Package init

CVE-2018-13410.patch

@@ -0,0 +1,24 @@
+From dd2a5c4be6a460636b415792f02e7c8ae62f524e Mon Sep 17 00:00:00 2001
+From: Hector Chen <shine751105@gmail.com>
+Date: Thu, 21 Feb 2019 09:32:33 +0800
+Subject: [PATCH] Fix CVE-2018-13410
+
+---
+ zip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/zip.c b/zip.c
+index 439821f..f13e2a1 100644
+--- a/zip.c
++++ b/zip.c
+@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippath)
+     /* Replace first {} with archive name.  If no {} append name to string. */
+     here = strstr(unzip_path, "{}");
+ 
+-    if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) {
++    if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) {
+       ziperr(ZE_MEM, "building command string for testing archive");
+     }
+ 
+-- 
+2.7.4

man.patch

@@ -0,0 +1,40 @@
+--- ./man/zipsplit.1	2008-05-08 10:17:48.000000000 +0200
++++ ./man/zipsplit.1	2013-04-26 18:33:12.492008280 +0200
+@@ -12,6 +12,7 @@
+ .RB [ \-r\ room ]
+ .RB [ \-b\ path ]
+ .RB [ \-h ]
++.RB [ \-q ]
+ .RB [ \-v ]
+ .RB [ \-L ]
+ zipfile
+@@ -47,6 +48,9 @@
+ .BI \-h
+ Show a short help.
+ .TP
++.BI \-q
++Suppress some informational messages.
++.TP
+ .BI \-v
+ Show version information.
+ .TP
+--- ./man/zipnote.1	2013-04-26 18:40:32.145018756 +0200
++++ ./man/zipnote.1	2013-04-26 18:40:18.943018442 +0200
+@@ -7,6 +7,7 @@
+ .RB [ \-w ]
+ .RB [ \-b\ path ]
+ .RB [ \-h ]
++.RB [ \-q ]
+ .RB [ \-v ]
+ .RB [ \-L ]
+ zipfile
+@@ -27,6 +28,9 @@
+ .BI \-h
+ Show a short help.
+ .TP
++.BI \-q
++Suppress some informational messages.
++.TP
+ .BI \-v
+ Show version information.
+ .TP

zip-3.0-currdir.patch

@@ -0,0 +1,12 @@
+diff -up zip30/util.c.currdir zip30/util.c
+--- zip30/util.c.currdir	2009-11-16 12:42:17.783961701 +0100
++++ zip30/util.c	2009-11-16 12:42:58.185960707 +0100
+@@ -493,6 +493,8 @@ int cs;                 /* force case-se
+ /* Compare the sh pattern p with the string s and return true if they match,
+    false if they don't or if there is a syntax error in the pattern. */
+ {
++  while (s[0] == '.' && s[1] == '/') 
++    s += 2;                /* strip redundant leading "./" sections */
+   return recmatch(p, s, cs) == 1;
+ }
+ 

zip-3.0-exec-shield.patch

@@ -0,0 +1,20 @@
+diff -up zip30/crc_i386.S.exec_shield zip30/crc_i386.S
+--- zip30/crc_i386.S.exec_shield	2009-11-13 18:37:45.000000000 +0100
++++ zip30/crc_i386.S	2009-11-13 18:39:54.435390166 +0100
+@@ -302,3 +302,6 @@ _crc32:                         /* ulg c
+ #endif /* i386 || _i386 || _I386 || __i386 */
+ 
+ #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */
++
++.section .note.GNU-stack, "", @progbits
++.previous
+diff -up zip30/match.S.exec_shield zip30/match.S
+--- zip30/match.S.exec_shield	2005-01-28 10:40:14.000000000 +0100
++++ zip30/match.S	2009-11-13 18:39:48.570389058 +0100
+@@ -405,3 +405,6 @@ L__return:
+ #endif /* i386 || _I386 || _i386 || __i386  */
+ 
+ #endif /* !USE_ZLIB */
++
++.section .note.GNU-stack, "", @progbits
++.previous

zip-3.0-format-security.patch

@@ -0,0 +1,20 @@
+--- a/zip.c	
++++ a/zip.c	
+@@ -1028,7 +1028,7 @@ local void help_extended()
+ 
+   for (i = 0; i < sizeof(text)/sizeof(char *); i++)
+   {
+-    printf(text[i]);
++    printf("%s", text[i]);
+     putchar('\n');
+   }
+ #ifdef DOS
+@@ -1225,7 +1225,7 @@ local void version_info()
+             CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE);
+   for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++)
+   {
+-    printf(cryptnote[i]);
++    printf("%s", cryptnote[i]);
+     putchar('\n');
+   }
+   ++i;  /* crypt support means there IS at least one compilation option */

zip-3.0-time.patch

@@ -0,0 +1,11 @@
+--- zip-2.31/unix/Makefile.time	2007-02-07 09:36:30.000000000 +0100
++++ zip-2.31/unix/Makefile	2007-02-07 09:38:42.000000000 +0100
+@@ -24,7 +24,7 @@
+ E =
+ 
+ # probably can change this to 'install' if you have it
+-INSTALL_PROGRAM = cp
++INSTALL_PROGRAM = cp -p
+ # probably can change this to 'install -d' if you have it
+ # XXX NextStep 3.3 and Openstep 4.x don't know about -p !
+ INSTALL_D = mkdir -p

zip.spec

@@ -0,0 +1,58 @@
+Name:            zip
+Version:         3.0
+Release:         24
+Summary:         A compression and file packaging/archive utility
+License:         BSD
+URL:             http://www.info-zip.org/Zip.html
+Source0:         http://downloads.sourceforge.net/infozip/zip30.tar.gz
+
+# Patch1 to patch6 get from fedora
+Patch1:          zip-3.0-exec-shield.patch
+Patch2:          zip-3.0-currdir.patch
+Patch3:          zip-3.0-time.patch
+Patch4:          man.patch
+Patch5:          zip-3.0-format-security.patch
+Patch6:          zipnote.patch
+
+Patch6000:       CVE-2018-13410.patch
+
+BuildRequires:   bzip2-devel
+Requires:        unzip
+
+%description
+The zip program is a compression and file packaging utility. Zip has one
+compression method and can also store files without compression.
+Zip automatically chooses the better of the two for each file. Compression
+ratios of 2:1 to 3:1 are common for text files.
+
+%package         help
+Summary:         Documents and manuals related to zip
+BuildArch:       noarch
+
+%description     help
+This package contains the documents and manuals related to zip.
+
+%prep
+%autosetup -n zip30 -p1
+
+%build
+%make_build -f unix/Makefile prefix=%{_prefix} "CFLAGS_NOOPT=-I. -DUNIX $RPM_OPT_FLAGS" generic_gcc
+
+%install
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_mandir}/man1
+%make_install -f unix/Makefile prefix=%{buildroot}%{_prefix} MANDIR=%{buildroot}%{_mandir}/man1
+
+%files
+%defattr(-,root,root)
+%doc README CHANGES TODO WHATSNEW WHERE README.CR
+%doc proginfo/algorith.txt
+%license LICENSE
+%{_bindir}/zip*
+
+%files help
+%{_mandir}/man1/zip*
+
+%changelog
+* Tue Sep 3 2019 dongjian <dongjian13@huawei.com> - 3.0-24
+- Rebuild and modify the description

zipnote.patch

@@ -0,0 +1,13 @@
+diff --git a/zipnote.c b/zipnote.c
+index 5e02cb6..996f012 100644
+--- a/zipnote.c
++++ b/zipnote.c
+@@ -661,7 +661,7 @@ char **argv;            /* command line tokens */
+     if ((r = zipcopy(z)) != ZE_OK)
+       ziperr(r, "was copying an entry");
+   }
+-  fclose(x);
++  fclose(in_file);
+ 
+   /* Write central directory and end of central directory with new comments */
+   if ((c = zftello(y)) == (zoff_t)-1)    /* get start of central */