commit 40ad027d1bcb6b67ee19cdc8d943176f9aef3425 Author: Fredrik Rinnestam <fredrik@crux.nu> Date: Tue Aug 4 12:33:04 2015 +0200 unzip: moved to opt diff --git a/unzip/.footprint b/unzip/.footprint deleted file mode 100644 index fa863ce..0000000 --- a/unzip/.footprint +++ /dev/null @@ -1,15 +0,0 @@ -drwxr-xr-x root/root usr/ -drwxr-xr-x root/root usr/bin/ --rwxr-xr-x root/root usr/bin/funzip --rwxr-xr-x root/root usr/bin/unzip --rwxr-xr-x root/root usr/bin/unzipsfx --rwxr-xr-x root/root usr/bin/zipgrep -lrwxrwxrwx root/root usr/bin/zipinfo -> unzip -drwxr-xr-x root/root usr/share/ -drwxr-xr-x root/root usr/share/man/ -drwxr-xr-x root/root usr/share/man/man1/ --rw-r--r-- root/root usr/share/man/man1/funzip.1.gz --rw-r--r-- root/root usr/share/man/man1/unzip.1.gz --rw-r--r-- root/root usr/share/man/man1/unzipsfx.1.gz --rw-r--r-- root/root usr/share/man/man1/zipgrep.1.gz --rw-r--r-- root/root usr/share/man/man1/zipinfo.1.gz diff --git a/unzip/.md5sum b/unzip/.md5sum deleted file mode 100644 index 0a5b32b..0000000 --- a/unzip/.md5sum +++ /dev/null @@ -1,6 +0,0 @@ -19341ef8810558e0cb4e3fe25b3eff70 unzip-6.0-attribs-overflow.patch -cf3e3a98ff85d784c5d3843758645874 unzip-6.0-cve-2014-8139.patch -4f6a01093e9a05fe0d2916170d961e29 unzip-6.0-cve-2014-8140.patch -2a05a5d2f21511c5e393b62e4044e913 unzip-6.0-cve-2014-8141.patch -40ae64ba09670480195539bcdf92c0ef unzip-6.0-overflow.patch -62b490407489521db863b523a7f86375 unzip60.tar.gz diff --git a/unzip/Pkgfile b/unzip/Pkgfile deleted file mode 100644 index 110f4c3..0000000 --- a/unzip/Pkgfile +++ /dev/null @@ -1,26 +0,0 @@ -# Description: Decompress utility for zipfiles -# URL: http://infozip.sourceforge.net/UnZip.html -# Maintainer: CRUX System Team, core-ports at crux dot nu - -name=unzip -version=6.0 -release=6 -source=(http://downloads.sourceforge.net/sourceforge/infozip/${name}${version//./}.tar.gz \ - unzip-6.0-overflow.patch unzip-6.0-attribs-overflow.patch \ - unzip-6.0-cve-2014-8139.patch \ - unzip-6.0-cve-2014-8140.patch \ - unzip-6.0-cve-2014-8141.patch) - -build() { - cd ${name}${version//./} - patch -p1 -i $SRC/unzip-6.0-overflow.patch - patch -p1 -i $SRC/unzip-6.0-attribs-overflow.patch - patch -p1 -i $SRC/unzip-6.0-cve-2014-8139.patch - patch -p1 -i $SRC/unzip-6.0-cve-2014-8140.patch - patch -p1 -i $SRC/unzip-6.0-cve-2014-8141.patch - - sed -i 's/-O3//' unix/configure - make -f unix/Makefile LOCAL_UNZIP="$CFLAGS" generic - make -f unix/Makefile prefix=$PKG/usr MANDIR=$PKG/usr/share/man/man1 install - ln -sf unzip $PKG/usr/bin/zipinfo -} diff --git a/unzip/unzip-6.0-attribs-overflow.patch b/unzip/unzip-6.0-attribs-overflow.patch deleted file mode 100644 index 3122325..0000000 --- a/unzip/unzip-6.0-attribs-overflow.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up unzip60/zipinfo.c.attribs-overflow unzip60/zipinfo.c ---- unzip60/zipinfo.c.attribs-overflow 2009-11-30 09:55:39.000000000 +0100 -+++ unzip60/zipinfo.c 2009-11-30 09:56:42.844263244 +0100 -@@ -1881,7 +1881,7 @@ static int zi_short(__G) /* return PK- - #endif - int k, error, error_in_archive=PK_COOL; - unsigned hostnum, hostver, methid, methnum, xattr; -- char *p, workspace[12], attribs[16]; -+ char *p, workspace[12], attribs[17]; - char methbuf[5]; - static ZCONST char dtype[5]="NXFS"; /* normal, maximum, fast, superfast */ - static ZCONST char Far os[NUM_HOSTS+1][4] = { diff --git a/unzip/unzip-6.0-cve-2014-8139.patch b/unzip/unzip-6.0-cve-2014-8139.patch deleted file mode 100644 index 226b35a..0000000 --- a/unzip/unzip-6.0-cve-2014-8139.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff --git a/extract.c b/extract.c -index 9ef80b3..c741b5f 100644 ---- a/extract.c -+++ b/extract.c -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = - #ifndef SFX - static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ - EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ -+ EF block length (%u bytes) invalid (< %d)\n"; - static ZCONST char Far InvalidComprDataEAs[] = - " invalid compressed data for EAs\n"; - # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len) - ebID = makeword(ef); - ebLen = (unsigned)makeword(ef+EB_LEN); - -- if (ebLen > (ef_len - EB_HEADSIZE)) { -+ if (ebLen > (ef_len - EB_HEADSIZE)) -+ { - /* Discovered some extra field inconsistency! */ - if (uO.qflag) - Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2155,11 +2158,29 @@ static int TestExtraField(__G__ ef, ef_len) - } - break; - case EF_PKVMS: -- if (makelong(ef+EB_HEADSIZE) != -- crc32(CRCVAL_INITIAL, ef+(EB_HEADSIZE+4), -- (extent)(ebLen-4))) -- Info(slide, 1, ((char *)slide, -- LoadFarString(BadCRC_EAs))); -+ /* 2015-01-30 SMS. Added sufficient-bytes test/message -+ * here. (Removed defective ebLen test above.) -+ * -+ * If sufficient bytes (EB_PKVMS_MINLEN) are available, -+ * then compare the stored CRC value with the calculated -+ * CRC for the remainder of the data (and complain about -+ * a mismatch). -+ */ -+ if (ebLen < EB_PKVMS_MINLEN) -+ { -+ /* Insufficient bytes available. */ -+ Info( slide, 1, -+ ((char *)slide, LoadFarString( TooSmallEBlength), -+ ebLen, EB_PKVMS_MINLEN)); -+ } -+ else if (makelong(ef+ EB_HEADSIZE) != -+ crc32(CRCVAL_INITIAL, -+ (ef+ EB_HEADSIZE+ EB_PKVMS_MINLEN), -+ (extent)(ebLen- EB_PKVMS_MINLEN))) -+ { -+ Info(slide, 1, ((char *)slide, -+ LoadFarString(BadCRC_EAs))); -+ } - break; - case EF_PKW32: - case EF_PKUNIX: -diff --git a/unzpriv.h b/unzpriv.h -index 005cee0..5c83a6e 100644 ---- a/unzpriv.h -+++ b/unzpriv.h -@@ -1806,6 +1806,8 @@ - #define EB_NTSD_VERSION 4 /* offset of NTSD version byte */ - #define EB_NTSD_MAX_VER (0) /* maximum version # we know how to handle */ - -+#define EB_PKVMS_MINLEN 4 /* minimum data length of PKVMS extra block */ -+ - #define EB_ASI_CRC32 0 /* offset of ASI Unix field's crc32 checksum */ - #define EB_ASI_MODE 4 /* offset of ASI Unix permission mode field */ - - diff --git a/unzip/unzip-6.0-cve-2014-8140.patch b/unzip/unzip-6.0-cve-2014-8140.patch deleted file mode 100644 index b9eba92..0000000 --- a/unzip/unzip-6.0-cve-2014-8140.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff --git a/extract.c b/extract.c -index c741b5f..e4a4c7b 100644 ---- a/extract.c -+++ b/extract.c -@@ -2240,10 +2240,17 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ - -+ /* Return no/bad-data error status if any problem is found: -+ * 1. eb_size is too small to hold the uncompressed size -+ * (eb_ucsize). (Else extract eb_ucsize.) -+ * 2. eb_ucsize is zero (invalid). 2014-12-04 SMS. -+ * 3. eb_ucsize is positive, but eb_size is too small to hold -+ * the compressed data header. -+ */ - if ((eb_size < (EB_UCSIZE_P + 4)) || -- ((eb_ucsize = makelong(eb+(EB_HEADSIZE+EB_UCSIZE_P))) > 0L && -- eb_size <= (compr_offset + EB_CMPRHEADLEN))) -- return IZ_EF_TRUNC; /* no compressed data! */ -+ ((eb_ucsize = makelong( eb+ (EB_HEADSIZE+ EB_UCSIZE_P))) == 0L) || -+ ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN)))) -+ return IZ_EF_TRUNC; /* no/bad compressed data! */ - - method = makeword(eb + (EB_HEADSIZE + compr_offset)); - if ((method == STORED) && (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) diff --git a/unzip/unzip-6.0-cve-2014-8141.patch b/unzip/unzip-6.0-cve-2014-8141.patch deleted file mode 100644 index 584c576..0000000 --- a/unzip/unzip-6.0-cve-2014-8141.patch +++ /dev/null @@ -1,138 +0,0 @@ -diff --git a/fileio.c b/fileio.c -index 03fc4be..2a61a30 100644 ---- a/fileio.c -+++ b/fileio.c -@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTrunc[] = - #endif - static ZCONST char Far ExtraFieldTooLong[] = - "warning: extra field too long (%d). Ignoring...\n"; -+static ZCONST char Far ExtraFieldCorrupt[] = -+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n"; - - #ifdef WINDLL - static ZCONST char Far DiskFullQuery[] = -@@ -2300,7 +2302,13 @@ int do_string(__G__ length, option) /* return PK-type error code */ - length = length2; - } - /* Looks like here is where extra fields are read */ -- getZip64Data(__G__ G.extra_field, length); -+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL) -+ { -+ Info(slide, 0x401, ((char *)slide, -+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64)); -+ error = PK_WARN; -+ } -+ - #ifdef UNICODE_SUPPORT - G.unipath_filename = NULL; - if (G.UzO.U_flag < 2) { -diff --git a/process.c b/process.c -index be6e006..0d57ab4 100644 ---- a/process.c -+++ b/process.c -@@ -1,5 +1,5 @@ - /* -- Copyright (c) 1990-2009 Info-ZIP. All rights reserved. -+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved. - - See the accompanying file LICENSE, version 2009-Jan-02 or later - (the contents of which are also included in unzip.h) for terms of use. -@@ -1894,48 +1894,83 @@ int getZip64Data(__G__ ef_buf, ef_len) - and a 4-byte version of disk start number. - Sets both local header and central header fields. Not terribly clever, - but it means that this procedure is only called in one place. -+ -+ 2014-12-05 SMS. -+ Added checks to ensure that enough data are available before calling -+ makeint64() or makelong(). Replaced various sizeof() values with -+ simple ("4" or "8") constants. (The Zip64 structures do not depend -+ on our variable sizes.) Error handling is crude, but we should now -+ stay within the buffer. - ---------------------------------------------------------------------------*/ - -+#define Z64FLGS 0xffff -+#define Z64FLGL 0xffffffff -+ - if (ef_len == 0 || ef_buf == NULL) - return PK_COOL; - - Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n", - ef_len)); - -- while (ef_len >= EB_HEADSIZE) { -+ while (ef_len >= EB_HEADSIZE) -+ { - eb_id = makeword(EB_ID + ef_buf); - eb_len = makeword(EB_LEN + ef_buf); - -- if (eb_len > (ef_len - EB_HEADSIZE)) { -- /* discovered some extra field inconsistency! */ -+ if (eb_len > (ef_len - EB_HEADSIZE)) -+ { -+ /* Extra block length exceeds remaining extra field length. */ - Trace((stderr, - "getZip64Data: block length %u > rest ef_size %u\n", eb_len, - ef_len - EB_HEADSIZE)); - break; - } -- if (eb_id == EF_PKSZ64) { - -+ if (eb_id == EF_PKSZ64) -+ { - int offset = EB_HEADSIZE; - -- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){ -- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.ucsize); -+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){ -- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.csize); -+ -+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL)) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ -+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf); -+ offset += 8; - } -- if (G.crec.relative_offset_local_header == 0xffffffff){ -+ -+ if (G.crec.relative_offset_local_header == Z64FLGL) -+ { -+ if (offset+ 8 > ef_len) -+ return PK_ERR; -+ - G.crec.relative_offset_local_header = makeint64(offset + ef_buf); -- offset += sizeof(G.crec.relative_offset_local_header); -+ offset += 8; - } -- if (G.crec.disk_number_start == 0xffff){ -+ -+ if (G.crec.disk_number_start == Z64FLGS) -+ { -+ if (offset+ 4 > ef_len) -+ return PK_ERR; -+ - G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf); -- offset += sizeof(G.crec.disk_number_start); -+ offset += 4; - } -+#if 0 -+ break; /* Expect only one EF_PKSZ64 block. */ -+#endif /* 0 */ - } - -- /* Skip this extra field block */ -+ /* Skip this extra field block. */ - ef_buf += (eb_len + EB_HEADSIZE); - ef_len -= (eb_len + EB_HEADSIZE); - } diff --git a/unzip/unzip-6.0-overflow.patch b/unzip/unzip-6.0-overflow.patch deleted file mode 100644 index 1750796..0000000 --- a/unzip/unzip-6.0-overflow.patch +++ /dev/null @@ -1,27 +0,0 @@ -diff --git a/extract.c b/extract.c -index a0a4929..9ef80b3 100644 ---- a/extract.c -+++ b/extract.c -@@ -2214,6 +2214,7 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - ulg eb_ucsize; - uch *eb_ucptr; - int r; -+ ush method; - - if (compr_offset < 4) /* field is not compressed: */ - return PK_OK; /* do nothing and signal OK */ -@@ -2223,6 +2224,12 @@ static int test_compr_eb(__G__ eb, eb_size, compr_offset, test_uc_ebdata) - eb_size <= (compr_offset + EB_CMPRHEADLEN))) - return IZ_EF_TRUNC; /* no compressed data! */ - -+ method = makeword(eb + (EB_HEADSIZE + compr_offset)); -+ if ((method == STORED) && (eb_size - compr_offset != eb_ucsize)) -+ return PK_ERR; /* compressed & uncompressed -+ * should match in STORED -+ * method */ -+ - if ( - #ifdef INT_16BIT - (((ulg)(extent)eb_ucsize) != eb_ucsize) || - -