summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--system/unzip/APKBUILD16
-rw-r--r--system/unzip/cflags.patch20
-rw-r--r--system/unzip/format-secure.patch93
-rw-r--r--system/unzip/unzipsfx-bomb-32bit.patch14
4 files changed, 139 insertions, 4 deletions
diff --git a/system/unzip/APKBUILD b/system/unzip/APKBUILD
index ea8f7e6fa..9b3f696f3 100644
--- a/system/unzip/APKBUILD
+++ b/system/unzip/APKBUILD
@@ -5,7 +5,7 @@ pkgname=unzip
pkgver=6.0
_pkgver=$(printf '%s' "$pkgver" | tr -d .)
_debver=25
-pkgrel=4
+pkgrel=5
pkgdesc="Extract PKZIP-compatible .zip files"
url="http://www.info-zip.org/UnZip.html"
arch="all"
@@ -14,6 +14,9 @@ subpackages="$pkgname-doc"
# normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip
source="$pkgname-$pkgver.tgz::https://distfiles.adelielinux.org/source/$pkgname$_pkgver.tgz
http://deb.debian.org/debian/pool/main/u/unzip/unzip_$pkgver-$_debver.debian.tar.xz
+ cflags.patch
+ format-secure.patch
+ unzipsfx-bomb-32bit.patch
"
builddir="$srcdir/$pkgname$_pkgver"
@@ -30,17 +33,19 @@ builddir="$srcdir/$pkgname$_pkgver"
# - CVE-2019-13232
prepare() {
- default_prepare
+ cd "$builddir"
while read -r i; do
msg "$i"
patch -p1 -i "../debian/patches/$i"
done < ../debian/patches/series
+ default_prepare
}
build() {
make -f unix/Makefile \
CC="${CHOST}-gcc" \
- LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \
+ LOCAL_UNZIP="${CFLAGS} ${CPPFLAGS}" \
+ STRIP=: \
prefix=/usr generic
}
@@ -57,4 +62,7 @@ package() {
}
sha512sums="0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d unzip-6.0.tgz
-13c16db420fa4a34be3090a9acdd79b01320da40ac5aa89a9dfca03e64b914b28eb72aff3882d02a8197457bcb8eeb9473c998cf6920e511883c9289a949fb21 unzip_6.0-25.debian.tar.xz"
+13c16db420fa4a34be3090a9acdd79b01320da40ac5aa89a9dfca03e64b914b28eb72aff3882d02a8197457bcb8eeb9473c998cf6920e511883c9289a949fb21 unzip_6.0-25.debian.tar.xz
+029447a48972234e60c6b45c58b01dbe411594b1ffe0db00d028810b0bcfa7244dcc89f765e1ee6e8805ba2d2db9bc1d05a1e30ef0d9dd08d33ff6f04af811ab cflags.patch
+4bdf55937a181d496261a8f426a97d63844ba96f23beea7906c5e4f7064f55c188ee5ec3ae2d6f2011b5f26b6ac0941dcffb83c06370ed9648b2262917cde64d format-secure.patch
+81777dfa1ad707046b238fa9205f8be0f48363f0f23bc0d2d83b67b143ceeba6818cc11058355195a03432cdd6ed4f392202ff3029e14d4b1435c9e2cb5ca6bf unzipsfx-bomb-32bit.patch"
diff --git a/system/unzip/cflags.patch b/system/unzip/cflags.patch
new file mode 100644
index 000000000..f85192155
--- /dev/null
+++ b/system/unzip/cflags.patch
@@ -0,0 +1,20 @@
+--- unzip60/unix/configure 2009-04-16 14:25:12.000000000 -0500
++++ unzip60/unix/configure 2020-06-13 22:59:57.259771113 -0500
+@@ -17,7 +17,7 @@ CFLAGSR=${CFLAGS}
+ IZ_BZIP2=${3}
+ CFLAGS="${CFLAGS} -I. -DUNIX"
+ LFLAGS1=""
+-LFLAGS2="-s"
++LFLAGS2=""
+ LN="ln -s"
+
+ CFLAGS_OPT=''
+@@ -130,6 +130,8 @@ _EOF_
+ fi
+ fi
+
++CFLAGS_OPT=""
++
+ # optimization flags
+ if test -n "${CFLAGS_OPT}"; then
+ CFLAGSR="${CFLAGSR} ${CFLAGS_OPT}"
diff --git a/system/unzip/format-secure.patch b/system/unzip/format-secure.patch
new file mode 100644
index 000000000..5b766f31d
--- /dev/null
+++ b/system/unzip/format-secure.patch
@@ -0,0 +1,93 @@
+Cherry picked from Fedora
+https://src.fedoraproject.org/rpms/unzip/blob/874f1688f1662bb3baf76021969277cafeea6ea8/f/unzip-6.0-format-secure.patch
+
+diff --git a/extract.c b/extract.c
+index eeb2f57..a0a4929 100644
+--- a/extract.c
++++ b/extract.c
+@@ -472,8 +472,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
+ */
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1));
+- Info(slide, 0x401, ((char *)slide,
+- LoadFarString(ReportMsg)));
++ Info(slide, 0x401,
++ ((char *)slide,"%s", LoadFarString(ReportMsg)));
+ error_in_archive = PK_BADERR;
+ }
+ reached_end = TRUE; /* ...so no more left to do */
+@@ -752,8 +752,8 @@ int extract_or_test_files(__G) /* return PK-type error code */
+
+ #ifndef SFX
+ if (no_endsig_found) { /* just to make sure */
+- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+- Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg)));
++ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
++ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(ReportMsg)));
+ if (!error_in_archive) /* don't overwrite stronger error */
+ error_in_archive = PK_WARN;
+ }
+diff --git a/list.c b/list.c
+index 15e0011..f7359c3 100644
+--- a/list.c
++++ b/list.c
+@@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */
+ Info(slide, 0x401,
+ ((char *)slide, LoadFarString(CentSigMsg), j));
+ Info(slide, 0x401,
+- ((char *)slide, LoadFarString(ReportMsg)));
++ ((char *)slide,"%s", LoadFarString(ReportMsg)));
+ return PK_BADERR; /* sig not found */
+ }
+ }
+@@ -507,7 +507,8 @@ int list_files(__G) /* return PK-type error code */
+ && (!G.ecrec.is_zip64_archive)
+ && (memcmp(G.sig, end_central_sig, 4) != 0)
+ ) { /* just to make sure again */
+- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
++ Info(slide, 0x401,
++ ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+ error_in_archive = PK_WARN; /* didn't find sig */
+ }
+
+@@ -591,7 +592,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */
+ Info(slide, 0x401,
+ ((char *)slide, LoadFarString(CentSigMsg), j));
+ Info(slide, 0x401,
+- ((char *)slide, LoadFarString(ReportMsg)));
++ ((char *)slide,"%s", LoadFarString(ReportMsg)));
+ return PK_BADERR; /* sig not found */
+ }
+ }
+@@ -674,7 +675,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */
+ ---------------------------------------------------------------------------*/
+
+ if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */
+- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
++ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+ error_in_archive = PK_WARN;
+ }
+ if (*nmember == 0L && error_in_archive <= PK_WARN)
+diff --git a/zipinfo.c b/zipinfo.c
+index 6e22cc8..ac5c61b 100644
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -771,7 +771,7 @@ int zipinfo(__G) /* return PK-type error code */
+ Info(slide, 0x401,
+ ((char *)slide, LoadFarString(CentSigMsg), j));
+ Info(slide, 0x401,
+- ((char *)slide, LoadFarString(ReportMsg)));
++ ((char *)slide,"%s", LoadFarString(ReportMsg)));
+ error_in_archive = PK_BADERR; /* sig not found */
+ break;
+ }
+@@ -960,7 +960,8 @@ int zipinfo(__G) /* return PK-type error code */
+ && (!G.ecrec.is_zip64_archive)
+ && (memcmp(G.sig, end_central_sig, 4) != 0)
+ ) { /* just to make sure again */
+- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
++ Info(slide, 0x401,
++ ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+ error_in_archive = PK_WARN; /* didn't find sig */
+ }
+
diff --git a/system/unzip/unzipsfx-bomb-32bit.patch b/system/unzip/unzipsfx-bomb-32bit.patch
new file mode 100644
index 000000000..f834a919b
--- /dev/null
+++ b/system/unzip/unzipsfx-bomb-32bit.patch
@@ -0,0 +1,14 @@
+Explicitly cast literal 0 to the expected bound_t type because K&R C is
+awful.
+
+--- unzip60/extract.c 2020-06-13 22:51:33.799778287 -0500
++++ unzip60/extract.c 2020-06-14 00:00:50.669719055 -0500
+@@ -520,7 +520,7 @@ int extract_or_test_files(__G) /* ret
+ return PK_MEM;
+ }
+ if ((G.extra_bytes != 0 &&
+- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
++ cover_add((cover_t *)G.cover, (bound_t)0, G.extra_bytes) != 0) ||
+ (G.ecrec.have_ecr64 &&
+ cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
+ G.ecrec.ec64_end) != 0) ||