Sync from SUSE:SLFO:Main unzip revision 40ed47221ed2fba016482a67ccc49e15
This commit is contained in:
commit
8d419078ff
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
24
CVE-2014-9913.patch
Normal file
24
CVE-2014-9913.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Index: unzip60/list.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip60.orig/list.c
|
||||||
|
+++ unzip60/list.c
|
||||||
|
@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type
|
||||||
|
G.crec.compression_method == ENHDEFLATED) {
|
||||||
|
methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
|
||||||
|
} else if (methnum >= NUM_METHODS) {
|
||||||
|
- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
|
||||||
|
+ /* 2013-02-26 SMS.
|
||||||
|
+ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913.
|
||||||
|
+ * Unexpectedly large compression methods overflow
|
||||||
|
+ * &methbuf[]. Use the old, three-digit decimal format
|
||||||
|
+ * for values which fit. Otherwise, sacrifice the
|
||||||
|
+ * colon, and use four-digit hexadecimal.
|
||||||
|
+ */
|
||||||
|
+ if (G.crec.compression_method <= 999) {
|
||||||
|
+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
|
||||||
|
+ } else {
|
||||||
|
+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
#if 0 /* GRR/Euro: add this? */
|
35
CVE-2015-7696.patch
Normal file
35
CVE-2015-7696.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
From: Petr Stodulka <pstodulk@redhat.com>
|
||||||
|
Date: Mon, 14 Sep 2015 18:23:17 +0200
|
||||||
|
Subject: Upstream fix for heap overflow
|
||||||
|
Bug-Debian: https://bugs.debian.org/802162
|
||||||
|
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
|
||||||
|
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
|
||||||
|
Forwarded: yes
|
||||||
|
|
||||||
|
---
|
||||||
|
crypt.c | 12 +++++++++++-
|
||||||
|
1 file changed, 11 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
Index: unzip60/crypt.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip60.orig/crypt.c
|
||||||
|
+++ unzip60/crypt.c
|
||||||
|
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
|
||||||
|
GLOBAL(pInfo->encrypted) = FALSE;
|
||||||
|
defer_leftover_input(__G);
|
||||||
|
for (n = 0; n < RAND_HEAD_LEN; n++) {
|
||||||
|
- b = NEXTBYTE;
|
||||||
|
+ /* 2012-11-23 SMS. (OUSPG report.)
|
||||||
|
+ * Quit early if compressed size < HEAD_LEN. The resulting
|
||||||
|
+ * error message ("unable to get password") could be improved,
|
||||||
|
+ * but it's better than trying to read nonexistent data, and
|
||||||
|
+ * then continuing with a negative G.csize. (See
|
||||||
|
+ * fileio.c:readbyte()).
|
||||||
|
+ */
|
||||||
|
+ if ((b = NEXTBYTE) == (ush)EOF)
|
||||||
|
+ {
|
||||||
|
+ return PK_ERR;
|
||||||
|
+ }
|
||||||
|
h[n] = (uch)b;
|
||||||
|
Trace((stdout, " (%02x)", h[n]));
|
||||||
|
}
|
41
CVE-2015-7697.patch
Normal file
41
CVE-2015-7697.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
Date: Mon, 14 Sep 2015 18:24:56 +0200
|
||||||
|
Subject: fix infinite loop when extracting empty bzip2 data
|
||||||
|
Bug-Debian: https://bugs.debian.org/802160
|
||||||
|
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
|
||||||
|
Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
|
||||||
|
|
||||||
|
---
|
||||||
|
extract.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
Index: unzip60/extract.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip60.orig/extract.c
|
||||||
|
+++ unzip60/extract.c
|
||||||
|
@@ -2721,6 +2721,12 @@ __GDEF
|
||||||
|
int repeated_buf_err;
|
||||||
|
bz_stream bstrm;
|
||||||
|
|
||||||
|
+ if (G.incnt <= 0 && G.csize <= 0L) {
|
||||||
|
+ /* avoid an infinite loop */
|
||||||
|
+ Trace((stderr, "UZbunzip2() got empty input\n"));
|
||||||
|
+ return 2;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
#if (defined(DLL) && !defined(NO_SLIDE_REDIR))
|
||||||
|
if (G.redirect_slide)
|
||||||
|
wsize = G.redirect_size, redirSlide = G.redirect_buffer;
|
||||||
|
Index: unzip60/zipinfo.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip60.orig/zipinfo.c
|
||||||
|
+++ unzip60/zipinfo.c
|
||||||
|
@@ -1888,7 +1888,7 @@ static int zi_short(__G) /* return PK-
|
||||||
|
int k, error, error_in_archive=PK_COOL;
|
||||||
|
unsigned hostnum, hostver, methid, methnum, xattr;
|
||||||
|
char *p, workspace[12], attribs[16];
|
||||||
|
- char methbuf[5];
|
||||||
|
+ char methbuf[1+5+1]; /* large enough to hold 1 character + an unsigned short + NUL */
|
||||||
|
static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */
|
||||||
|
static ZCONST char Far os[NUM_HOSTS+1][4] = {
|
||||||
|
"fat", "ami", "vms", "unx", "cms", "atr", "hpf", "mac", "zzz",
|
24
CVE-2016-9844.patch
Normal file
24
CVE-2016-9844.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Index: unzip60/zipinfo.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip60.orig/zipinfo.c
|
||||||
|
+++ unzip60/zipinfo.c
|
||||||
|
@@ -1927,7 +1927,18 @@ static int zi_short(__G) /* return PK-
|
||||||
|
ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
|
||||||
|
methbuf[3] = dtype[dnum];
|
||||||
|
} else if (methnum >= NUM_METHODS) { /* unknown */
|
||||||
|
- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
|
||||||
|
+ /* 2016-12-05 SMS.
|
||||||
|
+ * https://launchpad.net/bugs/1643750 CVE-2016-9844.
|
||||||
|
+ * Unexpectedly large compression methods overflow
|
||||||
|
+ * &methbuf[]. Use the old, three-digit decimal format
|
||||||
|
+ * for values which fit. Otherwise, sacrifice the "u",
|
||||||
|
+ * and use four-digit hexadecimal.
|
||||||
|
+ */
|
||||||
|
+ if (G.crec.compression_method <= 999) {
|
||||||
|
+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
|
||||||
|
+ } else {
|
||||||
|
+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
|
||||||
|
for (k = 0; k < 15; ++k)
|
39
CVE-2018-1000035.patch
Normal file
39
CVE-2018-1000035.patch
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
From: <kbabioch@suse.com>
|
||||||
|
Date: Thu Feb 8 15:10:03 CET 2018
|
||||||
|
Upstream: merged
|
||||||
|
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548
|
||||||
|
|
||||||
|
Index: fileio.c
|
||||||
|
===================================================================
|
||||||
|
--- fileio.c.orig
|
||||||
|
+++ fileio.c
|
||||||
|
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
|
||||||
|
int r = IZ_PW_ENTERED;
|
||||||
|
char *m;
|
||||||
|
char *prompt;
|
||||||
|
-
|
||||||
|
+ char *zfnf;
|
||||||
|
+ char *efnf;
|
||||||
|
+ size_t zfnfl;
|
||||||
|
+ int isOverflow;
|
||||||
|
+
|
||||||
|
#ifndef REENTRANT
|
||||||
|
/* tell picky compilers to shut up about "unused variable" warnings */
|
||||||
|
pG = pG;
|
||||||
|
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
|
||||||
|
|
||||||
|
if (*rcnt == 0) { /* First call for current entry */
|
||||||
|
*rcnt = 2;
|
||||||
|
- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
|
||||||
|
+ zfnf = FnFilter1(zfn);
|
||||||
|
+ efnf = FnFilter2(efn);
|
||||||
|
+ zfnfl = strlen(zfnf);
|
||||||
|
+ isOverflow = TRUE;
|
||||||
|
+ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
|
||||||
|
+ {
|
||||||
|
+ isOverflow = FALSE;
|
||||||
|
+ }
|
||||||
|
+ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) {
|
||||||
|
sprintf(prompt, LoadFarString(PasswPrompt),
|
||||||
|
FnFilter1(zfn), FnFilter2(efn));
|
||||||
|
m = prompt;
|
37
CVE-2022-0529.patch
Normal file
37
CVE-2022-0529.patch
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
From: Enrico Zini <enrico@debian.org>
|
||||||
|
Subject: Fix wide string conversion
|
||||||
|
Bug-Debian: https://bugs.debian.org/1010355
|
||||||
|
X-Debian-version: 6.0-27
|
||||||
|
|
||||||
|
--- a/process.c
|
||||||
|
+++ b/process.c
|
||||||
|
@@ -2507,13 +2507,15 @@
|
||||||
|
char buf[9];
|
||||||
|
char *buffer = NULL;
|
||||||
|
char *local_string = NULL;
|
||||||
|
+ size_t buffer_size;
|
||||||
|
|
||||||
|
for (wsize = 0; wide_string[wsize]; wsize++) ;
|
||||||
|
|
||||||
|
if (max_bytes < MAX_ESCAPE_BYTES)
|
||||||
|
max_bytes = MAX_ESCAPE_BYTES;
|
||||||
|
|
||||||
|
- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
|
||||||
|
+ buffer_size = wsize * max_bytes + 1;
|
||||||
|
+ if ((buffer = (char *)malloc(buffer_size)) == NULL) {
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -2552,7 +2554,11 @@
|
||||||
|
/* no MB for this wide */
|
||||||
|
/* use escape for wide character */
|
||||||
|
char *escape_string = wide_to_escape_string(wide_string[i]);
|
||||||
|
- strcat(buffer, escape_string);
|
||||||
|
+ size_t buffer_len = strlen(buffer);
|
||||||
|
+ size_t escape_string_len = strlen(escape_string);
|
||||||
|
+ if (buffer_len + escape_string_len + 1 > buffer_size)
|
||||||
|
+ escape_string_len = buffer_size - buffer_len - 1;
|
||||||
|
+ strncat(buffer, escape_string, escape_string_len);
|
||||||
|
free(escape_string);
|
||||||
|
}
|
||||||
|
}
|
28
CVE-2022-0530.patch
Normal file
28
CVE-2022-0530.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
From: Enrico Zini <enrico@debian.org>
|
||||||
|
Subject: Fix null pointer dereference on invalid UTF-8 input
|
||||||
|
Bug-Debian: https://bugs.debian.org/1010355
|
||||||
|
X-Debian-version: 6.0-27
|
||||||
|
|
||||||
|
--- a/fileio.c
|
||||||
|
+++ b/fileio.c
|
||||||
|
@@ -2361,6 +2361,9 @@
|
||||||
|
/* convert UTF-8 to local character set */
|
||||||
|
fn = utf8_to_local_string(G.unipath_filename,
|
||||||
|
G.unicode_escape_all);
|
||||||
|
+ if (fn == NULL)
|
||||||
|
+ return PK_ERR;
|
||||||
|
+
|
||||||
|
/* make sure filename is short enough */
|
||||||
|
if (strlen(fn) >= FILNAMSIZ) {
|
||||||
|
fn[FILNAMSIZ - 1] = '\0';
|
||||||
|
--- a/process.c
|
||||||
|
+++ b/process.c
|
||||||
|
@@ -2611,6 +2611,8 @@
|
||||||
|
int escape_all;
|
||||||
|
{
|
||||||
|
zwchar *wide = utf8_to_wide_string(utf8_string);
|
||||||
|
+ if (wide == NULL)
|
||||||
|
+ return NULL;
|
||||||
|
char *loc = wide_to_local_string(wide, escape_all);
|
||||||
|
free(wide);
|
||||||
|
return loc;
|
78
Fix-CVE-2014-8139-unzip.patch
Normal file
78
Fix-CVE-2014-8139-unzip.patch
Normal file
@ -0,0 +1,78 @@
|
|||||||
|
diff --git a/extract.c b/extract.c
|
||||||
|
index 9ef80b3..c741b5f 100644
|
||||||
|
--- a/extract.c
|
||||||
|
+++ b/extract.c
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
/*
|
||||||
|
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
|
||||||
|
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
|
||||||
|
|
||||||
|
See the accompanying file LICENSE, version 2009-Jan-02 or later
|
||||||
|
(the contents of which are also included in unzip.h) for terms of use.
|
||||||
|
@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
|
||||||
|
#ifndef SFX
|
||||||
|
static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
|
||||||
|
EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
|
||||||
|
+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
|
||||||
|
+ EF block length (%u bytes) invalid (< %d)\n";
|
||||||
|
static ZCONST char Far InvalidComprDataEAs[] =
|
||||||
|
" invalid compressed data for EAs\n";
|
||||||
|
# if (defined(WIN32) && defined(NTSD_EAS))
|
||||||
|
@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len)
|
||||||
|
ebID = makeword(ef);
|
||||||
|
ebLen = (unsigned)makeword(ef+EB_LEN);
|
||||||
|
|
||||||
|
- if (ebLen > (ef_len - EB_HEADSIZE)) {
|
||||||
|
+ if (ebLen > (ef_len - EB_HEADSIZE))
|
||||||
|
+ {
|
||||||
|
/* Discovered some extra field inconsistency! */
|
||||||
|
if (uO.qflag)
|
||||||
|
Info(slide, 1, ((char *)slide, "%-22s ",
|
||||||
|
@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len)
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
case EF_PKVMS:
|
||||||
|
- if (makelong(ef+EB_HEADSIZE) !=
|
||||||
|
- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4),
|
||||||
|
- (extent)(ebLen-4)))
|
||||||
|
- Info(slide, 1, ((char *)slide,
|
||||||
|
- LoadFarString(BadCRC_EAs)));
|
||||||
|
+ /* 2015-01-30 SMS. Added sufficient-bytes test/message
|
||||||
|
+ * here. (Removed defective ebLen test above.)
|
||||||
|
+ *
|
||||||
|
+ * If sufficient bytes (EB_PKVMS_MINLEN) are available,
|
||||||
|
+ * then compare the stored CRC value with the calculated
|
||||||
|
+ * CRC for the remainder of the data (and complain about
|
||||||
|
+ * a mismatch).
|
||||||
|
+ */
|
||||||
|
+ if (ebLen < EB_PKVMS_MINLEN)
|
||||||
|
+ {
|
||||||
|
+ /* Insufficient bytes available. */
|
||||||
|
+ Info( slide, 1,
|
||||||
|
+ ((char *)slide, LoadFarString( TooSmallEBlength),
|
||||||
|
+ ebLen, EB_PKVMS_MINLEN));
|
||||||
|
+ }
|
||||||
|
+ else if (makelong(ef+ EB_HEADSIZE) !=
|
||||||
|
+ crc32(CRCVAL_INITIAL,
|
||||||
|
+ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN),
|
||||||
|
+ (extent)(ebLen- EB_PKVMS_MINLEN)))
|
||||||
|
+ {
|
||||||
|
+ Info(slide, 1, ((char *)slide,
|
||||||
|
+ LoadFarString(BadCRC_EAs)));
|
||||||
|
+ }
|
||||||
|
break;
|
||||||
|
case EF_PKW32:
|
||||||
|
case EF_PKUNIX:
|
||||||
|
diff --git a/unzpriv.h b/unzpriv.h
|
||||||
|
index 005cee0..5c83a6e 100644
|
||||||
|
--- a/unzpriv.h
|
||||||
|
+++ b/unzpriv.h
|
||||||
|
@@ -1806,6 +1806,8 @@
|
||||||
|
#define EB_NTSD_VERSION 4 /* offset of NTSD version byte */
|
||||||
|
#define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */
|
||||||
|
|
||||||
|
+#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */
|
||||||
|
+
|
||||||
|
#define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */
|
||||||
|
#define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */
|
||||||
|
|
181
Fix-CVE-2014-8140-and-CVE-2014-8141.patch
Normal file
181
Fix-CVE-2014-8140-and-CVE-2014-8141.patch
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
From 3e74a01aec1ab48c3848ac50fc2f8ed8b177b400 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thorsten Behrens <tbehrens@suse.com>
|
||||||
|
Date: Sat, 20 Dec 2014 01:56:42 +0100
|
||||||
|
Subject: [PATCH] Fix CVE-2014-8140 and CVE-2014-8141
|
||||||
|
|
||||||
|
CVE-2014-8140 unzip: write error (*_8349_*) shows a problem in
|
||||||
|
extract.c:test_compr_eb()
|
||||||
|
|
||||||
|
CVE-2014-8141 unzip: read errors (*_6430_*, *_3422_*) show problems in
|
||||||
|
process.c:getZip64Data()
|
||||||
|
---
|
||||||
|
extract.c | 13 +++++++++---
|
||||||
|
fileio.c | 9 ++++++++-
|
||||||
|
process.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++----------------
|
||||||
|
3 files changed, 69 insertions(+), 21 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/extract.c b/extract.c
|
||||||
|
index 78f637e..5d27e4b 100644
|
||||||
|
--- a/extract.c
|
||||||
|
+++ b/extract.c
|
||||||
|
@@ -2234,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
|
||||||
|
if (compr_offset < 4) /* field is not compressed: */
|
||||||
|
return PK_OK; /* do nothing and signal OK */
|
||||||
|
|
||||||
|
+ /* Return no/bad-data error status if any problem is found:
|
||||||
|
+ * 1. eb_size is too small to hold the uncompressed size
|
||||||
|
+ * (eb_ucsize). (Else extract eb_ucsize.)
|
||||||
|
+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS.
|
||||||
|
+ * 3. eb_ucsize is positive, but eb_size is too small to hold
|
||||||
|
+ * the compressed data header.
|
||||||
|
+ */
|
||||||
|
if ((eb_size < (EB_UCSIZE_P + 4)) ||
|
||||||
|
- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
|
||||||
|
- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
|
||||||
|
- return IZ_EF_TRUNC; /* no compressed data! */
|
||||||
|
+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
|
||||||
|
+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
|
||||||
|
+ return IZ_EF_TRUNC; /* no/bad compressed data! */
|
||||||
|
|
||||||
|
if (
|
||||||
|
#ifdef INT_16BIT
|
||||||
|
diff --git a/fileio.c b/fileio.c
|
||||||
|
index a381855..de93728 100644
|
||||||
|
--- a/fileio.c
|
||||||
|
+++ b/fileio.c
|
||||||
|
@@ -181,6 +181,8 @@ static ZCONST char Far FilenameTooLongTrunc[] =
|
||||||
|
#endif
|
||||||
|
static ZCONST char Far ExtraFieldTooLong[] =
|
||||||
|
"warning: extra field too long (%d). Ignoring...\n";
|
||||||
|
+static ZCONST char Far ExtraFieldCorrupt[] =
|
||||||
|
+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
|
||||||
|
|
||||||
|
#ifdef WINDLL
|
||||||
|
static ZCONST char Far DiskFullQuery[] =
|
||||||
|
@@ -2326,7 +2328,12 @@ int do_string(__G__ length, option) /* return PK-type error code */
|
||||||
|
if (readbuf(__G__ (char *)G.extra_field, length) == 0)
|
||||||
|
return PK_EOF;
|
||||||
|
/* Looks like here is where extra fields are read */
|
||||||
|
- getZip64Data(__G__ G.extra_field, length);
|
||||||
|
+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
|
||||||
|
+ {
|
||||||
|
+ Info(slide, 0x401, ((char *)slide,
|
||||||
|
+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
|
||||||
|
+ error = PK_WARN;
|
||||||
|
+ }
|
||||||
|
#ifdef UNICODE_SUPPORT
|
||||||
|
G.unipath_filename = NULL;
|
||||||
|
if (G.UzO.U_flag < 2) {
|
||||||
|
diff --git a/process.c b/process.c
|
||||||
|
index f1b7602..828c8aa 100644
|
||||||
|
--- a/process.c
|
||||||
|
+++ b/process.c
|
||||||
|
@@ -1,5 +1,5 @@
|
||||||
|
/*
|
||||||
|
- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
|
||||||
|
+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
|
||||||
|
|
||||||
|
See the accompanying file LICENSE, version 2009-Jan-02 or later
|
||||||
|
(the contents of which are also included in unzip.h) for terms of use.
|
||||||
|
@@ -1901,48 +1901,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
|
||||||
|
and a 4-byte version of disk start number.
|
||||||
|
Sets both local header and central header fields. Not terribly clever,
|
||||||
|
but it means that this procedure is only called in one place.
|
||||||
|
+
|
||||||
|
+ 2014-12-05 SMS.
|
||||||
|
+ Added checks to ensure that enough data are available before calling
|
||||||
|
+ makeint64() or makelong(). Replaced various sizeof() values with
|
||||||
|
+ simple ("4" or "8") constants. (The Zip64 structures do not depend
|
||||||
|
+ on our variable sizes.) Error handling is crude, but we should now
|
||||||
|
+ stay within the buffer.
|
||||||
|
---------------------------------------------------------------------------*/
|
||||||
|
|
||||||
|
+#define Z64FLGS 0xffff
|
||||||
|
+#define Z64FLGL 0xffffffff
|
||||||
|
+
|
||||||
|
if (ef_len == 0 || ef_buf == NULL)
|
||||||
|
return PK_COOL;
|
||||||
|
|
||||||
|
Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
|
||||||
|
ef_len));
|
||||||
|
|
||||||
|
- while (ef_len >= EB_HEADSIZE) {
|
||||||
|
+ while (ef_len >= EB_HEADSIZE)
|
||||||
|
+ {
|
||||||
|
eb_id = makeword(EB_ID + ef_buf);
|
||||||
|
eb_len = makeword(EB_LEN + ef_buf);
|
||||||
|
|
||||||
|
- if (eb_len > (ef_len - EB_HEADSIZE)) {
|
||||||
|
- /* discovered some extra field inconsistency! */
|
||||||
|
+ if (eb_len > (ef_len - EB_HEADSIZE))
|
||||||
|
+ {
|
||||||
|
+ /* Extra block length exceeds remaining extra field length. */
|
||||||
|
Trace((stderr,
|
||||||
|
"getZip64Data: block length %u > rest ef_size %u\n", eb_len,
|
||||||
|
ef_len - EB_HEADSIZE));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
- if (eb_id == EF_PKSZ64) {
|
||||||
|
-
|
||||||
|
+ if (eb_id == EF_PKSZ64)
|
||||||
|
+ {
|
||||||
|
int offset = EB_HEADSIZE;
|
||||||
|
|
||||||
|
- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
|
||||||
|
- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
|
||||||
|
- offset += sizeof(G.crec.ucsize);
|
||||||
|
+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
|
||||||
|
+ {
|
||||||
|
+ if (offset+ 8 > ef_len)
|
||||||
|
+ return PK_ERR;
|
||||||
|
+
|
||||||
|
+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
|
||||||
|
+ offset += 8;
|
||||||
|
}
|
||||||
|
- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
|
||||||
|
- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
|
||||||
|
- offset += sizeof(G.crec.csize);
|
||||||
|
+
|
||||||
|
+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
|
||||||
|
+ {
|
||||||
|
+ if (offset+ 8 > ef_len)
|
||||||
|
+ return PK_ERR;
|
||||||
|
+
|
||||||
|
+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
|
||||||
|
+ offset += 8;
|
||||||
|
}
|
||||||
|
- if (G.crec.relative_offset_local_header == 0xffffffff){
|
||||||
|
+
|
||||||
|
+ if (G.crec.relative_offset_local_header == Z64FLGL)
|
||||||
|
+ {
|
||||||
|
+ if (offset+ 8 > ef_len)
|
||||||
|
+ return PK_ERR;
|
||||||
|
+
|
||||||
|
G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
|
||||||
|
- offset += sizeof(G.crec.relative_offset_local_header);
|
||||||
|
+ offset += 8;
|
||||||
|
}
|
||||||
|
- if (G.crec.disk_number_start == 0xffff){
|
||||||
|
+
|
||||||
|
+ if (G.crec.disk_number_start == Z64FLGS)
|
||||||
|
+ {
|
||||||
|
+ if (offset+ 4 > ef_len)
|
||||||
|
+ return PK_ERR;
|
||||||
|
+
|
||||||
|
G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
|
||||||
|
- offset += sizeof(G.crec.disk_number_start);
|
||||||
|
+ offset += 4;
|
||||||
|
}
|
||||||
|
+#if 0
|
||||||
|
+ break; /* Expect only one EF_PKSZ64 block. */
|
||||||
|
+#endif /* 0 */
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* Skip this extra field block */
|
||||||
|
+ /* Skip this extra field block. */
|
||||||
|
ef_buf += (eb_len + EB_HEADSIZE);
|
||||||
|
ef_len -= (eb_len + EB_HEADSIZE);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.8.4.5
|
||||||
|
|
41
Fix-CVE-2014-9636-unzip-buffer-overflow.patch
Normal file
41
Fix-CVE-2014-9636-unzip-buffer-overflow.patch
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
|
||||||
|
From: mancha <mancha1 AT zoho DOT com>
|
||||||
|
Date: Wed, 11 Feb 2015
|
||||||
|
Subject: Info-ZIP UnZip buffer overflow
|
||||||
|
|
||||||
|
By carefully crafting a corrupt ZIP archive with "extra fields" that
|
||||||
|
purport to have compressed blocks larger than the corresponding
|
||||||
|
uncompressed blocks in STORED no-compression mode, an attacker can
|
||||||
|
trigger a heap overflow that can result in application crash or
|
||||||
|
possibly have other unspecified impact.
|
||||||
|
|
||||||
|
This patch ensures that when extra fields use STORED mode, the
|
||||||
|
"compressed" and uncompressed block sizes match.
|
||||||
|
|
||||||
|
---
|
||||||
|
extract.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
--- unzip60/extract.c
|
||||||
|
+++ unzip60/extract.c
|
||||||
|
@@ -2230,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si
|
||||||
|
ulg eb_ucsize;
|
||||||
|
uch *eb_ucptr;
|
||||||
|
int r;
|
||||||
|
+ ush method;
|
||||||
|
|
||||||
|
if (compr_offset < 4) /* field is not compressed: */
|
||||||
|
return PK_OK; /* do nothing and signal OK */
|
||||||
|
@@ -2246,6 +2247,13 @@ static int test_compr_eb(__G__ eb, eb_si
|
||||||
|
((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
|
||||||
|
return IZ_EF_TRUNC; /* no/bad compressed data! */
|
||||||
|
|
||||||
|
+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
|
||||||
|
+ if ((method == STORED) &&
|
||||||
|
+ (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
|
||||||
|
+ return PK_ERR; /* compressed & uncompressed
|
||||||
|
+ * should match in STORED
|
||||||
|
+ * method */
|
||||||
|
+
|
||||||
|
if (
|
||||||
|
#ifdef INT_16BIT
|
||||||
|
(((ulg)(extent)eb_ucsize) != eb_ucsize) ||
|
3
_multibuild
Normal file
3
_multibuild
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
<multibuild>
|
||||||
|
<package>unzip-rcc</package>
|
||||||
|
</multibuild>
|
10
pre_checkin.sh
Normal file
10
pre_checkin.sh
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
#! /bin/sh
|
||||||
|
|
||||||
|
cp unzip.spec unzip-rcc.spec
|
||||||
|
cp unzip.changes unzip-rcc.changes
|
||||||
|
|
||||||
|
sed -i -e 's,Name: .*,Name: unzip-rcc,' unzip-rcc.spec
|
||||||
|
sed -i -e 's,%bcond_with rcc,%bcond_without rcc,' unzip-rcc.spec
|
||||||
|
|
||||||
|
osc service localrun format_spec_file
|
||||||
|
|
31
unzip-5.52-filename_too_long.patch
Normal file
31
unzip-5.52-filename_too_long.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
Index: process.c
|
||||||
|
===================================================================
|
||||||
|
--- process.c.orig 2009-03-06 02:25:10.000000000 +0100
|
||||||
|
+++ process.c 2010-05-21 13:17:28.292590863 +0200
|
||||||
|
@@ -203,6 +203,8 @@ static ZCONST char Far Cent64EndSigSearc
|
||||||
|
#endif
|
||||||
|
static ZCONST char Far ZipfileCommTrunc1[] =
|
||||||
|
"\ncaution: zipfile comment truncated\n";
|
||||||
|
+static ZCONST char Far FileNameTooLong[] =
|
||||||
|
+ "%s: error: %s (truncated): %s\n";
|
||||||
|
#ifndef NO_ZIPINFO
|
||||||
|
static ZCONST char Far NoZipfileComment[] =
|
||||||
|
"There is no zipfile comment.\n";
|
||||||
|
@@ -390,6 +392,17 @@ int process_zipfiles(__G) /* return P
|
||||||
|
|
||||||
|
lastzipfn = G.zipfn;
|
||||||
|
|
||||||
|
+ if (strlen(G.wildzipfn) > strlen(G.zipfn))
|
||||||
|
+ {
|
||||||
|
+ Info(slide, 1, ((char *)slide,
|
||||||
|
+ LoadFarString(FileNameTooLong),
|
||||||
|
+ uO.zipinfo_mode? LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip),
|
||||||
|
+ G.zipfn, strerror(ENAMETOOLONG)));
|
||||||
|
+
|
||||||
|
+ free_G_buffers(__G);
|
||||||
|
+ return PK_NOZIP;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
/* print a blank line between the output of different zipfiles */
|
||||||
|
if (!uO.qflag && error != PK_NOZIP && error != IZ_DIR
|
||||||
|
#ifdef TIMESTAMP
|
176
unzip-5.52-use_librcc.patch
Normal file
176
unzip-5.52-use_librcc.patch
Normal file
@ -0,0 +1,176 @@
|
|||||||
|
Author: Suren A. Chilingaryan <csa@dside.dyndns.org>
|
||||||
|
Description: Provides header file
|
||||||
|
|
||||||
|
Index: dsrecode.c
|
||||||
|
===================================================================
|
||||||
|
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
|
||||||
|
+++ dsrecode.c 2010-05-21 14:25:19.192590879 +0200
|
||||||
|
@@ -0,0 +1,137 @@
|
||||||
|
+#include <librcc.h>
|
||||||
|
+
|
||||||
|
+static rcc_class_default_charset default_oem[] =
|
||||||
|
+{
|
||||||
|
+ { "ru", "IBM866" },
|
||||||
|
+ { NULL, NULL }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static rcc_class_default_charset default_iso[] =
|
||||||
|
+{
|
||||||
|
+ { "ru", "CP1251" },
|
||||||
|
+ { NULL, NULL }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+#define OEM_CLASS 0
|
||||||
|
+#define ISO_CLASS 1
|
||||||
|
+#define OUT_CLASS 2
|
||||||
|
+static rcc_class classes[] =
|
||||||
|
+{
|
||||||
|
+ { "oem", RCC_CLASS_STANDARD, NULL, default_oem, "OEM_INTERN", 0 },
|
||||||
|
+ { "iso", RCC_CLASS_STANDARD, NULL, default_iso, "ISO_INTERN", 0 },
|
||||||
|
+ { "out", RCC_CLASS_STANDARD, "LC_CTYPE", NULL, "Output", 0 },
|
||||||
|
+ { NULL }
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+int initialized = 0;
|
||||||
|
+
|
||||||
|
+#ifdef RCC_LAZY
|
||||||
|
+#include <dlfcn.h>
|
||||||
|
+# define RCC_LIBRARY "librcc.so.0"
|
||||||
|
+int (*rccInit2)(void);
|
||||||
|
+int (*rccFree2)(void);
|
||||||
|
+int (*rccInitDefaultContext2)(const char *locale_variable,
|
||||||
|
+ unsigned int max_languages,
|
||||||
|
+ unsigned int max_classes,
|
||||||
|
+ rcc_class_ptr defclasses,
|
||||||
|
+ rcc_init_flags flags);
|
||||||
|
+int (*rccInitDb42)(rcc_context ctx, const char *name, rcc_db4_flags flags);
|
||||||
|
+char* (*rccSizedRecode2)(rcc_context ctx, rcc_class_id from, rcc_class_id to,
|
||||||
|
+ const char *buf, size_t len, size_t *rlen);
|
||||||
|
+int (*rccLoad2)(rcc_context ctx, const char *name);
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static char *rccRecode2(rcc_context ctx, rcc_class_id from,
|
||||||
|
+ rcc_class_id to, const char *buf)
|
||||||
|
+{
|
||||||
|
+ return rccSizedRecode2(ctx, from, to, buf, 0, NULL);
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void *rcc_handle;
|
||||||
|
+#else /* RCC_LAZY */
|
||||||
|
+#define rccInit2 rccInit
|
||||||
|
+#define rccFree2 rccFree
|
||||||
|
+#define rccInitDefaultContext2 rccInitDefaultContext
|
||||||
|
+#define rccInitDb42 rccInitDb4
|
||||||
|
+#define rccRecode2 rccRecode
|
||||||
|
+#define rccLoad2 rccLoad
|
||||||
|
+#endif /* RCC_LAZY */
|
||||||
|
+
|
||||||
|
+static void rccUnzipFree(void)
|
||||||
|
+{
|
||||||
|
+ if (initialized > 0) {
|
||||||
|
+ rccFree2();
|
||||||
|
+#ifdef RCC_LAZY
|
||||||
|
+ dlclose(rcc_handle);
|
||||||
|
+#endif /* RCC_LAZY */
|
||||||
|
+ initialized = 0;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+static int rccUnzipInit(void)
|
||||||
|
+{
|
||||||
|
+ if (initialized) return 0;
|
||||||
|
+
|
||||||
|
+#ifdef RCC_LAZY
|
||||||
|
+ rcc_handle = dlopen(RCC_LIBRARY, RTLD_NOW);
|
||||||
|
+ if (!rcc_handle) {
|
||||||
|
+ initialized = -1;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ rccInit2 = dlsym(rcc_handle, "rccInit");
|
||||||
|
+ rccFree2 = dlsym(rcc_handle, "rccFree");
|
||||||
|
+ rccInitDefaultContext2 = dlsym(rcc_handle, "rccInitDefaultContext");
|
||||||
|
+ rccInitDb42 = dlsym(rcc_handle, "rccInitDb4");
|
||||||
|
+ rccSizedRecode2 = dlsym(rcc_handle, "rccSizedRecode");
|
||||||
|
+ rccLoad2 = dlsym(rcc_handle, "rccLoad");
|
||||||
|
+
|
||||||
|
+ if ((!rccInit2) || (!rccFree2) || (!rccInitDefaultContext2) ||
|
||||||
|
+ (!rccInitDb42) || (!rccSizedRecode2) || (!rccLoad2)) {
|
||||||
|
+ dlclose(rcc_handle);
|
||||||
|
+ initialized = -1;
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
+#endif /* RCC_LAZY */
|
||||||
|
+
|
||||||
|
+ rccInit2();
|
||||||
|
+ rccInitDefaultContext2(NULL, 0, 0, classes, 0);
|
||||||
|
+ rccLoad2(NULL, "zip");
|
||||||
|
+ rccInitDb42(NULL, NULL, 0);
|
||||||
|
+ atexit(rccUnzipFree);
|
||||||
|
+ initialized = 1;
|
||||||
|
+ return 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+void _DS_OEM_INTERN(char *string)
|
||||||
|
+{
|
||||||
|
+ char *str;
|
||||||
|
+ rccUnzipInit();
|
||||||
|
+
|
||||||
|
+ if (initialized>0) {
|
||||||
|
+ str = rccRecode2(NULL, OEM_CLASS, OUT_CLASS, string);
|
||||||
|
+
|
||||||
|
+ if (str) {
|
||||||
|
+ strncpy(string,str,FILNAMSIZ);
|
||||||
|
+ free(str);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void _DS_ISO_INTERN(char *string)
|
||||||
|
+{
|
||||||
|
+ char *str;
|
||||||
|
+ rccUnzipInit();
|
||||||
|
+
|
||||||
|
+ if (initialized>0) {
|
||||||
|
+ str = rccRecode2(NULL, ISO_CLASS, OUT_CLASS, string);
|
||||||
|
+
|
||||||
|
+ if (str) {
|
||||||
|
+ strncpy(string,str,FILNAMSIZ);
|
||||||
|
+ free(str);
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
Index: fileio.c
|
||||||
|
===================================================================
|
||||||
|
--- fileio.c.orig 2010-05-21 14:25:19.172590765 +0200
|
||||||
|
+++ fileio.c 2010-05-21 14:25:19.192590879 +0200
|
||||||
|
@@ -82,7 +82,7 @@
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
#include "ebcdic.h" /* definition/initialization of ebcdic[] */
|
||||||
|
-
|
||||||
|
+#include "dsrecode.c"
|
||||||
|
|
||||||
|
/*
|
||||||
|
Note: Under Windows, the maximum size of the buffer that can be used
|
||||||
|
Index: unzpriv.h
|
||||||
|
===================================================================
|
||||||
|
--- unzpriv.h.orig 2010-05-21 14:24:55.632590821 +0200
|
||||||
|
+++ unzpriv.h 2010-05-21 14:25:19.220590722 +0200
|
||||||
|
@@ -3025,10 +3025,11 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
!(((islochdr) || (isuxatt)) && \
|
||||||
|
((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
|
||||||
|
(hostnum) == FS_HPFS_ || \
|
||||||
|
+ (hostnum) == UNIX_ || \
|
||||||
|
((hostnum) == FS_NTFS_ && (hostver) == 50)) { \
|
||||||
|
- _OEM_INTERN((string)); \
|
||||||
|
+ _DS_OEM_INTERN((string)); \
|
||||||
|
} else { \
|
||||||
|
- _ISO_INTERN((string)); \
|
||||||
|
+ _DS_ISO_INTERN((string)); \
|
||||||
|
}}
|
||||||
|
#endif
|
||||||
|
|
15
unzip-dont_call_isprint.patch
Normal file
15
unzip-dont_call_isprint.patch
Normal file
@ -0,0 +1,15 @@
|
|||||||
|
Author: Suren A. Chilingaryan <csa@dside.dyndns.org>
|
||||||
|
|
||||||
|
Index: extract.c
|
||||||
|
===================================================================
|
||||||
|
--- extract.c.orig 2009-03-14 04:32:52.000000000 +0300
|
||||||
|
+++ extract.c 2010-07-07 17:29:52.000000000 +0400
|
||||||
|
@@ -2596,7 +2596,7 @@ char *fnfilter(raw, space, size) /* co
|
||||||
|
*/
|
||||||
|
# define UZ_FNFILTER_REPLACECHAR '?'
|
||||||
|
# endif
|
||||||
|
- if (!isprint(*r)) {
|
||||||
|
+ if (*r < 32) { //(!isprint(*r)) {
|
||||||
|
if (*r < 32) {
|
||||||
|
/* ASCII control codes are escaped as "^{letter}". */
|
||||||
|
if (se != NULL && (s > (space + (size-4)))) {
|
20
unzip-initialize-the-symlink-flag.patch
Normal file
20
unzip-initialize-the-symlink-flag.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
From: Andreas Schwab <schwab@linux-m68k.org>
|
||||||
|
Subject: Initialize the symlink flag
|
||||||
|
Bug-Debian: https://bugs.debian.org/717029
|
||||||
|
X-Debian-version: 6.0-10
|
||||||
|
|
||||||
|
--- a/process.c
|
||||||
|
+++ b/process.c
|
||||||
|
@@ -1758,6 +1758,12 @@
|
||||||
|
= (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+#ifdef SYMLINKS
|
||||||
|
+ /* Initialize the symlink flag, may be set by the platform-specific
|
||||||
|
+ mapattr function. */
|
||||||
|
+ G.pInfo->symlink = 0;
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
return PK_COOL;
|
||||||
|
|
||||||
|
} /* end function process_cdir_file_hdr() */
|
181
unzip-iso8859_2.patch
Normal file
181
unzip-iso8859_2.patch
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
Index: ebcdic.h
|
||||||
|
===================================================================
|
||||||
|
--- ebcdic.h.orig 2008-03-21 13:04:22.000000000 +0100
|
||||||
|
+++ ebcdic.h 2010-05-21 14:07:51.000091055 +0200
|
||||||
|
@@ -254,6 +254,25 @@ ZCONST uch Far iso2oem_850[] = {
|
||||||
|
0xD0, 0xA4, 0x95, 0xA2, 0x93, 0xE4, 0x94, 0xF6, /* F0 - F7 */
|
||||||
|
0x9B, 0x97, 0xA3, 0x96, 0x81, 0xEC, 0xE7, 0x98 /* F8 - FF */
|
||||||
|
};
|
||||||
|
+
|
||||||
|
+ZCONST uch Far iso2oem_2[] = {
|
||||||
|
+ 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||||
|
+ 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D, 0x8E, 0x8F,
|
||||||
|
+ 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
|
||||||
|
+ 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F,
|
||||||
|
+ 0x20, 0xA4, 0xF4, 0x9D, 0xCF, 0x95, 0x97, 0xF5,
|
||||||
|
+ 0xF9, 0xE6, 0xB8, 0x9B, 0x8D, 0x2D, 0xA6, 0xBD,
|
||||||
|
+ 0x20, 0xA5, 0xF2, 0x88, 0xEF, 0x96, 0x98, 0xF3,
|
||||||
|
+ 0xF7, 0xE7, 0xAD, 0x9C, 0xAB, 0xF1, 0xA7, 0xBE,
|
||||||
|
+ 0xE8, 0xB5, 0xB6, 0xC6, 0x8E, 0x91, 0x8F, 0x80,
|
||||||
|
+ 0xAC, 0x90, 0xA8, 0xD3, 0xB7, 0xD6, 0xD7, 0xD2,
|
||||||
|
+ 0xD1, 0xE3, 0xD5, 0xE0, 0xE2, 0x8A, 0x99, 0x9E,
|
||||||
|
+ 0xFC, 0xDE, 0xE9, 0xEB, 0x9A, 0xED, 0xDD, 0xE1,
|
||||||
|
+ 0xEA, 0xA0, 0x83, 0xC7, 0x84, 0x92, 0x86, 0x87,
|
||||||
|
+ 0x9F, 0x82, 0xA9, 0x89, 0xD8, 0xA1, 0x8C, 0xD4,
|
||||||
|
+ 0xD0, 0xE4, 0xE5, 0xA2, 0x93, 0x8B, 0x94, 0xF6,
|
||||||
|
+ 0xFD, 0x85, 0xA3, 0xFB, 0x81, 0xEC, 0xEE, 0xFA
|
||||||
|
+};
|
||||||
|
#endif /* IZ_ISO2OEM_ARRAY */
|
||||||
|
|
||||||
|
#ifdef IZ_OEM2ISO_ARRAY
|
||||||
|
@@ -275,6 +294,25 @@ ZCONST uch Far oem2iso_850[] = {
|
||||||
|
0xAD, 0xB1, 0x3D, 0xBE, 0xB6, 0xA7, 0xF7, 0xB8, /* F0 - F7 */
|
||||||
|
0xB0, 0xA8, 0xB7, 0xB9, 0xB3, 0xB2, 0xA6, 0xA0 /* F8 - FF */
|
||||||
|
};
|
||||||
|
+
|
||||||
|
+ZCONST uch Far oem2iso_2[] = {
|
||||||
|
+ 0xC7, 0xFC, 0xE9, 0xE2, 0xE4, 0xF9, 0xE6, 0xE7,
|
||||||
|
+ 0xB3, 0xEB, 0xD5, 0xF5, 0xEE, 0xAC, 0xC4, 0xC6,
|
||||||
|
+ 0xC9, 0xC5, 0xE5, 0xF4, 0xF6, 0xA5, 0xB5, 0xA6,
|
||||||
|
+ 0xB6, 0xD6, 0xDC, 0xAB, 0xBB, 0xA3, 0xD7, 0xE8,
|
||||||
|
+ 0xE1, 0xED, 0xF3, 0xFA, 0xA1, 0xB1, 0xAE, 0xBE,
|
||||||
|
+ 0xCA, 0xEA, 0xAA, 0xBC, 0xC8, 0xBA, 0x3C, 0x3E,
|
||||||
|
+ 0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xC1, 0xC2, 0xCC,
|
||||||
|
+ 0xAA, 0xB9, 0xBA, 0xBB, 0xBC, 0xAF, 0xBF, 0xBF,
|
||||||
|
+ 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC3, 0xE3,
|
||||||
|
+ 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xA4,
|
||||||
|
+ 0xF0, 0xD0, 0xCF, 0xCB, 0xEF, 0xD2, 0xCD, 0xCE,
|
||||||
|
+ 0xEC, 0xD9, 0xDA, 0xDB, 0xDC, 0xDE, 0xD9, 0xDF,
|
||||||
|
+ 0xD3, 0xDF, 0xD4, 0xD1, 0xF1, 0xF2, 0xA9, 0xB9,
|
||||||
|
+ 0xC0, 0xDA, 0xE0, 0xDB, 0xFD, 0xDD, 0xFE, 0xB4,
|
||||||
|
+ 0xF0, 0xBD, 0xB2, 0xB7, 0xA2, 0xA7, 0xF7, 0xB8,
|
||||||
|
+ 0xF8, 0xA8, 0xFF, 0xFB, 0xD8, 0xF8, 0xFE, 0xFF
|
||||||
|
+};
|
||||||
|
#endif /* IZ_OEM2ISO_ARRAY */
|
||||||
|
|
||||||
|
/* The following pointers to the OEM<-->ISO translation tables are used
|
||||||
|
Index: man/unzip.1
|
||||||
|
===================================================================
|
||||||
|
--- man/unzip.1.orig 2009-04-20 02:33:10.000000000 +0200
|
||||||
|
+++ man/unzip.1 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
@@ -25,7 +25,7 @@
|
||||||
|
unzip \- list, test and extract compressed files in a ZIP archive
|
||||||
|
.PD
|
||||||
|
.SH SYNOPSIS
|
||||||
|
-\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMUVWX$/:^\fP]]
|
||||||
|
+\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMOUVWX$/:^\fP]]
|
||||||
|
\fIfile\fP[\fI.zip\fP] [\fIfile(s)\fP\ .\|.\|.]
|
||||||
|
[\fB\-x\fP\ \fIxfile(s)\fP\ .\|.\|.] [\fB\-d\fP\ \fIexdir\fP]
|
||||||
|
.PD
|
||||||
|
@@ -386,6 +386,9 @@ of \fIzip\fP(1L), which stores filenotes
|
||||||
|
overwrite existing files without prompting. This is a dangerous option, so
|
||||||
|
use it with care. (It is often used with \fB\-f\fP, however, and is the only
|
||||||
|
way to overwrite directory EAs under OS/2.)
|
||||||
|
+.TP
|
||||||
|
+.B \-O
|
||||||
|
++file names will be converted to ISO8859-2 instead of to ISO8859-1
|
||||||
|
.IP \fB\-P\fP\ \fIpassword\fP
|
||||||
|
use \fIpassword\fP to decrypt encrypted zipfile entries (if any). \fBTHIS IS
|
||||||
|
INSECURE!\fP Many multi-user operating systems provide ways for any user to
|
||||||
|
Index: unzip.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip.c.orig 2009-04-16 20:26:52.000000000 +0200
|
||||||
|
+++ unzip.c 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
@@ -1592,6 +1592,12 @@ int uz_opts(__G__ pargc, pargv)
|
||||||
|
} else
|
||||||
|
++uO.overwrite_all;
|
||||||
|
break;
|
||||||
|
+ case ('O'): /* spaces in filenames: allow by default */
|
||||||
|
+ if (negative)
|
||||||
|
+ uO.iso8859_2 = FALSE, negative = 0;
|
||||||
|
+ else
|
||||||
|
+ uO.iso8859_2 = TRUE;
|
||||||
|
+ break;
|
||||||
|
case ('p'): /* pipes: extract to stdout, no messages */
|
||||||
|
if (negative) {
|
||||||
|
uO.cflag = FALSE;
|
||||||
|
Index: unzip.h
|
||||||
|
===================================================================
|
||||||
|
--- unzip.h.orig 2009-02-15 19:12:54.000000000 +0100
|
||||||
|
+++ unzip.h 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
@@ -502,6 +502,7 @@ typedef struct _UzpOpts {
|
||||||
|
int K_flag; /* -K: keep setuid/setgid/tacky permissions */
|
||||||
|
#endif
|
||||||
|
int lflag; /* -12slmv: listing format (zipinfo) */
|
||||||
|
+ int iso8859_2; /* -O: ISO8859-2 is used instead ISO8859-1 */
|
||||||
|
int L_flag; /* -L: convert filenames from some OSes to lowercase */
|
||||||
|
int overwrite_none; /* -n: never overwrite files (no prompting) */
|
||||||
|
#ifdef AMIGA
|
||||||
|
Index: unzpriv.h
|
||||||
|
===================================================================
|
||||||
|
--- unzpriv.h.orig 2009-04-20 01:59:26.000000000 +0200
|
||||||
|
+++ unzpriv.h 2010-05-21 14:24:02.641090783 +0200
|
||||||
|
@@ -2899,8 +2899,15 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
# define IZ_ISO2OEM_ARRAY
|
||||||
|
# endif
|
||||||
|
# define _ISO_INTERN(str1) if (iso2oem) {register uch *p;\
|
||||||
|
- for (p=(uch *)(str1); *p; p++)\
|
||||||
|
- *p = native((*p & 0x80) ? iso2oem[*p & 0x7f] : *p);}
|
||||||
|
+ if (uO.iso8859_2 == FALSE) { \
|
||||||
|
+ for (p=(uch *)(str1); *p; p++) \
|
||||||
|
+ *p = native((*p & 0x80) ? iso2oem[*p & 0x7f] : *p); \
|
||||||
|
+ } \
|
||||||
|
+ else { \
|
||||||
|
+ for (p=(uch *)(str1); *p; p++) \
|
||||||
|
+ *p = native((*p & 0x80) ? iso2oem_2[*p & 0x7f] : *p); \
|
||||||
|
+ }; \
|
||||||
|
+ }
|
||||||
|
# else
|
||||||
|
# define _ISO_INTERN(str1) A_TO_N(str1)
|
||||||
|
# endif
|
||||||
|
@@ -2914,8 +2921,15 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
# define IZ_OEM2ISO_ARRAY
|
||||||
|
# endif
|
||||||
|
# define _OEM_INTERN(str1) if (oem2iso) {register uch *p;\
|
||||||
|
- for (p=(uch *)(str1); *p; p++)\
|
||||||
|
- *p = native((*p & 0x80) ? oem2iso[*p & 0x7f] : *p);}
|
||||||
|
+ if (uO.iso8859_2 == FALSE) { \
|
||||||
|
+ for (p=(uch *)(str1); *p; p++) \
|
||||||
|
+ *p = native((*p & 0x80) ? oem2iso[*p & 0x7f] : *p); \
|
||||||
|
+ } \
|
||||||
|
+ else { \
|
||||||
|
+ for (p=(uch *)(str1); *p; p++) \
|
||||||
|
+ *p = native((*p & 0x80) ? oem2iso_2[*p & 0x7f] : *p); \
|
||||||
|
+ } \
|
||||||
|
+ }
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
|
||||||
|
@@ -2942,6 +2956,7 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
/* know: "ASCII" is "OEM" */
|
||||||
|
# define ASCII2ISO(c) \
|
||||||
|
((((c) & 0x80) && oem2iso) ? oem2iso[(c) & 0x7f] : (c))
|
||||||
|
+ (( ((c) & 0x80) ? ((uO.iso8859_2 == FALSE) ? (oem2iso ? oem2iso[(c) & 0x7f] : (c)) : oem2iso_2[(c) & 0x7f]) : (c))
|
||||||
|
# if (defined(NEED_STR2ISO) && !defined(CRYP_USES_OEM2ISO))
|
||||||
|
# define CRYP_USES_OEM2ISO
|
||||||
|
# endif
|
||||||
|
@@ -2957,8 +2972,9 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
# define ASCII2OEM(c) (c)
|
||||||
|
# else
|
||||||
|
/* assume: "ASCII" is "ISO-ANSI" */
|
||||||
|
-# define ASCII2OEM(c) \
|
||||||
|
- ((((c) & 0x80) && iso2oem) ? iso2oem[(c) & 0x7f] : (c))
|
||||||
|
+# define ASCII2OEM(c) (((c) & 0x80) ? \
|
||||||
|
+ ((uO.iso8859_2 == FALSE) ? (iso2oem ? iso2oem[(c) & 0x7f] : (c)) : iso2oem_2[(c) & 0x7f]) : \
|
||||||
|
+ (c))
|
||||||
|
# if (defined(NEED_STR2OEM) && !defined(CRYP_USES_ISO2OEM))
|
||||||
|
# define CRYP_USES_ISO2OEM
|
||||||
|
# endif
|
||||||
|
@@ -3029,10 +3045,12 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
#endif
|
||||||
|
#ifdef IZ_ISO2OEM_ARRAY
|
||||||
|
extern ZCONST uch Far *iso2oem;
|
||||||
|
+ extern ZCONST uch Far iso2oem_2[];
|
||||||
|
extern ZCONST uch Far iso2oem_850[];
|
||||||
|
#endif
|
||||||
|
#ifdef IZ_OEM2ISO_ARRAY
|
||||||
|
extern ZCONST uch Far *oem2iso;
|
||||||
|
+ extern ZCONST uch Far oem2iso_2[];
|
||||||
|
extern ZCONST uch Far oem2iso_850[];
|
||||||
|
#endif
|
||||||
|
|
98
unzip-no-build-date.patch
Normal file
98
unzip-no-build-date.patch
Normal file
@ -0,0 +1,98 @@
|
|||||||
|
Index: cmsmvs/vmmvs.c
|
||||||
|
===================================================================
|
||||||
|
--- cmsmvs/vmmvs.c.orig
|
||||||
|
+++ cmsmvs/vmmvs.c
|
||||||
|
@@ -664,14 +664,6 @@ void version(__G)
|
||||||
|
|
||||||
|
/* Add compile environment */
|
||||||
|
platform,
|
||||||
|
-
|
||||||
|
- /* Add timestamp */
|
||||||
|
-#ifdef __DATE__
|
||||||
|
- " on " __DATE__
|
||||||
|
-#ifdef __TIME__
|
||||||
|
- " at " __TIME__
|
||||||
|
-#endif
|
||||||
|
-#endif
|
||||||
|
".\n", "",
|
||||||
|
liblvlmsg
|
||||||
|
);
|
||||||
|
Index: macos/source/sxunzip.c
|
||||||
|
===================================================================
|
||||||
|
--- macos/source/sxunzip.c.orig
|
||||||
|
+++ macos/source/sxunzip.c
|
||||||
|
@@ -123,7 +123,7 @@ static char UnZipVersionLocal[50];
|
||||||
|
|
||||||
|
memset(UnZipVersionLocal,0,sizeof(UnZipVersionLocal));
|
||||||
|
|
||||||
|
-sprintf(UnZipVersionLocal, "[%s %s]", __DATE__, __TIME__);
|
||||||
|
+sprintf(UnZipVersionLocal, "[Unknown]");
|
||||||
|
|
||||||
|
return UnZipVersionLocal;
|
||||||
|
}
|
||||||
|
Index: macos/source/macos.c
|
||||||
|
===================================================================
|
||||||
|
--- macos/source/macos.c.orig
|
||||||
|
+++ macos/source/macos.c
|
||||||
|
@@ -937,14 +937,11 @@ void version(__G)
|
||||||
|
ZCONST char Far CompiledWith[] =
|
||||||
|
"Compiled with %s%s for %s%s%s%s.\n\n"; */
|
||||||
|
|
||||||
|
-char DateTime[50];
|
||||||
|
-
|
||||||
|
#ifdef __MWERKS__
|
||||||
|
char CompVer[10];
|
||||||
|
sprintf(CompVer, "%x", __MWERKS__);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
- sprintf(DateTime,"%s %s",__DATE__, __TIME__);
|
||||||
|
|
||||||
|
sprintf((char *)slide, LoadFarString(CompiledWith),
|
||||||
|
|
||||||
|
@@ -960,13 +957,7 @@ sprintf(CompVer, "%x", __MWERKS__);
|
||||||
|
#else
|
||||||
|
" PowerPC Processor",
|
||||||
|
#endif
|
||||||
|
-
|
||||||
|
-#ifdef __DATE__
|
||||||
|
-
|
||||||
|
- "\n compile time: ", DateTime, ""
|
||||||
|
-#else
|
||||||
|
"", "", ""
|
||||||
|
-#endif
|
||||||
|
);
|
||||||
|
|
||||||
|
(*G.message)((zvoid *)&G, slide, (ulg)strlen((char *)slide), 0);
|
||||||
|
Index: amiga/amiga.c
|
||||||
|
===================================================================
|
||||||
|
--- amiga/amiga.c.orig
|
||||||
|
+++ amiga/amiga.c
|
||||||
|
@@ -1002,12 +1002,7 @@ void version(__G)
|
||||||
|
sprintf(buf2,"unknown version");
|
||||||
|
# endif
|
||||||
|
#endif
|
||||||
|
-
|
||||||
|
-#ifdef __DATE__
|
||||||
|
- sprintf(buf4," on %s",__DATE__);
|
||||||
|
-#else
|
||||||
|
strcpy(buf4," unknown date");
|
||||||
|
-#endif
|
||||||
|
|
||||||
|
/******
|
||||||
|
#ifdef __TIME__
|
||||||
|
Index: unix/unix.c
|
||||||
|
===================================================================
|
||||||
|
--- unix/unix.c.orig
|
||||||
|
+++ unix/unix.c
|
||||||
|
@@ -1705,11 +1705,7 @@ void version(__G)
|
||||||
|
#endif /* Sun */
|
||||||
|
#endif /* SGI */
|
||||||
|
|
||||||
|
-#ifdef __DATE__
|
||||||
|
- " on ", __DATE__
|
||||||
|
-#else
|
||||||
|
"", ""
|
||||||
|
-#endif
|
||||||
|
);
|
||||||
|
|
||||||
|
(*G.message)((zvoid *)&G, slide, (ulg)strlen((char *)slide), 0);
|
97
unzip-no_file_name_translation.patch
Normal file
97
unzip-no_file_name_translation.patch
Normal file
@ -0,0 +1,97 @@
|
|||||||
|
Index: man/zipinfo.1
|
||||||
|
===================================================================
|
||||||
|
--- man/zipinfo.1.orig 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
+++ man/zipinfo.1 2010-05-21 14:24:41.631590822 +0200
|
||||||
|
@@ -114,7 +114,10 @@ useful in cases where the stored filenam
|
||||||
|
.TP
|
||||||
|
.B \-s
|
||||||
|
list zipfile info in short Unix ``\fCls \-l\fR'' format. This is the default
|
||||||
|
-behavior; see below.
|
||||||
|
+behavior; see \fB\-m option below.
|
||||||
|
+.TP
|
||||||
|
+.B \-S
|
||||||
|
+suppress the conversion of file name encodings.
|
||||||
|
.TP
|
||||||
|
.B \-m
|
||||||
|
list zipfile info in medium Unix ``\fCls \-l\fR'' format. Identical to the
|
||||||
|
Index: man/unzip.1
|
||||||
|
===================================================================
|
||||||
|
--- man/unzip.1.orig 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
+++ man/unzip.1 2010-05-21 14:24:41.635590912 +0200
|
||||||
|
@@ -25,7 +25,7 @@
|
||||||
|
unzip \- list, test and extract compressed files in a ZIP archive
|
||||||
|
.PD
|
||||||
|
.SH SYNOPSIS
|
||||||
|
-\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMOUVWX$/:^\fP]]
|
||||||
|
+\fBunzip\fP [\fB\-Z\fP] [\fB\-cflptTuvz\fP[\fBabjnoqsCDKLMOSUVWX$/:^\fP]]
|
||||||
|
\fIfile\fP[\fI.zip\fP] [\fIfile(s)\fP\ .\|.\|.]
|
||||||
|
[\fB\-x\fP\ \fIxfile(s)\fP\ .\|.\|.] [\fB\-d\fP\ \fIexdir\fP]
|
||||||
|
.PD
|
||||||
|
Index: unzpriv.h
|
||||||
|
===================================================================
|
||||||
|
--- unzpriv.h.orig 2010-05-21 14:24:02.641090783 +0200
|
||||||
|
+++ unzpriv.h 2010-05-21 14:24:55.632590821 +0200
|
||||||
|
@@ -3020,6 +3020,7 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
*/
|
||||||
|
#ifndef Ext_ASCII_TO_Native
|
||||||
|
# define Ext_ASCII_TO_Native(string, hostnum, hostver, isuxatt, islochdr) \
|
||||||
|
+ if (uO.no_conv_enc == FALSE) { \
|
||||||
|
if (((hostnum) == FS_FAT_ && \
|
||||||
|
!(((islochdr) || (isuxatt)) && \
|
||||||
|
((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
|
||||||
|
@@ -3028,7 +3029,7 @@ char *GetLoadPath OF((__GPRO));
|
||||||
|
_OEM_INTERN((string)); \
|
||||||
|
} else { \
|
||||||
|
_ISO_INTERN((string)); \
|
||||||
|
- }
|
||||||
|
+ }}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
|
Index: zipinfo.c
|
||||||
|
===================================================================
|
||||||
|
--- zipinfo.c.orig 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
+++ zipinfo.c 2010-05-21 14:24:41.695590831 +0200
|
||||||
|
@@ -527,6 +527,12 @@ int zi_opts(__G__ pargc, pargv)
|
||||||
|
else
|
||||||
|
uO.lflag = 3;
|
||||||
|
break;
|
||||||
|
+ case 'S': /* suppress encoding conversion */
|
||||||
|
+ if (negative)
|
||||||
|
+ uO.no_conv_enc = FALSE, negative = 0;
|
||||||
|
+ else
|
||||||
|
+ uO.no_conv_enc = TRUE;
|
||||||
|
+ break;
|
||||||
|
case 't': /* totals line */
|
||||||
|
if (negative)
|
||||||
|
tflag_2v = tflag_slm = FALSE, negative = 0;
|
||||||
|
Index: unzip.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip.c.orig 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
+++ unzip.c 2010-05-21 14:24:41.727590745 +0200
|
||||||
|
@@ -1689,6 +1689,13 @@ int uz_opts(__G__ pargc, pargv)
|
||||||
|
else
|
||||||
|
uO.S_flag = TRUE;
|
||||||
|
break;
|
||||||
|
+#else
|
||||||
|
+ case ('S'): /* suppress file name encoding conversions */
|
||||||
|
+ if (negative)
|
||||||
|
+ uO.no_conv_enc = FALSE, negative = 0;
|
||||||
|
+ else
|
||||||
|
+ uO.no_conv_enc = TRUE;
|
||||||
|
+ break;
|
||||||
|
#endif /* VMS */
|
||||||
|
case ('t'):
|
||||||
|
if (negative)
|
||||||
|
Index: unzip.h
|
||||||
|
===================================================================
|
||||||
|
--- unzip.h.orig 2010-05-21 14:23:25.824590928 +0200
|
||||||
|
+++ unzip.h 2010-05-21 14:24:41.731591035 +0200
|
||||||
|
@@ -518,6 +518,7 @@ typedef struct _UzpOpts {
|
||||||
|
#if (defined(MSDOS) || defined(FLEXOS) || defined(OS2) || defined(WIN32))
|
||||||
|
int sflag; /* -s: convert spaces in filenames to underscores */
|
||||||
|
#endif
|
||||||
|
+ int no_conv_enc; /* -S: suppress encoding conversion */
|
||||||
|
#if (defined(NLM))
|
||||||
|
int sflag; /* -s: convert spaces in filenames to underscores */
|
||||||
|
#endif
|
77
unzip-open_missing_mode.patch
Normal file
77
unzip-open_missing_mode.patch
Normal file
@ -0,0 +1,77 @@
|
|||||||
|
Index: fileio.c
|
||||||
|
===================================================================
|
||||||
|
--- fileio.c.orig 2009-04-20 02:03:44.000000000 +0200
|
||||||
|
+++ fileio.c 2010-06-25 18:32:49.960030697 +0200
|
||||||
|
@@ -71,6 +71,11 @@
|
||||||
|
#include "crc32.h"
|
||||||
|
#include "crypt.h"
|
||||||
|
#include "ttyio.h"
|
||||||
|
+#include <sys/types.h>
|
||||||
|
+#include <sys/stat.h>
|
||||||
|
+#include <fcntl.h>
|
||||||
|
+
|
||||||
|
+
|
||||||
|
|
||||||
|
/* setup of codepage conversion for decryption passwords */
|
||||||
|
#if CRYPT
|
||||||
|
@@ -270,6 +275,7 @@ int open_input_file(__G) /* return 1
|
||||||
|
int open_outfile(__G) /* return 1 if fail */
|
||||||
|
__GDEF
|
||||||
|
{
|
||||||
|
+ int fd;
|
||||||
|
#ifdef DLL
|
||||||
|
if (G.redirect_data)
|
||||||
|
return (redirect_outfile(__G) == FALSE);
|
||||||
|
@@ -448,23 +454,48 @@ int open_outfile(__G) /* retur
|
||||||
|
return 1; /* with "./" fix in checkdir(), should never reach here */
|
||||||
|
}
|
||||||
|
#endif /* NOVELL_BUG_FAILSAFE */
|
||||||
|
- Trace((stderr, "open_outfile: doing fopen(%s) for writing\n",
|
||||||
|
- FnFilter1(G.filename)));
|
||||||
|
{
|
||||||
|
#if defined(ATH_BE_UNX) || defined(AOS_VS) || defined(QDOS) || defined(TANDEM)
|
||||||
|
mode_t umask_sav = umask(0077);
|
||||||
|
#endif
|
||||||
|
+
|
||||||
|
+#if defined(SYMLINKS) || defined(QLZIP)
|
||||||
|
+ fd = open(G.filename, O_RDWR | O_LARGEFILE | O_CREAT,
|
||||||
|
+ /* 0644 in portable POSIX notation: */
|
||||||
|
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
|
||||||
|
+#else
|
||||||
|
+ fd = open(G.filename, O_WRONLY | O_LARGEFILE | O_CREAT,
|
||||||
|
+ /* 0644 in portable POSIX notation: */
|
||||||
|
+ S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
|
||||||
|
+#endif
|
||||||
|
+ Trace((stderr, "open_outfile: open(%s, O_WRONLY | O_LARGEFILE | O_CREAT) returned %d\n",
|
||||||
|
+ FnFilter1(G.filename), fd));
|
||||||
|
+
|
||||||
|
+ if (fd < 0) {
|
||||||
|
+ Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),
|
||||||
|
+ FnFilter1(G.filename), strerror(errno)));
|
||||||
|
+ return 1;
|
||||||
|
+ }
|
||||||
|
#if defined(SYMLINKS) || defined(QLZIP)
|
||||||
|
/* These features require the ability to re-read extracted data from
|
||||||
|
the output files. Output files are created with Read&Write access.
|
||||||
|
*/
|
||||||
|
- G.outfile = zfopen(G.filename, FOPWR);
|
||||||
|
+
|
||||||
|
+ G.outfile = zfdopen(fd, FOPWR);
|
||||||
|
+
|
||||||
|
+ Trace((stderr, "open_outfile: doing fdopen(%s, FOPWR) returned %p\n",
|
||||||
|
+ G.outfile));
|
||||||
|
#else
|
||||||
|
- G.outfile = zfopen(G.filename, FOPW);
|
||||||
|
+ G.outfile = zfdopen(fd, FOPW);
|
||||||
|
+
|
||||||
|
+ Trace((stderr, "open_outfile: doing fdopen(%s, FOPW) returned %p\n",
|
||||||
|
+ G.outfile));
|
||||||
|
#endif
|
||||||
|
#if defined(ATH_BE_UNX) || defined(AOS_VS) || defined(QDOS) || defined(TANDEM)
|
||||||
|
umask(umask_sav);
|
||||||
|
#endif
|
||||||
|
+ if (G.outfile == NULL && fd != 0)
|
||||||
|
+ unlink(G.filename);
|
||||||
|
}
|
||||||
|
if (G.outfile == (FILE *)NULL) {
|
||||||
|
Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),
|
22
unzip-optflags.patch
Normal file
22
unzip-optflags.patch
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
Index: unix/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- unix/Makefile.orig 2010-05-21 13:11:26.128591070 +0200
|
||||||
|
+++ unix/Makefile 2010-05-21 13:14:45.429090869 +0200
|
||||||
|
@@ -809,7 +809,7 @@ isi: unix_make
|
||||||
|
linux: unix_make
|
||||||
|
@echo 'NOTE: use linux_noasm target for non-Intel Linux compiles.'
|
||||||
|
$(MAKE) unzips CC=gcc LD=gcc AS=gcc\
|
||||||
|
- CFLAGS="-O3 -Wall -DASM_CRC"\
|
||||||
|
+ CFLAGS="$(RPM_OPT_FLAGS) -DASM_CRC"\
|
||||||
|
AF="-Di386 $(AF)" CRCA_O=crc_gcc$O
|
||||||
|
# GRR: this echo is pointless; if user gets this far, no difference to install
|
||||||
|
# @echo 'Be sure to use the install_asm target rather than the install target'
|
||||||
|
@@ -819,7 +819,7 @@ linux_asm: linux
|
||||||
|
# Linux (Posix, approximately SysV): virtually any version since before 0.96,
|
||||||
|
# for any platform. Change "-O" to "-O3" or whatever, as desired...
|
||||||
|
linux_noasm: unix_make
|
||||||
|
- $(MAKE) unzips CC=gcc LD=gcc CFLAGS="-O -Wall"
|
||||||
|
+ $(MAKE) unzips CC=gcc LD=gcc CF="$(RPM_OPT_FLAGS)"
|
||||||
|
|
||||||
|
# Linux with lcc compiler: __inline__ (stat.h) not recognized, and must edit
|
||||||
|
# /usr/include/gnu/types.h to get rid of "long long" if __LCC__ defined. -O3
|
411
unzip-rcc.changes
Normal file
411
unzip-rcc.changes
Normal file
@ -0,0 +1,411 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
||||||
|
|
||||||
|
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
||||||
|
|
||||||
|
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
|
||||||
|
to a local string (CVE-2022-0530, bsc#1196177)
|
||||||
|
* CVE-2022-0530.patch
|
||||||
|
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
|
||||||
|
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
|
||||||
|
* CVE-2022-0529.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 9 11:30:06 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||||
|
|
||||||
|
- Add patch to fix issue with some files being incorrectly
|
||||||
|
detected as symlinks (boo#1190273)
|
||||||
|
+ unzip-initialize-the-symlink-flag.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 22 09:27:01 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
|
||||||
|
|
||||||
|
- Change unzip-doc to noarch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
|
||||||
|
|
||||||
|
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
|
||||||
|
list.c [bsc#1110194] [CVE-2018-18384]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
|
||||||
|
|
||||||
|
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
|
||||||
|
unable to process Windows zip64 archives because Windows
|
||||||
|
archivers set total_disks field to 0 but per standard, valid
|
||||||
|
values are 1 and higher [bnc#910683]
|
||||||
|
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
|
||||||
|
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
|
||||||
|
|
||||||
|
- Fix "remove failed: No such file or directory" warnings upon
|
||||||
|
package removal:
|
||||||
|
* Call 'update-alternative --remove' in %postun, not in %preun.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 8 14:11:25 UTC 2018 - kbabioch@suse.com
|
||||||
|
|
||||||
|
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
|
||||||
|
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
|
||||||
|
|
||||||
|
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
|
||||||
|
causing errors testing valid jar files:
|
||||||
|
$ unzip -t foo.jar
|
||||||
|
Archive: foo.jar
|
||||||
|
testing: META-INF/ bad extra-field entry:
|
||||||
|
EF block length (0 bytes) invalid (< 4)
|
||||||
|
testing: META-INF/MANIFEST.MF OK
|
||||||
|
testing: foo OK
|
||||||
|
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
|
||||||
|
where the updated patch was taken from)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
||||||
|
|
||||||
|
- Fixed two potential buffer overflows.
|
||||||
|
The patches were extracted from
|
||||||
|
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
|
||||||
|
http://antinode.info/ftp/info-zip/unzip60/list.c
|
||||||
|
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
|
||||||
|
CVE-2016-9844.patch, CVE-2014-9913.patch)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
|
||||||
|
|
||||||
|
- When decrypting an encrypted file,
|
||||||
|
quit early if compressed size < HEAD_LEN.
|
||||||
|
When extracting avoid an infinite loop
|
||||||
|
if a file never finishes unzipping.
|
||||||
|
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
|
||||||
|
CVE-2015-7696.patch, CVE-2015-7697.patch)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 16 14:58:41 UTC 2016 - tchvatal@suse.com
|
||||||
|
|
||||||
|
- Require properly the update-alternatives to not throw out errors
|
||||||
|
when installing in OBS chroot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 26 13:25:54 UTC 2015 - tbehrens@suse.com
|
||||||
|
|
||||||
|
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
|
||||||
|
the CRC32 verification (fixes bnc#909214)
|
||||||
|
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
|
||||||
|
(*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
|
||||||
|
read errors (*_6430_*, *_3422_*) show problems in
|
||||||
|
process.c:getZip64Data() (fixes bnc#909214)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Dec 21 13:43:32 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- build with PIE
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 2 18:29:07 UTC 2013 - coolo@suse.com
|
||||||
|
|
||||||
|
- fix defaultattr for old distros
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 2 13:55:08 UTC 2013 - coolo@suse.com
|
||||||
|
|
||||||
|
- split the rcc dependency into a spec file of it's own, we don't
|
||||||
|
need that complexity during build causing cycles like this:
|
||||||
|
unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 5 10:07:44 UTC 2013 - idonmez@suse.com
|
||||||
|
|
||||||
|
- Cleanup spec file
|
||||||
|
- Add Source URL, see https://en.opensuse.org/SourceUrls
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 5 13:57:24 CEST 2011 - pth@suse.de
|
||||||
|
|
||||||
|
- Don't call isprint (bnc#620483).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 23 14:21:44 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- remove use of __DATE__ from correct file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat May 07 23:16:45 UTC 2011 - idoenmez@novell.com
|
||||||
|
|
||||||
|
- Sync our compile time flags with Debian except Acorn stuff, this enables
|
||||||
|
UTF-8, saves an unrelated warning about lchmod being not implemented.
|
||||||
|
- Enable make check
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 28 13:50:13 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- use dlopen for librcc0. A direct requires causes lots of other
|
||||||
|
packages to get installed such as aspell which bloats a minimal
|
||||||
|
install.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 30 19:44:17 UTC 2010 - cristian.rodriguez@opensuse.org
|
||||||
|
|
||||||
|
- Do not include build host specific info like build dates In
|
||||||
|
binaries.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 25 18:21:34 CEST 2010 - pth@suse.de
|
||||||
|
|
||||||
|
- Doing open(O_WRONLY) and then fdopen("w+") will now fail with
|
||||||
|
"Invalid Argument" whereas former glibcs would succeed. So now
|
||||||
|
do open(O_RDWR).
|
||||||
|
- Print error message when open(2) fails.
|
||||||
|
- Add debugging traces in open_outfile.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 21 16:39:24 CEST 2010 - pth@suse.de
|
||||||
|
|
||||||
|
- Update to 6.0:
|
||||||
|
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
|
||||||
|
entries larger than 4 GiBytes and more than 65536 entries within a
|
||||||
|
single Zip archive. This support is currently only available for Unix,
|
||||||
|
OpenVMS and Win32/Win64.
|
||||||
|
* Support for bzip2 compression method.
|
||||||
|
* Support for UTF-8 encoded entry names, both through PKWARE's "General
|
||||||
|
Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
|
||||||
|
extra field. (Currently, on Windows the UTF-8 handling is limited to
|
||||||
|
the character subset contained in the configured non-unicode "system
|
||||||
|
code page".)
|
||||||
|
* Fixed "Time of Creation/Time of Use" vulnerability when setting
|
||||||
|
attributes of extracted files, for Unix and Unix-like ports.
|
||||||
|
* Fixed memory leak when processing invalid deflated data.
|
||||||
|
* Fixed long-standing bug in unshrink (partial_clear), added boundary
|
||||||
|
checks against invalid compressed data.
|
||||||
|
* On Unix, keep inherited SGID attribute bit for extracted directories
|
||||||
|
unless restoration of owner/group id or SUID/SGID/Tacky attributes was
|
||||||
|
requested.
|
||||||
|
* On Unix, allow extracted filenames to contain embedded control
|
||||||
|
characters when explicitly requested by specifying the new command line
|
||||||
|
option "-^".
|
||||||
|
* On Unix, support restoration of symbolic link attributes.
|
||||||
|
* On Unix, support restoration of 32-bit UID/GID data using the new "ux"
|
||||||
|
IZUNIX3 extra field introduced with Zip 3.0.
|
||||||
|
* Support symbolic links zipped up on VMS.
|
||||||
|
* New -D option to suppress restoration of timestamps for extracted
|
||||||
|
directory entries (on those ports that support setting of directory
|
||||||
|
timestamps). By specifying "-DD", this new option also allows to
|
||||||
|
suppress timestamp restoration for ALL extracted files on all UnZip
|
||||||
|
ports which support restoration of timestamps. On VMS, the default
|
||||||
|
behaviour is now to skip restoration of directory timestamps; here,
|
||||||
|
"--D" restores ALL timestamps, "-D" restores none.
|
||||||
|
* On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
|
||||||
|
to allow saving backup copies of overwritten files on extraction is now
|
||||||
|
enabled by default.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 10 16:39:20 UTC 2010 - pth@suse.de
|
||||||
|
|
||||||
|
- Use librcc to convert russian/slavic file names (bnc#540598).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Dec 6 17:51:30 CET 2009 - jengelh@.medozas.de
|
||||||
|
|
||||||
|
- enable parallel building
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 9 15:53:53 CET 2008 - schwab@suse.de
|
||||||
|
|
||||||
|
- Fix last change.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 15 12:32:57 CEST 2008 - ro@suse.de
|
||||||
|
|
||||||
|
- use hardlink instead of softlink
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 4 13:29:27 CET 2008 - pth@suse.de
|
||||||
|
|
||||||
|
- Add patch to fix erroneous freeing of buffers (bnc#358425)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 7 12:52:06 CET 2007 - pth@suse.de
|
||||||
|
|
||||||
|
- Pass file mode when calling open with O_CREAT.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 3 13:24:27 CET 2007 - pth@suse.de
|
||||||
|
|
||||||
|
- Add patch to extend the maximum file/archive size to 2^32-8193
|
||||||
|
(4294959103) bytes.
|
||||||
|
- Add patch to fix CVE-2005-2475 (bnc#274156)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
|
||||||
|
|
||||||
|
- fix changelog entry order
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 3 15:25:39 CEST 2007 - pth@suse.de
|
||||||
|
|
||||||
|
- Add patch from Takashi Iwai that adds a new option (-S) to
|
||||||
|
unzip and infozip that disables file name translation (bnc#267901).
|
||||||
|
- Recompress tarball with bzip2
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 27 02:30:41 CET 2006 - mls@suse.de
|
||||||
|
|
||||||
|
- converted neededforbuild to BuildRequires
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 26 15:28:44 CET 2006 - pth@suse.de
|
||||||
|
|
||||||
|
- Reject file names that are too long (bnc#140304)
|
||||||
|
- Use stack protector.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 20 17:41:23 CET 2006 - schwab@suse.de
|
||||||
|
|
||||||
|
- Don't strip binaries.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 15 11:31:51 CET 2005 - pth@suse.de
|
||||||
|
|
||||||
|
- Compile with (limited) large file support. This will support
|
||||||
|
single files exceeding 2 GB as long as the archive stays below
|
||||||
|
that theshold.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de
|
||||||
|
|
||||||
|
- update to version 5.52 (bnc#67279)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Aug 7 15:03:23 CEST 2004 - rommel@suse.de
|
||||||
|
|
||||||
|
- update to version 5.51
|
||||||
|
(fixes old security bugs, adds PKWARE's compression code Deflate64)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 19 18:36:21 CEST 2004 - ro@suse.de
|
||||||
|
|
||||||
|
- added -fno-strict-aliasing
|
||||||
|
- really use RPM_OPT_FLAGS
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Jan 11 13:00:23 CET 2004 - adrian@suse.de
|
||||||
|
|
||||||
|
- build as user
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Sep 23 16:53:44 CEST 2003 - rommel@suse.de
|
||||||
|
|
||||||
|
- replaced fix for ../ exploit with a fix both for
|
||||||
|
the ../ exploit and '/' exploit (Bugzilla #29311)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 3 12:57:38 CEST 2003 - rommel@suse.de
|
||||||
|
|
||||||
|
- added fix for ../ exploit (Bugzilla #27667)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 17 14:42:19 CET 2003 - rommel@suse.de
|
||||||
|
|
||||||
|
- fixed Summary: to be more verbose about what this package does
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 18 00:57:21 CEST 2002 - ro@suse.de
|
||||||
|
|
||||||
|
- removed bogus self-provides
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 5 11:09:32 CEST 2002 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Use %ix86 macro
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 11 2002 - rommel@suse.de
|
||||||
|
|
||||||
|
- Update to 5.50
|
||||||
|
- took over parts of pmladek's patch (see below)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 24 13:43:46 CET 2002 - grimmer@suse.de
|
||||||
|
|
||||||
|
- added unzip-5.42-iso8859_2.patch to fix coding conversion
|
||||||
|
between Microsoft and Linux file names
|
||||||
|
(originally from http://www.axis.cz/linux/zip_unzip.php3,
|
||||||
|
enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek
|
||||||
|
<pmladek@suse.cz>)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 9 13:42:07 CEST 2001 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Update to 5.42
|
||||||
|
- file list fixes (new license file, documentation renames)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 13 17:49:59 CET 2000 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Update to 5.41 (now includes decryption support)
|
||||||
|
- now Provides and Obsoletes crunzip
|
||||||
|
- bzipped sources
|
||||||
|
- use BuildRoot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 29 18:33:38 CET 2000 - schwab@suse.de
|
||||||
|
|
||||||
|
- Add support for ia64.
|
||||||
|
- /usr/man -> /usr/share/man
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 22 16:19:18 MET 1999 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Added "Conflicts: crzip" to spec file
|
||||||
|
- cleaned up Provides: tag
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 17 16:40:10 MET 1999 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Spec file cleanups
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Nov 27 15:03:07 MET 1999 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Use linux_noasm Makefile target on SPARC
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
|
||||||
|
|
||||||
|
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 8 16:34:57 CEST 1999 - uli@suse.de
|
||||||
|
|
||||||
|
- uses target linux_noasm for PPC
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 24 09:42:16 MET 1999 - grimmer@suse.de
|
||||||
|
|
||||||
|
- new version (5.40)
|
||||||
|
- specfile modifications
|
||||||
|
- added french description
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 11 14:29:14 MET 1999 - ro@suse.de
|
||||||
|
|
||||||
|
- use target linux_noasm for alpha
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 23 15:03:52 MET 1998 - rj@suse.de
|
||||||
|
|
||||||
|
- version 5.32
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 6 11:56:09 CET 1997 - rj@suse.de
|
||||||
|
|
||||||
|
- version 5.12
|
||||||
|
- new test/changes/plist files
|
||||||
|
|
188
unzip-rcc.spec
Normal file
188
unzip-rcc.spec
Normal file
@ -0,0 +1,188 @@
|
|||||||
|
#
|
||||||
|
# spec file for package unzip-rcc
|
||||||
|
#
|
||||||
|
# Copyright (c) 2022 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%define _name unzip
|
||||||
|
%define fileversion 60
|
||||||
|
%bcond_without rcc
|
||||||
|
%if %{with rcc}
|
||||||
|
%define update_weight 20
|
||||||
|
%define _suffix rcc
|
||||||
|
BuildRequires: librcc-devel
|
||||||
|
Suggests: librcc0
|
||||||
|
Provides: %{_name} = %{version}
|
||||||
|
%else
|
||||||
|
%define update_weight 10
|
||||||
|
%define _suffix plain
|
||||||
|
%endif
|
||||||
|
# NOTE: unzip.spec is the major file, if you want to update unzip-rcc.spec
|
||||||
|
# call pre_checkin.sh after editing unzip.spec
|
||||||
|
Name: unzip-rcc
|
||||||
|
Version: 6.00
|
||||||
|
Release: 0
|
||||||
|
Summary: A program to unpack compressed files
|
||||||
|
License: BSD-3-Clause
|
||||||
|
Group: Productivity/Archiving/Compression
|
||||||
|
URL: http://www.info-zip.org/
|
||||||
|
Source: http://sourceforge.net/projects/infozip/files/UnZip%%206.x%%20%%28latest%%29/UnZip%%206.0/%{_name}%{fileversion}.tar.gz
|
||||||
|
Source1: pre_checkin.sh
|
||||||
|
Patch0: unzip.dif
|
||||||
|
Patch1: unzip-iso8859_2.patch
|
||||||
|
Patch3: unzip-optflags.patch
|
||||||
|
Patch4: unzip-5.52-filename_too_long.patch
|
||||||
|
Patch5: unzip-no_file_name_translation.patch
|
||||||
|
Patch8: unzip-open_missing_mode.patch
|
||||||
|
Patch10: unzip-5.52-use_librcc.patch
|
||||||
|
Patch11: unzip-no-build-date.patch
|
||||||
|
Patch12: unzip-dont_call_isprint.patch
|
||||||
|
Patch13: Fix-CVE-2014-8139-unzip.patch
|
||||||
|
# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
|
||||||
|
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
|
||||||
|
Patch15: CVE-2015-7696.patch
|
||||||
|
Patch16: CVE-2015-7697.patch
|
||||||
|
Patch17: CVE-2016-9844.patch
|
||||||
|
Patch18: CVE-2014-9913.patch
|
||||||
|
Patch19: CVE-2018-1000035.patch
|
||||||
|
Patch20: Fix-CVE-2014-9636-unzip-buffer-overflow.patch
|
||||||
|
Patch21: unzip60-total_disks_zero.patch
|
||||||
|
Patch22: unzip60-cfactorstr_overflow.patch
|
||||||
|
Patch23: unzip-initialize-the-symlink-flag.patch
|
||||||
|
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0530 bsc#1196177
|
||||||
|
Patch24: CVE-2022-0530.patch
|
||||||
|
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0529 bsc#1196180
|
||||||
|
Patch25: CVE-2022-0529.patch
|
||||||
|
Requires(post): update-alternatives
|
||||||
|
Requires(postun):update-alternatives
|
||||||
|
Recommends: %{_name}-doc
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
|
%description
|
||||||
|
UnZip is an extraction utility for archives compressed in .zip format
|
||||||
|
(known as "zip files"). Although highly compatible both with PKWARE's
|
||||||
|
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
|
||||||
|
program, our primary objectives have been portability and non-MS-DOS
|
||||||
|
functionality. This version can also extract encrypted archives.
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: Documentation files for unzip
|
||||||
|
Group: Productivity/Archiving/Compression
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
UnZip is an extraction utility for archives compressed in .zip format
|
||||||
|
(known as "zip files"). Although highly compatible both with PKWARE's
|
||||||
|
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
|
||||||
|
program, our primary objectives have been portability and non-MS-DOS
|
||||||
|
functionality. This version can also extract encrypted archives.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{_name}%{fileversion}
|
||||||
|
%patch0
|
||||||
|
%patch1
|
||||||
|
%patch3
|
||||||
|
%patch4
|
||||||
|
%patch5
|
||||||
|
%patch8
|
||||||
|
%if %{with rcc}
|
||||||
|
%patch10
|
||||||
|
%endif
|
||||||
|
%patch11
|
||||||
|
%patch12
|
||||||
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
%patch15 -p1
|
||||||
|
%patch16 -p1
|
||||||
|
%patch17 -p1
|
||||||
|
%patch18 -p1
|
||||||
|
%patch19 -p0
|
||||||
|
%patch20 -p1
|
||||||
|
%patch21 -p1
|
||||||
|
%patch22 -p1
|
||||||
|
%patch23 -p1
|
||||||
|
%patch24 -p1
|
||||||
|
%patch25 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
export RPM_OPT_FLAGS="%{optflags} \
|
||||||
|
-D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
|
||||||
|
-DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
|
||||||
|
-DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
|
||||||
|
-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing -fPIE"
|
||||||
|
|
||||||
|
make %{?_smp_mflags} -f unix/Makefile LF2="-ldl -pie" linux_noasm
|
||||||
|
|
||||||
|
%check
|
||||||
|
make %{?_smp_mflags} -f unix/Makefile check
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
|
||||||
|
mkdir -p %{buildroot}{%{_bindir},%{_mandir}/man1}
|
||||||
|
for i in unzip funzip unzipsfx; do
|
||||||
|
install $i "%{buildroot}%{_bindir}/$i-"%{_suffix}
|
||||||
|
done
|
||||||
|
ln -s unzip %{buildroot}%{_bindir}/zipinfo
|
||||||
|
install unix/zipgrep "%{buildroot}%{_bindir}/zipgrep-"%{_suffix}
|
||||||
|
for i in unzip funzip unzipsfx zipgrep; do
|
||||||
|
touch %{buildroot}%{_sysconfdir}/alternatives/$i
|
||||||
|
ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%{_bindir}/$i
|
||||||
|
done
|
||||||
|
|
||||||
|
# do not have the docu in both packages
|
||||||
|
%if %{without rcc}
|
||||||
|
for i in man/*.1; do
|
||||||
|
install -m 644 $i %{buildroot}%{_mandir}/man1/
|
||||||
|
done
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%post
|
||||||
|
for bin in unzip funzip unzipsfx zipgrep; do
|
||||||
|
%{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight}
|
||||||
|
done
|
||||||
|
|
||||||
|
%postun
|
||||||
|
if [ "$1" = 0 ] ; then
|
||||||
|
for bin in unzip funzip unzipsfx zipgrep; do
|
||||||
|
%{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%ghost %{_sysconfdir}/alternatives/unzip
|
||||||
|
%{_bindir}/unzip
|
||||||
|
%{_bindir}/unzip-%{_suffix}
|
||||||
|
%ghost %{_sysconfdir}/alternatives/funzip
|
||||||
|
%{_bindir}/funzip
|
||||||
|
%{_bindir}/funzip-%{_suffix}
|
||||||
|
%ghost %{_sysconfdir}/alternatives/unzipsfx
|
||||||
|
%{_bindir}/unzipsfx
|
||||||
|
%{_bindir}/unzipsfx-%{_suffix}
|
||||||
|
%{_bindir}/zipinfo
|
||||||
|
%ghost %{_sysconfdir}/alternatives/zipgrep
|
||||||
|
%{_bindir}/zipgrep
|
||||||
|
%{_bindir}/zipgrep-%{_suffix}
|
||||||
|
|
||||||
|
%if %{without rcc}
|
||||||
|
%files doc
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
%doc BUGS Contents History.* LICENSE README ToDo WHERE
|
||||||
|
%doc *.txt proginfo
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%changelog
|
411
unzip.changes
Normal file
411
unzip.changes
Normal file
@ -0,0 +1,411 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
||||||
|
|
||||||
|
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
||||||
|
|
||||||
|
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
|
||||||
|
to a local string (CVE-2022-0530, bsc#1196177)
|
||||||
|
* CVE-2022-0530.patch
|
||||||
|
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
|
||||||
|
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
|
||||||
|
* CVE-2022-0529.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Sep 9 11:30:06 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||||
|
|
||||||
|
- Add patch to fix issue with some files being incorrectly
|
||||||
|
detected as symlinks (boo#1190273)
|
||||||
|
+ unzip-initialize-the-symlink-flag.patch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 22 09:27:01 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
|
||||||
|
|
||||||
|
- Change unzip-doc to noarch
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
|
||||||
|
|
||||||
|
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
|
||||||
|
list.c [bsc#1110194] [CVE-2018-18384]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
|
||||||
|
|
||||||
|
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
|
||||||
|
unable to process Windows zip64 archives because Windows
|
||||||
|
archivers set total_disks field to 0 but per standard, valid
|
||||||
|
values are 1 and higher [bnc#910683]
|
||||||
|
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
|
||||||
|
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
|
||||||
|
|
||||||
|
- Fix "remove failed: No such file or directory" warnings upon
|
||||||
|
package removal:
|
||||||
|
* Call 'update-alternative --remove' in %postun, not in %preun.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 8 14:11:25 UTC 2018 - kbabioch@suse.com
|
||||||
|
|
||||||
|
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
|
||||||
|
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
|
||||||
|
|
||||||
|
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
|
||||||
|
causing errors testing valid jar files:
|
||||||
|
$ unzip -t foo.jar
|
||||||
|
Archive: foo.jar
|
||||||
|
testing: META-INF/ bad extra-field entry:
|
||||||
|
EF block length (0 bytes) invalid (< 4)
|
||||||
|
testing: META-INF/MANIFEST.MF OK
|
||||||
|
testing: foo OK
|
||||||
|
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
|
||||||
|
where the updated patch was taken from)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
||||||
|
|
||||||
|
- Fixed two potential buffer overflows.
|
||||||
|
The patches were extracted from
|
||||||
|
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
|
||||||
|
http://antinode.info/ftp/info-zip/unzip60/list.c
|
||||||
|
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
|
||||||
|
CVE-2016-9844.patch, CVE-2014-9913.patch)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
|
||||||
|
|
||||||
|
- When decrypting an encrypted file,
|
||||||
|
quit early if compressed size < HEAD_LEN.
|
||||||
|
When extracting avoid an infinite loop
|
||||||
|
if a file never finishes unzipping.
|
||||||
|
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
|
||||||
|
CVE-2015-7696.patch, CVE-2015-7697.patch)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 16 14:58:41 UTC 2016 - tchvatal@suse.com
|
||||||
|
|
||||||
|
- Require properly the update-alternatives to not throw out errors
|
||||||
|
when installing in OBS chroot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 26 13:25:54 UTC 2015 - tbehrens@suse.com
|
||||||
|
|
||||||
|
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
|
||||||
|
the CRC32 verification (fixes bnc#909214)
|
||||||
|
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
|
||||||
|
(*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
|
||||||
|
read errors (*_6430_*, *_3422_*) show problems in
|
||||||
|
process.c:getZip64Data() (fixes bnc#909214)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Dec 21 13:43:32 UTC 2014 - meissner@suse.com
|
||||||
|
|
||||||
|
- build with PIE
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 2 18:29:07 UTC 2013 - coolo@suse.com
|
||||||
|
|
||||||
|
- fix defaultattr for old distros
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 2 13:55:08 UTC 2013 - coolo@suse.com
|
||||||
|
|
||||||
|
- split the rcc dependency into a spec file of it's own, we don't
|
||||||
|
need that complexity during build causing cycles like this:
|
||||||
|
unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 5 10:07:44 UTC 2013 - idonmez@suse.com
|
||||||
|
|
||||||
|
- Cleanup spec file
|
||||||
|
- Add Source URL, see https://en.opensuse.org/SourceUrls
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 5 13:57:24 CEST 2011 - pth@suse.de
|
||||||
|
|
||||||
|
- Don't call isprint (bnc#620483).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 23 14:21:44 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- remove use of __DATE__ from correct file
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat May 07 23:16:45 UTC 2011 - idoenmez@novell.com
|
||||||
|
|
||||||
|
- Sync our compile time flags with Debian except Acorn stuff, this enables
|
||||||
|
UTF-8, saves an unrelated warning about lchmod being not implemented.
|
||||||
|
- Enable make check
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 28 13:50:13 UTC 2011 - lnussel@suse.de
|
||||||
|
|
||||||
|
- use dlopen for librcc0. A direct requires causes lots of other
|
||||||
|
packages to get installed such as aspell which bloats a minimal
|
||||||
|
install.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Aug 30 19:44:17 UTC 2010 - cristian.rodriguez@opensuse.org
|
||||||
|
|
||||||
|
- Do not include build host specific info like build dates In
|
||||||
|
binaries.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jun 25 18:21:34 CEST 2010 - pth@suse.de
|
||||||
|
|
||||||
|
- Doing open(O_WRONLY) and then fdopen("w+") will now fail with
|
||||||
|
"Invalid Argument" whereas former glibcs would succeed. So now
|
||||||
|
do open(O_RDWR).
|
||||||
|
- Print error message when open(2) fails.
|
||||||
|
- Add debugging traces in open_outfile.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 21 16:39:24 CEST 2010 - pth@suse.de
|
||||||
|
|
||||||
|
- Update to 6.0:
|
||||||
|
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
|
||||||
|
entries larger than 4 GiBytes and more than 65536 entries within a
|
||||||
|
single Zip archive. This support is currently only available for Unix,
|
||||||
|
OpenVMS and Win32/Win64.
|
||||||
|
* Support for bzip2 compression method.
|
||||||
|
* Support for UTF-8 encoded entry names, both through PKWARE's "General
|
||||||
|
Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
|
||||||
|
extra field. (Currently, on Windows the UTF-8 handling is limited to
|
||||||
|
the character subset contained in the configured non-unicode "system
|
||||||
|
code page".)
|
||||||
|
* Fixed "Time of Creation/Time of Use" vulnerability when setting
|
||||||
|
attributes of extracted files, for Unix and Unix-like ports.
|
||||||
|
* Fixed memory leak when processing invalid deflated data.
|
||||||
|
* Fixed long-standing bug in unshrink (partial_clear), added boundary
|
||||||
|
checks against invalid compressed data.
|
||||||
|
* On Unix, keep inherited SGID attribute bit for extracted directories
|
||||||
|
unless restoration of owner/group id or SUID/SGID/Tacky attributes was
|
||||||
|
requested.
|
||||||
|
* On Unix, allow extracted filenames to contain embedded control
|
||||||
|
characters when explicitly requested by specifying the new command line
|
||||||
|
option "-^".
|
||||||
|
* On Unix, support restoration of symbolic link attributes.
|
||||||
|
* On Unix, support restoration of 32-bit UID/GID data using the new "ux"
|
||||||
|
IZUNIX3 extra field introduced with Zip 3.0.
|
||||||
|
* Support symbolic links zipped up on VMS.
|
||||||
|
* New -D option to suppress restoration of timestamps for extracted
|
||||||
|
directory entries (on those ports that support setting of directory
|
||||||
|
timestamps). By specifying "-DD", this new option also allows to
|
||||||
|
suppress timestamp restoration for ALL extracted files on all UnZip
|
||||||
|
ports which support restoration of timestamps. On VMS, the default
|
||||||
|
behaviour is now to skip restoration of directory timestamps; here,
|
||||||
|
"--D" restores ALL timestamps, "-D" restores none.
|
||||||
|
* On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
|
||||||
|
to allow saving backup copies of overwritten files on extraction is now
|
||||||
|
enabled by default.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 10 16:39:20 UTC 2010 - pth@suse.de
|
||||||
|
|
||||||
|
- Use librcc to convert russian/slavic file names (bnc#540598).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Dec 6 17:51:30 CET 2009 - jengelh@.medozas.de
|
||||||
|
|
||||||
|
- enable parallel building
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 9 15:53:53 CET 2008 - schwab@suse.de
|
||||||
|
|
||||||
|
- Fix last change.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 15 12:32:57 CEST 2008 - ro@suse.de
|
||||||
|
|
||||||
|
- use hardlink instead of softlink
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 4 13:29:27 CET 2008 - pth@suse.de
|
||||||
|
|
||||||
|
- Add patch to fix erroneous freeing of buffers (bnc#358425)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 7 12:52:06 CET 2007 - pth@suse.de
|
||||||
|
|
||||||
|
- Pass file mode when calling open with O_CREAT.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 3 13:24:27 CET 2007 - pth@suse.de
|
||||||
|
|
||||||
|
- Add patch to extend the maximum file/archive size to 2^32-8193
|
||||||
|
(4294959103) bytes.
|
||||||
|
- Add patch to fix CVE-2005-2475 (bnc#274156)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
|
||||||
|
|
||||||
|
- fix changelog entry order
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 3 15:25:39 CEST 2007 - pth@suse.de
|
||||||
|
|
||||||
|
- Add patch from Takashi Iwai that adds a new option (-S) to
|
||||||
|
unzip and infozip that disables file name translation (bnc#267901).
|
||||||
|
- Recompress tarball with bzip2
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 27 02:30:41 CET 2006 - mls@suse.de
|
||||||
|
|
||||||
|
- converted neededforbuild to BuildRequires
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 26 15:28:44 CET 2006 - pth@suse.de
|
||||||
|
|
||||||
|
- Reject file names that are too long (bnc#140304)
|
||||||
|
- Use stack protector.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 20 17:41:23 CET 2006 - schwab@suse.de
|
||||||
|
|
||||||
|
- Don't strip binaries.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Dec 15 11:31:51 CET 2005 - pth@suse.de
|
||||||
|
|
||||||
|
- Compile with (limited) large file support. This will support
|
||||||
|
single files exceeding 2 GB as long as the archive stays below
|
||||||
|
that theshold.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de
|
||||||
|
|
||||||
|
- update to version 5.52 (bnc#67279)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Aug 7 15:03:23 CEST 2004 - rommel@suse.de
|
||||||
|
|
||||||
|
- update to version 5.51
|
||||||
|
(fixes old security bugs, adds PKWARE's compression code Deflate64)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 19 18:36:21 CEST 2004 - ro@suse.de
|
||||||
|
|
||||||
|
- added -fno-strict-aliasing
|
||||||
|
- really use RPM_OPT_FLAGS
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Jan 11 13:00:23 CET 2004 - adrian@suse.de
|
||||||
|
|
||||||
|
- build as user
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Sep 23 16:53:44 CEST 2003 - rommel@suse.de
|
||||||
|
|
||||||
|
- replaced fix for ../ exploit with a fix both for
|
||||||
|
the ../ exploit and '/' exploit (Bugzilla #29311)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jul 3 12:57:38 CEST 2003 - rommel@suse.de
|
||||||
|
|
||||||
|
- added fix for ../ exploit (Bugzilla #27667)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 17 14:42:19 CET 2003 - rommel@suse.de
|
||||||
|
|
||||||
|
- fixed Summary: to be more verbose about what this package does
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 18 00:57:21 CEST 2002 - ro@suse.de
|
||||||
|
|
||||||
|
- removed bogus self-provides
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jul 5 11:09:32 CEST 2002 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Use %ix86 macro
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Mar 11 2002 - rommel@suse.de
|
||||||
|
|
||||||
|
- Update to 5.50
|
||||||
|
- took over parts of pmladek's patch (see below)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 24 13:43:46 CET 2002 - grimmer@suse.de
|
||||||
|
|
||||||
|
- added unzip-5.42-iso8859_2.patch to fix coding conversion
|
||||||
|
between Microsoft and Linux file names
|
||||||
|
(originally from http://www.axis.cz/linux/zip_unzip.php3,
|
||||||
|
enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek
|
||||||
|
<pmladek@suse.cz>)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 9 13:42:07 CEST 2001 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Update to 5.42
|
||||||
|
- file list fixes (new license file, documentation renames)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 13 17:49:59 CET 2000 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Update to 5.41 (now includes decryption support)
|
||||||
|
- now Provides and Obsoletes crunzip
|
||||||
|
- bzipped sources
|
||||||
|
- use BuildRoot
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Feb 29 18:33:38 CET 2000 - schwab@suse.de
|
||||||
|
|
||||||
|
- Add support for ia64.
|
||||||
|
- /usr/man -> /usr/share/man
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Dec 22 16:19:18 MET 1999 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Added "Conflicts: crzip" to spec file
|
||||||
|
- cleaned up Provides: tag
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 17 16:40:10 MET 1999 - grimmer@suse.de
|
||||||
|
|
||||||
|
- Spec file cleanups
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Nov 27 15:03:07 MET 1999 - kukuk@suse.de
|
||||||
|
|
||||||
|
- Use linux_noasm Makefile target on SPARC
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
|
||||||
|
|
||||||
|
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 8 16:34:57 CEST 1999 - uli@suse.de
|
||||||
|
|
||||||
|
- uses target linux_noasm for PPC
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 24 09:42:16 MET 1999 - grimmer@suse.de
|
||||||
|
|
||||||
|
- new version (5.40)
|
||||||
|
- specfile modifications
|
||||||
|
- added french description
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 11 14:29:14 MET 1999 - ro@suse.de
|
||||||
|
|
||||||
|
- use target linux_noasm for alpha
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Jan 23 15:03:52 MET 1998 - rj@suse.de
|
||||||
|
|
||||||
|
- version 5.32
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 6 11:56:09 CET 1997 - rj@suse.de
|
||||||
|
|
||||||
|
- version 5.12
|
||||||
|
- new test/changes/plist files
|
||||||
|
|
24
unzip.dif
Normal file
24
unzip.dif
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Index: unix/Makefile
|
||||||
|
===================================================================
|
||||||
|
--- unix/Makefile.orig 2009-01-18 23:41:18.000000000 +0100
|
||||||
|
+++ unix/Makefile 2010-05-21 14:06:56.192590841 +0200
|
||||||
|
@@ -64,8 +64,8 @@ FL2 = $(LF2)
|
||||||
|
|
||||||
|
# general-purpose stuff
|
||||||
|
#CP = cp
|
||||||
|
-CP = ln
|
||||||
|
-LN = ln
|
||||||
|
+CP = cp
|
||||||
|
+LN = ln -s
|
||||||
|
RM = rm -f
|
||||||
|
CHMOD = chmod
|
||||||
|
BINPERMS = 755
|
||||||
|
@@ -121,7 +121,7 @@ INSTALL_PROGRAM = $(INSTALL)
|
||||||
|
INSTALL_D = mkdir -p
|
||||||
|
# on some systems, manext=l and MANDIR=/usr/man/man$(manext) may be appropriate
|
||||||
|
manext = 1
|
||||||
|
-prefix = /usr/local
|
||||||
|
+prefix = /usr
|
||||||
|
BINDIR = $(prefix)/bin# where to install executables
|
||||||
|
MANDIR = $(prefix)/man/man$(manext)# where to install man pages
|
||||||
|
INSTALLEDBIN = $(BINDIR)/funzip$E $(BINDIR)/unzip$E $(BINDIR)/unzipsfx$E \
|
188
unzip.spec
Normal file
188
unzip.spec
Normal file
@ -0,0 +1,188 @@
|
|||||||
|
#
|
||||||
|
# spec file for package unzip
|
||||||
|
#
|
||||||
|
# Copyright (c) 2022 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%define _name unzip
|
||||||
|
%define fileversion 60
|
||||||
|
%bcond_with rcc
|
||||||
|
%if %{with rcc}
|
||||||
|
%define update_weight 20
|
||||||
|
%define _suffix rcc
|
||||||
|
BuildRequires: librcc-devel
|
||||||
|
Suggests: librcc0
|
||||||
|
Provides: %{_name} = %{version}
|
||||||
|
%else
|
||||||
|
%define update_weight 10
|
||||||
|
%define _suffix plain
|
||||||
|
%endif
|
||||||
|
# NOTE: unzip.spec is the major file, if you want to update unzip-rcc.spec
|
||||||
|
# call pre_checkin.sh after editing unzip.spec
|
||||||
|
Name: unzip
|
||||||
|
Version: 6.00
|
||||||
|
Release: 0
|
||||||
|
Summary: A program to unpack compressed files
|
||||||
|
License: BSD-3-Clause
|
||||||
|
Group: Productivity/Archiving/Compression
|
||||||
|
URL: http://www.info-zip.org/
|
||||||
|
Source: http://sourceforge.net/projects/infozip/files/UnZip%%206.x%%20%%28latest%%29/UnZip%%206.0/%{_name}%{fileversion}.tar.gz
|
||||||
|
Source1: pre_checkin.sh
|
||||||
|
Patch0: unzip.dif
|
||||||
|
Patch1: unzip-iso8859_2.patch
|
||||||
|
Patch3: unzip-optflags.patch
|
||||||
|
Patch4: unzip-5.52-filename_too_long.patch
|
||||||
|
Patch5: unzip-no_file_name_translation.patch
|
||||||
|
Patch8: unzip-open_missing_mode.patch
|
||||||
|
Patch10: unzip-5.52-use_librcc.patch
|
||||||
|
Patch11: unzip-no-build-date.patch
|
||||||
|
Patch12: unzip-dont_call_isprint.patch
|
||||||
|
Patch13: Fix-CVE-2014-8139-unzip.patch
|
||||||
|
# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
|
||||||
|
Patch14: Fix-CVE-2014-8140-and-CVE-2014-8141.patch
|
||||||
|
Patch15: CVE-2015-7696.patch
|
||||||
|
Patch16: CVE-2015-7697.patch
|
||||||
|
Patch17: CVE-2016-9844.patch
|
||||||
|
Patch18: CVE-2014-9913.patch
|
||||||
|
Patch19: CVE-2018-1000035.patch
|
||||||
|
Patch20: Fix-CVE-2014-9636-unzip-buffer-overflow.patch
|
||||||
|
Patch21: unzip60-total_disks_zero.patch
|
||||||
|
Patch22: unzip60-cfactorstr_overflow.patch
|
||||||
|
Patch23: unzip-initialize-the-symlink-flag.patch
|
||||||
|
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0530 bsc#1196177
|
||||||
|
Patch24: CVE-2022-0530.patch
|
||||||
|
# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0529 bsc#1196180
|
||||||
|
Patch25: CVE-2022-0529.patch
|
||||||
|
Requires(post): update-alternatives
|
||||||
|
Requires(postun):update-alternatives
|
||||||
|
Recommends: %{_name}-doc
|
||||||
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
|
%description
|
||||||
|
UnZip is an extraction utility for archives compressed in .zip format
|
||||||
|
(known as "zip files"). Although highly compatible both with PKWARE's
|
||||||
|
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
|
||||||
|
program, our primary objectives have been portability and non-MS-DOS
|
||||||
|
functionality. This version can also extract encrypted archives.
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: Documentation files for unzip
|
||||||
|
Group: Productivity/Archiving/Compression
|
||||||
|
BuildArch: noarch
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
UnZip is an extraction utility for archives compressed in .zip format
|
||||||
|
(known as "zip files"). Although highly compatible both with PKWARE's
|
||||||
|
PKZIP(tm) and PKUNZIP utilities for MS-DOS and with Info-ZIP's own Zip
|
||||||
|
program, our primary objectives have been portability and non-MS-DOS
|
||||||
|
functionality. This version can also extract encrypted archives.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n %{_name}%{fileversion}
|
||||||
|
%patch0
|
||||||
|
%patch1
|
||||||
|
%patch3
|
||||||
|
%patch4
|
||||||
|
%patch5
|
||||||
|
%patch8
|
||||||
|
%if %{with rcc}
|
||||||
|
%patch10
|
||||||
|
%endif
|
||||||
|
%patch11
|
||||||
|
%patch12
|
||||||
|
%patch13 -p1
|
||||||
|
%patch14 -p1
|
||||||
|
%patch15 -p1
|
||||||
|
%patch16 -p1
|
||||||
|
%patch17 -p1
|
||||||
|
%patch18 -p1
|
||||||
|
%patch19 -p0
|
||||||
|
%patch20 -p1
|
||||||
|
%patch21 -p1
|
||||||
|
%patch22 -p1
|
||||||
|
%patch23 -p1
|
||||||
|
%patch24 -p1
|
||||||
|
%patch25 -p1
|
||||||
|
|
||||||
|
%build
|
||||||
|
export RPM_OPT_FLAGS="%{optflags} \
|
||||||
|
-D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
|
||||||
|
-DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
|
||||||
|
-DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
|
||||||
|
-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing -fPIE"
|
||||||
|
|
||||||
|
make %{?_smp_mflags} -f unix/Makefile LF2="-ldl -pie" linux_noasm
|
||||||
|
|
||||||
|
%check
|
||||||
|
make %{?_smp_mflags} -f unix/Makefile check
|
||||||
|
|
||||||
|
%install
|
||||||
|
mkdir -p %{buildroot}%{_sysconfdir}/alternatives
|
||||||
|
mkdir -p %{buildroot}{%{_bindir},%{_mandir}/man1}
|
||||||
|
for i in unzip funzip unzipsfx; do
|
||||||
|
install $i "%{buildroot}%{_bindir}/$i-"%{_suffix}
|
||||||
|
done
|
||||||
|
ln -s unzip %{buildroot}%{_bindir}/zipinfo
|
||||||
|
install unix/zipgrep "%{buildroot}%{_bindir}/zipgrep-"%{_suffix}
|
||||||
|
for i in unzip funzip unzipsfx zipgrep; do
|
||||||
|
touch %{buildroot}%{_sysconfdir}/alternatives/$i
|
||||||
|
ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%{_bindir}/$i
|
||||||
|
done
|
||||||
|
|
||||||
|
# do not have the docu in both packages
|
||||||
|
%if %{without rcc}
|
||||||
|
for i in man/*.1; do
|
||||||
|
install -m 644 $i %{buildroot}%{_mandir}/man1/
|
||||||
|
done
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%post
|
||||||
|
for bin in unzip funzip unzipsfx zipgrep; do
|
||||||
|
%{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight}
|
||||||
|
done
|
||||||
|
|
||||||
|
%postun
|
||||||
|
if [ "$1" = 0 ] ; then
|
||||||
|
for bin in unzip funzip unzipsfx zipgrep; do
|
||||||
|
%{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
|
||||||
|
done
|
||||||
|
fi
|
||||||
|
|
||||||
|
%files
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%ghost %{_sysconfdir}/alternatives/unzip
|
||||||
|
%{_bindir}/unzip
|
||||||
|
%{_bindir}/unzip-%{_suffix}
|
||||||
|
%ghost %{_sysconfdir}/alternatives/funzip
|
||||||
|
%{_bindir}/funzip
|
||||||
|
%{_bindir}/funzip-%{_suffix}
|
||||||
|
%ghost %{_sysconfdir}/alternatives/unzipsfx
|
||||||
|
%{_bindir}/unzipsfx
|
||||||
|
%{_bindir}/unzipsfx-%{_suffix}
|
||||||
|
%{_bindir}/zipinfo
|
||||||
|
%ghost %{_sysconfdir}/alternatives/zipgrep
|
||||||
|
%{_bindir}/zipgrep
|
||||||
|
%{_bindir}/zipgrep-%{_suffix}
|
||||||
|
|
||||||
|
%if %{without rcc}
|
||||||
|
%files doc
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%{_mandir}/man1/*
|
||||||
|
%doc BUGS Contents History.* LICENSE README ToDo WHERE
|
||||||
|
%doc *.txt proginfo
|
||||||
|
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%changelog
|
35
unzip60-cfactorstr_overflow.patch
Normal file
35
unzip60-cfactorstr_overflow.patch
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
--- unzip60/list.c
|
||||||
|
+++ unzip60/list.c
|
||||||
|
@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
|
||||||
|
{
|
||||||
|
int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
|
||||||
|
#ifndef WINDLL
|
||||||
|
- char sgn, cfactorstr[10];
|
||||||
|
+ char sgn, cfactorstr[1+10+1+1]; /* <sgn><int>%NUL */
|
||||||
|
int longhdr=(uO.vflag>1);
|
||||||
|
#endif
|
||||||
|
int date_format;
|
||||||
|
@@ -389,9 +389,9 @@ int list_files(__G) /* return PK-type
|
||||||
|
}
|
||||||
|
#else /* !WINDLL */
|
||||||
|
if (cfactor == 100)
|
||||||
|
- sprintf(cfactorstr, LoadFarString(CompFactor100));
|
||||||
|
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
|
||||||
|
else
|
||||||
|
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
|
||||||
|
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
|
||||||
|
if (longhdr)
|
||||||
|
Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
|
||||||
|
FmZofft(G.crec.ucsize, "8", "u"), methbuf,
|
||||||
|
@@ -471,9 +471,9 @@ int list_files(__G) /* return PK-type
|
||||||
|
|
||||||
|
#else /* !WINDLL */
|
||||||
|
if (cfactor == 100)
|
||||||
|
- sprintf(cfactorstr, LoadFarString(CompFactor100));
|
||||||
|
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100));
|
||||||
|
else
|
||||||
|
- sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
|
||||||
|
+ snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor);
|
||||||
|
if (longhdr) {
|
||||||
|
Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
|
||||||
|
FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
|
24
unzip60-total_disks_zero.patch
Normal file
24
unzip60-total_disks_zero.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
Index: unzip60/process.c
|
||||||
|
===================================================================
|
||||||
|
--- unzip60.orig/process.c
|
||||||
|
+++ unzip60/process.c
|
||||||
|
@@ -1286,7 +1286,8 @@ static int find_ecrec64(__G__ searchlen)
|
||||||
|
G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
|
||||||
|
#endif
|
||||||
|
if ((G.ecrec.number_this_disk != 0xFFFF) &&
|
||||||
|
- (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
|
||||||
|
+ (G.ecrec.number_this_disk != ecloc64_total_disks - 1) &&
|
||||||
|
+ (ecloc64_total_disks != 0)) {
|
||||||
|
/* Note: For some unknown reason, the developers at PKWARE decided to
|
||||||
|
store the "zip64 total disks" value as a counter starting from 1,
|
||||||
|
whereas all other "split/span volume" related fields use 0-based
|
||||||
|
@@ -1296,6 +1297,9 @@ static int find_ecrec64(__G__ searchlen)
|
||||||
|
When this is not the case, the found ecrec64 locator cannot be valid.
|
||||||
|
-> This is not a Zip64 archive.
|
||||||
|
*/
|
||||||
|
+ /* There are archive creators that put 0 in total disks when it should
|
||||||
|
+ be 1. We should handle this. This is done by the added check above.
|
||||||
|
+ */
|
||||||
|
Trace((stderr,
|
||||||
|
"\ninvalid ECLOC64, differing disk# (ECR %u, ECL64 %lu)\n",
|
||||||
|
G.ecrec.number_this_disk, ecloc64_total_disks - 1));
|
BIN
unzip60.tar.gz
(Stored with Git LFS)
Normal file
BIN
unzip60.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user