diff options
-rw-r--r-- | system/unzip/APKBUILD | 16 | ||||
-rw-r--r-- | system/unzip/cflags.patch | 20 | ||||
-rw-r--r-- | system/unzip/format-secure.patch | 93 | ||||
-rw-r--r-- | system/unzip/unzipsfx-bomb-32bit.patch | 14 |
4 files changed, 139 insertions, 4 deletions
diff --git a/system/unzip/APKBUILD b/system/unzip/APKBUILD index ea8f7e6fa..9b3f696f3 100644 --- a/system/unzip/APKBUILD +++ b/system/unzip/APKBUILD @@ -5,7 +5,7 @@ pkgname=unzip pkgver=6.0 _pkgver=$(printf '%s' "$pkgver" | tr -d .) _debver=25 -pkgrel=4 +pkgrel=5 pkgdesc="Extract PKZIP-compatible .zip files" url="http://www.info-zip.org/UnZip.html" arch="all" @@ -14,6 +14,9 @@ subpackages="$pkgname-doc" # normally ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip source="$pkgname-$pkgver.tgz::https://distfiles.adelielinux.org/source/$pkgname$_pkgver.tgz http://deb.debian.org/debian/pool/main/u/unzip/unzip_$pkgver-$_debver.debian.tar.xz + cflags.patch + format-secure.patch + unzipsfx-bomb-32bit.patch " builddir="$srcdir/$pkgname$_pkgver" @@ -30,17 +33,19 @@ builddir="$srcdir/$pkgname$_pkgver" # - CVE-2019-13232 prepare() { - default_prepare + cd "$builddir" while read -r i; do msg "$i" patch -p1 -i "../debian/patches/$i" done < ../debian/patches/series + default_prepare } build() { make -f unix/Makefile \ CC="${CHOST}-gcc" \ - LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \ + LOCAL_UNZIP="${CFLAGS} ${CPPFLAGS}" \ + STRIP=: \ prefix=/usr generic } @@ -57,4 +62,7 @@ package() { } sha512sums="0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d unzip-6.0.tgz -13c16db420fa4a34be3090a9acdd79b01320da40ac5aa89a9dfca03e64b914b28eb72aff3882d02a8197457bcb8eeb9473c998cf6920e511883c9289a949fb21 unzip_6.0-25.debian.tar.xz" +13c16db420fa4a34be3090a9acdd79b01320da40ac5aa89a9dfca03e64b914b28eb72aff3882d02a8197457bcb8eeb9473c998cf6920e511883c9289a949fb21 unzip_6.0-25.debian.tar.xz +029447a48972234e60c6b45c58b01dbe411594b1ffe0db00d028810b0bcfa7244dcc89f765e1ee6e8805ba2d2db9bc1d05a1e30ef0d9dd08d33ff6f04af811ab cflags.patch +4bdf55937a181d496261a8f426a97d63844ba96f23beea7906c5e4f7064f55c188ee5ec3ae2d6f2011b5f26b6ac0941dcffb83c06370ed9648b2262917cde64d format-secure.patch +81777dfa1ad707046b238fa9205f8be0f48363f0f23bc0d2d83b67b143ceeba6818cc11058355195a03432cdd6ed4f392202ff3029e14d4b1435c9e2cb5ca6bf unzipsfx-bomb-32bit.patch" diff --git a/system/unzip/cflags.patch b/system/unzip/cflags.patch new file mode 100644 index 000000000..f85192155 --- /dev/null +++ b/system/unzip/cflags.patch @@ -0,0 +1,20 @@ +--- unzip60/unix/configure 2009-04-16 14:25:12.000000000 -0500 ++++ unzip60/unix/configure 2020-06-13 22:59:57.259771113 -0500 +@@ -17,7 +17,7 @@ CFLAGSR=${CFLAGS} + IZ_BZIP2=${3} + CFLAGS="${CFLAGS} -I. -DUNIX" + LFLAGS1="" +-LFLAGS2="-s" ++LFLAGS2="" + LN="ln -s" + + CFLAGS_OPT='' +@@ -130,6 +130,8 @@ _EOF_ + fi + fi + ++CFLAGS_OPT="" ++ + # optimization flags + if test -n "${CFLAGS_OPT}"; then + CFLAGSR="${CFLAGSR} ${CFLAGS_OPT}" diff --git a/system/unzip/format-secure.patch b/system/unzip/format-secure.patch new file mode 100644 index 000000000..5b766f31d --- /dev/null +++ b/system/unzip/format-secure.patch @@ -0,0 +1,93 @@ +Cherry picked from Fedora +https://src.fedoraproject.org/rpms/unzip/blob/874f1688f1662bb3baf76021969277cafeea6ea8/f/unzip-6.0-format-secure.patch + +diff --git a/extract.c b/extract.c +index eeb2f57..a0a4929 100644 +--- a/extract.c ++++ b/extract.c +@@ -472,8 +472,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + */ + Info(slide, 0x401, ((char *)slide, + LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1)); +- Info(slide, 0x401, ((char *)slide, +- LoadFarString(ReportMsg))); ++ Info(slide, 0x401, ++ ((char *)slide,"%s", LoadFarString(ReportMsg))); + error_in_archive = PK_BADERR; + } + reached_end = TRUE; /* ...so no more left to do */ +@@ -752,8 +752,8 @@ int extract_or_test_files(__G) /* return PK-type error code */ + + #ifndef SFX + if (no_endsig_found) { /* just to make sure */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); +- Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg))); ++ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(ReportMsg))); + if (!error_in_archive) /* don't overwrite stronger error */ + error_in_archive = PK_WARN; + } +diff --git a/list.c b/list.c +index 15e0011..f7359c3 100644 +--- a/list.c ++++ b/list.c +@@ -181,7 +181,7 @@ int list_files(__G) /* return PK-type error code */ + Info(slide, 0x401, + ((char *)slide, LoadFarString(CentSigMsg), j)); + Info(slide, 0x401, +- ((char *)slide, LoadFarString(ReportMsg))); ++ ((char *)slide,"%s", LoadFarString(ReportMsg))); + return PK_BADERR; /* sig not found */ + } + } +@@ -507,7 +507,8 @@ int list_files(__G) /* return PK-type error code */ + && (!G.ecrec.is_zip64_archive) + && (memcmp(G.sig, end_central_sig, 4) != 0) + ) { /* just to make sure again */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ++ ((char *)slide,"%s", LoadFarString(EndSigMsg))); + error_in_archive = PK_WARN; /* didn't find sig */ + } + +@@ -591,7 +592,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ + Info(slide, 0x401, + ((char *)slide, LoadFarString(CentSigMsg), j)); + Info(slide, 0x401, +- ((char *)slide, LoadFarString(ReportMsg))); ++ ((char *)slide,"%s", LoadFarString(ReportMsg))); + return PK_BADERR; /* sig not found */ + } + } +@@ -674,7 +675,7 @@ int get_time_stamp(__G__ last_modtime, nmember) /* return PK-type error code */ + ---------------------------------------------------------------------------*/ + + if (memcmp(G.sig, end_central_sig, 4)) { /* just to make sure again */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg))); + error_in_archive = PK_WARN; + } + if (*nmember == 0L && error_in_archive <= PK_WARN) +diff --git a/zipinfo.c b/zipinfo.c +index 6e22cc8..ac5c61b 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -771,7 +771,7 @@ int zipinfo(__G) /* return PK-type error code */ + Info(slide, 0x401, + ((char *)slide, LoadFarString(CentSigMsg), j)); + Info(slide, 0x401, +- ((char *)slide, LoadFarString(ReportMsg))); ++ ((char *)slide,"%s", LoadFarString(ReportMsg))); + error_in_archive = PK_BADERR; /* sig not found */ + break; + } +@@ -960,7 +960,8 @@ int zipinfo(__G) /* return PK-type error code */ + && (!G.ecrec.is_zip64_archive) + && (memcmp(G.sig, end_central_sig, 4) != 0) + ) { /* just to make sure again */ +- Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg))); ++ Info(slide, 0x401, ++ ((char *)slide,"%s", LoadFarString(EndSigMsg))); + error_in_archive = PK_WARN; /* didn't find sig */ + } + diff --git a/system/unzip/unzipsfx-bomb-32bit.patch b/system/unzip/unzipsfx-bomb-32bit.patch new file mode 100644 index 000000000..f834a919b --- /dev/null +++ b/system/unzip/unzipsfx-bomb-32bit.patch @@ -0,0 +1,14 @@ +Explicitly cast literal 0 to the expected bound_t type because K&R C is +awful. + +--- unzip60/extract.c 2020-06-13 22:51:33.799778287 -0500 ++++ unzip60/extract.c 2020-06-14 00:00:50.669719055 -0500 +@@ -520,7 +520,7 @@ int extract_or_test_files(__G) /* ret + return PK_MEM; + } + if ((G.extra_bytes != 0 && +- cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) || ++ cover_add((cover_t *)G.cover, (bound_t)0, G.extra_bytes) != 0) || + (G.ecrec.have_ecr64 && + cover_add((cover_t *)G.cover, G.ecrec.ec64_start, + G.ecrec.ec64_end) != 0) || |