2016-07-14 12:11:04 +00:00
|
|
|
|
|
|
|
# Settings for EL <= 7
|
|
|
|
%if 0%{?rhel} && 0%{?rhel} <= 7
|
|
|
|
%{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
|
|
|
|
%endif
|
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
Summary: A utility for unpacking zip files
|
2004-09-09 13:48:17 +00:00
|
|
|
Name: unzip
|
2009-11-19 08:27:27 +00:00
|
|
|
Version: 6.0
|
2020-07-29 13:20:49 +00:00
|
|
|
Release: 49%{?dist}
|
2004-09-09 13:48:50 +00:00
|
|
|
License: BSD
|
2009-11-19 08:27:27 +00:00
|
|
|
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
|
2017-03-03 20:57:43 +00:00
|
|
|
|
2009-11-19 08:27:27 +00:00
|
|
|
# Not sent to upstream.
|
|
|
|
Patch1: unzip-6.0-bzip2-configure.patch
|
|
|
|
# Upstream plans to do this in zip (hopefully also in unzip).
|
|
|
|
Patch2: unzip-6.0-exec-shield.patch
|
|
|
|
# Upstream plans to do similar thing.
|
|
|
|
Patch3: unzip-6.0-close.patch
|
2009-11-30 11:16:00 +00:00
|
|
|
# Details in rhbz#532380.
|
|
|
|
# Reported to upstream: http://www.info-zip.org/board/board.pl?m-1259575993/
|
|
|
|
Patch4: unzip-6.0-attribs-overflow.patch
|
|
|
|
# Not sent to upstream, as it's Fedora/RHEL specific.
|
2016-07-14 12:11:04 +00:00
|
|
|
# Modify the configure script to accept var LFLAGS2 so linking can be configurable
|
|
|
|
# from the spec file. In addition '-s' is still removed as before
|
|
|
|
Patch5: unzip-6.0-configure.patch
|
2011-04-27 13:39:32 +00:00
|
|
|
Patch6: unzip-6.0-manpage-fix.patch
|
2013-05-28 14:32:59 +00:00
|
|
|
# Update match.c with recmatch() from zip 3.0's util.c
|
|
|
|
# This also resolves the license issue in that old function.
|
|
|
|
# Original came from here: https://projects.parabolagnulinux.org/abslibre.git/plain/libre/unzip-libre/match.patch
|
|
|
|
Patch7: unzip-6.0-fix-recmatch.patch
|
2013-11-19 12:18:32 +00:00
|
|
|
# Update process.c
|
|
|
|
Patch8: unzip-6.0-symlink.patch
|
2014-06-04 15:04:55 +00:00
|
|
|
# change using of macro "case_map" by "to_up"
|
|
|
|
Patch9: unzip-6.0-caseinsensitive.patch
|
|
|
|
# downstream fix for "-Werror=format-security"
|
|
|
|
# upstream doesn't want hear about this option again
|
|
|
|
Patch10: unzip-6.0-format-secure.patch
|
2017-03-03 20:57:43 +00:00
|
|
|
|
2014-11-21 15:36:05 +00:00
|
|
|
Patch11: unzip-6.0-valgrind.patch
|
|
|
|
Patch12: unzip-6.0-x-option.patch
|
2015-01-26 08:28:07 +00:00
|
|
|
Patch13: unzip-6.0-overflow.patch
|
2015-02-10 20:26:05 +00:00
|
|
|
Patch14: unzip-6.0-cve-2014-8139.patch
|
|
|
|
Patch15: unzip-6.0-cve-2014-8140.patch
|
|
|
|
Patch16: unzip-6.0-cve-2014-8141.patch
|
|
|
|
Patch17: unzip-6.0-overflow-long-fsize.patch
|
2017-03-03 20:57:43 +00:00
|
|
|
|
2015-09-14 18:16:29 +00:00
|
|
|
# Fix heap overflow and infinite loop when invalid input is given (#1260947)
|
|
|
|
Patch18: unzip-6.0-heap-overflow-infloop.patch
|
2015-10-29 17:25:01 +00:00
|
|
|
|
|
|
|
# support non-{latin,unicode} encoding
|
|
|
|
Patch19: unzip-6.0-alt-iconv-utf8.patch
|
2015-11-25 11:08:53 +00:00
|
|
|
Patch20: unzip-6.0-alt-iconv-utf8-print.patch
|
2016-12-14 15:59:00 +00:00
|
|
|
Patch21: 0001-Fix-CVE-2016-9844-rhbz-1404283.patch
|
2015-10-29 17:25:01 +00:00
|
|
|
|
2017-07-14 15:36:50 +00:00
|
|
|
# restore unix timestamp accurately
|
|
|
|
Patch22: unzip-6.0-timestamp.patch
|
|
|
|
|
2018-02-26 09:42:05 +00:00
|
|
|
# fix possible heap based stack overflow in passwd protected files
|
|
|
|
Patch23: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
|
2018-11-08 11:28:58 +00:00
|
|
|
|
2018-11-08 11:14:17 +00:00
|
|
|
Patch24: unzip-6.0-cve-2018-18384.patch
|
2018-02-26 09:42:05 +00:00
|
|
|
|
2018-11-08 11:28:58 +00:00
|
|
|
# covscan issues
|
|
|
|
Patch25: unzip-6.0-COVSCAN-fix-unterminated-string.patch
|
2018-02-26 09:42:05 +00:00
|
|
|
|
2019-10-23 13:35:14 +00:00
|
|
|
Patch26: unzip-zipbomb-part1.patch
|
|
|
|
Patch27: unzip-zipbomb-part2.patch
|
|
|
|
Patch28: unzip-zipbomb-part3.patch
|
2019-11-18 13:42:41 +00:00
|
|
|
Patch29: unzip-zipbomb-manpage.patch
|
2019-10-23 13:35:14 +00:00
|
|
|
|
2009-11-19 08:27:27 +00:00
|
|
|
URL: http://www.info-zip.org/UnZip.html
|
2018-03-01 10:18:21 +00:00
|
|
|
BuildRequires: bzip2-devel, gcc
|
2004-09-09 13:48:17 +00:00
|
|
|
|
|
|
|
%description
|
|
|
|
The unzip utility is used to list, test, or extract files from a zip
|
|
|
|
archive. Zip archives are commonly found on MS-DOS systems. The zip
|
|
|
|
utility, included in the zip package, creates zip archives. Zip and
|
|
|
|
unzip are both compatible with archives created by PKWARE(R)'s PKZIP
|
|
|
|
for MS-DOS, but the programs' options and default behaviors do differ
|
|
|
|
in some respects.
|
|
|
|
|
|
|
|
Install the unzip package if you need to list, test or extract files from
|
|
|
|
a zip archive.
|
|
|
|
|
|
|
|
%prep
|
2009-11-19 08:27:27 +00:00
|
|
|
%setup -q -n unzip60
|
2019-11-18 13:42:41 +00:00
|
|
|
%patch1 -p1
|
|
|
|
%patch2 -p1
|
|
|
|
%patch3 -p1
|
|
|
|
%patch4 -p1
|
|
|
|
%patch5 -p1
|
|
|
|
%patch6 -p1
|
|
|
|
%patch7 -p1
|
|
|
|
%patch8 -p1
|
|
|
|
%patch9 -p1
|
|
|
|
%patch10 -p1
|
|
|
|
%patch11 -p1
|
|
|
|
%patch12 -p1
|
|
|
|
%patch13 -p1
|
|
|
|
%patch14 -p1
|
|
|
|
%patch15 -p1
|
|
|
|
%patch16 -p1
|
|
|
|
%patch17 -p1
|
|
|
|
%patch18 -p1
|
|
|
|
%patch19 -p1
|
|
|
|
%patch20 -p1
|
|
|
|
%patch21 -p1
|
|
|
|
%patch22 -p1
|
|
|
|
%patch23 -p1
|
|
|
|
%patch24 -p1
|
|
|
|
%patch25 -p1
|
2004-09-09 13:48:17 +00:00
|
|
|
|
2019-10-23 13:35:14 +00:00
|
|
|
%patch26 -p1
|
|
|
|
%patch27 -p1
|
|
|
|
%patch28 -p1
|
2019-11-18 13:42:41 +00:00
|
|
|
%patch29 -p1
|
2019-10-23 13:35:14 +00:00
|
|
|
|
2004-09-09 13:48:17 +00:00
|
|
|
%build
|
2014-11-21 15:36:05 +00:00
|
|
|
# IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
|
|
|
|
# NOMEMCPY solve problem with memory overlapping - decomression is slowly,
|
|
|
|
# but successfull.
|
2020-07-14 14:38:59 +00:00
|
|
|
%make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
|
|
|
|
LFLAGS2="%{?__global_ldflags}" generic_gcc
|
2004-09-09 13:48:17 +00:00
|
|
|
|
|
|
|
%install
|
|
|
|
rm -rf $RPM_BUILD_ROOT
|
2009-11-30 11:16:00 +00:00
|
|
|
make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install
|
2004-09-09 13:48:17 +00:00
|
|
|
|
|
|
|
%files
|
2017-02-02 02:03:28 +00:00
|
|
|
%license LICENSE COPYING.OLD
|
|
|
|
%doc README BUGS
|
2007-02-06 12:09:28 +00:00
|
|
|
%{_bindir}/*
|
2004-09-09 13:48:50 +00:00
|
|
|
%{_mandir}/*/*
|
2004-09-09 13:48:17 +00:00
|
|
|
|
|
|
|
%changelog
|
2020-07-29 13:20:49 +00:00
|
|
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-49
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
|
|
|
|
2020-07-14 14:38:59 +00:00
|
|
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 6.0-48
|
|
|
|
- Use make macros
|
|
|
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
|
|
|
|
2020-01-31 02:40:06 +00:00
|
|
|
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-47
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
|
|
|
|
2019-11-18 13:42:41 +00:00
|
|
|
* Mon Nov 18 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-46
|
|
|
|
- Mention the zipbomb exit code in the manpage
|
|
|
|
Related: CVE-2019-13232
|
|
|
|
|
2019-10-23 13:35:14 +00:00
|
|
|
* Wed Oct 23 2019 Jakub Martisko <jamartis@redhat.com> - 6.0-45
|
|
|
|
- Fix possible zipbomb in unzip
|
|
|
|
Resolves: CVE-2019-13232
|
|
|
|
|
2019-07-27 02:33:54 +00:00
|
|
|
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-44
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
|
|
|
|
2019-02-03 10:52:31 +00:00
|
|
|
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-43
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
|
|
|
|
2018-11-08 11:28:58 +00:00
|
|
|
* Thu Nov 08 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-42
|
|
|
|
- fix several possibly unterminated strings
|
|
|
|
When copying to OEM_CP and ISO_CP strings, the string could end unterminated
|
|
|
|
(stncpy does not append '\0').
|
|
|
|
|
2018-11-08 11:14:17 +00:00
|
|
|
* Thu Nov 08 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-41
|
|
|
|
- Fix CVE-2018-18384
|
|
|
|
Resolves: CVE-2018-18384
|
|
|
|
|
2018-07-14 08:16:54 +00:00
|
|
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-40
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
|
|
|
|
2018-03-01 10:18:21 +00:00
|
|
|
* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-39
|
|
|
|
- Add gcc to buildrequires
|
|
|
|
|
2018-02-26 09:42:05 +00:00
|
|
|
* Tue Feb 13 2018 Jakub Martisko <jamartis@redhat.com> - 6.0-38
|
|
|
|
- Fix CVE-2018-1000035 - heap based buffer overflow when opening
|
|
|
|
password protected files.
|
|
|
|
Resolves: 1537043
|
|
|
|
|
2018-02-09 20:05:41 +00:00
|
|
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-37
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
|
|
2017-08-03 09:50:01 +00:00
|
|
|
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-36
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
|
|
2017-07-27 21:02:20 +00:00
|
|
|
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-35
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
|
|
2017-07-14 15:36:50 +00:00
|
|
|
* Fri Jul 14 2017 Petr Stodulka <pstodulk@redhat.com> - 6.0.34
|
2017-07-20 03:56:15 +00:00
|
|
|
- restore of unix timestamp accurately
|
2017-07-14 15:36:50 +00:00
|
|
|
Resolves: #1451953
|
|
|
|
|
2017-02-11 16:46:57 +00:00
|
|
|
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-33
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
|
|
2017-02-02 02:03:28 +00:00
|
|
|
* Wed Feb 01 2017 Stephen Gallagher <sgallagh@redhat.com> - 6.0-32
|
|
|
|
- Add missing %%license macro
|
|
|
|
|
2016-12-14 15:59:00 +00:00
|
|
|
* Wed Dec 14 2016 Petr Stodulka <pstodulk@redhat.com> - 6.0-31
|
|
|
|
- Fix CVE-2016-9844 - buffer overflow in zipinfo
|
|
|
|
Resolves: #1404283
|
|
|
|
|
2016-07-14 12:11:04 +00:00
|
|
|
* Thu Jul 14 2016 Petr Stodulka <pstodulk@redhat.com> - 6.0-30
|
|
|
|
- rename patch unzip-6.0-nostrip.patch to unzip-6.0-configure.patch
|
|
|
|
so linking is now configurable from the spec file
|
|
|
|
- define __global_ldflags on EL <= 7
|
|
|
|
- set LFLAGS2 with __global_ldflags for hardened build
|
|
|
|
Resolves: #1330519
|
|
|
|
|
2016-07-01 02:17:09 +00:00
|
|
|
* Fri Jul 01 2016 Petr Stodulka <pstodulk@redhat.com> - 6.0-29
|
|
|
|
- added build parameter "-DNO_LCHMOD" because lchmod isn't provided on Linux
|
|
|
|
system
|
|
|
|
Resolves: #1350627
|
|
|
|
|
2016-02-05 02:24:11 +00:00
|
|
|
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-28
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
|
|
2015-11-25 11:08:53 +00:00
|
|
|
* Wed Nov 25 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-27
|
|
|
|
- fix print of non-ascii filenames (#225576)
|
|
|
|
|
2015-11-13 13:56:24 +00:00
|
|
|
* Fri Nov 13 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-26
|
|
|
|
- fix unsigned overflow patch for #1260944 (#1281804)
|
|
|
|
|
2015-10-29 17:25:01 +00:00
|
|
|
* Thu Oct 29 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-25
|
|
|
|
- add support of non-latin and non-unicode encodings for filenames (#885540)
|
|
|
|
|
2015-09-23 10:41:59 +00:00
|
|
|
* Wed Sep 23 2015 Kamil Dudka <kdudka@redhat.com> - 6.0-24
|
|
|
|
- prevent unsigned overflow on invalid input (#1260944)
|
|
|
|
|
2015-09-14 18:16:29 +00:00
|
|
|
* Mon Sep 14 2015 Kamil Dudka <kdudka@redhat.com> - 6.0-23
|
|
|
|
- Fix heap overflow and infinite loop when invalid input is given (#1260947)
|
|
|
|
|
2015-06-19 01:37:17 +00:00
|
|
|
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.0-22
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
|
|
2015-02-21 21:26:26 +00:00
|
|
|
* Sat Feb 21 2015 Till Maas <opensource@till.name> - 6.0-21
|
|
|
|
- Rebuilt for Fedora 23 Change
|
|
|
|
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
|
|
|
|
|
2015-02-11 15:23:27 +00:00
|
|
|
* Wed Feb 11 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-20
|
|
|
|
- re-patch CVE-2014-9636 - original patch was incorrect (#1184986)
|
|
|
|
|
2015-02-10 20:26:05 +00:00
|
|
|
* Tue Feb 10 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-19
|
|
|
|
- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread
|
|
|
|
(#1174844)
|
|
|
|
- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb()
|
|
|
|
(#1174851)
|
|
|
|
- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues
|
|
|
|
(#1174856)
|
|
|
|
- Fix buffer overflow on long file sizes
|
|
|
|
(#1191136)
|
|
|
|
|
2015-01-26 08:31:48 +00:00
|
|
|
* Mon Jan 26 2015 Petr Stodulka <pstodulk@redhat.com> - 6.0-18
|
2015-01-26 08:28:07 +00:00
|
|
|
- Fix security bug - CVE-2014-9636
|
|
|
|
|
2015-01-26 08:31:48 +00:00
|
|
|
* Fri Nov 21 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-17
|
2014-11-21 15:36:05 +00:00
|
|
|
- Fix unitialized reads (#558738)
|
|
|
|
- Fix fix broken -X option - never worked before. Added -DIZ_HAVE_UXUIDGID
|
|
|
|
option for compilation.
|
|
|
|
(#935202)
|
|
|
|
|
|
|
|
* Thu Nov 06 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-16
|
2014-11-06 20:57:19 +00:00
|
|
|
- Fix producing of incorrect output due to memcpy overlapping
|
|
|
|
by added option -D NOMEMCPY to compile section.
|
|
|
|
(#1153388)
|
|
|
|
|
2014-08-18 07:05:49 +00:00
|
|
|
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.0-15
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
|
|
|
|
|
2014-06-06 11:11:49 +00:00
|
|
|
* Fri Jun 06 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-14
|
|
|
|
- Fix previous patch (#1104018) - case-insensitive matching
|
|
|
|
was reversed in function recmatch
|
|
|
|
|
2014-06-04 15:04:55 +00:00
|
|
|
* Wed Jun 04 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-13
|
|
|
|
- Solve problem with non-functional case-insensitive matching
|
|
|
|
(#1104018)
|
|
|
|
- Added patch for build option "-Werror=format-security"
|
|
|
|
However solve only false positives - here is not really
|
|
|
|
vulnerable print.
|
|
|
|
|
2013-11-19 12:18:32 +00:00
|
|
|
* Mon Oct 21 2013 Petr Stodulka <pstodulk@redhat.com> - 6.0.-12
|
|
|
|
- Solve problem with symlink errors in archive with many files
|
|
|
|
(#740012,#972427)
|
|
|
|
|
2013-08-04 05:41:02 +00:00
|
|
|
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.0-11
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
|
|
|
|
2013-06-24 14:26:35 +00:00
|
|
|
* Mon Jun 24 2013 Tom Callaway <spot@fedoraproject.org> - 6.0-10
|
|
|
|
- unset WILD_STOP_AT_DIR
|
|
|
|
|
2013-05-28 14:32:59 +00:00
|
|
|
* Tue May 28 2013 Tom Callaway <spot@fedoraproject.org> - 6.0-9
|
|
|
|
- Apply changes to match.c to sync with recmatch from util.c (from zip 3.0)
|
|
|
|
This also resolves the license issue in that file.
|
|
|
|
|
2013-02-15 02:30:18 +00:00
|
|
|
* Fri Feb 15 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.0-8
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
|
|
2012-12-10 17:10:23 +00:00
|
|
|
* Mon Dec 10 2012 Michal Luscon <mluscon@redhat.com> 6.0-7
|
|
|
|
- Resolves: #884679 - zip files with bzip2 compression
|
|
|
|
|
2012-07-22 01:53:22 +00:00
|
|
|
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.0-6
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
|
|
|
|
|
2012-01-14 07:35:04 +00:00
|
|
|
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org>
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
|
|
|
|
|
2011-04-27 13:39:32 +00:00
|
|
|
- Fix minor manpage spelling mistake
|
|
|
|
Resolves: #675454
|
|
|
|
|
2011-02-08 00:28:30 +00:00
|
|
|
* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 6.0-4
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
|
|
2010-05-24 08:32:39 +00:00
|
|
|
* Mon May 24 2010 Karel Klic <kklic@redhat.com> - 6.0-3
|
|
|
|
- Removed BuildRoot tag
|
|
|
|
- Removed %%clean section
|
|
|
|
- Removed trailing whitespaces in the spec file
|
|
|
|
|
2009-11-30 11:16:00 +00:00
|
|
|
* Mon Nov 30 2009 Karel Klic <kklic@redhat.com> - 6.0-2
|
|
|
|
- Fixed a buffer overflow (rhbz#532380, unzip-6.0-attribs-overflow.patch)
|
|
|
|
- Generate debuginfos (rhbz#540220, unzip-6.0-nostrip.patch)
|
|
|
|
|
2009-11-19 08:27:27 +00:00
|
|
|
* Mon Nov 16 2009 Karel Klic <kklic@redhat.com> - 6.0-1
|
|
|
|
- New upstream version
|
|
|
|
- Compiled using `make generic_gcc` (includes asm)
|
2010-05-24 08:32:39 +00:00
|
|
|
- Removed unzip542-rpmoptflags.patch, because RPM_OPT_FLAGS
|
2009-11-19 08:27:27 +00:00
|
|
|
are provided using command line
|
2010-05-24 08:32:39 +00:00
|
|
|
- Removed unzip-5.51-link-segv.patch, because the link file
|
2009-11-19 08:27:27 +00:00
|
|
|
is not reopened in the current version
|
2010-05-24 08:32:39 +00:00
|
|
|
- Removed unzip-5.51-link-segv2.patch, the bug was already fixed
|
2009-11-19 08:27:27 +00:00
|
|
|
in open_outfile in 5.52
|
2010-05-24 08:32:39 +00:00
|
|
|
- Removed unzip-5.52-toctou.patch (CAN-2005-2475), the vulnerability
|
2009-11-19 08:27:27 +00:00
|
|
|
is fixed in the current version
|
2010-05-24 08:32:39 +00:00
|
|
|
- Removed unzip-5.52-near-4GB.patch, unzip-5.52-near-4GB2.patch,
|
|
|
|
unzip-5.52-4GB3.patch, and unzip-5.52-4GB_types.patch, because
|
2009-11-19 08:27:27 +00:00
|
|
|
the current version supports large files
|
|
|
|
- Removed unzip-5.52-long-filename.patch, the current version
|
2010-05-24 08:32:39 +00:00
|
|
|
fixes the vulnerability by checking the length of command line
|
2009-11-19 08:27:27 +00:00
|
|
|
arguments in unzip.c
|
|
|
|
- Removed unzip-5.52-makefile.patch, because we no longer create
|
|
|
|
the link manually
|
|
|
|
- Removed unzip-5.52-open.patch, the current version uses umask.
|
|
|
|
- Removed unzip-5.52-cve-2008-0888.patch, the current version
|
|
|
|
fixes this vulnerability
|
|
|
|
- Ported unzip-5.52-249057.patch to current version (unzip-6.0-close)
|
|
|
|
|
2009-07-27 06:35:38 +00:00
|
|
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.52-11
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
|
|
2009-02-25 23:16:05 +00:00
|
|
|
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.52-10
|
|
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
|
|
|
|
|
2008-03-19 13:58:17 +00:00
|
|
|
* Wed Mar 19 2008 Ivana Varekova <varekova@redhat.com> - 5.52-9
|
|
|
|
- fix crash (double free) on malformed zip archive
|
|
|
|
CVE-2008-0888 (#431438)
|
|
|
|
|
2008-02-08 14:10:35 +00:00
|
|
|
* Fri Feb 8 2008 Ivana Varekova <varekova@redhat.com> - 5.52-8
|
|
|
|
- fix output when out of space error appears
|
|
|
|
|
2008-01-23 13:30:46 +00:00
|
|
|
* Wed Jan 23 2008 Ivana Varekova <varekova@redhat.com> - 5.52-7
|
|
|
|
- fix another long file support problem
|
|
|
|
|
2008-01-22 14:07:19 +00:00
|
|
|
* Tue Jan 22 2008 Ivana Varekova <varekova@redhat.com> - 5.52-6
|
2008-01-23 13:30:46 +00:00
|
|
|
- add 4GB patch (#429674)
|
2008-01-22 14:07:19 +00:00
|
|
|
|
2007-09-04 08:59:53 +00:00
|
|
|
* Tue Sep 4 2007 Ivana Varekova <varekova@redhat.com> - 5.52-5
|
|
|
|
- fix open call
|
|
|
|
|
2007-02-07 08:57:35 +00:00
|
|
|
* Wed Feb 7 2007 Ivana Varekova <varekova@redhat.com> - 5.52-4
|
2010-05-24 08:32:39 +00:00
|
|
|
- incorporate the next peckage review comment
|
2007-02-07 08:57:35 +00:00
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
* Tue Feb 6 2007 Ivana Varekova <varekova@redhat.com> - 5.52-3
|
2010-05-24 08:32:39 +00:00
|
|
|
- Resolves: 226516
|
2007-02-06 12:09:28 +00:00
|
|
|
Incorporate the package review
|
|
|
|
|
2006-07-12 08:36:50 +00:00
|
|
|
* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 5.52-2.2.1
|
|
|
|
- rebuild
|
|
|
|
|
2006-02-11 05:55:34 +00:00
|
|
|
* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> - 5.52-2.2
|
|
|
|
- bump again for double-long bug on ppc(64)
|
|
|
|
|
2006-02-07 14:10:43 +00:00
|
|
|
* Tue Feb 07 2006 Jesse Keating <jkeating@redhat.com> - 5.52-2.1
|
|
|
|
- rebuilt for new gcc4.1 snapshot and glibc changes
|
|
|
|
|
2006-02-06 11:43:00 +00:00
|
|
|
* Mon Feb 6 2006 Ivana Varekova <varekova@redhat.com> 5.52-2
|
|
|
|
- fix bug 180078 - unzip -l causing error
|
|
|
|
- fix CVE-2005-4667 - unzip long file name buffer overflow
|
|
|
|
|
|
|
|
* Thu Dec 22 2005 Ivana Varekova <varekova@redhat.com> 5.52-1
|
2005-12-22 13:58:12 +00:00
|
|
|
- update to 5.52
|
|
|
|
|
2005-12-09 22:43:41 +00:00
|
|
|
* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2005-08-03 12:21:09 +00:00
|
|
|
* Wed Aug 3 2005 Ivana Varekova <varekova@redhat.com> 5.51-12
|
|
|
|
- fix bug 164928 - TOCTOU issue in unzip
|
|
|
|
|
2005-05-09 07:52:11 +00:00
|
|
|
* Mon May 9 2005 Ivana Varekova <varekova@redhat.com> 5.51-11
|
2010-05-24 08:32:39 +00:00
|
|
|
- fix bug 156959 – invalid file mode on created files
|
2005-05-09 07:52:11 +00:00
|
|
|
|
2005-03-07 08:38:57 +00:00
|
|
|
* Mon Mar 7 2005 Ivana Varekova <varekova@redhat.com> 5.51-10
|
|
|
|
- rebuilt
|
|
|
|
|
2005-02-10 09:28:26 +00:00
|
|
|
* Thu Feb 10 2005 Ivana Varekova <varekova@redhat.com> 5.51-9
|
|
|
|
- fix the other problem with unpacking zipfiles containing symlinks
|
|
|
|
(bug #134073)
|
|
|
|
|
|
|
|
* Thu Feb 03 2005 Ivana Varekova <varekova@redhat.com> 5.51-8
|
2005-02-03 14:18:07 +00:00
|
|
|
- fix segfault with unpacking of zipfiles containing dangling symlinks
|
|
|
|
(bug #134073)
|
|
|
|
|
2004-12-02 18:05:00 +00:00
|
|
|
* Thu Dec 02 2004 Lon Hohberger <lhh@redhat.com> 5.51-6
|
|
|
|
- Rebuild
|
|
|
|
|
|
|
|
* Thu Dec 02 2004 Lon Hohberger <lhh@redhat.com> 5.51-5
|
|
|
|
- Fix segfault on extraction of symlinks
|
|
|
|
|
2004-09-09 13:57:47 +00:00
|
|
|
* Mon Jun 21 2004 Lon Hohberger <lhh@redhat.com> 5.51-4
|
|
|
|
- Extend max file/archive size to 2^32-8193 (4294959103) bytes
|
|
|
|
|
2004-09-09 13:57:33 +00:00
|
|
|
* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2004-09-09 13:56:50 +00:00
|
|
|
* Tue Jun 08 2004 Lon Hohberger <lhh@redhat.com> 5.51-2
|
|
|
|
- Rebuild
|
|
|
|
|
2004-09-09 13:56:37 +00:00
|
|
|
* Tue Jun 08 2004 Lon Hohberger <lhh@redhat.com> 5.51-1.1
|
|
|
|
- Update to 5.51; remove dotdot patch.
|
|
|
|
|
2004-09-09 13:56:31 +00:00
|
|
|
* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2004-09-09 13:55:41 +00:00
|
|
|
* Mon Nov 17 2003 Lon Hohberger <lhh@redhat.com> 5.50-36
|
|
|
|
- Rebuild for FC-next
|
|
|
|
|
2004-09-09 13:55:21 +00:00
|
|
|
* Fri Aug 01 2003 Lon Hohberger <lhh@redhat.com> 5.50-35
|
|
|
|
- Rebuild for Severn
|
|
|
|
|
|
|
|
* Fri Aug 01 2003 Lon Hohberger <lhh@redhat.com> 5.50-34
|
|
|
|
- Rebuild for Taroon
|
|
|
|
|
2004-09-09 13:54:45 +00:00
|
|
|
* Fri Aug 01 2003 Lon Hohberger <lhh@redhat.com> 5.50-33
|
|
|
|
- Rebuild for 9 errata
|
|
|
|
|
|
|
|
* Fri Aug 01 2003 Lon Hohberger <lhh@redhat.com> 5.50-32
|
|
|
|
- Rebuild for 8.0 errata
|
|
|
|
|
|
|
|
* Fri Aug 01 2003 Lon Hohberger <lhh@redhat.com> 5.50-31
|
|
|
|
- Rebuild for 7.3 errata
|
|
|
|
|
|
|
|
* Wed Jul 30 2003 Lon Hohberger <lhh@redhat.com> 5.50-30
|
|
|
|
- SECURITY Round 3: Fix up original patch (from 5.50-9) to fix
|
|
|
|
^V/ exploit, but still allow '-:', which the other patch (5.50-18)
|
|
|
|
does not allow. Never allow explicit writing to the root
|
|
|
|
directory; force users to change there and extract it manually.
|
|
|
|
|
|
|
|
* Wed Jul 30 2003 Lon Hohberger <lhh@redhat.com> 5.50-29
|
|
|
|
- Rebuild for Severn
|
|
|
|
|
|
|
|
* Wed Jul 30 2003 Lon Hohberger <lhh@redhat.com> 5.50-28
|
|
|
|
- Rebuild
|
|
|
|
|
2004-09-09 13:53:05 +00:00
|
|
|
* Wed Jul 30 2003 Lon Hohberger <lhh@redhat.com> 5.50-27
|
|
|
|
- Rebuild for 9
|
|
|
|
|
|
|
|
* Wed Jul 30 2003 Lon Hohberger <lhh@redhat.com> 5.50-26
|
|
|
|
- Rebuild for 8.0
|
|
|
|
|
|
|
|
* Tue Jul 22 2003 Lon Hohberger <lhh@redhat.com> 5.50-23
|
|
|
|
- Rebuild for 7.3
|
|
|
|
|
|
|
|
* Mon Jul 21 2003 Lon Hohberger <lhh@redhat.com> 5.50-22
|
|
|
|
- Rebuild for Severn
|
|
|
|
|
|
|
|
* Mon Jul 21 2003 Lon Hohberger <lhh@redhat.com> 5.50-21
|
|
|
|
- Rebuild
|
|
|
|
|
2004-09-09 13:52:47 +00:00
|
|
|
* Mon Jul 21 2003 Lon Hohberger <lhh@redhat.com> 5.50-20
|
|
|
|
- Rebuild for 9
|
|
|
|
|
|
|
|
* Mon Jul 21 2003 Lon Hohberger <lhh@redhat.com> 5.50-19
|
|
|
|
- Rebuild for 8.0
|
|
|
|
|
|
|
|
* Mon Jul 21 2003 Lon Hohberger <lhh@redhat.com> 5.50-18
|
|
|
|
- SECURITY: Incorporate far cleaner patch from Ben Laurie
|
|
|
|
<ben@algroup.co.uk> which also fixes ^V/ (quote-slash).
|
|
|
|
Patch checks post-decode as opposed to inline as previous
|
|
|
|
patch does.
|
|
|
|
|
|
|
|
* Mon Jun 16 2003 Lon Hohberger <lhh@redhat.com> 5.50-17
|
|
|
|
- Rebuilt per request
|
|
|
|
|
|
|
|
* Thu Jun 12 2003 Lon Hohberger <lhh@redhat.com> 5.50-16
|
|
|
|
- Rebuilt
|
|
|
|
|
|
|
|
* Thu Jun 12 2003 Lon Hohberger <lhh@redhat.com> 5.50-15
|
|
|
|
- Rebuilt
|
|
|
|
|
2004-09-09 13:52:29 +00:00
|
|
|
* Thu Jun 12 2003 Lon Hohberger <lhh@redhat.com> 5.50-14
|
|
|
|
- Rebuilt: Red Hat Linux 9
|
|
|
|
|
|
|
|
* Thu Jun 12 2003 Lon Hohberger <lhh@redhat.com> 5.50-13
|
|
|
|
- Rebuilt: Red Hat Enterprise Linux 2.1
|
|
|
|
|
|
|
|
* Thu Jun 12 2003 Lon Hohberger <lhh@redhat.com> 5.50-12
|
|
|
|
- Rebuilt Red Hat Linux 8.0
|
|
|
|
|
|
|
|
* Thu Jun 12 2003 Lon Hohberger <lhh@redhat.com> 5.50-11
|
|
|
|
- Rebuilt Red Hat Linux 7.3
|
|
|
|
|
|
|
|
* Wed Jun 11 2003 Lon Hohberger <lhh@redhat.com> 5.50-10
|
|
|
|
- Rebuilt
|
|
|
|
|
|
|
|
* Wed Jun 11 2003 Lon Hohberger <lhh@redhat.com> 5.50-9
|
|
|
|
- SECURITY: Scour start of filename for ../ patterns which
|
|
|
|
include quote and/or control characters.
|
|
|
|
|
|
|
|
* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
2004-09-09 13:50:46 +00:00
|
|
|
* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
|
|
|
|
- rebuilt
|
|
|
|
|
|
|
|
* Thu Dec 19 2002 Tim Powers <timp@redhat.com>
|
|
|
|
- bump and rebuild
|
|
|
|
|
2004-09-09 13:50:38 +00:00
|
|
|
* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
|
|
|
|
- automated rebuild
|
|
|
|
|
2004-09-09 13:50:22 +00:00
|
|
|
* Thu May 23 2002 Tim Powers <timp@redhat.com>
|
|
|
|
- automated rebuild
|
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
* Thu Apr 25 2002 Trond Eivind Glomsrød <teg@redhat.com> 5.50-3
|
2004-09-09 13:50:22 +00:00
|
|
|
- Rebuild
|
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
* Tue Apr 2 2002 Trond Eivind Glomsrød <teg@redhat.com> 5.50-2
|
2004-09-09 13:50:10 +00:00
|
|
|
- Make it not strip
|
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
* Wed Mar 13 2002 Trond Eivind Glomsrød <teg@redhat.com> 5.50-1
|
2004-09-09 13:49:18 +00:00
|
|
|
- 5.50
|
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
* Thu Feb 21 2002 Trond Eivind Glomsrød <teg@redhat.com> 5.42-3
|
2004-09-09 13:49:18 +00:00
|
|
|
- Rebuild
|
|
|
|
|
|
|
|
* Wed Jan 09 2002 Tim Powers <timp@redhat.com>
|
|
|
|
- automated rebuild
|
|
|
|
|
2007-02-06 12:09:28 +00:00
|
|
|
* Mon May 21 2001 Trond Eivind Glomsrød <teg@redhat.com>
|
2004-09-09 13:48:50 +00:00
|
|
|
- 5.42
|
|
|
|
- Don't strip binaries explicitly
|
2010-05-24 08:32:39 +00:00
|
|
|
- build without assembly, it doesn't seem to increase performance
|
2004-09-09 13:48:50 +00:00
|
|
|
- make it respect RPM_OPT_FLAGS, define _GNU_SOURCE
|
|
|
|
- use %%{_tmppath}
|
|
|
|
- "License:" replaces "Copyright:"
|
|
|
|
- Update URL
|
|
|
|
- include zipgrep
|
|
|
|
- COPYING doesn't exist anymore, include LICENSE instead
|
|
|
|
|
2004-09-09 13:48:17 +00:00
|
|
|
* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
|
|
|
|
- automatic rebuild
|
|
|
|
|
|
|
|
* Sun Jun 11 2000 BIll Nottingham <notting@redhat.com>
|
|
|
|
- rebuild in new env.; FHS fixes.
|
|
|
|
|
|
|
|
* Tue Apr 18 2000 Bernhard Rosenkraenzer <bero@redhat.com>
|
|
|
|
- 4.51 (an acceptable license at last...)
|
|
|
|
|
|
|
|
* Thu Feb 3 2000 Bill Nottingham <notting@redhat.com>
|
|
|
|
- handle compressed man pages
|
|
|
|
|
|
|
|
* Fri Jul 30 1999 Bill Nottingham <notting@redhat.com>
|
|
|
|
- update to 5.40
|
|
|
|
|
2010-05-24 08:32:39 +00:00
|
|
|
* Sun Mar 21 1999 Cristian Gafton <gafton@redhat.com>
|
2004-09-09 13:48:17 +00:00
|
|
|
- auto rebuild in the new build environment (release 5)
|
|
|
|
|
|
|
|
* Thu Dec 17 1998 Michael Maher <mike@redhat.com>
|
|
|
|
- built for 6.0
|
|
|
|
|
|
|
|
* Tue Aug 11 1998 Jeff Johnson <jbj@redhat.com>
|
|
|
|
- build root
|
|
|
|
|
|
|
|
* Mon Apr 27 1998 Prospector System <bugs@redhat.com>
|
|
|
|
- translations modified for de, fr, tr
|
|
|
|
|
|
|
|
* Tue Oct 21 1997 Erik Troan <ewt@redhat.com>
|
|
|
|
- builds on non i386 platforms
|
|
|
|
|
|
|
|
* Mon Oct 20 1997 Otto Hammersmith <otto@redhat.com>
|
|
|
|
- updated the version
|
|
|
|
|
|
|
|
* Thu Jul 10 1997 Erik Troan <ewt@redhat.com>
|
|
|
|
- built against glibc
|