packages/unzip
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:8ac840c49480ee29d7fed7e325d49c238b3c7e1b
Branches Tags
packages:main
...
compare: packages:196a1b8b6ef8ac5b918c7f9fdbfcf9d0434433a3
Branches Tags
packages:main

10 Commits
8ac840c494 ... 196a1b8b6e

Author SHA1 Message Date
openeuler-ci-bot
196a1b8b6e
!59 [sync] PR-49: license info rectification 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
 2024-12-06 07:29:17 +00:00
yueryoufeng
ea37d0082f license info rectification 
Signed-off-by: yueryoufeng <yinyongkang@kylinos.cn>
(cherry picked from commit c524439cb87936eb922906fa652d5a3fa58c254e)
 2024-12-06 15:18:24 +08:00
openeuler-ci-bot
1e0b652e11
!47 [sync] PR-46: [平行宇宙] Support build with clang 
From: @openeuler-sync-bot 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
 2024-04-16 09:22:29 +00:00
Cheng Li
9677b15b34 Add clang support for unzip 6.0 
Signed-off-by: Cheng Li <cheng@kubuds.cn>
(cherry picked from commit b8ff847b26ac8c1a11f1c585db9977eb3108a00e)
 2024-04-16 16:47:32 +08:00
openeuler-ci-bot
de52ae80fd
!43 add PIE compiler options 
From: @markeryang 
Reviewed-by: @zhoupengcheng11, @lvying6 
Signed-off-by: @lvying6
 2023-03-05 02:15:22 +00:00
markeryang
e7acb7dfc0 add PIE compiler options 2023-03-04 15:28:06 +08:00
openeuler-ci-bot
35a94522f5
!36 fix date error on 6.0-46 
From: @xu_lei_123 
Reviewed-by: @xiezhipeng1 
Signed-off-by: @xiezhipeng1
 2022-12-28 03:02:44 +00:00
xu_lei_123
74ba6fe96f fix date error on 6.0-46 2022-12-27 11:05:37 +08:00
openeuler-ci-bot
2541098351
!32 fix CVE-2021-4217 
From: @dongyuzhen 
Reviewed-by: @lvying6 
Signed-off-by: @lvying6
 2022-09-06 06:33:02 +00:00
dongyuzhen
883e9a1bd2 fix CVE-2021-4217 2022-09-06 11:08:07 +08:00
3 changed files with 137 additions and 5 deletions
Show Stats Expand all files Collapse all files

39
backport-CVE-2021-4217.patch Normal file
View File

@ -0,0 +1,39 @@
From 731d698377dbd1f5b1b90efeb8094602ed59fc40 Mon Sep 17 00:00:00 2001
From: Nils Bars <nils.bars@t-online.de>
Date: Mon, 17 Jan 2022 16:53:16 +0000
Subject: [PATCH] Fix null pointer dereference and use of uninitialized data
This fixes a bug that causes use of uninitialized heap data if `readbuf` fails
to read as many bytes as indicated by the extra field length attribute.
Furthermore, this fixes a null pointer dereference if an archive contains an
`EF_UNIPATH` extra field but does not have a filename set.
Reference:https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077
Conflict: fileio.c file not change.
---
process.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/process.c b/process.c
index abe938b..f573ee4 100644
--- a/process.c
+++ b/process.c
@@ -2060,10 +2060,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
G.unipath_checksum = makelong(offset + ef_buf);
offset += 4;
+ if (!G.filename_full) {
+ /* Check if we have a unicode extra section but no filename set */
+ return PK_ERR;
+ }
+
/*
* Compute 32-bit crc
*/
-
chksum = crc32(chksum, (uch *)(G.filename_full),
strlen(G.filename_full));
--
2.33.0

73
unzip-6.0-support-clang-build.patch Normal file
View File

@ -0,0 +1,73 @@
From 3ac162e9f6ff4b138f3141af2b5c345b9c9b4ee1 Mon Sep 17 00:00:00 2001
From: Cheng Li <cheng@kubuds.cn>
Date: Tue, 9 Apr 2024 13:46:50 +0000
Subject: [PATCH] unzip-6.0-support-clang-build
---
unix/Makefile | 15 +++++++++------
unix/configure | 2 ++
2 files changed, 11 insertions(+), 6 deletions(-)
diff --git a/unix/Makefile b/unix/Makefile
index ab32270..3de8873 100644
--- a/unix/Makefile
+++ b/unix/Makefile
@@ -42,12 +42,12 @@
# such as -DDOSWILD).
# UnZip flags
-CC = cc# try using "gcc" target rather than changing this (CC and LD
+CC ?= cc# try using "gcc" target rather than changing this (CC and LD
LD = $(CC)# must match, else "unresolved symbol: ___main" is possible)
AS = as
LOC = $(D_USE_BZ2) $(LOCAL_UNZIP)
AF = $(LOC)
-CFLAGS = -O
+CFLAGS ?= -O
CF_NOOPT = -I. -I$(IZ_BZIP2) -DUNIX $(LOC)
CF = $(CFLAGS) $(CF_NOOPT)
LFLAGS1 =
@@ -547,6 +547,9 @@ generic: flags # now try autoconfigure first
generic_gcc:
$(MAKE) $(MAKEF) generic CC=gcc IZ_BZIP2="$(IZ_BZIP2)"
+generic_clang:
+ $(MAKE) $(MAKEF) generic CC=clang IZ_BZIP2="$(IZ_BZIP2)"
+
# extensions to perform SVR4 package-creation after compilation
generic_pkg: generic svr4package
generic_gccpkg: generic_gcc svr4package
@@ -594,13 +597,13 @@ generic_shlib: unix_make
@echo\
'which is UnZip linked with the DLL). This target is an example only.'
@echo ""
- $(MAKE) objsdll CC=gcc CFLAGS="-O3 -Wall -fPIC -DDLL"
- gcc -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
+ $(MAKE) objsdll CFLAGS="-O3 -Wall -fPIC -DDLL"
+ $(CC) -shared -Wl,-soname,libunzip.so.0 -o libunzip.so.0.4 $(OBJSDLL)
$(RM) libunzip.so.0 libunzip.so
$(LN) -s libunzip.so.0.4 libunzip.so.0
$(LN) -s libunzip.so.0 libunzip.so
- gcc -c -O unzipstb.c
- gcc -o unzip_shlib unzipstb.o -L. -lunzip
+ $(CC) -c -O unzipstb.c
+ $(CC) -o unzip_shlib unzipstb.o -L. -lunzip
#----------------------------------------------------------------------------
# "Autoconfig" group, aliases for the generic targets using configure:
diff --git a/unix/configure b/unix/configure
index 4d6f867..c231721 100755
--- a/unix/configure
+++ b/unix/configure
@@ -432,6 +432,8 @@ if [ $? -ne 0 ]; then
done
if [ ${OPT} ]; then
LFLAGS2="${LFLAGS2} ${OPT}"
+ elif [ "$CC" == "clang" ]; then
+ CFLAGSR="${CFLAGSR}"
else
CFLAGSR="${CFLAGSR} -DNO_DIR"
fi
--
2.41.0

28
unzip.spec
View File

@ -1,8 +1,8 @@
Name: unzip Name: unzip
Version: 6.0 Version: 6.0
Release: 49 Release: 53
Summary: A utility for unpacking zip files Summary: A utility for unpacking zip files
License: Info-ZIP,Public Domain License: Info-ZIP and Public Domain
URL: http://www.info-zip.org/UnZip.html URL: http://www.info-zip.org/UnZip.html
Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
@ -29,11 +29,13 @@ Patch0020: unzip-6.0-alt-iconv-utf8-print.patch
Patch0021: 0001-Fix-CVE-2016-9844-rhbz-1404283.patch Patch0021: 0001-Fix-CVE-2016-9844-rhbz-1404283.patch
Patch0022: unzip-6.0-timestamp.patch Patch0022: unzip-6.0-timestamp.patch
Patch0023: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch Patch0023: unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
Patch0024: unzip-6.0-support-clang-build.patch
Patch6000: CVE-2018-18384.patch Patch6000: CVE-2018-18384.patch
Patch6001: CVE-2019-13232-pre.patch Patch6001: CVE-2019-13232-pre.patch
Patch6002: CVE-2019-13232.patch Patch6002: CVE-2019-13232.patch
Patch6003: CVE-2019-13232-fur1.patch Patch6003: CVE-2019-13232-fur1.patch
Patch6004: backport-CVE-2021-4217.patch
Patch9000: CVE-2019-13232-fur2.patch Patch9000: CVE-2019-13232-fur2.patch
Patch9001: CVE-2022-0530.patch Patch9001: CVE-2022-0530.patch
Patch9002: CVE-2022-0529.patch Patch9002: CVE-2022-0529.patch
@ -56,8 +58,14 @@ Package help includes man pages for unzip.
%autosetup -n %{name}60 -p1 %autosetup -n %{name}60 -p1
%build %build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIE"
%if "%{?toolchain}" == "clang"
%make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \ %make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
LFLAGS2="-Wl,-z,relro" generic_gcc LFLAGS2="-Wl,-z,relro -pie" generic_clang
%else
%make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
LFLAGS2="-Wl,-z,relro -pie" generic_gcc
%endif
%install %install
%make_install -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 INSTALL="cp -p" %make_install -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 INSTALL="cp -p"
@ -74,6 +82,18 @@ make check -f unix/Makefile
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Wed Jun 12 2024 yinyongkang <yinyongkang@kylinos.cn> - 6.0-53
- license info rectification
* Sun Apr 7 2024 licheng <cheng@kubuds.cn> - 6.0-52
- add support for clang
* Sat Mar 4 2023 yanglongkang <yanglongkang@h-partners.com> - 6.0-51
- add "PIE" compiler options
* Tue Sep 6 2022 dongyuzhen <dongyuzhen@h-partners.com> - 6.0-50
- fix CVE-2021-4217
* Tue May 10 2022 shixuantong <shixuantong@h-partners.com> - 6.0-49 * Tue May 10 2022 shixuantong <shixuantong@h-partners.com> - 6.0-49
- enable check test suite - enable check test suite
@ -83,7 +103,7 @@ make check -f unix/Makefile
* Thu Jun 10 2021 shixuantong <shixuantong@huawei.com> - 6.0-47 * Thu Jun 10 2021 shixuantong <shixuantong@huawei.com> - 6.0-47
- add gcc to BuildRequires and revert unzip-6.0-crc-builtin.patch - add gcc to BuildRequires and revert unzip-6.0-crc-builtin.patch
* Tues May 12 2021 openEuler hanzhelii <18221254@bjtu.edu.cn> - 6.0-46 * Tue May 12 2021 openEuler hanzhelii <18221254@bjtu.edu.cn> - 6.0-46
- add unzip-6.0-crc-builtin.patch - add unzip-6.0-crc-builtin.patch
* Mon Mar 2 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.0-45 * Mon Mar 2 2020 openEuler Buildteam <buildteam@openeuler.org> - 6.0-45