commit: 52b1cb8097da659fc1fd84cb4d2e6868d8abee10 parent ce9ba02aa51a3c0b1cfbb91b056e6075c8ded619 Author: Michael Forney <mforney@mforney.org> Date: Sat, 15 Jun 2019 18:15:50 -0700 unzip: Update to 6.0-23 patches from DebianDiffstat:
35 files changed, 1130 insertions(+), 876 deletions(-)diff --git a/pkg/unzip/patch/0001-Drop-L-suffix-from-man-page-sections.patch b/pkg/unzip/patch/0001-Drop-L-suffix-from-man-page-sections.patch@@ -1,319 +0,0 @@ -From 099364ef5cdd7801c9744815ef5ec75f5f267222 Mon Sep 17 00:00:00 2001 -From: Santiago Vila <sanvila@debian.org> -Date: Thu, 16 Jun 2016 22:39:42 -0700 -Subject: [PATCH] Drop L suffix from man page sections - -From 01-manpages-in-section-1-not-in-section-1l in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - man/funzip.1 | 8 ++++---- - man/unzip.1 | 24 ++++++++++++------------ - man/unzipsfx.1 | 32 ++++++++++++++++---------------- - man/zipgrep.1 | 8 ++++---- - man/zipinfo.1 | 10 +++++----- - 5 files changed, 41 insertions(+), 41 deletions(-) - -diff --git a/man/funzip.1 b/man/funzip.1 -index 30206e4..a9b4195 100644 ---- a/man/funzip.1 -+++ b/man/funzip.1 -@@ -20,7 +20,7 @@ - .in -4n - .. - .\" ========================================================================= --.TH FUNZIP 1L "20 April 2009 (v3.95)" "Info-ZIP" -+.TH FUNZIP 1 "20 April 2009 (v3.95)" "Info-ZIP" - .SH NAME - funzip \- filter for extracting from a ZIP archive in a pipe - .PD -@@ -78,7 +78,7 @@ funzip test.zip > /dev/null - .EE - .PP - To use \fIzip\fP and \fIfunzip\fP in place of \fIcompress\fP(1) and --\fIzcat\fP(1) (or \fIgzip\fP(1L) and \fIgzcat\fP(1L)) for tape backups: -+\fIzcat\fP(1) (or \fIgzip\fP(1) and \fIgzcat\fP(1)) for tape backups: - .PP - .EX - tar cf \- . | zip \-7 | dd of=/dev/nrst0 obs=8k -@@ -108,8 +108,8 @@ itself (future release). - .PD - .\" ========================================================================= - .SH "SEE ALSO" --\fIgzip\fP(1L), \fIunzip\fP(1L), \fIunzipsfx\fP(1L), \fIzip\fP(1L), --\fIzipcloak\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) -+\fIgzip\fP(1), \fIunzip\fP(1), \fIunzipsfx\fP(1), \fIzip\fP(1), -+\fIzipcloak\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) - .PD - .\" ========================================================================= - .SH URL -diff --git a/man/unzip.1 b/man/unzip.1 -index 75a7060..eee43a9 100644 ---- a/man/unzip.1 -+++ b/man/unzip.1 -@@ -20,7 +20,7 @@ - .in -4n - .. - .\" ========================================================================= --.TH UNZIP 1L "20 April 2009 (v6.0)" "Info-ZIP" -+.TH UNZIP 1 "20 April 2009 (v6.0)" "Info-ZIP" - .SH NAME - unzip \- list, test and extract compressed files in a ZIP archive - .PD -@@ -34,7 +34,7 @@ unzip \- list, test and extract compressed files in a ZIP archive - \fIunzip\fP will list, test, or extract files from a ZIP archive, commonly - found on MS-DOS systems. The default behavior (with no options) is to extract - into the current directory (and subdirectories below it) all files from the --specified ZIP archive. A companion program, \fIzip\fP(1L), creates ZIP -+specified ZIP archive. A companion program, \fIzip\fP(1), creates ZIP - archives; both programs are compatible with archives created by PKWARE's - \fIPKZIP\fP and \fIPKUNZIP\fP for MS-DOS, but in many cases the program - options or default behaviors differ. -@@ -105,8 +105,8 @@ only a reminder of the basic \fIunzip\fP syntax rather than an exhaustive - list of all possible flags. The exhaustive list follows: - .TP - .B \-Z --\fIzipinfo\fP(1L) mode. If the first option on the command line is \fB\-Z\fP, --the remaining options are taken to be \fIzipinfo\fP(1L) options. See the -+\fIzipinfo\fP(1) mode. If the first option on the command line is \fB\-Z\fP, -+the remaining options are taken to be \fIzipinfo\fP(1) options. See the - appropriate manual page for a description of these options. - .TP - .B \-A -@@ -178,7 +178,7 @@ encrypted entries from the compressed size numbers. Therefore, - compressed size and compression ratio figures are independent of the entry's - encryption status and show the correct compression performance. (The complete - size of the encrypted compressed data stream for zipfile entries is reported --by the more verbose \fIzipinfo\fP(1L) reports, see the separate manual.) -+by the more verbose \fIzipinfo\fP(1) reports, see the separate manual.) - When no zipfile is specified (that is, the complete command is simply - ``\fCunzip \-v\fR''), a diagnostic screen is printed. In addition to - the normal header with release date and version, \fIunzip\fP lists the -@@ -379,8 +379,8 @@ file, skip extraction of all existing files, or rename the current file. - .TP - .B \-N - [Amiga] extract file comments as Amiga filenotes. File comments are created --with the \-c option of \fIzip\fP(1L), or with the \-N option of the Amiga port --of \fIzip\fP(1L), which stores filenotes as comments. -+with the \-c option of \fIzip\fP(1), or with the \-N option of the Amiga port -+of \fIzip\fP(1), which stores filenotes as comments. - .TP - .B \-o - overwrite existing files without prompting. This is a dangerous option, so -@@ -598,7 +598,7 @@ Unix \fInice\fP(1). - As suggested by the examples above, the default variable names are UNZIP_OPTS - for VMS (where the symbol used to install \fIunzip\fP as a foreign command - would otherwise be confused with the environment variable), and UNZIP --for all other operating systems. For compatibility with \fIzip\fP(1L), -+for all other operating systems. For compatibility with \fIzip\fP(1), - UNZIPOPT is also accepted (don't ask). If both UNZIP and UNZIPOPT - are defined, however, UNZIP takes precedence. \fIunzip\fP's diagnostic - option (\fB\-v\fP with no zipfile name) can be used to check the values -@@ -648,8 +648,8 @@ prompt for another password, and so on until all files are extracted. If - a password is not known, entering a null password (that is, just a carriage - return or ``Enter'') is taken as a signal to skip all further prompting. - Only unencrypted files in the archive(s) will thereafter be extracted. (In --fact, that's not quite true; older versions of \fIzip\fP(1L) and --\fIzipcloak\fP(1L) allowed null passwords, so \fIunzip\fP checks each encrypted -+fact, that's not quite true; older versions of \fIzip\fP(1) and -+\fIzipcloak\fP(1) allowed null passwords, so \fIunzip\fP checks each encrypted - file to see if the null password works. This may result in ``false positives'' - and extraction errors, as noted above.) - .PP -@@ -943,8 +943,8 @@ deleted. - .PD - .\" ========================================================================= - .SH "SEE ALSO" --\fIfunzip\fP(1L), \fIzip\fP(1L), \fIzipcloak\fP(1L), \fIzipgrep\fP(1L), --\fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) -+\fIfunzip\fP(1), \fIzip\fP(1), \fIzipcloak\fP(1), \fIzipgrep\fP(1), -+\fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) - .PD - .\" ========================================================================= - .SH URL -diff --git a/man/unzipsfx.1 b/man/unzipsfx.1 -index d9a0e59..533711f 100644 ---- a/man/unzipsfx.1 -+++ b/man/unzipsfx.1 -@@ -20,7 +20,7 @@ - .in -4n - .. - .\" ========================================================================= --.TH UNZIPSFX 1L "20 April 2009 (v6.0)" "Info-ZIP" -+.TH UNZIPSFX 1 "20 April 2009 (v6.0)" "Info-ZIP" - .SH NAME - unzipsfx \- self-extracting stub for prepending to ZIP archives - .PD -@@ -30,7 +30,7 @@ unzipsfx \- self-extracting stub for prepending to ZIP archives - .PD - .\" ========================================================================= - .SH DESCRIPTION --\fIunzipsfx\fP is a modified version of \fIunzip\fP(1L) designed to be -+\fIunzipsfx\fP is a modified version of \fIunzip\fP(1) designed to be - prepended to existing ZIP archives in order to form self-extracting archives. - Instead of taking its first non-flag argument to be the zipfile(s) to be - extracted, \fIunzipsfx\fP seeks itself under the name by which it was invoked -@@ -109,7 +109,7 @@ literal subdirectory ``\fB~\fP'' of the current directory. - .PD - .\" ========================================================================= - .SH OPTIONS --\fIunzipsfx\fP supports the following \fIunzip\fP(1L) options: \fB\-c\fP -+\fIunzipsfx\fP supports the following \fIunzip\fP(1) options: \fB\-c\fP - and \fB\-p\fP (extract to standard output/screen), \fB\-f\fP and \fB\-u\fP - (freshen and update existing files upon extraction), \fB\-t\fP (test - archive) and \fB\-z\fP (print archive comment). All normal listing options -@@ -118,11 +118,11 @@ option (\fB\-t\fP) may be used as a ``poor man's'' listing. Alternatively, - those creating self-extracting archives may wish to include a short listing - in the zipfile comment. - .PP --See \fIunzip\fP(1L) for a more complete description of these options. -+See \fIunzip\fP(1) for a more complete description of these options. - .PD - .\" ========================================================================= - .SH MODIFIERS --\fIunzipsfx\fP currently supports all \fIunzip\fP(1L) modifiers: \fB\-a\fP -+\fIunzipsfx\fP currently supports all \fIunzip\fP(1) modifiers: \fB\-a\fP - (convert text files), \fB\-n\fP (never overwrite), \fB\-o\fP (overwrite - without prompting), \fB\-q\fP (operate quietly), \fB\-C\fP (match names - case-insensitively), \fB\-L\fP (convert uppercase-OS names to lowercase), -@@ -137,18 +137,18 @@ files have the appropriate format for the local OS. EBCDIC conversion will - of course continue to be supported since the zipfile format implies ASCII - storage of text files.) - .PP --See \fIunzip\fP(1L) for a more complete description of these modifiers. -+See \fIunzip\fP(1) for a more complete description of these modifiers. - .PD - .\" ========================================================================= - .SH "ENVIRONMENT OPTIONS" --\fIunzipsfx\fP uses the same environment variables as \fIunzip\fP(1L) does, -+\fIunzipsfx\fP uses the same environment variables as \fIunzip\fP(1) does, - although this is likely to be an issue only for the person creating and --testing the self-extracting archive. See \fIunzip\fP(1L) for details. -+testing the self-extracting archive. See \fIunzip\fP(1) for details. - .PD - .\" ========================================================================= - .SH DECRYPTION --Decryption is supported exactly as in \fIunzip\fP(1L); that is, interactively --with a non-echoing prompt for the password(s). See \fIunzip\fP(1L) for -+Decryption is supported exactly as in \fIunzip\fP(1); that is, interactively -+with a non-echoing prompt for the password(s). See \fIunzip\fP(1) for - details. Once again, note that if the archive has no encrypted files there - is no reason to use a version of \fIunzipsfx\fP with decryption support; - that only adds to the size of the archive. -@@ -286,7 +286,7 @@ available that provide the full path name, so the archive may be invoked - from anywhere in the user's path. The situation is not known for AmigaDOS, - Atari TOS, MacOS, etc. - .PP --As noted above, a number of the normal \fIunzip\fP(1L) functions have -+As noted above, a number of the normal \fIunzip\fP(1) functions have - been removed in order to make \fIunzipsfx\fP smaller: usage and diagnostic - info, listing functions and extraction to other directories. Also, only - stored and deflated files are supported. The latter limitation is mainly -@@ -303,17 +303,17 @@ does not work. (For technically oriented users, the attached archive is - defined as a ``debug hunk.'') There may be compatibility problems between - the ROM levels of older Amigas and newer ones. - .PP --All current bugs in \fIunzip\fP(1L) exist in \fIunzipsfx\fP as well. -+All current bugs in \fIunzip\fP(1) exist in \fIunzipsfx\fP as well. - .PD - .\" ========================================================================= - .SH DIAGNOSTICS - \fIunzipsfx\fP's exit status (error level) is identical to that of --\fIunzip\fP(1L); see the corresponding man page. -+\fIunzip\fP(1); see the corresponding man page. - .PD - .\" ========================================================================= - .SH "SEE ALSO" --\fIfunzip\fP(1L), \fIunzip\fP(1L), \fIzip\fP(1L), \fIzipcloak\fP(1L), --\fIzipgrep\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) -+\fIfunzip\fP(1), \fIunzip\fP(1), \fIzip\fP(1), \fIzipcloak\fP(1), -+\fIzipgrep\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) - .PD - .PD - .\" ========================================================================= -@@ -330,7 +330,7 @@ or - .\" ========================================================================= - .SH AUTHORS - Greg Roelofs was responsible for the basic modifications to UnZip necessary --to create UnZipSFX. See \fIunzip\fP(1L) for the current list of Zip-Bugs -+to create UnZipSFX. See \fIunzip\fP(1) for the current list of Zip-Bugs - authors, or the file CONTRIBS in the UnZip source distribution for the - full list of Info-ZIP contributors. - .PD -diff --git a/man/zipgrep.1 b/man/zipgrep.1 -index dad83f8..252fcae 100644 ---- a/man/zipgrep.1 -+++ b/man/zipgrep.1 -@@ -8,7 +8,7 @@ - .\" zipgrep.1 by Greg Roelofs. - .\" - .\" ========================================================================= --.TH ZIPGREP 1L "20 April 2009" "Info-ZIP" -+.TH ZIPGREP 1 "20 April 2009" "Info-ZIP" - .SH NAME - zipgrep \- search files in a ZIP archive for lines matching a pattern - .PD -@@ -21,7 +21,7 @@ zipgrep \- search files in a ZIP archive for lines matching a pattern - .SH DESCRIPTION - \fIzipgrep\fP will search files within a ZIP archive for lines matching - the given string or pattern. \fIzipgrep\fP is a shell script and requires --\fIegrep\fP(1) and \fIunzip\fP(1L) to function. Its output is identical to -+\fIegrep\fP(1) and \fIunzip\fP(1) to function. Its output is identical to - that of \fIegrep\fP(1). - .PD - .\" ========================================================================= -@@ -69,8 +69,8 @@ All options prior to the ZIP archive filename are passed to \fIegrep\fP(1). - .PD - .\" ========================================================================= - .SH "SEE ALSO" --\fIegrep\fP(1), \fIunzip\fP(1L), \fIzip\fP(1L), \fIfunzip\fP(1L), --\fIzipcloak\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) -+\fIegrep\fP(1), \fIunzip\fP(1), \fIzip\fP(1), \fIfunzip\fP(1), -+\fIzipcloak\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) - .PD - .\" ========================================================================= - .SH URL -diff --git a/man/zipinfo.1 b/man/zipinfo.1 -index 428e4b9..22d1fa2 100644 ---- a/man/zipinfo.1 -+++ b/man/zipinfo.1 -@@ -34,7 +34,7 @@ - .in -4n - .. - .\" ========================================================================= --.TH ZIPINFO 1L "20 April 2009 (v3.0)" "Info-ZIP" -+.TH ZIPINFO 1 "20 April 2009 (v3.0)" "Info-ZIP" - .SH NAME - zipinfo \- list detailed information about a ZIP archive - .PD -@@ -272,7 +272,7 @@ format: - Note that because of limitations in the MS-DOS format used to store file - times, the seconds field is always rounded to the nearest even second. - For Unix files this is expected to change in the next major releases of --\fIzip\fP(1L) and \fIunzip\fP. -+\fIzip\fP(1) and \fIunzip\fP. - .PP - In addition to individual file information, a default zipfile listing - also includes header and trailer lines: -@@ -361,7 +361,7 @@ of the Unix command \fInice\fP(1). - As suggested above, the default variable names are ZIPINFO_OPTS for VMS - (where the symbol used to install \fIzipinfo\fP as a foreign command - would otherwise be confused with the environment variable), and ZIPINFO --for all other operating systems. For compatibility with \fIzip\fP(1L), -+for all other operating systems. For compatibility with \fIzip\fP(1), - ZIPINFOOPT is also accepted (don't ask). If both ZIPINFO and ZIPINFOOPT - are defined, however, ZIPINFO takes precedence. \fIunzip\fP's diagnostic - option (\fB\-v\fP with no zipfile name) can be used to check the values -@@ -496,8 +496,8 @@ be simplified. (This is not to say that it will be.) - .PP - .\" ========================================================================= - .SH "SEE ALSO" --\fIls\fP(1), \fIfunzip\fP(1L), \fIunzip\fP(1L), \fIunzipsfx\fP(1L), --\fIzip\fP(1L), \fIzipcloak\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) -+\fIls\fP(1), \fIfunzip\fP(1), \fIunzip\fP(1), \fIunzipsfx\fP(1), -+\fIzip\fP(1), \fIzipcloak\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) - .PD - .\" ========================================================================= - .SH URL --- -2.8.1 -diff --git a/pkg/unzip/patch/0001-In-Debian-manpages-are-in-section-1-not-in-section-1.patch b/pkg/unzip/patch/0001-In-Debian-manpages-are-in-section-1-not-in-section-1.patch@@ -0,0 +1,317 @@ +From 85238f823da4858625f482c696f48e460ba27625 Mon Sep 17 00:00:00 2001 +From: Santiago Vila <sanvila@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] In Debian, manpages are in section 1, not in section 1L + +--- + man/funzip.1 | 8 ++++---- + man/unzip.1 | 24 ++++++++++++------------ + man/unzipsfx.1 | 32 ++++++++++++++++---------------- + man/zipgrep.1 | 8 ++++---- + man/zipinfo.1 | 10 +++++----- + 5 files changed, 41 insertions(+), 41 deletions(-) + +diff --git a/man/funzip.1 b/man/funzip.1 +index 30206e4..a9b4195 100644 +--- a/man/funzip.1 ++++ b/man/funzip.1 +@@ -20,7 +20,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH FUNZIP 1L "20 April 2009 (v3.95)" "Info-ZIP" ++.TH FUNZIP 1 "20 April 2009 (v3.95)" "Info-ZIP" + .SH NAME + funzip \- filter for extracting from a ZIP archive in a pipe + .PD +@@ -78,7 +78,7 @@ funzip test.zip > /dev/null + .EE + .PP + To use \fIzip\fP and \fIfunzip\fP in place of \fIcompress\fP(1) and +-\fIzcat\fP(1) (or \fIgzip\fP(1L) and \fIgzcat\fP(1L)) for tape backups: ++\fIzcat\fP(1) (or \fIgzip\fP(1) and \fIgzcat\fP(1)) for tape backups: + .PP + .EX + tar cf \- . | zip \-7 | dd of=/dev/nrst0 obs=8k +@@ -108,8 +108,8 @@ itself (future release). + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIgzip\fP(1L), \fIunzip\fP(1L), \fIunzipsfx\fP(1L), \fIzip\fP(1L), +-\fIzipcloak\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIgzip\fP(1), \fIunzip\fP(1), \fIunzipsfx\fP(1), \fIzip\fP(1), ++\fIzipcloak\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +diff --git a/man/unzip.1 b/man/unzip.1 +index 75a7060..eee43a9 100644 +--- a/man/unzip.1 ++++ b/man/unzip.1 +@@ -20,7 +20,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH UNZIP 1L "20 April 2009 (v6.0)" "Info-ZIP" ++.TH UNZIP 1 "20 April 2009 (v6.0)" "Info-ZIP" + .SH NAME + unzip \- list, test and extract compressed files in a ZIP archive + .PD +@@ -34,7 +34,7 @@ unzip \- list, test and extract compressed files in a ZIP archive + \fIunzip\fP will list, test, or extract files from a ZIP archive, commonly + found on MS-DOS systems. The default behavior (with no options) is to extract + into the current directory (and subdirectories below it) all files from the +-specified ZIP archive. A companion program, \fIzip\fP(1L), creates ZIP ++specified ZIP archive. A companion program, \fIzip\fP(1), creates ZIP + archives; both programs are compatible with archives created by PKWARE's + \fIPKZIP\fP and \fIPKUNZIP\fP for MS-DOS, but in many cases the program + options or default behaviors differ. +@@ -105,8 +105,8 @@ only a reminder of the basic \fIunzip\fP syntax rather than an exhaustive + list of all possible flags. The exhaustive list follows: + .TP + .B \-Z +-\fIzipinfo\fP(1L) mode. If the first option on the command line is \fB\-Z\fP, +-the remaining options are taken to be \fIzipinfo\fP(1L) options. See the ++\fIzipinfo\fP(1) mode. If the first option on the command line is \fB\-Z\fP, ++the remaining options are taken to be \fIzipinfo\fP(1) options. See the + appropriate manual page for a description of these options. + .TP + .B \-A +@@ -178,7 +178,7 @@ encrypted entries from the compressed size numbers. Therefore, + compressed size and compression ratio figures are independent of the entry's + encryption status and show the correct compression performance. (The complete + size of the encrypted compressed data stream for zipfile entries is reported +-by the more verbose \fIzipinfo\fP(1L) reports, see the separate manual.) ++by the more verbose \fIzipinfo\fP(1) reports, see the separate manual.) + When no zipfile is specified (that is, the complete command is simply + ``\fCunzip \-v\fR''), a diagnostic screen is printed. In addition to + the normal header with release date and version, \fIunzip\fP lists the +@@ -379,8 +379,8 @@ file, skip extraction of all existing files, or rename the current file. + .TP + .B \-N + [Amiga] extract file comments as Amiga filenotes. File comments are created +-with the \-c option of \fIzip\fP(1L), or with the \-N option of the Amiga port +-of \fIzip\fP(1L), which stores filenotes as comments. ++with the \-c option of \fIzip\fP(1), or with the \-N option of the Amiga port ++of \fIzip\fP(1), which stores filenotes as comments. + .TP + .B \-o + overwrite existing files without prompting. This is a dangerous option, so +@@ -598,7 +598,7 @@ Unix \fInice\fP(1). + As suggested by the examples above, the default variable names are UNZIP_OPTS + for VMS (where the symbol used to install \fIunzip\fP as a foreign command + would otherwise be confused with the environment variable), and UNZIP +-for all other operating systems. For compatibility with \fIzip\fP(1L), ++for all other operating systems. For compatibility with \fIzip\fP(1), + UNZIPOPT is also accepted (don't ask). If both UNZIP and UNZIPOPT + are defined, however, UNZIP takes precedence. \fIunzip\fP's diagnostic + option (\fB\-v\fP with no zipfile name) can be used to check the values +@@ -648,8 +648,8 @@ prompt for another password, and so on until all files are extracted. If + a password is not known, entering a null password (that is, just a carriage + return or ``Enter'') is taken as a signal to skip all further prompting. + Only unencrypted files in the archive(s) will thereafter be extracted. (In +-fact, that's not quite true; older versions of \fIzip\fP(1L) and +-\fIzipcloak\fP(1L) allowed null passwords, so \fIunzip\fP checks each encrypted ++fact, that's not quite true; older versions of \fIzip\fP(1) and ++\fIzipcloak\fP(1) allowed null passwords, so \fIunzip\fP checks each encrypted + file to see if the null password works. This may result in ``false positives'' + and extraction errors, as noted above.) + .PP +@@ -943,8 +943,8 @@ deleted. + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIfunzip\fP(1L), \fIzip\fP(1L), \fIzipcloak\fP(1L), \fIzipgrep\fP(1L), +-\fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIfunzip\fP(1), \fIzip\fP(1), \fIzipcloak\fP(1), \fIzipgrep\fP(1), ++\fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +diff --git a/man/unzipsfx.1 b/man/unzipsfx.1 +index d9a0e59..533711f 100644 +--- a/man/unzipsfx.1 ++++ b/man/unzipsfx.1 +@@ -20,7 +20,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH UNZIPSFX 1L "20 April 2009 (v6.0)" "Info-ZIP" ++.TH UNZIPSFX 1 "20 April 2009 (v6.0)" "Info-ZIP" + .SH NAME + unzipsfx \- self-extracting stub for prepending to ZIP archives + .PD +@@ -30,7 +30,7 @@ unzipsfx \- self-extracting stub for prepending to ZIP archives + .PD + .\" ========================================================================= + .SH DESCRIPTION +-\fIunzipsfx\fP is a modified version of \fIunzip\fP(1L) designed to be ++\fIunzipsfx\fP is a modified version of \fIunzip\fP(1) designed to be + prepended to existing ZIP archives in order to form self-extracting archives. + Instead of taking its first non-flag argument to be the zipfile(s) to be + extracted, \fIunzipsfx\fP seeks itself under the name by which it was invoked +@@ -109,7 +109,7 @@ literal subdirectory ``\fB~\fP'' of the current directory. + .PD + .\" ========================================================================= + .SH OPTIONS +-\fIunzipsfx\fP supports the following \fIunzip\fP(1L) options: \fB\-c\fP ++\fIunzipsfx\fP supports the following \fIunzip\fP(1) options: \fB\-c\fP + and \fB\-p\fP (extract to standard output/screen), \fB\-f\fP and \fB\-u\fP + (freshen and update existing files upon extraction), \fB\-t\fP (test + archive) and \fB\-z\fP (print archive comment). All normal listing options +@@ -118,11 +118,11 @@ option (\fB\-t\fP) may be used as a ``poor man's'' listing. Alternatively, + those creating self-extracting archives may wish to include a short listing + in the zipfile comment. + .PP +-See \fIunzip\fP(1L) for a more complete description of these options. ++See \fIunzip\fP(1) for a more complete description of these options. + .PD + .\" ========================================================================= + .SH MODIFIERS +-\fIunzipsfx\fP currently supports all \fIunzip\fP(1L) modifiers: \fB\-a\fP ++\fIunzipsfx\fP currently supports all \fIunzip\fP(1) modifiers: \fB\-a\fP + (convert text files), \fB\-n\fP (never overwrite), \fB\-o\fP (overwrite + without prompting), \fB\-q\fP (operate quietly), \fB\-C\fP (match names + case-insensitively), \fB\-L\fP (convert uppercase-OS names to lowercase), +@@ -137,18 +137,18 @@ files have the appropriate format for the local OS. EBCDIC conversion will + of course continue to be supported since the zipfile format implies ASCII + storage of text files.) + .PP +-See \fIunzip\fP(1L) for a more complete description of these modifiers. ++See \fIunzip\fP(1) for a more complete description of these modifiers. + .PD + .\" ========================================================================= + .SH "ENVIRONMENT OPTIONS" +-\fIunzipsfx\fP uses the same environment variables as \fIunzip\fP(1L) does, ++\fIunzipsfx\fP uses the same environment variables as \fIunzip\fP(1) does, + although this is likely to be an issue only for the person creating and +-testing the self-extracting archive. See \fIunzip\fP(1L) for details. ++testing the self-extracting archive. See \fIunzip\fP(1) for details. + .PD + .\" ========================================================================= + .SH DECRYPTION +-Decryption is supported exactly as in \fIunzip\fP(1L); that is, interactively +-with a non-echoing prompt for the password(s). See \fIunzip\fP(1L) for ++Decryption is supported exactly as in \fIunzip\fP(1); that is, interactively ++with a non-echoing prompt for the password(s). See \fIunzip\fP(1) for + details. Once again, note that if the archive has no encrypted files there + is no reason to use a version of \fIunzipsfx\fP with decryption support; + that only adds to the size of the archive. +@@ -286,7 +286,7 @@ available that provide the full path name, so the archive may be invoked + from anywhere in the user's path. The situation is not known for AmigaDOS, + Atari TOS, MacOS, etc. + .PP +-As noted above, a number of the normal \fIunzip\fP(1L) functions have ++As noted above, a number of the normal \fIunzip\fP(1) functions have + been removed in order to make \fIunzipsfx\fP smaller: usage and diagnostic + info, listing functions and extraction to other directories. Also, only + stored and deflated files are supported. The latter limitation is mainly +@@ -303,17 +303,17 @@ does not work. (For technically oriented users, the attached archive is + defined as a ``debug hunk.'') There may be compatibility problems between + the ROM levels of older Amigas and newer ones. + .PP +-All current bugs in \fIunzip\fP(1L) exist in \fIunzipsfx\fP as well. ++All current bugs in \fIunzip\fP(1) exist in \fIunzipsfx\fP as well. + .PD + .\" ========================================================================= + .SH DIAGNOSTICS + \fIunzipsfx\fP's exit status (error level) is identical to that of +-\fIunzip\fP(1L); see the corresponding man page. ++\fIunzip\fP(1); see the corresponding man page. + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIfunzip\fP(1L), \fIunzip\fP(1L), \fIzip\fP(1L), \fIzipcloak\fP(1L), +-\fIzipgrep\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIfunzip\fP(1), \fIunzip\fP(1), \fIzip\fP(1), \fIzipcloak\fP(1), ++\fIzipgrep\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .PD + .\" ========================================================================= +@@ -330,7 +330,7 @@ or + .\" ========================================================================= + .SH AUTHORS + Greg Roelofs was responsible for the basic modifications to UnZip necessary +-to create UnZipSFX. See \fIunzip\fP(1L) for the current list of Zip-Bugs ++to create UnZipSFX. See \fIunzip\fP(1) for the current list of Zip-Bugs + authors, or the file CONTRIBS in the UnZip source distribution for the + full list of Info-ZIP contributors. + .PD +diff --git a/man/zipgrep.1 b/man/zipgrep.1 +index dad83f8..252fcae 100644 +--- a/man/zipgrep.1 ++++ b/man/zipgrep.1 +@@ -8,7 +8,7 @@ + .\" zipgrep.1 by Greg Roelofs. + .\" + .\" ========================================================================= +-.TH ZIPGREP 1L "20 April 2009" "Info-ZIP" ++.TH ZIPGREP 1 "20 April 2009" "Info-ZIP" + .SH NAME + zipgrep \- search files in a ZIP archive for lines matching a pattern + .PD +@@ -21,7 +21,7 @@ zipgrep \- search files in a ZIP archive for lines matching a pattern + .SH DESCRIPTION + \fIzipgrep\fP will search files within a ZIP archive for lines matching + the given string or pattern. \fIzipgrep\fP is a shell script and requires +-\fIegrep\fP(1) and \fIunzip\fP(1L) to function. Its output is identical to ++\fIegrep\fP(1) and \fIunzip\fP(1) to function. Its output is identical to + that of \fIegrep\fP(1). + .PD + .\" ========================================================================= +@@ -69,8 +69,8 @@ All options prior to the ZIP archive filename are passed to \fIegrep\fP(1). + .PD + .\" ========================================================================= + .SH "SEE ALSO" +-\fIegrep\fP(1), \fIunzip\fP(1L), \fIzip\fP(1L), \fIfunzip\fP(1L), +-\fIzipcloak\fP(1L), \fIzipinfo\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIegrep\fP(1), \fIunzip\fP(1), \fIzip\fP(1), \fIfunzip\fP(1), ++\fIzipcloak\fP(1), \fIzipinfo\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +diff --git a/man/zipinfo.1 b/man/zipinfo.1 +index 428e4b9..22d1fa2 100644 +--- a/man/zipinfo.1 ++++ b/man/zipinfo.1 +@@ -34,7 +34,7 @@ + .in -4n + .. + .\" ========================================================================= +-.TH ZIPINFO 1L "20 April 2009 (v3.0)" "Info-ZIP" ++.TH ZIPINFO 1 "20 April 2009 (v3.0)" "Info-ZIP" + .SH NAME + zipinfo \- list detailed information about a ZIP archive + .PD +@@ -272,7 +272,7 @@ format: + Note that because of limitations in the MS-DOS format used to store file + times, the seconds field is always rounded to the nearest even second. + For Unix files this is expected to change in the next major releases of +-\fIzip\fP(1L) and \fIunzip\fP. ++\fIzip\fP(1) and \fIunzip\fP. + .PP + In addition to individual file information, a default zipfile listing + also includes header and trailer lines: +@@ -361,7 +361,7 @@ of the Unix command \fInice\fP(1). + As suggested above, the default variable names are ZIPINFO_OPTS for VMS + (where the symbol used to install \fIzipinfo\fP as a foreign command + would otherwise be confused with the environment variable), and ZIPINFO +-for all other operating systems. For compatibility with \fIzip\fP(1L), ++for all other operating systems. For compatibility with \fIzip\fP(1), + ZIPINFOOPT is also accepted (don't ask). If both ZIPINFO and ZIPINFOOPT + are defined, however, ZIPINFO takes precedence. \fIunzip\fP's diagnostic + option (\fB\-v\fP with no zipfile name) can be used to check the values +@@ -496,8 +496,8 @@ be simplified. (This is not to say that it will be.) + .PP + .\" ========================================================================= + .SH "SEE ALSO" +-\fIls\fP(1), \fIfunzip\fP(1L), \fIunzip\fP(1L), \fIunzipsfx\fP(1L), +-\fIzip\fP(1L), \fIzipcloak\fP(1L), \fIzipnote\fP(1L), \fIzipsplit\fP(1L) ++\fIls\fP(1), \fIfunzip\fP(1), \fIunzip\fP(1), \fIunzipsfx\fP(1), ++\fIzip\fP(1), \fIzipcloak\fP(1), \fIzipnote\fP(1), \fIzipsplit\fP(1) + .PD + .\" ========================================================================= + .SH URL +-- +2.20.1 +diff --git a/pkg/unzip/patch/0002-Branding-patch-UnZip-by-Debian.-Original-by-Info-ZIP.patch b/pkg/unzip/patch/0002-Branding-patch-UnZip-by-Debian.-Original-by-Info-ZIP.patch@@ -0,0 +1,26 @@ +From 2561e7b7057dcca65b1ff2d5d2e12b4a1ba254fe Mon Sep 17 00:00:00 2001 +From: Santiago Vila <sanvila@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] "Branding patch": UnZip by Debian. Original by Info-ZIP. + +--- + unzip.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/unzip.c b/unzip.c +index 8dbfc95..1abaccb 100644 +--- a/unzip.c ++++ b/unzip.c +@@ -570,8 +570,7 @@ Send bug reports using //www.info-zip.org/zip-bug.html; see README for details.\ + #else /* !VMS */ + # ifdef COPYRIGHT_CLEAN + static ZCONST char Far UnzipUsageLine1[] = "\ +-UnZip %d.%d%d%s of %s, by Info-ZIP. Maintained by C. Spieler. Send\n\ +-bug reports using http://www.info-zip.org/zip-bug.html; see README for details.\ ++UnZip %d.%d%d%s of %s, by Debian. Original by Info-ZIP.\ + \n\n"; + # else + static ZCONST char Far UnzipUsageLine1[] = "\ +-- +2.20.1 +diff --git a/pkg/unzip/patch/0002-Handle-the-PKWare-verification-bit-of-internal-attri.patch b/pkg/unzip/patch/0002-Handle-the-PKWare-verification-bit-of-internal-attri.patch@@ -1,32 +0,0 @@ -From 4a125f29b8d313456ad91ab6694d84db7d1685da Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:41:39 -0700 -Subject: [PATCH] Handle the PKWare verification bit of internal attributes - -From 04-handle-pkware-verification-bit in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - process.c | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/process.c b/process.c -index 1e9a1e1..ed314e1 100644 ---- a/process.c -+++ b/process.c -@@ -1729,6 +1729,13 @@ int process_cdir_file_hdr(__G) /* return PK-type error code */ - else if (uO.L_flag > 1) /* let -LL force lower case for all names */ - G.pInfo->lcflag = 1; - -+ /* Handle the PKWare verification bit, bit 2 (0x0004) of internal -+ attributes. If this is set, then a verification checksum is in the -+ first 3 bytes of the external attributes. In this case all we can use -+ for setting file attributes is the last external attributes byte. */ -+ if (G.crec.internal_file_attributes & 0x0004) -+ G.crec.external_file_attributes &= (ulg)0xff; -+ - /* do Amigas (AMIGA_) also have volume labels? */ - if (IS_VOLID(G.crec.external_file_attributes) && - (G.pInfo->hostnum == FS_FAT_ || G.pInfo->hostnum == FS_HPFS_ || --- -2.8.1 -diff --git a/pkg/unzip/patch/0003-Restore-uid-and-gid-information-when-requested.patch b/pkg/unzip/patch/0003-Restore-uid-and-gid-information-when-requested.patch@@ -1,39 +0,0 @@ -From a32a7b300ba2a8df9468a2c029c3a8d20971e823 Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:41:43 -0700 -Subject: [PATCH] Restore uid and gid information when requested - -From 05-fix-uid-gid-handling in unzip_6.0-16+deb8u2.debian.tar.xz. ---- - process.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/process.c b/process.c -index ed314e1..df58d28 100644 ---- a/process.c -+++ b/process.c -@@ -2904,7 +2904,7 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, - #ifdef IZ_HAVE_UXUIDGID - if (eb_len >= EB_UX3_MINLEN - && z_uidgid != NULL -- && (*((EB_HEADSIZE + 0) + ef_buf) == 1) -+ && (*((EB_HEADSIZE + 0) + ef_buf) == 1)) - /* only know about version 1 */ - { - uch uid_size; -@@ -2916,10 +2916,10 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, - flags &= ~0x0ff; /* ignore any previous UNIX field */ - - if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, -- uid_size, z_uidgid[0]) -+ uid_size, &z_uidgid[0]) - && - read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf, -- gid_size, z_uidgid[1]) ) -+ gid_size, &z_uidgid[1]) ) - { - flags |= EB_UX2_VALID; /* signal success */ - } --- -2.8.1 -diff --git a/pkg/unzip/patch/0003-include-unistd.h-for-kFreeBSD.patch b/pkg/unzip/patch/0003-include-unistd.h-for-kFreeBSD.patch@@ -0,0 +1,24 @@ +From d27f3482cf46603d05d46bbc290ce6bb0f7ff210 Mon Sep 17 00:00:00 2001 +From: Aurelien Jarno <aurel32@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] #include <unistd.h> for kFreeBSD + +--- + unix/unxcfg.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/unix/unxcfg.h b/unix/unxcfg.h +index e39b283..c98c3b9 100644 +--- a/unix/unxcfg.h ++++ b/unix/unxcfg.h +@@ -52,6 +52,7 @@ + + #include <sys/types.h> /* off_t, time_t, dev_t, ... */ + #include <sys/stat.h> ++#include <unistd.h> + + #ifdef NO_OFF_T + typedef long zoff_t; +-- +2.20.1 +diff --git a/pkg/unzip/patch/0004-Handle-the-PKWare-verification-bit-of-internal-attri.patch b/pkg/unzip/patch/0004-Handle-the-PKWare-verification-bit-of-internal-attri.patch@@ -0,0 +1,30 @@ +From af50c278c5b2c57a76771825a80ca3ff9d315acd Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Handle the PKWare verification bit of internal attributes + +--- + process.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/process.c b/process.c +index 1e9a1e1..ed314e1 100644 +--- a/process.c ++++ b/process.c +@@ -1729,6 +1729,13 @@ int process_cdir_file_hdr(__G) /* return PK-type error code */ + else if (uO.L_flag > 1) /* let -LL force lower case for all names */ + G.pInfo->lcflag = 1; + ++ /* Handle the PKWare verification bit, bit 2 (0x0004) of internal ++ attributes. If this is set, then a verification checksum is in the ++ first 3 bytes of the external attributes. In this case all we can use ++ for setting file attributes is the last external attributes byte. */ ++ if (G.crec.internal_file_attributes & 0x0004) ++ G.crec.external_file_attributes &= (ulg)0xff; ++ + /* do Amigas (AMIGA_) also have volume labels? */ + if (IS_VOLID(G.crec.external_file_attributes) && + (G.pInfo->hostnum == FS_FAT_ || G.pInfo->hostnum == FS_HPFS_ || +-- +2.20.1 +diff --git a/pkg/unzip/patch/0004-Initialize-the-symlink-flag.patch b/pkg/unzip/patch/0004-Initialize-the-symlink-flag.patch@@ -1,31 +0,0 @@ -From 6e7edd8d5093795a96a80e36b7c019de3f637cc8 Mon Sep 17 00:00:00 2001 -From: Andreas Schwab <schwab@linux-m68k.org> -Date: Thu, 16 Jun 2016 22:41:53 -0700 -Subject: [PATCH] Initialize the symlink flag - -From 06-initialize-the-symlink-flag in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - process.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/process.c b/process.c -index df58d28..3228bde 100644 ---- a/process.c -+++ b/process.c -@@ -1758,6 +1758,12 @@ int process_cdir_file_hdr(__G) /* return PK-type error code */ - = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); - #endif - -+#ifdef SYMLINKS -+ /* Initialize the symlink flag, may be set by the platform-specific -+ mapattr function. */ -+ G.pInfo->symlink = 0; -+#endif -+ - return PK_COOL; - - } /* end function process_cdir_file_hdr() */ --- -2.8.1 -diff --git a/pkg/unzip/patch/0005-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch b/pkg/unzip/patch/0005-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch@@ -1,27 +0,0 @@ -From 638801fa4a9ffb16839d6dd42e70afc3e989e510 Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:41:56 -0700 -Subject: [PATCH] Increase size of cfactorstr array to avoid buffer overflow - -From 07-increase-size-of-cfactorstr in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - list.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/list.c b/list.c -index 15e0011..5de41e5 100644 ---- a/list.c -+++ b/list.c -@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ - { - int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; - #ifndef WINDLL -- char sgn, cfactorstr[10]; -+ char sgn, cfactorstr[12]; - int longhdr=(uO.vflag>1); - #endif - int date_format; --- -2.8.1 -diff --git a/pkg/unzip/patch/0005-Restore-uid-and-gid-information-when-requested.patch b/pkg/unzip/patch/0005-Restore-uid-and-gid-information-when-requested.patch@@ -0,0 +1,38 @@ +From 8e82b2116b190c9dd4ef2b56e1282ca2c6e30b62 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Restore uid and gid information when requested + +--- + process.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/process.c b/process.c +index ed314e1..df58d28 100644 +--- a/process.c ++++ b/process.c +@@ -2904,7 +2904,7 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + #ifdef IZ_HAVE_UXUIDGID + if (eb_len >= EB_UX3_MINLEN + && z_uidgid != NULL +- && (*((EB_HEADSIZE + 0) + ef_buf) == 1) ++ && (*((EB_HEADSIZE + 0) + ef_buf) == 1)) + /* only know about version 1 */ + { + uch uid_size; +@@ -2916,10 +2916,10 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + flags &= ~0x0ff; /* ignore any previous UNIX field */ + + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, +- uid_size, z_uidgid[0]) ++ uid_size, &z_uidgid[0]) + && + read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf, +- gid_size, z_uidgid[1]) ) ++ gid_size, &z_uidgid[1]) ) + { + flags |= EB_UX2_VALID; /* signal success */ + } +-- +2.20.1 +diff --git a/pkg/unzip/patch/0006-Initialize-the-symlink-flag.patch b/pkg/unzip/patch/0006-Initialize-the-symlink-flag.patch@@ -0,0 +1,29 @@ +From d160eb934654c2a52ef7f8273a7f651fd6178b7d Mon Sep 17 00:00:00 2001 +From: Andreas Schwab <schwab@linux-m68k.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Initialize the symlink flag + +--- + process.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/process.c b/process.c +index df58d28..3228bde 100644 +--- a/process.c ++++ b/process.c +@@ -1758,6 +1758,12 @@ int process_cdir_file_hdr(__G) /* return PK-type error code */ + = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11); + #endif + ++#ifdef SYMLINKS ++ /* Initialize the symlink flag, may be set by the platform-specific ++ mapattr function. */ ++ G.pInfo->symlink = 0; ++#endif ++ + return PK_COOL; + + } /* end function process_cdir_file_hdr() */ +-- +2.20.1 +diff --git a/pkg/unzip/patch/0006-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch b/pkg/unzip/patch/0006-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch@@ -1,27 +0,0 @@ -From 0a3f8770bbe8fbd71a62a806a3fe9681a9e14c9e Mon Sep 17 00:00:00 2001 -From: Santiago Vila <sanvila@debian.org> -Date: Thu, 16 Jun 2016 22:42:02 -0700 -Subject: [PATCH] zipinfo.c: Do not crash when hostver byte is >= 100 - -From 08-allow-greater-hostver-values in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - zipinfo.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/zipinfo.c b/zipinfo.c -index a92bca9..5e77018 100644 ---- a/zipinfo.c -+++ b/zipinfo.c -@@ -2114,7 +2114,7 @@ static int zi_short(__G) /* return PK-type error code */ - else - attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-'; /* T==undefined */ - -- sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10); -+ sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10); - break; - - } /* end switch (hostnum: external attributes format) */ --- -2.8.1 -diff --git a/pkg/unzip/patch/0007-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch b/pkg/unzip/patch/0007-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch@@ -1,64 +0,0 @@ -From 52cb9b4a9bfc63f0fce3ffe41cf7a61cb3bb625a Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:42:06 -0700 -Subject: [PATCH] Fix CVE-2014-8139: CRC32 verification heap-based overflow - -From 09-cve-2014-8139-crc-overflow in unzip_6.0-16+deb8u2.debian.tar.xz. ---- - extract.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/extract.c b/extract.c -index 1acd769..df0fa1c 100644 ---- a/extract.c -+++ b/extract.c -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = - #ifndef SFX - static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ - EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ -+ EF block length (%u bytes) invalid (< %d)\n"; - static ZCONST char Far InvalidComprDataEAs[] = - " invalid compressed data for EAs\n"; - # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len) - ebID = makeword(ef); - ebLen = (unsigned)makeword(ef+EB_LEN); - -- if (ebLen > (ef_len - EB_HEADSIZE)) { -+ if (ebLen > (ef_len - EB_HEADSIZE)) -+ { - /* Discovered some extra field inconsistency! */ - if (uO.qflag) - Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len) - } - break; - case EF_PKVMS: -- if (makelong(ef+EB_HEADSIZE) != -+ if (ebLen < 4) -+ { -+ Info(slide, 1, -+ ((char *)slide, LoadFarString(TooSmallEBlength), -+ ebLen, 4)); -+ } -+ else if (makelong(ef+EB_HEADSIZE) != - crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), - (extent)(ebLen-4))) -+ { - Info(slide, 1, ((char *)slide, - LoadFarString(BadCRC_EAs))); -+ } - break; - case EF_PKW32: - case EF_PKUNIX: --- -2.8.1 -diff --git a/pkg/unzip/patch/0007-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch b/pkg/unzip/patch/0007-Increase-size-of-cfactorstr-array-to-avoid-buffer-ov.patch@@ -0,0 +1,25 @@ +From 5ba63850818457aa3147ab40adc376ff7dc0f1c9 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Increase size of cfactorstr array to avoid buffer overflow + +--- + list.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/list.c b/list.c +index 15e0011..5de41e5 100644 +--- a/list.c ++++ b/list.c +@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type error code */ + { + int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; + #ifndef WINDLL +- char sgn, cfactorstr[10]; ++ char sgn, cfactorstr[12]; + int longhdr=(uO.vflag>1); + #endif + int date_format; +-- +2.20.1 +diff --git a/pkg/unzip/patch/0008-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch b/pkg/unzip/patch/0008-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch@@ -1,40 +0,0 @@ -From 74f5aaa429f14d8888504127921e9da6554425af Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:42:11 -0700 -Subject: [PATCH] Fix CVE-2014-8140: out-of-bounds write issue in - test_compr_eb() - -From 10-cve-2014-8140-test-compr-eb in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - extract.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) - -diff --git a/extract.c b/extract.c -index df0fa1c..ec31e60 100644 ---- a/extract.c -+++ b/extract.c -@@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ - -+ /* Return no/bad-data error status if any problem is found: -+ * 1. eb_size is too small to hold the uncompressed size -+ * (eb_ucsize). (Else extract eb_ucsize.) -+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. -+ * 3. eb_ucsize is positive, but eb_size is too small to hold -+ * the compressed data header. -+ */ - if ((eb_size < (EB_UCSIZE_P + 4)) || -- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && -- eb_size <= (compr_offset + EB_CMPRHEADLEN))) -- return IZ_EF_TRUNC; /* no compressed data! */ -+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || -+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) -+ return IZ_EF_TRUNC; /* no/bad compressed data! */ - - if ( - #ifdef INT_16BIT --- -2.8.1 -diff --git a/pkg/unzip/patch/0008-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch b/pkg/unzip/patch/0008-zipinfo.c-Do-not-crash-when-hostver-byte-is-100.patch@@ -0,0 +1,25 @@ +From 4d3698e4c587e5071ebedaa12daa8e86e2fcffc2 Mon Sep 17 00:00:00 2001 +From: Santiago Vila <sanvila@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] zipinfo.c: Do not crash when hostver byte is >= 100 + +--- + zipinfo.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/zipinfo.c b/zipinfo.c +index a92bca9..5e77018 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -2114,7 +2114,7 @@ static int zi_short(__G) /* return PK-type error code */ + else + attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-'; /* T==undefined */ + +- sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10); ++ sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10); + break; + + } /* end switch (hostnum: external attributes format) */ +-- +2.20.1 +diff --git a/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch b/pkg/unzip/patch/0009-Fix-CVE-2014-8139-CRC32-verification-heap-based-over.patch@@ -0,0 +1,63 @@ +From 9decdbe830f233fad7428df99e0c2d34887ac3cf Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2014-8139: CRC32 verification heap-based overflow + +--- + extract.c | 17 ++++++++++++++--- + 1 file changed, 14 insertions(+), 3 deletions(-) + +diff --git a/extract.c b/extract.c +index 1acd769..df0fa1c 100644 +--- a/extract.c ++++ b/extract.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = + #ifndef SFX + static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; ++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ ++ EF block length (%u bytes) invalid (< %d)\n"; + static ZCONST char Far InvalidComprDataEAs[] = + " invalid compressed data for EAs\n"; + # if (defined(WIN32) && defined(NTSD_EAS)) +@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len) + ebID = makeword(ef); + ebLen = (unsigned)makeword(ef+EB_LEN); + +- if (ebLen > (ef_len - EB_HEADSIZE)) { ++ if (ebLen > (ef_len - EB_HEADSIZE)) ++ { + /* Discovered some extra field inconsistency! */ + if (uO.qflag) + Info(slide, 1, ((char *)slide, "%-22s ", +@@ -2158,11 +2161,19 @@ static int TestExtraField(__G__ ef, ef_len) + } + break; + case EF_PKVMS: +- if (makelong(ef+EB_HEADSIZE) != ++ if (ebLen < 4) ++ { ++ Info(slide, 1, ++ ((char *)slide, LoadFarString(TooSmallEBlength), ++ ebLen, 4)); ++ } ++ else if (makelong(ef+EB_HEADSIZE) != + crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), + (extent)(ebLen-4))) ++ { + Info(slide, 1, ((char *)slide, + LoadFarString(BadCRC_EAs))); ++ } + break; + case EF_PKW32: + case EF_PKUNIX: +-- +2.20.1 +diff --git a/pkg/unzip/patch/0009-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch b/pkg/unzip/patch/0009-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch@@ -1,152 +0,0 @@ -From 2fbede051e0344ac5fcc6e6bcb865d4cb8a45f21 Mon Sep 17 00:00:00 2001 -From: Steven Schweda <sms@antinode.info> -Date: Thu, 16 Jun 2016 22:42:14 -0700 -Subject: [PATCH] Fix CVE-2014-8141: out-of-bounds read issues in - getZip64Data() - -From 11-cve-2014-8141-getzip64data in unzip_6.0-16+deb8u2.debian.tar.xz. ---- - fileio.c | 9 ++++++++- - process.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++---------------- - 2 files changed, 59 insertions(+), 18 deletions(-) - -diff --git a/fileio.c b/fileio.c -index ba0a1d0..36bfea3 100644 ---- a/fileio.c -+++ b/fileio.c -@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTrunc[] = - #endif - static ZCONST char Far ExtraFieldTooLong[] = - "warning: extra field too long (%d). Ignoring...\n"; -+static ZCONST char Far ExtraFieldCorrupt[] = -+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; - - #ifdef WINDLL - static ZCONST char Far DiskFullQuery[] = -@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /* return PK-type error code */ - if (readbuf(__G__ (char *)G.extra_field, length) == 0) - return PK_EOF; - /* Looks like here is where extra fields are read */ -- getZip64Data(__G__ G.extra_field, length); -+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) -+ { -+ Info(slide, 0x401, ((char *)slide, -+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); -+ error = PK_WARN; -+ } - #ifdef UNICODE_SUPPORT - G.unipath_filename = NULL; - if (G.UzO.U_flag < 2) { -diff --git a/process.c b/process.c -index 3228bde..df683ea 100644 ---- a/process.c -+++ b/process.c -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -1901,48 +1901,82 @@ int getZip64Data(__G__ ef_buf, ef_len) - and a 4-byte version of disk start number. - Sets both local header and central header fields. Not terribly clever, - but it means that this procedure is only called in one place. -+ -+ 2014-12-05 SMS. -+ Added checks to ensure that enough data are available before calling -+ makeint64() or makelong(). Replaced various sizeof() values with -+ simple ("4" or "8") constants. (The Zip64 structures do not depend -+ on our variable sizes.) Error handling is crude, but we should now -+ stay within the buffer. - ---------------------------------------------------------------------------*/ - -+#define Z64FLGS 0xffff -+#define Z64FLGL 0xffffffff -+ - if (ef_len == 0 || ef_buf == NULL) - return PK_COOL; - - Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", - ef_len)); - -- while (ef_len >= EB_HEADSIZE) { -+ while (ef_len >= EB_HEADSIZE) -+ { - eb_id = makeword(EB_ID + ef_buf); - eb_len = makeword(EB_LEN + ef_buf); - -- if (eb_len > (ef_len - EB_HEADSIZE)) { -- /* discovered some extra field inconsistency! */ -+ if (eb_len > (ef_len - EB_HEADSIZE)) -+ { -+ /* Extra block length exceeds remaining extra field length. */ - Trace((stderr, - "getZip64Data: block length %u > rest ef_size %u\n", eb_len, - ef_len - EB_HEADSIZE)); - break; - } -- if (eb_id == EF_PKSZ64) { -- -+ if (eb_id == EF_PKSZ64) -+ { - int offset = EB_HEADSIZE; - -- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ -- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.ucsize); -+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ -- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.csize); -+ -+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.relative_offset_local_header == 0xffffffff){ -+ -+ if (G.crec.relative_offset_local_header == Z64FLGL) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ - G.crec.relative_offset_local_header = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.relative_offset_local_header); -+ offset += 8; - } -- if (G.crec.disk_number_start == 0xffff){ -+ -+ if (G.crec.disk_number_start == Z64FLGS) -+ { -+ if (offset+ 4 > ef_len) -+ return PK_ERR; -+ - G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); -- offset += sizeof(G.crec.disk_number_start); -+ offset += 4; - } -+#if 0 -+ break; /* Expect only one EF_PKSZ64 block. */ -+#endif /* 0 */ - } - -- /* Skip this extra field block */ -+ /* Skip this extra field block. */ - ef_buf += (eb_len + EB_HEADSIZE); - ef_len -= (eb_len + EB_HEADSIZE); - } --- -2.8.1 -diff --git a/pkg/unzip/patch/0010-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch b/pkg/unzip/patch/0010-Fix-CVE-2014-8140-out-of-bounds-write-issue-in-test_.patch@@ -0,0 +1,38 @@ +From a8ce86155076505d0d6e3d8a3e44c26bb89d9524 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2014-8140: out-of-bounds write issue in + test_compr_eb() + +--- + extract.c | 13 ++++++++++--- + 1 file changed, 10 insertions(+), 3 deletions(-) + +diff --git a/extract.c b/extract.c +index df0fa1c..ec31e60 100644 +--- a/extract.c ++++ b/extract.c +@@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ + ++ /* Return no/bad-data error status if any problem is found: ++ * 1. eb_size is too small to hold the uncompressed size ++ * (eb_ucsize). (Else extract eb_ucsize.) ++ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. ++ * 3. eb_ucsize is positive, but eb_size is too small to hold ++ * the compressed data header. ++ */ + if ((eb_size < (EB_UCSIZE_P + 4)) || +- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && +- eb_size <= (compr_offset + EB_CMPRHEADLEN))) +- return IZ_EF_TRUNC; /* no compressed data! */ ++ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || ++ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) ++ return IZ_EF_TRUNC; /* no/bad compressed data! */ + + if ( + #ifdef INT_16BIT +-- +2.20.1 +diff --git a/pkg/unzip/patch/0010-Info-ZIP-UnZip-buffer-overflow.patch b/pkg/unzip/patch/0010-Info-ZIP-UnZip-buffer-overflow.patch@@ -1,41 +0,0 @@ -From fb09687478043d64dc433bd034d063f33f718084 Mon Sep 17 00:00:00 2001 -From: mancha <mancha1@zoho.com> -Date: Thu, 16 Jun 2016 22:42:17 -0700 -Subject: [PATCH] Info-ZIP UnZip buffer overflow - -From 12-cve-2014-9636-test-compr-eb in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - extract.c | 9 +++++++++ - 1 file changed, 9 insertions(+) - -diff --git a/extract.c b/extract.c -index ec31e60..d816603 100644 ---- a/extract.c -+++ b/extract.c -@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - ulg eb_ucsize; - uch *eb_ucptr; - int r; -+ ush eb_compr_method; - - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ -@@ -2244,6 +2245,14 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) - return IZ_EF_TRUNC; /* no/bad compressed data! */ - -+ /* 2014-11-03 Michal Zalewski, SMS. -+ * For STORE method, compressed and uncompressed sizes must agree. -+ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 -+ */ -+ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset)); -+ if ((eb_compr_method == STORED) && (eb_size - compr_offset != eb_ucsize)) -+ return PK_ERR; -+ - if ( - #ifdef INT_16BIT - (((ulg)(extent)eb_ucsize) != eb_ucsize) || --- -2.8.1 -diff --git a/pkg/unzip/patch/0011-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch b/pkg/unzip/patch/0011-Fix-CVE-2014-8141-out-of-bounds-read-issues-in-getZi.patch@@ -0,0 +1,151 @@ +From 0bec3de89a03c7c998b755ff6091ab1e0f6c43b7 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2014-8141: out-of-bounds read issues in + getZip64Data() + +--- + fileio.c | 9 +++++++- + process.c | 68 +++++++++++++++++++++++++++++++++++++++++-------------- + 2 files changed, 59 insertions(+), 18 deletions(-) + +diff --git a/fileio.c b/fileio.c +index ba0a1d0..36bfea3 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTrunc[] = + #endif + static ZCONST char Far ExtraFieldTooLong[] = + "warning: extra field too long (%d). Ignoring...\n"; ++static ZCONST char Far ExtraFieldCorrupt[] = ++ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; + + #ifdef WINDLL + static ZCONST char Far DiskFullQuery[] = +@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option) /* return PK-type error code */ + if (readbuf(__G__ (char *)G.extra_field, length) == 0) + return PK_EOF; + /* Looks like here is where extra fields are read */ +- getZip64Data(__G__ G.extra_field, length); ++ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) ++ { ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); ++ error = PK_WARN; ++ } + #ifdef UNICODE_SUPPORT + G.unipath_filename = NULL; + if (G.UzO.U_flag < 2) { +diff --git a/process.c b/process.c +index 3228bde..df683ea 100644 +--- a/process.c ++++ b/process.c +@@ -1,5 +1,5 @@ + /* +- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. ++ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. + + See the accompanying file LICENSE, version 2009-Jan-02 or later + (the contents of which are also included in unzip.h) for terms of use. +@@ -1901,48 +1901,82 @@ int getZip64Data(__G__ ef_buf, ef_len) + and a 4-byte version of disk start number. + Sets both local header and central header fields. Not terribly clever, + but it means that this procedure is only called in one place. ++ ++ 2014-12-05 SMS. ++ Added checks to ensure that enough data are available before calling ++ makeint64() or makelong(). Replaced various sizeof() values with ++ simple ("4" or "8") constants. (The Zip64 structures do not depend ++ on our variable sizes.) Error handling is crude, but we should now ++ stay within the buffer. + ---------------------------------------------------------------------------*/ + ++#define Z64FLGS 0xffff ++#define Z64FLGL 0xffffffff ++ + if (ef_len == 0 || ef_buf == NULL) + return PK_COOL; + + Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", + ef_len)); + +- while (ef_len >= EB_HEADSIZE) { ++ while (ef_len >= EB_HEADSIZE) ++ { + eb_id = makeword(EB_ID + ef_buf); + eb_len = makeword(EB_LEN + ef_buf); + +- if (eb_len > (ef_len - EB_HEADSIZE)) { +- /* discovered some extra field inconsistency! */ ++ if (eb_len > (ef_len - EB_HEADSIZE)) ++ { ++ /* Extra block length exceeds remaining extra field length. */ + Trace((stderr, + "getZip64Data: block length %u > rest ef_size %u\n", eb_len, + ef_len - EB_HEADSIZE)); + break; + } +- if (eb_id == EF_PKSZ64) { +- ++ if (eb_id == EF_PKSZ64) ++ { + int offset = EB_HEADSIZE; + +- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ +- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.ucsize); ++ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ ++ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); ++ offset += 8; + } +- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ +- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.csize); ++ ++ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ ++ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); ++ offset += 8; + } +- if (G.crec.relative_offset_local_header == 0xffffffff){ ++ ++ if (G.crec.relative_offset_local_header == Z64FLGL) ++ { ++ if (offset+ 8 > ef_len) ++ return PK_ERR; ++ + G.crec.relative_offset_local_header = makeint64(offset + ef_buf); +- offset += sizeof(G.crec.relative_offset_local_header); ++ offset += 8; + } +- if (G.crec.disk_number_start == 0xffff){ ++ ++ if (G.crec.disk_number_start == Z64FLGS) ++ { ++ if (offset+ 4 > ef_len) ++ return PK_ERR; ++ + G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); +- offset += sizeof(G.crec.disk_number_start); ++ offset += 4; + } ++#if 0 ++ break; /* Expect only one EF_PKSZ64 block. */ ++#endif /* 0 */ + } + +- /* Skip this extra field block */ ++ /* Skip this extra field block. */ + ef_buf += (eb_len + EB_HEADSIZE); + ef_len -= (eb_len + EB_HEADSIZE); + } +-- +2.20.1 +diff --git a/pkg/unzip/patch/0011-Upstream-fix-for-heap-overflow.patch b/pkg/unzip/patch/0011-Upstream-fix-for-heap-overflow.patch@@ -1,36 +0,0 @@ -From 0fbf62b364615cd0566c0803fff8b0dae4118402 Mon Sep 17 00:00:00 2001 -From: Petr Stodulka <pstodulk@redhat.com> -Date: Thu, 16 Jun 2016 22:42:25 -0700 -Subject: [PATCH] Upstream fix for heap overflow - -From 14-cve-2015-7696 in unzip_6.0-16+deb8u2.debian.tar.xz. ---- - crypt.c | 12 +++++++++++- - 1 file changed, 11 insertions(+), 1 deletion(-) - -diff --git a/crypt.c b/crypt.c -index 784e411..a8975f2 100644 ---- a/crypt.c -+++ b/crypt.c -@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) - GLOBAL(pInfo->encrypted) = FALSE; - defer_leftover_input(__G); - for (n = 0; n < RAND_HEAD_LEN; n++) { -- b = NEXTBYTE; -+ /* 2012-11-23 SMS. (OUSPG report.) -+ * Quit early if compressed size < HEAD_LEN. The resulting -+ * error message ("unable to get password") could be improved, -+ * but it's better than trying to read nonexistent data, and -+ * then continuing with a negative G.csize. (See -+ * fileio.c:readbyte()). -+ */ -+ if ((b = NEXTBYTE) == (ush)EOF) -+ { -+ return PK_ERR; -+ } - h[n] = (uch)b; - Trace((stdout, " (%02x)", h[n])); - } --- -2.8.1 -diff --git a/pkg/unzip/patch/0012-Info-ZIP-UnZip-buffer-overflow.patch b/pkg/unzip/patch/0012-Info-ZIP-UnZip-buffer-overflow.patch@@ -0,0 +1,48 @@ +From 14342a8a5ddafa76a8aa9800da078d415f50af71 Mon Sep 17 00:00:00 2001 +From: mancha <mancha1@zoho.com> +Date: Wed, 11 Feb 2015 12:27:06 +0000 +Subject: [PATCH] Info-ZIP UnZip buffer overflow + +By carefully crafting a corrupt ZIP archive with "extra fields" that +purport to have compressed blocks larger than the corresponding +uncompressed blocks in STORED no-compression mode, an attacker can +trigger a heap overflow that can result in application crash or +possibly have other unspecified impact. + +This patch ensures that when extra fields use STORED mode, the +"compressed" and uncompressed block sizes match. +--- + extract.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/extract.c b/extract.c +index ec31e60..f951b9f 100644 +--- a/extract.c ++++ b/extract.c +@@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ulg eb_ucsize; + uch *eb_ucptr; + int r; ++ ush eb_compr_method; + + if (compr_offset < 4) /* field is not compressed: */ + return PK_OK; /* do nothing and signal OK */ +@@ -2244,6 +2245,15 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) + ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) + return IZ_EF_TRUNC; /* no/bad compressed data! */ + ++ /* 2015-02-10 Mancha(?), Michal Zalewski, Tomas Hoger, SMS. ++ * For STORE method, compressed and uncompressed sizes must agree. ++ * http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450 ++ */ ++ eb_compr_method = makeword( eb + (EB_HEADSIZE + compr_offset)); ++ if ((eb_compr_method == STORED) && ++ (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) ++ return PK_ERR; ++ + if ( + #ifdef INT_16BIT + (((ulg)(extent)eb_ucsize) != eb_ucsize) || +-- +2.20.1 +diff --git a/pkg/unzip/patch/0012-fix-infinite-loop-when-extracting-empty-bzip2-data.patch b/pkg/unzip/patch/0012-fix-infinite-loop-when-extracting-empty-bzip2-data.patch@@ -1,30 +0,0 @@ -From b2833dbb4beddd027f46d1bea62cdac40ec3b343 Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Thu, 16 Jun 2016 22:42:29 -0700 -Subject: [PATCH] fix infinite loop when extracting empty bzip2 data - -From 15-cve-2015-7697 in unzip_6.0-16+deb8u2.debian.tar.xz. ---- - extract.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/extract.c b/extract.c -index d816603..ad8b3f7 100644 ---- a/extract.c -+++ b/extract.c -@@ -2728,6 +2728,12 @@ __GDEF - int repeated_buf_err; - bz_stream bstrm; - -+ if (G.incnt <= 0 && G.csize <= 0L) { -+ /* avoid an infinite loop */ -+ Trace((stderr, "UZbunzip2() got empty input\n")); -+ return 2; -+ } -+ - #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) - if (G.redirect_slide) - wsize = G.redirect_size, redirSlide = G.redirect_buffer; --- -2.8.1 -diff --git a/pkg/unzip/patch/0013-Remove-build-date.patch b/pkg/unzip/patch/0013-Remove-build-date.patch@@ -0,0 +1,25 @@ +From f6fa609c9074df6df59023e032f5397c44b40e8d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Bobbio?= <lunar@debian.org> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Remove build date + +--- + unix/unix.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/unix/unix.c b/unix/unix.c +index efa97fc..816e3da 100644 +--- a/unix/unix.c ++++ b/unix/unix.c +@@ -1705,7 +1705,7 @@ void version(__G) + #endif /* Sun */ + #endif /* SGI */ + +-#ifdef __DATE__ ++#if 0 + " on ", __DATE__ + #else + "", "" +-- +2.20.1 +diff --git a/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch b/pkg/unzip/patch/0013-extract-prevent-unsigned-overflow-on-invalid-input.patch@@ -1,37 +0,0 @@ -From 91f3ce1672778ebb41317c2cad4b0a75cf3d002f Mon Sep 17 00:00:00 2001 -From: Kamil Dudka <kdudka@redhat.com> -Date: Thu, 16 Jun 2016 22:42:33 -0700 -Subject: [PATCH] extract: prevent unsigned overflow on invalid input - -From 16-fix-integer-underflow-csiz-decrypted in -unzip_6.0-16+deb8u2.debian.tar.xz. ---- - extract.c | 11 ++++++++++- - 1 file changed, 10 insertions(+), 1 deletion(-) - -diff --git a/extract.c b/extract.c -index ad8b3f7..3ec8813 100644 ---- a/extract.c -+++ b/extract.c -@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, - if (G.lrec.compression_method == STORED) { - zusz_t csiz_decrypted = G.lrec.csize; - -- if (G.pInfo->encrypted) -+ if (G.pInfo->encrypted) { -+ if (csiz_decrypted < 12) { -+ /* handle the error now to prevent unsigned overflow */ -+ Info(slide, 0x401, ((char *)slide, -+ LoadFarStringSmall(ErrUnzipNoFile), -+ LoadFarString(InvalidComprData), -+ LoadFarStringSmall2(Inflate))); -+ return PK_ERR; -+ } - csiz_decrypted -= 12; -+ } - if (G.lrec.ucsize != csiz_decrypted) { - Info(slide, 0x401, ((char *)slide, - LoadFarStringSmall2(WrnStorUCSizCSizDiff), --- -2.8.1 -diff --git a/pkg/unzip/patch/0014-Upstream-fix-for-heap-overflow.patch b/pkg/unzip/patch/0014-Upstream-fix-for-heap-overflow.patch@@ -0,0 +1,35 @@ +From d97748a061a3beb8bdf4d5d0a2458086951960ff Mon Sep 17 00:00:00 2001 +From: Petr Stodulka <pstodulk@redhat.com> +Date: Mon, 14 Sep 2015 18:23:17 +0200 +Subject: [PATCH] Upstream fix for heap overflow + +--- + crypt.c | 12 +++++++++++- + 1 file changed, 11 insertions(+), 1 deletion(-) + +diff --git a/crypt.c b/crypt.c +index 784e411..a8975f2 100644 +--- a/crypt.c ++++ b/crypt.c +@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) + GLOBAL(pInfo->encrypted) = FALSE; + defer_leftover_input(__G); + for (n = 0; n < RAND_HEAD_LEN; n++) { +- b = NEXTBYTE; ++ /* 2012-11-23 SMS. (OUSPG report.) ++ * Quit early if compressed size < HEAD_LEN. The resulting ++ * error message ("unable to get password") could be improved, ++ * but it's better than trying to read nonexistent data, and ++ * then continuing with a negative G.csize. (See ++ * fileio.c:readbyte()). ++ */ ++ if ((b = NEXTBYTE) == (ush)EOF) ++ { ++ return PK_ERR; ++ } + h[n] = (uch)b; + Trace((stdout, " (%02x)", h[n])); + } +-- +2.20.1 +diff --git a/pkg/unzip/patch/0015-fix-infinite-loop-when-extracting-empty-bzip2-data.patch b/pkg/unzip/patch/0015-fix-infinite-loop-when-extracting-empty-bzip2-data.patch@@ -0,0 +1,29 @@ +From e646271050da793fe50fe829b465c4e692fb7d53 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Mon, 14 Sep 2015 18:24:56 +0200 +Subject: [PATCH] fix infinite loop when extracting empty bzip2 data + +--- + extract.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/extract.c b/extract.c +index f951b9f..188f1cf 100644 +--- a/extract.c ++++ b/extract.c +@@ -2729,6 +2729,12 @@ __GDEF + int repeated_buf_err; + bz_stream bstrm; + ++ if (G.incnt <= 0 && G.csize <= 0L) { ++ /* avoid an infinite loop */ ++ Trace((stderr, "UZbunzip2() got empty input\n")); ++ return 2; ++ } ++ + #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) + if (G.redirect_slide) + wsize = G.redirect_size, redirSlide = G.redirect_buffer; +-- +2.20.1 +diff --git a/pkg/unzip/patch/0016-extract-prevent-unsigned-overflow-on-invalid-input.patch b/pkg/unzip/patch/0016-extract-prevent-unsigned-overflow-on-invalid-input.patch@@ -0,0 +1,36 @@ +From c2b00ce1582efdb781355dfa7b161b5393cfa56f Mon Sep 17 00:00:00 2001 +From: Kamil Dudka <kdudka@redhat.com> +Date: Tue, 22 Sep 2015 18:52:23 +0200 +Subject: [PATCH] extract: prevent unsigned overflow on invalid input + +Suggested-by: Stefan Cornelius +--- + extract.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/extract.c b/extract.c +index 188f1cf..549a5eb 100644 +--- a/extract.c ++++ b/extract.c +@@ -1257,8 +1257,17 @@ static int extract_or_test_entrylist(__G__ numchunk, + if (G.lrec.compression_method == STORED) { + zusz_t csiz_decrypted = G.lrec.csize; + +- if (G.pInfo->encrypted) ++ if (G.pInfo->encrypted) { ++ if (csiz_decrypted < 12) { ++ /* handle the error now to prevent unsigned overflow */ ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Inflate))); ++ return PK_ERR; ++ } + csiz_decrypted -= 12; ++ } + if (G.lrec.ucsize != csiz_decrypted) { + Info(slide, 0x401, ((char *)slide, + LoadFarStringSmall2(WrnStorUCSizCSizDiff), +-- +2.20.1 +diff --git a/pkg/unzip/patch/0017-Do-not-ignore-extra-fields-containing-Unix-Timestamp.patch b/pkg/unzip/patch/0017-Do-not-ignore-extra-fields-containing-Unix-Timestamp.patch@@ -0,0 +1,50 @@ +From 528161b86e74c3afbe640c70761e6734119bea1c Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Do not ignore extra fields containing Unix Timestamps + +--- + process.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/process.c b/process.c +index df683ea..e4f2405 100644 +--- a/process.c ++++ b/process.c +@@ -2914,10 +2914,13 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + break; + + case EF_IZUNIX2: +- if (have_new_type_eb == 0) { +- flags &= ~0x0ff; /* ignore any previous IZUNIX field */ ++ if (have_new_type_eb == 0) { /* (< 1) */ + have_new_type_eb = 1; + } ++ if (have_new_type_eb <= 1) { ++ /* Ignore any prior (EF_IZUNIX/EF_PKUNIX) UID/GID. */ ++ flags &= 0x0ff; ++ } + #ifdef IZ_HAVE_UXUIDGID + if (have_new_type_eb > 1) + break; /* IZUNIX3 overrides IZUNIX2 e.f. block ! */ +@@ -2933,6 +2936,8 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + /* new 3rd generation Unix ef */ + have_new_type_eb = 2; + ++ /* Ignore any prior EF_IZUNIX/EF_PKUNIX/EF_IZUNIX2 UID/GID. */ ++ flags &= 0x0ff; + /* + Version 1 byte version of this extra field, currently 1 + UIDSize 1 byte Size of UID field +@@ -2953,8 +2958,6 @@ unsigned ef_scan_for_izux(ef_buf, ef_len, ef_is_c, dos_mdatetime, + uid_size = *((EB_HEADSIZE + 1) + ef_buf); + gid_size = *((EB_HEADSIZE + uid_size + 2) + ef_buf); + +- flags &= ~0x0ff; /* ignore any previous UNIX field */ +- + if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf, + uid_size, &z_uidgid[0]) + && +-- +2.20.1 +diff --git a/pkg/unzip/patch/0018-Fix-CVE-2014-9913-buffer-overflow-in-unzip.patch b/pkg/unzip/patch/0018-Fix-CVE-2014-9913-buffer-overflow-in-unzip.patch@@ -0,0 +1,36 @@ +From 27b0cd89656d39266da7dcab7eb1812dcfc34192 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2014-9913, buffer overflow in unzip + +--- + list.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/list.c b/list.c +index 5de41e5..e488109 100644 +--- a/list.c ++++ b/list.c +@@ -339,7 +339,18 @@ int list_files(__G) /* return PK-type error code */ + G.crec.compression_method == ENHDEFLATED) { + methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; + } else if (methnum >= NUM_METHODS) { +- sprintf(&methbuf[4], "%03u", G.crec.compression_method); ++ /* 2013-02-26 SMS. ++ * http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the ++ * colon, and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); ++ } + } + + #if 0 /* GRR/Euro: add this? */ +-- +2.20.1 +diff --git a/pkg/unzip/patch/0019-Fix-CVE-2016-9844-buffer-overflow-in-zipinfo.patch b/pkg/unzip/patch/0019-Fix-CVE-2016-9844-buffer-overflow-in-zipinfo.patch@@ -0,0 +1,36 @@ +From 7e0435546230ecebe3bfe1ac27eb0186c702c509 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix CVE-2016-9844, buffer overflow in zipinfo + +--- + zipinfo.c | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/zipinfo.c b/zipinfo.c +index 5e77018..0be3e5b 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -1921,7 +1921,18 @@ static int zi_short(__G) /* return PK-type error code */ + ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3); + methbuf[3] = dtype[dnum]; + } else if (methnum >= NUM_METHODS) { /* unknown */ +- sprintf(&methbuf[1], "%03u", G.crec.compression_method); ++ /* 2016-12-05 SMS. ++ * https://launchpad.net/bugs/1643750 ++ * Unexpectedly large compression methods overflow ++ * &methbuf[]. Use the old, three-digit decimal format ++ * for values which fit. Otherwise, sacrifice the "u", ++ * and use four-digit hexadecimal. ++ */ ++ if (G.crec.compression_method <= 999) { ++ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method); ++ } else { ++ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method); ++ } + } + + for (k = 0; k < 15; ++k) +-- +2.20.1 +diff --git a/pkg/unzip/patch/0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch b/pkg/unzip/patch/0020-Fix-buffer-overflow-in-password-protected-zip-archiv.patch@@ -0,0 +1,44 @@ +From d8d3475850d883e90d79086293279149d42658fd Mon Sep 17 00:00:00 2001 +From: Karol Babioch <kbabioch@suse.com> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix buffer overflow in password protected zip archives + +--- + fileio.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/fileio.c b/fileio.c +index 36bfea3..7c21ed0 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -1582,6 +1582,10 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) + int r = IZ_PW_ENTERED; + char *m; + char *prompt; ++ char *zfnf; ++ char *efnf; ++ size_t zfnfl; ++ int isOverflow; + + #ifndef REENTRANT + /* tell picky compilers to shut up about "unused variable" warnings */ +@@ -1590,7 +1594,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, size, zfn, efn) + + if (*rcnt == 0) { /* First call for current entry */ + *rcnt = 2; +- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { ++ zfnf = FnFilter1(zfn); ++ efnf = FnFilter2(efn); ++ zfnfl = strlen(zfnf); ++ isOverflow = TRUE; ++ if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) ++ { ++ isOverflow = FALSE; ++ } ++ if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { + sprintf(prompt, LoadFarString(PasswPrompt), + FnFilter1(zfn), FnFilter2(efn)); + m = prompt; +-- +2.20.1 +diff --git a/pkg/unzip/patch/0021-Fix-lame-code-in-fileio.c.patch b/pkg/unzip/patch/0021-Fix-lame-code-in-fileio.c.patch@@ -0,0 +1,24 @@ +From 365c0c559506ce300793fe469394ca748dd81b50 Mon Sep 17 00:00:00 2001 +From: "Steven M. Schweda" <sms@antinode.info> +Date: Sat, 15 Jun 2019 18:13:11 -0700 +Subject: [PATCH] Fix lame code in fileio.c + +--- + fileio.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/fileio.c b/fileio.c +index 7c21ed0..c10ff63 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -2477,6 +2477,7 @@ zusz_t makeint64(sig) + */ + return (((zusz_t)sig[7]) << 56) + + (((zusz_t)sig[6]) << 48) ++ + (((zusz_t)sig[5]) << 40) + + (((zusz_t)sig[4]) << 32) + + (zusz_t)((((ulg)sig[3]) << 24) + + (((ulg)sig[2]) << 16) +-- +2.20.1 +diff --git a/pkg/unzip/ver b/pkg/unzip/ver@@ -1 +1 @@ -6.0 r0 +6.0-23 r0