commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2020-06-04 17:50:50 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new.3606 (New) Package is "unzip" Thu Jun 4 17:50:50 2020 rev:45 rq:808172 version:6.00 Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2018-10-22 11:06:58.244090295 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new.3606/unzip.changes2020-06-04 17:51:09.204021181 +0200 @@ -1,0 +2,5 @@ +Fri May 22 09:27:01 UTC 2020 - Yunhe Guo + +- Change unzip-doc to noarch + +--- Other differences: -- ++ unzip.spec ++ --- /var/tmp/diff_new_pack.AAgXzC/_old 2020-06-04 17:51:11.480028422 +0200 +++ /var/tmp/diff_new_pack.AAgXzC/_new 2020-06-04 17:51:11.484028435 +0200 @@ -75,6 +75,7 @@ %package doc Summary:Documentation files for unzip Group: Productivity/Archiving/Compression +BuildArch: noarch %description doc UnZip is an extraction utility for archives compressed in .zip format
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2018-10-22 11:06:36 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Mon Oct 22 11:06:36 2018 rev:44 rq:643125 version:6.00 Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2018-07-04 23:53:27.980002354 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2018-10-22 11:06:57.236091138 +0200 @@ -1,0 +2,6 @@ +Thu Oct 11 14:49:01 UTC 2018 - kstreit...@suse.com + +- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in + list.c [bsc#1110194] + +--- --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2018-07-04 23:53:28.02333 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-10-22 11:06:58.244090295 +0200 @@ -1,0 +2,6 @@ +Thu Oct 11 14:49:01 UTC 2018 - kstreit...@suse.com + +- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in + list.c [bsc#1110194] [CVE-2018-18384] + +--- New: unzip60-cfactorstr_overflow.patch Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.fEDKWI/_old 2018-10-22 11:06:59.340089380 +0200 +++ /var/tmp/diff_new_pack.fEDKWI/_new 2018-10-22 11:06:59.344089376 +0200 @@ -59,6 +59,7 @@ Patch19:CVE-2018-135.patch Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch Patch21:unzip60-total_disks_zero.patch +Patch22:unzip60-cfactorstr_overflow.patch Requires(post): update-alternatives Requires(postun): update-alternatives Recommends: %{_name}-doc @@ -104,6 +105,7 @@ %patch19 -p0 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ unzip.spec ++ --- /var/tmp/diff_new_pack.fEDKWI/_old 2018-10-22 11:06:59.364089360 +0200 +++ /var/tmp/diff_new_pack.fEDKWI/_new 2018-10-22 11:06:59.368089356 +0200 @@ -59,6 +59,7 @@ Patch19:CVE-2018-135.patch Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch Patch21:unzip60-total_disks_zero.patch +Patch22:unzip60-cfactorstr_overflow.patch Requires(post): update-alternatives Requires(postun): update-alternatives Recommends: %{_name}-doc @@ -104,6 +105,7 @@ %patch19 -p0 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ unzip60-cfactorstr_overflow.patch ++ --- unzip60/list.c +++ unzip60/list.c @@ -97,7 +97,7 @@ int list_files(__G)/* return PK-type { int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL; #ifndef WINDLL -char sgn, cfactorstr[10]; +char sgn, cfactorstr[1+10+1+1];/* %NUL */ int longhdr=(uO.vflag>1); #endif int date_format; @@ -389,9 +389,9 @@ int list_files(__G)/* return PK-type } #else /* !WINDLL */ if (cfactor == 100) -sprintf(cfactorstr, LoadFarString(CompFactor100)); +snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); else -sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); +snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); if (longhdr) Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats), FmZofft(G.crec.ucsize, "8", "u"), methbuf, @@ -471,9 +471,9 @@ int list_files(__G)/* return PK-type #else /* !WINDLL */ if (cfactor == 100) -sprintf(cfactorstr, LoadFarString(CompFactor100)); +snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactor100)); else -sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor); +snprintf(cfactorstr, sizeof(cfactorstr), LoadFarString(CompFactorStr), sgn, cfactor); if (longhdr) { Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer), FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2018-07-04 23:52:05 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Wed Jul 4 23:52:05 2018 rev:43 rq:619412 version:6.00 Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2018-05-23 16:06:28.499754826 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2018-07-04 23:53:27.980002354 +0200 @@ -1,0 +2,10 @@ +Wed Jun 27 11:39:10 UTC 2018 - kstreit...@suse.com + +- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is + unable to process Windows zip64 archives because Windows + archivers set total_disks field to 0 but per standard, valid + values are 1 and higher [bnc#910683] +- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap + overflow for STORED field data [bnc#914442] [CVE-2014-9636] + +--- unzip.changes: same change New: Fix-CVE-2014-9636-unzip-buffer-overflow.patch unzip60-total_disks_zero.patch Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.m9DXmS/_old 2018-07-04 23:53:28.664001599 +0200 +++ /var/tmp/diff_new_pack.m9DXmS/_new 2018-07-04 23:53:28.668001595 +0200 @@ -57,6 +57,8 @@ Patch17:CVE-2016-9844.patch Patch18:CVE-2014-9913.patch Patch19:CVE-2018-135.patch +Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch +Patch21:unzip60-total_disks_zero.patch Requires(post): update-alternatives Requires(postun): update-alternatives Recommends: %{_name}-doc @@ -100,6 +102,8 @@ %patch17 -p1 %patch18 -p1 %patch19 -p0 +%patch20 -p1 +%patch21 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ unzip.spec ++ --- /var/tmp/diff_new_pack.m9DXmS/_old 2018-07-04 23:53:28.680001581 +0200 +++ /var/tmp/diff_new_pack.m9DXmS/_new 2018-07-04 23:53:28.684001577 +0200 @@ -57,6 +57,8 @@ Patch17:CVE-2016-9844.patch Patch18:CVE-2014-9913.patch Patch19:CVE-2018-135.patch +Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch +Patch21:unzip60-total_disks_zero.patch Requires(post): update-alternatives Requires(postun): update-alternatives Recommends: %{_name}-doc @@ -100,6 +102,8 @@ %patch17 -p1 %patch18 -p1 %patch19 -p0 +%patch20 -p1 +%patch21 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ Fix-CVE-2014-9636-unzip-buffer-overflow.patch ++ >From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001 From: mancha Date: Wed, 11 Feb 2015 Subject: Info-ZIP UnZip buffer overflow By carefully crafting a corrupt ZIP archive with "extra fields" that purport to have compressed blocks larger than the corresponding uncompressed blocks in STORED no-compression mode, an attacker can trigger a heap overflow that can result in application crash or possibly have other unspecified impact. This patch ensures that when extra fields use STORED mode, the "compressed" and uncompressed block sizes match. --- extract.c | 7 +++ 1 file changed, 7 insertions(+) --- unzip60/extract.c +++ unzip60/extract.c @@ -2230,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si ulg eb_ucsize; uch *eb_ucptr; int r; +ush method; if (compr_offset < 4)/* field is not compressed: */ return PK_OK;/* do nothing and signal OK */ @@ -2246,6 +2247,13 @@ static int test_compr_eb(__G__ eb, eb_si ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN return IZ_EF_TRUNC; /* no/bad compressed data! */ +method = makeword(eb + (EB_HEADSIZE + compr_offset)); +if ((method == STORED) && +(eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize)) +return PK_ERR;/* compressed & uncompressed + * should match in STORED + * method */ + if ( #ifdef INT_16BIT (((ulg)(extent)eb_ucsize) != eb_ucsize) || ++ unzip60-total_disks_zero.patch ++ Index: unzip60/process.c === --- unzip60.orig/process.c +++ unzip60/process.c @@ -1286,7 +1286,8 @@ static int find_ecrec64(__G__ searchlen) G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout); #endif if ((G.ecrec.number_this_disk != 0x) && -(G.ecrec.number_this_disk != ecloc64_total_disks - 1)) { +(G.ecrec.number_this_disk != ecloc64_total_disks - 1) && +(ecloc64_total_disks != 0)) { /* Note: For some unknown reason, the developers
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2018-05-23 16:06:25 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Wed May 23 16:06:25 2018 rev:42 rq:610005 version:6.00 Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2017-07-11 08:23:39.521952358 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2018-05-23 16:06:28.499754826 +0200 @@ -1,0 +2,13 @@ +Wed May 16 19:44:45 UTC 2018 - antoine.belv...@opensuse.org + +- Fix "remove failed: No such file or directory" warnings upon + package removal: + * Call 'update-alternative --remove' in %postun, not in %preun. + +--- +Thu Feb 8 14:11:25 UTC 2018 - kbabi...@suse.com + +- Add CVE-2018-135.patch: Fix a heap-based buffer overflow in + password protected ZIP archives (CVE-2018-135 bsc#1080074) + +--- --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2018-02-10 17:53:15.294801669 +0100 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-05-23 16:06:28.563752482 +0200 @@ -1,0 +2,7 @@ +Wed May 16 19:44:45 UTC 2018 - antoine.belv...@opensuse.org + +- Fix "remove failed: No such file or directory" warnings upon + package removal: + * Call 'update-alternative --remove' in %postun, not in %preun. + +--- Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.GJRsnY/_old 2018-05-23 16:06:30.175693435 +0200 +++ /var/tmp/diff_new_pack.GJRsnY/_new 2018-05-23 16:06:30.179693288 +0200 @@ -56,8 +56,9 @@ Patch16:CVE-2015-7697.patch Patch17:CVE-2016-9844.patch Patch18:CVE-2014-9913.patch +Patch19:CVE-2018-135.patch Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(postun): update-alternatives Recommends: %{_name}-doc BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -98,6 +99,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p0 %build export RPM_OPT_FLAGS="%{optflags} \ @@ -136,7 +138,7 @@ %{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight} done -%preun +%postun if [ "$1" = 0 ] ; then for bin in unzip funzip unzipsfx zipgrep; do %{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix} ++ unzip.spec ++ --- /var/tmp/diff_new_pack.GJRsnY/_old 2018-05-23 16:06:30.211692116 +0200 +++ /var/tmp/diff_new_pack.GJRsnY/_new 2018-05-23 16:06:30.215691970 +0200 @@ -58,7 +58,7 @@ Patch18:CVE-2014-9913.patch Patch19:CVE-2018-135.patch Requires(post): update-alternatives -Requires(preun): update-alternatives +Requires(postun): update-alternatives Recommends: %{_name}-doc BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -138,7 +138,7 @@ %{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight} done -%preun +%postun if [ "$1" = 0 ] ; then for bin in unzip funzip unzipsfx zipgrep; do %{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2018-02-10 17:53:01 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Sat Feb 10 17:53:01 2018 rev:41 rq:574312 version:6.00 Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2017-07-11 08:23:39.549948410 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-02-10 17:53:15.294801669 +0100 @@ -1,0 +2,6 @@ +Thu Feb 8 14:11:25 UTC 2018 - kbabi...@suse.com + +- Add CVE-2018-135.patch: Fix a heap-based buffer overflow in + password protected ZIP archives (CVE-2018-135 bsc#1080074) + +--- New: CVE-2018-135.patch Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.y13mXj/_old 2018-02-10 17:53:16.110772131 +0100 +++ /var/tmp/diff_new_pack.y13mXj/_new 2018-02-10 17:53:16.110772131 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ unzip.spec ++ --- /var/tmp/diff_new_pack.y13mXj/_old 2018-02-10 17:53:16.130771407 +0100 +++ /var/tmp/diff_new_pack.y13mXj/_new 2018-02-10 17:53:16.134771262 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -56,6 +56,7 @@ Patch16:CVE-2015-7697.patch Patch17:CVE-2016-9844.patch Patch18:CVE-2014-9913.patch +Patch19:CVE-2018-135.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -98,6 +99,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p0 %build export RPM_OPT_FLAGS="%{optflags} \ ++ CVE-2018-135.patch ++ From: Date: Thu Feb 8 15:10:03 CET 2018 Upstream: merged References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=548 Index: fileio.c === --- fileio.c.orig +++ fileio.c @@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, int r = IZ_PW_ENTERED; char *m; char *prompt; - +char *zfnf; +char *efnf; +size_t zfnfl; +int isOverflow; + #ifndef REENTRANT /* tell picky compilers to shut up about "unused variable" warnings */ pG = pG; @@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf, if (*rcnt == 0) { /* First call for current entry */ *rcnt = 2; -if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) { +zfnf = FnFilter1(zfn); +efnf = FnFilter2(efn); +zfnfl = strlen(zfnf); +isOverflow = TRUE; +if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf)) +{ + isOverflow = FALSE; +} +if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL)) { sprintf(prompt, LoadFarString(PasswPrompt), FnFilter1(zfn), FnFilter2(efn)); m = prompt;
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2017-07-11 08:23:38 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Tue Jul 11 08:23:38 2017 rev:40 rq:509110 version:6.00 Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2017-02-19 00:59:27.420854455 +0100 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2017-07-11 08:23:39.521952358 +0200 @@ -1,0 +2,14 @@ +Thu Jul 6 13:25:44 UTC 2017 - nico.kru...@gmail.com + +- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was + causing errors testing valid jar files: + $ unzip -t foo.jar + Archive: foo.jar + testing: META-INF/ bad extra-field entry: +EF block length (0 bytes) invalid (< 4) + testing: META-INF/MANIFEST.MF OK + testing: foo OK + (see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139 + where the updated patch was taken from) + +--- unzip.changes: same change Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.kiakoM/_old 2017-07-11 08:23:40.309841237 +0200 +++ /var/tmp/diff_new_pack.kiakoM/_new 2017-07-11 08:23:40.309841237 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,7 @@ Patch11:unzip-no-build-date.patch Patch12:unzip-dont_call_isprint.patch Patch13:Fix-CVE-2014-8139-unzip.patch +# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch15:CVE-2015-7696.patch Patch16:CVE-2015-7697.patch ++ unzip.spec ++ --- /var/tmp/diff_new_pack.kiakoM/_old 2017-07-11 08:23:40.329838416 +0200 +++ /var/tmp/diff_new_pack.kiakoM/_new 2017-07-11 08:23:40.329838416 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -50,6 +50,7 @@ Patch11:unzip-no-build-date.patch Patch12:unzip-dont_call_isprint.patch Patch13:Fix-CVE-2014-8139-unzip.patch +# http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch15:CVE-2015-7696.patch Patch16:CVE-2015-7697.patch ++ Fix-CVE-2014-8139-unzip.patch ++ --- /var/tmp/diff_new_pack.kiakoM/_old 2017-07-11 08:23:40.361833904 +0200 +++ /var/tmp/diff_new_pack.kiakoM/_new 2017-07-11 08:23:40.361833904 +0200 @@ -1,15 +1,5 @@ -From 916cf1e7907f9d660bd160eb9a84f6e1cab3af5a Mon Sep 17 00:00:00 2001 -From: Thorsten Behrens -Date: Sat, 20 Dec 2014 00:24:54 +0100 -Subject: [PATCH 1/2] Fix CVE-2014-8139 unzip - -Fix heap overflow condition in the CRC32 verification. - extract.c | 17 +++-- - 1 file changed, 15 insertions(+), 2 deletions(-) - diff --git a/extract.c b/extract.c -index 9582da5..78f637e 100644 +index 9ef80b3..c741b5f 100644 --- a/extract.c +++ b/extract.c @@ -1,5 +1,5 @@ @@ -23,12 +13,12 @@ #ifndef SFX static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; -+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ ++ static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) invalid (< %d)\n"; static ZCONST char Far InvalidComprDataEAs[] = " invalid compressed data for EAs\n"; # if (defined(WIN32) && defined(NTSD_EAS)) -@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len) +@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len) ebID = makeword(ef); ebLen = (unsigned)makeword(ef+EB_LEN); @@ -38,23 +28,51 @@ /* Discovered some extra field inconsistency! */ if (uO.qflag) Info(slide, 1, ((char *)slide, "%-22s ", -@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_len) - ebLen, (ef_len - EB_HEADSIZE))); - return PK_ERR; - } -+else if (ebLen < EB_H
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2017-02-19 00:59:26 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2016-10-14 09:27:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2017-02-19 00:59:27.420854455 +0100 @@ -2 +2,11 @@ -Wed Oct 12 07:24:12 UTC 2016 - josef.moell...@suse.com +Wed Feb 15 08:31:05 UTC 2017 - josef.moell...@suse.com + +- Fixed two potential buffer overflows. + The patches were extracted from + http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and + http://antinode.info/ftp/info-zip/unzip60/list.c + (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913, + CVE-2016-9844.patch, CVE-2014-9913.patch) + +--- +Wed Oct 12 07:23:03 UTC 2016 - josef.moell...@suse.com --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2016-10-14 09:27:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2017-02-19 00:59:27.468847715 +0100 @@ -1,0 +2,10 @@ +Wed Feb 15 08:31:05 UTC 2017 - josef.moell...@suse.com + +- Fixed two potential buffer overflows. + The patches were extracted from + http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and + http://antinode.info/ftp/info-zip/unzip60/list.c + (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913, + CVE-2016-9844.patch, CVE-2014-9913.patch) + +--- New: CVE-2014-9913.patch CVE-2016-9844.patch Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.3v8qxG/_old 2017-02-19 00:59:28.116756729 +0100 +++ /var/tmp/diff_new_pack.3v8qxG/_new 2017-02-19 00:59:28.120756168 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -53,6 +53,8 @@ Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch Patch15:CVE-2015-7696.patch Patch16:CVE-2015-7697.patch +Patch17:CVE-2016-9844.patch +Patch18:CVE-2014-9913.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -93,6 +95,8 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 +%patch18 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ unzip.spec: same change ++ CVE-2014-9913.patch ++ Index: unzip60/list.c === --- unzip60.orig/list.c +++ unzip60/list.c @@ -339,7 +339,18 @@ int list_files(__G)/* return PK-type G.crec.compression_method == ENHDEFLATED) { methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3]; } else if (methnum >= NUM_METHODS) { -sprintf(&methbuf[4], "%03u", G.crec.compression_method); + /* 2013-02-26 SMS. +* http://sourceforge.net/p/infozip/bugs/27/ CVE-2014-9913. +* Unexpectedly large compression methods overflow +* &methbuf[]. Use the old, three-digit decimal format +* for values which fit. Otherwise, sacrifice the +* colon, and use four-digit hexadecimal. +*/ + if (G.crec.compression_method <= 999) { + sprintf( &methbuf[ 4], "%03u", G.crec.compression_method); + } else { + sprintf( &methbuf[ 3], "%04X", G.crec.compression_method); + } } #if 0 /* GRR/Euro: add this? */ ++ CVE-2015-7697.patch ++ --- /var/tmp/diff_new_pack.3v8qxG/_old 2017-02-19 00:59:28.184747181 +0100 +++ /var/tmp/diff_new_pack.3v8qxG/_new 2017-02-19 00:59:28.188746619 +0100 @@ -26,3 +26,16 @@ #if (defined(DLL) && !defined(NO_SLIDE_REDIR)) if (G.redirect_slide) wsize = G.redirect_size, redirSlide = G.redirect_buffer; +Index: unzip60/zipinfo.c +=== +--- unzip60.orig/zipinfo.c unzip60/zipinfo.c +@@ -1888,7 +1888,7 @@ static int zi_short(__G) /* return PK- + int k, error, error_in_archive=PK_COOL; + unsignedhostnum, hostver, methid, methnum, xattr; + char*p, workspace[12], attribs[16]; +-charmethbuf[5]; ++charmethbuf[1+5+1]; /* large enough to hold 1 character + an
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2016-10-14 09:27:20 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2016-06-29 15:01:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2016-10-14 09:27:21.0 +0200 @@ -1,0 +2,10 @@ +Wed Oct 12 07:24:12 UTC 2016 - josef.moell...@suse.com + +- When decrypting an encrypted file, + quit early if compressed size < HEAD_LEN. + When extracting avoid an infinite loop + if a file never finishes unzipping. + (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697, + CVE-2015-7696.patch, CVE-2015-7697.patch) + +--- --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2016-06-29 15:01:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2016-10-14 09:27:21.0 +0200 @@ -1,0 +2,10 @@ +Wed Oct 12 07:23:03 UTC 2016 - josef.moell...@suse.com + +- When decrypting an encrypted file, + quit early if compressed size < HEAD_LEN. + When extracting avoid an infinite loop + if a file never finishes unzipping. + (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697, + CVE-2015-7696.patch, CVE-2015-7697.patch) + +--- New: CVE-2015-7696.patch CVE-2015-7697.patch Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.8f1KBf/_old 2016-10-14 09:27:22.0 +0200 +++ /var/tmp/diff_new_pack.8f1KBf/_new 2016-10-14 09:27:22.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,8 @@ Patch12:unzip-dont_call_isprint.patch Patch13:Fix-CVE-2014-8139-unzip.patch Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch +Patch15:CVE-2015-7696.patch +Patch16:CVE-2015-7697.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -89,6 +91,8 @@ %patch12 %patch13 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ unzip.spec ++ --- /var/tmp/diff_new_pack.8f1KBf/_old 2016-10-14 09:27:22.0 +0200 +++ /var/tmp/diff_new_pack.8f1KBf/_new 2016-10-14 09:27:22.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -51,6 +51,8 @@ Patch12:unzip-dont_call_isprint.patch Patch13:Fix-CVE-2014-8139-unzip.patch Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch +Patch15:CVE-2015-7696.patch +Patch16:CVE-2015-7697.patch Requires(post): update-alternatives Requires(preun): update-alternatives Recommends: %{_name}-doc @@ -89,6 +91,8 @@ %patch12 %patch13 -p1 %patch14 -p1 +%patch15 -p1 +%patch16 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ CVE-2015-7696.patch ++ From: Petr Stodulka Date: Mon, 14 Sep 2015 18:23:17 +0200 Subject: Upstream fix for heap overflow Bug-Debian: https://bugs.debian.org/802162 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944 Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002 Forwarded: yes --- crypt.c | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) Index: unzip60/crypt.c === --- unzip60.orig/crypt.c +++ unzip60/crypt.c @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd) GLOBAL(pInfo->encrypted) = FALSE; defer_leftover_input(__G); for (n = 0; n < RAND_HEAD_LEN; n++) { -b = NEXTBYTE; +/* 2012-11-23 SMS. (OUSPG report.) + * Quit early if compressed size < HEAD_LEN. The resulting + * error message ("unable to get password") could be improved, + * but it's better than trying to read nonexistent data, and + * then continuing with a negative G.csize. (See + * fileio.c:readbyte()). + */ +if ((b = NEXTBYTE) == (ush)EOF) +{ +return PK_ERR; +} h[n] = (uch)b; Trace((stdout, "
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2016-06-29 15:01:37 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2015-01-30 06:03:17.0 +0100 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2016-06-29 15:01:38.0 +0200 @@ -1,0 +2,6 @@ +Thu Jun 16 14:58:41 UTC 2016 - tchva...@suse.com + +- Require properly the update-alternatives to not throw out errors + when installing in OBS chroot + +--- unzip.changes: same change Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.9ZqEWu/_old 2016-06-29 15:01:39.0 +0200 +++ /var/tmp/diff_new_pack.9ZqEWu/_new 2016-06-29 15:01:39.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,21 +16,29 @@ # +%define _name unzip +%define fileversion 60 %bcond_without rcc - +%if %{with rcc} +%define update_weight 20 +%define _suffix rcc +BuildRequires: librcc-devel +Suggests: librcc0 +Provides: %{_name} = %{version} +%else +%define update_weight 10 +%define _suffix plain +%endif # NOTE: unzip.spec is the major file, if you want to update unzip-rcc.spec # call pre_checkin.sh after editing unzip.spec - Name: unzip-rcc -%define _name unzip Version:6.00 Release:0 -%define fileversion 60 Summary:A program to unpack compressed files License:BSD-3-Clause Group: Productivity/Archiving/Compression Url:http://www.info-zip.org/ -Source: http://sourceforge.net/projects/infozip/files/UnZip%206.x%20%28latest%29/UnZip%206.0/%{_name}%{fileversion}.tar.gz +Source: http://sourceforge.net/projects/infozip/files/UnZip%%206.x%%20%%28latest%%29/UnZip%%206.0/%{_name}%{fileversion}.tar.gz Source1:pre_checkin.sh Patch0: unzip.dif Patch1: unzip-iso8859_2.patch @@ -43,20 +51,10 @@ Patch12:unzip-dont_call_isprint.patch Patch13:Fix-CVE-2014-8139-unzip.patch Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch -%if %{with rcc} -BuildRequires: librcc-devel -Suggests: librcc0 -Provides: %{_name} = %{version} -%define update_weight 20 -%define _suffix rcc -%else -%define update_weight 10 -%define _suffix plain -%endif -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: update-alternatives -Requires: update-alternatives +Requires(post): update-alternatives +Requires(preun): update-alternatives Recommends: %{_name}-doc +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description UnZip is an extraction utility for archives compressed in .zip format @@ -102,7 +100,7 @@ make %{?_smp_mflags} -f unix/Makefile LF2="-ldl -pie" linux_noasm %check -make -f unix/Makefile check +make %{?_smp_mflags} -f unix/Makefile check %install mkdir -p %{buildroot}%{_sysconfdir}/alternatives @@ -114,7 +112,7 @@ install unix/zipgrep "%{buildroot}%{_bindir}/zipgrep-"%{_suffix} for i in unzip funzip unzipsfx zipgrep; do touch %{buildroot}%{_sysconfdir}/alternatives/$i - ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%_bindir/$i + ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%{_bindir}/$i done # do not have the docu in both packages @@ -126,36 +124,36 @@ %post for bin in unzip funzip unzipsfx zipgrep; do - /usr/sbin/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight} + %{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin "%{_bindir}/$bin-"%{_suffix} %{update_weight} done %preun if [ "$1" = 0 ] ; then for bin in unzip funzip unzipsfx zipgrep; do -/usr/sbin/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix} +%{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix} done fi %files %defattr(-,root,root) -%ghost %_sysconfdir/alternatives/unzip +%ghost %{_sysconfdir}/alternatives/unzip %{_bindir}/unzip %{_bindir}/unzip-%{_suffix} -%ghost %_sysconfdir/alternatives/funzip +%ghost %{_sysconfdir}/alternatives/funzip %{_bindir}/funzip %{_bindir}/funzip-%{_suffix} -%ghost %_sysconfdir/alternatives/unzipsfx +%ghost %{_sysconfdir}/alternatives/unzipsfx %{_bindir}/unzipsfx %{_bindir}/unzipsfx-%{_suffix} %{_bindir}/zipinfo -%ghost %_sysco
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2015-01-30 06:03:15 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2014-12-23 11:48:37.0 +0100 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2015-01-30 06:03:17.0 +0100 @@ -1,0 +2,10 @@ +Mon Jan 26 13:25:54 UTC 2015 - tbehr...@suse.com + +- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in + the CRC32 verification (fixes bnc#909214) +- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error + (*_8349_*) shows a problem in extract.c:test_compr_eb(), and: + read errors (*_6430_*, *_3422_*) show problems in + process.c:getZip64Data() (fixes bnc#909214) + +--- unzip.changes: same change New: Fix-CVE-2014-8139-unzip.patch Fix-CVE-2014-8140-and-CVE-2014-8141.patch Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.wU5lp5/_old 2015-01-30 06:03:18.0 +0100 +++ /var/tmp/diff_new_pack.wU5lp5/_new 2015-01-30 06:03:18.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,6 +41,8 @@ Patch10:unzip-5.52-use_librcc.patch Patch11:unzip-no-build-date.patch Patch12:unzip-dont_call_isprint.patch +Patch13:Fix-CVE-2014-8139-unzip.patch +Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch %if %{with rcc} BuildRequires: librcc-devel Suggests: librcc0 @@ -87,6 +89,8 @@ %endif %patch11 %patch12 +%patch13 -p1 +%patch14 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ unzip.spec ++ --- /var/tmp/diff_new_pack.wU5lp5/_old 2015-01-30 06:03:18.0 +0100 +++ /var/tmp/diff_new_pack.wU5lp5/_new 2015-01-30 06:03:18.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -41,6 +41,8 @@ Patch10:unzip-5.52-use_librcc.patch Patch11:unzip-no-build-date.patch Patch12:unzip-dont_call_isprint.patch +Patch13:Fix-CVE-2014-8139-unzip.patch +Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch %if %{with rcc} BuildRequires: librcc-devel Suggests: librcc0 @@ -87,6 +89,8 @@ %endif %patch11 %patch12 +%patch13 -p1 +%patch14 -p1 %build export RPM_OPT_FLAGS="%{optflags} \ ++ Fix-CVE-2014-8139-unzip.patch ++ >From 916cf1e7907f9d660bd160eb9a84f6e1cab3af5a Mon Sep 17 00:00:00 2001 From: Thorsten Behrens Date: Sat, 20 Dec 2014 00:24:54 +0100 Subject: [PATCH 1/2] Fix CVE-2014-8139 unzip Fix heap overflow condition in the CRC32 verification. --- extract.c | 17 +++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/extract.c b/extract.c index 9582da5..78f637e 100644 --- a/extract.c +++ b/extract.c @@ -1,5 +1,5 @@ /* - Copyright (c) 1990-2009 Info-ZIP. All rights reserved. + Copyright (c) 1990-2014 Info-ZIP. All rights reserved. See the accompanying file LICENSE, version 2009-Jan-02 or later (the contents of which are also included in unzip.h) for terms of use. @@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] = #ifndef SFX static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \ EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n"; + static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \ + EF block length (%u bytes) invalid (< %d)\n"; static ZCONST char Far InvalidComprDataEAs[] = " invalid compressed data for EAs\n"; # if (defined(WIN32) && defined(NTSD_EAS)) @@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len) ebID = makeword(ef); ebLen = (unsigned)makeword(ef+EB_LEN); -if (ebLen > (ef_len - EB_HEADSIZE)) { +if (ebLen > (ef_len - EB_HEADSIZE)) +{ /* Discovered some extra field inconsistency! */ if (uO.qflag) Info(slide, 1, ((char *)slide, "%-22s ", @@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_len) ebLen, (ef_len - EB_HEADS
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2014-12-23 11:50:06 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2013-08-13 11:08:33.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2014-12-23 11:48:37.0 +0100 @@ -1,0 +2,5 @@ +Sun Dec 21 13:43:32 UTC 2014 - meiss...@suse.com + +- build with PIE + +--- unzip.changes: same change Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.C1joFn/_old 2014-12-23 11:48:38.0 +0100 +++ /var/tmp/diff_new_pack.C1joFn/_new 2014-12-23 11:48:38.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package unzip-rcc # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -93,9 +93,9 @@ -D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \ -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \ -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ --DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing" +-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing -fPIE" -make %{?_smp_mflags} -f unix/Makefile LF2="-ldl" linux_noasm +make %{?_smp_mflags} -f unix/Makefile LF2="-ldl -pie" linux_noasm %check make -f unix/Makefile check unzip.spec: same change -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2013-08-13 11:08:31 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes 2013-08-04 17:25:48.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2013-08-13 11:08:33.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 2 18:29:07 UTC 2013 - co...@suse.com + +- fix defaultattr for old distros + +--- unzip.changes: same change Other differences: -- ++ unzip-rcc.spec ++ --- /var/tmp/diff_new_pack.dI1hib/_old 2013-08-13 11:08:34.0 +0200 +++ /var/tmp/diff_new_pack.dI1hib/_new 2013-08-13 11:08:34.0 +0200 @@ -150,6 +150,7 @@ %if %{without rcc} %files doc +%defattr(-,root,root) %doc %{_mandir}/man1/* %doc BUGS Contents History.* LICENSE README ToDo WHERE %doc *.txt proginfo unzip.spec: same change ++ pre_checkin.sh ++ --- /var/tmp/diff_new_pack.dI1hib/_old 2013-08-13 11:08:34.0 +0200 +++ /var/tmp/diff_new_pack.dI1hib/_new 2013-08-13 11:08:34.0 +0200 @@ -6,3 +6,5 @@ sed -i -e 's,Name: .*,Name: unzip-rcc,' unzip-rcc.spec sed -i -e 's,%bcond_with rcc,%bcond_without rcc,' unzip-rcc.spec +osc service localrun format_spec_file + -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2013-08-04 17:25:47 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip" Changes: New Changes file: --- /dev/null 2013-07-23 23:44:04.804033756 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2013-08-04 17:25:48.0 +0200 @@ -0,0 +1,295 @@ +--- +Fri Aug 2 13:55:08 UTC 2013 - co...@suse.com + +- split the rcc dependency into a spec file of it's own, we don't + need that complexity during build causing cycles like this: +unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets + +--- +Fri Apr 5 10:07:44 UTC 2013 - idon...@suse.com + +- Cleanup spec file +- Add Source URL, see https://en.opensuse.org/SourceUrls + +--- +Fri Aug 5 13:57:24 CEST 2011 - p...@suse.de + +- Don't call isprint (bnc#620483). + +--- +Mon May 23 14:21:44 UTC 2011 - lnus...@suse.de + +- remove use of __DATE__ from correct file + +--- +Sat May 07 23:16:45 UTC 2011 - idoen...@novell.com + +- Sync our compile time flags with Debian except Acorn stuff, this enables + UTF-8, saves an unrelated warning about lchmod being not implemented. +- Enable make check + +--- +Fri Jan 28 13:50:13 UTC 2011 - lnus...@suse.de + +- use dlopen for librcc0. A direct requires causes lots of other + packages to get installed such as aspell which bloats a minimal + install. + +--- +Mon Aug 30 19:44:17 UTC 2010 - cristian.rodrig...@opensuse.org + +- Do not include build host specific info like build dates In + binaries. + +--- +Fri Jun 25 18:21:34 CEST 2010 - p...@suse.de + +- Doing open(O_WRONLY) and then fdopen("w+") will now fail with + "Invalid Argument" whereas former glibcs would succeed. So now + do open(O_RDWR). +- Print error message when open(2) fails. +- Add debugging traces in open_outfile. + +--- +Fri May 21 16:39:24 CEST 2010 - p...@suse.de + +- Update to 6.0: + * Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive + entries larger than 4 GiBytes and more than 65536 entries within a + single Zip archive. This support is currently only available for Unix, + OpenVMS and Win32/Win64. + * Support for bzip2 compression method. + * Support for UTF-8 encoded entry names, both through PKWARE's "General +Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path +extra field. (Currently, on Windows the UTF-8 handling is limited to +the character subset contained in the configured non-unicode "system +code page".) + * Fixed "Time of Creation/Time of Use" vulnerability when setting +attributes of extracted files, for Unix and Unix-like ports. + * Fixed memory leak when processing invalid deflated data. + * Fixed long-standing bug in unshrink (partial_clear), added boundary +checks against invalid compressed data. + * On Unix, keep inherited SGID attribute bit for extracted directories +unless restoration of owner/group id or SUID/SGID/Tacky attributes was +requested. + * On Unix, allow extracted filenames to contain embedded control +characters when explicitly requested by specifying the new command line +option "-^". + * On Unix, support restoration of symbolic link attributes. + * On Unix, support restoration of 32-bit UID/GID data using the new "ux" +IZUNIX3 extra field introduced with Zip 3.0. + * Support symbolic links zipped up on VMS. + * New -D option to suppress restoration of timestamps for extracted +directory entries (on those ports that support setting of directory +timestamps). By specifying "-DD", this new option also allows to +suppress timestamp restoration for ALL extracted files on all UnZip +ports which support restoration of timestamps. On VMS, the default +behaviour is now to skip restoration of directory timestamps; here, +"--D" restores ALL timestamps, "-D" restores none. + * On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP +to allow saving backup copies of overwritten files on extraction is now +enabled by default. + +--- +Mon May 10 16:39:20 UTC 2010
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2013-04-14 13:02:09 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip", Maintainer is "p...@suse.com" Changes: --- /work/SRC/openSUSE:Factory/unzip/unzip.changes 2011-09-23 12:49:30.0 +0200 +++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2013-04-14 13:02:10.0 +0200 @@ -1,0 +2,6 @@ +Fri Apr 5 10:07:44 UTC 2013 - idon...@suse.com + +- Cleanup spec file +- Add Source URL, see https://en.opensuse.org/SourceUrls + +--- Old: unzip60.tar.bz2 New: unzip60.tar.gz Other differences: -- ++ unzip.spec ++ --- /var/tmp/diff_new_pack.sJG03Y/_old 2013-04-14 13:02:12.0 +0200 +++ /var/tmp/diff_new_pack.sJG03Y/_new 2013-04-14 13:02:12.0 +0200 @@ -1,7 +1,7 @@ # # spec file for package unzip # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,15 @@ # - Name: unzip -License:BSD-3-Clause -Group: Productivity/Archiving/Compression -AutoReqProv:on Version:6.00 -Release:12 +Release:0 %define fileversion 60 Summary:A program to unpack compressed files -Source: %{name}%{fileversion}.tar.bz2 +License:BSD-3-Clause +Group: Productivity/Archiving/Compression Url:http://www.info-zip.org/ +Source: http://sourceforge.net/projects/infozip/files/UnZip%206.x%20%28latest%29/UnZip%206.0/%{name}%{fileversion}.tar.gz Patch0: unzip.dif Patch1: unzip-iso8859_2.patch Patch3: unzip-optflags.patch @@ -36,9 +34,9 @@ Patch10:unzip-5.52-use_librcc.patch Patch11:unzip-no-build-date.patch Patch12:unzip-dont_call_isprint.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: librcc-devel Suggests: librcc0 +BuildRoot: %{_tmppath}/%{name}-%{version}-build %description UnZip is an extraction utility for archives compressed in .zip format @@ -47,12 +45,6 @@ program, our primary objectives have been portability and non-MS-DOS functionality. This version can also extract encrypted archives. - - -Authors: - -Info-ZIP - %prep %setup -q -n %{name}%{fileversion} %patch0 @@ -66,7 +58,7 @@ %patch12 %build -export RPM_OPT_FLAGS="%optflags \ +export RPM_OPT_FLAGS="%{optflags} \ -D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \ -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \ -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ @@ -78,19 +70,16 @@ make -f unix/Makefile check %install -mkdir -p $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1} +mkdir -p %{buildroot}{%{_bindir},%{_mandir}/man1} for i in unzip funzip unzipsfx;\ -do install $i $RPM_BUILD_ROOT%{_bindir};done; -ln -s unzip $RPM_BUILD_ROOT%{_bindir}/zipinfo -install unix/zipgrep $RPM_BUILD_ROOT%{_bindir} +do install $i %{buildroot}%{_bindir};done; +ln -s unzip %{buildroot}%{_bindir}/zipinfo +install unix/zipgrep %{buildroot}%{_bindir} for i in man/*.1; \ do \ - install -m 644 $i $RPM_BUILD_ROOT%{_mandir}/man1/ + install -m 644 $i %{buildroot}%{_mandir}/man1/ done -%clean -rm -rf $RPM_BUILD_ROOT - %files %defattr(-,root,root) %doc %{_mandir}/man1/* -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at 2011-12-06 19:10:39 Comparing /work/SRC/openSUSE:Factory/unzip (Old) and /work/SRC/openSUSE:Factory/.unzip.new (New) Package is "unzip", Maintainer is "p...@suse.com" Changes: Other differences: -- ++ unzip.spec ++ --- /var/tmp/diff_new_pack.0h92zg/_old 2011-12-06 19:45:06.0 +0100 +++ /var/tmp/diff_new_pack.0h92zg/_new 2011-12-06 19:45:06.0 +0100 @@ -18,7 +18,7 @@ Name: unzip -License:BSD3c +License:BSD-3-Clause Group: Productivity/Archiving/Compression AutoReqProv:on Version:6.00 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at Sat Aug 6 19:09:43 CEST 2011. --- unzip/unzip.changes 2011-05-23 16:22:07.0 +0200 +++ /mounts/work_src_done/STABLE/unzip/unzip.changes2011-08-05 14:03:53.0 +0200 @@ -1,0 +2,5 @@ +Fri Aug 5 13:57:24 CEST 2011 - p...@suse.de + +- Don't call isprint (bnc#620483). + +--- calling whatdependson for head-i586 New: unzip-dont_call_isprint.patch Other differences: -- ++ unzip.spec ++ --- /var/tmp/diff_new_pack.1P7ZiM/_old 2011-08-06 19:09:10.0 +0200 +++ /var/tmp/diff_new_pack.1P7ZiM/_new 2011-08-06 19:09:10.0 +0200 @@ -22,7 +22,7 @@ Group: Productivity/Archiving/Compression AutoReqProv:on Version:6.00 -Release:10 +Release:12 %define fileversion 60 Summary:A program to unpack compressed files Source: %{name}%{fileversion}.tar.bz2 @@ -35,6 +35,7 @@ Patch8: unzip-open_missing_mode.patch Patch10:unzip-5.52-use_librcc.patch Patch11:unzip-no-build-date.patch +Patch12:unzip-dont_call_isprint.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: librcc-devel Suggests: librcc0 @@ -62,6 +63,7 @@ %patch8 %patch10 %patch11 +%patch12 %build export RPM_OPT_FLAGS="%optflags \ ++ unzip-dont_call_isprint.patch ++ Author: Suren A. Chilingaryan Index: extract.c === --- extract.c.orig 2009-03-14 04:32:52.0 +0300 +++ extract.c 2010-07-07 17:29:52.0 +0400 @@ -2596,7 +2596,7 @@ char *fnfilter(raw, space, size) /* co */ # define UZ_FNFILTER_REPLACECHAR '?' # endif -if (!isprint(*r)) { +if (*r < 32) { //(!isprint(*r)) { if (*r < 32) { /* ASCII control codes are escaped as "^{letter}". */ if (se != NULL && (s > (space + (size-4 { Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at Tue May 24 08:57:48 CEST 2011. --- unzip/unzip.changes 2011-05-07 23:18:48.0 +0200 +++ /mounts/work_src_done/STABLE/unzip/unzip.changes2011-05-23 16:22:07.0 +0200 @@ -1,0 +2,5 @@ +Mon May 23 14:21:44 UTC 2011 - lnus...@suse.de + +- remove use of __DATE__ from correct file + +--- calling whatdependson for head-i586 Other differences: -- ++ unzip.spec ++ --- /var/tmp/diff_new_pack.Uxh1MU/_old 2011-05-24 08:55:59.0 +0200 +++ /var/tmp/diff_new_pack.Uxh1MU/_new 2011-05-24 08:55:59.0 +0200 @@ -22,7 +22,7 @@ Group: Productivity/Archiving/Compression AutoReqProv:on Version:6.00 -Release:8 +Release:10 %define fileversion 60 Summary:A program to unpack compressed files Source: %{name}%{fileversion}.tar.bz2 ++ unzip-no-build-date.patch ++ --- /var/tmp/diff_new_pack.Uxh1MU/_old 2011-05-24 08:55:59.0 +0200 +++ /var/tmp/diff_new_pack.Uxh1MU/_new 2011-05-24 08:55:59.0 +0200 @@ -1,7 +1,7 @@ Index: cmsmvs/vmmvs.c === cmsmvs/vmmvs.c.orig2005-01-26 23:03:28.0 -0300 -+++ cmsmvs/vmmvs.c 2010-08-30 14:15:34.271732500 -0400 +--- cmsmvs/vmmvs.c.orig cmsmvs/vmmvs.c @@ -664,14 +664,6 @@ void version(__G) /* Add compile environment */ @@ -19,8 +19,8 @@ ); Index: macos/source/sxunzip.c === macos/source/sxunzip.c.orig2001-02-09 21:55:34.0 -0300 -+++ macos/source/sxunzip.c 2010-08-30 14:18:39.555731949 -0400 +--- macos/source/sxunzip.c.orig macos/source/sxunzip.c @@ -123,7 +123,7 @@ static char UnZipVersionLocal[50]; memset(UnZipVersionLocal,0,sizeof(UnZipVersionLocal)); @@ -32,8 +32,8 @@ } Index: macos/source/macos.c === macos/source/macos.c.orig 2007-12-23 14:15:36.0 -0300 -+++ macos/source/macos.c 2010-08-30 14:29:28.405735321 -0400 +--- macos/source/macos.c.orig macos/source/macos.c @@ -937,14 +937,11 @@ void version(__G) ZCONST char Far CompiledWith[] = "Compiled with %s%s for %s%s%s%s.\n\n"; */ @@ -65,8 +65,8 @@ (*G.message)((zvoid *)&G, slide, (ulg)strlen((char *)slide), 0); Index: amiga/amiga.c === amiga/amiga.c.orig 2007-12-23 12:52:22.0 -0300 -+++ amiga/amiga.c 2010-08-30 14:30:10.528753108 -0400 +--- amiga/amiga.c.orig amiga/amiga.c @@ -1002,12 +1002,7 @@ void version(__G) sprintf(buf2,"unknown version"); # endif @@ -80,3 +80,19 @@ /** #ifdef __TIME__ +Index: unix/unix.c +=== +--- unix/unix.c.orig unix/unix.c +@@ -1705,11 +1705,7 @@ void version(__G) + #endif /* Sun */ + #endif /* SGI */ + +-#ifdef __DATE__ +- " on ", __DATE__ +-#else + "", "" +-#endif + ); + + (*G.message)((zvoid *)&G, slide, (ulg)strlen((char *)slide), 0); Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit unzip for openSUSE:Factory
Hello community, here is the log from the commit of package unzip for openSUSE:Factory checked in at Mon May 9 08:58:47 CEST 2011. --- unzip/unzip.changes 2011-01-28 14:51:03.0 +0100 +++ /mounts/work_src_done/STABLE/unzip/unzip.changes2011-05-07 23:18:48.0 +0200 @@ -1,0 +2,7 @@ +Sat May 07 23:16:45 UTC 2011 - idoen...@novell.com + +- Sync our compile time flags with Debian except Acorn stuff, this enables + UTF-8, saves an unrelated warning about lchmod being not implemented. +- Enable make check + +--- calling whatdependson for head-i586 Other differences: -- ++ unzip.spec ++ --- /var/tmp/diff_new_pack.YkrxZR/_old 2011-05-09 08:49:45.0 +0200 +++ /var/tmp/diff_new_pack.YkrxZR/_new 2011-05-09 08:49:45.0 +0200 @@ -22,7 +22,7 @@ Group: Productivity/Archiving/Compression AutoReqProv:on Version:6.00 -Release:3 +Release:8 %define fileversion 60 Summary:A program to unpack compressed files Source: %{name}%{fileversion}.tar.bz2 @@ -64,8 +64,16 @@ %patch11 %build -export RPM_OPT_FLAGS="%optflags -DLARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -fstack-protector -I. -DRCC_LAZY -fno-strict-aliasing" -make %{?jobs:-j%jobs} -f unix/Makefile LF2=-ldl linux_noasm +export RPM_OPT_FLAGS="%optflags \ +-D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \ +-DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \ +-DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ +-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing" + +make %{?_smp_mflags} -f unix/Makefile LF2="-ldl" linux_noasm + +%check +make -f unix/Makefile check %install mkdir -p $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1} Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org