commit: ae0c48281c5e9b096ba612c01af8dbccda6d2df2
parent 8110e1b440cb28b51ba897f962e2539aa4824e6c
Author: Michael Forney <mforney@mforney.org>
Date: Mon, 28 Apr 2025 13:02:21 -0700
unzip: Update to 6.0-29
Diffstat:
8 files changed, 349 insertions(+), 1 deletion(-)
diff --git a/pkg/unzip/patch/0025-Fix-bug-in-UZbunzip2-that-incorrectly-updated-G.incn.patch b/pkg/unzip/patch/0025-Fix-bug-in-UZbunzip2-that-incorrectly-updated-G.incn.patch
@@ -0,0 +1,30 @@
+From 705923de022bad2ce0142ccbab68aa57ebe36db1 Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] Fix bug in UZbunzip2() that incorrectly updated G.incnt
+
+ Fix bug in UZbunzip2() that incorrectly updated G.incnt.
+
+ The update assumed a full buffer, which is not always full. This
+ could result in a false overlapped element detection when a small
+ bzip2-compressed file was unzipped. This commit remedies that.
+---
+ extract.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/extract.c b/extract.c
+index ad5daac..6712ed0 100644
+--- a/extract.c
++++ b/extract.c
+@@ -3052,7 +3052,7 @@ __GDEF
+ #endif
+
+ G.inptr = (uch *)bstrm.next_in;
+- G.incnt = (G.inbuf + INBUFSIZ) - G.inptr; /* reset for other routines */
++ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */
+
+ uzbunzip_cleanup_exit:
+ err = BZ2_bzDecompressEnd(&bstrm);
+--
+2.45.2
+
diff --git a/pkg/unzip/patch/0026-Fix-bug-in-UZinflate-that-incorrectly-updated-G.incn.patch b/pkg/unzip/patch/0026-Fix-bug-in-UZinflate-that-incorrectly-updated-G.incn.patch
@@ -0,0 +1,31 @@
+From a07b1c0bb82b6dc0f8f224894e49eb9b44a076db Mon Sep 17 00:00:00 2001
+From: Mark Adler <madler@alumni.caltech.edu>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] Fix bug in UZinflate() that incorrectly updated G.incnt.
+
+ Fix bug in UZinflate() that incorrectly updated G.incnt.
+
+ The update assumed a full buffer, which is not always full. This
+ could result in a false overlapped element detection when a small
+ deflate-compressed file was unzipped using an old zlib. This
+ commit remedies that.
+---
+ inflate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/inflate.c b/inflate.c
+index f2f6864..2c37999 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -700,7 +700,7 @@ int UZinflate(__G__ is_defl64)
+ G.dstrm.total_out));
+
+ G.inptr = (uch *)G.dstrm.next_in;
+- G.incnt = (G.inbuf + INBUFSIZ) - G.inptr; /* reset for other routines */
++ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */
+
+ uzinflate_cleanup_exit:
+ err = inflateReset(&G.dstrm);
+--
+2.45.2
+
diff --git a/pkg/unzip/patch/0027-zipgrep-Avoid-test-errors-when-no-members-present.patch b/pkg/unzip/patch/0027-zipgrep-Avoid-test-errors-when-no-members-present.patch
@@ -0,0 +1,24 @@
+From 765b05298e4959bea8a77295704c9461fa9218d1 Mon Sep 17 00:00:00 2001
+From: Kevin Locke <kevin@kevinlocke.name>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] zipgrep: Avoid test errors when no members present
+
+---
+ unix/zipgrep | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/unix/zipgrep b/unix/zipgrep
+index 69cd6ba..b9d2316 100755
+--- a/unix/zipgrep
++++ b/unix/zipgrep
+@@ -44,6 +44,7 @@ if test -n "$opt"; then
+ opt="-$opt"
+ fi
+
++sts=0
+ status_grep_global=1
+ IFS='
+ '
+--
+2.45.2
+
diff --git a/pkg/unzip/patch/0028-Fix-for-CVE-2022-0529-and-CVE-2022-0530.patch b/pkg/unzip/patch/0028-Fix-for-CVE-2022-0529-and-CVE-2022-0530.patch
@@ -0,0 +1,185 @@
+From 7c5862de85894d5387c855b5df6e5509c97f5bdf Mon Sep 17 00:00:00 2001
+From: "Steven M. Schweda" <sms@antinode.info>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] Fix for CVE-2022-0529 and CVE-2022-0530
+
+---
+ fileio.c | 34 +++++++++++++++++++++++++---------
+ process.c | 55 ++++++++++++++++++++++++++++++++++++++++++++-----------
+ 2 files changed, 69 insertions(+), 20 deletions(-)
+
+diff --git a/fileio.c b/fileio.c
+index 6290824..50a74fc 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -171,8 +171,10 @@ static ZCONST char Far ReadError[] = "error: zipfile read error\n";
+ static ZCONST char Far FilenameTooLongTrunc[] =
+ "warning: filename too long--truncating.\n";
+ #ifdef UNICODE_SUPPORT
++ static ZCONST char Far UFilenameCorrupt[] =
++ "error: Unicode filename corrupt.\n";
+ static ZCONST char Far UFilenameTooLongTrunc[] =
+- "warning: Converted unicode filename too long--truncating.\n";
++ "warning: Converted Unicode filename too long--truncating.\n";
+ #endif
+ static ZCONST char Far ExtraFieldTooLong[] =
+ "warning: extra field too long (%d). Ignoring...\n";
+@@ -2361,16 +2363,30 @@ int do_string(__G__ length, option) /* return PK-type error code */
+ /* convert UTF-8 to local character set */
+ fn = utf8_to_local_string(G.unipath_filename,
+ G.unicode_escape_all);
+- /* make sure filename is short enough */
+- if (strlen(fn) >= FILNAMSIZ) {
+- fn[FILNAMSIZ - 1] = '\0';
++
++ /* 2022-07-22 SMS, et al. CVE-2022-0530
++ * Detect conversion failure, emit message.
++ * Continue with unconverted name.
++ */
++ if (fn == NULL)
++ {
+ Info(slide, 0x401, ((char *)slide,
+- LoadFarString(UFilenameTooLongTrunc)));
+- error = PK_WARN;
++ LoadFarString(UFilenameCorrupt)));
++ error = PK_ERR;
++ }
++ else
++ {
++ /* make sure filename is short enough */
++ if (strlen(fn) >= FILNAMSIZ) {
++ fn[FILNAMSIZ - 1] = '\0';
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString(UFilenameTooLongTrunc)));
++ error = PK_WARN;
++ }
++ /* replace filename with converted UTF-8 */
++ strcpy(G.filename, fn);
++ free(fn);
+ }
+- /* replace filename with converted UTF-8 */
+- strcpy(G.filename, fn);
+- free(fn);
+ }
+ # endif /* UNICODE_WCHAR */
+ if (G.unipath_filename != G.filename_full)
+diff --git a/process.c b/process.c
+index d2a846e..a7d5b87 100644
+--- a/process.c
++++ b/process.c
+@@ -222,6 +222,8 @@ static ZCONST char Far ZipfileCommTrunc1[] =
+ "\nwarning: Unicode Path version > 1\n";
+ static ZCONST char Far UnicodeMismatchError[] =
+ "\nwarning: Unicode Path checksum invalid\n";
++ static ZCONST char Far UFilenameTooLongTrunc[] =
++ "warning: filename too long (P1) -- truncating.\n";
+ #endif
+
+
+@@ -1915,7 +1917,7 @@ int getZip64Data(__G__ ef_buf, ef_len)
+ Sets both local header and central header fields. Not terribly clever,
+ but it means that this procedure is only called in one place.
+
+- 2014-12-05 SMS.
++ 2014-12-05 SMS. (oCERT.org report.) CVE-2014-8141.
+ Added checks to ensure that enough data are available before calling
+ makeint64() or makelong(). Replaced various sizeof() values with
+ simple ("4" or "8") constants. (The Zip64 structures do not depend
+@@ -1947,9 +1949,10 @@ int getZip64Data(__G__ ef_buf, ef_len)
+ ef_len - EB_HEADSIZE));
+ break;
+ }
++
+ if (eb_id == EF_PKSZ64)
+ {
+- int offset = EB_HEADSIZE;
++ unsigned offset = EB_HEADSIZE;
+
+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
+ {
+@@ -2046,7 +2049,7 @@ int getUnicodeData(__G__ ef_buf, ef_len)
+ }
+ if (eb_id == EF_UNIPATH) {
+
+- int offset = EB_HEADSIZE;
++ unsigned offset = EB_HEADSIZE;
+ ush ULen = eb_len - 5;
+ ulg chksum = CRCVAL_INITIAL;
+
+@@ -2504,16 +2507,17 @@ char *wide_to_local_string(wide_string, escape_all)
+ int state_dependent;
+ int wsize = 0;
+ int max_bytes = MB_CUR_MAX;
+- char buf[9];
++ char buf[ MB_CUR_MAX+ 1]; /* ("+1" not really needed?) */
+ char *buffer = NULL;
+ char *local_string = NULL;
++ size_t buffer_size; /* CVE-2022-0529 */
+
+ for (wsize = 0; wide_string[wsize]; wsize++) ;
+
+ if (max_bytes < MAX_ESCAPE_BYTES)
+ max_bytes = MAX_ESCAPE_BYTES;
+-
+- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
++ buffer_size = wsize * max_bytes + 1; /* Reused below. */
++ if ((buffer = (char *)malloc( buffer_size)) == NULL) {
+ return NULL;
+ }
+
+@@ -2551,8 +2555,28 @@ char *wide_to_local_string(wide_string, escape_all)
+ } else {
+ /* no MB for this wide */
+ /* use escape for wide character */
+- char *escape_string = wide_to_escape_string(wide_string[i]);
+- strcat(buffer, escape_string);
++ size_t buffer_len;
++ size_t escape_string_len;
++ char *escape_string;
++ int err_msg = 0;
++
++ escape_string = wide_to_escape_string(wide_string[i]);
++ buffer_len = strlen( buffer);
++ escape_string_len = strlen( escape_string);
++
++ /* Append escape string, as space allows. */
++ /* 2022-07-18 SMS, et al. CVE-2022-0529 */
++ if (escape_string_len > buffer_size- buffer_len- 1)
++ {
++ escape_string_len = buffer_size- buffer_len- 1;
++ if (err_msg == 0)
++ {
++ err_msg = 1;
++ Info(slide, 0x401, ((char *)slide,
++ LoadFarString( UFilenameTooLongTrunc)));
++ }
++ }
++ strncat( buffer, escape_string, escape_string_len);
+ free(escape_string);
+ }
+ }
+@@ -2604,9 +2628,18 @@ char *utf8_to_local_string(utf8_string, escape_all)
+ ZCONST char *utf8_string;
+ int escape_all;
+ {
+- zwchar *wide = utf8_to_wide_string(utf8_string);
+- char *loc = wide_to_local_string(wide, escape_all);
+- free(wide);
++ zwchar *wide;
++ char *loc = NULL;
++
++ wide = utf8_to_wide_string( utf8_string);
++
++ /* 2022-07-25 SMS, et al. CVE-2022-0530 */
++ if (wide != NULL)
++ {
++ loc = wide_to_local_string( wide, escape_all);
++ free( wide);
++ }
++
+ return loc;
+ }
+
+--
+2.45.2
+
diff --git a/pkg/unzip/patch/0029-Handle-Microsoft-ZIP64-files-by-ignoring-invalid-Tot.patch b/pkg/unzip/patch/0029-Handle-Microsoft-ZIP64-files-by-ignoring-invalid-Tot.patch
@@ -0,0 +1,26 @@
+From 94b2d0b50a3a231ef91319e8e633b7ea62f0e2db Mon Sep 17 00:00:00 2001
+From: Roy Tam <roytam@gmail.com>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] Handle Microsoft ZIP64 files by ignoring invalid "Total
+ number of disks" field
+
+---
+ process.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/process.c b/process.c
+index a7d5b87..b385f1e 100644
+--- a/process.c
++++ b/process.c
+@@ -1281,7 +1281,7 @@ static int find_ecrec64(__G__ searchlen) /* return PK-class error */
+ fprintf(stdout,"\nnumber of disks (ECR) %u, (ECLOC64) %lu\n",
+ G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
+ #endif
+- if ((G.ecrec.number_this_disk != 0xFFFF) &&
++ if ((G.ecrec.number_this_disk != 0xFFFF) && ecloc64_total_disks &&
+ (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
+ /* Note: For some unknown reason, the developers at PKWARE decided to
+ store the "zip64 total disks" value as a counter starting from 1,
+--
+2.45.2
+
diff --git a/pkg/unzip/patch/0030-Drop-conflicting-declarations-of-gmtime-and-localtim.patch b/pkg/unzip/patch/0030-Drop-conflicting-declarations-of-gmtime-and-localtim.patch
@@ -0,0 +1,25 @@
+From 7fb1835d3ec1654edd2b1b88575cc9eedb1b0f03 Mon Sep 17 00:00:00 2001
+From: Santiago Vila <sanvila@debian.org>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] Drop conflicting declarations of gmtime() and localtime()
+
+---
+ unix/unxcfg.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/unix/unxcfg.h b/unix/unxcfg.h
+index c98c3b9..a3ad576 100644
+--- a/unix/unxcfg.h
++++ b/unix/unxcfg.h
+@@ -118,7 +118,7 @@ typedef struct stat z_stat;
+ # endif
+ #else
+ # include <time.h>
+- struct tm *gmtime(), *localtime();
++/* struct tm *gmtime(), *localtime(); */
+ #endif
+
+ #if (defined(BSD4_4) || (defined(SYSV) && defined(MODERN)))
+--
+2.45.2
+
diff --git a/pkg/unzip/patch/0031-Do-not-escape-shell-special-characters-in-pat.patch b/pkg/unzip/patch/0031-Do-not-escape-shell-special-characters-in-pat.patch
@@ -0,0 +1,27 @@
+From 39d270017e54c35683eab58de5059eda6d697c97 Mon Sep 17 00:00:00 2001
+From: Vincent Lefevre <vincent@vinc17.net>
+Date: Mon, 28 Apr 2025 12:57:34 -0700
+Subject: [PATCH] Do not escape shell-special characters in "pat"
+
+---
+ unix/zipgrep | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/unix/zipgrep b/unix/zipgrep
+index b9d2316..3ac7612 100755
+--- a/unix/zipgrep
++++ b/unix/zipgrep
+@@ -49,10 +49,6 @@ status_grep_global=1
+ IFS='
+ '
+
+-# Escape shell-special characters in "pat".
+-pat=` echo "$pat" | \
+- sed -e 's/\\\\/\\\\\\\\/g' -e 's/|/\\\|/g' -e 's/&/\\\&/g' `
+-
+ # Use "unzip -Z1" to get a listing of the specified members from the
+ # specified archive. Escape any backslashes in a file name.
+ for i in `unzip -Z1 "$zipfile" ${1+"$@"} | sed -e 's/\\\\/\\\\\\\\/g' `; do
+--
+2.45.2
+
diff --git a/pkg/unzip/ver b/pkg/unzip/ver
@@ -1 +1 @@
-6.0-25 r0
+6.0-29 r0
