diff options
author | Leo <thinkabit.ukim@gmail.com> | 2020-03-26 15:32:37 -0300 |
---|---|---|
committer | Leo <thinkabit.ukim@gmail.com> | 2020-03-26 17:11:50 -0300 |
commit | f9323c22d56bf68412789c47e0ba4b429feeea7f (patch) | |
tree | a64fb786cc84958dfe60827f39efa302377e46a5 | |
parent | a80261c4dde42201d0c53b6f7297c02b2b441827 (diff) | |
download | alpine_aports-f9323c22d56bf68412789c47e0ba4b429feeea7f.tar.bz2 alpine_aports-f9323c22d56bf68412789c47e0ba4b429feeea7f.tar.xz alpine_aports-f9323c22d56bf68412789c47e0ba4b429feeea7f.zip |
main/unzip: fix CVE-2019-13232
-rw-r--r-- | main/unzip/APKBUILD | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/main/unzip/APKBUILD b/main/unzip/APKBUILD index 9afa36c04f..a4be378d78 100644 --- a/main/unzip/APKBUILD +++ b/main/unzip/APKBUILD | |||
@@ -3,7 +3,7 @@ | |||
3 | pkgname=unzip | 3 | pkgname=unzip |
4 | pkgver=6.0 | 4 | pkgver=6.0 |
5 | _pkgver=${pkgver//./} | 5 | _pkgver=${pkgver//./} |
6 | pkgrel=4 | 6 | pkgrel=5 |
7 | pkgdesc="Extract PKZIP-compatible .zip files" | 7 | pkgdesc="Extract PKZIP-compatible .zip files" |
8 | url="http://www.info-zip.org/UnZip.html" | 8 | url="http://www.info-zip.org/UnZip.html" |
9 | arch="all" | 9 | arch="all" |
@@ -11,7 +11,7 @@ license="custom" | |||
11 | subpackages="$pkgname-doc" | 11 | subpackages="$pkgname-doc" |
12 | options="!check" | 12 | options="!check" |
13 | # normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip | 13 | # normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip |
14 | source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz | 14 | source="https://dev.alpinelinux.org/archive/unzip/unzip$_pkgver.tgz |
15 | 10-unzip-handle-pkware-verify.patch | 15 | 10-unzip-handle-pkware-verify.patch |
16 | 20-unzip-uidgid-fix.patch | 16 | 20-unzip-uidgid-fix.patch |
17 | unzip-6.0-heap-overflow-infloop.patch | 17 | unzip-6.0-heap-overflow-infloop.patch |
@@ -22,25 +22,26 @@ source="https://dev.alpinelinux.org/archive/unzip/$pkgname$_pkgver.tgz | |||
22 | CVE-2016-9844.patch | 22 | CVE-2016-9844.patch |
23 | CVE-2018-1000035.patch | 23 | CVE-2018-1000035.patch |
24 | fix-CVE-2014-8139.patch | 24 | fix-CVE-2014-8139.patch |
25 | CVE-2019-13232.patch::https://github.com/madler/unzip/commit/47b3ceae397d21bf822bc2ac73052a4b1daf8e1c.patch | ||
25 | " | 26 | " |
26 | builddir="$srcdir/$pkgname$_pkgver" | 27 | builddir="$srcdir/$pkgname$_pkgver" |
27 | 28 | ||
28 | # secfixes: | 29 | # secfixes: |
30 | # 6.0-r5: | ||
31 | # - CVE-2019-13232 | ||
29 | # 6.0-r3: | 32 | # 6.0-r3: |
30 | # - CVE-2014-8139 | 33 | # - CVE-2014-8139 |
31 | # - CVE-2014-8140 | 34 | # - CVE-2014-8140 |
32 | # - CVE-2014-8141 | 35 | # - CVE-2014-8141 |
33 | # - CVE-2014-9636 | 36 | # - CVE-2014-9636 |
34 | # - CVE-2014-9913 | 37 | # - CVE-2014-9913 |
35 | # - CVE-2016-9844 | 38 | # - CVE-2016-9844 |
36 | # - CVE-2018-1000035 | 39 | # - CVE-2018-1000035 |
37 | # 6.0-r1: | 40 | # 6.0-r1: |
38 | # - CVE-2015-7696 | 41 | # - CVE-2015-7696 |
39 | # - CVE-2015-7697 | 42 | # - CVE-2015-7697 |
40 | 43 | ||
41 | build() { | 44 | build() { |
42 | cd "$builddir" | ||
43 | |||
44 | make -f unix/Makefile \ | 45 | make -f unix/Makefile \ |
45 | CC="${CHOST}-gcc" \ | 46 | CC="${CHOST}-gcc" \ |
46 | LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \ | 47 | LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \ |
@@ -48,11 +49,9 @@ build() { | |||
48 | } | 49 | } |
49 | 50 | ||
50 | package() { | 51 | package() { |
51 | cd "$builddir" | ||
52 | |||
53 | make -f unix/Makefile \ | 52 | make -f unix/Makefile \ |
54 | MANDIR=${pkgdir}/usr/share/man/man1/ \ | 53 | MANDIR=$pkgdir/usr/share/man/man1/ \ |
55 | prefix=${pkgdir}/usr install | 54 | prefix=$pkgdir/usr install |
56 | install -Dm644 LICENSE \ | 55 | install -Dm644 LICENSE \ |
57 | "$pkgdir"/usr/share/licenses/$pkgname/LICENSE | 56 | "$pkgdir"/usr/share/licenses/$pkgname/LICENSE |
58 | } | 57 | } |
@@ -67,4 +66,5 @@ b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee056 | |||
67 | 9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch | 66 | 9a62286acdbd5bf5f679d813017b93c25bdb06edaf48b2b53d3281ce3c30587158a777b07457c574d72350499f786dac6b4493092d7e08c17c07cb65ecc513b6 CVE-2014-9913.patch |
68 | 8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch | 67 | 8c4a4313072ff0d87eadb0f5472eb48f2802b835dd282305811a96de87a41fed48be60fbdd434e6b6359418f0559f7793deaa1d68161a0c0ead9f8574bb9f14c CVE-2016-9844.patch |
69 | 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch | 68 | 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 CVE-2018-1000035.patch |
70 | 13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch" | 69 | 13f9c54fcdde478c4afe391c8e7ef9c31b03228aaace5da38382612951cbfd60710fd3d931569297953be32b2c5906715aed4b1c05e28cc8fccbb27f38b57550 fix-CVE-2014-8139.patch |
70 | aa8dcf335c6f48c3d7f0ab6aa220b838f2a5be54ac3b8dea4729d2acfed180e51e6ca1299d96439d99bae5a0caba5e3df73558ca2ea7099d7275bfc1f0fc8c09 CVE-2019-13232.patch" | ||