Bug#1064000: marked as done (unzip: Unzip fails on Microsoft ZIP64 files)

Tue, 11 Mar 2025 09:30:37 -0700 

Your message dated Tue, 11 Mar 2025 16:26:54 +0000
with message-id <[email protected]>
and subject line Bug#1064000: fixed in unzip 6.0-29
has caused the Debian Bug report #1064000,
regarding unzip: Unzip fails on Microsoft ZIP64 files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1064000: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1064000
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: unzip
Severity: normal
Tags: patch
User: [email protected]
Usertags: origin-ubuntu noble ubuntu-patch




*** /tmp/tmp5xum1hdh/bug_body

unzip rejects Microsoft OneDrive zip files. See the detailed explanation here:

https://www.bitsgalore.org/2020/03/11/does-microsoft-onedrive-export-large-ZIP-files-that-are-corrupt

tl;dr;
Microsoft mishandles the "Total number of disks" field when using the ZIP64 
extension. It should start at 1, they use 0, which isn't a valid value. Unzip 
doesn't properly handle the invalid value.


In Ubuntu, the attached patch was applied to achieve the following:


  * Properly handle Microsoft ZIP64 file (LP: #2051952)
    - debian/patches/handle_windows_zip64.patch: ignore invalid "Total
      number of disks" field in process.c.


Thanks for considering the patch.


-- System Information:
Debian Release: bookworm/sid
  APT prefers jammy-updates
  APT policy: (500, 'jammy-updates'), (500, 'jammy-security'), (500, 'jammy'), 
(100, 'jammy-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.1.0-1029-oem (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_CA:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

diff -Nru unzip-6.0/debian/patches/handle_windows_zip64.patch 
unzip-6.0/debian/patches/handle_windows_zip64.patch
--- unzip-6.0/debian/patches/handle_windows_zip64.patch 1969-12-31 
19:00:00.000000000 -0500
+++ unzip-6.0/debian/patches/handle_windows_zip64.patch 2024-02-01 
10:48:08.000000000 -0500
@@ -0,0 +1,18 @@
+Description: Properly handle Microsoft ZIP64 file by ignoring invalid
+ "Total number of disks" field
+Origin: https://sourceforge.net/p/infozip/bugs/42/
+Bug: https://sourceforge.net/p/infozip/bugs/42/
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/2051952
+Author: Roy Tam
+
+--- a/process.c
++++ b/process.c
+@@ -1281,7 +1281,7 @@ static int find_ecrec64(__G__ searchlen)
+     fprintf(stdout,"\nnumber of disks (ECR) %u, (ECLOC64) %lu\n",
+             G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
+ #endif
+-    if ((G.ecrec.number_this_disk != 0xFFFF) &&
++    if ((G.ecrec.number_this_disk != 0xFFFF) && ecloc64_total_disks &&
+         (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
+       /* Note: For some unknown reason, the developers at PKWARE decided to
+          store the "zip64 total disks" value as a counter starting from 1,
diff -Nru unzip-6.0/debian/patches/series unzip-6.0/debian/patches/series
--- unzip-6.0/debian/patches/series     2023-05-30 06:34:18.000000000 -0400
+++ unzip-6.0/debian/patches/series     2024-02-01 10:46:59.000000000 -0500
@@ -27,3 +27,4 @@
 26-cve-2019-13232-fix-bug-in-uzinflate.patch
 27-zipgrep-avoid-test-errors.patch
 28-cve-2022-0529-and-cve-2022-0530.patch
+handle_windows_zip64.patch

--- End Message ---
--- Begin Message --- 
Source: unzip
Source-Version: 6.0-29
Done: Santiago Vila <[email protected]>

We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated unzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 11 Mar 2025 16:40:00 +0100
Source: unzip
Architecture: source
Version: 6.0-29
Distribution: unstable
Urgency: medium
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Closes: 661956 1054628 1064000 1072396 1098043
Changes:
 unzip (6.0-29) unstable; urgency=medium
 .
   * Ignore invalid "Total number of disks" field on Microsoft ZIP64 files.
     Closes: #661956, #1064000.
   * Drop conflicting declarations of gmtime() and localtime().
     Should fix build with gcc-15. Closes: #1098043.
   * Fix zipgrep handling of escapes. Closes: #1054628.
   * Stop using update-mime. Closes: #1072396.
   * Add debian/source/lintian-overrides for *.a files.
   * Do not trim Debian changelog.
   * Add debian/salsa-ci.yml.
   * Add Vcs-Git and Vcs-Browser fields.
   * Update Standards-Version.
Checksums-Sha1:
 311f4369403f705b565bce73c67ee322257c80a5 1464 unzip_6.0-29.dsc
 60d291e40b4cba025591bdd84f1b00779f9c68d6 25876 unzip_6.0-29.debian.tar.xz
 ed5157d272435e5e936a5c529911c204040545b3 4929 unzip_6.0-29_source.buildinfo
Checksums-Sha256:
 ecc73beeb9a18f354124b87f6713facb726ffd4b732ce7a6e144d073a1e777ae 1464 
unzip_6.0-29.dsc
 14043e5ea351c02b3bc8676e1e6d20d79b9a690b6d7520e8138ac629cc048417 25876 
unzip_6.0-29.debian.tar.xz
 de7cad7bced0f3e15702031550791d2ebb91094f2db417851f3827f3eed6e308 4929 
unzip_6.0-29_source.buildinfo
Files:
 85732d7b235f5968905f9e346e6e9807 1464 utils optional unzip_6.0-29.dsc
 995666984c9bbc240c45f2d670d28e60 25876 utils optional 
unzip_6.0-29.debian.tar.xz
 71cfc2e9960a4ffbb12e0c7a755ef5b0 4929 utils optional 
unzip_6.0-29_source.buildinfo


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE1Uw7+v+wQt44LaXXQc5/C58bizIFAmfQXikACgkQQc5/C58b
izKLHQf/UlwlYafdOqMtBH1rkAZJkpgF4bdYjDuCr3uSReRtCwyFZdqk/IsoC/Vl
6QU208llYOM40/ejZI6s77uCNMnFR+o4339Sk9RpLI/xYshDoCMxHHei7bHSk+5Y
ncsOTP2iFyTdKiEBPzVSmpmPEn03vSFzqRu98D7gaYGJ1nOTNHuE/E/r1zPO0T2I
tFnn/451M9vmpmTGVuPJCnGPKuJd9TUL4RzQZYtXd105qAHLNmJLO0z5AqrSRcqR
QFAVUfP3KHmLbol9oCdrietn5M/T4490FL3BcBTw694P842F7MgNiLMFvhUK36rj
spTtBK0poKVyCjj9Fiv8x0DMBANAVw==
=ET64
-----END PGP SIGNATURE-----

Attachment: pgph8Q2_UA1K9.pgp
Description: PGP signature


--- End Message ---

Reply via email to