unzip: apply Debian patch for CVE-2018-1000035

Closes #37612. Signed-off-by: FX Coudert <fxcoudert@gmail.com>
2019-03-05 18:45:07 +08:00 · 2019-03-05 18:45:07 +08:00 · 6ad3a9cc7d
commit 6ad3a9cc7d
parent abb587739b
1 changed files with 4 additions and 4 deletions
--- a/Formula/unzip.rb
+++ b/Formula/unzip.rb
@ -4,7 +4,7 @@ class Unzip < Formula
  url "https://downloads.sourceforge.net/project/infozip/UnZip%206.x%20%28latest%29/UnZip%206.0/unzip60.tar.gz"
  version "6.0"
  sha256 "036d96991646d0449ed0aa952e4fbe21b476ce994abc276e49d30e686708bd37"
-  revision 3
+  revision 4

  bottle do
    cellar :any_skip_relocation
@ -20,9 +20,8 @@ class Unzip < Formula
  # Upstream is unmaintained so we use the Debian patchset:
  # https://packages.debian.org/sid/unzip
  patch do
-    url "https://mirrors.ocf.berkeley.edu/debian/pool/main/u/unzip/unzip_6.0-21.debian.tar.xz"
-    mirror "https://mirrorservice.org/sites/ftp.debian.org/debian/pool/main/u/unzip/unzip_6.0-21.debian.tar.xz"
-    sha256 "8accd9d214630a366476437a3ec1842f2e057fdce16042a7b19ee569c33490a3"
+    url "https://deb.debian.org/debian/pool/main/u/unzip/unzip_6.0-22.debian.tar.xz"
+    sha256 "f3c80c1e3917d59cb2fe72f0431159c919f2df7fc96f5b539c91cc96fc02ecfa"
    apply %w[
      patches/01-manpages-in-section-1-not-in-section-1l.patch
      patches/02-this-is-debian-unzip.patch
@ -43,6 +42,7 @@ class Unzip < Formula
      patches/17-restore-unix-timestamps-accurately.patch
      patches/18-cve-2014-9913-unzip-buffer-overflow.patch
      patches/19-cve-2016-9844-zipinfo-buffer-overflow.patch
+      patches/20-cve-2018-1000035-unzip-buffer-overflow.patch
    ]
  end