From a58134bd839b511e423ea8d4405fe37c87e46eae Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 14 May 2025 19:33:05 +0000
Subject: [PATCH] import UBI zip-3.0-44.el10

---
 .gitignore             |   2 +-
 buffer_overflow.patch  |  12 ++++
 gating.yaml            |   6 --
 sast.patch             |  11 ++++
 zip-3.0-covscan1.patch |  24 --------
 zip-gnu89-build.patch  |  15 +++++
 zip.spec               | 127 ++++++++++++++++++++++++++++++++---------
 7 files changed, 138 insertions(+), 59 deletions(-)
 create mode 100644 buffer_overflow.patch
 delete mode 100644 gating.yaml
 create mode 100644 sast.patch
 delete mode 100644 zip-3.0-covscan1.patch
 create mode 100644 zip-gnu89-build.patch

diff --git a/.gitignore b/.gitignore
index a03cd68..fc341fe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-/zip30.tar.gz
+zip30.tar.gz
diff --git a/buffer_overflow.patch b/buffer_overflow.patch
new file mode 100644
index 0000000..2ee3fff
--- /dev/null
+++ b/buffer_overflow.patch
@@ -0,0 +1,12 @@
+diff -urp zip30/fileio.c zip30/fileio.c
+--- zip30/fileio.c	2008-05-29 03:13:24.000000000 +0300
++++ zip30/fileio.c	2023-05-02 12:19:50.488314853 +0300
+@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin
+   if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) {
+     ZIPERR(ZE_MEM, "local_to_wide_string");
+   }
+-  wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1);
++  wsize = mbstowcs(wc_string, local_string, wsize + 1);
+   wc_string[wsize] = (wchar_t) 0;
+ 
+   /* in case wchar_t is not zwchar */
diff --git a/gating.yaml b/gating.yaml
deleted file mode 100644
index 6985029..0000000
--- a/gating.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
---- !Policy
-product_versions:
-  - rhel-8
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}
diff --git a/sast.patch b/sast.patch
new file mode 100644
index 0000000..1afd7b7
--- /dev/null
+++ b/sast.patch
@@ -0,0 +1,11 @@
+--- ./util.c.old	2025-01-28 14:32:33.064491685 +0100
++++ ./util.c	2025-01-28 14:34:51.331444527 +0100
+@@ -862,7 +862,7 @@
+ 
+             /* remove escape characters */
+             while ((argstart = MBSCHR(argstart, '\\')) != NULL) {
+-                strcpy(argstart, argstart + 1);
++                memmove(argstart, argstart +1, strlen(argstart)+1);
+                 if (*argstart)
+                     ++argstart;
+             }
diff --git a/zip-3.0-covscan1.patch b/zip-3.0-covscan1.patch
deleted file mode 100644
index 30c5847..0000000
--- a/zip-3.0-covscan1.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From b0b6660d474738a23e6ef84afadd4f87793e3ad0 Mon Sep 17 00:00:00 2001
-From: Kamil Dudka <kdudka@redhat.com>
-Date: Tue, 13 Nov 2018 12:57:13 +0100
-Subject: [PATCH] XXX
-
----
- zip.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/zip.h b/zip.h
-index ba03160..d62de9a 100644
---- a/zip.h
-+++ b/zip.h
-@@ -609,7 +609,7 @@ extern int bflag;
- void zipmessage_nl OF((ZCONST char *, int));
- void zipmessage OF((ZCONST char *, ZCONST char *));
- void zipwarn OF((ZCONST char *, ZCONST char *));
--void ziperr OF((int, ZCONST char *));
-+void ziperr OF((int, ZCONST char *)) __attribute__ ((noreturn));
- #ifdef UTIL
- #  define error(msg)    ziperr(ZE_LOGIC, msg)
- #else
--- 
-2.17.2
\ No newline at end of file
diff --git a/zip-gnu89-build.patch b/zip-gnu89-build.patch
new file mode 100644
index 0000000..65ee7a7
--- /dev/null
+++ b/zip-gnu89-build.patch
@@ -0,0 +1,15 @@
+zip uses C89-only features, so it needs to be built in C89 mode.
+
+diff --git a/unix/Makefile b/unix/Makefile
+index 86cf54bf0f56cea9..244390893eab5fc6 100644
+--- a/unix/Makefile
++++ b/unix/Makefile
+@@ -202,7 +202,7 @@ generic: flags
+ 	eval $(MAKE) $(MAKEF) zips `cat flags`
+ 
+ generic_gcc:
+-	$(MAKE) $(MAKEF) generic CC=gcc CPP="gcc -E"
++	$(MAKE) $(MAKEF) generic CC="gcc -std=gnu89" CPP="gcc -E"
+ 
+ # AT&T 6300 PLUS (don't know yet how to allocate 64K bytes):
+ att6300nodir:
diff --git a/zip.spec b/zip.spec
index b483b33..c16a45f 100644
--- a/zip.spec
+++ b/zip.spec
@@ -1,9 +1,8 @@
 Summary: A file compression and packaging utility compatible with PKZIP
 Name: zip
 Version: 3.0
-Release: 23%{?dist}
-License: BSD
-Group: Applications/Archiving
+Release: 44%{?dist}
+License: Info-ZIP
 Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz
 URL: http://www.info-zip.org/Zip.html
 
@@ -17,13 +16,14 @@ Patch3: zip-3.0-time.patch
 Patch4: man.patch
 Patch5: zip-3.0-format-security.patch
 Patch6: zipnote.patch
-Patch7: zip-3.0-configure.patch
-Patch8: zip-3.0-covscan1.patch
-BuildRequires: bzip2-devel
+Patch7: zip-gnu89-build.patch
+Patch8: buffer_overflow.patch
+Patch9: zip-3.0-configure.patch
+Patch10: sast.patch
+BuildRequires: make
+BuildRequires: bzip2-devel, gcc
 Requires: unzip
 
-%global _hardened_build 1
-
 %description
 The zip program is a compression and file packaging utility.  Zip is
 analogous to a combination of the UNIX tar and compress commands and
@@ -35,24 +35,31 @@ program.
 
 %prep
 %setup -q -n zip30
-%patch1 -p1 -b .exec-shield
-%patch2 -p1 -b .currdir
-%patch3 -p1 -b .time
-%patch4 -p1 -b .man
-%patch5 -p1 -b .format-security
-%patch6 -p1 -b .zipnote
-%patch7 -p1 -b .zipconfigure
-%patch8 -p1 -b .covscan1
+%patch 1 -p1
+%patch 2 -p1
+%patch 3 -p1
+%patch 4 -p1
+%patch 5 -p1
+%patch 6 -p1
+%patch 7 -p1
+%patch 8 -p1
+%patch 9 -p1
+%patch 10 -p1
 
 %build
-make -f unix/Makefile generic_gcc refix=%{_prefix} LFLAGS2="$RPM_LD_FLAGS" CFLAGS_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS" %{?_smp_mflags}
+#Remove assembly file to force the c implementation of the crc functions
+#Related to 3.0-33 and 3.0-34
+rm crc_i386.S
+rm match.S
+
+%{make_build} -f unix/Makefile prefix=%{_prefix} CFLAGS_NOOPT="-I. -DUNIX -DNO_ASM $RPM_OPT_FLAGS" LFLAGS2="%{?__global_ldflags}"  generic_gcc %{?_smp_mflags}
 
 %install
 mkdir -p $RPM_BUILD_ROOT%{_bindir}
 mkdir -p $RPM_BULD_ROOT%{_mandir}/man1
 
-make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
-        MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 install
+%{make_install} -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
+        MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1
 
 %files
 %license LICENSE
@@ -68,16 +75,80 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \
 %{_mandir}/man1/zipsplit.1*
 
 %changelog
-* Tue Nov 13 2018 Jakub Martisko <jamartis@redhat.com> - 3.0-23
-- Set the ziperr function as noreturn
-- Fix email in the previous chnagelog entry
-- Related: #1602741
+* Tue Jan 28 2025 Jakub Martisko <jamartis@redhat.com> - 3.0-44
+- Fix overlaping strcpy
+  Resolves: RHEL-44646
 
-* Fri Oct 19 2018 Jakub Martisko <jamartis@redhat.com> - 3.0-22
-- Add missing linker flags
-- Port the configure patch from unzip that allows linker flags configuration
-  from the spec file
-- Related: #1624188
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 3.0-43
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Wed Jul 03 2024 Jakub Martisko <jamartis@redhat.com> - 3.0-42
+- Use C implementation of some functions instead of asm
+- Fix the missing compiler/linker flags
+- Minor spec clean up
+Resolves: RHEL-33526
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 3.0-41
+- Bump release for June 2024 mass rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-40
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Sep 18 2023 Jakub Martisko <jamartis@redhat.com> - 3.0-39
+- Fixc buffer overflow in unicode file names
+Resolves: rhbz#2165653
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-38
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 3.0-37
+- migrate to SPDX license format
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-36
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Fri Nov 18 2022 Florian Weimer <fweimer@redhat.com> - 3.0-35
+- Really build with -std=gnu89 (#2143565)
+
+* Thu Nov 17 2022 Florian Weimer <fweimer@redhat.com> - 3.0-34
+- Build with -std=gnu89 (#2143565)
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-33
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-32
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-31
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Mar 05 2021 Jakub Martisko <jamartis@redhat.com> - 3.0-30
+- Use generic build instead of generic_gcc
+
+* Fri Mar 05 2021 Jakub Martisko <jamartis@redhat.com> - 3.0-29
+- Use build macros
+
+* Thu Jan 28 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-28
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-27
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-26
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-25
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-24
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-23
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Mar 01 2018 Jakub Martisko <jamartis@redhat.com> - 3.0-22
+- Add gcc to buildrequires
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.0-21
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild