diff options
Diffstat (limited to 'community/upx/APKBUILD')
-rw-r--r-- | community/upx/APKBUILD | 99 |
1 files changed, 34 insertions, 65 deletions
diff --git a/community/upx/APKBUILD b/community/upx/APKBUILD index b9bbaf551d8..6224bc8b5dd 100644 --- a/community/upx/APKBUILD +++ b/community/upx/APKBUILD @@ -1,21 +1,33 @@ -# Maintainer: Mitch Tishmack <mitch.tishmack@gmail.com> -# TODO: unbundle lzma-sdk +# Contributor: Mitch Tishmack <mitch.tishmack@gmail.com> +# Maintainer: Celeste <cielesti@protonmail.com> pkgname=upx -pkgver=3.96 -pkgrel=1 +pkgver=4.2.3 +pkgrel=0 pkgdesc="The Ultimate Packer for eXecutables" -url="https://upx.github.io" -arch="all !s390x !aarch64 !armhf !armv7 !mips !mips64" # Failure to build/run -license="GPL-2.0 Public-Domain" -# perl-dev is used to generate man pages -makedepends="bash perl-dev ucl-dev zlib-dev" +url="https://upx.github.io/" +# s390x, riscv64: tests fail due to unknown executable format +arch="all !s390x !riscv64" +license="GPL-2.0-or-later" +makedepends="cmake samurai" subpackages="$pkgname-doc" -source="https://github.com/upx/upx/releases/download/v$pkgver/upx-$pkgver-src.tar.xz - 0001-rm-broken-whitespace-check.patch - CVE-2021-20285.patch" +source="https://github.com/upx/upx/releases/download/v$pkgver/upx-$pkgver-src.tar.xz" builddir="$srcdir/$pkgname-$pkgver-src" # secfixes: +# 4.0.2-r0: +# - CVE-2023-23456 +# - CVE-2023-23457 +# 4.0.0-r0: +# - CVE-2020-24119 +# - CVE-2020-27796 +# - CVE-2020-27797 +# - CVE-2020-27798 +# - CVE-2020-27799 +# - CVE-2020-27800 +# - CVE-2020-27801 +# - CVE-2020-27802 +# - CVE-2021-30500 +# - CVE-2021-30501 # 3.96-r1: # - CVE-2021-20285 # 3.96-r0: @@ -25,66 +37,23 @@ builddir="$srcdir/$pkgname-$pkgver-src" # - CVE-2019-20053 build() { - make CXXFLAGS_OPTIMIZE= UPX_LZMADIR="$srcdir" all + cmake -B build -G Ninja \ + -DCMAKE_INSTALL_PREFIX=/usr \ + -DCMAKE_BUILD_TYPE=Release \ + -DUPX_CONFIG_DISABLE_WERROR=ON \ + -DUPX_CONFIG_DISABLE_SANITIZE=ON \ + -DUPX_CONFIG_DISABLE_GITREV=ON + cmake --build build } check() { - # upx -q is not quiet enough by design or broken - - local upx=src/upx.out - local out - - # first check some big dynamically-linked binary - echo "checking -pie..." - - cp -f /bin/busybox ./sh - for i in "-1" "-d"; do - $upx $i -qf sh >/dev/null - out="$(./sh -c 'echo works')" - test "x$out" = "xworks" - done - rm -f sh - - # FIXME: fix broken architectures - case "$CARCH" in - x86) return 0;; - esac - - # then check less common statically-linked binaries (PIE and non-PIE) - for v in "-static"; do # FIXME: fix "-static -no-pie" - echo "checking $v..." - - # must be compressible (i.e. big enough) so pull printf etc - $CC -o upxtest -pipe -std=c11 -pedantic -Wall $CFLAGS $LDFLAGS $v -x c - -latomic <<-EOF - #include <stdatomic.h> - #include <stdio.h> - static const atomic_llong b = ATOMIC_VAR_INIT(0x1000200030004000LL); - int main(int argc, char *argv[const]) { - atomic_llong a = ATOMIC_VAR_INIT(argc); - atomic_fetch_add(&a, b); - printf("%d,%#llx\n", argc, a); - return 0; - } - EOF - cp upxtest upxtest.orig - - for i in "-1" "-d"; do - echo "$upx $i -qf upxtest" - $upx $i -qf upxtest >/dev/null - out=$(./upxtest "") - test "x$out" = "x2,0x1000200030004002" - done - done - rm -f upxtest + ctest --test-dir build --output-on-failure } package() { - install -D -m 0755 src/upx.out "$pkgdir"/usr/bin/upx - install -D -m 0644 doc/upx.1 "$pkgdir"/usr/share/man/man1/upx.1 + DESTDIR="$pkgdir" cmake --install build } sha512sums=" -2d4d1be21d274d9bfdee9b9815396f5e5ff0bcdfb781b7be5fafa4d1e224028e412ec5f5ba607c482671aae27ccf9069abb2db0fb58f78f3a102a51897df2b11 upx-3.96-src.tar.xz -a41dd8b8e9e884c78c410a49b4486963f6dd90759ba49eb05123e81b8e4fbe3d23af2ba5c2acf64218b7edeec7df0793b4030d1375c167a183a4d70d21addf50 0001-rm-broken-whitespace-check.patch -7704462dee2e8cf13a13bd16cb388e60c04208240db4480cc236b722e0978420aaab6c6cf408f5a5f17070f23ec925d42fb950834df70b7d052c713c7fa64a5d CVE-2021-20285.patch +b9ebda5d3372132bb861e0dd035829b16e4c06900f68af182895f17975493707d78cbabc63060e581de1ce149bb5129d883f6e6abcde0413c0bf474db919f5fd upx-4.2.3-src.tar.xz " |