aboutsummaryrefslogtreecommitdiffstats
path: root/main/unzip/APKBUILD
blob: fa73f78acb5d55ebc3bf2f274bf7aef7c72e1799 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=unzip
pkgver=6.0
_pkgver=${pkgver//./}
pkgrel=13
pkgdesc="Extract PKZIP-compatible .zip files"
url="http://www.info-zip.org/UnZip.html"
arch="all"
license="custom"
subpackages="$pkgname-doc"
# normally 	ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip
source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz
	08-allow-greater-hostver-values.patch
	10-unzip-handle-pkware-verify.patch
	13-remove-build-date.patch
	20-unzip-uidgid-fix.patch
	21-fix-warning-messages-on-big-files.patch
	unzip-6.0-exec-shield.patch
	unzip-6.0-format-secure.patch
	unzip-6.0-heap-overflow-infloop.patch
	unzip-6.0-timestamp.patch
	CVE-2014-8139.patch
	CVE-2014-8140.patch
	CVE-2014-8141.patch
	CVE-2014-9636.patch
	CVE-2014-9913.patch
	CVE-2016-9844.patch
	CVE-2018-1000035.patch
	CVE-2018-18384.patch
	large-symlinks.patch
	CVE-2021-4217.patch
	CVE-2022-0529-and-CVE-2022-0530.patch

	zipbomb-manpage.patch
	zipbomb-part1.patch
	zipbomb-part2.patch
	zipbomb-part3.patch
	zipbomb-part4.patch
	zipbomb-part5.patch
	zipbomb-part6.patch
	zipbomb-switch.patch
	"
builddir="$srcdir/$pkgname$_pkgver"

# secfixes:
#   6.0-r11:
#     - CVE-2021-4217
#     - CVE-2022-0529
#     - CVE-2022-0530
#   6.0-r9:
#     - CVE-2018-18384
#   6.0-r7:
#     - CVE-2019-13232
#   6.0-r3:
#     - CVE-2014-8139
#     - CVE-2014-8140
#     - CVE-2014-8141
#     - CVE-2014-9636
#     - CVE-2014-9913
#     - CVE-2016-9844
#     - CVE-2018-1000035
#   6.0-r1:
#     - CVE-2015-7696
#     - CVE-2015-7697

# failing tests
case "$CARCH" in
	arm*) options="$options !check" ;;
esac

build() {
	make -f unix/Makefile \
		CC="$CHOST-gcc" \
		LOCAL_UNZIP="$CFLAGS $CPPFLAGS -DNO_LCHMOD" \
		prefix=/usr generic
}

check() {
	make -f unix/Makefile check
}

package() {
	make -f unix/Makefile \
		MANDIR=$pkgdir/usr/share/man/man1/ \
		prefix=$pkgdir/usr install
	install -Dm644 LICENSE \
		"$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}

sha512sums="
0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d  unzip60.tgz
d2d20e546c74e64b444b9d7053bc49119666e693e6ca32dfeed35245b86cdcae4430e49736b4c19ad6c0ea34e369b6015d7084afc5a61a015c506282cf6e0f32  08-allow-greater-hostver-values.patch
9d2914f22fb0075a2b6f72825c235f46eafd8d47b6fb6fcc8303fc69336e256b15923c002d2615bb6af733344c2315e4a8504d77bae301e10c11d4736faa2c81  10-unzip-handle-pkware-verify.patch
0fbc26fa0eb1097e1c5fa5d9a7b29766a9b5a0b6c16681ea2ef093c8752940bc9c0eac08dc1420cc2cc77f9280589a323deb331ccd9c04031b96a683bebd4eac  13-remove-build-date.patch
57699582e9056af0817dcb67f8db67e6a1ff8208c137fbebcf559429e5f12b471b75d7e1ef938e5bbb5416074a51ac7342e4ce8057f4bbdcb0bf079b8d7832af  20-unzip-uidgid-fix.patch
70545de519f522b0c0f3df516b019dd248f55f3e4e107a19ade5bd1774cc25fe1d012dad5ddde5915a807352dbbe5909a92136085308d24bbde3dd1324dcc4d1  21-fix-warning-messages-on-big-files.patch
3c7f525687b198aaa8547a8b30e744f7f184943624279d5c70170d5b9bb3f0c0f27f3e69bc808dd0d144690107bc76a10c06e160bf99c54fd5684246208b7cff  unzip-6.0-exec-shield.patch
94560c730437ac2561d5e7550b91688dad1b828e1da96c9477e228e17b37e455ecdcd3a774e7db94dd902bbe12547d910602c0656b803768e5865b045d452dd7  unzip-6.0-format-secure.patch
b0b745cff474756447e699a13ff003871b33a4f7a24a91150e5a947eba5132fd90fbacf7580379fc13c5f638483b25cbc226f85b9cac9c7662b2f91927eb2bb3  unzip-6.0-heap-overflow-infloop.patch
e387dc533142f0f702c04092da297e8dfc9b51e4ec7001e6e657d93a9a0f6382b1b39196f239190b8d52b8ecfa46a965627e503aaecdab86e59272af84bbc2c6  unzip-6.0-timestamp.patch
13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550  CVE-2014-8139.patch
028a97e781fb4e277df331fd40b848bbc002f1a5ceeb40e74477cf68d2f063ac2623e24afbeddfa0456940ecc7694fdb66ecd031cbcecad63079e8427fb731c9  CVE-2014-8140.patch
3dd21343d6e5ae7d19f2b2f9cf7310eac38dd7f598e1265e247559a48143c9dbffabd9fc0d7aff6d859ec9e646e85c2b7ee00a1b1a2e23bdf96192c22c58b058  CVE-2014-8141.patch
281c524a9adb1c0f1cb861548d96115f55152c1d76adca34bbaabcca410c5aaf5dd53d99360d7ea8ee9d0ab9eb62031cb40c5de4b5ecfd91535ac178cd3e7098  CVE-2014-9636.patch
9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6  CVE-2014-9913.patch
8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c  CVE-2016-9844.patch
6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7  CVE-2018-1000035.patch
1edd66fbca3cfbfad7b19db0b1564b93f13b27b10ff157cf9907228184b56f1f4c87c2dd2a09afc1307ee86622f3aaeea46f8336c249249c8452304cf4d25272  CVE-2018-18384.patch
d1ea86ee591e6d73853798bfcafb368338129a698a65732715b5bff36a5f8c242de42b8d2ef87cd8c41c8cd271780bd9efcc664d7f9b4261a6f10b1c4a8cf792  large-symlinks.patch
bb54397ac6f84c9eae012b9e782f768ac4c715e20f2060e7b17b1770921cd6edb31adde9ebd6d9b735f935d6dc08daa751115fd817390a3942bb84b80f38d489  CVE-2021-4217.patch
bff17d21399a2189ed497602a735eab55746a17e6d414d843068c0374ae09d8d5958c00731e9f35dbfbce6ec9f802cb83d1e7436363392a36a2e34b724d0d71c  CVE-2022-0529-and-CVE-2022-0530.patch
cb51b1ff5c1bc4a3acc8d4bb60c92cd74dec1b76799f00f542e793b1407964c00cfbda8153703e40a64d1cf89705d6ba16a4c11e7ca9a304eb3a14355546e5eb  zipbomb-manpage.patch
4f940afa1f6628a47faf6eb13116eab384bda05c841b0b286b18cafad9c4b567ef332a301b8fbdf07259acdf8f6bdb452487e086bce2a3f092daa4e9d9daefa6  zipbomb-part1.patch
e20e97722e0daf48b97df540added603325d356c6597634afd694af3972bb62952dd0f92c10d98f8c9f28eb9d089f6f5b022e0beb8c6224e32fd2cfaadffa200  zipbomb-part2.patch
7e11e29dde260f0245bc25eeb811d794515d1c523b42ea6004c7c6a2eda19b9de4dd7a8ecc03e5ff7d376e28a96c6f1b2b922d6b8b3963a9e4746231f3c257f4  zipbomb-part3.patch
27d45a25a6a51415af609a4fdefcb7c95a1105d511a6e18e2a7464e9d3773ba2ccb25f138a3cc6ddc6e5e9c558b633ee60d273cebf562c2a7d1e99d3f229d1ba  zipbomb-part4.patch
48875d7e08d669637e26a7e800f8b2a3812d477e6f249c8d4962fdf93ba6d346f5b22b83d82cb65317b506dff84c441d42c0fe7d1c042a065619d39bdf25fdd0  zipbomb-part5.patch
a788d57fe0fb9ae6106381d2a8fe566aa35bb037012139dc7c283fe5eb316056835dffa9ea9778c15a5b39e50a75329a135a0dffdfc6a53d575ef2013b1d478a  zipbomb-part6.patch
d86aba51101fdbe855c35f034d33d65a79c5c707d01de4709619f5d1316185777048b72c293f9506186677bcecf54a808e106ad59bb36835ef80615641c85d63  zipbomb-switch.patch
"