From d915f70f743099d8a61f59aa237a1391ea5f57c1 Mon Sep 17 00:00:00 2001 From: Luca Ceresoli Date: Sat, 17 Sep 2022 15:56:26 +0200 Subject: [PATCH] package/unzip: update security patches from Debian Fixes CVE-2022-0529 and CVE-2022-0530. Signed-off-by: Luca Ceresoli Signed-off-by: Thomas Petazzoni (cherry picked from commit 7c39958ba1ad9f0b760c72004ceb445e72d7ef86) Signed-off-by: Peter Korsgaard --- package/unzip/unzip.hash | 2 +- package/unzip/unzip.mk | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/package/unzip/unzip.hash b/package/unzip/unzip.hash index 8b3f275533..bbf4f7d71f 100644 --- a/package/unzip/unzip.hash +++ b/package/unzip/unzip.hash @@ -1,6 +1,6 @@ # From https://snapshot.debian.org/archive/debian/20210110T204103Z/pool/main/u/unzip/unzip_6.0-26.dsc sha256 036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37 unzip_6.0.orig.tar.gz -sha256 88cb7c0f1fd13252b662dfd224b64b352f9e75cd86389557fcb23fa6d2638599 unzip_6.0-26.debian.tar.xz +sha256 67bde7c71d52afd61aa936d4415c8d12fd90ca26e9637a3cd67cae9b71298c12 unzip_6.0-27.debian.tar.xz # Locally computed: sha256 7469b81d5d29ac4fd670f7c86ba0cb9fa34f137a2d4d5198437d92ddf918984b LICENSE diff --git a/package/unzip/unzip.mk b/package/unzip/unzip.mk index e8c9366a1b..44cc2013fb 100644 --- a/package/unzip/unzip.mk +++ b/package/unzip/unzip.mk @@ -6,13 +6,13 @@ UNZIP_VERSION = 6.0 UNZIP_SOURCE = unzip_$(UNZIP_VERSION).orig.tar.gz -UNZIP_PATCH = unzip_$(UNZIP_VERSION)-26.debian.tar.xz -UNZIP_SITE = https://snapshot.debian.org/archive/debian/20210110T204103Z/pool/main/u/unzip +UNZIP_PATCH = unzip_$(UNZIP_VERSION)-27.debian.tar.xz +UNZIP_SITE = https://snapshot.debian.org/archive/debian/20220916T090657Z/pool/main/u/unzip UNZIP_LICENSE = Info-ZIP UNZIP_LICENSE_FILES = LICENSE UNZIP_CPE_ID_VENDOR = unzip_project -# unzip_$(UNZIP_VERSION)-26.debian.tar.xz has patches to fix: +# unzip_$(UNZIP_VERSION)-27.debian.tar.xz has patches to fix: UNZIP_IGNORE_CVES = \ CVE-2014-8139 \ CVE-2014-8140 \ @@ -24,6 +24,8 @@ UNZIP_IGNORE_CVES = \ CVE-2016-9844 \ CVE-2018-18384 \ CVE-2018-1000035 \ - CVE-2019-13232 + CVE-2019-13232 \ + CVE-2022-0529 \ + CVE-2022-0530 $(eval $(cmake-package))