NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f317411f33
kumquat-buildroot/package/unzip/unzip.mk
Baruch Siach 872561cd5b package/unzip: add security and bug fix patches from Debian 
Debian bug #741384: Buffer overflow

Debian bug #744212: Buffer overflow

CVE-2014-8139: CRC32 verification heap-based overflow

CVE-2014-8140: Out-of-bounds write issue in test_compr_eb()

CVE-2014-8141: Out-of-bounds read issues in getZip64Data()

CVE-2014-9636: Heap overflow

CVE-2015-7696: Heap overflow when extracting password-protected archive

CVE-2015-7697: Infinite loop when extracting password-protected archive

Red Hat Bugzilla #1260944: Unsigned overflow on invalid input

Debian bug #842993: Do not ignore Unix Timestamps

CVE-2014-9913: Buffer overflow

CVE-2016-9844: Buffer overflow in zipinfo

CVE-2018-1000035: Buffer overflow in password protected ZIP archives

Cc: Luca Ceresoli <luca@lucaceresoli.net>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-22 14:45:04 +01:00

29 lines
1.7 KiB
Makefile
Raw Blame History

################################################################################
#
# unzip
#
################################################################################
UNZIP_VERSION = 60
UNZIP_SOURCE = unzip$(UNZIP_VERSION).tgz
UNZIP_SITE = ftp://ftp.info-zip.org/pub/infozip/src
UNZIP_LICENSE = Info-ZIP
UNZIP_LICENSE_FILES = LICENSE
UNZIP_PATCH = \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/07-increase-size-of-cfactorstr.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/08-allow-greater-hostver-values.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/09-cve-2014-8139-crc-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/10-cve-2014-8140-test-compr-eb.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/11-cve-2014-8141-getzip64data.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/12-cve-2014-9636-test-compr-eb.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/14-cve-2015-7696.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/15-cve-2015-7697.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/16-fix-integer-underflow-csiz-decrypted.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/17-restore-unix-timestamps-accurately.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/18-cve-2014-9913-unzip-buffer-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/19-cve-2016-9844-zipinfo-buffer-overflow.patch \
https://sources.debian.org/data/main/u/unzip/6.0-22/debian/patches/20-cve-2018-1000035-unzip-buffer-overflow.patch
$(eval $(cmake-package))
Reference in New Issue View Git Blame Copy Permalink