From cb24d1022bef06a43eb5d5ec7454e095ea6b6a1b Mon Sep 17 00:00:00 2001
From: Jan Pavlinec <jan.pavlinec@nic.cz>
Date: Sat, 12 Jan 2019 21:25:37 +0100
Subject: [PATCH] unzip: patch CVE-2018-1000035 and add PKG_CPE_IDE

Signed-off-by: Jan Pavlinec <jan.pavlinec@nic.cz>
---
 utils/unzip/Makefile                          |  3 +-
 ...18-1000035-overflow-password-protect.patch | 34 +++++++++++++++++++
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch

diff --git a/utils/unzip/Makefile b/utils/unzip/Makefile
index fd8f74b7c..25b42e1e4 100644
--- a/utils/unzip/Makefile
+++ b/utils/unzip/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=unzip
 PKG_REV:=60
 PKG_VERSION:=6.0
-PKG_RELEASE:=6
+PKG_RELEASE:=7
 
 PKG_SOURCE:=$(PKG_NAME)$(PKG_REV).tar.gz
 PKG_SOURCE_URL:=@SF/infozip
@@ -19,6 +19,7 @@ PKG_MAINTAINER:=Álvaro Fernández Rojas <noltari@gmail.com>
 
 PKG_LICENSE:=BSD-4-Clause
 PKG_LICENSE_FILES:=LICENSE
+ PKG_CPE_ID:=cpe:/a:unzip:unzip
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)/unzip$(PKG_REV)
 PKG_CHECK_FORMAT_SECURITY:=0
diff --git a/utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch b/utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch
new file mode 100644
index 000000000..e1fdcf588
--- /dev/null
+++ b/utils/unzip/patches/011-CVE-2018-1000035-overflow-password-protect.patch
@@ -0,0 +1,34 @@
+--- a/fileio.c
++++ b/fileio.c
+@@ -1,5 +1,5 @@
+ /*
+-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
++  Copyright (c) 1990-2017 Info-ZIP.  All rights reserved.
+
+   See the accompanying file LICENSE, version 2009-Jan-02 or later
+   (the contents of which are also included in unzip.h) for terms of use.
+@@ -1582,6 +1582,8 @@
+     int r = IZ_PW_ENTERED;
+     char *m;
+     char *prompt;
++    char *ep;
++    char *zp;
+
+ #ifndef REENTRANT
+     /* tell picky compilers to shut up about "unused variable" warnings */
+@@ -1590,9 +1592,12 @@
+
+     if (*rcnt == 0) {           /* First call for current entry */
+         *rcnt = 2;
+-        if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+-            sprintf(prompt, LoadFarString(PasswPrompt),
+-                    FnFilter1(zfn), FnFilter2(efn));
++        zp = FnFilter1( zfn);
++        ep = FnFilter2( efn);
++        prompt = (char *)malloc(        /* Slightly too long (2* "%s"). */
++         sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
++        if (prompt != (char *)NULL) {
++            sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
+             m = prompt;
+         } else
+             m = (char *)LoadFarString(PasswPrompt2);