diff --git a/unzip-5.52-long-filename.patch b/unzip-5.52-long-filename.patch new file mode 100644 index 0000000..d4380b9 --- /dev/null +++ b/unzip-5.52-long-filename.patch @@ -0,0 +1,68 @@ +--- unzip-5.52/process.c.pom3 2006-02-06 10:29:02.630237064 +0100 ++++ unzip-5.52/process.c 2006-02-06 10:29:02.650234024 +0100 +@@ -576,16 +576,16 @@ + if (lastchance && (uO.qflag < 3)) { + #if defined(UNIX) || defined(QDOS) + if (G.no_ecrec) +- Info(slide, 1, ((char *)slide, ++ Info2(slide, 1, ((char *)slide, WSIZE, + LoadFarString(CannotFindZipfileDirMsg), uO.zipinfo_mode? + LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip), + G.wildzipfn, uO.zipinfo_mode? " " : "", G.wildzipfn, +- G.zipfn)); ++ G.zipfn),WSIZE); + else +- Info(slide, 1, ((char *)slide, ++ Info2(slide, 1, ((char *)slide, WSIZE, + LoadFarString(CannotFindEitherZipfile), uO.zipinfo_mode? + LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip), +- G.wildzipfn, G.wildzipfn, G.zipfn)); ++ G.wildzipfn, G.wildzipfn, G.zipfn), WSIZE); + #else /* !(UNIX || QDOS) */ + if (G.no_ecrec) + Info(slide, 0x401, ((char *)slide, +--- unzip-5.52/fileio.c.pom3 2006-02-06 10:29:02.000000000 +0100 ++++ unzip-5.52/fileio.c 2006-02-06 10:30:59.755431328 +0100 +@@ -1188,8 +1188,14 @@ + + #endif /* !VMS */ + ++/****************/ ++/* Function min */ ++/****************/ + +- ++int min (int val_i, int val_j) ++{ ++ return (val_i>val_j?val_j:val_i); ++} + + + /*****************************/ +--- unzip-5.52/unzpriv.h.pom3 2006-02-06 10:29:02.625237824 +0100 ++++ unzip-5.52/unzpriv.h 2006-02-06 10:31:45.538471248 +0100 +@@ -2286,6 +2286,24 @@ + # endif + #endif /* !Info */ + ++#ifndef Info2 /* may already have been defined for redirection */ ++# ifdef FUNZIP ++# define Info2(buf,flag,sprf_arg,size) \ ++ fprintf((flag)&1? stderr : stdout, (char *)(sprintf sprf_arg, (buf))) ++# else ++# ifdef INT_SPRINTF /* optimized version for "int sprintf()" flavour */ ++# define Info2(buf,flag,sprf_arg,size) \ ++ (*G.message)((zvoid *)&G, (uch *)(buf), (ulg) min(snprintf sprf_arg, (int) size), (flag)) ++# else /* generic version, does not use sprintf() return value */ ++# define Info2(buf,flag,sprf_arg,size) \ ++ (*G.message)((zvoid *)&G, (uch *)(buf), \ ++ (ulg)(sprintf sprf_arg, strlen((char *)(buf))), (flag)) ++# endif ++# endif ++#endif /* !Info */ ++ ++ ++ + /* The following macro wrappers around the fnfilter function are used many + * times to prepare archive entry names or name components for displaying + * listings and (warning/error) messages. They use sections in the upper half diff --git a/unzip-5.52-near-4GB2.patch b/unzip-5.52-near-4GB2.patch new file mode 100644 index 0000000..bc6da00 --- /dev/null +++ b/unzip-5.52-near-4GB2.patch @@ -0,0 +1,11 @@ +--- unzip-5.52/list.c.pom 2006-02-06 09:39:47.622466528 +0100 ++++ unzip-5.52/list.c 2006-02-06 09:57:00.813397632 +0100 +@@ -76,7 +76,7 @@ + static ZCONST char Far ShortHdrStats[] = + "%9lu %02u%c%02u%c%02u %02u:%02u %c"; + static ZCONST char Far ShortFileTrailer[] = " -------- \ +- -------\n%9lu %lu file%s\n"; ++ -------\n%9ju %lu file%s\n"; + #endif /* ?OS2_EAS */ + #endif /* !WINDLL */ + diff --git a/unzip.spec b/unzip.spec index 0d44da6..85f8231 100644 --- a/unzip.spec +++ b/unzip.spec @@ -1,7 +1,7 @@ Summary: A utility for unpacking zip files. Name: unzip Version: 5.52 -Release: 1 +Release: 2 License: BSD Group: Applications/Archiving Source: ftp://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz @@ -10,6 +10,8 @@ Patch2: unzip-5.51-link-segv.patch Patch3: unzip-5.51-link-segv2.patch Patch6: unzip-5.52-toctou.patch Patch7: unzip-5.52-near-4GB.patch +Patch8: unzip-5.52-near-4GB2.patch +Patch9: unzip-5.52-long-filename.patch URL: http://www.info-zip.org/pub/infozip/UnZip.html BuildRoot: %{_tmppath}/%{name}-%{version}-root @@ -31,6 +33,8 @@ a zip archive. %patch3 -p1 -b .morn %patch6 -p1 -b .toctou %patch7 -p1 -b .4GB +%patch8 -p1 -b .4GB2 +%patch9 -p1 -b .lfn ln -s unix/Makefile Makefile %build @@ -51,7 +55,11 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/*/* %changelog -* Thu Dec 22 2005 Ivana Varekova 5.52-1 +* Mon Feb 6 2006 Ivana Varekova 5.52-2 +- fix bug 180078 - unzip -l causing error +- fix CVE-2005-4667 - unzip long file name buffer overflow + +* Thu Dec 22 2005 Ivana Varekova 5.52-1 - update to 5.52 * Fri Dec 09 2005 Jesse Keating