Fix: overlaping strcpy

Related: RHEL-44646

sast.patch

@@ -0,0 +1,11 @@
+--- ./util.c.old	2025-01-28 14:32:33.064491685 +0100
++++ ./util.c	2025-01-28 14:34:51.331444527 +0100
+@@ -862,7 +862,7 @@
+ 
+             /* remove escape characters */
+             while ((argstart = MBSCHR(argstart, '\\')) != NULL) {
+-                strcpy(argstart, argstart + 1);
++                memmove(argstart, argstart +1, strlen(argstart)+1);
+                 if (*argstart)
+                     ++argstart;
+             }

zip.spec

@@ -1,7 +1,7 @@
 Summary: A file compression and packaging utility compatible with PKZIP
 Name: zip
 Version: 3.0
-Release: 43%{?dist}
+Release: 44%{?dist}
 License: Info-ZIP
 Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz
 URL: http://www.info-zip.org/Zip.html
@@ -19,6 +19,7 @@ Patch6: zipnote.patch
 Patch7: zip-gnu89-build.patch
 Patch8: buffer_overflow.patch
 Patch9: zip-3.0-configure.patch
+Patch10: sast.patch
 BuildRequires: make
 BuildRequires: bzip2-devel, gcc
 Requires: unzip
@@ -43,6 +44,7 @@ program.
 %patch 7 -p1
 %patch 8 -p1
 %patch 9 -p1
+%patch 10 -p1
 
 %build
 #Remove assembly file to force the c implementation of the crc functions
@@ -73,6 +75,10 @@ mkdir -p $RPM_BULD_ROOT%{_mandir}/man1
 %{_mandir}/man1/zipsplit.1*
 
 %changelog
+* Tue Jan 28 2025 Jakub Martisko <jamartis@redhat.com> - 3.0-44
+- Fix overlaping strcpy
+  Resolves: RHEL-44646
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.0-43
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018