diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2020-03-26 15:32:37 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-26 17:11:50 -0300 |
| commit | f9323c22d56bf68412789c47e0ba4b429feeea7f (patch) | |
| tree | a64fb786cc84958dfe60827f39efa302377e46a5 | |
| parent | a80261c4dde42201d0c53b6f7297c02b2b441827 (diff) | |
| download | alpine_aports-f9323c22d56bf68412789c47e0ba4b429feeea7f.tar.bz2 alpine_aports-f9323c22d56bf68412789c47e0ba4b429feeea7f.tar.xz alpine_aports-f9323c22d56bf68412789c47e0ba4b429feeea7f.zip | |
main/unzip: fix CVE-2019-13232
| -rw-r--r-- | main/unzip/APKBUILD | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/main/unzip/APKBUILD b/main/unzip/APKBUILD index 9afa36c04f..a4be378d78 100644 --- a/main/unzip/APKBUILD +++ b/main/unzip/APKBUILD | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | pkgname=unzip | 3 | pkgname=unzip |
| 4 | pkgver=6.0 | 4 | pkgver=6.0 |
| 5 | _pkgver=${pkgver//./} | 5 | _pkgver=${pkgver//./} |
| 6 | pkgrel=4 | 6 | pkgrel=5 |
| 7 | pkgdesc="Extract PKZIP-compatible .zip files" | 7 | pkgdesc="Extract PKZIP-compatible .zip files" |
| 8 | url="http://www.info-zip.org/UnZip.html" | 8 | url="http://www.info-zip.org/UnZip.html" |
| 9 | arch="all" | 9 | arch="all" |
| @@ -11,7 +11,7 @@ license="custom" | |||
| 11 | subpackages="$pkgname-doc" | 11 | subpackages="$pkgname-doc" |
| 12 | options="!check" | 12 | options="!check" |
| 13 | # normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip | 13 | # normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip |
| 14 | source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz | 14 | source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz |
| 15 | 10-unzip-handle-pkware-verify.patch | 15 | 10-unzip-handle-pkware-verify.patch |
| 16 | 20-unzip-uidgid-fix.patch | 16 | 20-unzip-uidgid-fix.patch |
| 17 | unzip-6.0-heap-overflow-infloop.patch | 17 | unzip-6.0-heap-overflow-infloop.patch |
| @@ -22,25 +22,26 @@ source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz | |||
| 22 | CVE-2016-9844.patch | 22 | CVE-2016-9844.patch |
| 23 | CVE-2018-1000035.patch | 23 | CVE-2018-1000035.patch |
| 24 | fix-CVE-2014-8139.patch | 24 | fix-CVE-2014-8139.patch |
| 25 | CVE-2019-13232.patch::https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch | ||
| 25 | " | 26 | " |
| 26 | builddir="$srcdir/$pkgname$_pkgver" | 27 | builddir="$srcdir/$pkgname$_pkgver" |
| 27 | 28 | ||
| 28 | # secfixes: | 29 | # secfixes: |
| 30 | # 6.0-r5: | ||
| 31 | # - CVE-2019-13232 | ||
| 29 | # 6.0-r3: | 32 | # 6.0-r3: |
| 30 | # - CVE-2014-8139 | 33 | # - CVE-2014-8139 |
| 31 | # - CVE-2014-8140 | 34 | # - CVE-2014-8140 |
| 32 | # - CVE-2014-8141 | 35 | # - CVE-2014-8141 |
| 33 | # - CVE-2014-9636 | 36 | # - CVE-2014-9636 |
| 34 | # - CVE-2014-9913 | 37 | # - CVE-2014-9913 |
| 35 | # - CVE-2016-9844 | 38 | # - CVE-2016-9844 |
| 36 | # - CVE-2018-1000035 | 39 | # - CVE-2018-1000035 |
| 37 | # 6.0-r1: | 40 | # 6.0-r1: |
| 38 | # - CVE-2015-7696 | 41 | # - CVE-2015-7696 |
| 39 | # - CVE-2015-7697 | 42 | # - CVE-2015-7697 |
| 40 | 43 | ||
| 41 | build() { | 44 | build() { |
| 42 | cd "$builddir" | ||
| 43 | |||
| 44 | make -f unix/Makefile \ | 45 | make -f unix/Makefile \ |
| 45 | CC="${CHOST}-gcc" \ | 46 | CC="${CHOST}-gcc" \ |
| 46 | LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \ | 47 | LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \ |
| @@ -48,11 +49,9 @@ build() { | |||
| 48 | } | 49 | } |
| 49 | 50 | ||
| 50 | package() { | 51 | package() { |
| 51 | cd "$builddir" | ||
| 52 | |||
| 53 | make -f unix/Makefile \ | 52 | make -f unix/Makefile \ |
| 54 | MANDIR=${pkgdir}/usr/share/man/man1/ \ | 53 | MANDIR=$pkgdir/usr/share/man/man1/ \ |
| 55 | prefix=${pkgdir}/usr install | 54 | prefix=$pkgdir/usr install |
| 56 | install -Dm644 LICENSE \ | 55 | install -Dm644 LICENSE \ |
| 57 | "$pkgdir"/usr/share/licenses/$pkgname/LICENSE | 56 | "$pkgdir"/usr/share/licenses/$pkgname/LICENSE |
| 58 | } | 57 | } |
| @@ -67,4 +66,5 @@ b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee056 | |||
| 67 | 9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch | 66 | 9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch |
| 68 | 8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch | 67 | 8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch |
| 69 | 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch | 68 | 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch |
| 70 | 13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch" | 69 | 13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch |
| 70 | aa8dcf335c6f48c3d7f0ab6aa220b838f2a5be54ac3b8dea4729d2acfed180e51e6ca1299d96439d99bae5a0caba5e3df73558ca2ea7099d7275bfc1f0fc8c09 CVE-2019-13232.patch" | ||