Bastian Germann wrote: > Mark has stated on https://github.com/madler/zlib/issues/742 that > he will not be working on this.
I am willing to volunteer as zlib co-maintainer focusing solely on minizip so that Mark need do no work related to it. > Mark, are you aware that this has a patch already? I updated the minizip patch to apply to zlib 1.2.13 (from previously 1.2.11), attached below. What do you think? Best wishes, Mike
diff -Nru zlib-1.2.13.dfsg/debian/changelog zlib-1.2.13.dfsg/debian/changelog --- zlib-1.2.13.dfsg/debian/changelog 2022-11-05 12:24:46.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/changelog 2023-08-02 01:30:53.000000000 +0000 @@ -1,3 +1,9 @@ +zlib (1:1.2.13.dfsg-1.1) UNRELEASED; urgency=medium + + * Build minizip packages. + + -- Michael Gilbert <mgilb...@debian.org> Wed, 02 Aug 2023 01:30:53 +0000 + zlib (1:1.2.13.dfsg-1) unstable; urgency=low * New upstream release. diff -Nru zlib-1.2.13.dfsg/debian/control zlib-1.2.13.dfsg/debian/control --- zlib-1.2.13.dfsg/debian/control 2022-11-05 12:24:46.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/control 2023-08-02 01:30:53.000000000 +0000 @@ -4,7 +4,7 @@ Maintainer: Mark Brown <broo...@debian.org> Standards-Version: 4.6.1 Homepage: http://zlib.net/ -Build-Depends: debhelper (>= 13), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] <!nobiarch>, dpkg-dev (>= 1.16.1) +Build-Depends: debhelper (>= 13), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] <!nobiarch>, dpkg-dev (>= 1.16.1), autoconf Package: zlib1g Architecture: any @@ -118,3 +118,50 @@ This package should ONLY be used for building packages, users who do not need to build packages should use multiarch to install the relevant runtime. + +Package: minizip +Section: utils +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Replaces: + zlib-bin, +Conflicts: + zlib-bin, +Description: compression library - minizip tools + minizip is a minimalistic library that supports compressing, extracting, + viewing, and manipulating zip files. + . + This package includes the minizip and miniunzip tools. + +Package: libminizip1 +Architecture: any +Multi-Arch: same +Pre-Depends: + ${misc:Pre-Depends} +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Description: compression library - minizip library + minizip is a minimalistic library that supports compressing, extracting, + viewing, and manipulating zip files. + . + This package includes the minizip library. + +Package: libminizip-dev +Architecture: any +Multi-Arch: same +Section: libdevel +Depends: + ${misc:Depends}, + libminizip1 (= ${binary:Version}) +Replaces: + libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~), +Breaks: + libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~), +Description: compression library - minizip development files + minizip is a minimalistic library that supports compressing, extracting, + viewing, and manipulating zip files. + . + This package includes development support files for the minizip library. diff -Nru zlib-1.2.13.dfsg/debian/libminizip-dev.install zlib-1.2.13.dfsg/debian/libminizip-dev.install --- zlib-1.2.13.dfsg/debian/libminizip-dev.install 1970-01-01 00:00:00.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/libminizip-dev.install 2023-08-02 01:29:43.000000000 +0000 @@ -0,0 +1,4 @@ +usr/include/minizip +usr/lib/*/libminizip.a +usr/lib/*/libminizip.so +usr/lib/*/pkgconfig/minizip.pc diff -Nru zlib-1.2.13.dfsg/debian/libminizip1.install zlib-1.2.13.dfsg/debian/libminizip1.install --- zlib-1.2.13.dfsg/debian/libminizip1.install 1970-01-01 00:00:00.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/libminizip1.install 2023-08-02 01:29:43.000000000 +0000 @@ -0,0 +1 @@ +usr/lib/*/libminizip.so.* diff -Nru zlib-1.2.13.dfsg/debian/libminizip1.symbols zlib-1.2.13.dfsg/debian/libminizip1.symbols --- zlib-1.2.13.dfsg/debian/libminizip1.symbols 1970-01-01 00:00:00.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/libminizip1.symbols 2023-08-02 01:30:53.000000000 +0000 @@ -0,0 +1,62 @@ +libminizip.so.1 libminizip1 + call_zopen64@Base 1.1 + call_zseek64@Base 1.1 + call_ztell64@Base 1.1 + fill_fopen64_filefunc@Base 1.1 + fill_fopen_filefunc@Base 1.1 + fill_zlib_filefunc64_32_def_from_filefunc32@Base 1.1 + unzClose@Base 1.1 + unzCloseCurrentFile@Base 1.1 + unzGetCurrentFileInfo64@Base 1.1 + unzGetCurrentFileInfo@Base 1.1 + unzGetCurrentFileZStreamPos64@Base 1.1 + unzGetFilePos64@Base 1.1 + unzGetFilePos@Base 1.1 + unzGetGlobalComment@Base 1.1 + unzGetGlobalInfo64@Base 1.1 + unzGetGlobalInfo@Base 1.1 + unzGetLocalExtrafield@Base 1.1 + unzGetOffset64@Base 1.1 + unzGetOffset@Base 1.1 + unzGoToFilePos64@Base 1.1 + unzGoToFilePos@Base 1.1 + unzGoToFirstFile@Base 1.1 + unzGoToNextFile@Base 1.1 + unzLocateFile@Base 1.1 + unzOpen2@Base 1.1 + unzOpen2_64@Base 1.1 + unzOpen64@Base 1.1 + unzOpen@Base 1.1 + unzOpenCurrentFile2@Base 1.1 + unzOpenCurrentFile3@Base 1.1 + unzOpenCurrentFile@Base 1.1 + unzOpenCurrentFilePassword@Base 1.1 + unzReadCurrentFile@Base 1.1 + unzRepair@Base 1.1 + unzSetOffset64@Base 1.1 + unzSetOffset@Base 1.1 + unzStringFileNameCompare@Base 1.1 + unz_copyright@Base 1.1 + unzeof@Base 1.1 + unztell64@Base 1.1 + unztell@Base 1.1 + zipClose@Base 1.1 + zipCloseFileInZip@Base 1.1 + zipCloseFileInZipRaw64@Base 1.1 + zipCloseFileInZipRaw@Base 1.1 + zipOpen2@Base 1.1 + zipOpen2_64@Base 1.1 + zipOpen3@Base 1.1 + zipOpen64@Base 1.1 + zipOpen@Base 1.1 + zipOpenNewFileInZip2@Base 1.1 + zipOpenNewFileInZip2_64@Base 1.1 + zipOpenNewFileInZip3@Base 1.1 + zipOpenNewFileInZip3_64@Base 1.1 + zipOpenNewFileInZip4@Base 1.1 + zipOpenNewFileInZip4_64@Base 1.1 + zipOpenNewFileInZip64@Base 1.1 + zipOpenNewFileInZip@Base 1.1 + zipRemoveExtraInfoBlock@Base 1.1 + zipWriteInFileInZip@Base 1.1 + zip_copyright@Base 1.1 diff -Nru zlib-1.2.13.dfsg/debian/minizip.install zlib-1.2.13.dfsg/debian/minizip.install --- zlib-1.2.13.dfsg/debian/minizip.install 1970-01-01 00:00:00.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/minizip.install 2023-08-02 01:29:43.000000000 +0000 @@ -0,0 +1,2 @@ +usr/bin/minizip +usr/bin/miniunzip diff -Nru zlib-1.2.13.dfsg/debian/minizip.manpages zlib-1.2.13.dfsg/debian/minizip.manpages --- zlib-1.2.13.dfsg/debian/minizip.manpages 1970-01-01 00:00:00.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/minizip.manpages 2023-08-02 01:29:43.000000000 +0000 @@ -0,0 +1,2 @@ +contrib/minizip/minizip.1 +contrib/minizip/miniunzip.1 diff -Nru zlib-1.2.13.dfsg/debian/patches/CVE-2014-9485-miniunzip.patch zlib-1.2.13.dfsg/debian/patches/CVE-2014-9485-miniunzip.patch --- zlib-1.2.13.dfsg/debian/patches/CVE-2014-9485-miniunzip.patch 1970-01-01 00:00:00.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/patches/CVE-2014-9485-miniunzip.patch 2023-08-02 01:29:43.000000000 +0000 @@ -0,0 +1,28 @@ +description: fix directory traversal issues in miniunzip +author: Michael Gilbert <mgilb...@debian.org> +bug-debian: https://bugs.debian.org/774321 +bug-debian: https://bugs.debian.org/776831 + +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -367,6 +367,20 @@ int do_extract_currentfile(uf,popt_extra + else + write_filename = filename_withoutpath; + ++ if (write_filename[0]!='\0') ++ { ++ const char* relative_check = write_filename; ++ while (relative_check[1]!='\0') ++ { ++ if (relative_check[0]=='.' && relative_check[1]=='.') ++ write_filename = relative_check; ++ relative_check++; ++ } ++ } ++ ++ while (write_filename[0]=='/' || write_filename[0]=='.') ++ write_filename++; ++ + err = unzOpenCurrentFilePassword(uf,password); + if (err!=UNZ_OK) + { diff -Nru zlib-1.2.13.dfsg/debian/patches/cflags-for-minizip zlib-1.2.13.dfsg/debian/patches/cflags-for-minizip --- zlib-1.2.13.dfsg/debian/patches/cflags-for-minizip 2022-11-05 12:24:46.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/patches/cflags-for-minizip 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ ---- a/contrib/minizip/Makefile.orig 2022-11-05 12:35:09.684809015 +0000 -+++ b/contrib/minizip/Makefile 2022-11-05 12:35:49.885262972 +0000 -@@ -1,5 +1,5 @@ - CC=cc --CFLAGS := $(CFLAGS) -O -I../.. -+CFLAGS += $(CFLAGS) -O -I../.. - - UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a - ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a -@@ -10,10 +10,10 @@ - all: miniunz minizip - - miniunz: $(UNZ_OBJS) -- $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) -+ $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(LDFLAGS) - - minizip: $(ZIP_OBJS) -- $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) -+ $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(LDFLAGS) - - test: miniunz minizip - @rm -f test.* diff -Nru zlib-1.2.13.dfsg/debian/patches/series zlib-1.2.13.dfsg/debian/patches/series --- zlib-1.2.13.dfsg/debian/patches/series 2022-11-05 12:24:46.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/patches/series 2023-08-02 01:30:53.000000000 +0000 @@ -1,2 +1 @@ -cflags-for-minizip -use-dso-really +CVE-2014-9485-miniunzip.patch diff -Nru zlib-1.2.13.dfsg/debian/patches/use-dso-really zlib-1.2.13.dfsg/debian/patches/use-dso-really --- zlib-1.2.13.dfsg/debian/patches/use-dso-really 2022-11-05 12:24:46.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/patches/use-dso-really 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ ---- a/contrib/minizip/Makefile.orig 2022-11-05 12:58:48.240820416 +0000 -+++ b/contrib/minizip/Makefile 2022-11-05 12:59:42.329430869 +0000 -@@ -1,8 +1,9 @@ - CC=cc - CFLAGS += $(CFLAGS) -O -I../.. -+LDFLAGS += -L../.. -lz - --UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a --ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a -+UNZ_OBJS = miniunz.o unzip.o ioapi.o -+ZIP_OBJS = minizip.o zip.o ioapi.o - - .c.o: - $(CC) -c $(CFLAGS) $*.c diff -Nru zlib-1.2.13.dfsg/debian/rules zlib-1.2.13.dfsg/debian/rules --- zlib-1.2.13.dfsg/debian/rules 2022-11-05 12:24:24.000000000 +0000 +++ zlib-1.2.13.dfsg/debian/rules 2023-08-02 01:30:53.000000000 +0000 @@ -87,6 +87,8 @@ AR=$(AR) CC="$(DEB_HOST_GNU_TYPE)-gcc" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" uname=GNU ./configure --shared --prefix=/usr --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) + cd contrib/minizip && autoreconf -fis && CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" uname=GNU ./configure --prefix=/usr --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) + touch $@ configure64-stamp: configure @@ -127,6 +129,9 @@ dh_testdir $(MAKE) + + $(MAKE) -C contrib/minizip minizip miniunzip + -$(MAKE) test touch $@ @@ -150,6 +155,9 @@ dh_testdir dh_testroot + if [ -f contrib/minizip/Makefile ]; then $(MAKE) -C contrib/minizip clean; fi + cd contrib/minizip && rm -f compile config.* configure depcomp install-sh libtool Makefile Makefile.in aclocal.m4 ltmain.sh missing minizip.pc minizip miniunzip + $(MAKE) distclean rm -f build-stamp configure-stamp foo.gz @@ -169,6 +177,8 @@ $(MAKE) prefix=$(CURDIR)/debian/tmp/usr install + $(MAKE) -C contrib/minizip prefix=$(CURDIR)/debian/tmp/usr install + install -d debian/tmp/lib/$(DEB_HOST_MULTIARCH) mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so.* debian/tmp/lib/$(DEB_HOST_MULTIARCH) ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so @@ -190,6 +200,9 @@ binary-arch: build install $(EXTRA_INSTALL) dh_testdir dh_testroot + mkdir -p debian/tmp/usr/bin + cp contrib/minizip/minizip debian/tmp/usr/bin + cp contrib/minizip/miniunzip debian/tmp/usr/bin dh_installchangelogs -a ChangeLog dh_installdocs -a dh_installexamples -a @@ -200,6 +213,7 @@ dh_strip -a --dbgsym-migration="zlib1g-dbg (<< 1:1.2.11.dfsg-2~)" dh_compress -a dh_fixperms -a + dh_makeshlibs -plibminizip1 -V"libminizip1 (>> 1:1.2.13.dfsg-1)" dh_makeshlibs -pzlib1g -V"zlib1g (>= 1:1.2.3.3.dfsg-1)" --add-udeb=zlib1g-udeb ifeq (,$(filter nobiarch,$(DEB_BUILD_PROFILES))) ifneq (,$(filter $(DEB_HOST_ARCH), $(32-ARCHS)))
