[arch-commits] Commit in unzip/repos/extra-x86_64 (18 files)

Jelle van der Waa jelle at archlinux.org
Fri Apr 24 13:12:53 UTC 2020


    Date: Friday, April 24, 2020 @ 13:12:53
  Author: jelle
Revision: 381491

archrelease: copy trunk to extra-x86_64

Added:
  unzip/repos/extra-x86_64/PKGBUILD
    (from rev 381490, unzip/trunk/PKGBUILD)
  unzip/repos/extra-x86_64/crc32.patch
    (from rev 381490, unzip/trunk/crc32.patch)
  unzip/repos/extra-x86_64/csiz-underflow.patch
    (from rev 381490, unzip/trunk/csiz-underflow.patch)
  unzip/repos/extra-x86_64/cve20149636.patch
    (from rev 381490, unzip/trunk/cve20149636.patch)
  unzip/repos/extra-x86_64/empty-input.patch
    (from rev 381490, unzip/trunk/empty-input.patch)
  unzip/repos/extra-x86_64/getZip64Data.patch
    (from rev 381490, unzip/trunk/getZip64Data.patch)
  unzip/repos/extra-x86_64/nextbyte-overflow.patch
    (from rev 381490, unzip/trunk/nextbyte-overflow.patch)
  unzip/repos/extra-x86_64/overflow-fsize.patch
    (from rev 381490, unzip/trunk/overflow-fsize.patch)
  unzip/repos/extra-x86_64/test_compr_eb.patch
    (from rev 381490, unzip/trunk/test_compr_eb.patch)
Deleted:
  unzip/repos/extra-x86_64/PKGBUILD
  unzip/repos/extra-x86_64/crc32.patch
  unzip/repos/extra-x86_64/csiz-underflow.patch
  unzip/repos/extra-x86_64/cve20149636.patch
  unzip/repos/extra-x86_64/empty-input.patch
  unzip/repos/extra-x86_64/getZip64Data.patch
  unzip/repos/extra-x86_64/nextbyte-overflow.patch
  unzip/repos/extra-x86_64/overflow-fsize.patch
  unzip/repos/extra-x86_64/test_compr_eb.patch

-------------------------+
 PKGBUILD                |  130 +++++++++++-----------
 crc32.patch             |   90 +++++++--------
 csiz-underflow.patch    |   64 +++++------
 cve20149636.patch       |   50 ++++----
 empty-input.patch       |   52 ++++----
 getZip64Data.patch      |  266 +++++++++++++++++++++++-----------------------
 nextbyte-overflow.patch |   66 +++++------
 overflow-fsize.patch    |   68 +++++------
 test_compr_eb.patch     |   46 +++----
 9 files changed, 416 insertions(+), 416 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2020-04-24 13:12:35 UTC (rev 381490)
+++ PKGBUILD	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,65 +0,0 @@
-# Maintainer: Lukas Fleischer <lfleischer at archlinux.org>
-# Contributor: Gaetan Bisson <bisson at archlinux.org>
-# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
-# Contributor: Robson Peixoto
-
-pkgname=unzip
-pkgver=6.0
-_pkgver=${pkgver/./}
-pkgrel=13
-pkgdesc='For extracting and viewing files in .zip archives'
-url='http://www.info-zip.org/UnZip.html'
-arch=('x86_64')
-license=('custom')
-depends=('bzip2' 'bash')
-source=("http://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
-        'overflow-fsize.patch'
-        'cve20149636.patch'
-        'test_compr_eb.patch'
-        'getZip64Data.patch'
-        'crc32.patch'
-        'empty-input.patch'
-        'csiz-underflow.patch'
-        'nextbyte-overflow.patch')
-sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22'
-          '2852ce1a9db8d646516f8828436a44d34785a0b3'
-          'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8'
-          '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824'
-          '691d0751bf0bc98cf9f9889dee39baccabefdc4d'
-          '82c9fe9172779a0ee92a187d544e74e8f512b013'
-          '4f77b01454fd2ffa69bfad985bfbdc579ee26010'
-          'dccc6d6a5aed0098031bbd7cc4275ab9b10a2177'
-          'b325fac556abf169264ed5ae364b9136016e43f3')
-
-prepare() {
-	cd "${srcdir}/${pkgname}${_pkgver}"
-	sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
-	patch -p1 -i ../overflow-fsize.patch #FS#44171
-	patch -p1 -i ../cve20149636.patch #FS#44171
-	patch -i ../test_compr_eb.patch # FS#43391
-	patch -i ../getZip64Data.patch # FS#43300
-	patch -i ../crc32.patch # FS#43300
-	patch -p1 -i ../empty-input.patch # FS#46955
-	patch -p1 -i ../csiz-underflow.patch # FS#46955
-	patch -p1 -i ../nextbyte-overflow.patch # FS#46955
-}
-
-build() {
-	cd "${srcdir}/${pkgname}${_pkgver}"
-
-	# DEFINES, make, and install args from Debian
-	DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
-		-DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
-		-DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT'
-
-	make -f unix/Makefile prefix=/usr \
-		D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
-		LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \
-		unzips
-}
-
-package() {
-	cd "${srcdir}/${pkgname}${_pkgver}"
-	make -f unix/Makefile prefix="${pkgdir}"/usr install
-	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
-}

Copied: unzip/repos/extra-x86_64/PKGBUILD (from rev 381490, unzip/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,65 @@
+# Maintainer: Lukas Fleischer <lfleischer at archlinux.org>
+# Contributor: Gaetan Bisson <bisson at archlinux.org>
+# Contributor: Douglas Soares de Andrade <douglas at archlinux.org>
+# Contributor: Robson Peixoto
+
+pkgname=unzip
+pkgver=6.0
+_pkgver=${pkgver/./}
+pkgrel=14
+pkgdesc='For extracting and viewing files in .zip archives'
+url='https://www.info-zip.org/UnZip.html'
+arch=('x86_64')
+license=('custom')
+depends=('bzip2' 'bash')
+source=("https://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
+        'overflow-fsize.patch'
+        'cve20149636.patch'
+        'test_compr_eb.patch'
+        'getZip64Data.patch'
+        'crc32.patch'
+        'empty-input.patch'
+        'csiz-underflow.patch'
+        'nextbyte-overflow.patch')
+sha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22'
+          '2852ce1a9db8d646516f8828436a44d34785a0b3'
+          'e8c0bc17c63eeed97ad62b86845d75c849bcf4f8'
+          '614c3e7fa7d6da7c60ea2aa79e36f4cbd17c3824'
+          '691d0751bf0bc98cf9f9889dee39baccabefdc4d'
+          '82c9fe9172779a0ee92a187d544e74e8f512b013'
+          '4f77b01454fd2ffa69bfad985bfbdc579ee26010'
+          'dccc6d6a5aed0098031bbd7cc4275ab9b10a2177'
+          'b325fac556abf169264ed5ae364b9136016e43f3')
+
+prepare() {
+	cd "${srcdir}/${pkgname}${_pkgver}"
+	sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
+	patch -p1 -i ../overflow-fsize.patch #FS#44171
+	patch -p1 -i ../cve20149636.patch #FS#44171
+	patch -i ../test_compr_eb.patch # FS#43391
+	patch -i ../getZip64Data.patch # FS#43300
+	patch -i ../crc32.patch # FS#43300
+	patch -p1 -i ../empty-input.patch # FS#46955
+	patch -p1 -i ../csiz-underflow.patch # FS#46955
+	patch -p1 -i ../nextbyte-overflow.patch # FS#46955
+}
+
+build() {
+	cd "${srcdir}/${pkgname}${_pkgver}"
+
+	# DEFINES, make, and install args from Debian
+	DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \
+		-DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
+		-DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DNOMEMCPY -DNO_WORKING_ISPRINT'
+
+	make -f unix/Makefile prefix=/usr \
+		D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
+		LF2="$LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \
+		unzips
+}
+
+package() {
+	cd "${srcdir}/${pkgname}${_pkgver}"
+	make -f unix/Makefile prefix="${pkgdir}"/usr install
+	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
+}

Deleted: crc32.patch
===================================================================
--- crc32.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ crc32.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,45 +0,0 @@
---- unzip60/extract.c	2010-04-03 14:41:55 -0500
-+++ unzip60/extract.c	2014-12-03 15:33:35 -0600
-@@ -1,5 +1,5 @@ 
- /*
--  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
-+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
- 
-   See the accompanying file LICENSE, version 2009-Jan-02 or later
-   (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@ 
- #ifndef SFX
-    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
-      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
-+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
-+     EF block length (%u bytes) invalid (< %d)\n";
-    static ZCONST char Far InvalidComprDataEAs[] =
-      " invalid compressed data for EAs\n";
- #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@ 
-         ebID = makeword(ef);
-         ebLen = (unsigned)makeword(ef+EB_LEN);
- 
--        if (ebLen > (ef_len - EB_HEADSIZE)) {
-+        if (ebLen > (ef_len - EB_HEADSIZE))
-+        {
-            /* Discovered some extra field inconsistency! */
-             if (uO.qflag)
-                 Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@ 
-               ebLen, (ef_len - EB_HEADSIZE)));
-             return PK_ERR;
-         }
-+        else if (ebLen < EB_HEADSIZE)
-+        {
-+            /* Extra block length smaller than header length. */
-+            if (uO.qflag)
-+                Info(slide, 1, ((char *)slide, "%-22s ",
-+                  FnFilter1(G.filename)));
-+            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
-+              ebLen, EB_HEADSIZE));
-+            return PK_ERR;
-+        }
- 
-         switch (ebID) {
-             case EF_OS2:

Copied: unzip/repos/extra-x86_64/crc32.patch (from rev 381490, unzip/trunk/crc32.patch)
===================================================================
--- crc32.patch	                        (rev 0)
+++ crc32.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,45 @@
+--- unzip60/extract.c	2010-04-03 14:41:55 -0500
++++ unzip60/extract.c	2014-12-03 15:33:35 -0600
+@@ -1,5 +1,5 @@ 
+ /*
+-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
++  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
+ 
+   See the accompanying file LICENSE, version 2009-Jan-02 or later
+   (the contents of which are also included in unzip.h) for terms of use.
+@@ -298,6 +298,8 @@ 
+ #ifndef SFX
+    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++     EF block length (%u bytes) invalid (< %d)\n";
+    static ZCONST char Far InvalidComprDataEAs[] =
+      " invalid compressed data for EAs\n";
+ #  if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@ 
+         ebID = makeword(ef);
+         ebLen = (unsigned)makeword(ef+EB_LEN);
+ 
+-        if (ebLen > (ef_len - EB_HEADSIZE)) {
++        if (ebLen > (ef_len - EB_HEADSIZE))
++        {
+            /* Discovered some extra field inconsistency! */
+             if (uO.qflag)
+                 Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2032,6 +2035,16 @@ 
+               ebLen, (ef_len - EB_HEADSIZE)));
+             return PK_ERR;
+         }
++        else if (ebLen < EB_HEADSIZE)
++        {
++            /* Extra block length smaller than header length. */
++            if (uO.qflag)
++                Info(slide, 1, ((char *)slide, "%-22s ",
++                  FnFilter1(G.filename)));
++            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
++              ebLen, EB_HEADSIZE));
++            return PK_ERR;
++        }
+ 
+         switch (ebID) {
+             case EF_OS2:

Deleted: csiz-underflow.patch
===================================================================
--- csiz-underflow.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ csiz-underflow.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,32 +0,0 @@
-From: Kamil Dudka <kdudka at redhat.com>
-Date: Tue, 22 Sep 2015 18:52:23 +0200
-Subject: [PATCH] extract: prevent unsigned overflow on invalid input
-Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
-
-Suggested-by: Stefan Cornelius
----
- extract.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
---- a/extract.c
-+++ b/extract.c
-@@ -1257,8 +1257,17 @@
-         if (G.lrec.compression_method == STORED) {
-             zusz_t csiz_decrypted = G.lrec.csize;
- 
--            if (G.pInfo->encrypted)
-+            if (G.pInfo->encrypted) {
-+                if (csiz_decrypted < 12) {
-+                    /* handle the error now to prevent unsigned overflow */
-+                    Info(slide, 0x401, ((char *)slide,
-+                      LoadFarStringSmall(ErrUnzipNoFile),
-+                      LoadFarString(InvalidComprData),
-+                      LoadFarStringSmall2(Inflate)));
-+                    return PK_ERR;
-+                }
-                 csiz_decrypted -= 12;
-+            }
-             if (G.lrec.ucsize != csiz_decrypted) {
-                 Info(slide, 0x401, ((char *)slide,
-                   LoadFarStringSmall2(WrnStorUCSizCSizDiff),

Copied: unzip/repos/extra-x86_64/csiz-underflow.patch (from rev 381490, unzip/trunk/csiz-underflow.patch)
===================================================================
--- csiz-underflow.patch	                        (rev 0)
+++ csiz-underflow.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,32 @@
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Tue, 22 Sep 2015 18:52:23 +0200
+Subject: [PATCH] extract: prevent unsigned overflow on invalid input
+Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1075942
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+
+Suggested-by: Stefan Cornelius
+---
+ extract.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+--- a/extract.c
++++ b/extract.c
+@@ -1257,8 +1257,17 @@
+         if (G.lrec.compression_method == STORED) {
+             zusz_t csiz_decrypted = G.lrec.csize;
+ 
+-            if (G.pInfo->encrypted)
++            if (G.pInfo->encrypted) {
++                if (csiz_decrypted < 12) {
++                    /* handle the error now to prevent unsigned overflow */
++                    Info(slide, 0x401, ((char *)slide,
++                      LoadFarStringSmall(ErrUnzipNoFile),
++                      LoadFarString(InvalidComprData),
++                      LoadFarStringSmall2(Inflate)));
++                    return PK_ERR;
++                }
+                 csiz_decrypted -= 12;
++            }
+             if (G.lrec.ucsize != csiz_decrypted) {
+                 Info(slide, 0x401, ((char *)slide,
+                   LoadFarStringSmall2(WrnStorUCSizCSizDiff),

Deleted: cve20149636.patch
===================================================================
--- cve20149636.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ cve20149636.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,25 +0,0 @@
-diff --git a/extract.c b/extract.c
-index a0a4929..9ef80b3 100644
---- a/extract.c
-+++ b/extract.c
-@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
-     ulg eb_ucsize;
-     uch *eb_ucptr;
-     int r;
-+    ush method;
- 
-     if (compr_offset < 4)                /* field is not compressed: */
-         return PK_OK;                    /* do nothing and signal OK */
-@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
-          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
-         return IZ_EF_TRUNC;               /* no compressed data! */
- 
-+    method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+    if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
-+        return PK_ERR;            /* compressed & uncompressed
-+                                   * should match in STORED
-+                                   * method */
-+
-     if (
- #ifdef INT_16BIT
-         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||

Copied: unzip/repos/extra-x86_64/cve20149636.patch (from rev 381490, unzip/trunk/cve20149636.patch)
===================================================================
--- cve20149636.patch	                        (rev 0)
+++ cve20149636.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,25 @@
+diff --git a/extract.c b/extract.c
+index a0a4929..9ef80b3 100644
+--- a/extract.c
++++ b/extract.c
+@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+     ulg eb_ucsize;
+     uch *eb_ucptr;
+     int r;
++    ush method;
+ 
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata)
+          eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+         return IZ_EF_TRUNC;               /* no compressed data! */
+ 
++    method = makeword(eb + (EB_HEADSIZE + compr_offset));
++    if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
++        return PK_ERR;            /* compressed & uncompressed
++                                   * should match in STORED
++                                   * method */
++
+     if (
+ #ifdef INT_16BIT
+         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||

Deleted: empty-input.patch
===================================================================
--- empty-input.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ empty-input.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,26 +0,0 @@
-From: Kamil Dudka <kdudka at redhat.com>
-Date: Mon, 14 Sep 2015 18:24:56 +0200
-Subject: fix infinite loop when extracting empty bzip2 data
-Bug-Debian: https://bugs.debian.org/802160
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
-Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
-
----
- extract.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
---- a/extract.c
-+++ b/extract.c
-@@ -2728,6 +2728,12 @@
-     int repeated_buf_err;
-     bz_stream bstrm;
- 
-+    if (G.incnt <= 0 && G.csize <= 0L) {
-+        /* avoid an infinite loop */
-+        Trace((stderr, "UZbunzip2() got empty input\n"));
-+        return 2;
-+    }
-+
- #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
-     if (G.redirect_slide)
-         wsize = G.redirect_size, redirSlide = G.redirect_buffer;

Copied: unzip/repos/extra-x86_64/empty-input.patch (from rev 381490, unzip/trunk/empty-input.patch)
===================================================================
--- empty-input.patch	                        (rev 0)
+++ empty-input.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,26 @@
+From: Kamil Dudka <kdudka at redhat.com>
+Date: Mon, 14 Sep 2015 18:24:56 +0200
+Subject: fix infinite loop when extracting empty bzip2 data
+Bug-Debian: https://bugs.debian.org/802160
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
+
+---
+ extract.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/extract.c
++++ b/extract.c
+@@ -2728,6 +2728,12 @@
+     int repeated_buf_err;
+     bz_stream bstrm;
+ 
++    if (G.incnt <= 0 && G.csize <= 0L) {
++        /* avoid an infinite loop */
++        Trace((stderr, "UZbunzip2() got empty input\n"));
++        return 2;
++    }
++
+ #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
+     if (G.redirect_slide)
+         wsize = G.redirect_size, redirSlide = G.redirect_buffer;

Deleted: getZip64Data.patch
===================================================================
--- getZip64Data.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ getZip64Data.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,133 +0,0 @@
---- process.c	2009-03-06 02:25:10.000000000 +0100
-+++ process.c	2014-12-05 22:42:39.000000000 +0100
-@@ -1,5 +1,5 @@ 
- /*
--  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
-+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
- 
-   See the accompanying file LICENSE, version 2009-Jan-02 or later
-   (the contents of which are also included in unzip.h) for terms of use.
-@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
-     and a 4-byte version of disk start number.
-     Sets both local header and central header fields.  Not terribly clever,
-     but it means that this procedure is only called in one place.
-+
-+    2014-12-05 SMS.
-+    Added checks to ensure that enough data are available before calling
-+    makeint64() or makelong().  Replaced various sizeof() values with
-+    simple ("4" or "8") constants.  (The Zip64 structures do not depend
-+    on our variable sizes.)  Error handling is crude, but we should now
-+    stay within the buffer.
-   ---------------------------------------------------------------------------*/
- 
-+#define Z64FLGS 0xffff
-+#define Z64FLGL 0xffffffff
-+
-     if (ef_len == 0 || ef_buf == NULL)
-         return PK_COOL;
- 
-     Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
-       ef_len));
- 
--    while (ef_len >= EB_HEADSIZE) {
-+    while (ef_len >= EB_HEADSIZE)
-+    {
-         eb_id = makeword(EB_ID + ef_buf);
-         eb_len = makeword(EB_LEN + ef_buf);
- 
--        if (eb_len > (ef_len - EB_HEADSIZE)) {
--            /* discovered some extra field inconsistency! */
-+        if (eb_len > (ef_len - EB_HEADSIZE))
-+        {
-+            /* Extra block length exceeds remaining extra field length. */
-             Trace((stderr,
-               "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
-               ef_len - EB_HEADSIZE));
-             break;
-         }
--        if (eb_id == EF_PKSZ64) {
--
-+        if (eb_id == EF_PKSZ64)
-+        {
-           int offset = EB_HEADSIZE;
- 
--          if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
--            G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
--            offset += sizeof(G.crec.ucsize);
-+          if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
-+          {
-+            if (offset+ 8 > ef_len)
-+              return PK_ERR;
-+
-+            G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
-+            offset += 8;
-           }
--          if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
--            G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
--            offset += sizeof(G.crec.csize);
-+
-+          if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
-+          {
-+            if (offset+ 8 > ef_len)
-+              return PK_ERR;
-+
-+            G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
-+            offset += 8;
-           }
--          if (G.crec.relative_offset_local_header == 0xffffffff){
-+
-+          if (G.crec.relative_offset_local_header == Z64FLGL)
-+          {
-+            if (offset+ 8 > ef_len)
-+              return PK_ERR;
-+
-             G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
--            offset += sizeof(G.crec.relative_offset_local_header);
-+            offset += 8;
-           }
--          if (G.crec.disk_number_start == 0xffff){
-+
-+          if (G.crec.disk_number_start == Z64FLGS)
-+          {
-+            if (offset+ 4 > ef_len)
-+              return PK_ERR;
-+
-             G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
--            offset += sizeof(G.crec.disk_number_start);
-+            offset += 4;
-           }
-+#if 0
-+          break;                /* Expect only one EF_PKSZ64 block. */
-+#endif /* 0 */
-         }
- 
--        /* Skip this extra field block */
-+        /* Skip this extra field block. */
-         ef_buf += (eb_len + EB_HEADSIZE);
-         ef_len -= (eb_len + EB_HEADSIZE);
-     }
---- fileio.c	2009-04-20 02:03:44.000000000 +0200
-+++ fileio.c	2014-12-05 22:44:16.000000000 +0100
-@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
- #endif
- static ZCONST char Far ExtraFieldTooLong[] =
-   "warning:  extra field too long (%d).  Ignoring...\n";
-+static ZCONST char Far ExtraFieldCorrupt[] =
-+  "warning:  extra field (type: 0x%04x) corrupt.  Continuing...\n";
- 
- #ifdef WINDLL
-    static ZCONST char Far DiskFullQuery[] =
-@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option)   /*
-             if (readbuf(__G__ (char *)G.extra_field, length) == 0)
-                 return PK_EOF;
-             /* Looks like here is where extra fields are read */
--            getZip64Data(__G__ G.extra_field, length);
-+            if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
-+            {
-+                Info(slide, 0x401, ((char *)slide,
-+                 LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
-+                error = PK_WARN;
-+            }
- #ifdef UNICODE_SUPPORT
-             G.unipath_filename = NULL;
-             if (G.UzO.U_flag < 2) {

Copied: unzip/repos/extra-x86_64/getZip64Data.patch (from rev 381490, unzip/trunk/getZip64Data.patch)
===================================================================
--- getZip64Data.patch	                        (rev 0)
+++ getZip64Data.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,133 @@
+--- process.c	2009-03-06 02:25:10.000000000 +0100
++++ process.c	2014-12-05 22:42:39.000000000 +0100
+@@ -1,5 +1,5 @@ 
+ /*
+-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
++  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
+ 
+   See the accompanying file LICENSE, version 2009-Jan-02 or later
+   (the contents of which are also included in unzip.h) for terms of use.
+@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
+     and a 4-byte version of disk start number.
+     Sets both local header and central header fields.  Not terribly clever,
+     but it means that this procedure is only called in one place.
++
++    2014-12-05 SMS.
++    Added checks to ensure that enough data are available before calling
++    makeint64() or makelong().  Replaced various sizeof() values with
++    simple ("4" or "8") constants.  (The Zip64 structures do not depend
++    on our variable sizes.)  Error handling is crude, but we should now
++    stay within the buffer.
+   ---------------------------------------------------------------------------*/
+ 
++#define Z64FLGS 0xffff
++#define Z64FLGL 0xffffffff
++
+     if (ef_len == 0 || ef_buf == NULL)
+         return PK_COOL;
+ 
+     Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
+       ef_len));
+ 
+-    while (ef_len >= EB_HEADSIZE) {
++    while (ef_len >= EB_HEADSIZE)
++    {
+         eb_id = makeword(EB_ID + ef_buf);
+         eb_len = makeword(EB_LEN + ef_buf);
+ 
+-        if (eb_len > (ef_len - EB_HEADSIZE)) {
+-            /* discovered some extra field inconsistency! */
++        if (eb_len > (ef_len - EB_HEADSIZE))
++        {
++            /* Extra block length exceeds remaining extra field length. */
+             Trace((stderr,
+               "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
+               ef_len - EB_HEADSIZE));
+             break;
+         }
+-        if (eb_id == EF_PKSZ64) {
+-
++        if (eb_id == EF_PKSZ64)
++        {
+           int offset = EB_HEADSIZE;
+ 
+-          if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
+-            G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
+-            offset += sizeof(G.crec.ucsize);
++          if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
++          {
++            if (offset+ 8 > ef_len)
++              return PK_ERR;
++
++            G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
++            offset += 8;
+           }
+-          if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
+-            G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
+-            offset += sizeof(G.crec.csize);
++
++          if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
++          {
++            if (offset+ 8 > ef_len)
++              return PK_ERR;
++
++            G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
++            offset += 8;
+           }
+-          if (G.crec.relative_offset_local_header == 0xffffffff){
++
++          if (G.crec.relative_offset_local_header == Z64FLGL)
++          {
++            if (offset+ 8 > ef_len)
++              return PK_ERR;
++
+             G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
+-            offset += sizeof(G.crec.relative_offset_local_header);
++            offset += 8;
+           }
+-          if (G.crec.disk_number_start == 0xffff){
++
++          if (G.crec.disk_number_start == Z64FLGS)
++          {
++            if (offset+ 4 > ef_len)
++              return PK_ERR;
++
+             G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+-            offset += sizeof(G.crec.disk_number_start);
++            offset += 4;
+           }
++#if 0
++          break;                /* Expect only one EF_PKSZ64 block. */
++#endif /* 0 */
+         }
+ 
+-        /* Skip this extra field block */
++        /* Skip this extra field block. */
+         ef_buf += (eb_len + EB_HEADSIZE);
+         ef_len -= (eb_len + EB_HEADSIZE);
+     }
+--- fileio.c	2009-04-20 02:03:44.000000000 +0200
++++ fileio.c	2014-12-05 22:44:16.000000000 +0100
+@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+ #endif
+ static ZCONST char Far ExtraFieldTooLong[] =
+   "warning:  extra field too long (%d).  Ignoring...\n";
++static ZCONST char Far ExtraFieldCorrupt[] =
++  "warning:  extra field (type: 0x%04x) corrupt.  Continuing...\n";
+ 
+ #ifdef WINDLL
+    static ZCONST char Far DiskFullQuery[] =
+@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option)   /*
+             if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+                 return PK_EOF;
+             /* Looks like here is where extra fields are read */
+-            getZip64Data(__G__ G.extra_field, length);
++            if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
++            {
++                Info(slide, 0x401, ((char *)slide,
++                 LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
++                error = PK_WARN;
++            }
+ #ifdef UNICODE_SUPPORT
+             G.unipath_filename = NULL;
+             if (G.UzO.U_flag < 2) {

Deleted: nextbyte-overflow.patch
===================================================================
--- nextbyte-overflow.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ nextbyte-overflow.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,33 +0,0 @@
-From: Petr Stodulka <pstodulk at redhat.com>
-Date: Mon, 14 Sep 2015 18:23:17 +0200
-Subject: Upstream fix for heap overflow
-Bug-Debian: https://bugs.debian.org/802162
-Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
-Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
-Forwarded: yes
-
----
- crypt.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
---- a/crypt.c
-+++ b/crypt.c
-@@ -465,7 +465,17 @@
-     GLOBAL(pInfo->encrypted) = FALSE;
-     defer_leftover_input(__G);
-     for (n = 0; n < RAND_HEAD_LEN; n++) {
--        b = NEXTBYTE;
-+        /* 2012-11-23 SMS.  (OUSPG report.)
-+         * Quit early if compressed size < HEAD_LEN.  The resulting
-+         * error message ("unable to get password") could be improved,
-+         * but it's better than trying to read nonexistent data, and
-+         * then continuing with a negative G.csize.  (See
-+         * fileio.c:readbyte()).
-+         */
-+        if ((b = NEXTBYTE) == (ush)EOF)
-+        {
-+            return PK_ERR;
-+        }
-         h[n] = (uch)b;
-         Trace((stdout, " (%02x)", h[n]));
-     }

Copied: unzip/repos/extra-x86_64/nextbyte-overflow.patch (from rev 381490, unzip/trunk/nextbyte-overflow.patch)
===================================================================
--- nextbyte-overflow.patch	                        (rev 0)
+++ nextbyte-overflow.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,33 @@
+From: Petr Stodulka <pstodulk at redhat.com>
+Date: Mon, 14 Sep 2015 18:23:17 +0200
+Subject: Upstream fix for heap overflow
+Bug-Debian: https://bugs.debian.org/802162
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
+Forwarded: yes
+
+---
+ crypt.c | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+--- a/crypt.c
++++ b/crypt.c
+@@ -465,7 +465,17 @@
+     GLOBAL(pInfo->encrypted) = FALSE;
+     defer_leftover_input(__G);
+     for (n = 0; n < RAND_HEAD_LEN; n++) {
+-        b = NEXTBYTE;
++        /* 2012-11-23 SMS.  (OUSPG report.)
++         * Quit early if compressed size < HEAD_LEN.  The resulting
++         * error message ("unable to get password") could be improved,
++         * but it's better than trying to read nonexistent data, and
++         * then continuing with a negative G.csize.  (See
++         * fileio.c:readbyte()).
++         */
++        if ((b = NEXTBYTE) == (ush)EOF)
++        {
++            return PK_ERR;
++        }
+         h[n] = (uch)b;
+         Trace((stdout, " (%02x)", h[n]));
+     }

Deleted: overflow-fsize.patch
===================================================================
--- overflow-fsize.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ overflow-fsize.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,34 +0,0 @@
-t a/list.c b/list.c
-index f7359c3..4c3d703 100644
---- a/list.c
-+++ b/list.c
-@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type error code */
- {
-     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
- #ifndef WINDLL
--    char sgn, cfactorstr[10];
-+    char sgn, cfactorstr[13];
-     int longhdr=(uO.vflag>1);
- #endif
-     int date_format;
-@@ -339,7 +339,19 @@ int list_files(__G)    /* return PK-type error code */
-                 G.crec.compression_method == ENHDEFLATED) {
-                 methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
-             } else if (methnum >= NUM_METHODS) {
--                sprintf(&methbuf[4], "%03u", G.crec.compression_method);
-+                /* 2013-02-26 SMS.
-+                 * http://sourceforge.net/tracker/?func=detail
-+                 *  &aid=2861648&group_id=118012&atid=679786
-+                 * Unexpectedly large compression methods overflow
-+                 * &methbuf[].  Use the old, three-digit decimal format
-+                 * for values which fit.  Otherwise, sacrifice the
-+                 * colon, and use four-digit hexadecimal.
-+                 */
-+                if (G.crec.compression_method <= 999) {
-+                    sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
-+                } else {
-+                    sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
-+                }
-             }
- 
- #if 0       /* GRR/Euro:  add this? */

Copied: unzip/repos/extra-x86_64/overflow-fsize.patch (from rev 381490, unzip/trunk/overflow-fsize.patch)
===================================================================
--- overflow-fsize.patch	                        (rev 0)
+++ overflow-fsize.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,34 @@
+t a/list.c b/list.c
+index f7359c3..4c3d703 100644
+--- a/list.c
++++ b/list.c
+@@ -97,7 +97,7 @@ int list_files(__G)    /* return PK-type error code */
+ {
+     int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+-    char sgn, cfactorstr[10];
++    char sgn, cfactorstr[13];
+     int longhdr=(uO.vflag>1);
+ #endif
+     int date_format;
+@@ -339,7 +339,19 @@ int list_files(__G)    /* return PK-type error code */
+                 G.crec.compression_method == ENHDEFLATED) {
+                 methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
+             } else if (methnum >= NUM_METHODS) {
+-                sprintf(&methbuf[4], "%03u", G.crec.compression_method);
++                /* 2013-02-26 SMS.
++                 * http://sourceforge.net/tracker/?func=detail
++                 *  &aid=2861648&group_id=118012&atid=679786
++                 * Unexpectedly large compression methods overflow
++                 * &methbuf[].  Use the old, three-digit decimal format
++                 * for values which fit.  Otherwise, sacrifice the
++                 * colon, and use four-digit hexadecimal.
++                 */
++                if (G.crec.compression_method <= 999) {
++                    sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
++                } else {
++                    sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
++                }
+             }
+ 
+ #if 0       /* GRR/Euro:  add this? */

Deleted: test_compr_eb.patch
===================================================================
--- test_compr_eb.patch	2020-04-24 13:12:35 UTC (rev 381490)
+++ test_compr_eb.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -1,23 +0,0 @@
---- extract.c	2009-03-14 02:32:52.000000000 +0100
-+++ extract.c	2014-12-05 22:43:13.000000000 +0100
-@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si
-     if (compr_offset < 4)                /* field is not compressed: */
-         return PK_OK;                    /* do nothing and signal OK */
- 
-+    /* Return no/bad-data error status if any problem is found:
-+     *    1. eb_size is too small to hold the uncompressed size
-+     *       (eb_ucsize).  (Else extract eb_ucsize.)
-+     *    2. eb_ucsize is zero (invalid).  2014-12-04 SMS.
-+     *    3. eb_ucsize is positive, but eb_size is too small to hold
-+     *       the compressed data header.
-+     */
-     if ((eb_size < (EB_UCSIZE_P + 4)) ||
--        ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
--         eb_size <= (compr_offset + EB_CMPRHEADLEN)))
--        return IZ_EF_TRUNC;               /* no compressed data! */
-+     ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
-+     ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
-+        return IZ_EF_TRUNC;             /* no/bad compressed data! */
- 
-     if (
- #ifdef INT_16BIT

Copied: unzip/repos/extra-x86_64/test_compr_eb.patch (from rev 381490, unzip/trunk/test_compr_eb.patch)
===================================================================
--- test_compr_eb.patch	                        (rev 0)
+++ test_compr_eb.patch	2020-04-24 13:12:53 UTC (rev 381491)
@@ -0,0 +1,23 @@
+--- extract.c	2009-03-14 02:32:52.000000000 +0100
++++ extract.c	2014-12-05 22:43:13.000000000 +0100
+@@ -2221,10 +2234,17 @@ static int test_compr_eb(__G__ eb, eb_si
+     if (compr_offset < 4)                /* field is not compressed: */
+         return PK_OK;                    /* do nothing and signal OK */
+ 
++    /* Return no/bad-data error status if any problem is found:
++     *    1. eb_size is too small to hold the uncompressed size
++     *       (eb_ucsize).  (Else extract eb_ucsize.)
++     *    2. eb_ucsize is zero (invalid).  2014-12-04 SMS.
++     *    3. eb_ucsize is positive, but eb_size is too small to hold
++     *       the compressed data header.
++     */
+     if ((eb_size < (EB_UCSIZE_P + 4)) ||
+-        ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L &&
+-         eb_size <= (compr_offset + EB_CMPRHEADLEN)))
+-        return IZ_EF_TRUNC;               /* no compressed data! */
++     ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) ||
++     ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
++        return IZ_EF_TRUNC;             /* no/bad compressed data! */
+ 
+     if (
+ #ifdef INT_16BIT


More information about the arch-commits mailing list