From 91e40e209481a5c5d1d66f2d5b0d328bf5c28dff Mon Sep 17 00:00:00 2001 From: Leo Date: Thu, 26 Mar 2020 15:32:37 -0300 Subject: main/unzip: fix CVE-2019-13232 --- main/unzip/APKBUILD | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'main') diff --git a/main/unzip/APKBUILD b/main/unzip/APKBUILD index 9afa36c04f..a4be378d78 100644 --- a/main/unzip/APKBUILD +++ b/main/unzip/APKBUILD @@ -3,7 +3,7 @@ pkgname=unzip pkgver=6.0 _pkgver=${pkgver//./} -pkgrel=4 +pkgrel=5 pkgdesc="Extract PKZIP-compatible .zip files" url="http://www.info-zip.org/UnZip.html" arch="all" @@ -11,7 +11,7 @@ license="custom" subpackages="$pkgname-doc" options="!check" # normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip -source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz +source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz 10-unzip-handle-pkware-verify.patch 20-unzip-uidgid-fix.patch unzip-6.0-heap-overflow-infloop.patch @@ -22,25 +22,26 @@ source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz CVE-2016-9844.patch CVE-2018-1000035.patch fix-CVE-2014-8139.patch + CVE-2019-13232.patch::https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch " builddir="$srcdir/$pkgname$_pkgver" # secfixes: +# 6.0-r5: +# - CVE-2019-13232 # 6.0-r3: -# - CVE-2014-8139 -# - CVE-2014-8140 -# - CVE-2014-8141 -# - CVE-2014-9636 -# - CVE-2014-9913 -# - CVE-2016-9844 -# - CVE-2018-1000035 +# - CVE-2014-8139 +# - CVE-2014-8140 +# - CVE-2014-8141 +# - CVE-2014-9636 +# - CVE-2014-9913 +# - CVE-2016-9844 +# - CVE-2018-1000035 # 6.0-r1: -# - CVE-2015-7696 -# - CVE-2015-7697 +# - CVE-2015-7696 +# - CVE-2015-7697 build() { - cd "$builddir" - make -f unix/Makefile \ CC="${CHOST}-gcc" \ LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \ @@ -48,11 +49,9 @@ build() { } package() { - cd "$builddir" - make -f unix/Makefile \ - MANDIR=${pkgdir}/usr/share/man/man1/ \ - prefix=${pkgdir}/usr install + MANDIR=$pkgdir/usr/share/man/man1/ \ + prefix=$pkgdir/usr install install -Dm644 LICENSE \ "$pkgdir"/usr/share/licenses/$pkgname/LICENSE } @@ -67,4 +66,5 @@ b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee056 9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch 8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch -13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch" +13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch +aa8dcf335c6f48c3d7f0ab6aa220b838f2a5be54ac3b8dea4729d2acfed180e51e6ca1299d96439d99bae5a0caba5e3df73558ca2ea7099d7275bfc1f0fc8c09 CVE-2019-13232.patch" -- cgit v1.2.3