Sisyphus repository
Last update: 1 october 2023 | SRPMs: 18631 | Visits: 37048178
en ru br
ALT Linux repos
S:6.0-alt5
5.0: 5.52-alt5
4.1: 5.52-alt5
4.0: 5.52-alt4.M40
+updates:5.52-alt4.M40
3.0: 5.52-alt1

Group :: Archiving/Compression
RPM: unzip

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs and FR  Repocop 

Patch: deb-unzip-CVE-2008-0888.patch
Download


diff -Nru unzip-5.52/consts.h unzip-5.52-fixed/consts.h
--- unzip-5.52/consts.h	2002-03-23 17:52:48 +0200
+++ unzip-5.52-fixed/consts.h	2008-03-18 09:26:13 +0200
@@ -34,9 +34,9 @@
   "error:  expected central file header signature not found (file #%lu).\n";
 ZCONST char Far SeekMsg[] =
   "error [%s]:  attempt to seek before beginning of zipfile\n%s";
-ZCONST char Far FilenameNotMatched[] = "caution: filename not matched:  %s\n";
+ZCONST char Far FilenameNotMatched[] = "caution: filename not matched:  %.512s\n";
 ZCONST char Far ExclFilenameNotMatched[] =
-  "caution: excluded filename not matched:  %s\n";
+  "caution: excluded filename not matched:  %.512s\n";
 
 #ifdef VMS
   ZCONST char Far ReportMsg[] = "\
diff -Nru unzip-5.52/fileio.c unzip-5.52-fixed/fileio.c
--- unzip-5.52/fileio.c	2005-02-27 04:10:12 +0200
+++ unzip-5.52-fixed/fileio.c	2008-03-18 09:26:13 +0200
@@ -413,7 +413,11 @@
 #endif /* NOVELL_BUG_FAILSAFE */
     Trace((stderr, "open_outfile:  doing fopen(%s) for writing\n",
       FnFilter1(G.filename)));
+#if defined(SYMLINKS) || defined(QLZIP)
+    if ((G.outfile = fopen(G.filename, FOPWR)) == (FILE *)NULL) {
+#else
     if ((G.outfile = fopen(G.filename, FOPW)) == (FILE *)NULL) {
+#endif
         Info(slide, 0x401, ((char *)slide, LoadFarString(CannotCreateFile),
           FnFilter1(G.filename)));
         return 1;
diff -Nru unzip-5.52/inflate.c unzip-5.52-fixed/inflate.c
--- unzip-5.52/inflate.c	2005-02-27 08:08:46 +0200
+++ unzip-5.52-fixed/inflate.c	2008-03-18 09:26:13 +0200
@@ -983,6 +983,7 @@
   unsigned l;           /* last length */
   unsigned m;           /* mask for bit lengths table */
   unsigned n;           /* number of lengths to get */
+  struct huft *tlp;     
   struct huft *tl;      /* literal/length code table */
   struct huft *td;      /* distance code table */
   unsigned bl;          /* lookup bits for tl */
@@ -996,6 +997,8 @@
   int retval = 0;       /* error code returned: initialized to "no error" */
 
 
+  td = tlp = tl = (struct huft *)NULL;
+
   /* make local bit buffer */
   Trace((stderr, "\ndynamic block"));
   b = G.bb;
@@ -1047,9 +1050,9 @@
   while (i < n)
   {
     NEEDBITS(bl)
-    j = (td = tl + ((unsigned)b & m))->b;
+    j = (tlp = tl + ((unsigned)b & m))->b;
     DUMPBITS(j)
-    j = td->v.n;
+    j = tlp->v.n;
     if (j < 16)                 /* length of code in bits (0..15) */
       ll[i++] = l = j;          /* save last length in l */
     else if (j == 16)           /* repeat last length 3 to 6 times */
@@ -1141,6 +1144,7 @@
       huft_free(td);
     }
     huft_free(tl);
+
     return retval;
   }
 
@@ -1149,8 +1153,8 @@
 
 cleanup_and_exit:
   /* free the decoding tables, return */
-  huft_free(tl);
-  huft_free(td);
+  if (tl) huft_free(tl);
+  if (td) huft_free(td);
   return retval;
 }
 
diff -Nru unzip-5.52/process.c unzip-5.52-fixed/process.c
--- unzip-5.52/process.c	2004-11-22 02:42:54 +0200
+++ unzip-5.52-fixed/process.c	2008-03-18 09:26:13 +0200
@@ -74,20 +74,20 @@
    /* do_seekable() strings */
 # ifdef UNIX
    static ZCONST char Far CannotFindZipfileDirMsg[] =
-     "%s:  cannot find zipfile directory in one of %s or\n\
-        %s%s.zip, and cannot find %s, period.\n";
+     "%s:  cannot find zipfile directory in one of %.512s or\n\
+        %s%.512s.zip, and cannot find %.512s, period.\n";
    static ZCONST char Far CannotFindEitherZipfile[] =
-     "%s:  cannot find or open %s, %s.zip or %s.\n";
+     "%s:  cannot find or open %.512s, %.512s.zip or %.512s.\n";
 # else /* !UNIX */
 # ifndef AMIGA
    static ZCONST char Far CannotFindWildcardMatch[] =
-     "%s:  cannot find any matches for wildcard specification \"%s\".\n";
+     "%s:  cannot find any matches for wildcard specification \"%.512s\".\n";
 # endif /* !AMIGA */
    static ZCONST char Far CannotFindZipfileDirMsg[] =
-     "%s:  cannot find zipfile directory in %s,\n\
-        %sand cannot find %s, period.\n";
+     "%s:  cannot find zipfile directory in %.512s,\n\
+        %sand cannot find %.512s, period.\n";
    static ZCONST char Far CannotFindEitherZipfile[] =
-     "%s:  cannot find either %s or %s.\n";
+     "%s:  cannot find either %.512s or %.512s.\n";
 # endif /* ?UNIX */
    extern ZCONST char Far Zipnfo[];       /* in unzip.c */
 #ifndef WINDLL
diff -Nru unzip-5.52/unix/unix.c unzip-5.52-fixed/unix/unix.c
--- unzip-5.52/unix/unix.c	2008-03-18 09:43:34 +0200
+++ unzip-5.52-fixed/unix/unix.c	2008-03-18 09:42:35 +0200
@@ -1055,8 +1055,6 @@
         perror("chmod (file attributes) error");
 #endif
 
-    fclose(G.outfile);
-
 /*---------------------------------------------------------------------------
     If symbolic links are supported, allocate storage for a symlink control
     structure, put the uncompressed "data" and other required info in it, and
@@ -1076,6 +1074,7 @@
             Info(slide, 0x201, ((char *)slide,
               "warning:  symbolic link (%s) failed: mem alloc overflow\n",
               FnFilter1(G.filename)));
+            fclose(G.outfile);
             return;
         }
 
@@ -1083,6 +1082,7 @@
             Info(slide, 0x201, ((char *)slide,
               "warning:  symbolic link (%s) failed: no mem\n",
               FnFilter1(G.filename)));
+            fclose(G.outfile);
             return;
         }
         slnk_entry->next = NULL;
@@ -1092,11 +1092,10 @@
         slnk_entry->fname = slnk_entry->target + ucsize + 1;
         strcpy(slnk_entry->fname, G.filename);
 
-        /* reopen the "link data" file for reading */
-        G.outfile = fopen(G.filename, FOPR);
+        /* move back to the start of the file to re-read the "link data" */
+        rewind(G.outfile);
 
-        if (!G.outfile ||
-            fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize)
+        if (fread(slnk_entry->target, 1, ucsize, G.outfile) != (int)ucsize)
         {
             Info(slide, 0x201, ((char *)slide,
               "warning:  symbolic link (%s) failed\n",
@@ -1128,12 +1127,20 @@
     }
 #endif
 
+#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
+    fclose(G.outfile);
+#endif
+
     have_uidgid_flg = get_extattribs(__G__ &(zt.t3), z_uidgid);
 
     /* if -X option was specified and we have UID/GID info, restore it */
     if (have_uidgid_flg) {
         TTrace((stderr, "close_outfile:  restoring Unix UID/GID info\n"));
+#if (defined(NO_FCHOWN) || defined(NO_FCHMOD))
         if (chown(G.filename, (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
+#else
+        if (fchown(fileno(G.outfile), (uid_t)z_uidgid[0], (gid_t)z_uidgid[1]))
+#endif
         {
             if (uO.qflag)
                 Info(slide, 0x201, ((char *)slide,
@@ -1146,6 +1153,18 @@
         }
     }
 
+#if (!defined(NO_FCHOWN) && !defined(NO_FCHMOD))
+/*---------------------------------------------------------------------------
+    Change the file permissions from default ones to those stored in the
+    zipfile.
+  ---------------------------------------------------------------------------*/
+
+    if (fchmod(fileno(G.outfile), filtattr(__G__ G.pInfo->file_attr)))
+        perror("chmod (file attributes) error");
+
+    fclose(G.outfile);
+#endif /* !NO_FCHOWN && !NO_FCHMOD */
+
     /* set the file's access and modification times */
     if (utime(G.filename, &(zt.t2))) {
 #ifdef AOS_VS
@@ -1643,7 +1662,6 @@
 
             if ((long)LG(dlen) > 0)
             {
-                G.outfile = fopen(G.filename,"r+");
                 fseek(G.outfile, -8, SEEK_END);
                 fread(&ntc, 8, 1, G.outfile);
                 if(ntc.id != *(long *)"XTcc")
@@ -1653,7 +1671,6 @@
                     fwrite (&ntc, 8, 1, G.outfile);
                 }
                 Info(slide, 0x201, ((char *)slide, "QData = %d", LG(dlen)));
-                fclose(G.outfile);
             }
             return;     /* finished, cancel further extra field scanning */
           }
diff -Nru unzip-5.52/unzip.c unzip-5.52-fixed/unzip.c
--- unzip-5.52/unzip.c	2008-03-18 09:43:34 +0200
+++ unzip-5.52-fixed/unzip.c	2008-03-18 09:26:13 +0200
@@ -528,8 +528,7 @@
 #else /* !VMS */
 # ifdef COPYRIGHT_CLEAN
    static ZCONST char Far UnzipUsageLine1[] = "\
-UnZip %d.%d%d%s of %s, by Info-ZIP.  Maintained by C. Spieler.  Send\n\
-bug reports using http://www.info-zip.org/zip-bug.html; see README for details.\
+UnZip %d.%d%d%s of %s, by Debian. Original by Info-ZIP.\
 \n\n";
 # else
    static ZCONST char Far UnzipUsageLine1[] = "\
diff -Nru unzip-5.52/unzpriv.h unzip-5.52-fixed/unzpriv.h
--- unzip-5.52/unzpriv.h	2008-03-18 09:43:34 +0200
+++ unzip-5.52-fixed/unzpriv.h	2008-03-18 09:26:13 +0200
@@ -1081,6 +1081,7 @@
 #  define FOPR  "r","ctx=stm"
 #  define FOPM  "r+","ctx=stm","rfm=fix","mrs=512"
 #  define FOPW  "w","ctx=stm","rfm=fix","mrs=512"
+#  define FOPWR "w+","ctx=stm","rfm=fix","mrs=512"
 #endif /* VMS */
 
 #ifdef CMS_MVS
@@ -1117,6 +1118,9 @@
 #  ifndef FOPWT
 #    define FOPWT "wt"
 #  endif
+#  ifndef FOPWR
+#    define FOPWR "w+b"
+#  endif
 #else /* !MODERN */
 #  ifndef FOPR
 #    define FOPR "r"
@@ -1130,6 +1134,9 @@
 #  ifndef FOPWT
 #    define FOPWT "w"
 #  endif
+#  ifndef FOPWR
+#    define FOPWR "w+b"
+#  endif
 #endif /* ?MODERN */
 
 /*
 
design & coding: Vladimir Lettiev aka crux © 2004-2005, Andrew Avramenko aka liks © 2007-2008
current maintainer: Michael Shigorin