community/minizip: upgrade to 1.3.1

bcc9edb1 · Krassy Boykinov · Natanael Copa · c9225fb0 · bcc9edb1 · c9225fb0
Commit bcc9edb1 authored 1 year ago by Krassy Boykinov Committed by Natanael Copa 1 year ago
--- a/community/minizip/APKBUILD
+++ b/community/minizip/APKBUILD
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=minizip
-pkgver=1.3
-pkgrel=1
+pkgver=1.3.1
+pkgrel=0
 pkgdesc="a library for manipulation with files from .zip archives"
 arch="all"
 license="Zlib"
@@ -12,7 +12,6 @@ subpackages="$pkgname-static $pkgname-dev"
 options="!check" # No testsuite
 source="https://zlib.net/zlib-$pkgver.tar.xz
 	zlib-1.2.8-minizip-include.patch
-	CVE-2023-45853.patch
 	"

 builddir="$srcdir/zlib-$pkgver"/contrib/minizip
@@ -40,7 +39,6 @@ package() {
 }

 sha512sums="
-3868ac4da5842dd36c9dad794930675b9082ce15cbd099ddb79c0f6bd20a24aa8f33a123f378f26fe0ae02d91f31f2994dccaac565cedeaffed7b315e6ded2a2  zlib-1.3.tar.xz
+1e8e70b362d64a233591906a1f50b59001db04ca14aaffad522198b04680be501736e7d536b4191e2f99767e7001ca486cd802362cca2be05d5d409b83ea732d  zlib-1.3.1.tar.xz
 d325818f4674c7aff9e97a6446b01197d89149803b1994441fdcdbdd216206184085cb841bac73dd87472c386335b07283a28cbf852766acd99d55c63f32112d  zlib-1.2.8-minizip-include.patch
-2304011af6364a15e274f1ca58ee5089ce25775f6ba48c4420936b0c49cdba429589b0337182a47b4c458f711b9254507a6ad824288e1913f3c9368b26add374  CVE-2023-45853.patch
 "
--- a/community/minizip/CVE-2023-45853.patch
+++ b/community/minizip/CVE-2023-45853.patch
-rebased path -lnl
-
-From 73331a6a0481067628f065ffe87bb1d8f787d10c Mon Sep 17 00:00:00 2001
-From: Hans Wennborg <hans@chromium.org>
-Date: Fri, 18 Aug 2023 11:05:33 +0200
-Subject: [PATCH] Reject overflows of zip header fields in minizip.
-
-This checks the lengths of the file name, extra field, and comment
-that would be put in the zip headers, and rejects them if they are
-too long. They are each limited to 65535 bytes in length by the zip
-format. This also avoids possible buffer overflows if the provided
-fields are too long.
---
- contrib/minizip/zip.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/zip.c b/zip.c
-index 3d3d4cadd..0446109b2 100644
--- a/zip.c
-+++ b/zip.c
-@@ -1043,6 +1043,17 @@ extern int ZEXPORT zipOpenNewFileInZip4_64(zipFile file, const char* filename, c
-       return ZIP_PARAMERROR;
- #endif
- 
-+    // The filename and comment length must fit in 16 bits.
-+    if ((filename!=NULL) && (strlen(filename)>0xffff))
-+        return ZIP_PARAMERROR;
-+    if ((comment!=NULL) && (strlen(comment)>0xffff))
-+        return ZIP_PARAMERROR;
-+    // The extra field length must fit in 16 bits. If the member also requires
-+    // a Zip64 extra block, that will also need to fit within that 16-bit
-+    // length, but that will be checked for later.
-+    if ((size_extrafield_local>0xffff) || (size_extrafield_global>0xffff))
-+        return ZIP_PARAMERROR;
-+
-     zi = (zip64_internal*)file;
- 
-     if (zi->in_opened_file_inzip == 1)