrzip-$portVersion.patchset + CVE-2022-33067.patch + CVE-2023-39741.patch" ARCHITECTURES="all !x86_gcc2" SECONDARY_ARCHITECTURES="x86" +commandBinDir=$binDir +commandSuffix=$secondaryArchSuffix +if [ "$targetArchitecture" = x86_gcc2 ]; then + commandSuffix= + commandBinDir=$prefix/bin +fi + USER_SETTINGS_FILES=" settings/lrzip.conf template $relativeDocDir/lrzip.conf.example " -libVersion="0.0.0" -libVersionCompat="$libVersion compat >= ${libVersion%%.*}" - PROVIDES=" lrzip$secondaryArchSuffix = $portVersion - cmd:lrunzip = $portVersion - cmd:lrz = $portVersion - cmd:lrzcat = $portVersion - cmd:lrzip = $portVersion - cmd:lrztar = $portVersion - cmd:lrzuntar = $portVersion - lib:liblrzip$secondaryArchSuffix = $libVersionCompat + cmd:lrunzip$commandSuffix = $portVersion + cmd:lrz$commandSuffix = $portVersion + cmd:lrzcat$commandSuffix = $portVersion + cmd:lrzip$commandSuffix = $portVersion + cmd:lrztar$commandSuffix = $portVersion + cmd:lrzuntar$commandSuffix = $portVersion " REQUIRES=" haiku$secondaryArchSuffix lib:libbz2$secondaryArchSuffix + lib:liblz4$secondaryArchSuffix lib:liblzo2$secondaryArchSuffix lib:libz$secondaryArchSuffix " -PROVIDES_devel=" - lrzip${secondaryArchSuffix}_devel = $portVersion - devel:liblrzip$secondaryArchSuffix = $libVersionCompat - " -REQUIRES_devel=" - lrzip$secondaryArchSuffix == $portVersion base - " - BUILD_REQUIRES=" haiku${secondaryArchSuffix}_devel devel:libbz2$secondaryArchSuffix + devel:liblz4$secondaryArchSuffix devel:liblzo2$secondaryArchSuffix devel:libz$secondaryArchSuffix " BUILD_PREREQUIRES=" - cmd:autoconf + cmd:aclocal + cmd:autoreconf cmd:awk cmd:cmp cmd:doxygen cmd:find cmd:g++$secondaryArchSuffix cmd:gcc$secondaryArchSuffix + cmd:libtoolize$secondaryArchSuffix cmd:make cmd:pod2man " defineDebugInfoPackage lrzip$secondaryArchSuffix \ - "$prefix"/bin/lrzip \ - "$libDir"/liblrzip.so.$libVersion + "$commandBinDir"/lrzip BUILD() { + autoreconf -fi runConfigure --omit-dirs "binDir docDir" ./configure \ - --bindir="$prefix/bin" --docdir="$developDocDir" \ + --bindir="$commandBinDir" \ + --docdir="$developDocDir" \ --disable-static make $jobArgs } @@ -83,14 +86,9 @@ INSTALL() make install install -d -m 755 "$docDir" + # There's no need for another version of GPL v2 rm "$developDocDir"/COPYING mv -t "$docDir" "$developDocDir"/{AUTHORS,lrzip.conf.example,README.md} - - rm -f "$libDir"/*.la - fixPkgconfig - prepareInstalledDevelLib liblrzip - packageEntries devel \ - "$developDir" } diff --git a/app-arch/lrzip/patches/CVE-2022-33067.patch b/app-arch/lrzip/patches/CVE-2022-33067.patch new file mode 100644 index 000000000..132a69704 --- /dev/null +++ b/app-arch/lrzip/patches/CVE-2022-33067.patch @@ -0,0 +1,27 @@ +From 843fa4168af4d0fe6278a5373793d37eb811affb Mon Sep 17 00:00:00 2001 +From: ckolivas +Date: Fri, 13 Feb 2026 12:07:24 +1100 +Subject: [PATCH] Address undefined warnings from compilers for left shifting + negative integers in zpaq. + +--- + libzpaq/libzpaq.cpp | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/libzpaq/libzpaq.cpp b/libzpaq/libzpaq.cpp +index 633c6f12..42d9f58d 100644 +--- a/libzpaq/libzpaq.cpp ++++ b/libzpaq/libzpaq.cpp +@@ -801,7 +801,11 @@ void Predictor::init() { + cr.cm.resize(512); + for (int j=0; j<256; ++j) { + cr.cm[j*2]=1<<15; +- cr.cm[j*2+1]=clamp512k(stretch(st.cminit(j)>>8)<<10); ++ // Left shift of negative values is undefined strictly speaking so ++ // cast it back and forth to safely perform left shift and avoid ++ // compiler issues. Original code: ++ // cr.cm[j*2+1]=clamp512k(stretch(st.cminit(j)>>8)<<10); ++ cr.cm[j*2+1]=clamp512k(static_cast(static_cast(stretch(st.cminit(j) >> 8)) << 10)); + } + break; + case SSE: // sizebits j start limit diff --git a/app-arch/lrzip/patches/CVE-2023-39741.patch b/app-arch/lrzip/patches/CVE-2023-39741.patch new file mode 100644 index 000000000..7eb92f900 --- /dev/null +++ b/app-arch/lrzip/patches/CVE-2023-39741.patch @@ -0,0 +1,23 @@ +Description: backport hsize validation for empty PCOMP + Backport hsize validation from libzpaq v7.15 + This prevents Denial of Service via a crafted file due to a heap overflow + via the ibzpaq::PostProcessor::write(int) function. +Author: Laszlo Boszormenyi (GCS) +Origin: backport, https://mattmahoney.net/dc/zpaq.html +Bug: https://github.com/ckolivas/lrzip/issues/246 +Bug-Debian: https://bugs.debian.org/1059293 +Forwarded: no +Last-Update: 2023-12-22 + +--- + +--- a/libzpaq/libzpaq.cpp ++++ b/libzpaq/libzpaq.cpp +@@ -1199,6 +1199,7 @@ int PostProcessor::write(int c) { + case 3: // PROG psize[0] + if (c<0) error("Unexpected EOS"); + hsize+=c*256; // high byte of psize ++ if (hsize<1) error("Empty PCOMP"); + z.header.resize(hsize+300); + z.cend=8; + z.hbegin=z.hend=z.cend+128; diff --git a/app-arch/lrzip/patches/lrzip-0.631.patchset b/app-arch/lrzip/patches/lrzip-0.631.patchset deleted file mode 100644 index fafbea832..000000000 --- a/app-arch/lrzip/patches/lrzip-0.631.patchset +++ /dev/null @@ -1,129 +0,0 @@ -From 8cacb87c909cfaa3b08d443b3bbfa57e1a07bc52 Mon Sep 17 00:00:00 2001 -From: Leorize -Date: Fri, 22 Dec 2017 15:21:32 +0700 -Subject: add Haiku support - -use find_directory for settings - -use int typedefs from SupportDefs instead - -use fallback ffsll - -diff --git a/lrzip_private.h b/lrzip_private.h -index 9ac9f47..0d4dfda 100644 ---- a/lrzip_private.h -+++ b/lrzip_private.h -@@ -78,6 +78,10 @@ void *alloca (size_t); - # endif - #endif - -+#ifdef __HAIKU__ -+#include -+#endif -+ - #ifndef MD5_DIGEST_SIZE - # define MD5_DIGEST_SIZE 16 - #endif -@@ -144,7 +148,7 @@ extern int errno; - #define unlikely(x) __builtin_expect(!!(x), 0) - #define __maybe_unused __attribute__((unused)) - --#if defined(__MINGW32__) || defined(__CYGWIN__) || defined(ANDROID) || defined(__APPLE__) -+#if defined(__MINGW32__) || defined(__CYGWIN__) || defined(ANDROID) || defined(__APPLE__) || defined(__HAIKU__) - # define ffsll __builtin_ffsll - #endif - -diff --git a/util.c b/util.c -index d79125b..7220c81 100644 ---- a/util.c -+++ b/util.c -@@ -59,6 +59,11 @@ - # include - #endif - -+#ifdef __HAIKU__ -+#include -+#include -+#endif -+ - /* Macros for testing parameters */ - #define isparameter( parmstring, value ) (!strcasecmp( parmstring, value )) - #define iscaseparameter( parmvalue, value ) (!strcmp( parmvalue, value )) -@@ -181,7 +186,13 @@ bool get_rand(rzip_control *control, uchar *buf, int len) - bool read_config(rzip_control *control) - { - /* check for lrzip.conf in ., $HOME/.lrzip and /etc/lrzip */ -+#ifndef __HAIKU__ - char *HOME, homeconf[255]; -+#else -+ dev_t volume; -+ char buffer[B_PATH_NAME_LENGTH]; -+ char confpath[B_PATH_NAME_LENGTH + B_FILE_NAME_LENGTH]; -+#endif - char *parametervalue; - char *parameter; - char line[255]; -@@ -190,6 +201,7 @@ bool read_config(rzip_control *control) - fp = fopen("lrzip.conf", "r"); - if (fp) - fprintf(control->msgout, "Using configuration file ./lrzip.conf\n"); -+#ifndef __HAIKU__ - if (fp == NULL) { - HOME=getenv("HOME"); - if (HOME) { -@@ -204,6 +216,25 @@ bool read_config(rzip_control *control) - if (fp) - fprintf(control->msgout, "Using configuration file /etc/lrzip/lrzip.conf\n"); - } -+#else -+ if (fp == NULL) { -+ volume = dev_for_path("/boot"); -+ if (find_directory(B_USER_SETTINGS_DIRECTORY, volume, false, buffer, sizeof(buffer)) == B_OK) { -+ snprintf(confpath, sizeof(confpath), "%s/lrzip/lrzip.conf", buffer); -+ fp = fopen(confpath, "r"); -+ if (fp) -+ fprintf(control->msgout, "Using configuration file %s\n", confpath); -+ } -+ } -+ if (fp == NULL) { -+ if (find_directory(B_SYSTEM_SETTINGS_DIRECTORY, volume, false, buffer, sizeof(buffer)) == B_OK) { -+ snprintf(confpath, sizeof(confpath), "%s/lrzip/lrzip.conf", buffer); -+ fp = fopen(confpath, "r"); -+ if (fp) -+ fprintf(control->msgout, "Using configuration file %s\n", confpath); -+ } -+ } -+#endif - if (fp == NULL) - return true; - --- -2.15.0 - - -From 6a726a45f117ca346cfc676c91bd3d6b557fc0ff Mon Sep 17 00:00:00 2001 -From: Leorize -Date: Fri, 22 Dec 2017 15:36:59 +0700 -Subject: use no-op implementation for setpriority, mlock, munlock - - -diff --git a/lrzip_private.h b/lrzip_private.h -index 0d4dfda..0369dd5 100644 ---- a/lrzip_private.h -+++ b/lrzip_private.h -@@ -180,6 +180,12 @@ typedef sem_t cksem_t; - # define MD5_RELIABLE (1) - #endif - -+#if defined(__HAIKU__) -+# define setpriority(...) 0 -+# define mlock(...) 0 -+# define munlock(...) 0 -+#endif -+ - #define bswap_32(x) \ - ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \ - (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24)) --- -2.15.0 - diff --git a/app-arch/lrzip/patches/lrzip-0.651.patchset b/app-arch/lrzip/patches/lrzip-0.651.patchset new file mode 100644 index 000000000..b0db51f0b --- /dev/null +++ b/app-arch/lrzip/patches/lrzip-0.651.patchset @@ -0,0 +1,164 @@ +From 4ac4cec25b25b4157f286b5d2c3579fe4a20387b Mon Sep 17 00:00:00 2001 +From: Leorize +Date: Fri, 22 Dec 2017 15:21:32 +0700 +Subject: add Haiku support + +use find_directory for settings + +use int typedefs from SupportDefs instead + +use fallback ffsll + +diff --git a/lrzip_private.h b/lrzip_private.h +index 67ba247..9d352af 100644 +--- a/lrzip_private.h ++++ b/lrzip_private.h +@@ -78,6 +78,10 @@ void *alloca (size_t); + # endif + #endif + ++#ifdef __HAIKU__ ++#include ++#endif ++ + #ifndef MD5_DIGEST_SIZE + # define MD5_DIGEST_SIZE 16 + #endif +@@ -144,7 +148,7 @@ extern int errno; + #define unlikely(x) __builtin_expect(!!(x), 0) + #define __maybe_unused __attribute__((unused)) + +-#if defined(__MINGW32__) || defined(__CYGWIN__) || defined(__ANDROID__) || defined(__APPLE__) ++#if defined(__MINGW32__) || defined(__CYGWIN__) || defined(__ANDROID__) || defined(__APPLE__) || defined(__HAIKU__) + # define ffsll __builtin_ffsll + #endif + +diff --git a/util.c b/util.c +index f643303..d7708d3 100644 +--- a/util.c ++++ b/util.c +@@ -59,6 +59,11 @@ + # include + #endif + ++#ifdef __HAIKU__ ++#include ++#include ++#endif ++ + /* Macros for testing parameters */ + #define isparameter( parmstring, value ) (!strcasecmp( parmstring, value )) + #define iscaseparameter( parmvalue, value ) (!strcmp( parmvalue, value )) +@@ -190,7 +195,13 @@ bool get_rand(rzip_control *control, uchar *buf, int len) + bool read_config(rzip_control *control) + { + /* check for lrzip.conf in ., $HOME/.lrzip and /etc/lrzip */ ++#ifndef __HAIKU__ + char *HOME, homeconf[255]; ++#else ++ dev_t volume; ++ char buffer[B_PATH_NAME_LENGTH]; ++ char confpath[B_PATH_NAME_LENGTH + B_FILE_NAME_LENGTH]; ++#endif + char *parametervalue; + char *parameter; + char line[255]; +@@ -199,6 +210,7 @@ bool read_config(rzip_control *control) + fp = fopen("lrzip.conf", "r"); + if (fp) + fprintf(control->msgout, "Using configuration file ./lrzip.conf\n"); ++#ifndef __HAIKU__ + if (fp == NULL) { + HOME=getenv("HOME"); + if (HOME) { +@@ -213,6 +225,25 @@ bool read_config(rzip_control *control) + if (fp) + fprintf(control->msgout, "Using configuration file /etc/lrzip/lrzip.conf\n"); + } ++#else ++ if (fp == NULL) { ++ volume = dev_for_path("/boot"); ++ if (find_directory(B_USER_SETTINGS_DIRECTORY, volume, false, buffer, sizeof(buffer)) == B_OK) { ++ snprintf(confpath, sizeof(confpath), "%s/lrzip/lrzip.conf", buffer); ++ fp = fopen(confpath, "r"); ++ if (fp) ++ fprintf(control->msgout, "Using configuration file %s\n", confpath); ++ } ++ } ++ if (fp == NULL) { ++ if (find_directory(B_SYSTEM_SETTINGS_DIRECTORY, volume, false, buffer, sizeof(buffer)) == B_OK) { ++ snprintf(confpath, sizeof(confpath), "%s/lrzip/lrzip.conf", buffer); ++ fp = fopen(confpath, "r"); ++ if (fp) ++ fprintf(control->msgout, "Using configuration file %s\n", confpath); ++ } ++ } ++#endif + if (fp == NULL) + return false; + +-- +2.52.0 + + +From 96717dca847963f5dc12c5f156ae3c027689ade5 Mon Sep 17 00:00:00 2001 +From: Leorize +Date: Fri, 22 Dec 2017 15:36:59 +0700 +Subject: use no-op implementation for setpriority, mlock, munlock + + +diff --git a/lrzip_private.h b/lrzip_private.h +index 9d352af..177a21b 100644 +--- a/lrzip_private.h ++++ b/lrzip_private.h +@@ -174,6 +174,12 @@ typedef sem_t cksem_t; + #define mremap fake_mremap + #endif + ++#if defined(__HAIKU__) ++# define setpriority(...) 0 ++# define mlock(...) 0 ++# define munlock(...) 0 ++#endif ++ + #define bswap_32(x) \ + ((((x) & 0xff000000) >> 24) | (((x) & 0x00ff0000) >> 8) | \ + (((x) & 0x0000ff00) << 8) | (((x) & 0x000000ff) << 24)) +-- +2.52.0 + + +From 527cf975c735ecfaebd9e062c4b1a901c1d9e0de Mon Sep 17 00:00:00 2001 +From: Luc Schrijvers +Date: Fri, 2 Jan 2026 12:58:55 +0100 +Subject: Haiku doesn't have PRIO_MIN(?) + + +diff --git a/main.c b/main.c +index eb0985f..927cefb 100644 +--- a/main.c ++++ b/main.c +@@ -451,11 +451,15 @@ int main(int argc, char *argv[]) + case 'N': + nice_set = true; + control->nice_val = strtol(optarg, &endptr, 10); +- if (control->nice_val < PRIO_MIN || control->nice_val > PRIO_MAX) +- failure("Invalid nice value (must be %d...%d)\n", PRIO_MIN, PRIO_MAX); +- if (*endptr) +- failure("Extra characters after nice level: \'%s\'\n", endptr); +- break; ++ #if defined(__HAIKU__) ++ return false; ++ #else ++ if (control->nice_val < PRIO_MIN || control->nice_val > PRIO_MAX) ++ failure("Invalid nice value (must be %d...%d)\n", PRIO_MIN, PRIO_MAX); ++ if (*endptr) ++ failure("Extra characters after nice level: \'%s\'\n", endptr); ++ break; ++ #endif + case 'o': + if (control->outdir) + failure("Cannot have -o and -O together\n"); +-- +2.52.0 +