[Bug 259534] archivers/advancecomp: Update to 2.2.g20210429 and fix CVEs

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 29 Oct 2021 17:50:08 UTC 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259534

            Bug ID: 259534
           Summary: archivers/advancecomp: Update to 2.2.g20210429 and fix
                    CVEs
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
               URL: https://github.com/amadvance/advancecomp/releases
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: fuz@fuz.su
 Attachment #229127 maintainer-approval+
             Flags:

Created attachment 229127
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=229127&action=edit
archivers/advancecomp: Update to 2.2.g20210429

This updates archivers/advancecomp to a few commits after the 2.1 version. 
This is needed as CVE-2019-9210, CVE-2019-8383, and CVE-2019-8379 are open in
2.1 but fixed in the git repository.  No significant other changes have
occurred since version 2.1.

While we are at it...

 - follow project to new upstream
 - unbundle libdeflate
 - hook up test suite
 - add a BZIP2 option
 - take maintainership of this unmaintained port

Relevant upstream changes:

 - Added support for reading MNG files with depth of 1, 2, and 4 bits.
 - Fixed a crash condition with invalid ZIP data.
 - Support ZIPs with data descriptor signature.

Tested with Poudriere on armv7 arm64 FreeBSD 13.
Test suite passes (if BZIP2 is disabled), portlint is happy.

Please MFH this change as it fixes open security problems.

-- 
You are receiving this mail because:
You are the assignee for the bug.