import UBI zip-3.0-44.el10

2025-05-14 19:33:05 +00:00 · 2025-05-14 19:33:05 +00:00 · a58134bd83
commit a58134bd83
parent b675e14d1a
7 changed files with 138 additions and 59 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-/zip30.tar.gz
+zip30.tar.gz
--- a/buffer_overflow.patch
+++ b/buffer_overflow.patch
@ -0,0 +1,12 @@
+diff -urp zip30/fileio.c zip30/fileio.c
+--- zip30/fileio.c	2008-05-29 03:13:24.000000000 +0300
+++ zip30/fileio.c	2023-05-02 12:19:50.488314853 +0300
+@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin
+   if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) {
+     ZIPERR(ZE_MEM, "local_to_wide_string");
+   }
+-  wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1);
+  wsize = mbstowcs(wc_string, local_string, wsize + 1);
+   wc_string[wsize] = (wchar_t) 0;
+ 
+   /* in case wchar_t is not zwchar */
--- a/gating.yaml
+++ b/gating.yaml
@ -1,6 +0,0 @@
--- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
--- a/sast.patch
+++ b/sast.patch
@ -0,0 +1,11 @@
+--- ./util.c.old	2025-01-28 14:32:33.064491685 +0100
+++ ./util.c	2025-01-28 14:34:51.331444527 +0100
+@@ -862,7 +862,7 @@
+ 
+             /* remove escape characters */
+             while ((argstart = MBSCHR(argstart, '\\')) != NULL) {
+-                strcpy(argstart, argstart + 1);
+                memmove(argstart, argstart +1, strlen(argstart)+1);
+                 if (*argstart)
+                     ++argstart;
+             }
--- a/zip-3.0-covscan1.patch
+++ b/zip-3.0-covscan1.patch
@ -1,24 +0,0 @@
-From b0b6660d474738a23e6ef84afadd4f87793e3ad0 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 13 Nov 2018 12:57:13 +0100
-Subject: [PATCH] XXX
-
---
- zip.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/zip.h b/zip.h
-index ba03160..d62de9a 100644
--- a/zip.h
-+++ b/zip.h
-@@ -609,7 +609,7 @@ extern int bflag;
- void zipmessage_nl OF((ZCONST char *, int));
- void zipmessage OF((ZCONST char *, ZCONST char *));
- void zipwarn OF((ZCONST char *, ZCONST char *));
-void ziperr OF((int, ZCONST char *));
-+void ziperr OF((int, ZCONST char *)) __attribute__ ((noreturn));
- #ifdef UTIL
- #  define error(msg)    ziperr(ZE_LOGIC, msg)
- #else
-- 
-2.17.2
--- a/zip-gnu89-build.patch
+++ b/zip-gnu89-build.patch
@ -0,0 +1,15 @@
+zip uses C89-only features, so it needs to be built in C89 mode.
+
+diff --git a/unix/Makefile b/unix/Makefile
+index 86cf54bf0f56cea9..244390893eab5fc6 100644
+--- a/unix/Makefile
+++ b/unix/Makefile
+@@ -202,7 +202,7 @@ generic: flags
+ 	eval $(MAKE) $(MAKEF) zips `cat flags`
+ 
+ generic_gcc:
+-	$(MAKE) $(MAKEF) generic CC=gcc CPP="gcc -E"
+	$(MAKE) $(MAKEF) generic CC="gcc -std=gnu89" CPP="gcc -E"
+ 
+ # AT&T 6300 PLUS (don't know yet how to allocate 64K bytes):
+ att6300nodir:
--- a/zip.spec
+++ b/zip.spec
@ -1,9 +1,8 @@
 Summary: A file compression and packaging utility compatible with PKZIP
 Name: zip
 Version: 3.0
-Release: 23%{?dist}
-License: BSD
-Group: Applications/Archiving
+Release: 44%{?dist}
+License: Info-ZIP
 Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz
 URL: http://www.info-zip.org/Zip.html

@ -17,13 +16,14 @@ Patch3: zip-3.0-time.patch
 Patch4: man.patch
 Patch5: zip-3.0-format-security.patch
 Patch6: zipnote.patch
-Patch7: zip-3.0-configure.patch
-Patch8: zip-3.0-covscan1.patch
-BuildRequires: bzip2-devel
+Patch7: zip-gnu89-build.patch
+Patch8: buffer_overflow.patch
+Patch9: zip-3.0-configure.patch
+Patch10: sast.patch
+BuildRequires: make
+BuildRequires: bzip2-devel, gcc
 Requires: unzip

-%global _hardened_build 1
-
 %description
 The zip program is a compression and file packaging utility.  Zip is
 analogous to a combination of the UNIX tar and compress commands and
@ -35,24 +35,31 @@ program.

 %prep
 %setup -q -n zip30
-%patch1 -p1 -b .exec-shield
-%patch2 -p1 -b .currdir
-%patch3 -p1 -b .time
-%patch4 -p1 -b .man
-%patch5 -p1 -b .format-security
-%patch6 -p1 -b .zipnote
-%patch7 -p1 -b .zipconfigure
-%patch8 -p1 -b .covscan1
+%patch 1 -p1
+%patch 2 -p1
+%patch 3 -p1
+%patch 4 -p1
+%patch 5 -p1
+%patch 6 -p1
+%patch 7 -p1
+%patch 8 -p1
+%patch 9 -p1
+%patch 10 -p1

 %build
-make -f unix/Makefile generic_gcc refix=%{_prefix} LFLAGS2="$RPM_LD_FLAGS" CFLAGS_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS" %{?_smp_mflags}
+#Remove assembly file to force the c implementation of the crc functions
+#Related to 3.0-33 and 3.0-34
+rm crc_i386.S
+rm match.S
+
+%{make_build} -f unix/Makefile prefix=%{_prefix} CFLAGS_NOOPT="-I. -DUNIX -DNO_ASM $RPM_OPT_FLAGS" LFLAGS2="%{?__global_ldflags}"  generic_gcc %{?_smp_mflags}

 %install
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
 mkdir -p $RPM_BULD_ROOT%{_mandir}/man1

-make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
-        MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 install
+%{make_install} -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
+        MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1

 %files
 %license LICENSE
@ -68,16 +75,80 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
 %{_mandir}/man1/zipsplit.1*

 %changelog
-* Tue Nov 13 2018 Jakub Martisko <jamartis@redhat.com> - 3.0-23
- Set the ziperr function as noreturn
- Fix email in the previous chnagelog entry
- Related: #1602741
+* Tue Jan 28 2025 Jakub Martisko <jamartis@redhat.com> - 3.0-44
+- Fix overlaping strcpy
+  Resolves: RHEL-44646

-* Fri Oct 19 2018 Jakub Martisko <jamartis@redhat.com> - 3.0-22
- Add missing linker flags
- Port the configure patch from unzip that allows linker flags configuration
-  from the spec file
- Related: #1624188
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.0-43
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Wed Jul 03 2024 Jakub Martisko <jamartis@redhat.com> - 3.0-42
+- Use C implementation of some functions instead of asm
+- Fix the missing compiler/linker flags
+- Minor spec clean up
+Resolves: RHEL-33526
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.0-41
+- Bump release for June 2024 mass rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-40
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Sep 18 2023 Jakub Martisko <jamartis@redhat.com> - 3.0-39
+- Fixc buffer overflow in unicode file names
+Resolves: rhbz#2165653
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-38
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 3.0-37
+- migrate to SPDX license format
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Nov 18 2022 Florian Weimer <fweimer@redhat.com> - 3.0-35
+- Really build with -std=gnu89 (#2143565)
+
+* Thu Nov 17 2022 Florian Weimer <fweimer@redhat.com> - 3.0-34
+- Build with -std=gnu89 (#2143565)
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Mar 05 2021 Jakub Martisko <jamartis@redhat.com> - 3.0-30
+- Use generic build instead of generic_gcc
+
+* Fri Mar 05 2021 Jakub Martisko <jamartis@redhat.com> - 3.0-29
+- Use build macros
+
+* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 3.0-22
+- Add gcc to buildrequires

 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild