diff options
| author | rosenbaum | 2022-11-17 19:00:33 +0900 |
|---|---|---|
| committer | rosenbaum | 2022-11-17 19:00:33 +0900 |
| commit | 170c4f85573185e41416e7ad2eaf5f920d781633 (patch) | |
| tree | bb65472d4e8d74d40bc22a326739770576fbbeb5 | |
| download | aur-170c4f85573185e41416e7ad2eaf5f920d781633.tar.gz | |
Initial commit
| -rw-r--r-- | .SRCINFO | 79 | ||||
| -rw-r--r-- | PKGBUILD | 133 | ||||
| -rw-r--r-- | add-zstd-support.diff | 416 | ||||
| -rw-r--r-- | unzip-6.0_CVE-2021-4217.patch | 19 |
4 files changed, 647 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..4403a844efcd --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,79 @@ +pkgbase = unzip-zstd + pkgdesc = For extracting and viewing files in .zip archives (with Zstandard support) + pkgver = 6.0 + pkgrel = 1 + url = https://github.com/csabahruska/unzip-arch-zstd + arch = x86_64 + license = custom + depends = bzip2 + depends = zstd + depends = bash + provides = unzip + conflicts = unzip + options = debug + source = https://downloads.sourceforge.net/infozip/unzip60.tar.gz + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-exec-shield.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-close.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-attribs-overflow.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-symlink.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-format-secure.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-valgrind.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-x-option.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-overflow.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8139.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8140.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8141.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-overflow-long-fsize.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-heap-overflow-infloop.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8-print.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/0001-Fix-CVE-2016-9844-rhbz-1404283.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-timestamp.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-18384.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-COVSCAN-fix-unterminated-string.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch + source = https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch + source = unzip-6.0_CVE-2021-4217.patch + source = https://sources.debian.org/data/main/u/unzip/6.0-27/debian/patches/28-cve-2022-0529-and-cve-2022-0530.patch + source = add-zstd-support.diff + sha512sums = 0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d + sha512sums = 3c7f525687b198aaa8547a8b30e744f7f184943624279d5c70170d5b9bb3f0c0f27f3e69bc808dd0d144690107bc76a10c06e160bf99c54fd5684246208b7cff + sha512sums = 8423e32bbc1e1fe9366118bd10795bb8307f5a9a1afba1f0f62e46443d198b7f3cfcc41dedf57f31830f4c7328c9f5ae573982ca8664822b5f2a2ecdbc389df9 + sha512sums = 0aea88ccb4e141f4b23559a6802d0ceccaf4897addbe9d4ec465909ddf5f910a44d5e7907c815211e4b086cbd73c200c9b972f197a256e44f74468e3909928c9 + sha512sums = a3be30ce8c9eb903db636e786bea4e0c12ecb3f63af16eeac819f0b11db6984dfd93133fdbba2fdce228f5f57283973f64e3e3a81ec28cf46ea2e0b7593046d2 + sha512sums = 94560c730437ac2561d5e7550b91688dad1b828e1da96c9477e228e17b37e455ecdcd3a774e7db94dd902bbe12547d910602c0656b803768e5865b045d452dd7 + sha512sums = 8e1e3c88ff4191c325696984a52df50ba70ec0d0e68938ba06bbcdf9de96c0a26c9802db28b762bd14bc1a5c1c7d33d67e1cce91a3e44c92f3bb90509ea0f15f + sha512sums = ec09ee6017fed66ebae2921b50fb7419eed627d49e78a3a072bec7256841e7829b6a3121f776a1ccc5d2cc3589006902465d73c28b3bd0937b9c3417ab0a0446 + sha512sums = 7e5274db1d0e9b1db87ce543ddb4edea67cea193ee5394a5a46f3813169c33508cbea96cc0ce88eb4ffc64b21df02c18724d0fe8f7d2814954233f646c386b3a + sha512sums = 217a923ff8101823d7555c5999e63b2be0bb5898911f0f39dd46c85c69ce2e59c29135e69b5cbb084f40b5beb8dc52e1b47d3b21cd801ebb06dc08984c85f292 + sha512sums = a23f48924852046500547921f7b52e861a75dc2521f184fba87b3ff338c9d0598e8493f2a3c8eb1cb80412e0d057fb4b3c21e457f7295c8c8158d821709fb000 + sha512sums = 5969a2de0e11d00dfb690f67b1ae96d7a4f587a1cf3dd80572f5e10ba970a69958f04bb826a49338fc93204a3cb7aeb34bf735a681383f8e89691d09a7b26cce + sha512sums = 6b37c1e72bea789051624c72c0aaa0522f4eecf83e82efb1d9c1844536903ed253b7448bea4a6e6aa116be86a50cad6911a0e218eacb8e5bee27a4457145b03f + sha512sums = b0b745cff474756447e699a13ff003871b33a4f7a24a91150e5a947eba5132fd90fbacf7580379fc13c5f638483b25cbc226f85b9cac9c7662b2f91927eb2bb3 + sha512sums = a00e41feede53d42e0eb03d8280664b2a904918fab3c52459d02c07a298dd12e482eb3318c1842933ac3a527308dc5e4871f029b6b79e5bc2b2e1d84fee4fd0f + sha512sums = 48e6c143eb55aad68d49b6dab640f824b88eaeadfb35e4962199b833e8e7adc87ded7bf8846ee43e1b4974e883fdc6b1d1f558eb72705d0c7af0455ee1ffccbb + sha512sums = b73fde8e3568ccb8d26a787ac27127f87625dec372fa0ccaafd1266ddaaee46f9767bb67e874574cb27ec13fd3c90195e60be719b9996a7c5e194da7bf700c97 + sha512sums = e387dc533142f0f702c04092da297e8dfc9b51e4ec7001e6e657d93a9a0f6382b1b39196f239190b8d52b8ecfa46a965627e503aaecdab86e59272af84bbc2c6 + sha512sums = 6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7 + sha512sums = d506d50897c164ee87e860e97a25b6725f1e724cad74cbd79cb8ac4cd68ef6dfb42bcd8dcf954112340d9b943b8d1d34bf166b2ca958f0045d6f7298954fbf20 + sha512sums = f50bc2d6ff9859bdbc9122be558a7119d693687424260bf90663e594223a9247f5a3f24a490e3345f5e9b8c6501446da752e51d4b63a35531e37c20cbc9456ab + sha512sums = 4f940afa1f6628a47faf6eb13116eab384bda05c841b0b286b18cafad9c4b567ef332a301b8fbdf07259acdf8f6bdb452487e086bce2a3f092daa4e9d9daefa6 + sha512sums = e20e97722e0daf48b97df540added603325d356c6597634afd694af3972bb62952dd0f92c10d98f8c9f28eb9d089f6f5b022e0beb8c6224e32fd2cfaadffa200 + sha512sums = 7e11e29dde260f0245bc25eeb811d794515d1c523b42ea6004c7c6a2eda19b9de4dd7a8ecc03e5ff7d376e28a96c6f1b2b922d6b8b3963a9e4746231f3c257f4 + sha512sums = cb51b1ff5c1bc4a3acc8d4bb60c92cd74dec1b76799f00f542e793b1407964c00cfbda8153703e40a64d1cf89705d6ba16a4c11e7ca9a304eb3a14355546e5eb + sha512sums = 27d45a25a6a51415af609a4fdefcb7c95a1105d511a6e18e2a7464e9d3773ba2ccb25f138a3cc6ddc6e5e9c558b633ee60d273cebf562c2a7d1e99d3f229d1ba + sha512sums = 48875d7e08d669637e26a7e800f8b2a3812d477e6f249c8d4962fdf93ba6d346f5b22b83d82cb65317b506dff84c441d42c0fe7d1c042a065619d39bdf25fdd0 + sha512sums = a788d57fe0fb9ae6106381d2a8fe566aa35bb037012139dc7c283fe5eb316056835dffa9ea9778c15a5b39e50a75329a135a0dffdfc6a53d575ef2013b1d478a + sha512sums = d86aba51101fdbe855c35f034d33d65a79c5c707d01de4709619f5d1316185777048b72c293f9506186677bcecf54a808e106ad59bb36835ef80615641c85d63 + sha512sums = fc1f4246b6974c3c554aed1127f512f0b2ac8fa13aff7c3b54877411e15856522e35633c45b2326d96b5094a9106d697a0883c1879af2c616d9dd51180b6887b + sha512sums = bff17d21399a2189ed497602a735eab55746a17e6d414d843068c0374ae09d8d5958c00731e9f35dbfbce6ec9f802cb83d1e7436363392a36a2e34b724d0d71c + sha512sums = 7fe4400412e6ab3542400a320e77148958bd52c39d606134c0b2703ab95697e2038fd2c85887b3145d5e1b1b46a0474fc89e5f6ed42bfaa7392c0569a632fbcc + +pkgname = unzip-zstd diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..ccb5eff47ff3 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,133 @@ +pkgname=unzip-zstd +_pkgname=unzip +pkgver=6.0 +_pkgver=${pkgver/./} +pkgrel=1 +pkgdesc='For extracting and viewing files in .zip archives (with Zstandard support)' +url='https://github.com/csabahruska/unzip-arch-zstd' +arch=('x86_64') +license=('custom') +depends=('bzip2' 'zstd' 'bash') +conflicts=('unzip') +provides=('unzip') +options=('debug') +source=("https://downloads.sourceforge.net/infozip/${_pkgname}${_pkgver}.tar.gz" + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-exec-shield.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-close.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-attribs-overflow.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-symlink.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-format-secure.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-valgrind.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-x-option.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-overflow.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8139.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8140.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2014-8141.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-overflow-long-fsize.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-heap-overflow-infloop.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-alt-iconv-utf8-print.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/0001-Fix-CVE-2016-9844-rhbz-1404283.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-timestamp.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-18384.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-COVSCAN-fix-unterminated-string.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch' + 'https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch' + 'unzip-6.0_CVE-2021-4217.patch' + 'https://sources.debian.org/data/main/u/unzip/6.0-27/debian/patches/28-cve-2022-0529-and-cve-2022-0530.patch' + 'add-zstd-support.diff') +sha512sums=('0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d' + '3c7f525687b198aaa8547a8b30e744f7f184943624279d5c70170d5b9bb3f0c0f27f3e69bc808dd0d144690107bc76a10c06e160bf99c54fd5684246208b7cff' + '8423e32bbc1e1fe9366118bd10795bb8307f5a9a1afba1f0f62e46443d198b7f3cfcc41dedf57f31830f4c7328c9f5ae573982ca8664822b5f2a2ecdbc389df9' + '0aea88ccb4e141f4b23559a6802d0ceccaf4897addbe9d4ec465909ddf5f910a44d5e7907c815211e4b086cbd73c200c9b972f197a256e44f74468e3909928c9' + 'a3be30ce8c9eb903db636e786bea4e0c12ecb3f63af16eeac819f0b11db6984dfd93133fdbba2fdce228f5f57283973f64e3e3a81ec28cf46ea2e0b7593046d2' + '94560c730437ac2561d5e7550b91688dad1b828e1da96c9477e228e17b37e455ecdcd3a774e7db94dd902bbe12547d910602c0656b803768e5865b045d452dd7' + '8e1e3c88ff4191c325696984a52df50ba70ec0d0e68938ba06bbcdf9de96c0a26c9802db28b762bd14bc1a5c1c7d33d67e1cce91a3e44c92f3bb90509ea0f15f' + 'ec09ee6017fed66ebae2921b50fb7419eed627d49e78a3a072bec7256841e7829b6a3121f776a1ccc5d2cc3589006902465d73c28b3bd0937b9c3417ab0a0446' + '7e5274db1d0e9b1db87ce543ddb4edea67cea193ee5394a5a46f3813169c33508cbea96cc0ce88eb4ffc64b21df02c18724d0fe8f7d2814954233f646c386b3a' + '217a923ff8101823d7555c5999e63b2be0bb5898911f0f39dd46c85c69ce2e59c29135e69b5cbb084f40b5beb8dc52e1b47d3b21cd801ebb06dc08984c85f292' + 'a23f48924852046500547921f7b52e861a75dc2521f184fba87b3ff338c9d0598e8493f2a3c8eb1cb80412e0d057fb4b3c21e457f7295c8c8158d821709fb000' + '5969a2de0e11d00dfb690f67b1ae96d7a4f587a1cf3dd80572f5e10ba970a69958f04bb826a49338fc93204a3cb7aeb34bf735a681383f8e89691d09a7b26cce' + '6b37c1e72bea789051624c72c0aaa0522f4eecf83e82efb1d9c1844536903ed253b7448bea4a6e6aa116be86a50cad6911a0e218eacb8e5bee27a4457145b03f' + 'b0b745cff474756447e699a13ff003871b33a4f7a24a91150e5a947eba5132fd90fbacf7580379fc13c5f638483b25cbc226f85b9cac9c7662b2f91927eb2bb3' + 'a00e41feede53d42e0eb03d8280664b2a904918fab3c52459d02c07a298dd12e482eb3318c1842933ac3a527308dc5e4871f029b6b79e5bc2b2e1d84fee4fd0f' + '48e6c143eb55aad68d49b6dab640f824b88eaeadfb35e4962199b833e8e7adc87ded7bf8846ee43e1b4974e883fdc6b1d1f558eb72705d0c7af0455ee1ffccbb' + 'b73fde8e3568ccb8d26a787ac27127f87625dec372fa0ccaafd1266ddaaee46f9767bb67e874574cb27ec13fd3c90195e60be719b9996a7c5e194da7bf700c97' + 'e387dc533142f0f702c04092da297e8dfc9b51e4ec7001e6e657d93a9a0f6382b1b39196f239190b8d52b8ecfa46a965627e503aaecdab86e59272af84bbc2c6' + '6f757385a23fe6a034f676df6bf233243afa8743761e3d715e532d066fcd7dc8f8dcd6192be693258f3855837e5534490784378768abe7ce710fb869258d49b7' + 'd506d50897c164ee87e860e97a25b6725f1e724cad74cbd79cb8ac4cd68ef6dfb42bcd8dcf954112340d9b943b8d1d34bf166b2ca958f0045d6f7298954fbf20' + 'f50bc2d6ff9859bdbc9122be558a7119d693687424260bf90663e594223a9247f5a3f24a490e3345f5e9b8c6501446da752e51d4b63a35531e37c20cbc9456ab' + '4f940afa1f6628a47faf6eb13116eab384bda05c841b0b286b18cafad9c4b567ef332a301b8fbdf07259acdf8f6bdb452487e086bce2a3f092daa4e9d9daefa6' + 'e20e97722e0daf48b97df540added603325d356c6597634afd694af3972bb62952dd0f92c10d98f8c9f28eb9d089f6f5b022e0beb8c6224e32fd2cfaadffa200' + '7e11e29dde260f0245bc25eeb811d794515d1c523b42ea6004c7c6a2eda19b9de4dd7a8ecc03e5ff7d376e28a96c6f1b2b922d6b8b3963a9e4746231f3c257f4' + 'cb51b1ff5c1bc4a3acc8d4bb60c92cd74dec1b76799f00f542e793b1407964c00cfbda8153703e40a64d1cf89705d6ba16a4c11e7ca9a304eb3a14355546e5eb' + '27d45a25a6a51415af609a4fdefcb7c95a1105d511a6e18e2a7464e9d3773ba2ccb25f138a3cc6ddc6e5e9c558b633ee60d273cebf562c2a7d1e99d3f229d1ba' + '48875d7e08d669637e26a7e800f8b2a3812d477e6f249c8d4962fdf93ba6d346f5b22b83d82cb65317b506dff84c441d42c0fe7d1c042a065619d39bdf25fdd0' + 'a788d57fe0fb9ae6106381d2a8fe566aa35bb037012139dc7c283fe5eb316056835dffa9ea9778c15a5b39e50a75329a135a0dffdfc6a53d575ef2013b1d478a' + 'd86aba51101fdbe855c35f034d33d65a79c5c707d01de4709619f5d1316185777048b72c293f9506186677bcecf54a808e106ad59bb36835ef80615641c85d63' + 'fc1f4246b6974c3c554aed1127f512f0b2ac8fa13aff7c3b54877411e15856522e35633c45b2326d96b5094a9106d697a0883c1879af2c616d9dd51180b6887b' + 'bff17d21399a2189ed497602a735eab55746a17e6d414d843068c0374ae09d8d5958c00731e9f35dbfbce6ec9f802cb83d1e7436363392a36a2e34b724d0d71c' + '7fe4400412e6ab3542400a320e77148958bd52c39d606134c0b2703ab95697e2038fd2c85887b3145d5e1b1b46a0474fc89e5f6ed42bfaa7392c0569a632fbcc') + +prepare() { + cd "${srcdir}/${_pkgname}${_pkgver}" + sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile + patch -p1 -i ../unzip-6.0-exec-shield.patch + patch -p1 -i ../unzip-6.0-close.patch + patch -p1 -i ../unzip-6.0-attribs-overflow.patch + patch -p1 -i ../unzip-6.0-symlink.patch # FS#60433 + patch -p1 -i ../unzip-6.0-format-secure.patch + patch -p1 -i ../unzip-6.0-valgrind.patch + patch -p1 -i ../unzip-6.0-x-option.patch + patch -p1 -i ../unzip-6.0-overflow.patch # FS#44171 + patch -p1 -i ../unzip-6.0-cve-2014-8139.patch # FS#43300 + patch -p1 -i ../unzip-6.0-cve-2014-8140.patch # FS#43391 + patch -p1 -i ../unzip-6.0-cve-2014-8141.patch # FS#43300 + patch -p1 -i ../unzip-6.0-overflow-long-fsize.patch # FS#44171 + patch -p1 -i ../unzip-6.0-heap-overflow-infloop.patch # FS#46955 + patch -p1 -i ../unzip-6.0-alt-iconv-utf8.patch + patch -p1 -i ../unzip-6.0-alt-iconv-utf8-print.patch + patch -p1 -i ../0001-Fix-CVE-2016-9844-rhbz-1404283.patch + patch -p1 -i ../unzip-6.0-timestamp.patch + patch -p1 -i ../unzip-6.0-cve-2018-1000035-heap-based-overflow.patch # FS#69739 + patch -p1 -i ../unzip-6.0-cve-2018-18384.patch + patch -p1 -i ../unzip-6.0-COVSCAN-fix-unterminated-string.patch + patch -p1 -i ../unzip-zipbomb-part1.patch + patch -p1 -i ../unzip-zipbomb-part2.patch + patch -p1 -i ../unzip-zipbomb-part3.patch + patch -p1 -i ../unzip-zipbomb-manpage.patch + patch -p1 -i ../unzip-zipbomb-part4.patch + patch -p1 -i ../unzip-zipbomb-part5.patch + patch -p1 -i ../unzip-zipbomb-part6.patch + patch -p1 -i ../unzip-zipbomb-switch.patch + patch -p1 -i ../unzip-6.0_CVE-2021-4217.patch # FS#73542 + patch -p1 -F3 -i ../28-cve-2022-0529-and-cve-2022-0530.patch + patch -p1 -i ../add-zstd-support.diff +} + +build() { + cd "${srcdir}/${_pkgname}${_pkgver}" + + # DEFINES, make, and install args from Debian + DEFINES='-DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -DLARGE_FILE_SUPPORT \ + -DUNICODE_SUPPORT -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \ + -DDATE_FORMAT=DF_YMD -DUSE_BZIP2 -DUSE_ZSTD -DNOMEMCPY -DNO_WORKING_ISPRINT' + + make -f unix/Makefile prefix=/usr \ + D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \ + LF2="-lzstd $LDFLAGS" CF="$CFLAGS $CPPFLAGS -I. $DEFINES" \ + unzips +} + +package() { + cd "${srcdir}/${_pkgname}${_pkgver}" + make -f unix/Makefile prefix="${pkgdir}"/usr install + install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" +} diff --git a/add-zstd-support.diff b/add-zstd-support.diff new file mode 100644 index 000000000000..0d2b59ccfdf4 --- /dev/null +++ b/add-zstd-support.diff @@ -0,0 +1,416 @@ +diff --git a/extract.c b/extract.c +index 1ce6870..9c320a7 100644 +--- a/extract.c ++++ b/extract.c +@@ -28,6 +28,7 @@ + fnfilter() + dircomp() (SET_DIR_ATTRIB only) + UZbunzip2() (USE_BZIP2 only) ++ UZzstd_decompress() (USE_ZSTD only) + + ---------------------------------------------------------------------------*/ + +@@ -139,17 +140,18 @@ static ZCONST char Far ComprMsgNum[] = + static ZCONST char Far CmprLZMA[] = "LZMA"; + static ZCONST char Far CmprIBMTerse[] = "IBM/Terse"; + static ZCONST char Far CmprIBMLZ77[] = "IBM LZ77"; ++ static ZCONST char Far CmprZstd[] = "zstd"; + static ZCONST char Far CmprWavPack[] = "WavPack"; + static ZCONST char Far CmprPPMd[] = "PPMd"; + static ZCONST char Far *ComprNames[NUM_METHODS] = { + CmprNone, CmprShrink, CmprReduce, CmprReduce, CmprReduce, CmprReduce, + CmprImplode, CmprTokenize, CmprDeflate, CmprDeflat64, CmprDCLImplode, +- CmprBzip, CmprLZMA, CmprIBMTerse, CmprIBMLZ77, CmprWavPack, CmprPPMd ++ CmprBzip, CmprLZMA, CmprIBMTerse, CmprIBMLZ77, CmprZstd, CmprWavPack, CmprPPMd + }; + static ZCONST unsigned ComprIDs[NUM_METHODS] = { + STORED, SHRUNK, REDUCED1, REDUCED2, REDUCED3, REDUCED4, + IMPLODED, TOKENIZED, DEFLATED, ENHDEFLATED, DCLIMPLODED, +- BZIPPED, LZMAED, IBMTERSED, IBMLZ77ED, WAVPACKED, PPMDED ++ BZIPPED, LZMAED, IBMTERSED, IBMLZ77ED, ZSTDED, WAVPACKED, PPMDED + }; + #endif /* !SFX */ + static ZCONST char Far FilNamMsg[] = +@@ -274,6 +276,10 @@ static ZCONST char Far Inflate[] = "inflate"; + static ZCONST char Far BUnzip[] = "bunzip"; + #endif + ++#ifdef USE_ZSTD ++ static ZCONST char Far Unzstd[] = "unzstd"; ++#endif ++ + #ifndef SFX + static ZCONST char Far Explode[] = "explode"; + #ifndef LZW_CLEAN +@@ -994,6 +1000,12 @@ static int store_info(__G) /* return 0 if skipping, 1 if OK */ + # define UNKN_LZMA TRUE /* LZMA unknown */ + #endif + ++#ifdef USE_ZSTD ++# define UNKN_ZSTD (G.crec.compression_method!=ZSTDED) ++#else ++# define UNKN_ZSTD TRUE /* zstd unknown */ ++#endif ++ + #ifdef USE_WAVP + # define UNKN_WAVP (G.crec.compression_method!=WAVPACKED) + #else +@@ -1011,11 +1023,11 @@ static int store_info(__G) /* return 0 if skipping, 1 if OK */ + # define UNKN_COMPR \ + (G.crec.compression_method!=STORED && G.crec.compression_method<DEFLATED \ + && G.crec.compression_method>ENHDEFLATED \ +- && UNKN_BZ2 && UNKN_LZMA && UNKN_WAVP && UNKN_PPMD) ++ && UNKN_BZ2 && UNKN_LZMA && UNKN_ZSTD && UNKN_WAVP && UNKN_PPMD) + # else + # define UNKN_COMPR \ + (G.crec.compression_method!=STORED && G.crec.compression_method!=DEFLATED\ +- && UNKN_BZ2 && UNKN_LZMA && UNKN_WAVP && UNKN_PPMD) ++ && UNKN_BZ2 && UNKN_LZMA && UNKN_ZSTD && UNKN_WAVP && UNKN_PPMD) + # endif + #else + # ifdef COPYRIGHT_CLEAN /* no reduced files */ +@@ -1033,20 +1045,22 @@ static int store_info(__G) /* return 0 if skipping, 1 if OK */ + # define UNKN_COMPR (UNKN_RED || UNKN_SHR || \ + G.crec.compression_method==TOKENIZED || \ + (G.crec.compression_method>ENHDEFLATED && UNKN_BZ2 && UNKN_LZMA \ +- && UNKN_WAVP && UNKN_PPMD)) ++ && UNKN_ZSTD && UNKN_WAVP && UNKN_PPMD)) + # else + # define UNKN_COMPR (UNKN_RED || UNKN_SHR || \ + G.crec.compression_method==TOKENIZED || \ + (G.crec.compression_method>DEFLATED && UNKN_BZ2 && UNKN_LZMA \ +- && UNKN_WAVP && UNKN_PPMD)) ++ && UNKN_ZSTD && UNKN_WAVP && UNKN_PPMD)) + # endif + #endif + +-#if (defined(USE_BZIP2) && (UNZIP_VERSION < UNZIP_BZ2VERS)) +- int unzvers_support = (UNKN_BZ2 ? UNZIP_VERSION : UNZIP_BZ2VERS); + # define UNZVERS_SUPPORT unzvers_support +-#else +-# define UNZVERS_SUPPORT UNZIP_VERSION ++ int unzvers_support = UNZIP_VERSION; ++#if defined(USE_BZIP2) ++ if (!UNKN_BZ2 && UNZIP_BZ2VERS > unzvers_support) unzvers_support = UNZIP_BZ2VERS; ++#endif ++#if defined(USE_ZSTD) ++ if (!UNKN_ZSTD && UNZIP_ZSTDVERS > unzvers_support) unzvers_support = UNZIP_ZSTDVERS; + #endif + + /*--------------------------------------------------------------------------- +@@ -2099,6 +2113,37 @@ static int extract_or_test_member(__G) /* return PK-type error code */ + break; + #endif /* USE_BZIP2 */ + ++#ifdef USE_ZSTD ++ case ZSTDED: ++ if (!uO.tflag && QCOND2) { ++ Info(slide, 0, ((char *)slide, LoadFarString(ExtractMsg), ++ "unzstd", FnFilter1(G.filename), ++ (uO.aflag != 1 /* && G.pInfo->textfile==G.pInfo->textmode */)? ++ "" : (G.pInfo->textfile? txt : bin), uO.cflag? NEWLINE : "")); ++ } ++ if ((r = UZzstd_decompress(__G)) != 0) { ++ if (r < PK_DISK) { ++ if ((uO.tflag && uO.qflag) || (!uO.tflag && !QCOND2)) ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipFile), r == 3? ++ LoadFarString(NotEnoughMem) : ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Unzstd), ++ FnFilter1(G.filename))); ++ else ++ Info(slide, 0x401, ((char *)slide, ++ LoadFarStringSmall(ErrUnzipNoFile), r == 3? ++ LoadFarString(NotEnoughMem) : ++ LoadFarString(InvalidComprData), ++ LoadFarStringSmall2(Unzstd))); ++ error = ((r == 3) ? PK_MEM3 : PK_ERR); ++ } else { ++ error = r; ++ } ++ } ++ break; ++#endif /* USE_ZSTD */ ++ + default: /* should never get to this point */ + Info(slide, 0x401, ((char *)slide, + LoadFarString(FileUnknownCompMethod), FnFilter1(G.filename))); +@@ -3237,3 +3282,106 @@ __GDEF + return retval; + } /* end function UZbunzip2() */ + #endif /* USE_BZIP2 */ ++ ++#ifdef USE_ZSTD ++ ++/**********************************/ ++/* Function UZzstd_decompress() */ ++/**********************************/ ++ ++int UZzstd_decompress(__G) ++__GDEF ++/* decompress a zstd entry using the libzstd routines */ ++{ ++ int retval = 0; /* return code: 0 = "no error" */ ++ int err=1; // zstd meaning: there is unprocessed input data ++ int repeated_buf_err; ++ ++ Trace((stderr, "initializing zstdlib()\n")); ++ ZSTD_DCtx* const dctx = ZSTD_createDCtx(); ++ ++ if (dctx == NULL) ++ return 3; // ret code: not enough memory ++ ++#if (defined(DLL) && !defined(NO_SLIDE_REDIR)) ++ if (G.redirect_slide) ++ wsize = G.redirect_size, redirSlide = G.redirect_buffer; ++ else ++ wsize = WSIZE, redirSlide = slide; ++#endif ++ ++ ZSTD_inBuffer input = { (const void *)G.inptr, G.incnt, 0 }; ++ ZSTD_outBuffer output = { (void *)redirSlide, wsize, 0 }; ++ ++#define ZSTD_STREAM_END 0 ++#ifdef FUNZIP ++ while (err != ZSTD_STREAM_END) { ++#else /* !FUNZIP */ ++ while (G.csize > 0) { ++ Trace((stderr, "first loop: G.csize = %ld\n", G.csize)); ++#endif /* ?FUNZIP */ ++ while (output.pos < output.size) { ++ err = ZSTD_decompressStream(dctx, &output , &input); ++ ++ if (ZSTD_isError(err)) { ++ Trace((stderr, "oops! (zstd error = %d, %s\n", err, ZSTD_getErrorName(err))); ++ retval = 2; goto uzzstd_cleanup_exit; ++ } ++ ++#ifdef FUNZIP ++ if (err == ZSTD_STREAM_END) /* "END-of-entry-condition" ? */ ++#else /* !FUNZIP */ ++ if (G.csize <= 0L) /* "END-of-entry-condition" ? */ ++#endif /* ?FUNZIP */ ++ break; ++ ++ if (input.pos == input.size) { ++ if (fillinbuf(__G) == 0) { ++ /* no "END-condition" yet, but no more data */ ++ retval = 2; goto uzzstd_cleanup_exit; ++ } ++ ++ input.src = (const void *)G.inptr; ++ input.size = G.incnt; ++ input.pos = 0; ++ } ++ Trace((stderr, " avail_in = %u\n", input.size - input.pos)); ++ } ++ /* flush slide[] */ ++ if ((retval = FLUSH(output.pos)) != 0) ++ goto uzzstd_cleanup_exit; ++ Trace((stderr, "inside loop: flushing %ld bytes\n", ++ (long)(output.pos))); ++ output.dst = (void *)redirSlide; ++ output.size = wsize; ++ output.pos = 0; ++ } ++ ++ /* no more input, so loop until we have all output */ ++ Trace((stderr, "beginning final loop: err = %d\n", err)); ++ repeated_buf_err = FALSE; ++ while (err != ZSTD_STREAM_END) { ++ err = ZSTD_decompressStream(dctx, &output , &input); ++ if (ZSTD_isError(err)) { ++ Trace((stderr, "oops! (zstd final loop, error = %d, %s\n", err, ZSTD_getErrorName(err))); ++ retval = 2; goto uzzstd_cleanup_exit; ++ } ++ /* final flush of slide[] */ ++ if ((retval = FLUSH(output.pos)) != 0) ++ goto uzzstd_cleanup_exit; ++ Trace((stderr, "final loop: flushing %ld bytes\n", ++ (long)(output.pos))); ++ output.dst = (void *)redirSlide; ++ output.size = wsize; ++ output.pos = 0; ++ } ++ ++ G.inptr += input.pos; ++ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */ ++ ++uzzstd_cleanup_exit: ++ ZSTD_freeDCtx(dctx); ++ ++ return retval; ++} /* end function UZzstd_decompress() */ ++#endif /* USE_ZSTD */ +diff --git a/fileio.c b/fileio.c +index 1b98e7d..53b2898 100644 +--- a/fileio.c ++++ b/fileio.c +@@ -673,7 +673,7 @@ int readbyte(__G) /* refill inbuf and return a byte if available, else EOF */ + + + +-#if defined(USE_ZLIB) || defined(USE_BZIP2) ++#if defined(USE_ZLIB) || defined(USE_BZIP2) || defined(USE_ZSTD) + + /************************/ + /* Function fillinbuf() */ +@@ -703,7 +703,7 @@ int fillinbuf(__G) /* like readbyte() except returns number of bytes in inbuf */ + + } /* end function fillinbuf() */ + +-#endif /* USE_ZLIB || USE_BZIP2 */ ++#endif /* USE_ZLIB || USE_BZIP2 || USE_ZSTD*/ + + + +diff --git a/globals.h b/globals.h +index 09bab87..7e689ad 100644 +--- a/globals.h ++++ b/globals.h +@@ -146,6 +146,10 @@ + # include "bzlib.h" + #endif + ++#ifdef USE_ZSTD ++# include "zstd.h" ++#endif ++ + + /*************/ + /* Globals */ +diff --git a/list.c b/list.c +index a688a3e..0289296 100644 +--- a/list.c ++++ b/list.c +@@ -121,7 +121,7 @@ int list_files(__G) /* return PK-type error code */ + static ZCONST char Far method[NUM_METHODS+1][8] = + {"Stored", "Shrunk", "Reduce1", "Reduce2", "Reduce3", "Reduce4", + "Implode", "Token", "Defl:#", "Def64#", "ImplDCL", "BZip2", +- "LZMA", "Terse", "IBMLZ77", "WavPack", "PPMd", "Unk:###"}; ++ "LZMA", "Terse", "IBMLZ77", "zstd", "WavPack", "PPMd", "Unk:###"}; + + + +diff --git a/unix/Makefile b/unix/Makefile +index 6c51d1c..8cd540a 100644 +--- a/unix/Makefile ++++ b/unix/Makefile +@@ -573,6 +573,14 @@ generic_bz2: unix_make + L_BZ2="-lbz2" LIBBZ2="$(IZ_OUR_BZIP2_DIR)/libbz2.a" \ + CC_BZ="$(CC)" CFLAGS_BZ="$(CFLAGS)" + ++# Generic unzip and funzip target using either shared or static libzstd for ++# zstd compression method. ++ ++generic_zstd: unix_make ++ @echo\ ++ "This target assumes libzstd (libzstd.a or libzstd.so.*) is already installed." ++ $(MAKE) unzip funzip CF="$(CF) -DUSE_ZSTD" LF2="-lzstd $(LF2)" ++ + # Generic unzip and funzip target using either shared or static zlib for + # inflate rather than the original UnZip version. (libz was libgz prior + # to 0.94) Need to figure out how to force unzipsfx to use static libz. +diff --git a/unzip.c b/unzip.c +index 1ef4be4..ff4f996 100644 +--- a/unzip.c ++++ b/unzip.c +@@ -531,6 +531,10 @@ static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\ + static ZCONST char Far UseBZip2[] = + "USE_BZIP2 (PKZIP 4.6+, using bzip2 lib version %s)"; + # endif ++# ifdef USE_ZSTD ++ static ZCONST char Far UseZstd[] = ++ "USE_ZSTD (PKZIP 6.3+, using zstd lib version %s)"; ++# endif + # ifdef VMS_TEXT_CONV + static ZCONST char Far VmsTextConv[] = "VMS_TEXT_CONV"; + # endif +@@ -2660,6 +2664,13 @@ static void show_version_info(__G) + (char *)(slide+256))); + ++numopts; + #endif ++#ifdef USE_ZSTD ++ sprintf((char *)(slide+256), LoadFarStringSmall(UseZstd), ++ ZSTD_versionString()); ++ Info(slide, 0, ((char *)slide, LoadFarString(CompileOptFormat), ++ (char *)(slide+256))); ++ ++numopts; ++#endif + #ifdef VMS_TEXT_CONV + Info(slide, 0, ((char *)slide, LoadFarString(CompileOptFormat), + LoadFarStringSmall(VmsTextConv))); +diff --git a/unzpriv.h b/unzpriv.h +index 6fa131a..29834db 100644 +--- a/unzpriv.h ++++ b/unzpriv.h +@@ -676,9 +676,12 @@ + /* Defines */ + /*************/ + ++#define UNZIP_ZSTDVERS 63 + #define UNZIP_BZ2VERS 46 + #ifdef ZIP64_SUPPORT +-# ifdef USE_BZIP2 ++# ifdef USE_ZSTD ++# define UNZIP_VERSION UNZIP_ZSTDVERS ++# elif defined(USE_BZIP2) + # define UNZIP_VERSION UNZIP_BZ2VERS + # else + # define UNZIP_VERSION 45 +@@ -1703,9 +1706,10 @@ + #define LZMAED 14 + #define IBMTERSED 18 + #define IBMLZ77ED 19 ++#define ZSTDED 93 + #define WAVPACKED 97 + #define PPMDED 98 +-#define NUM_METHODS 17 /* number of known method IDs */ ++#define NUM_METHODS 18 /* number of known method IDs */ + /* don't forget to update list.c (list_files()), extract.c and zipinfo.c + * appropriately if NUM_METHODS changes */ + +@@ -2446,6 +2450,9 @@ int huft_build OF((__GPRO__ ZCONST unsigned *b, unsigned n, + int UZbunzip2 OF((__GPRO)); /* extract.c */ + void bz_internal_error OF((int bzerrcode)); /* ubz2err.c */ + #endif ++#ifdef USE_ZSTD ++ int UZzstd_decompress OF((__GPRO)); /* extract.c */ ++#endif + + /*--------------------------------------------------------------------------- + Internal API functions (only included in DLL versions): +diff --git a/zipinfo.c b/zipinfo.c +index cb7e08d..a88654c 100644 +--- a/zipinfo.c ++++ b/zipinfo.c +@@ -208,6 +208,7 @@ static ZCONST char Far MthdBZip2[] = "bzipped"; + static ZCONST char Far MthdLZMA[] = "LZMA-ed"; + static ZCONST char Far MthdTerse[] = "tersed (IBM)"; + static ZCONST char Far MthdLZ77[] = "LZ77-compressed (IBM)"; ++static ZCONST char Far MthdZstd[] = "zstd-ed"; + static ZCONST char Far MthdWavPack[] = "WavPacked"; + static ZCONST char Far MthdPPMd[] = "PPMd-ed"; + +@@ -1075,7 +1076,8 @@ static int zi_long(__G__ pEndprev, error_in_archive) + static ZCONST char Far *method[NUM_METHODS] = { + MthdNone, MthdShrunk, MthdRedF1, MthdRedF2, MthdRedF3, MthdRedF4, + MthdImplode, MthdToken, MthdDeflate, MthdDeflat64, MthdDCLImplode, +- MthdBZip2, MthdLZMA, MthdTerse, MthdLZ77, MthdWavPack, MthdPPMd ++ MthdBZip2, MthdLZMA, MthdTerse, MthdLZ77, MthdZstd, MthdWavPack, ++ MthdPPMd + }; + static ZCONST char Far *dtypelng[4] = { + DeflNorm, DeflMax, DeflFast, DeflSFast +@@ -1962,8 +1964,8 @@ static int zi_short(__G) /* return PK-type error code */ + #endif + static ZCONST char Far method[NUM_METHODS+1][5] = { + "stor", "shrk", "re:1", "re:2", "re:3", "re:4", "i#:#", "tokn", +- "def#", "d64#", "dcli", "bzp2", "lzma", "ters", "lz77", "wavp", +- "ppmd", "u###" ++ "def#", "d64#", "dcli", "bzp2", "lzma", "ters", "lz77", "zstd", ++ "wavp", "ppmd", "u###" + }; + + diff --git a/unzip-6.0_CVE-2021-4217.patch b/unzip-6.0_CVE-2021-4217.patch new file mode 100644 index 000000000000..37b83cca0575 --- /dev/null +++ b/unzip-6.0_CVE-2021-4217.patch @@ -0,0 +1,19 @@ +diff --git a/process.c b/process.c +index d2a846e..cba2463 100644 +--- a/process.c ++++ b/process.c +@@ -2064,10 +2064,14 @@ int getUnicodeData(__G__ ef_buf, ef_len) + G.unipath_checksum = makelong(offset + ef_buf); + offset += 4; + ++ if (!G.filename_full) { ++ /* Check if we have a unicode extra section but no filename set */ ++ return PK_ERR; ++ } ++ + /* + * Compute 32-bit crc + */ +- + chksum = crc32(chksum, (uch *)(G.filename_full), + strlen(G.filename_full)); |