aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-03-26 15:32:37 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-03-26 17:11:02 -0300
commit2d5ea9b0ef18df74869bf77e2b9b7beda9a8cfe8 (patch)
tree4045cda8a6ee453a8ff36cb84746d8a3c8dd83d5
parent7b7625a81b8571398c20ac7e40ff345e3dfe118c (diff)
downloadaports-2d5ea9b0ef18df74869bf77e2b9b7beda9a8cfe8.tar.gz
aports-2d5ea9b0ef18df74869bf77e2b9b7beda9a8cfe8.tar.bz2
aports-2d5ea9b0ef18df74869bf77e2b9b7beda9a8cfe8.tar.xz
main/unzip: fix CVE-2019-13232
-rw-r--r--main/unzip/APKBUILD36
1 files changed, 18 insertions, 18 deletions
diff --git a/main/unzip/APKBUILD b/main/unzip/APKBUILD
index 9afa36c04f..a4be378d78 100644
--- a/main/unzip/APKBUILD
+++ b/main/unzip/APKBUILD
@@ -3,7 +3,7 @@
pkgname=unzip
pkgver=6.0
_pkgver=${pkgver//./}
-pkgrel=4
+pkgrel=5
pkgdesc="Extract PKZIP-compatible .zip files"
url="http://www.info-zip.org/UnZip.html"
arch="all"
@@ -11,7 +11,7 @@ license="custom"
subpackages="$pkgname-doc"
options="!check"
# normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip
-source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz
+source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz
10-unzip-handle-pkware-verify.patch
20-unzip-uidgid-fix.patch
unzip-6.0-heap-overflow-infloop.patch
@@ -22,25 +22,26 @@ source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz
CVE-2016-9844.patch
CVE-2018-1000035.patch
fix-CVE-2014-8139.patch
+ CVE-2019-13232.patch::https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch
"
builddir="$srcdir/$pkgname$_pkgver"
# secfixes:
+# 6.0-r5:
+# - CVE-2019-13232
# 6.0-r3:
-# - CVE-2014-8139
-# - CVE-2014-8140
-# - CVE-2014-8141
-# - CVE-2014-9636
-# - CVE-2014-9913
-# - CVE-2016-9844
-# - CVE-2018-1000035
+# - CVE-2014-8139
+# - CVE-2014-8140
+# - CVE-2014-8141
+# - CVE-2014-9636
+# - CVE-2014-9913
+# - CVE-2016-9844
+# - CVE-2018-1000035
# 6.0-r1:
-# - CVE-2015-7696
-# - CVE-2015-7697
+# - CVE-2015-7696
+# - CVE-2015-7697
build() {
- cd "$builddir"
-
make -f unix/Makefile \
CC="${CHOST}-gcc" \
LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \
@@ -48,11 +49,9 @@ build() {
}
package() {
- cd "$builddir"
-
make -f unix/Makefile \
- MANDIR=${pkgdir}/usr/share/man/man1/ \
- prefix=${pkgdir}/usr install
+ MANDIR=$pkgdir/usr/share/man/man1/ \
+ prefix=$pkgdir/usr install
install -Dm644 LICENSE \
"$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
@@ -67,4 +66,5 @@ b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee056
9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch
8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch
6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch
-13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch"
+13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch
+aa8dcf335c6f48c3d7f0ab6aa220b838f2a5be54ac3b8dea4729d2acfed180e51e6ca1299d96439d99bae5a0caba5e3df73558ca2ea7099d7275bfc1f0fc8c09 CVE-2019-13232.patch"