--- Begin Message ---
package: src:zlib
severity: wishlist
tags: patch
I've been maintaining minizip as a separate source package for the
last few years. It has become clear that the version included in
zlib/contrib is a more definitive upstream (zlib upstream has done
updates in recent years, minizip upstream has not), so it would make
more sense to provide minizip as part of src:zlib [0].
A few years ago, you were concerned about minizip's ABI changing too
much [1]. That does not seem to have happened. I diffed minizip 1.1
with the version in zlib/contrib. The meaningful changes are small
and there is no ABI difference.
Anyway, here is a patch for src:zlib that adds minizip binary
packages. Please let me know what you think.
Best wishes,
Mike
[0] http://bugs.debian.org/843617
[1] http://bugs.debian.org/574978
diff -Nru zlib-1.2.11.dfsg/debian/changelog zlib-1.2.11.dfsg/debian/changelog
--- zlib-1.2.11.dfsg/debian/changelog 2020-02-24 16:07:12.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/changelog 2020-04-07 21:50:15.000000000 -0400
@@ -1,3 +1,9 @@
+zlib (1:1.2.11.dfsg-2.1) UNRELEASED; urgency=medium
+
+ * Build minizip packages.
+
+ -- Michael Gilbert <[email protected]> Wed, 08 Apr 2020 01:50:15 +0000
+
zlib (1:1.2.11.dfsg-2) unstable; urgency=low
* Acknowledge previous NMUs (closes: #949388).
diff -Nru zlib-1.2.11.dfsg/debian/control zlib-1.2.11.dfsg/debian/control
--- zlib-1.2.11.dfsg/debian/control 2020-02-24 16:07:12.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/control 2020-04-07 21:50:15.000000000 -0400
@@ -4,7 +4,7 @@
Maintainer: Mark Brown <[email protected]>
Standards-Version: 3.9.8
Homepage: http://zlib.net/
-Build-Depends: debhelper (>= 8.1.3~), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] <!nobiarch>, dpkg-dev (>= 1.16.1)
+Build-Depends: debhelper (>= 8.1.3~), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] <!nobiarch>, dpkg-dev (>= 1.16.1), autoconf
Package: zlib1g
Architecture: any
@@ -118,3 +118,50 @@
This package should ONLY be used for building packages, users who do
not need to build packages should use multiarch to install the relevant
runtime.
+
+Package: minizip
+Section: utils
+Architecture: any
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Replaces:
+ zlib-bin,
+Conflicts:
+ zlib-bin,
+Description: compression library - minizip tools
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes the minizip and miniunzip tools.
+
+Package: libminizip1
+Architecture: any
+Multi-Arch: same
+Pre-Depends:
+ ${misc:Pre-Depends}
+Depends:
+ ${misc:Depends},
+ ${shlibs:Depends},
+Description: compression library - minizip library
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes the minizip library.
+
+Package: libminizip-dev
+Architecture: any
+Multi-Arch: same
+Section: libdevel
+Depends:
+ ${misc:Depends},
+ libminizip1 (= ${binary:Version})
+Replaces:
+ libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~),
+Breaks:
+ libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~),
+Description: compression library - minizip development files
+ minizip is a minimalistic library that supports compressing, extracting,
+ viewing, and manipulating zip files.
+ .
+ This package includes development support files for the minizip library.
diff -Nru zlib-1.2.11.dfsg/debian/libminizip-dev.install zlib-1.2.11.dfsg/debian/libminizip-dev.install
--- zlib-1.2.11.dfsg/debian/libminizip-dev.install 1969-12-31 19:00:00.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/libminizip-dev.install 2020-04-07 21:50:15.000000000 -0400
@@ -0,0 +1,4 @@
+usr/include/minizip
+usr/lib/*/libminizip.a
+usr/lib/*/libminizip.so
+usr/lib/*/pkgconfig/minizip.pc
diff -Nru zlib-1.2.11.dfsg/debian/libminizip1.install zlib-1.2.11.dfsg/debian/libminizip1.install
--- zlib-1.2.11.dfsg/debian/libminizip1.install 1969-12-31 19:00:00.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/libminizip1.install 2020-04-07 21:50:15.000000000 -0400
@@ -0,0 +1 @@
+usr/lib/*/libminizip.so.*
diff -Nru zlib-1.2.11.dfsg/debian/libminizip1.symbols zlib-1.2.11.dfsg/debian/libminizip1.symbols
--- zlib-1.2.11.dfsg/debian/libminizip1.symbols 1969-12-31 19:00:00.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/libminizip1.symbols 2020-04-07 21:50:15.000000000 -0400
@@ -0,0 +1,68 @@
+libminizip.so.1 libminizip1 #MINVER#
+ LoadCentralDirectoryRecord@Base 1.1
+ Write_EndOfCentralDirectoryRecord@Base 1.1
+ Write_GlobalComment@Base 1.1
+ Write_LocalFileHeader@Base 1.1
+ Write_Zip64EndOfCentralDirectoryLocator@Base 1.1
+ Write_Zip64EndOfCentralDirectoryRecord@Base 1.1
+ call_zopen64@Base 1.1
+ call_zseek64@Base 1.1
+ call_ztell64@Base 1.1
+ fill_fopen64_filefunc@Base 1.1
+ fill_fopen_filefunc@Base 1.1
+ fill_zlib_filefunc64_32_def_from_filefunc32@Base 1.1
+ unzClose@Base 1.1
+ unzCloseCurrentFile@Base 1.1
+ unzGetCurrentFileInfo64@Base 1.1
+ unzGetCurrentFileInfo@Base 1.1
+ unzGetCurrentFileZStreamPos64@Base 1.1
+ unzGetFilePos64@Base 1.1
+ unzGetFilePos@Base 1.1
+ unzGetGlobalComment@Base 1.1
+ unzGetGlobalInfo64@Base 1.1
+ unzGetGlobalInfo@Base 1.1
+ unzGetLocalExtrafield@Base 1.1
+ unzGetOffset64@Base 1.1
+ unzGetOffset@Base 1.1
+ unzGoToFilePos64@Base 1.1
+ unzGoToFilePos@Base 1.1
+ unzGoToFirstFile@Base 1.1
+ unzGoToNextFile@Base 1.1
+ unzLocateFile@Base 1.1
+ unzOpen2@Base 1.1
+ unzOpen2_64@Base 1.1
+ unzOpen64@Base 1.1
+ unzOpen@Base 1.1
+ unzOpenCurrentFile2@Base 1.1
+ unzOpenCurrentFile3@Base 1.1
+ unzOpenCurrentFile@Base 1.1
+ unzOpenCurrentFilePassword@Base 1.1
+ unzReadCurrentFile@Base 1.1
+ unzRepair@Base 1.1
+ unzSetOffset64@Base 1.1
+ unzSetOffset@Base 1.1
+ unzStringFileNameCompare@Base 1.1
+ unz_copyright@Base 1.1
+ unzeof@Base 1.1
+ unztell64@Base 1.1
+ unztell@Base 1.1
+ zipClose@Base 1.1
+ zipCloseFileInZip@Base 1.1
+ zipCloseFileInZipRaw64@Base 1.1
+ zipCloseFileInZipRaw@Base 1.1
+ zipOpen2@Base 1.1
+ zipOpen2_64@Base 1.1
+ zipOpen3@Base 1.1
+ zipOpen64@Base 1.1
+ zipOpen@Base 1.1
+ zipOpenNewFileInZip2@Base 1.1
+ zipOpenNewFileInZip2_64@Base 1.1
+ zipOpenNewFileInZip3@Base 1.1
+ zipOpenNewFileInZip3_64@Base 1.1
+ zipOpenNewFileInZip4@Base 1.1
+ zipOpenNewFileInZip4_64@Base 1.1
+ zipOpenNewFileInZip64@Base 1.1
+ zipOpenNewFileInZip@Base 1.1
+ zipRemoveExtraInfoBlock@Base 1.1
+ zipWriteInFileInZip@Base 1.1
+ zip_copyright@Base 1.1
diff -Nru zlib-1.2.11.dfsg/debian/minizip.install zlib-1.2.11.dfsg/debian/minizip.install
--- zlib-1.2.11.dfsg/debian/minizip.install 1969-12-31 19:00:00.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/minizip.install 2020-04-07 21:50:15.000000000 -0400
@@ -0,0 +1,2 @@
+usr/bin/minizip
+usr/bin/miniunzip
diff -Nru zlib-1.2.11.dfsg/debian/minizip.manpages zlib-1.2.11.dfsg/debian/minizip.manpages
--- zlib-1.2.11.dfsg/debian/minizip.manpages 1969-12-31 19:00:00.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/minizip.manpages 2020-04-07 21:50:15.000000000 -0400
@@ -0,0 +1,2 @@
+contrib/minizip/minizip.1
+contrib/minizip/miniunzip.1
diff -Nru zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485
--- zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 1969-12-31 19:00:00.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 2020-04-07 21:50:15.000000000 -0400
@@ -0,0 +1,28 @@
+description: fix directory traversal issues in miniunzip
+author: Michael Gilbert <[email protected]>
+bug-debian: https://bugs.debian.org/774321
+bug-debian: https://bugs.debian.org/776831
+
+--- a/contrib/minizip/miniunz.c
++++ b/contrib/minizip/miniunz.c
+@@ -367,6 +367,20 @@ int do_extract_currentfile(uf,popt_extra
+ else
+ write_filename = filename_withoutpath;
+
++ if (write_filename[0]!='\0')
++ {
++ const char* relative_check = write_filename;
++ while (relative_check[1]!='\0')
++ {
++ if (relative_check[0]=='.' && relative_check[1]=='.')
++ write_filename = relative_check;
++ relative_check++;
++ }
++ }
++
++ while (write_filename[0]=='/' || write_filename[0]=='.')
++ write_filename++;
++
+ err = unzOpenCurrentFilePassword(uf,password);
+ if (err!=UNZ_OK)
+ {
diff -Nru zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip
--- zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip 2020-01-28 04:37:49.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip 1969-12-31 19:00:00.000000000 -0500
@@ -1,23 +0,0 @@
-
---- zlib-1.2.7.dfsg.orig/contrib/minizip/Makefile
-+++ zlib-1.2.7.dfsg/contrib/minizip/Makefile
-@@ -1,5 +1,5 @@
- CC=cc
--CFLAGS=-O -I../..
-+CFLAGS+=-O -I../..
-
- UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a
- ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a
-@@ -10,10 +10,10 @@ ZIP_OBJS = minizip.o zip.o ioapi.o ../
- all: miniunz minizip
-
- miniunz: $(UNZ_OBJS)
-- $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS)
-+ $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(LDFLAGS)
-
- minizip: $(ZIP_OBJS)
-- $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS)
-+ $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(LDFLAGS)
-
- test: miniunz minizip
- ./minizip test readme.txt
diff -Nru zlib-1.2.11.dfsg/debian/patches/series zlib-1.2.11.dfsg/debian/patches/series
--- zlib-1.2.11.dfsg/debian/patches/series 2020-01-28 04:37:49.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/patches/series 2020-04-07 21:50:15.000000000 -0400
@@ -1,3 +1 @@
-cflags-for-minizip
-use-dso
-use-dso-really
+CVE-2014-9485
diff -Nru zlib-1.2.11.dfsg/debian/patches/use-dso-really zlib-1.2.11.dfsg/debian/patches/use-dso-really
--- zlib-1.2.11.dfsg/debian/patches/use-dso-really 2020-01-28 04:37:49.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/patches/use-dso-really 1969-12-31 19:00:00.000000000 -0500
@@ -1,29 +0,0 @@
-
-
---- zlib-1.2.7.dfsg.orig/contrib/minizip/Makefile
-+++ zlib-1.2.7.dfsg/contrib/minizip/Makefile
-@@ -1,8 +1,9 @@
- CC=cc
- CFLAGS+=-O -I../..
-+ZLIB=-L../.. -lz
-
--UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a
--ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a
-+UNZ_OBJS = miniunz.o unzip.o ioapi.o
-+ZIP_OBJS = minizip.o zip.o ioapi.o
-
- .c.o:
- $(CC) -c $(CFLAGS) $*.c
-@@ -10,10 +11,10 @@ ZIP_OBJS = minizip.o zip.o ioapi.o ../
- all: miniunz minizip
-
- miniunz: $(UNZ_OBJS)
-- $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(ZLIB) $(LDFLAGS)
-
- minizip: $(ZIP_OBJS)
-- $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(LDFLAGS)
-+ $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(ZLIB) $(LDFLAGS)
-
- test: miniunz minizip
- ./minizip test readme.txt
diff -Nru zlib-1.2.11.dfsg/debian/rules zlib-1.2.11.dfsg/debian/rules
--- zlib-1.2.11.dfsg/debian/rules 2020-02-24 16:07:12.000000000 -0500
+++ zlib-1.2.11.dfsg/debian/rules 2020-04-07 21:50:15.000000000 -0400
@@ -87,6 +87,8 @@
AR=$(AR) CC="$(DEB_HOST_GNU_TYPE)-gcc" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" uname=GNU ./configure --shared --prefix=/usr --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)
+ cd contrib/minizip && autoreconf -fis && CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" uname=GNU ./configure --prefix=/usr --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)
+
touch $@
configure64-stamp: configure
@@ -124,6 +126,9 @@
dh_testdir
$(MAKE)
+
+ $(MAKE) -C contrib/minizip minizip miniunzip
+
-$(MAKE) test
touch $@
@@ -147,6 +152,9 @@
dh_testdir
dh_testroot
+ if [ -f contrib/minizip/Makefile ]; then $(MAKE) -C contrib/minizip clean; fi
+ cd contrib/minizip && rm -f compile config.* configure depcomp install-sh libtool Makefile Makefile.in aclocal.m4 ltmain.sh missing minizip.pc minizip miniunzip
+
$(MAKE) distclean
rm -f build-stamp configure-stamp foo.gz
@@ -166,6 +174,8 @@
$(MAKE) prefix=$(CURDIR)/debian/tmp/usr install
+ $(MAKE) -C contrib/minizip prefix=$(CURDIR)/debian/tmp/usr install
+
install -d debian/tmp/lib/$(DEB_HOST_MULTIARCH)
mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so.* debian/tmp/lib/$(DEB_HOST_MULTIARCH)
ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so
@@ -187,6 +197,9 @@
binary-arch: build install $(EXTRA_INSTALL)
dh_testdir
dh_testroot
+ mkdir -p debian/tmp/usr/bin
+ cp contrib/minizip/minizip debian/tmp/usr/bin
+ cp contrib/minizip/miniunzip debian/tmp/usr/bin
dh_installchangelogs -a ChangeLog
dh_installdocs -a
dh_installexamples -a
@@ -197,6 +210,7 @@
dh_strip -a --dbgsym-migration="zlib1g-dbg (<< 1:1.2.11.dfsg-2~)"
dh_compress -a
dh_fixperms -a
+ dh_makeshlibs -plibminizip1 -V"libminizip1 (>> 1:1.2.11.dfsg-2)"
dh_makeshlibs -pzlib1g -V"zlib1g (>= 1:1.2.3.3.dfsg-1)" --add-udeb=zlib1g-udeb
ifeq (,$(filter nobiarch,$(DEB_BUILD_PROFILES)))
ifneq (,$(findstring $(DEB_HOST_ARCH), $(32-ARCHS)))
--- End Message ---
