diff --git a/buffer_overflow.patch b/buffer_overflow.patch new file mode 100644 index 0000000..2ee3fff --- /dev/null +++ b/buffer_overflow.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/zip-3.0-man-strip-extra.patch b/zip-3.0-man-strip-extra.patch new file mode 100644 index 0000000..abb9f7c --- /dev/null +++ b/zip-3.0-man-strip-extra.patch @@ -0,0 +1,11 @@ +--- ./man/zip.1.old 2024-12-11 10:51:22.837845520 +0100 ++++ ./man/zip.1 2024-12-11 10:51:34.458142392 +0100 +@@ -2297,7 +2297,7 @@ + .B \-X + .TP + .PD +-.B \-\-no\-extra ++.B \-\-strip\-extra + Do not save extra file attributes (Extended Attributes on OS/2, uid/gid + and file times on Unix). The zip format uses extra fields to include + additional information for each entry. Some extra fields are specific diff --git a/zip-gnu89-build.patch b/zip-gnu89-build.patch new file mode 100644 index 0000000..65ee7a7 --- /dev/null +++ b/zip-gnu89-build.patch @@ -0,0 +1,15 @@ +zip uses C89-only features, so it needs to be built in C89 mode. + +diff --git a/unix/Makefile b/unix/Makefile +index 86cf54bf0f56cea9..244390893eab5fc6 100644 +--- a/unix/Makefile ++++ b/unix/Makefile +@@ -202,7 +202,7 @@ generic: flags + eval $(MAKE) $(MAKEF) zips `cat flags` + + generic_gcc: +- $(MAKE) $(MAKEF) generic CC=gcc CPP="gcc -E" ++ $(MAKE) $(MAKEF) generic CC="gcc -std=gnu89" CPP="gcc -E" + + # AT&T 6300 PLUS (don't know yet how to allocate 64K bytes): + att6300nodir: diff --git a/zip.spec b/zip.spec index fb0c43a..c1b23e3 100644 --- a/zip.spec +++ b/zip.spec @@ -1,8 +1,8 @@ Summary: A file compression and packaging utility compatible with PKZIP Name: zip Version: 3.0 -Release: 28%{?dist} -License: BSD +Release: 44%{?dist} +License: Info-ZIP Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz URL: http://www.info-zip.org/Zip.html @@ -16,6 +16,9 @@ Patch3: zip-3.0-time.patch Patch4: man.patch Patch5: zip-3.0-format-security.patch Patch6: zipnote.patch +Patch7: zip-gnu89-build.patch +Patch8: buffer_overflow.patch +Patch9: zip-3.0-man-strip-extra.patch BuildRequires: make BuildRequires: bzip2-devel, gcc Requires: unzip @@ -31,22 +34,25 @@ program. %prep %setup -q -n zip30 -%patch1 -p1 -b .exec-shield -%patch2 -p1 -b .currdir -%patch3 -p1 -b .time -%patch4 -p1 -b .man -%patch5 -p1 -b .format-security -%patch6 -p1 -b .zipnote +%patch -P1 -p1 -b .exec-shield +%patch -P2 -p1 -b .currdir +%patch -P3 -p1 -b .time +%patch -P4 -p1 -b .man +%patch -P5 -p1 -b .format-security +%patch -P6 -p1 -b .zipnote +%patch -P7 -p1 -b .gnu89-build +%patch -P8 -p1 +%patch -P9 -p1 %build -make -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %{?_smp_mflags} +%{make_build} -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc %install mkdir -p $RPM_BUILD_ROOT%{_bindir} mkdir -p $RPM_BULD_ROOT%{_mandir}/man1 -make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \ - MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 install +%{make_install} -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \ + MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 %files %license LICENSE @@ -62,6 +68,55 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} \ %{_mandir}/man1/zipsplit.1* %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 3.0-44 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Sun Jan 19 2025 Fedora Release Engineering - 3.0-43 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Dec 11 2024 Jakub Martisko - 3.0-42 +- Fix teh manpage: --no-extra option is actually called --strip-extra + +* Sat Jul 20 2024 Fedora Release Engineering - 3.0-41 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 3.0-40 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Sep 18 2023 Jakub Martisko - 3.0-39 +- Fixc buffer overflow in unicode file names +Resolves: rhbz#2165653 + +* Sat Jul 22 2023 Fedora Release Engineering - 3.0-38 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Apr 13 2023 Lukáš Zaoral - 3.0-37 +- migrate to SPDX license format + +* Sat Jan 21 2023 Fedora Release Engineering - 3.0-36 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Fri Nov 18 2022 Florian Weimer - 3.0-35 +- Really build with -std=gnu89 (#2143565) + +* Thu Nov 17 2022 Florian Weimer - 3.0-34 +- Build with -std=gnu89 (#2143565) + +* Sat Jul 23 2022 Fedora Release Engineering - 3.0-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 3.0-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Jul 23 2021 Fedora Release Engineering - 3.0-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Fri Mar 05 2021 Jakub Martisko - 3.0-30 +- Use generic build instead of generic_gcc + +* Fri Mar 05 2021 Jakub Martisko - 3.0-29 +- Use build macros + * Thu Jan 28 2021 Fedora Release Engineering - 3.0-28 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild