1 files changed, 33 insertions, 12 deletions
diff --git a/system/unzip/APKBUILD b/system/unzip/APKBUILD
index aad54fa2d..88c0b76b3 100644
--- a/system/unzip/APKBUILD
+++ b/system/unzip/APKBUILD
@@ -4,37 +4,57 @@
 pkgname=unzip
 pkgver=6.0
 _pkgver=$(printf '%s' "$pkgver" | tr -d .)
-pkgrel=3
+_debver=26
+pkgrel=6
 pkgdesc="Extract PKZIP-compatible .zip files"
 url="http://www.info-zip.org/UnZip.html"
 arch="all"
 license="Info-ZIP"
 subpackages="$pkgname-doc"
 # normally     ftp://ftp.info-zip.org/pub/infozip/src/$pkgname$_pkgver.zip
+# find timestamp here: https://snapshot.debian.org/package/unzip/
 source="$pkgname-$pkgver.tgz::https://distfiles.adelielinux.org/source/$pkgname$_pkgver.tgz
-	10-unzip-handle-pkware-verify.patch
-	20-unzip-uidgid-fix.patch
-	unzip-6.0-heap-overflow-infloop.patch
+	https://snapshot.debian.org/archive/debian-debug/20210110T204103Z/pool/main/u/${pkgname}/${pkgname}_${pkgver}-${_debver}.debian.tar.xz
+	cflags.patch
+	format-secure.patch
+	unzipsfx-bomb-32bit.patch
 	"
 builddir="$srcdir/$pkgname$_pkgver"
 
-build() {
+# secfixes:
+#   6.0-r4:
+#     - CVE-2014-8139
+#     - CVE-2014-8140
+#     - CVE-2014-8141
+#     - CVE-2014-9636
+#     - CVE-2014-9913
+#     - CVE-2016-9844
+#     - CVE-2018-18384
+#     - CVE-2018-1000035
+#     - CVE-2019-13232
+
+prepare() {
 	cd "$builddir"
+	while read -r i; do
+		msg "$i"
+		patch -p1 -i "../debian/patches/$i"
+	done < ../debian/patches/series
+	default_prepare
+}
 
+build() {
 	make -f unix/Makefile \
 		CC="${CHOST}-gcc" \
-		LOCAL_ZIP="${CFLAGS} ${CPPFLAGS}" \
+		LOCAL_UNZIP="${CFLAGS} ${CPPFLAGS}" \
+		STRIP=: \
 		prefix=/usr generic
 }
 
 check() {
-	cd "$builddir"
 	make -f unix/Makefile check
 }
 
 package() {
-	cd "$builddir"
-
 	make -f unix/Makefile \
 		MANDIR=${pkgdir}/usr/share/man/man1/ \
 		prefix=${pkgdir}/usr install
@@ -43,6 +63,7 @@ package() {
 }
 
 sha512sums="0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d  unzip-6.0.tgz
-9d2914f22fb0075a2b6f72825c235f46eafd8d47b6fb6fcc8303fc69336e256b15923c002d2615bb6af733344c2315e4a8504d77bae301e10c11d4736faa2c81  10-unzip-handle-pkware-verify.patch
-57699582e9056af0817dcb67f8db67e6a1ff8208c137fbebcf559429e5f12b471b75d7e1ef938e5bbb5416074a51ac7342e4ce8057f4bbdcb0bf079b8d7832af  20-unzip-uidgid-fix.patch
-b1e3fac6a787828efaaef8ec7cc52e1573aea27a6f29830af37ec4ba8bcd2a6488c953ab10eee0561c78e82c7401833ef172bebee793405d93632ce788756301  unzip-6.0-heap-overflow-infloop.patch"
+9a56e400ad0984f87c7ee0548429349be549e35a3cae4c9acb88a8fb97a1d1fbd116cfa3292622ad8b2c67ffe79ae268861ddec1269993ba98f1a6a411b7611f  unzip_6.0-26.debian.tar.xz
+029447a48972234e60c6b45c58b01dbe411594b1ffe0db00d028810b0bcfa7244dcc89f765e1ee6e8805ba2d2db9bc1d05a1e30ef0d9dd08d33ff6f04af811ab  cflags.patch
+4bdf55937a181d496261a8f426a97d63844ba96f23beea7906c5e4f7064f55c188ee5ec3ae2d6f2011b5f26b6ac0941dcffb83c06370ed9648b2262917cde64d  format-secure.patch
+81777dfa1ad707046b238fa9205f8be0f48363f0f23bc0d2d83b67b143ceeba6818cc11058355195a03432cdd6ed4f392202ff3029e14d4b1435c9e2cb5ca6bf  unzipsfx-bomb-32bit.patch"