NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f10dec399e
kumquat-buildroot/package/unzip/unzip.mk
Sébastien Szymanski 009c59a261 package/unzip: update security and bug fix patches from Debian 
Fix the URL and add three new patches. Quoting changelog [1]:

unzip (6.0-24) unstable; urgency=medium

  * Apply two patches by Mark Adler:
  - Fix bug in undefer_input() that misplaced the input state.
  - Detect and reject a zip bomb using overlapped entries. Closes: #931433.
    Bug discovered by David Fifield. For reference, this is CVE-2019-13232.

 -- Santiago Vila <sanvila@debian.org>  Thu, 11 Jul 2019 18:03:34 +0200

unzip (6.0-23) unstable; urgency=medium

  * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
    Thanks to David Fifield for the report. Closes: #929502.

 -- Santiago Vila <sanvila@debian.org>  Wed, 29 May 2019 00:24:08 +0200

[1] https://sources.debian.org/data/main/u/unzip/6.0-24/debian/changelog

Signed-off-by: Sébastien Szymanski <sebastien.szymanski@armadeus.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-07-14 15:04:08 +02:00

32 lines
2.1 KiB
Makefile
Raw Blame History

################################################################################
#
# unzip
#
################################################################################
UNZIP_VERSION = 60
UNZIP_SOURCE = unzip$(UNZIP_VERSION).tgz
UNZIP_SITE = ftp://ftp.info-zip.org/pub/infozip/src
UNZIP_LICENSE = Info-ZIP
UNZIP_LICENSE_FILES = LICENSE
UNZIP_PATCH = \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/07-increase-size-of-cfactorstr.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/08-allow-greater-hostver-values.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/09-cve-2014-8139-crc-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/10-cve-2014-8140-test-compr-eb.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/11-cve-2014-8141-getzip64data.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/12-cve-2014-9636-test-compr-eb.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/14-cve-2015-7696.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/15-cve-2015-7697.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/16-fix-integer-underflow-csiz-decrypted.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/17-restore-unix-timestamps-accurately.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/18-cve-2014-9913-unzip-buffer-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/19-cve-2016-9844-zipinfo-buffer-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/21-fix-warning-messages-on-big-files.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/22-cve-2019-13232-fix-bug-in-undefer-input.patch \
https://sources.debian.org/data/main/u/unzip/6.0-24/debian/patches/23-cve-2019-13232-zip-bomb-with-overlapped-entries.patch
$(eval $(cmake-package))
Reference in New Issue View Git Blame Copy Permalink