Sync from SUSE:SLFO:Main unzip revision 40ed47221ed2fba016482a67ccc49e15

This commit is contained in:
Adrian Schröter 2024-05-04 01:38:24 +02:00
commit 8d419078ff
30 changed files with 2565 additions and 0 deletions

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

24
CVE-2014-9913.patch Normal file
View File

@ -0,0 +1,24 @@
Index: unzip60/list.c
===================================================================
--- unzip60.orig/list.c
+++ unzip60/list.c
@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type
G.crec.compression_method == ENHDEFLATED) {
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
} else if (methnum >= NUM_METHODS) {
- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
+ /* 2013-02-26 SMS.
+ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913.
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the
+ * colon, and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
+ }
}
#if 0 /* GRR/Euro: add this? */

35
CVE-2015-7696.patch Normal file
View File

@ -0,0 +1,35 @@
From: Petr Stodulka <pstodulk@redhat.com>
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: Upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
Forwarded: yes
---
crypt.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
Index: unzip60/crypt.c
===================================================================
--- unzip60.orig/crypt.c
+++ unzip60/crypt.c
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
GLOBAL(pInfo->encrypted) = FALSE;
defer_leftover_input(__G);
for (n = 0; n < RAND_HEAD_LEN; n++) {
- b = NEXTBYTE;
+ /* 2012-11-23 SMS. (OUSPG report.)
+ * Quit early if compressed size < HEAD_LEN. The resulting
+ * error message ("unable to get password") could be improved,
+ * but it's better than trying to read nonexistent data, and
+ * then continuing with a negative G.csize. (See
+ * fileio.c:readbyte()).
+ */
+ if ((b = NEXTBYTE) == (ush)EOF)
+ {
+ return PK_ERR;
+ }
h[n] = (uch)b;
Trace((stdout, " (%02x)", h[n]));
}

41
CVE-2015-7697.patch Normal file
View File

@ -0,0 +1,41 @@
From: Kamil Dudka <kdudka@redhat.com>
Date: Mon, 14 Sep 2015 18:24:56 +0200
Subject: fix infinite loop when extracting empty bzip2 data
Bug-Debian: https://bugs.debian.org/802160
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
---
extract.c | 6 ++++++
1 file changed, 6 insertions(+)
Index: unzip60/extract.c
===================================================================
--- unzip60.orig/extract.c
+++ unzip60/extract.c
@@ -2721,6 +2721,12 @@ __GDEF
int repeated_buf_err;
bz_stream bstrm;
+ if (G.incnt <= 0 && G.csize <= 0L) {
+ /* avoid an infinite loop */
+ Trace((stderr, "UZbunzip2() got empty input\n"));
+ return 2;
+ }
+
#if (defined(DLL) && !defined(NO_SLIDE_REDIR))
if (G.redirect_slide)
wsize = G.redirect_size, redirSlide = G.redirect_buffer;
Index: unzip60/zipinfo.c
===================================================================
--- unzip60.orig/zipinfo.c
+++ unzip60/zipinfo.c
@@ -1888,7 +1888,7 @@ static int zi_short(__G) /* return PK-
int k, error, error_in_archive=PK_COOL;
unsigned hostnum, hostver, methid, methnum, xattr;
char *p, workspace[12], attribs[16];
- char methbuf[5];
+ char methbuf[1+5+1]; /* large enough to hold 1 character + an unsigned short + NUL */
static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */
static ZCONST char Far os[NUM_HOSTS+1][4] = {
"fat", "ami", "vms", "unx", "cms", "atr", "hpf", "mac", "zzz",

24
CVE-2016-9844.patch Normal file
View File

@ -0,0 +1,24 @@
Index: unzip60/zipinfo.c
===================================================================
--- unzip60.orig/zipinfo.c
+++ unzip60/zipinfo.c
@@ -1927,7 +1927,18 @@ static int zi_short(__G) /* return PK-
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
methbuf[3] = dtype[dnum];
} else if (methnum >= NUM_METHODS) { /* unknown */
- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
+ /* 2016-12-05 SMS.
+ * https://launchpad.net/bugs/1643750 CVE-2016-9844.
+ * Unexpectedly large compression methods overflow
+ * &methbuf[]. Use the old, three-digit decimal format
+ * for values which fit. Otherwise, sacrifice the "u",
+ * and use four-digit hexadecimal.
+ */
+ if (G.crec.compression_method <= 999) {
+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
+ } else {
+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
+ }
}
for (k = 0; k < 15; ++k)

39
CVE-2018-1000035.patch Normal file
View File

@ -0,0 +1,39 @@
From: <kbabioch@suse.com>
Date: Thu Feb 8 15:10:03 CET 2018
Upstream: merged
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548
Index: fileio.c
===================================================================
--- fileio.c.orig
+++ fileio.c
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
int r = IZ_PW_ENTERED;
char *m;
char *prompt;
-
+ char *zfnf;
+ char *efnf;
+ size_t zfnfl;
+ int isOverflow;
+
#ifndef REENTRANT
/* tell picky compilers to shut up about "unused variable" warnings */
pG = pG;
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
if (*rcnt == 0) { /* First call for current entry */
*rcnt = 2;
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+ zfnf = FnFilter1(zfn);
+ efnf = FnFilter2(efn);
+ zfnfl = strlen(zfnf);
+ isOverflow = TRUE;
+ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+ {
+ isOverflow = FALSE;
+ }
+ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
sprintf(prompt, LoadFarString(PasswPrompt),
FnFilter1(zfn), FnFilter2(efn));
m = prompt;

37
CVE-2022-0529.patch Normal file
View File

@ -0,0 +1,37 @@
From: Enrico Zini <enrico@debian.org>
Subject: Fix wide string conversion
Bug-Debian: https://bugs.debian.org/1010355
X-Debian-version: 6.0-27
--- a/process.c
+++ b/process.c
@@ -2507,13 +2507,15 @@
char buf[9];
char *buffer = NULL;
char *local_string = NULL;
+ size_t buffer_size;
for (wsize = 0; wide_string[wsize]; wsize++) ;
if (max_bytes < MAX_ESCAPE_BYTES)
max_bytes = MAX_ESCAPE_BYTES;
- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
+ buffer_size = wsize * max_bytes + 1;
+ if ((buffer = (char *)malloc(buffer_size)) == NULL) {
return NULL;
}
@@ -2552,7 +2554,11 @@
/* no MB for this wide */
/* use escape for wide character */
char *escape_string = wide_to_escape_string(wide_string[i]);
- strcat(buffer, escape_string);
+ size_t buffer_len = strlen(buffer);
+ size_t escape_string_len = strlen(escape_string);
+ if (buffer_len + escape_string_len + 1 > buffer_size)
+ escape_string_len = buffer_size - buffer_len - 1;
+ strncat(buffer, escape_string, escape_string_len);
free(escape_string);
}
}

28
CVE-2022-0530.patch Normal file
View File

@ -0,0 +1,28 @@
From: Enrico Zini <enrico@debian.org>
Subject: Fix null pointer dereference on invalid UTF-8 input
Bug-Debian: https://bugs.debian.org/1010355
X-Debian-version: 6.0-27
--- a/fileio.c
+++ b/fileio.c
@@ -2361,6 +2361,9 @@
/* convert UTF-8 to local character set */
fn = utf8_to_local_string(G.unipath_filename,
G.unicode_escape_all);
+ if (fn == NULL)
+ return PK_ERR;
+
/* make sure filename is short enough */
if (strlen(fn) >= FILNAMSIZ) {
fn[FILNAMSIZ - 1] = '\0';
--- a/process.c
+++ b/process.c
@@ -2611,6 +2611,8 @@
int escape_all;
{
zwchar *wide = utf8_to_wide_string(utf8_string);
+ if (wide == NULL)
+ return NULL;
char *loc = wide_to_local_string(wide, escape_all);
free(wide);
return loc;

View File

@ -0,0 +1,78 @@
diff --git a/extract.c b/extract.c
index 9ef80b3..c741b5f 100644
--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
#ifndef SFX
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
+ EF block length (%u bytes) invalid (< %d)\n";
static ZCONST char Far InvalidComprDataEAs[] =
" invalid compressed data for EAs\n";
# if (defined(WIN32) && defined(NTSD_EAS))
@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len)
ebID = makeword(ef);
ebLen = (unsigned)makeword(ef+EB_LEN);
- if (ebLen > (ef_len - EB_HEADSIZE)) {
+ if (ebLen > (ef_len - EB_HEADSIZE))
+ {
/* Discovered some extra field inconsistency! */
if (uO.qflag)
Info(slide, 1, ((char *)slide, "%-22s ",
@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len)
}
break;
case EF_PKVMS:
- if (makelong(ef+EB_HEADSIZE) !=
- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
- (extent)(ebLen-4)))
- Info(slide, 1, ((char *)slide,
- LoadFarString(BadCRC_EAs)));
+ /* 2015-01-30 SMS. Added sufficient-bytes test/message
+ * here. (Removed defective ebLen test above.)
+ *
+ * If sufficient bytes (EB_PKVMS_MINLEN) are available,
+ * then compare the stored CRC value with the calculated
+ * CRC for the remainder of the data (and complain about
+ * a mismatch).
+ */
+ if (ebLen < EB_PKVMS_MINLEN)
+ {
+ /* Insufficient bytes available. */
+ Info( slide, 1,
+ ((char *)slide, LoadFarString( TooSmallEBlength),
+ ebLen, EB_PKVMS_MINLEN));
+ }
+ else if (makelong(ef+ EB_HEADSIZE) !=
+ crc32(CRCVAL_INITIAL,
+ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN),
+ (extent)(ebLen- EB_PKVMS_MINLEN)))
+ {
+ Info(slide, 1, ((char *)slide,
+ LoadFarString(BadCRC_EAs)));
+ }
break;
case EF_PKW32:
case EF_PKUNIX:
diff --git a/unzpriv.h b/unzpriv.h
index 005cee0..5c83a6e 100644
--- a/unzpriv.h
+++ b/unzpriv.h
@@ -1806,6 +1806,8 @@
#define EB_NTSD_VERSION 4 /* offset of NTSD version byte */
#define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */
+#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */
+
#define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */
#define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */

View File

@ -0,0 +1,181 @@
From 3e74a01aec1ab48c3848ac50fc2f8ed8b177b400 Mon Sep 17 00:00:00 2001
From: Thorsten Behrens <tbehrens@suse.com>
Date: Sat, 20 Dec 2014 01:56:42 +0100
Subject: [PATCH] Fix CVE-2014-8140 and CVE-2014-8141
CVE-2014-8140 unzip: write error (*_8349_*) shows a problem in
extract.c:test_compr_eb()
CVE-2014-8141 unzip: read errors (*_6430_*, *_3422_*) show problems in
process.c:getZip64Data()
---
extract.c | 13 +++++++++---
fileio.c | 9 ++++++++-
process.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++----------------
3 files changed, 69 insertions(+), 21 deletions(-)
diff --git a/extract.c b/extract.c
index 78f637e..5d27e4b 100644
--- a/extract.c
+++ b/extract.c
@@ -2234,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
+ /* Return no/bad-data error status if any problem is found:
+ * 1. eb_size is too small to hold the uncompressed size
+ * (eb_ucsize). (Else extract eb_ucsize.)
+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
+ * 3. eb_ucsize is positive, but eb_size is too small to hold
+ * the compressed data header.
+ */
if ((eb_size < (EB_UCSIZE_P + 4)) ||
- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
- return IZ_EF_TRUNC; /* no compressed data! */
+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
if (
#ifdef INT_16BIT
diff --git a/fileio.c b/fileio.c
index a381855..de93728 100644
--- a/fileio.c
+++ b/fileio.c
@@ -181,6 +181,8 @@ static ZCONST char Far FilenameTooLongTrunc[] =
#endif
static ZCONST char Far ExtraFieldTooLong[] =
"warning: extra field too long (%d). Ignoring...\n";
+static ZCONST char Far ExtraFieldCorrupt[] =
+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
#ifdef WINDLL
static ZCONST char Far DiskFullQuery[] =
@@ -2326,7 +2328,12 @@ int do_string(__G__ length, option) /* return PK-type error code */
if (readbuf(__G__ (char *)G.extra_field, length) == 0)
return PK_EOF;
/* Looks like here is where extra fields are read */
- getZip64Data(__G__ G.extra_field, length);
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
+ {
+ Info(slide, 0x401, ((char *)slide,
+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
+ error = PK_WARN;
+ }
#ifdef UNICODE_SUPPORT
G.unipath_filename = NULL;
if (G.UzO.U_flag < 2) {
diff --git a/process.c b/process.c
index f1b7602..828c8aa 100644
--- a/process.c
+++ b/process.c
@@ -1,5 +1,5 @@
/*
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
See the accompanying file LICENSE, version 2009-Jan-02 or later
(the contents of which are also included in unzip.h) for terms of use.
@@ -1901,48 +1901,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
and a 4-byte version of disk start number.
Sets both local header and central header fields. Not terribly clever,
but it means that this procedure is only called in one place.
+
+ 2014-12-05 SMS.
+ Added checks to ensure that enough data are available before calling
+ makeint64() or makelong(). Replaced various sizeof() values with
+ simple ("4" or "8") constants. (The Zip64 structures do not depend
+ on our variable sizes.) Error handling is crude, but we should now
+ stay within the buffer.
---------------------------------------------------------------------------*/
+#define Z64FLGS 0xffff
+#define Z64FLGL 0xffffffff
+
if (ef_len == 0 || ef_buf == NULL)
return PK_COOL;
Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
ef_len));
- while (ef_len >= EB_HEADSIZE) {
+ while (ef_len >= EB_HEADSIZE)
+ {
eb_id = makeword(EB_ID + ef_buf);
eb_len = makeword(EB_LEN + ef_buf);
- if (eb_len > (ef_len - EB_HEADSIZE)) {
- /* discovered some extra field inconsistency! */
+ if (eb_len > (ef_len - EB_HEADSIZE))
+ {
+ /* Extra block length exceeds remaining extra field length. */
Trace((stderr,
"getZip64Data: block length %u > rest ef_size %u\n", eb_len,
ef_len - EB_HEADSIZE));
break;
}
- if (eb_id == EF_PKSZ64) {
-
+ if (eb_id == EF_PKSZ64)
+ {
int offset = EB_HEADSIZE;
- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.ucsize);
+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
+ offset += 8;
}
- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.csize);
+
+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
+ offset += 8;
}
- if (G.crec.relative_offset_local_header == 0xffffffff){
+
+ if (G.crec.relative_offset_local_header == Z64FLGL)
+ {
+ if (offset+ 8 > ef_len)
+ return PK_ERR;
+
G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
- offset += sizeof(G.crec.relative_offset_local_header);
+ offset += 8;
}
- if (G.crec.disk_number_start == 0xffff){
+
+ if (G.crec.disk_number_start == Z64FLGS)
+ {
+ if (offset+ 4 > ef_len)
+ return PK_ERR;
+
G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
- offset += sizeof(G.crec.disk_number_start);
+ offset += 4;
}
+#if 0
+ break; /* Expect only one EF_PKSZ64 block. */
+#endif /* 0 */
}
- /* Skip this extra field block */
+ /* Skip this extra field block. */
ef_buf += (eb_len + EB_HEADSIZE);
ef_len -= (eb_len + EB_HEADSIZE);
}
--
1.8.4.5

View File

@ -0,0 +1,41 @@
From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
From: mancha <mancha1 AT zoho DOT com>
Date: Wed, 11 Feb 2015
Subject: Info-ZIP UnZip buffer overflow
By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.
This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.
---
extract.c | 7 +++++++
1 file changed, 7 insertions(+)
--- unzip60/extract.c
+++ unzip60/extract.c
@@ -2230,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si
ulg eb_ucsize;
uch *eb_ucptr;
int r;
+ ush method;
if (compr_offset < 4) /* field is not compressed: */
return PK_OK; /* do nothing and signal OK */
@@ -2246,6 +2247,13 @@ static int test_compr_eb(__G__ eb, eb_si
((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
return IZ_EF_TRUNC; /* no/bad compressed data! */
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
+ if ((method == STORED) &&
+ (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
+ return PK_ERR; /* compressed & uncompressed
+ * should match in STORED
+ * method */
+
if (
#ifdef INT_16BIT
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||

3
_multibuild Normal file
View File

@ -0,0 +1,3 @@
<multibuild>
<package>unzip-rcc</package>
</multibuild>

10
pre_checkin.sh Normal file
View File

@ -0,0 +1,10 @@
#! /bin/sh
cp unzip.spec unzip-rcc.spec
cp unzip.changes unzip-rcc.changes
sed -i -e 's,Name: .*,Name: unzip-rcc,' unzip-rcc.spec
sed -i -e 's,%bcond_with rcc,%bcond_without rcc,' unzip-rcc.spec
osc service localrun format_spec_file

View File

@ -0,0 +1,31 @@
Index: process.c
===================================================================
--- process.c.orig 2009-03-06 02:25:10.000000000 +0100
+++ process.c 2010-05-21 13:17:28.292590863 +0200
@@ -203,6 +203,8 @@ static ZCONST char Far Cent64EndSigSearc
#endif
static ZCONST char Far ZipfileCommTrunc1[] =
"\ncaution: zipfile comment truncated\n";
+static ZCONST char Far FileNameTooLong[] =
+ "%s: error: %s (truncated): %s\n";
#ifndef NO_ZIPINFO
static ZCONST char Far NoZipfileComment[] =
"There is no zipfile comment.\n";
@@ -390,6 +392,17 @@ int process_zipfiles(__G) /* return P
lastzipfn = G.zipfn;
+ if (strlen(G.wildzipfn) > strlen(G.zipfn))
+ {
+ Info(slide, 1, ((char *)slide,
+ LoadFarString(FileNameTooLong),
+ uO.zipinfo_mode? LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip),
+ G.zipfn, strerror(ENAMETOOLONG)));
+
+ free_G_buffers(__G);
+ return PK_NOZIP;
+ }
+
/* print a blank line between the output of different zipfiles */
if (!uO.qflag && error != PK_NOZIP && error != IZ_DIR
#ifdef TIMESTAMP

176
unzip-5.52-use_librcc.patch Normal file
View File

@ -0,0 +1,176 @@
Author: Suren A. Chilingaryan <csa@dside.dyndns.org>
Description: Provides header file
Index: dsrecode.c
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ dsrecode.c 2010-05-21 14:25:19.192590879 +0200
@@ -0,0 +1,137 @@
+#include <librcc.h>
+
+static rcc_class_default_charset default_oem[] =
+{
+ { "ru", "IBM866" },
+ { NULL, NULL }
+};
+
+static rcc_class_default_charset default_iso[] =
+{
+ { "ru", "CP1251" },
+ { NULL, NULL }
+};
+
+#define OEM_CLASS 0
+#define ISO_CLASS 1
+#define OUT_CLASS 2
+static rcc_class classes[] =
+{
+ { "oem", RCC_CLASS_STANDARD, NULL, default_oem, "OEM_INTERN", 0 },
+ { "iso", RCC_CLASS_STANDARD, NULL, default_iso, "ISO_INTERN", 0 },
+ { "out", RCC_CLASS_STANDARD, "LC_CTYPE", NULL, "Output", 0 },
+ { NULL }
+};
+
+int initialized = 0;
+
+#ifdef RCC_LAZY
+#include <dlfcn.h>
+# define RCC_LIBRARY "librcc.so.0"
+int (*rccInit2)(void);
+int (*rccFree2)(void);
+int (*rccInitDefaultContext2)(const char *locale_variable,
+ unsigned int max_languages,
+ unsigned int max_classes,
+ rcc_class_ptr defclasses,
+ rcc_init_flags flags);
+int (*rccInitDb42)(rcc_context ctx, const char *name, rcc_db4_flags flags);
+char* (*rccSizedRecode2)(rcc_context ctx, rcc_class_id from, rcc_class_id to,
+ const char *buf, size_t len, size_t *rlen);
+int (*rccLoad2)(rcc_context ctx, const char *name);
+
+
+static char *rccRecode2(rcc_context ctx, rcc_class_id from,
+ rcc_class_id to, const char *buf)
+{
+ return rccSizedRecode2(ctx, from, to, buf, 0, NULL);
+}
+
+void *rcc_handle;
+#else /* RCC_LAZY */
+#define rccInit2 rccInit
+#define rccFree2 rccFree
+#define rccInitDefaultContext2 rccInitDefaultContext
+#define rccInitDb42 rccInitDb4
+#define rccRecode2 rccRecode
+#define rccLoad2 rccLoad
+#endif /* RCC_LAZY */
+
+static void rccUnzipFree(void)
+{
+ if (initialized > 0) {
+ rccFree2();
+#ifdef RCC_LAZY
+ dlclose(rcc_handle);
+#endif /* RCC_LAZY */
+ initialized = 0;
+ }
+}
+
+
+static int rccUnzipInit(void)
+{
+ if (initialized) return 0;
+
+#ifdef RCC_LAZY
+ rcc_handle = dlopen(RCC_LIBRARY, RTLD_NOW);
+ if (!rcc_handle) {
+ initialized = -1;
+ return 1;
+ }
+
+ rccInit2 = dlsym(rcc_handle, "rccInit");
+ rccFree2 = dlsym(rcc_handle, "rccFree");
+ rccInitDefaultContext2 = dlsym(rcc_handle, "rccInitDefaultContext");
+ rccInitDb42 = dlsym(rcc_handle, "rccInitDb4");
+ rccSizedRecode2 = dlsym(rcc_handle, "rccSizedRecode");
+ rccLoad2 = dlsym(rcc_handle, "rccLoad");
+
+ if ((!rccInit2) || (!rccFree2) || (!rccInitDefaultContext2) ||
+ (!rccInitDb42) || (!rccSizedRecode2) || (!rccLoad2)) {
+ dlclose(rcc_handle);
+ initialized = -1;
+ return 1;
+ }
+#endif /* RCC_LAZY */
+
+ rccInit2();
+ rccInitDefaultContext2(NULL, 0, 0, classes, 0);
+ rccLoad2(NULL, "zip");
+ rccInitDb42(NULL, NULL, 0);
+ atexit(rccUnzipFree);
+ initialized = 1;
+ return 0;
+}
+
+
+
+void _DS_OEM_INTERN(char *string)
+{
+ char *str;
+ rccUnzipInit();
+
+ if (initialized>0) {
+ str = rccRecode2(NULL, OEM_CLASS, OUT_CLASS, string);
+
+ if (str) {
+ strncpy(string,str,FILNAMSIZ);
+ free(str);
+ }
+ }
+}
+
+void _DS_ISO_INTERN(char *string)
+{
+ char *str;
+ rccUnzipInit();
+
+ if (initialized>0) {
+ str = rccRecode2(NULL, ISO_CLASS, OUT_CLASS, string);
+
+ if (str) {
+ strncpy(string,str,FILNAMSIZ);
+ free(str);
+ }
+ }
+}
Index: fileio.c
===================================================================
--- fileio.c.orig 2010-05-21 14:25:19.172590765 +0200
+++ fileio.c 2010-05-21 14:25:19.192590879 +0200
@@ -82,7 +82,7 @@
# endif
#endif
#include "ebcdic.h" /* definition/initialization of ebcdic[] */
-
+#include "dsrecode.c"
/*
Note: Under Windows, the maximum size of the buffer that can be used
Index: unzpriv.h
===================================================================
--- unzpriv.h.orig 2010-05-21 14:24:55.632590821 +0200
+++ unzpriv.h 2010-05-21 14:25:19.220590722 +0200
@@ -3025,10 +3025,11 @@ char *GetLoadPath OF((__GPRO));
!(((islochdr) || (isuxatt)) && \
((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
(hostnum) == FS_HPFS_ || \
+ (hostnum) == UNIX_ || \
((hostnum) == FS_NTFS_ && (hostver) == 50)) { \
- _OEM_INTERN((string)); \
+ _DS_OEM_INTERN((string)); \
} else { \
- _ISO_INTERN((string)); \
+ _DS_ISO_INTERN((string)); \
}}
#endif

View File

@ -0,0 +1,15 @@
Author: Suren A. Chilingaryan <csa@dside.dyndns.org>
Index: extract.c
===================================================================
--- extract.c.orig 2009-03-14 04:32:52.000000000 +0300
+++ extract.c 2010-07-07 17:29:52.000000000 +0400
@@ -2596,7 +2596,7 @@ char *fnfilter(raw, space, size) /* co
*/
# define UZ_FNFILTER_REPLACECHAR '?'
# endif
- if (!isprint(*r)) {
+ if (*r < 32) { //(!isprint(*r)) {
if (*r < 32) {
/* ASCII control codes are escaped as "^{letter}". */
if (se != NULL && (s > (space + (size-4)))) {

View File

@ -0,0 +1,20 @@
From: Andreas Schwab <schwab@linux-m68k.org>
Subject: Initialize the symlink flag
Bug-Debian: https://bugs.debian.org/717029
X-Debian-version: 6.0-10
--- a/process.c
+++ b/process.c
@@ -1758,6 +1758,12 @@
= (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
#endif
+#ifdef SYMLINKS
+ /* Initialize the symlink flag, may be set by the platform-specific
+ mapattr function. */
+ G.pInfo->symlink = 0;
+#endif
+
return PK_COOL;
} /* end function process_cdir_file_hdr() */

181
unzip-iso8859_2.patch Normal file
View File

@ -0,0 +1,181 @@
Index: ebcdic.h
===================================================================
--- ebcdic.h.orig 2008-03-21 13:04:22.000000000 +0100
+++ ebcdic.h 2010-05-21 14:07:51.000091055 +0200
@@ -254,6 +254,25 @@ ZCONST uch Far iso2oem_850[] = {
0xD0, 0xA4, 0x95, 0xA2, 0x93, 0xE4, 0x94, 0xF6, /* F0 - F7 */
0x9B, 0x97, 0xA3, 0x96, 0x81, 0xEC, 0xE7, 0x98 /* F8 - FF */
};
+
+ZCONST uch Far iso2oem_2[] = {
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
+ 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F,
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
+ 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F,
+ 0x20, 0xA4, 0xF4, 0x9D, 0xCF, 0x95, 0x97, 0xF5,
+ 0xF9, 0xE6, 0xB8, 0x9B, 0x8D, 0x2D, 0xA6, 0xBD,
+ 0x20, 0xA5, 0xF2, 0x88, 0xEF, 0x96, 0x98, 0xF3,
+ 0xF7, 0xE7, 0xAD, 0x9C, 0xAB, 0xF1, 0xA7, 0xBE,
+ 0xE8, 0xB5, 0xB6, 0xC6, 0x8E, 0x91, 0x8F, 0x80,
+ 0xAC, 0x90, 0xA8, 0xD3, 0xB7, 0xD6, 0xD7, 0xD2,
+ 0xD1, 0xE3, 0xD5, 0xE0, 0xE2, 0x8A, 0x99, 0x9E,
+ 0xFC, 0xDE, 0xE9, 0xEB, 0x9A, 0xED, 0xDD, 0xE1,
+ 0xEA, 0xA0, 0x83, 0xC7, 0x84, 0x92, 0x86, 0x87,
+ 0x9F, 0x82, 0xA9, 0x89, 0xD8, 0xA1, 0x8C, 0xD4,
+ 0xD0, 0xE4, 0xE5, 0xA2, 0x93, 0x8B, 0x94, 0xF6,
+ 0xFD, 0x85, 0xA3, 0xFB, 0x81, 0xEC, 0xEE, 0xFA
+};
#endif /* IZ_ISO2OEM_ARRAY */
#ifdef IZ_OEM2ISO_ARRAY
@@ -275,6 +294,25 @@ ZCONST uch Far oem2iso_850[] = {
0xAD, 0xB1, 0x3D, 0xBE, 0xB6, 0xA7, 0xF7, 0xB8, /* F0 - F7 */
0xB0, 0xA8, 0xB7, 0xB9, 0xB3, 0xB2, 0xA6, 0xA0 /* F8 - FF */
};
+
+ZCONST uch Far oem2iso_2[] = {
+ 0xC7, 0xFC, 0xE9, 0xE2, 0xE4, 0xF9, 0xE6, 0xE7,
+ 0xB3, 0xEB, 0xD5, 0xF5, 0xEE, 0xAC, 0xC4, 0xC6,
+ 0xC9, 0xC5, 0xE5, 0xF4, 0xF6, 0xA5, 0xB5, 0xA6,
+ 0xB6, 0xD6, 0xDC, 0xAB, 0xBB, 0xA3, 0xD7, 0xE8,
+ 0xE1, 0xED, 0xF3, 0xFA, 0xA1, 0xB1, 0xAE, 0xBE,
+ 0xCA, 0xEA, 0xAA, 0xBC, 0xC8, 0xBA, 0x3C, 0x3E,
+ 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xC1, 0xC2, 0xCC,
+ 0xAA, 0xB9, 0xBA, 0xBB, 0xBC, 0xAF, 0xBF, 0xBF,
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC3, 0xE3,
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xA4,
+ 0xF0, 0xD0, 0xCF, 0xCB, 0xEF, 0xD2, 0xCD, 0xCE,
+ 0xEC, 0xD9, 0xDA, 0xDB, 0xDC, 0xDE, 0xD9, 0xDF,
+ 0xD3, 0xDF, 0xD4, 0xD1, 0xF1, 0xF2, 0xA9, 0xB9,
+ 0xC0, 0xDA, 0xE0, 0xDB, 0xFD, 0xDD, 0xFE, 0xB4,
+ 0xF0, 0xBD, 0xB2, 0xB7, 0xA2, 0xA7, 0xF7, 0xB8,
+ 0xF8, 0xA8, 0xFF, 0xFB, 0xD8, 0xF8, 0xFE, 0xFF
+};
#endif /* IZ_OEM2ISO_ARRAY */
/* The following pointers to the OEM<-->ISO translation tables are used
Index: man/unzip.1
===================================================================
--- man/unzip.1.orig 2009-04-20 02:33:10.000000000 +0200
+++ man/unzip.1 2010-05-21 14:23:25.824590928 +0200
@@ -25,7 +25,7 @@
unzip \- list, test and extract compressed files in a ZIP archive
.PD
.SH SYNOPSIS
-\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMUVWX$/:^\fP]]
+\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMOUVWX$/:^\fP]]
\fIfile\fP[\fI.zip\fP] [\fIfile(s)\fP\ .\|.\|.]
[\fB\-x\fP\ \fIxfile(s)\fP\ .\|.\|.] [\fB\-d\fP\ \fIexdir\fP]
.PD
@@ -386,6 +386,9 @@ of \fIzip\fP(1L), which stores filenotes
overwrite existing files without prompting. This is a dangerous option, so
use it with care. (It is often used with \fB\-f\fP, however, and is the only
way to overwrite directory EAs under OS/2.)
+.TP
+.B \-O
++file names will be converted to ISO8859-2 instead of to ISO8859-1
.IP \fB\-P\fP\ \fIpassword\fP
use \fIpassword\fP to decrypt encrypted zipfile entries (if any). \fBTHIS IS
INSECURE!\fP Many multi-user operating systems provide ways for any user to
Index: unzip.c
===================================================================
--- unzip.c.orig 2009-04-16 20:26:52.000000000 +0200
+++ unzip.c 2010-05-21 14:23:25.824590928 +0200
@@ -1592,6 +1592,12 @@ int uz_opts(__G__ pargc, pargv)
} else
++uO.overwrite_all;
break;
+ case ('O'): /* spaces in filenames: allow by default */
+ if (negative)
+ uO.iso8859_2 = FALSE, negative = 0;
+ else
+ uO.iso8859_2 = TRUE;
+ break;
case ('p'): /* pipes: extract to stdout, no messages */
if (negative) {
uO.cflag = FALSE;
Index: unzip.h
===================================================================
--- unzip.h.orig 2009-02-15 19:12:54.000000000 +0100
+++ unzip.h 2010-05-21 14:23:25.824590928 +0200
@@ -502,6 +502,7 @@ typedef struct _UzpOpts {
int K_flag; /* -K: keep setuid/setgid/tacky permissions */
#endif
int lflag; /* -12slmv: listing format (zipinfo) */
+ int iso8859_2; /* -O: ISO8859-2 is used instead ISO8859-1 */
int L_flag; /* -L: convert filenames from some OSes to lowercase */
int overwrite_none; /* -n: never overwrite files (no prompting) */
#ifdef AMIGA
Index: unzpriv.h
===================================================================
--- unzpriv.h.orig 2009-04-20 01:59:26.000000000 +0200
+++ unzpriv.h 2010-05-21 14:24:02.641090783 +0200
@@ -2899,8 +2899,15 @@ char *GetLoadPath OF((__GPRO));
# define IZ_ISO2OEM_ARRAY
# endif
# define _ISO_INTERN(str1) if (iso2oem) {register uch *p;\
- for (p=(uch *)(str1); *p; p++)\
- *p = native((*p & 0x80) ? iso2oem[*p & 0x7f] : *p);}
+ if (uO.iso8859_2 == FALSE) { \
+ for (p=(uch *)(str1); *p; p++) \
+ *p = native((*p & 0x80) ? iso2oem[*p & 0x7f] : *p); \
+ } \
+ else { \
+ for (p=(uch *)(str1); *p; p++) \
+ *p = native((*p & 0x80) ? iso2oem_2[*p & 0x7f] : *p); \
+ }; \
+ }
# else
# define _ISO_INTERN(str1) A_TO_N(str1)
# endif
@@ -2914,8 +2921,15 @@ char *GetLoadPath OF((__GPRO));
# define IZ_OEM2ISO_ARRAY
# endif
# define _OEM_INTERN(str1) if (oem2iso) {register uch *p;\
- for (p=(uch *)(str1); *p; p++)\
- *p = native((*p & 0x80) ? oem2iso[*p & 0x7f] : *p);}
+ if (uO.iso8859_2 == FALSE) { \
+ for (p=(uch *)(str1); *p; p++) \
+ *p = native((*p & 0x80) ? oem2iso[*p & 0x7f] : *p); \
+ } \
+ else { \
+ for (p=(uch *)(str1); *p; p++) \
+ *p = native((*p & 0x80) ? oem2iso_2[*p & 0x7f] : *p); \
+ } \
+ }
# endif
#endif
@@ -2942,6 +2956,7 @@ char *GetLoadPath OF((__GPRO));
/* know: "ASCII" is "OEM" */
# define ASCII2ISO(c) \
((((c) & 0x80) && oem2iso) ? oem2iso[(c) & 0x7f] : (c))
+ (( ((c) & 0x80) ? ((uO.iso8859_2 == FALSE) ? (oem2iso ? oem2iso[(c) & 0x7f] : (c)) : oem2iso_2[(c) & 0x7f]) : (c))
# if (defined(NEED_STR2ISO) && !defined(CRYP_USES_OEM2ISO))
# define CRYP_USES_OEM2ISO
# endif
@@ -2957,8 +2972,9 @@ char *GetLoadPath OF((__GPRO));
# define ASCII2OEM(c) (c)
# else
/* assume: "ASCII" is "ISO-ANSI" */
-# define ASCII2OEM(c) \
- ((((c) & 0x80) && iso2oem) ? iso2oem[(c) & 0x7f] : (c))
+# define ASCII2OEM(c) (((c) & 0x80) ? \
+ ((uO.iso8859_2 == FALSE) ? (iso2oem ? iso2oem[(c) & 0x7f] : (c)) : iso2oem_2[(c) & 0x7f]) : \
+ (c))
# if (defined(NEED_STR2OEM) && !defined(CRYP_USES_ISO2OEM))
# define CRYP_USES_ISO2OEM
# endif
@@ -3029,10 +3045,12 @@ char *GetLoadPath OF((__GPRO));
#endif
#ifdef IZ_ISO2OEM_ARRAY
extern ZCONST uch Far *iso2oem;
+ extern ZCONST uch Far iso2oem_2[];
extern ZCONST uch Far iso2oem_850[];
#endif
#ifdef IZ_OEM2ISO_ARRAY
extern ZCONST uch Far *oem2iso;
+ extern ZCONST uch Far oem2iso_2[];
extern ZCONST uch Far oem2iso_850[];
#endif

98
unzip-no-build-date.patch Normal file
View File

@ -0,0 +1,98 @@
Index: cmsmvs/vmmvs.c
===================================================================
--- cmsmvs/vmmvs.c.orig
+++ cmsmvs/vmmvs.c
@@ -664,14 +664,6 @@ void version(__G)
/* Add compile environment */
platform,
-
- /* Add timestamp */
-#ifdef __DATE__
- " on " __DATE__
-#ifdef __TIME__
- " at " __TIME__
-#endif
-#endif
".\n", "",
liblvlmsg
);
Index: macos/source/sxunzip.c
===================================================================
--- macos/source/sxunzip.c.orig
+++ macos/source/sxunzip.c
@@ -123,7 +123,7 @@ static char UnZipVersionLocal[50];
memset(UnZipVersionLocal,0,sizeof(UnZipVersionLocal));
-sprintf(UnZipVersionLocal, "[%s %s]", __DATE__, __TIME__);
+sprintf(UnZipVersionLocal, "[Unknown]");
return UnZipVersionLocal;
}
Index: macos/source/macos.c
===================================================================
--- macos/source/macos.c.orig
+++ macos/source/macos.c
@@ -937,14 +937,11 @@ void version(__G)
ZCONST char Far CompiledWith[] =
"Compiled with %s%s for %s%s%s%s.\n\n"; */
-char DateTime[50];
-
#ifdef __MWERKS__
char CompVer[10];
sprintf(CompVer, "%x", __MWERKS__);
#endif
- sprintf(DateTime,"%s %s",__DATE__, __TIME__);
sprintf((char *)slide, LoadFarString(CompiledWith),
@@ -960,13 +957,7 @@ sprintf(CompVer, "%x", __MWERKS__);
#else
" PowerPC Processor",
#endif
-
-#ifdef __DATE__
-
- "\n compile time: ", DateTime, ""
-#else
"", "", ""
-#endif
);
(*G.message)((zvoid *)&G, slide, (ulg)strlen((char *)slide), 0);
Index: amiga/amiga.c
===================================================================
--- amiga/amiga.c.orig
+++ amiga/amiga.c
@@ -1002,12 +1002,7 @@ void version(__G)
sprintf(buf2,"unknown version");
# endif
#endif
-
-#ifdef __DATE__
- sprintf(buf4," on %s",__DATE__);
-#else
strcpy(buf4," unknown date");
-#endif
/******
#ifdef __TIME__
Index: unix/unix.c
===================================================================
--- unix/unix.c.orig
+++ unix/unix.c
@@ -1705,11 +1705,7 @@ void version(__G)
#endif /* Sun */
#endif /* SGI */
-#ifdef __DATE__
- " on ", __DATE__
-#else
"", ""
-#endif
);
(*G.message)((zvoid *)&G, slide, (ulg)strlen((char *)slide), 0);

View File

@ -0,0 +1,97 @@
Index: man/zipinfo.1
===================================================================
--- man/zipinfo.1.orig 2010-05-21 14:23:25.824590928 +0200
+++ man/zipinfo.1 2010-05-21 14:24:41.631590822 +0200
@@ -114,7 +114,10 @@ useful in cases where the stored filenam
.TP
.B \-s
list zipfile info in short Unix ``\fCls \-l\fR'' format. This is the default
-behavior; see below.
+behavior; see \fB\-m option below.
+.TP
+.B \-S
+suppress the conversion of file name encodings.
.TP
.B \-m
list zipfile info in medium Unix ``\fCls \-l\fR'' format. Identical to the
Index: man/unzip.1
===================================================================
--- man/unzip.1.orig 2010-05-21 14:23:25.824590928 +0200
+++ man/unzip.1 2010-05-21 14:24:41.635590912 +0200
@@ -25,7 +25,7 @@
unzip \- list, test and extract compressed files in a ZIP archive
.PD
.SH SYNOPSIS
-\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMOUVWX$/:^\fP]]
+\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMOSUVWX$/:^\fP]]
\fIfile\fP[\fI.zip\fP] [\fIfile(s)\fP\ .\|.\|.]
[\fB\-x\fP\ \fIxfile(s)\fP\ .\|.\|.] [\fB\-d\fP\ \fIexdir\fP]
.PD
Index: unzpriv.h
===================================================================
--- unzpriv.h.orig 2010-05-21 14:24:02.641090783 +0200
+++ unzpriv.h 2010-05-21 14:24:55.632590821 +0200
@@ -3020,6 +3020,7 @@ char *GetLoadPath OF((__GPRO));
*/
#ifndef Ext_ASCII_TO_Native
# define Ext_ASCII_TO_Native(string, hostnum, hostver, isuxatt, islochdr) \
+ if (uO.no_conv_enc == FALSE) { \
if (((hostnum) == FS_FAT_ && \
!(((islochdr) || (isuxatt)) && \
((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
@@ -3028,7 +3029,7 @@ char *GetLoadPath OF((__GPRO));
_OEM_INTERN((string)); \
} else { \
_ISO_INTERN((string)); \
- }
+ }}
#endif
Index: zipinfo.c
===================================================================
--- zipinfo.c.orig 2010-05-21 14:23:25.824590928 +0200
+++ zipinfo.c 2010-05-21 14:24:41.695590831 +0200
@@ -527,6 +527,12 @@ int zi_opts(__G__ pargc, pargv)
else
uO.lflag = 3;
break;
+ case 'S': /* suppress encoding conversion */
+ if (negative)
+ uO.no_conv_enc = FALSE, negative = 0;
+ else
+ uO.no_conv_enc = TRUE;
+ break;
case 't': /* totals line */
if (negative)
tflag_2v = tflag_slm = FALSE, negative = 0;
Index: unzip.c
===================================================================
--- unzip.c.orig 2010-05-21 14:23:25.824590928 +0200
+++ unzip.c 2010-05-21 14:24:41.727590745 +0200
@@ -1689,6 +1689,13 @@ int uz_opts(__G__ pargc, pargv)
else
uO.S_flag = TRUE;
break;
+#else
+ case ('S'): /* suppress file name encoding conversions */
+ if (negative)
+ uO.no_conv_enc = FALSE, negative = 0;
+ else
+ uO.no_conv_enc = TRUE;
+ break;
#endif /* VMS */
case ('t'):
if (negative)
Index: unzip.h
===================================================================
--- unzip.h.orig 2010-05-21 14:23:25.824590928 +0200
+++ unzip.h 2010-05-21 14:24:41.731591035 +0200
@@ -518,6 +518,7 @@ typedef struct _UzpOpts {
#if (defined(MSDOS) || defined(FLEXOS) || defined(OS2) || defined(WIN32))
int sflag; /* -s: convert spaces in filenames to underscores */
#endif
+ int no_conv_enc; /* -S: suppress encoding conversion */
#if (defined(NLM))
int sflag; /* -s: convert spaces in filenames to underscores */
#endif

View File

@ -0,0 +1,77 @@
Index: fileio.c
===================================================================
--- fileio.c.orig 2009-04-20 02:03:44.000000000 +0200
+++ fileio.c 2010-06-25 18:32:49.960030697 +0200
@@ -71,6 +71,11 @@
#include "crc32.h"
#include "crypt.h"
#include "ttyio.h"
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
+
/* setup of codepage conversion for decryption passwords */
#if CRYPT
@@ -270,6 +275,7 @@ int open_input_file(__G) /* return 1
int open_outfile(__G) /* return 1 if fail */
__GDEF
{
+ int fd;
#ifdef DLL
if (G.redirect_data)
return (redirect_outfile(__G) == FALSE);
@@ -448,23 +454,48 @@ int open_outfile(__G) /* retur
return 1; /* with "./" fix in checkdir(), should never reach here */
}
#endif /* NOVELL_BUG_FAILSAFE */
- Trace((stderr, "open_outfile: doing fopen(%s) for writing\n",
- FnFilter1(G.filename)));
{
#if defined(ATH_BE_UNX) || defined(AOS_VS) || defined(QDOS) || defined(TANDEM)
mode_t umask_sav = umask(0077);
#endif
+
+#if defined(SYMLINKS) || defined(QLZIP)
+ fd = open(G.filename, O_RDWR | O_LARGEFILE | O_CREAT,
+ /* 0644 in portable POSIX notation: */
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+#else
+ fd = open(G.filename, O_WRONLY | O_LARGEFILE | O_CREAT,
+ /* 0644 in portable POSIX notation: */
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+#endif
+ Trace((stderr, "open_outfile: open(%s, O_WRONLY | O_LARGEFILE | O_CREAT) returned %d\n",
+ FnFilter1(G.filename), fd));
+
+ if (fd < 0) {
+ Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),
+ FnFilter1(G.filename), strerror(errno)));
+ return 1;
+ }
#if defined(SYMLINKS) || defined(QLZIP)
/* These features require the ability to re-read extracted data from
the output files. Output files are created with Read&Write access.
*/
- G.outfile = zfopen(G.filename, FOPWR);
+
+ G.outfile = zfdopen(fd, FOPWR);
+
+ Trace((stderr, "open_outfile: doing fdopen(%s, FOPWR) returned %p\n",
+ G.outfile));
#else
- G.outfile = zfopen(G.filename, FOPW);
+ G.outfile = zfdopen(fd, FOPW);
+
+ Trace((stderr, "open_outfile: doing fdopen(%s, FOPW) returned %p\n",
+ G.outfile));
#endif
#if defined(ATH_BE_UNX) || defined(AOS_VS) || defined(QDOS) || defined(TANDEM)
umask(umask_sav);
#endif
+ if (G.outfile == NULL && fd != 0)
+ unlink(G.filename);
}
if (G.outfile == (FILE *)NULL) {
Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),

22
unzip-optflags.patch Normal file
View File

@ -0,0 +1,22 @@
Index: unix/Makefile
===================================================================
--- unix/Makefile.orig 2010-05-21 13:11:26.128591070 +0200
+++ unix/Makefile 2010-05-21 13:14:45.429090869 +0200
@@ -809,7 +809,7 @@ isi: unix_make
linux: unix_make
@echo 'NOTE: use linux_noasm target for non-Intel Linux compiles.'
$(MAKE) unzips CC=gcc LD=gcc AS=gcc\
- CFLAGS="-O3 -Wall -DASM_CRC"\
+ CFLAGS="$(RPM_OPT_FLAGS) -DASM_CRC"\
AF="-Di386 $(AF)" CRCA_O=crc_gcc$O
# GRR: this echo is pointless; if user gets this far, no difference to install
# @echo 'Be sure to use the install_asm target rather than the install target'
@@ -819,7 +819,7 @@ linux_asm: linux
# Linux (Posix, approximately SysV): virtually any version since before 0.96,
# for any platform. Change "-O" to "-O3" or whatever, as desired...
linux_noasm: unix_make
- $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O -Wall"
+ $(MAKE) unzips CC=gcc LD=gcc CF="$(RPM_OPT_FLAGS)"
# Linux with lcc compiler: __inline__ (stat.h) not recognized, and must edit
# /usr/include/gnu/types.h to get rid of "long long" if __LCC__ defined. -O3

411
unzip-rcc.changes Normal file
View File

@ -0,0 +1,411 @@
-------------------------------------------------------------------
Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
-------------------------------------------------------------------
Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
-------------------------------------------------------------------
Thu Sep 9 11:30:06 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add patch to fix issue with some files being incorrectly
detected as symlinks (boo#1190273)
+ unzip-initialize-the-symlink-flag.patch
-------------------------------------------------------------------
Fri May 22 09:27:01 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
- Change unzip-doc to noarch
-------------------------------------------------------------------
Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
list.c [bsc#1110194] [CVE-2018-18384]
-------------------------------------------------------------------
Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
unable to process Windows zip64 archives because Windows
archivers set total_disks field to 0 but per standard, valid
values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
-------------------------------------------------------------------
Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
- Fix "remove failed: No such file or directory" warnings upon
package removal:
* Call 'update-alternative --remove' in %postun, not in %preun.
-------------------------------------------------------------------
Thu Feb 8 14:11:25 UTC 2018 - kbabioch@suse.com
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
-------------------------------------------------------------------
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
causing errors testing valid jar files:
$ unzip -t foo.jar
Archive: foo.jar
testing: META-INF/ bad extra-field entry:
EF block length (0 bytes) invalid (< 4)
testing: META-INF/MANIFEST.MF OK
testing: foo OK
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
where the updated patch was taken from)
-------------------------------------------------------------------
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
- Fixed two potential buffer overflows.
The patches were extracted from
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
http://antinode.info/ftp/info-zip/unzip60/list.c
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
CVE-2016-9844.patch, CVE-2014-9913.patch)
-------------------------------------------------------------------
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
- When decrypting an encrypted file,
quit early if compressed size < HEAD_LEN.
When extracting avoid an infinite loop
if a file never finishes unzipping.
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
CVE-2015-7696.patch, CVE-2015-7697.patch)
-------------------------------------------------------------------
Thu Jun 16 14:58:41 UTC 2016 - tchvatal@suse.com
- Require properly the update-alternatives to not throw out errors
when installing in OBS chroot
-------------------------------------------------------------------
Mon Jan 26 13:25:54 UTC 2015 - tbehrens@suse.com
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
the CRC32 verification (fixes bnc#909214)
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
(*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
read errors (*_6430_*, *_3422_*) show problems in
process.c:getZip64Data() (fixes bnc#909214)
-------------------------------------------------------------------
Sun Dec 21 13:43:32 UTC 2014 - meissner@suse.com
- build with PIE
-------------------------------------------------------------------
Fri Aug 2 18:29:07 UTC 2013 - coolo@suse.com
- fix defaultattr for old distros
-------------------------------------------------------------------
Fri Aug 2 13:55:08 UTC 2013 - coolo@suse.com
- split the rcc dependency into a spec file of it's own, we don't
need that complexity during build causing cycles like this:
unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
-------------------------------------------------------------------
Fri Apr 5 10:07:44 UTC 2013 - idonmez@suse.com
- Cleanup spec file
- Add Source URL, see https://en.opensuse.org/SourceUrls
-------------------------------------------------------------------
Fri Aug 5 13:57:24 CEST 2011 - pth@suse.de
- Don't call isprint (bnc#620483).
-------------------------------------------------------------------
Mon May 23 14:21:44 UTC 2011 - lnussel@suse.de
- remove use of __DATE__ from correct file
-------------------------------------------------------------------
Sat May 07 23:16:45 UTC 2011 - idoenmez@novell.com
- Sync our compile time flags with Debian except Acorn stuff, this enables
UTF-8, saves an unrelated warning about lchmod being not implemented.
- Enable make check
-------------------------------------------------------------------
Fri Jan 28 13:50:13 UTC 2011 - lnussel@suse.de
- use dlopen for librcc0. A direct requires causes lots of other
packages to get installed such as aspell which bloats a minimal
install.
-------------------------------------------------------------------
Mon Aug 30 19:44:17 UTC 2010 - cristian.rodriguez@opensuse.org
- Do not include build host specific info like build dates In
binaries.
-------------------------------------------------------------------
Fri Jun 25 18:21:34 CEST 2010 - pth@suse.de
- Doing open(O_WRONLY) and then fdopen("w+") will now fail with
"Invalid Argument" whereas former glibcs would succeed. So now
do open(O_RDWR).
- Print error message when open(2) fails.
- Add debugging traces in open_outfile.
-------------------------------------------------------------------
Fri May 21 16:39:24 CEST 2010 - pth@suse.de
- Update to 6.0:
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
entries larger than 4 GiBytes and more than 65536 entries within a
single Zip archive. This support is currently only available for Unix,
OpenVMS and Win32/Win64.
* Support for bzip2 compression method.
* Support for UTF-8 encoded entry names, both through PKWARE's "General
Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
extra field. (Currently, on Windows the UTF-8 handling is limited to
the character subset contained in the configured non-unicode "system
code page".)
* Fixed "Time of Creation/Time of Use" vulnerability when setting
attributes of extracted files, for Unix and Unix-like ports.
* Fixed memory leak when processing invalid deflated data.
* Fixed long-standing bug in unshrink (partial_clear), added boundary
checks against invalid compressed data.
* On Unix, keep inherited SGID attribute bit for extracted directories
unless restoration of owner/group id or SUID/SGID/Tacky attributes was
requested.
* On Unix, allow extracted filenames to contain embedded control
characters when explicitly requested by specifying the new command line
option "-^".
* On Unix, support restoration of symbolic link attributes.
* On Unix, support restoration of 32-bit UID/GID data using the new "ux"
IZUNIX3 extra field introduced with Zip 3.0.
* Support symbolic links zipped up on VMS.
* New -D option to suppress restoration of timestamps for extracted
directory entries (on those ports that support setting of directory
timestamps). By specifying "-DD", this new option also allows to
suppress timestamp restoration for ALL extracted files on all UnZip
ports which support restoration of timestamps. On VMS, the default
behaviour is now to skip restoration of directory timestamps; here,
"--D" restores ALL timestamps, "-D" restores none.
* On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
to allow saving backup copies of overwritten files on extraction is now
enabled by default.
-------------------------------------------------------------------
Mon May 10 16:39:20 UTC 2010 - pth@suse.de
- Use librcc to convert russian/slavic file names (bnc#540598).
-------------------------------------------------------------------
Sun Dec 6 17:51:30 CET 2009 - jengelh@.medozas.de
- enable parallel building
-------------------------------------------------------------------
Tue Dec 9 15:53:53 CET 2008 - schwab@suse.de
- Fix last change.
-------------------------------------------------------------------
Mon Sep 15 12:32:57 CEST 2008 - ro@suse.de
- use hardlink instead of softlink
-------------------------------------------------------------------
Mon Feb 4 13:29:27 CET 2008 - pth@suse.de
- Add patch to fix erroneous freeing of buffers (bnc#358425)
-------------------------------------------------------------------
Fri Dec 7 12:52:06 CET 2007 - pth@suse.de
- Pass file mode when calling open with O_CREAT.
-------------------------------------------------------------------
Mon Dec 3 13:24:27 CET 2007 - pth@suse.de
- Add patch to extend the maximum file/archive size to 2^32-8193
(4294959103) bytes.
- Add patch to fix CVE-2005-2475 (bnc#274156)
-------------------------------------------------------------------
Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
- fix changelog entry order
-------------------------------------------------------------------
Thu May 3 15:25:39 CEST 2007 - pth@suse.de
- Add patch from Takashi Iwai that adds a new option (-S) to
unzip and infozip that disables file name translation (bnc#267901).
- Recompress tarball with bzip2
-------------------------------------------------------------------
Fri Jan 27 02:30:41 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jan 26 15:28:44 CET 2006 - pth@suse.de
- Reject file names that are too long (bnc#140304)
- Use stack protector.
-------------------------------------------------------------------
Fri Jan 20 17:41:23 CET 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Thu Dec 15 11:31:51 CET 2005 - pth@suse.de
- Compile with (limited) large file support. This will support
single files exceeding 2 GB as long as the archive stays below
that theshold.
-------------------------------------------------------------------
Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de
- update to version 5.52 (bnc#67279)
-------------------------------------------------------------------
Sat Aug 7 15:03:23 CEST 2004 - rommel@suse.de
- update to version 5.51
(fixes old security bugs, adds PKWARE's compression code Deflate64)
-------------------------------------------------------------------
Wed May 19 18:36:21 CEST 2004 - ro@suse.de
- added -fno-strict-aliasing
- really use RPM_OPT_FLAGS
-------------------------------------------------------------------
Sun Jan 11 13:00:23 CET 2004 - adrian@suse.de
- build as user
-------------------------------------------------------------------
Tue Sep 23 16:53:44 CEST 2003 - rommel@suse.de
- replaced fix for ../ exploit with a fix both for
the ../ exploit and '/' exploit (Bugzilla #29311)
-------------------------------------------------------------------
Thu Jul 3 12:57:38 CEST 2003 - rommel@suse.de
- added fix for ../ exploit (Bugzilla #27667)
-------------------------------------------------------------------
Fri Jan 17 14:42:19 CET 2003 - rommel@suse.de
- fixed Summary: to be more verbose about what this package does
-------------------------------------------------------------------
Wed Sep 18 00:57:21 CEST 2002 - ro@suse.de
- removed bogus self-provides
-------------------------------------------------------------------
Fri Jul 5 11:09:32 CEST 2002 - kukuk@suse.de
- Use %ix86 macro
-------------------------------------------------------------------
Mon Mar 11 2002 - rommel@suse.de
- Update to 5.50
- took over parts of pmladek's patch (see below)
-------------------------------------------------------------------
Thu Jan 24 13:43:46 CET 2002 - grimmer@suse.de
- added unzip-5.42-iso8859_2.patch to fix coding conversion
between Microsoft and Linux file names
(originally from http://www.axis.cz/linux/zip_unzip.php3,
enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek
<pmladek@suse.cz>)
-------------------------------------------------------------------
Mon Apr 9 13:42:07 CEST 2001 - grimmer@suse.de
- Update to 5.42
- file list fixes (new license file, documentation renames)
-------------------------------------------------------------------
Wed Dec 13 17:49:59 CET 2000 - grimmer@suse.de
- Update to 5.41 (now includes decryption support)
- now Provides and Obsoletes crunzip
- bzipped sources
- use BuildRoot
-------------------------------------------------------------------
Tue Feb 29 18:33:38 CET 2000 - schwab@suse.de
- Add support for ia64.
- /usr/man -> /usr/share/man
-------------------------------------------------------------------
Wed Dec 22 16:19:18 MET 1999 - grimmer@suse.de
- Added "Conflicts: crzip" to spec file
- cleaned up Provides: tag
-------------------------------------------------------------------
Fri Dec 17 16:40:10 MET 1999 - grimmer@suse.de
- Spec file cleanups
-------------------------------------------------------------------
Sat Nov 27 15:03:07 MET 1999 - kukuk@suse.de
- Use linux_noasm Makefile target on SPARC
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Wed Sep 8 16:34:57 CEST 1999 - uli@suse.de
- uses target linux_noasm for PPC
-------------------------------------------------------------------
Wed Feb 24 09:42:16 MET 1999 - grimmer@suse.de
- new version (5.40)
- specfile modifications
- added french description
-------------------------------------------------------------------
Mon Jan 11 14:29:14 MET 1999 - ro@suse.de
- use target linux_noasm for alpha
-------------------------------------------------------------------
Fri Jan 23 15:03:52 MET 1998 - rj@suse.de
- version 5.32
-------------------------------------------------------------------
Thu Feb 6 11:56:09 CET 1997 - rj@suse.de
- version 5.12
- new test/changes/plist files

188
unzip-rcc.spec Normal file
View File

@ -0,0 +1,188 @@
#
# spec file for package unzip-rcc
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _name unzip
%define fileversion 60
%bcond_without rcc
%if %{with rcc}
%define update_weight 20
%define _suffix rcc
BuildRequires: librcc-devel
Suggests: librcc0
Provides: %{_name} = %{version}
%else
%define update_weight 10
%define _suffix plain
%endif
# NOTE: unzip.spec is the major file, if you want to update unzip-rcc.spec
# call pre_checkin.sh after editing unzip.spec
Name: unzip-rcc
Version: 6.00
Release: 0
Summary: A program to unpack compressed files
License: BSD-3-Clause
Group: Productivity/Archiving/Compression
URL: http://www.info-zip.org/
Source: http://sourceforge.net/projects/infozip/files/UnZip%%206.x%%20%%28latest%%29/UnZip%%206.0/%{_name}%{fileversion}.tar.gz
Source1: pre_checkin.sh
Patch0: unzip.dif
Patch1: unzip-iso8859_2.patch
Patch3: unzip-optflags.patch
Patch4: unzip-5.52-filename_too_long.patch
Patch5: unzip-no_file_name_translation.patch
Patch8: unzip-open_missing_mode.patch
Patch10: unzip-5.52-use_librcc.patch
Patch11: unzip-no-build-date.patch
Patch12: unzip-dont_call_isprint.patch
Patch13: Fix-CVE-2014-8139-unzip.patch
# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
Patch15: CVE-2015-7696.patch
Patch16: CVE-2015-7697.patch
Patch17: CVE-2016-9844.patch
Patch18: CVE-2014-9913.patch
Patch19: CVE-2018-1000035.patch
Patch20: Fix-CVE-2014-9636-unzip-buffer-overflow.patch
Patch21: unzip60-total_disks_zero.patch
Patch22: unzip60-cfactorstr_overflow.patch
Patch23: unzip-initialize-the-symlink-flag.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0530 bsc#1196177
Patch24: CVE-2022-0530.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0529 bsc#1196180
Patch25: CVE-2022-0529.patch
Requires(post): update-alternatives
Requires(postun):update-alternatives
Recommends: %{_name}-doc
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
UnZip is an extraction utility for archives compressed in .zip format
(known as "zip files"). Although highly compatible both with PKWARE's
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
program, our primary objectives have been portability and non-MS-DOS
functionality. This version can also extract encrypted archives.
%package doc
Summary: Documentation files for unzip
Group: Productivity/Archiving/Compression
BuildArch: noarch
%description doc
UnZip is an extraction utility for archives compressed in .zip format
(known as "zip files"). Although highly compatible both with PKWARE's
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
program, our primary objectives have been portability and non-MS-DOS
functionality. This version can also extract encrypted archives.
%prep
%setup -q -n %{_name}%{fileversion}
%patch0
%patch1
%patch3
%patch4
%patch5
%patch8
%if %{with rcc}
%patch10
%endif
%patch11
%patch12
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p0
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%build
export RPM_OPT_FLAGS="%{optflags} \
-D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
-DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
-DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing -fPIE"
make %{?_smp_mflags} -f unix/Makefile LF2="-ldl -pie" linux_noasm
%check
make %{?_smp_mflags} -f unix/Makefile check
%install
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
mkdir -p %{buildroot}{%{_bindir},%{_mandir}/man1}
for i in unzip funzip unzipsfx; do
install $i "%{buildroot}%{_bindir}/$i-"%{_suffix}
done
ln -s unzip %{buildroot}%{_bindir}/zipinfo
install unix/zipgrep "%{buildroot}%{_bindir}/zipgrep-"%{_suffix}
for i in unzip funzip unzipsfx zipgrep; do
touch %{buildroot}%{_sysconfdir}/alternatives/$i
ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%{_bindir}/$i
done
# do not have the docu in both packages
%if %{without rcc}
for i in man/*.1; do
install -m 644 $i %{buildroot}%{_mandir}/man1/
done
%endif
%post
for bin in unzip funzip unzipsfx zipgrep; do
%{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight}
done
%postun
if [ "$1" = 0 ] ; then
for bin in unzip funzip unzipsfx zipgrep; do
%{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
done
fi
%files
%defattr(-,root,root)
%ghost %{_sysconfdir}/alternatives/unzip
%{_bindir}/unzip
%{_bindir}/unzip-%{_suffix}
%ghost %{_sysconfdir}/alternatives/funzip
%{_bindir}/funzip
%{_bindir}/funzip-%{_suffix}
%ghost %{_sysconfdir}/alternatives/unzipsfx
%{_bindir}/unzipsfx
%{_bindir}/unzipsfx-%{_suffix}
%{_bindir}/zipinfo
%ghost %{_sysconfdir}/alternatives/zipgrep
%{_bindir}/zipgrep
%{_bindir}/zipgrep-%{_suffix}
%if %{without rcc}
%files doc
%defattr(-,root,root)
%{_mandir}/man1/*
%doc BUGS Contents History.* LICENSE README ToDo WHERE
%doc *.txt proginfo
%endif
%changelog

411
unzip.changes Normal file
View File

@ -0,0 +1,411 @@
-------------------------------------------------------------------
Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
-------------------------------------------------------------------
Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
to a local string (CVE-2022-0530, bsc#1196177)
* CVE-2022-0530.patch
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
* CVE-2022-0529.patch
-------------------------------------------------------------------
Thu Sep 9 11:30:06 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add patch to fix issue with some files being incorrectly
detected as symlinks (boo#1190273)
+ unzip-initialize-the-symlink-flag.patch
-------------------------------------------------------------------
Fri May 22 09:27:01 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
- Change unzip-doc to noarch
-------------------------------------------------------------------
Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
list.c [bsc#1110194] [CVE-2018-18384]
-------------------------------------------------------------------
Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
unable to process Windows zip64 archives because Windows
archivers set total_disks field to 0 but per standard, valid
values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
-------------------------------------------------------------------
Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
- Fix "remove failed: No such file or directory" warnings upon
package removal:
* Call 'update-alternative --remove' in %postun, not in %preun.
-------------------------------------------------------------------
Thu Feb 8 14:11:25 UTC 2018 - kbabioch@suse.com
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
-------------------------------------------------------------------
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
causing errors testing valid jar files:
$ unzip -t foo.jar
Archive: foo.jar
testing: META-INF/ bad extra-field entry:
EF block length (0 bytes) invalid (< 4)
testing: META-INF/MANIFEST.MF OK
testing: foo OK
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
where the updated patch was taken from)
-------------------------------------------------------------------
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
- Fixed two potential buffer overflows.
The patches were extracted from
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
http://antinode.info/ftp/info-zip/unzip60/list.c
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
CVE-2016-9844.patch, CVE-2014-9913.patch)
-------------------------------------------------------------------
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
- When decrypting an encrypted file,
quit early if compressed size < HEAD_LEN.
When extracting avoid an infinite loop
if a file never finishes unzipping.
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
CVE-2015-7696.patch, CVE-2015-7697.patch)
-------------------------------------------------------------------
Thu Jun 16 14:58:41 UTC 2016 - tchvatal@suse.com
- Require properly the update-alternatives to not throw out errors
when installing in OBS chroot
-------------------------------------------------------------------
Mon Jan 26 13:25:54 UTC 2015 - tbehrens@suse.com
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
the CRC32 verification (fixes bnc#909214)
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
(*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
read errors (*_6430_*, *_3422_*) show problems in
process.c:getZip64Data() (fixes bnc#909214)
-------------------------------------------------------------------
Sun Dec 21 13:43:32 UTC 2014 - meissner@suse.com
- build with PIE
-------------------------------------------------------------------
Fri Aug 2 18:29:07 UTC 2013 - coolo@suse.com
- fix defaultattr for old distros
-------------------------------------------------------------------
Fri Aug 2 13:55:08 UTC 2013 - coolo@suse.com
- split the rcc dependency into a spec file of it's own, we don't
need that complexity during build causing cycles like this:
unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
-------------------------------------------------------------------
Fri Apr 5 10:07:44 UTC 2013 - idonmez@suse.com
- Cleanup spec file
- Add Source URL, see https://en.opensuse.org/SourceUrls
-------------------------------------------------------------------
Fri Aug 5 13:57:24 CEST 2011 - pth@suse.de
- Don't call isprint (bnc#620483).
-------------------------------------------------------------------
Mon May 23 14:21:44 UTC 2011 - lnussel@suse.de
- remove use of __DATE__ from correct file
-------------------------------------------------------------------
Sat May 07 23:16:45 UTC 2011 - idoenmez@novell.com
- Sync our compile time flags with Debian except Acorn stuff, this enables
UTF-8, saves an unrelated warning about lchmod being not implemented.
- Enable make check
-------------------------------------------------------------------
Fri Jan 28 13:50:13 UTC 2011 - lnussel@suse.de
- use dlopen for librcc0. A direct requires causes lots of other
packages to get installed such as aspell which bloats a minimal
install.
-------------------------------------------------------------------
Mon Aug 30 19:44:17 UTC 2010 - cristian.rodriguez@opensuse.org
- Do not include build host specific info like build dates In
binaries.
-------------------------------------------------------------------
Fri Jun 25 18:21:34 CEST 2010 - pth@suse.de
- Doing open(O_WRONLY) and then fdopen("w+") will now fail with
"Invalid Argument" whereas former glibcs would succeed. So now
do open(O_RDWR).
- Print error message when open(2) fails.
- Add debugging traces in open_outfile.
-------------------------------------------------------------------
Fri May 21 16:39:24 CEST 2010 - pth@suse.de
- Update to 6.0:
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
entries larger than 4 GiBytes and more than 65536 entries within a
single Zip archive. This support is currently only available for Unix,
OpenVMS and Win32/Win64.
* Support for bzip2 compression method.
* Support for UTF-8 encoded entry names, both through PKWARE's "General
Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
extra field. (Currently, on Windows the UTF-8 handling is limited to
the character subset contained in the configured non-unicode "system
code page".)
* Fixed "Time of Creation/Time of Use" vulnerability when setting
attributes of extracted files, for Unix and Unix-like ports.
* Fixed memory leak when processing invalid deflated data.
* Fixed long-standing bug in unshrink (partial_clear), added boundary
checks against invalid compressed data.
* On Unix, keep inherited SGID attribute bit for extracted directories
unless restoration of owner/group id or SUID/SGID/Tacky attributes was
requested.
* On Unix, allow extracted filenames to contain embedded control
characters when explicitly requested by specifying the new command line
option "-^".
* On Unix, support restoration of symbolic link attributes.
* On Unix, support restoration of 32-bit UID/GID data using the new "ux"
IZUNIX3 extra field introduced with Zip 3.0.
* Support symbolic links zipped up on VMS.
* New -D option to suppress restoration of timestamps for extracted
directory entries (on those ports that support setting of directory
timestamps). By specifying "-DD", this new option also allows to
suppress timestamp restoration for ALL extracted files on all UnZip
ports which support restoration of timestamps. On VMS, the default
behaviour is now to skip restoration of directory timestamps; here,
"--D" restores ALL timestamps, "-D" restores none.
* On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
to allow saving backup copies of overwritten files on extraction is now
enabled by default.
-------------------------------------------------------------------
Mon May 10 16:39:20 UTC 2010 - pth@suse.de
- Use librcc to convert russian/slavic file names (bnc#540598).
-------------------------------------------------------------------
Sun Dec 6 17:51:30 CET 2009 - jengelh@.medozas.de
- enable parallel building
-------------------------------------------------------------------
Tue Dec 9 15:53:53 CET 2008 - schwab@suse.de
- Fix last change.
-------------------------------------------------------------------
Mon Sep 15 12:32:57 CEST 2008 - ro@suse.de
- use hardlink instead of softlink
-------------------------------------------------------------------
Mon Feb 4 13:29:27 CET 2008 - pth@suse.de
- Add patch to fix erroneous freeing of buffers (bnc#358425)
-------------------------------------------------------------------
Fri Dec 7 12:52:06 CET 2007 - pth@suse.de
- Pass file mode when calling open with O_CREAT.
-------------------------------------------------------------------
Mon Dec 3 13:24:27 CET 2007 - pth@suse.de
- Add patch to extend the maximum file/archive size to 2^32-8193
(4294959103) bytes.
- Add patch to fix CVE-2005-2475 (bnc#274156)
-------------------------------------------------------------------
Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
- fix changelog entry order
-------------------------------------------------------------------
Thu May 3 15:25:39 CEST 2007 - pth@suse.de
- Add patch from Takashi Iwai that adds a new option (-S) to
unzip and infozip that disables file name translation (bnc#267901).
- Recompress tarball with bzip2
-------------------------------------------------------------------
Fri Jan 27 02:30:41 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Thu Jan 26 15:28:44 CET 2006 - pth@suse.de
- Reject file names that are too long (bnc#140304)
- Use stack protector.
-------------------------------------------------------------------
Fri Jan 20 17:41:23 CET 2006 - schwab@suse.de
- Don't strip binaries.
-------------------------------------------------------------------
Thu Dec 15 11:31:51 CET 2005 - pth@suse.de
- Compile with (limited) large file support. This will support
single files exceeding 2 GB as long as the archive stays below
that theshold.
-------------------------------------------------------------------
Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de
- update to version 5.52 (bnc#67279)
-------------------------------------------------------------------
Sat Aug 7 15:03:23 CEST 2004 - rommel@suse.de
- update to version 5.51
(fixes old security bugs, adds PKWARE's compression code Deflate64)
-------------------------------------------------------------------
Wed May 19 18:36:21 CEST 2004 - ro@suse.de
- added -fno-strict-aliasing
- really use RPM_OPT_FLAGS
-------------------------------------------------------------------
Sun Jan 11 13:00:23 CET 2004 - adrian@suse.de
- build as user
-------------------------------------------------------------------
Tue Sep 23 16:53:44 CEST 2003 - rommel@suse.de
- replaced fix for ../ exploit with a fix both for
the ../ exploit and '/' exploit (Bugzilla #29311)
-------------------------------------------------------------------
Thu Jul 3 12:57:38 CEST 2003 - rommel@suse.de
- added fix for ../ exploit (Bugzilla #27667)
-------------------------------------------------------------------
Fri Jan 17 14:42:19 CET 2003 - rommel@suse.de
- fixed Summary: to be more verbose about what this package does
-------------------------------------------------------------------
Wed Sep 18 00:57:21 CEST 2002 - ro@suse.de
- removed bogus self-provides
-------------------------------------------------------------------
Fri Jul 5 11:09:32 CEST 2002 - kukuk@suse.de
- Use %ix86 macro
-------------------------------------------------------------------
Mon Mar 11 2002 - rommel@suse.de
- Update to 5.50
- took over parts of pmladek's patch (see below)
-------------------------------------------------------------------
Thu Jan 24 13:43:46 CET 2002 - grimmer@suse.de
- added unzip-5.42-iso8859_2.patch to fix coding conversion
between Microsoft and Linux file names
(originally from http://www.axis.cz/linux/zip_unzip.php3,
enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek
<pmladek@suse.cz>)
-------------------------------------------------------------------
Mon Apr 9 13:42:07 CEST 2001 - grimmer@suse.de
- Update to 5.42
- file list fixes (new license file, documentation renames)
-------------------------------------------------------------------
Wed Dec 13 17:49:59 CET 2000 - grimmer@suse.de
- Update to 5.41 (now includes decryption support)
- now Provides and Obsoletes crunzip
- bzipped sources
- use BuildRoot
-------------------------------------------------------------------
Tue Feb 29 18:33:38 CET 2000 - schwab@suse.de
- Add support for ia64.
- /usr/man -> /usr/share/man
-------------------------------------------------------------------
Wed Dec 22 16:19:18 MET 1999 - grimmer@suse.de
- Added "Conflicts: crzip" to spec file
- cleaned up Provides: tag
-------------------------------------------------------------------
Fri Dec 17 16:40:10 MET 1999 - grimmer@suse.de
- Spec file cleanups
-------------------------------------------------------------------
Sat Nov 27 15:03:07 MET 1999 - kukuk@suse.de
- Use linux_noasm Makefile target on SPARC
-------------------------------------------------------------------
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
- ran old prepare_spec on spec file to switch to new prepare_spec.
-------------------------------------------------------------------
Wed Sep 8 16:34:57 CEST 1999 - uli@suse.de
- uses target linux_noasm for PPC
-------------------------------------------------------------------
Wed Feb 24 09:42:16 MET 1999 - grimmer@suse.de
- new version (5.40)
- specfile modifications
- added french description
-------------------------------------------------------------------
Mon Jan 11 14:29:14 MET 1999 - ro@suse.de
- use target linux_noasm for alpha
-------------------------------------------------------------------
Fri Jan 23 15:03:52 MET 1998 - rj@suse.de
- version 5.32
-------------------------------------------------------------------
Thu Feb 6 11:56:09 CET 1997 - rj@suse.de
- version 5.12
- new test/changes/plist files

24
unzip.dif Normal file
View File

@ -0,0 +1,24 @@
Index: unix/Makefile
===================================================================
--- unix/Makefile.orig 2009-01-18 23:41:18.000000000 +0100
+++ unix/Makefile 2010-05-21 14:06:56.192590841 +0200
@@ -64,8 +64,8 @@ FL2 = $(LF2)
# general-purpose stuff
#CP = cp
-CP = ln
-LN = ln
+CP = cp
+LN = ln -s
RM = rm -f
CHMOD = chmod
BINPERMS = 755
@@ -121,7 +121,7 @@ INSTALL_PROGRAM = $(INSTALL)
INSTALL_D = mkdir -p
# on some systems, manext=l and MANDIR=/usr/man/man$(manext) may be appropriate
manext = 1
-prefix = /usr/local
+prefix = /usr
BINDIR = $(prefix)/bin# where to install executables
MANDIR = $(prefix)/man/man$(manext)# where to install man pages
INSTALLEDBIN = $(BINDIR)/funzip$E $(BINDIR)/unzip$E $(BINDIR)/unzipsfx$E \

188
unzip.spec Normal file
View File

@ -0,0 +1,188 @@
#
# spec file for package unzip
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define _name unzip
%define fileversion 60
%bcond_with rcc
%if %{with rcc}
%define update_weight 20
%define _suffix rcc
BuildRequires: librcc-devel
Suggests: librcc0
Provides: %{_name} = %{version}
%else
%define update_weight 10
%define _suffix plain
%endif
# NOTE: unzip.spec is the major file, if you want to update unzip-rcc.spec
# call pre_checkin.sh after editing unzip.spec
Name: unzip
Version: 6.00
Release: 0
Summary: A program to unpack compressed files
License: BSD-3-Clause
Group: Productivity/Archiving/Compression
URL: http://www.info-zip.org/
Source: http://sourceforge.net/projects/infozip/files/UnZip%%206.x%%20%%28latest%%29/UnZip%%206.0/%{_name}%{fileversion}.tar.gz
Source1: pre_checkin.sh
Patch0: unzip.dif
Patch1: unzip-iso8859_2.patch
Patch3: unzip-optflags.patch
Patch4: unzip-5.52-filename_too_long.patch
Patch5: unzip-no_file_name_translation.patch
Patch8: unzip-open_missing_mode.patch
Patch10: unzip-5.52-use_librcc.patch
Patch11: unzip-no-build-date.patch
Patch12: unzip-dont_call_isprint.patch
Patch13: Fix-CVE-2014-8139-unzip.patch
# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
Patch15: CVE-2015-7696.patch
Patch16: CVE-2015-7697.patch
Patch17: CVE-2016-9844.patch
Patch18: CVE-2014-9913.patch
Patch19: CVE-2018-1000035.patch
Patch20: Fix-CVE-2014-9636-unzip-buffer-overflow.patch
Patch21: unzip60-total_disks_zero.patch
Patch22: unzip60-cfactorstr_overflow.patch
Patch23: unzip-initialize-the-symlink-flag.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0530 bsc#1196177
Patch24: CVE-2022-0530.patch
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0529 bsc#1196180
Patch25: CVE-2022-0529.patch
Requires(post): update-alternatives
Requires(postun):update-alternatives
Recommends: %{_name}-doc
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
UnZip is an extraction utility for archives compressed in .zip format
(known as "zip files"). Although highly compatible both with PKWARE's
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
program, our primary objectives have been portability and non-MS-DOS
functionality. This version can also extract encrypted archives.
%package doc
Summary: Documentation files for unzip
Group: Productivity/Archiving/Compression
BuildArch: noarch
%description doc
UnZip is an extraction utility for archives compressed in .zip format
(known as "zip files"). Although highly compatible both with PKWARE's
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
program, our primary objectives have been portability and non-MS-DOS
functionality. This version can also extract encrypted archives.
%prep
%setup -q -n %{_name}%{fileversion}
%patch0
%patch1
%patch3
%patch4
%patch5
%patch8
%if %{with rcc}
%patch10
%endif
%patch11
%patch12
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p0
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%build
export RPM_OPT_FLAGS="%{optflags} \
-D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
-DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
-DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing -fPIE"
make %{?_smp_mflags} -f unix/Makefile LF2="-ldl -pie" linux_noasm
%check
make %{?_smp_mflags} -f unix/Makefile check
%install
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
mkdir -p %{buildroot}{%{_bindir},%{_mandir}/man1}
for i in unzip funzip unzipsfx; do
install $i "%{buildroot}%{_bindir}/$i-"%{_suffix}
done
ln -s unzip %{buildroot}%{_bindir}/zipinfo
install unix/zipgrep "%{buildroot}%{_bindir}/zipgrep-"%{_suffix}
for i in unzip funzip unzipsfx zipgrep; do
touch %{buildroot}%{_sysconfdir}/alternatives/$i
ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%{_bindir}/$i
done
# do not have the docu in both packages
%if %{without rcc}
for i in man/*.1; do
install -m 644 $i %{buildroot}%{_mandir}/man1/
done
%endif
%post
for bin in unzip funzip unzipsfx zipgrep; do
%{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight}
done
%postun
if [ "$1" = 0 ] ; then
for bin in unzip funzip unzipsfx zipgrep; do
%{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
done
fi
%files
%defattr(-,root,root)
%ghost %{_sysconfdir}/alternatives/unzip
%{_bindir}/unzip
%{_bindir}/unzip-%{_suffix}
%ghost %{_sysconfdir}/alternatives/funzip
%{_bindir}/funzip
%{_bindir}/funzip-%{_suffix}
%ghost %{_sysconfdir}/alternatives/unzipsfx
%{_bindir}/unzipsfx
%{_bindir}/unzipsfx-%{_suffix}
%{_bindir}/zipinfo
%ghost %{_sysconfdir}/alternatives/zipgrep
%{_bindir}/zipgrep
%{_bindir}/zipgrep-%{_suffix}
%if %{without rcc}
%files doc
%defattr(-,root,root)
%{_mandir}/man1/*
%doc BUGS Contents History.* LICENSE README ToDo WHERE
%doc *.txt proginfo
%endif
%changelog

View File

@ -0,0 +1,35 @@
--- unzip60/list.c
+++ unzip60/list.c
@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
{
int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
#ifndef WINDLL
- char sgn, cfactorstr[10];
+ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */
int longhdr=(uO.vflag>1);
#endif
int date_format;
@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type
}
#else /* !WINDLL */
if (cfactor == 100)
- sprintf(cfactorstr, LoadFarString(CompFactor100));
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
else
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
if (longhdr)
Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
FmZofft(G.crec.ucsize, "8", "u"), methbuf,
@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type
#else /* !WINDLL */
if (cfactor == 100)
- sprintf(cfactorstr, LoadFarString(CompFactor100));
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
else
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
if (longhdr) {
Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),

View File

@ -0,0 +1,24 @@
Index: unzip60/process.c
===================================================================
--- unzip60.orig/process.c
+++ unzip60/process.c
@@ -1286,7 +1286,8 @@ static int find_ecrec64(__G__ searchlen)
G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
#endif
if ((G.ecrec.number_this_disk != 0xFFFF) &&
- (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
+ (G.ecrec.number_this_disk != ecloc64_total_disks - 1) &&
+ (ecloc64_total_disks != 0)) {
/* Note: For some unknown reason, the developers at PKWARE decided to
store the "zip64 total disks" value as a counter starting from 1,
whereas all other "split/span volume" related fields use 0-based
@@ -1296,6 +1297,9 @@ static int find_ecrec64(__G__ searchlen)
When this is not the case, the found ecrec64 locator cannot be valid.
-> This is not a Zip64 archive.
*/
+ /* There are archive creators that put 0 in total disks when it should
+ be 1. We should handle this. This is done by the added check above.
+ */
Trace((stderr,
"\ninvalid ECLOC64, differing disk# (ECR %u, ECL64 %lu)\n",
G.ecrec.number_this_disk, ecloc64_total_disks - 1));

BIN
unzip60.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.