From 76eceb70eabb3f7fb409e4cefb864fd393b19f43 Mon Sep 17 00:00:00 2001 From: Silvan Calarco Date: Fri, 5 Jan 2024 20:04:55 +0100 Subject: [PATCH] added patches from Fedora [release 3.0-2mamba;Wed Oct 04 2023] --- zip-3.0-buffer_overflow.patch | 12 ++++++++++++ zip-3.0-currdir.patch | 12 ++++++++++++ zip-3.0-exec-shield.patch | 20 ++++++++++++++++++++ zip-3.0-format-security.patch | 20 ++++++++++++++++++++ zip-3.0-zipnote.patch | 13 +++++++++++++ zip.spec | 28 +++++++++++++++++++++------- 6 files changed, 98 insertions(+), 7 deletions(-) create mode 100644 zip-3.0-buffer_overflow.patch create mode 100644 zip-3.0-currdir.patch create mode 100644 zip-3.0-exec-shield.patch create mode 100644 zip-3.0-format-security.patch create mode 100644 zip-3.0-zipnote.patch diff --git a/zip-3.0-buffer_overflow.patch b/zip-3.0-buffer_overflow.patch new file mode 100644 index 0000000..2ee3fff --- /dev/null +++ b/zip-3.0-buffer_overflow.patch @@ -0,0 +1,12 @@ +diff -urp zip30/fileio.c zip30/fileio.c +--- zip30/fileio.c 2008-05-29 03:13:24.000000000 +0300 ++++ zip30/fileio.c 2023-05-02 12:19:50.488314853 +0300 +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/zip-3.0-currdir.patch b/zip-3.0-currdir.patch new file mode 100644 index 0000000..40da32e --- /dev/null +++ b/zip-3.0-currdir.patch @@ -0,0 +1,12 @@ +diff -up zip30/util.c.currdir zip30/util.c +--- zip30/util.c.currdir 2009-11-16 12:42:17.783961701 +0100 ++++ zip30/util.c 2009-11-16 12:42:58.185960707 +0100 +@@ -493,6 +493,8 @@ int cs; /* force case-se + /* Compare the sh pattern p with the string s and return true if they match, + false if they don't or if there is a syntax error in the pattern. */ + { ++ while (s[0] == '.' && s[1] == '/') ++ s += 2; /* strip redundant leading "./" sections */ + return recmatch(p, s, cs) == 1; + } + diff --git a/zip-3.0-exec-shield.patch b/zip-3.0-exec-shield.patch new file mode 100644 index 0000000..05c1a6c --- /dev/null +++ b/zip-3.0-exec-shield.patch @@ -0,0 +1,20 @@ +diff -up zip30/crc_i386.S.exec_shield zip30/crc_i386.S +--- zip30/crc_i386.S.exec_shield 2009-11-13 18:37:45.000000000 +0100 ++++ zip30/crc_i386.S 2009-11-13 18:39:54.435390166 +0100 +@@ -302,3 +302,6 @@ _crc32: /* ulg c + #endif /* i386 || _i386 || _I386 || __i386 */ + + #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */ ++ ++.section .note.GNU-stack, "", @progbits ++.previous +diff -up zip30/match.S.exec_shield zip30/match.S +--- zip30/match.S.exec_shield 2005-01-28 10:40:14.000000000 +0100 ++++ zip30/match.S 2009-11-13 18:39:48.570389058 +0100 +@@ -405,3 +405,6 @@ L__return: + #endif /* i386 || _I386 || _i386 || __i386 */ + + #endif /* !USE_ZLIB */ ++ ++.section .note.GNU-stack, "", @progbits ++.previous diff --git a/zip-3.0-format-security.patch b/zip-3.0-format-security.patch new file mode 100644 index 0000000..54ce2e6 --- /dev/null +++ b/zip-3.0-format-security.patch @@ -0,0 +1,20 @@ +--- a/zip.c ++++ a/zip.c +@@ -1028,7 +1028,7 @@ local void help_extended() + + for (i = 0; i < sizeof(text)/sizeof(char *); i++) + { +- printf(text[i]); ++ printf("%s", text[i]); + putchar('\n'); + } + #ifdef DOS +@@ -1225,7 +1225,7 @@ local void version_info() + CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE); + for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++) + { +- printf(cryptnote[i]); ++ printf("%s", cryptnote[i]); + putchar('\n'); + } + ++i; /* crypt support means there IS at least one compilation option */ diff --git a/zip-3.0-zipnote.patch b/zip-3.0-zipnote.patch new file mode 100644 index 0000000..4177a7d --- /dev/null +++ b/zip-3.0-zipnote.patch @@ -0,0 +1,13 @@ +diff --git a/zipnote.c b/zipnote.c +index 5e02cb6..996f012 100644 +--- a/zipnote.c ++++ b/zipnote.c +@@ -661,7 +661,7 @@ char **argv; /* command line tokens */ + if ((r = zipcopy(z)) != ZE_OK) + ziperr(r, "was copying an entry"); + } +- fclose(x); ++ fclose(in_file); + + /* Write central directory and end of central directory with new comments */ + if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */ diff --git a/zip.spec b/zip.spec index a34d10f..2d97509 100644 --- a/zip.spec +++ b/zip.spec @@ -3,32 +3,42 @@ Name: zip Version: 3.0 -Release: 1mamba +Release: 2mamba Summary: A file compression and packaging utility compatible with PKZIP Group: Applications/Archiving Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco -URL: http://www.info-zip.org/pub/infozip/ +URL: https://infozip.sourceforge.net/ Source: http://downloads.sourceforge.net/project/infozip/Zip3.x%28latest%29/%{version}/zip%{majver}%{minver}.tar.gz +Patch0: zip-3.0-currdir.patch +Patch1: zip-3.0-exec-shield.patch +Patch2: zip-3.0-format-security.patch +Patch3: zip-3.0-zipnote.patch +Patch4: zip-3.0-buffer_overflow.patch License: BSD ## AUTOBUILDREQ-BEGIN BuildRequires: glibc-devel BuildRequires: libbzip2-devel ## AUTOBUILDREQ-END -BuildRoot: %{_tmppath}/%{name}-%{version}-root %description The zip program is a compression and file packaging utility. Zip is analogous to a combination of the UNIX tar and compress commands and is compatible with PKZIP. Install the zip package if you need to compress files using the zip program. +%debug_package + %prep -%setup -n %{name}%{majver}%{minver} +%setup -q -n %{name}%{majver}%{minver} +%patch 0 -p1 -b .currdir +%patch 1 -p1 -b .exec-shield +%patch 2 -p1 -b .format-security +%patch 3 -p1 -b .zipnote +%patch 4 -p1 -b .buffer_overflow %build -#CFLAGS="%{optflags}" \ -make -f unix/Makefile zips CC=%{_host}-gcc +make -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX %{optflags}" generic_gcc %install [ "%{buildroot}" != / ] && rm -rf %{buildroot} @@ -46,9 +56,13 @@ make -f unix/Makefile zips CC=%{_host}-gcc install \ %{_bindir}/zipnote %{_bindir}/zipsplit %{_mandir}/man1/zip*.* -%doc BUGS CHANGES LICENSE README TODO WHATSNEW WHERE +%doc LICENSE +#BUGS CHANGES README TODO WHATSNEW WHERE %changelog +* Wed Oct 04 2023 Silvan Calarco 3.0-2mamba +- added patches from Fedora + * Thu Jan 14 2010 Davide Madrisan 3.0-1mamba - update to 3.0