- fix bug with caseinsensitive matching - #1104018

- fix false positives for build option "-Werror=format-security"
2014-06-04 17:04:55 +02:00 · 2014-06-04 17:04:55 +02:00 · 874f1688f1
commit 874f1688f1
parent 197087d9bc
3 changed files with 133 additions and 1 deletions
--- a/unzip-6.0-caseinsensitive.patch
+++ b/unzip-6.0-caseinsensitive.patch
@ -0,0 +1,28 @@
+diff --git a/match.c b/match.c
+index 6cd656f..bf92d62 100644
+--- a/match.c
+++ b/match.c
+@@ -353,12 +353,12 @@ int cs;                 /* flag: force case-sensitive matching */
+         c = *(p-1);
+       else
+       {
+-        uch cc = (cs ? (uch)*s : case_map((uch)*s));
+        uch cc = (cs ? (uch)*s : to_up((uch)*s));
+         uch uc = (uch) c;
+         if (*(p+1) != '-')
+           for (uc = uc ? uc : (uch)*p; uc <= (uch)*p; uc++)
+             /* compare range */
+-            if ((cs ? uc : case_map(uc)) == cc)
+            if ((cs ? uc : to_up(uc)) == cc)
+               return r ? 0 : recmatch(q + CLEN(q), s + CLEN(s), cs);
+         c = e = 0;                      /* clear range, escape flags */
+       }
+@@ -402,7 +402,7 @@ int cs;                 /* flag: force case-sensitive matching */
+ #endif /* def VMS */
+ 
+   /* Just a character--compare it */
+-  return (cs ? c == *s : case_map((uch)c) == case_map((uch)*s)) ?
+  return (cs ? c == *s : to_up((uch)c) == to_up((uch)*s)) ?
+           recmatch(p, s + CLEN(s), cs) : 0;
+ }
+ 
--- a/unzip-6.0-format-secure.patch
+++ b/unzip-6.0-format-secure.patch
@ -0,0 +1,90 @@
+diff --git a/extract.c b/extract.c
+index eeb2f57..a0a4929 100644
+--- a/extract.c
+++ b/extract.c
+@@ -472,8 +472,8 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+                      */
+                     Info(slide, 0x401, ((char *)slide,
+                       LoadFarString(CentSigMsg), j + blknum*DIR_BLKSIZ + 1));
+-                    Info(slide, 0x401, ((char *)slide,
+-                      LoadFarString(ReportMsg)));
+                    Info(slide, 0x401,
+                         ((char *)slide,"%s", LoadFarString(ReportMsg)));
+                     error_in_archive = PK_BADERR;
+                 }
+                 reached_end = TRUE;     /* ...so no more left to do */
+@@ -752,8 +752,8 @@ int extract_or_test_files(__G)    /* return PK-type error code */
+ 
+ #ifndef SFX
+     if (no_endsig_found) {                      /* just to make sure */
+-        Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+-        Info(slide, 0x401, ((char *)slide, LoadFarString(ReportMsg)));
+        Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+        Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(ReportMsg)));
+         if (!error_in_archive)       /* don't overwrite stronger error */
+             error_in_archive = PK_WARN;
+     }
+diff --git a/list.c b/list.c
+index 15e0011..f7359c3 100644
+--- a/list.c
+++ b/list.c
+@@ -181,7 +181,7 @@ int list_files(__G)    /* return PK-type error code */
+                 Info(slide, 0x401,
+                      ((char *)slide, LoadFarString(CentSigMsg), j));
+                 Info(slide, 0x401,
+-                     ((char *)slide, LoadFarString(ReportMsg)));
+                     ((char *)slide,"%s", LoadFarString(ReportMsg)));
+                 return PK_BADERR;   /* sig not found */
+             }
+         }
+@@ -507,7 +507,8 @@ int list_files(__G)    /* return PK-type error code */
+             && (!G.ecrec.is_zip64_archive)
+             && (memcmp(G.sig, end_central_sig, 4) != 0)
+            ) {          /* just to make sure again */
+-            Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+            Info(slide, 0x401, 
+                 ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+             error_in_archive = PK_WARN;   /* didn't find sig */
+         }
+ 
+@@ -591,7 +592,7 @@ int get_time_stamp(__G__ last_modtime, nmember)  /* return PK-type error code */
+                 Info(slide, 0x401,
+                      ((char *)slide, LoadFarString(CentSigMsg), j));
+                 Info(slide, 0x401,
+-                     ((char *)slide, LoadFarString(ReportMsg)));
+                     ((char *)slide,"%s", LoadFarString(ReportMsg)));
+                 return PK_BADERR;   /* sig not found */
+             }
+         }
+@@ -674,7 +675,7 @@ int get_time_stamp(__G__ last_modtime, nmember)  /* return PK-type error code */
+   ---------------------------------------------------------------------------*/
+ 
+     if (memcmp(G.sig, end_central_sig, 4)) {    /* just to make sure again */
+-        Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+        Info(slide, 0x401, ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+         error_in_archive = PK_WARN;
+     }
+     if (*nmember == 0L && error_in_archive <= PK_WARN)
+diff --git a/zipinfo.c b/zipinfo.c
+index 6e22cc8..ac5c61b 100644
+--- a/zipinfo.c
+++ b/zipinfo.c
+@@ -771,7 +771,7 @@ int zipinfo(__G)   /* return PK-type error code */
+                 Info(slide, 0x401,
+                      ((char *)slide, LoadFarString(CentSigMsg), j));
+                 Info(slide, 0x401,
+-                     ((char *)slide, LoadFarString(ReportMsg)));
+                     ((char *)slide,"%s", LoadFarString(ReportMsg)));
+                 error_in_archive = PK_BADERR;   /* sig not found */
+                 break;
+             }
+@@ -960,7 +960,8 @@ int zipinfo(__G)   /* return PK-type error code */
+             && (!G.ecrec.is_zip64_archive)
+             && (memcmp(G.sig, end_central_sig, 4) != 0)
+            ) {          /* just to make sure again */
+-            Info(slide, 0x401, ((char *)slide, LoadFarString(EndSigMsg)));
+            Info(slide, 0x401, 
+                 ((char *)slide,"%s", LoadFarString(EndSigMsg)));
+             error_in_archive = PK_WARN;   /* didn't find sig */
+         }
+ 
--- a/unzip.spec
+++ b/unzip.spec
@ -1,7 +1,7 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 12%{?dist}
+Release: 13%{?dist}
 License: BSD
 Group: Applications/Archiving
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -24,6 +24,11 @@ Patch6: unzip-6.0-manpage-fix.patch
 Patch7: unzip-6.0-fix-recmatch.patch
 # Update process.c
 Patch8: unzip-6.0-symlink.patch
+# change using of macro "case_map" by "to_up"
+Patch9: unzip-6.0-caseinsensitive.patch
+# downstream fix for "-Werror=format-security"
+# upstream doesn't want hear about this option again
+Patch10: unzip-6.0-format-secure.patch
 URL: http://www.info-zip.org/UnZip.html
 BuildRequires:  bzip2-devel

@ -48,6 +53,8 @@ a zip archive.
 %patch6 -p1 -b .manpage-fix
 %patch7 -p1 -b .recmatch
 %patch8 -p1 -b .symlink
+%patch9 -p1 -b .caseinsensitive
+%patch10 -p1 -b .format-secure

 %build
 make -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags}
@ -63,6 +70,13 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*

 %changelog
+* Wed Jun 04 2014 Petr Stodulka <pstodulk@redhat.com> - 6.0-13
+- Solve problem with non-functional case-insensitive matching
+  (#1104018)
+- Added patch for build option "-Werror=format-security"
+  However solve only false positives - here is not really
+  vulnerable print.
+
 * Mon Oct 21 2013 Petr Stodulka <pstodulk@redhat.com> - 6.0.-12
 - Solve problem with symlink errors in archive with many files
  (#740012,#972427)