# Buildsheet autogenerated by ravenadm tool -- Do not edit. NAMEBASE= zip VERSION= 3.0 REVISION= 3 KEYWORDS= archivers VARIANTS= std SDESC[std]= Archiver compatible with PKZIP HOMEPAGE= https://infozip.sourceforge.net/Zip.html CONTACT= Michael_Reim[kraileth@elderlinux.org] DOWNLOAD_GROUPS= main SITES[main]= SF/infozip/Zip%203.x%20%28latest%29/3.0 DISTFILE[1]= zip30.tar.gz:main DF_INDEX= 1 SPKGS[std]= set primary man OPTIONS_AVAILABLE= none OPTIONS_STANDARD= none USES= cpe DISTNAME= zip30 LICENSE= CUSTOM1:primary LICENSE_NAME= CUSTOM1:"Info-ZIP license" LICENSE_FILE= CUSTOM1:{{WRKSRC}}/LICENSE LICENSE_SCHEME= solo CPE_VENDOR= info-zip_project FPC_EQUIVALENT= archivers/zip BUILD_TARGET= generic MAKEFILE= unix/Makefile CVE_FIXED= CVE-2018-13410 post-patch: ${REINPLACE_CMD} -e \ "s|prefix = /usr/local|prefix = ${STAGEDIR}${PREFIX}|" \ ${WRKSRC}/unix/Makefile ${REINPLACE_CMD} -e "s|man/man|share/man/man|" ${WRKSRC}/unix/Makefile post-stage: ${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/* [FILE:188:descriptions/desc.primary] Info-Zip is a compression and file packaging/archive utility. It claims high compatibility with the original DOS tool known as PKZIP but has also been improved and extended quite a bit. [FILE:91:distinfo] f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369 1118845 zip30.tar.gz [FILE:39:manifests/plist.primary] bin/ zip zipcloak zipnote zipsplit [FILE:58:manifests/plist.man] share/man/man1/ zip.1 zipcloak.1 zipnote.1 zipsplit.1 [FILE:719:patches/patch-Fix-CVE-2018-13410] From dd2a5c4be6a460636b415792f02e7c8ae62f524e Mon Sep 17 00:00:00 2001 From: Hector Chen Date: Thu, 21 Feb 2019 09:32:33 +0800 Subject: [PATCH] Fix CVE-2018-13410 --- zip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- zip.c.orig 2008-07-05 16:34:06 UTC +++ zip.c @@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippat /* Replace first {} with archive name. If no {} append name to string. */ here = strstr(unzip_path, "{}"); - if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) { + if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) { ziperr(ZE_MEM, "building command string for testing archive"); } [FILE:225:patches/patch-man_zipcloak.1] --- man/zipcloak.1.orig 2008-05-08 08:18:46 UTC +++ man/zipcloak.1 @@ -12,8 +12,6 @@ zipcloak \- encrypt entries in a zipfile zipfile .SH ARGUMENTS -.in +13 -.ti -13 zipfile Zipfile to encrypt entries in .SH OPTIONS [FILE:232:patches/patch-man_zipnote.1] --- man/zipnote.1.orig 2008-05-08 08:17:56 UTC +++ man/zipnote.1 @@ -12,8 +12,6 @@ zipnote \- write the comments in zipfile zipfile .SH ARGUMENTS -.in +13 -.ti -13 zipfile Zipfile to read comments from or edit. .SH OPTIONS [FILE:213:patches/patch-man_zipsplit.1] --- man/zipsplit.1.orig 2008-05-08 08:17:48 UTC +++ man/zipsplit.1 @@ -17,8 +17,6 @@ zipsplit \- split a zipfile into smaller zipfile .SH ARGUMENTS -.in +13 -.ti -13 zipfile Zipfile to split. .SH OPTIONS [FILE:3134:patches/patch-unix_configure] Don't force compiler optimization flags. Introduce DISABLE_ASM Remove broken configure tests. Assume we have standard libc functions such as memset(3). --- unix/configure.orig 2008-06-20 03:32:20 UTC +++ unix/configure @@ -118,10 +118,6 @@ _EOF_ fi # optimization flags -if test -n "${CFLAGS_OPT}"; then - CFLAGS="${CFLAGS} ${CFLAGS_OPT}" - CFLAGS_BZ="${CFLAGS_BZ} ${CFLAGS_OPT}" -fi # bzip2 @@ -235,6 +231,7 @@ $CPP conftest.c >/dev/null 2>/dev/null | echo Check if we can use asm code OBJA="" OCRCU8="" +if [ -z "$DISABLE_ASM" ]; then if eval "$CPP match.S > _match.s 2>/dev/null"; then if test ! -s _match.s || grep error < _match.s > /dev/null; then : @@ -257,6 +254,7 @@ if eval "$CPP match.S > _match.s 2>/dev/ fi fi rm -f _match.s _match.o _crc_i386.s _crc_i386.o +fi # ANSI options for compilers that don't have __STDC__ defined by default @@ -506,86 +504,6 @@ $CC $CFLAGS -c conftest.c >/dev/null 2>/ [ $? -eq 0 ] && BFLAG="-fno-builtin" -# Check for missing functions -# add NO_'function_name' to flags if missing - -for func in rmdir strchr strrchr rename mktemp mktime mkstemp -do - echo Check for $func - echo "int main(){ $func(); return 0; }" > conftest.c - $CC $BFLAG -o conftest conftest.c >/dev/null 2>/dev/null - [ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_`echo $func | tr '[a-z]' '[A-Z]'`" -done - - -echo Check for memset -echo "int main(){ char k; memset(&k,0,0); return 0; }" > conftest.c -$CC -o conftest conftest.c >/dev/null 2>/dev/null -[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DZMEM" - - -echo Check for memmove -cat > conftest.c << _EOF_ -#include -int main() { int a; int b = 0; memmove( &a, &b, sizeof( a)); return a; } -_EOF_ -$CC -o conftest conftest.c >/dev/null 2>/dev/null -[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNEED_MEMMOVE" - - -echo Check for strerror -cat > conftest.c << _EOF_ -#include -int main() { strerror( 0); return 0; } -_EOF_ -$CC -o conftest conftest.c >/dev/null 2>/dev/null -[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNEED_STRERROR" - -echo Check for errno declaration -cat > conftest.c << _EOF_ -#include -main() -{ - errno = 0; - return 0; -} -_EOF_ -$CC $CFLAGS -c conftest.c >/dev/null 2>/dev/null -[ $? -ne 0 ] && CFLAGS="${CFLAGS} -DNO_ERRNO" - - -echo Check for directory libraries -cat > conftest.c << _EOF_ -int main() { return closedir(opendir(".")); } -_EOF_ - -$CC -o conftest conftest.c >/dev/null 2>/dev/null -if [ $? -ne 0 ]; then - OPT="" - for lib in ndir dir ucb bsd BSD PW x dirent - do - $CC -o conftest conftest.c -l$lib >/dev/null 2>/dev/null - [ $? -eq 0 ] && OPT=-l$lib && break - done - if [ ${OPT} ]; then - LFLAGS2="${LFLAGS2} ${OPT}" - else - CFLAGS="${CFLAGS} -DNO_DIR" - fi -fi - - -# Dynix/ptx 1.3 needed this - -echo Check for readlink -echo "int main(){ return readlink(); }" > conftest.c -$CC -o conftest conftest.c >/dev/null 2>/dev/null -if [ $? -ne 0 ]; then - $CC -o conftest conftest.c -lseq >/dev/null 2>/dev/null - [ $? -eq 0 ] && LFLAGS2="${LFLAGS2} -lseq" -fi - - echo Check for directory include file OPT="" for inc in dirent.h sys/ndir.h ndir.h sys/dir.h