rpms/unzip/devel unzip-5.52-long-filename.patch, NONE, 1.1 unzip-5.52-near-4GB2.patch, NONE, 1.1 unzip.spec, 1.28, 1.29

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Mon Feb 6 11:43:03 UTC 2006 

Author: varekova

Update of /cvs/dist/rpms/unzip/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv25585

Modified Files:
	unzip.spec 
Added Files:
	unzip-5.52-long-filename.patch unzip-5.52-near-4GB2.patch 
Log Message:
- fix bug 180078 - unzip -l causing error
- fix CVE-2005-4667 - unzip long file name buffer overflow



unzip-5.52-long-filename.patch:
 fileio.c  |    8 +++++++-
 process.c |    8 ++++----
 unzpriv.h |   18 ++++++++++++++++++
 3 files changed, 29 insertions(+), 5 deletions(-)

--- NEW FILE unzip-5.52-long-filename.patch ---
--- unzip-5.52/process.c.pom3	2006-02-06 10:29:02.630237064 +0100
+++ unzip-5.52/process.c	2006-02-06 10:29:02.650234024 +0100
@@ -576,16 +576,16 @@
         if (lastchance && (uO.qflag < 3)) {
 #if defined(UNIX) || defined(QDOS)
             if (G.no_ecrec)
-                Info(slide, 1, ((char *)slide,
+                Info2(slide, 1, ((char *)slide, WSIZE, 
                   LoadFarString(CannotFindZipfileDirMsg), uO.zipinfo_mode?
                   LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip),
                   G.wildzipfn, uO.zipinfo_mode? "  " : "", G.wildzipfn,
-                  G.zipfn));
+                  G.zipfn),WSIZE);
             else
-                Info(slide, 1, ((char *)slide,
+                Info2(slide, 1, ((char *)slide, WSIZE, 
                   LoadFarString(CannotFindEitherZipfile), uO.zipinfo_mode?
                   LoadFarStringSmall(Zipnfo) : LoadFarStringSmall(Unzip),
-                  G.wildzipfn, G.wildzipfn, G.zipfn));
+                  G.wildzipfn, G.wildzipfn, G.zipfn), WSIZE);
 #else /* !(UNIX || QDOS) */
             if (G.no_ecrec)
                 Info(slide, 0x401, ((char *)slide,
--- unzip-5.52/fileio.c.pom3	2006-02-06 10:29:02.000000000 +0100
+++ unzip-5.52/fileio.c	2006-02-06 10:30:59.755431328 +0100
@@ -1188,8 +1188,14 @@
 
 #endif /* !VMS */
 
+/****************/
+/* Function min */
+/****************/
 
-
+int min (int val_i, int val_j)
+{
+  return (val_i>val_j?val_j:val_i);
+}
 
 
 /*****************************/
--- unzip-5.52/unzpriv.h.pom3	2006-02-06 10:29:02.625237824 +0100
+++ unzip-5.52/unzpriv.h	2006-02-06 10:31:45.538471248 +0100
@@ -2286,6 +2286,24 @@
 #  endif
 #endif /* !Info */
 
+#ifndef Info2   /* may already have been defined for redirection */
+#  ifdef FUNZIP
+#    define Info2(buf,flag,sprf_arg,size) \
+     fprintf((flag)&1? stderr : stdout, (char *)(sprintf sprf_arg, (buf)))
+#  else
+#    ifdef INT_SPRINTF  /* optimized version for "int sprintf()" flavour */
+#      define Info2(buf,flag,sprf_arg,size) \
+       (*G.message)((zvoid *)&G, (uch *)(buf), (ulg) min(snprintf sprf_arg, (int) size), (flag))
+#    else          /* generic version, does not use sprintf() return value */
+#      define Info2(buf,flag,sprf_arg,size) \
+       (*G.message)((zvoid *)&G, (uch *)(buf), \
+            (ulg)(sprintf sprf_arg, strlen((char *)(buf))), (flag))
+#    endif
+#  endif
+#endif /* !Info */
+
+
+
 /*  The following macro wrappers around the fnfilter function are used many
  *  times to prepare archive entry names or name components for displaying
  *  listings and (warning/error) messages. They use sections in the upper half

unzip-5.52-near-4GB2.patch:
 list.c |    2 +-
 1 files changed, 1 insertion(+), 1 deletion(-)

--- NEW FILE unzip-5.52-near-4GB2.patch ---
--- unzip-5.52/list.c.pom	2006-02-06 09:39:47.622466528 +0100
+++ unzip-5.52/list.c	2006-02-06 09:57:00.813397632 +0100
@@ -76,7 +76,7 @@
    static ZCONST char Far ShortHdrStats[] =
      "%9lu  %02u%c%02u%c%02u %02u:%02u  %c";
    static ZCONST char Far ShortFileTrailer[] = " --------       \
-            -------\n%9lu                   %lu file%s\n";
+            -------\n%9ju                   %lu file%s\n";
 #endif /* ?OS2_EAS */
 #endif /* !WINDLL */
 


Index: unzip.spec
===================================================================
RCS file: /cvs/dist/rpms/unzip/devel/unzip.spec,v
retrieving revision 1.28
retrieving revision 1.29
diff -u -r1.28 -r1.29
--- unzip.spec	22 Dec 2005 13:58:12 -0000	1.28
+++ unzip.spec	6 Feb 2006 11:43:00 -0000	1.29
@@ -1,7 +1,7 @@
 Summary: A utility for unpacking zip files.
 Name: unzip
 Version: 5.52
-Release: 1
+Release: 2
 License: BSD
 Group: Applications/Archiving
 Source: ftp://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz
@@ -10,6 +10,8 @@
 Patch3: unzip-5.51-link-segv2.patch
 Patch6: unzip-5.52-toctou.patch
 Patch7: unzip-5.52-near-4GB.patch
+Patch8: unzip-5.52-near-4GB2.patch
+Patch9: unzip-5.52-long-filename.patch
 URL: http://www.info-zip.org/pub/infozip/UnZip.html
 BuildRoot: %{_tmppath}/%{name}-%{version}-root
 
@@ -31,6 +33,8 @@
 %patch3 -p1 -b .morn
 %patch6 -p1 -b .toctou
 %patch7 -p1 -b .4GB
+%patch8 -p1 -b .4GB2
+%patch9 -p1 -b .lfn
 ln -s unix/Makefile Makefile
 
 %build
@@ -51,7 +55,11 @@
 %{_mandir}/*/*
 
 %changelog
-* Thu Dec 22 2005 Ivana Varekova <vraekova at redhat.com> 5.52-1
+* Mon Feb  6 2006 Ivana Varekova <varekova at redhat.com> 5.52-2
+- fix bug 180078 - unzip -l causing error
+- fix CVE-2005-4667 - unzip long file name buffer overflow
+
+* Thu Dec 22 2005 Ivana Varekova <varekova at redhat.com> 5.52-1
 - update to 5.52
 
 * Fri Dec 09 2005 Jesse Keating <jkeating at redhat.com>

More information about the fedora-cvs-commits mailing list