diff --git a/buffer_overflow.patch b/buffer_overflow.patch new file mode 100644 index 0000000..2ee3fff --- /dev/null +++ b/buffer_overflow.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/zip-3.0-man-strip-extra.patch b/zip-3.0-man-strip-extra.patch new file mode 100644 index 0000000..abb9f7c --- /dev/null +++ b/zip-3.0-man-strip-extra.patch @@ -0,0 +1,11 @@ +--- ./man/zip.1.old 2024-12-11 10:51:22.837845520 +0100 ++++ ./man/zip.1 2024-12-11 10:51:34.458142392 +0100 +@@ -2297,7 +2297,7 @@ + .B \-X + .TP + .PD +-.B \-\-no\-extra ++.B \-\-strip\-extra + Do not save extra file attributes (Extended Attributes on OS/2, uid/gid + and file times on Unix). The zip format uses extra fields to include + additional information for each entry. Some extra fields are specific diff --git a/zip.spec b/zip.spec index 74966ec..c1b23e3 100644 --- a/zip.spec +++ b/zip.spec @@ -1,8 +1,8 @@ Summary: A file compression and packaging utility compatible with PKZIP Name: zip Version: 3.0 -Release: 36%{?dist} -License: BSD +Release: 44%{?dist} +License: Info-ZIP Source: http://downloads.sourceforge.net/infozip/zip30.tar.gz URL: http://www.info-zip.org/Zip.html @@ -17,6 +17,8 @@ Patch4: man.patch Patch5: zip-3.0-format-security.patch Patch6: zipnote.patch Patch7: zip-gnu89-build.patch +Patch8: buffer_overflow.patch +Patch9: zip-3.0-man-strip-extra.patch BuildRequires: make BuildRequires: bzip2-devel, gcc Requires: unzip @@ -32,13 +34,15 @@ program. %prep %setup -q -n zip30 -%patch1 -p1 -b .exec-shield -%patch2 -p1 -b .currdir -%patch3 -p1 -b .time -%patch4 -p1 -b .man -%patch5 -p1 -b .format-security -%patch6 -p1 -b .zipnote -%patch7 -p1 -b .gnu89-build +%patch -P1 -p1 -b .exec-shield +%patch -P2 -p1 -b .currdir +%patch -P3 -p1 -b .time +%patch -P4 -p1 -b .man +%patch -P5 -p1 -b .format-security +%patch -P6 -p1 -b .zipnote +%patch -P7 -p1 -b .gnu89-build +%patch -P8 -p1 +%patch -P9 -p1 %build %{make_build} -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc @@ -64,6 +68,31 @@ mkdir -p $RPM_BULD_ROOT%{_mandir}/man1 %{_mandir}/man1/zipsplit.1* %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 3.0-44 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + +* Sun Jan 19 2025 Fedora Release Engineering - 3.0-43 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Wed Dec 11 2024 Jakub Martisko - 3.0-42 +- Fix teh manpage: --no-extra option is actually called --strip-extra + +* Sat Jul 20 2024 Fedora Release Engineering - 3.0-41 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 3.0-40 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Mon Sep 18 2023 Jakub Martisko - 3.0-39 +- Fixc buffer overflow in unicode file names +Resolves: rhbz#2165653 + +* Sat Jul 22 2023 Fedora Release Engineering - 3.0-38 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Thu Apr 13 2023 Lukáš Zaoral - 3.0-37 +- migrate to SPDX license format + * Sat Jan 21 2023 Fedora Release Engineering - 3.0-36 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild