aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-03-26 15:32:37 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-03-26 20:13:18 +0000
commit8c7e0d5c8061d459c8b2b33b122206ec6fa59163 (patch)
tree3aa36d838c4c8fc29cf8de75eb705e325903fd65
parentbc400e4a65bf92b1faf753c3d3524bbded82c86f (diff)
main/unzip: fix CVE-2019-13232
-rw-r--r--main/unzip/APKBUILD40
1 files changed, 20 insertions, 20 deletions
diff --git a/main/unzip/APKBUILD b/main/unzip/APKBUILD
index 15850008be8..f506e48b5c6 100644
--- a/main/unzip/APKBUILD
+++ b/main/unzip/APKBUILD
@@ -3,7 +3,7 @@
pkgname=unzip
pkgver=6.0
_pkgver=${pkgver//./}
-pkgrel=5
+pkgrel=6
pkgdesc="Extract PKZIP-compatible .zip files"
url="http://www.info-zip.org/UnZip.html"
arch="all"
@@ -11,7 +11,7 @@ license="custom"
subpackages="$pkgname-doc"
options="!check"
# normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip
-source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz
+source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz
10-unzip-handle-pkware-verify.patch
20-unzip-uidgid-fix.patch
unzip-6.0-heap-overflow-infloop.patch
@@ -22,37 +22,36 @@ source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz
CVE-2016-9844.patch
CVE-2018-1000035.patch
fix-CVE-2014-8139.patch
+ https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch
"
builddir="$srcdir/$pkgname$_pkgver"
# secfixes:
+# 6.0-r6:
+# - CVE-2019-13232
# 6.0-r3:
-# - CVE-2014-8139
-# - CVE-2014-8140
-# - CVE-2014-8141
-# - CVE-2014-9636
-# - CVE-2014-9913
-# - CVE-2016-9844
-# - CVE-2018-1000035
+# - CVE-2014-8139
+# - CVE-2014-8140
+# - CVE-2014-8141
+# - CVE-2014-9636
+# - CVE-2014-9913
+# - CVE-2016-9844
+# - CVE-2018-1000035
# 6.0-r1:
-# - CVE-2015-7696
-# - CVE-2015-7697
+# - CVE-2015-7696
+# - CVE-2015-7697
build() {
- cd "$builddir"
-
make -f unix/Makefile \
- CC="${CHOST}-gcc" \
- LOCAL_UNZIP="${CFLAGS} ${CPPFLAGS} -DNO_LCHMOD" \
+ CC="$CHOST-gcc" \
+ LOCAL_UNZIP="$CFLAGS $CPPFLAGS -DNO_LCHMOD" \
prefix=/usr generic
}
package() {
- cd "$builddir"
-
make -f unix/Makefile \
- MANDIR=${pkgdir}/usr/share/man/man1/ \
- prefix=${pkgdir}/usr install
+ MANDIR=$pkgdir/usr/share/man/man1/ \
+ prefix=$pkgdir/usr install
install -Dm644 LICENSE \
"$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
@@ -67,4 +66,5 @@ b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee056
9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch
8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch
6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch
-13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch"
+13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch
+aa8dcf335c6f48c3d7f0ab6aa220b838f2a5be54ac3b8dea4729d2acfed180e51e6ca1299d96439d99bae5a0caba5e3df73558ca2ea7099d7275bfc1f0fc8c09 47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch"