3 changed files with 5 additions and 137 deletions
--- a/backport-CVE-2021-4217.patch
+++ b/backport-CVE-2021-4217.patch
@ -1,39 +0,0 @@
-From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
-From: Nils Bars <nils.bars@t-online.de>
-Date: Mon, 17 Jan 2022 16:53:16 +0000
-Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
-
-This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
-to read as many bytes as indicated by the extra field length attribute.
-Furthermore, this fixes a null pointer dereference if an archive contains an
-`EF_UNIPATH` extra field but does not have a filename set.
-
-Reference:https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
-Conflict: fileio.c file not change.
---
- process.c | 6 +++++-
- 1 file changed, 5 insertions(+), 1 deletion(-)
-
-diff --git a/process.c b/process.c
-index abe938b..f573ee4 100644
--- a/process.c
-+++ b/process.c
-@@ -2060,10 +2060,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
-           G.unipath_checksum = makelong(offset + ef_buf);
-           offset += 4;
- 
-+          if (!G.filename_full) {
-+            /* Check if we have a unicode extra section but no filename set */
-+            return PK_ERR;
-+          }
-+
-           /*
-            * Compute 32-bit crc
-            */
-
-           chksum = crc32(chksum, (uch *)(G.filename_full),
-                          strlen(G.filename_full));
- 
-- 
-2.33.0
-
--- a/unzip-6.0-support-clang-build.patch
+++ b/unzip-6.0-support-clang-build.patch
@ -1,73 +0,0 @@
-From 3ac162e9f6ff4b138f3141af2b5c345b9c9b4ee1 Mon Sep 17 00:00:00 2001
-From: Cheng Li <cheng@kubuds.cn>
-Date: Tue, 9 Apr 2024 13:46:50 +0000
-Subject: [PATCH] unzip-6.0-support-clang-build
-
---
- unix/Makefile  | 15 +++++++++------
- unix/configure |  2 ++
- 2 files changed, 11 insertions(+), 6 deletions(-)
-
-diff --git a/unix/Makefile b/unix/Makefile
-index ab32270..3de8873 100644
--- a/unix/Makefile
-+++ b/unix/Makefile
-@@ -42,12 +42,12 @@
- # such as -DDOSWILD).
-
- # UnZip flags
-CC = cc#	try using "gcc" target rather than changing this (CC and LD
-+CC ?= cc#	try using "gcc" target rather than changing this (CC and LD
- LD = $(CC)#	must match, else "unresolved symbol:  ___main" is possible)
- AS = as
- LOC = $(D_USE_BZ2) $(LOCAL_UNZIP)
- AF = $(LOC)
-CFLAGS = -O
-+CFLAGS ?= -O
- CF_NOOPT = -I. -I$(IZ_BZIP2) -DUNIX $(LOC)
- CF = $(CFLAGS) $(CF_NOOPT)
- LFLAGS1 =
-@@ -547,6 +547,9 @@ generic:	flags	   # now try autoconfigure first
- generic_gcc:
-	$(MAKE) $(MAKEF) generic CC=gcc IZ_BZIP2="$(IZ_BZIP2)"
-
-+generic_clang:
-+	$(MAKE) $(MAKEF) generic CC=clang IZ_BZIP2="$(IZ_BZIP2)"
-+
- # extensions to perform SVR4 package-creation after compilation
- generic_pkg:	generic svr4package
- generic_gccpkg:	generic_gcc svr4package
-@@ -594,13 +597,13 @@ generic_shlib:	unix_make
-	@echo\
-  'which is UnZip linked with the DLL).  This target is an example only.'
-	@echo ""
-	$(MAKE) objsdll CC=gcc CFLAGS="-O3 -Wall -fPIC -DDLL"
-	gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
-+	$(MAKE) objsdll CFLAGS="-O3 -Wall -fPIC -DDLL"
-+	$(CC) -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
-	$(RM) libunzip.so.0 libunzip.so
-	$(LN) -s libunzip.so.0.4 libunzip.so.0
-	$(LN) -s libunzip.so.0 libunzip.so
-	gcc -c -O unzipstb.c
-	gcc -o unzip_shlib unzipstb.o -L. -lunzip
-+	$(CC) -c -O unzipstb.c
-+	$(CC) -o unzip_shlib unzipstb.o -L. -lunzip
-
- #----------------------------------------------------------------------------
- #  "Autoconfig" group, aliases for the generic targets using configure:
-diff --git a/unix/configure b/unix/configure
-index 4d6f867..c231721 100755
--- a/unix/configure
-+++ b/unix/configure
-@@ -432,6 +432,8 @@ if [ $? -ne 0 ]; then
-   done
-   if [ ${OPT} ]; then
-     LFLAGS2="${LFLAGS2} ${OPT}"
-+  elif [ "$CC" == "clang" ]; then
-+    CFLAGSR="${CFLAGSR}"
-   else
-     CFLAGSR="${CFLAGSR} -DNO_DIR"
-   fi
--
-2.41.0
-
--- a/unzip.spec
+++ b/unzip.spec
@ -1,8 +1,8 @@
 Name:           unzip
 Version:        6.0
-Release:        53
+Release:        49
 Summary:        A utility for unpacking zip files
-License:        Info-ZIP and Public Domain
+License:        Info-ZIP,Public Domain
 URL:            http://www.info-zip.org/UnZip.html
 Source:         http://downloads.sourceforge.net/infozip/unzip60.tar.gz

@ -29,13 +29,11 @@ Patch0020:      unzip-6.0-alt-iconv-utf8-print.patch
 Patch0021:      0001-Fix-CVE-2016-9844-rhbz-1404283.patch
 Patch0022:      unzip-6.0-timestamp.patch
 Patch0023:      unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
-Patch0024:      unzip-6.0-support-clang-build.patch

 Patch6000:      CVE-2018-18384.patch
 Patch6001:      CVE-2019-13232-pre.patch
 Patch6002:      CVE-2019-13232.patch
 Patch6003:      CVE-2019-13232-fur1.patch
-Patch6004:      backport-CVE-2021-4217.patch
 Patch9000:      CVE-2019-13232-fur2.patch
 Patch9001:      CVE-2022-0530.patch
 Patch9002:      CVE-2022-0529.patch
@ -58,14 +56,8 @@ Package help includes man pages for unzip.
 %autosetup -n %{name}60 -p1

 %build
-export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIE"
-%if "%{?toolchain}" == "clang"
-    %make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
-                      LFLAGS2="-Wl,-z,relro -pie" generic_clang
-%else
-    %make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
-                      LFLAGS2="-Wl,-z,relro -pie" generic_gcc
-%endif
+%make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
+                      LFLAGS2="-Wl,-z,relro" generic_gcc

 %install
 %make_install -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 INSTALL="cp -p"
@ -82,18 +74,6 @@ make check -f unix/Makefile
 %{_mandir}/man1/*

 %changelog
-* Wed Jun 12 2024 yinyongkang <yinyongkang@kylinos.cn> - 6.0-53
- license info rectification
-
-* Sun Apr 7 2024 licheng <cheng@kubuds.cn> - 6.0-52
- add support for clang
-
-* Sat Mar 4 2023 yanglongkang <yanglongkang@h-partners.com> - 6.0-51
- add "PIE" compiler options
-
-* Tue Sep 6 2022 dongyuzhen <dongyuzhen@h-partners.com> - 6.0-50
- fix CVE-2021-4217
-
 * Tue May 10 2022 shixuantong <shixuantong@h-partners.com> - 6.0-49
 - enable check test suite

@ -103,7 +83,7 @@ make check -f unix/Makefile
 * Thu Jun 10 2021 shixuantong <shixuantong@huawei.com> - 6.0-47
 - add gcc to BuildRequires and revert unzip-6.0-crc-builtin.patch

-* Tue May 12 2021 openEuler hanzhelii <18221254@bjtu.edu.cn> - 6.0-46
+* Tues May 12 2021 openEuler hanzhelii <18221254@bjtu.edu.cn> - 6.0-46
 - add unzip-6.0-crc-builtin.patch

 * Mon Mar 2 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.0-45