package: src:zlib severity: wishlist tags: patch I've been maintaining minizip as a separate source package for the last few years. It has become clear that the version included in zlib/contrib is a more definitive upstream (zlib upstream has done updates in recent years, minizip upstream has not), so it would make more sense to provide minizip as part of src:zlib [0].
A few years ago, you were concerned about minizip's ABI changing too much [1]. That does not seem to have happened. I diffed minizip 1.1 with the version in zlib/contrib. The meaningful changes are small and there is no ABI difference. Anyway, here is a patch for src:zlib that adds minizip binary packages. Please let me know what you think. Best wishes, Mike [0] http://bugs.debian.org/843617 [1] http://bugs.debian.org/574978
diff -Nru zlib-1.2.11.dfsg/debian/changelog zlib-1.2.11.dfsg/debian/changelog --- zlib-1.2.11.dfsg/debian/changelog 2020-02-24 16:07:12.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/changelog 2020-04-07 21:50:15.000000000 -0400 @@ -1,3 +1,9 @@ +zlib (1:1.2.11.dfsg-2.1) UNRELEASED; urgency=medium + + * Build minizip packages. + + -- Michael Gilbert <mgilb...@debian.org> Wed, 08 Apr 2020 01:50:15 +0000 + zlib (1:1.2.11.dfsg-2) unstable; urgency=low * Acknowledge previous NMUs (closes: #949388). diff -Nru zlib-1.2.11.dfsg/debian/control zlib-1.2.11.dfsg/debian/control --- zlib-1.2.11.dfsg/debian/control 2020-02-24 16:07:12.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/control 2020-04-07 21:50:15.000000000 -0400 @@ -4,7 +4,7 @@ Maintainer: Mark Brown <broo...@debian.org> Standards-Version: 3.9.8 Homepage: http://zlib.net/ -Build-Depends: debhelper (>= 8.1.3~), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] <!nobiarch>, dpkg-dev (>= 1.16.1) +Build-Depends: debhelper (>= 8.1.3~), gcc-multilib [amd64 i386 kfreebsd-amd64 mips mipsel powerpc ppc64 s390 sparc s390x mipsn32 mipsn32el mipsr6 mipsr6el mipsn32r6 mipsn32r6el mips64 mips64el mips64r6 mips64r6el x32] <!nobiarch>, dpkg-dev (>= 1.16.1), autoconf Package: zlib1g Architecture: any @@ -118,3 +118,50 @@ This package should ONLY be used for building packages, users who do not need to build packages should use multiarch to install the relevant runtime. + +Package: minizip +Section: utils +Architecture: any +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Replaces: + zlib-bin, +Conflicts: + zlib-bin, +Description: compression library - minizip tools + minizip is a minimalistic library that supports compressing, extracting, + viewing, and manipulating zip files. + . + This package includes the minizip and miniunzip tools. + +Package: libminizip1 +Architecture: any +Multi-Arch: same +Pre-Depends: + ${misc:Pre-Depends} +Depends: + ${misc:Depends}, + ${shlibs:Depends}, +Description: compression library - minizip library + minizip is a minimalistic library that supports compressing, extracting, + viewing, and manipulating zip files. + . + This package includes the minizip library. + +Package: libminizip-dev +Architecture: any +Multi-Arch: same +Section: libdevel +Depends: + ${misc:Depends}, + libminizip1 (= ${binary:Version}) +Replaces: + libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~), +Breaks: + libkml-dev (<< 1.3.0~r864+git20150723-0fa2f22-1~), +Description: compression library - minizip development files + minizip is a minimalistic library that supports compressing, extracting, + viewing, and manipulating zip files. + . + This package includes development support files for the minizip library. diff -Nru zlib-1.2.11.dfsg/debian/libminizip-dev.install zlib-1.2.11.dfsg/debian/libminizip-dev.install --- zlib-1.2.11.dfsg/debian/libminizip-dev.install 1969-12-31 19:00:00.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/libminizip-dev.install 2020-04-07 21:50:15.000000000 -0400 @@ -0,0 +1,4 @@ +usr/include/minizip +usr/lib/*/libminizip.a +usr/lib/*/libminizip.so +usr/lib/*/pkgconfig/minizip.pc diff -Nru zlib-1.2.11.dfsg/debian/libminizip1.install zlib-1.2.11.dfsg/debian/libminizip1.install --- zlib-1.2.11.dfsg/debian/libminizip1.install 1969-12-31 19:00:00.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/libminizip1.install 2020-04-07 21:50:15.000000000 -0400 @@ -0,0 +1 @@ +usr/lib/*/libminizip.so.* diff -Nru zlib-1.2.11.dfsg/debian/libminizip1.symbols zlib-1.2.11.dfsg/debian/libminizip1.symbols --- zlib-1.2.11.dfsg/debian/libminizip1.symbols 1969-12-31 19:00:00.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/libminizip1.symbols 2020-04-07 21:50:15.000000000 -0400 @@ -0,0 +1,68 @@ +libminizip.so.1 libminizip1 #MINVER# + LoadCentralDirectoryRecord@Base 1.1 + Write_EndOfCentralDirectoryRecord@Base 1.1 + Write_GlobalComment@Base 1.1 + Write_LocalFileHeader@Base 1.1 + Write_Zip64EndOfCentralDirectoryLocator@Base 1.1 + Write_Zip64EndOfCentralDirectoryRecord@Base 1.1 + call_zopen64@Base 1.1 + call_zseek64@Base 1.1 + call_ztell64@Base 1.1 + fill_fopen64_filefunc@Base 1.1 + fill_fopen_filefunc@Base 1.1 + fill_zlib_filefunc64_32_def_from_filefunc32@Base 1.1 + unzClose@Base 1.1 + unzCloseCurrentFile@Base 1.1 + unzGetCurrentFileInfo64@Base 1.1 + unzGetCurrentFileInfo@Base 1.1 + unzGetCurrentFileZStreamPos64@Base 1.1 + unzGetFilePos64@Base 1.1 + unzGetFilePos@Base 1.1 + unzGetGlobalComment@Base 1.1 + unzGetGlobalInfo64@Base 1.1 + unzGetGlobalInfo@Base 1.1 + unzGetLocalExtrafield@Base 1.1 + unzGetOffset64@Base 1.1 + unzGetOffset@Base 1.1 + unzGoToFilePos64@Base 1.1 + unzGoToFilePos@Base 1.1 + unzGoToFirstFile@Base 1.1 + unzGoToNextFile@Base 1.1 + unzLocateFile@Base 1.1 + unzOpen2@Base 1.1 + unzOpen2_64@Base 1.1 + unzOpen64@Base 1.1 + unzOpen@Base 1.1 + unzOpenCurrentFile2@Base 1.1 + unzOpenCurrentFile3@Base 1.1 + unzOpenCurrentFile@Base 1.1 + unzOpenCurrentFilePassword@Base 1.1 + unzReadCurrentFile@Base 1.1 + unzRepair@Base 1.1 + unzSetOffset64@Base 1.1 + unzSetOffset@Base 1.1 + unzStringFileNameCompare@Base 1.1 + unz_copyright@Base 1.1 + unzeof@Base 1.1 + unztell64@Base 1.1 + unztell@Base 1.1 + zipClose@Base 1.1 + zipCloseFileInZip@Base 1.1 + zipCloseFileInZipRaw64@Base 1.1 + zipCloseFileInZipRaw@Base 1.1 + zipOpen2@Base 1.1 + zipOpen2_64@Base 1.1 + zipOpen3@Base 1.1 + zipOpen64@Base 1.1 + zipOpen@Base 1.1 + zipOpenNewFileInZip2@Base 1.1 + zipOpenNewFileInZip2_64@Base 1.1 + zipOpenNewFileInZip3@Base 1.1 + zipOpenNewFileInZip3_64@Base 1.1 + zipOpenNewFileInZip4@Base 1.1 + zipOpenNewFileInZip4_64@Base 1.1 + zipOpenNewFileInZip64@Base 1.1 + zipOpenNewFileInZip@Base 1.1 + zipRemoveExtraInfoBlock@Base 1.1 + zipWriteInFileInZip@Base 1.1 + zip_copyright@Base 1.1 diff -Nru zlib-1.2.11.dfsg/debian/minizip.install zlib-1.2.11.dfsg/debian/minizip.install --- zlib-1.2.11.dfsg/debian/minizip.install 1969-12-31 19:00:00.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/minizip.install 2020-04-07 21:50:15.000000000 -0400 @@ -0,0 +1,2 @@ +usr/bin/minizip +usr/bin/miniunzip diff -Nru zlib-1.2.11.dfsg/debian/minizip.manpages zlib-1.2.11.dfsg/debian/minizip.manpages --- zlib-1.2.11.dfsg/debian/minizip.manpages 1969-12-31 19:00:00.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/minizip.manpages 2020-04-07 21:50:15.000000000 -0400 @@ -0,0 +1,2 @@ +contrib/minizip/minizip.1 +contrib/minizip/miniunzip.1 diff -Nru zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 --- zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 1969-12-31 19:00:00.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/patches/CVE-2014-9485 2020-04-07 21:50:15.000000000 -0400 @@ -0,0 +1,28 @@ +description: fix directory traversal issues in miniunzip +author: Michael Gilbert <mgilb...@debian.org> +bug-debian: https://bugs.debian.org/774321 +bug-debian: https://bugs.debian.org/776831 + +--- a/contrib/minizip/miniunz.c ++++ b/contrib/minizip/miniunz.c +@@ -367,6 +367,20 @@ int do_extract_currentfile(uf,popt_extra + else + write_filename = filename_withoutpath; + ++ if (write_filename[0]!='\0') ++ { ++ const char* relative_check = write_filename; ++ while (relative_check[1]!='\0') ++ { ++ if (relative_check[0]=='.' && relative_check[1]=='.') ++ write_filename = relative_check; ++ relative_check++; ++ } ++ } ++ ++ while (write_filename[0]=='/' || write_filename[0]=='.') ++ write_filename++; ++ + err = unzOpenCurrentFilePassword(uf,password); + if (err!=UNZ_OK) + { diff -Nru zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip --- zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip 2020-01-28 04:37:49.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/patches/cflags-for-minizip 1969-12-31 19:00:00.000000000 -0500 @@ -1,23 +0,0 @@ - ---- zlib-1.2.7.dfsg.orig/contrib/minizip/Makefile -+++ zlib-1.2.7.dfsg/contrib/minizip/Makefile -@@ -1,5 +1,5 @@ - CC=cc --CFLAGS=-O -I../.. -+CFLAGS+=-O -I../.. - - UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a - ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a -@@ -10,10 +10,10 @@ ZIP_OBJS = minizip.o zip.o ioapi.o ../ - all: miniunz minizip - - miniunz: $(UNZ_OBJS) -- $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) -+ $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(LDFLAGS) - - minizip: $(ZIP_OBJS) -- $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) -+ $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(LDFLAGS) - - test: miniunz minizip - ./minizip test readme.txt diff -Nru zlib-1.2.11.dfsg/debian/patches/series zlib-1.2.11.dfsg/debian/patches/series --- zlib-1.2.11.dfsg/debian/patches/series 2020-01-28 04:37:49.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/patches/series 2020-04-07 21:50:15.000000000 -0400 @@ -1,3 +1 @@ -cflags-for-minizip -use-dso -use-dso-really +CVE-2014-9485 diff -Nru zlib-1.2.11.dfsg/debian/patches/use-dso-really zlib-1.2.11.dfsg/debian/patches/use-dso-really --- zlib-1.2.11.dfsg/debian/patches/use-dso-really 2020-01-28 04:37:49.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/patches/use-dso-really 1969-12-31 19:00:00.000000000 -0500 @@ -1,29 +0,0 @@ - - ---- zlib-1.2.7.dfsg.orig/contrib/minizip/Makefile -+++ zlib-1.2.7.dfsg/contrib/minizip/Makefile -@@ -1,8 +1,9 @@ - CC=cc - CFLAGS+=-O -I../.. -+ZLIB=-L../.. -lz - --UNZ_OBJS = miniunz.o unzip.o ioapi.o ../../libz.a --ZIP_OBJS = minizip.o zip.o ioapi.o ../../libz.a -+UNZ_OBJS = miniunz.o unzip.o ioapi.o -+ZIP_OBJS = minizip.o zip.o ioapi.o - - .c.o: - $(CC) -c $(CFLAGS) $*.c -@@ -10,10 +11,10 @@ ZIP_OBJS = minizip.o zip.o ioapi.o ../ - all: miniunz minizip - - miniunz: $(UNZ_OBJS) -- $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ $(UNZ_OBJS) $(ZLIB) $(LDFLAGS) - - minizip: $(ZIP_OBJS) -- $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(LDFLAGS) -+ $(CC) $(CFLAGS) -o $@ $(ZIP_OBJS) $(ZLIB) $(LDFLAGS) - - test: miniunz minizip - ./minizip test readme.txt diff -Nru zlib-1.2.11.dfsg/debian/rules zlib-1.2.11.dfsg/debian/rules --- zlib-1.2.11.dfsg/debian/rules 2020-02-24 16:07:12.000000000 -0500 +++ zlib-1.2.11.dfsg/debian/rules 2020-04-07 21:50:15.000000000 -0400 @@ -87,6 +87,8 @@ AR=$(AR) CC="$(DEB_HOST_GNU_TYPE)-gcc" CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" uname=GNU ./configure --shared --prefix=/usr --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) + cd contrib/minizip && autoreconf -fis && CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" uname=GNU ./configure --prefix=/usr --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) + touch $@ configure64-stamp: configure @@ -124,6 +126,9 @@ dh_testdir $(MAKE) + + $(MAKE) -C contrib/minizip minizip miniunzip + -$(MAKE) test touch $@ @@ -147,6 +152,9 @@ dh_testdir dh_testroot + if [ -f contrib/minizip/Makefile ]; then $(MAKE) -C contrib/minizip clean; fi + cd contrib/minizip && rm -f compile config.* configure depcomp install-sh libtool Makefile Makefile.in aclocal.m4 ltmain.sh missing minizip.pc minizip miniunzip + $(MAKE) distclean rm -f build-stamp configure-stamp foo.gz @@ -166,6 +174,8 @@ $(MAKE) prefix=$(CURDIR)/debian/tmp/usr install + $(MAKE) -C contrib/minizip prefix=$(CURDIR)/debian/tmp/usr install + install -d debian/tmp/lib/$(DEB_HOST_MULTIARCH) mv debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so.* debian/tmp/lib/$(DEB_HOST_MULTIARCH) ln -sf /lib/$(DEB_HOST_MULTIARCH)/$$(readlink debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so) debian/tmp/usr/lib/$(DEB_HOST_MULTIARCH)/libz.so @@ -187,6 +197,9 @@ binary-arch: build install $(EXTRA_INSTALL) dh_testdir dh_testroot + mkdir -p debian/tmp/usr/bin + cp contrib/minizip/minizip debian/tmp/usr/bin + cp contrib/minizip/miniunzip debian/tmp/usr/bin dh_installchangelogs -a ChangeLog dh_installdocs -a dh_installexamples -a @@ -197,6 +210,7 @@ dh_strip -a --dbgsym-migration="zlib1g-dbg (<< 1:1.2.11.dfsg-2~)" dh_compress -a dh_fixperms -a + dh_makeshlibs -plibminizip1 -V"libminizip1 (>> 1:1.2.11.dfsg-2)" dh_makeshlibs -pzlib1g -V"zlib1g (>= 1:1.2.3.3.dfsg-1)" --add-udeb=zlib1g-udeb ifeq (,$(filter nobiarch,$(DEB_BUILD_PROFILES))) ifneq (,$(findstring $(DEB_HOST_ARCH), $(32-ARCHS)))
