OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unzip?expand=0&rev=4

unzip-CVE-2005-2475.patch

@@ -0,0 +1,36 @@
+--- unix/unix.c
++++ unix/unix.c
+@@ -1042,6 +1042,16 @@
+     ush z_uidgid[2];
+     int have_uidgid_flg;
+ 
++/*---------------------------------------------------------------------------
++    Change the file permissions from default ones to those stored in the
++    zipfile. This has to done *before* closing the file.
++  ---------------------------------------------------------------------------*/
++
++#ifndef NO_CHMOD
++    if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
++        perror("chmod (file attributes) error");
++#endif
++
+     fclose(G.outfile);
+ 
+ /*---------------------------------------------------------------------------
+@@ -1151,16 +1161,6 @@
+ #endif /* ?AOS_VS */
+     }
+ 
+-/*---------------------------------------------------------------------------
+-    Change the file permissions from default ones to those stored in the
+-    zipfile.
+-  ---------------------------------------------------------------------------*/
+-
+-#ifndef NO_CHMOD
+-    if (chmod(G.filename, filtattr(__G__ G.pInfo->file_attr)))
+-        perror("chmod (file attributes) error");
+-#endif
+-
+ } /* end function close_outfile() */
+ 
+ #endif /* !MTS */

unzip.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Dec  3 13:24:27 CET 2007 - pth@suse.de
+
+- Add patch to extend the maximum file/archive size to 2^32-8193
+  (4294959103) bytes.
+- Add patch to fix CVE-2005-2475 (#274156)
+
 -------------------------------------------------------------------
 Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
 

unzip.spec

@@ -11,21 +11,23 @@
 # norootforbuild
 
 Name:           unzip
-License:        BSD License and BSD-like, see file COPYING in archive (very short summary):
+License:        BSD 3-Clause
 Group:          Productivity/Archiving/Compression
 Provides:       crunzip
 Obsoletes:      crunzip
-Autoreqprov:    on
+AutoReqProv:    on
 Version:        5.52
-Release:        60
+Release:        86
 Summary:        A program to unpack compressed files
 Source:         unzip552.tar.bz2
-URL:            http://www.info-zip.org/
+Url:            http://www.info-zip.org/
 Patch:          unzip.dif
 Patch1:         unzip-iso8859_2.patch
 Patch3:         unzip-optflags.patch
 Patch4:         unzip-5.52-filename_too_long.patch
 Patch5:         unzip-no_file_name_translation.patch
+Patch6:         unzip-near-4GB.patch
+Patch7:         unzip-CVE-2005-2475.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -48,15 +50,12 @@ Authors:
 %patch3
 %patch4
 %patch5
+%patch6
+%patch7
 
 %build
-%ifarch %ix86
-TARGET=linux
-%else
-TARGET=linux_noasm
-%endif
 export RPM_OPT_FLAGS="%optflags -DLARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -fstack-protector"
-make $TARGET -f unix/Makefile LF2=
+make -f unix/Makefile LF2= linux_noasm
 
 %install
 mkdir -p $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1}
@@ -84,6 +83,10 @@ done
 %{_bindir}/zipgrep
 
 %changelog
+* Mon Dec 03 2007 - pth@suse.de
+- Add patch to extend the maximum file/archive size to 2^32-8193
+  (4294959103) bytes.
+- Add patch to fix CVE-2005-2475 (#274156)
 * Thu Jun 21 2007 - adrian@suse.de
 - fix changelog entry order
 * Thu May 03 2007 - pth@suse.de