Hi Santiago, On Wed, 4 Jun 2008 18:12:15 +0200 (CEST) Santiago Vila <[EMAIL PROTECTED]> wrote: > I can rename the file using tab-completion and extract the file using > the current unzip package on a UTF-8 environment.
Yes, but filename is NOT shown with characters what we expected. See example screenshots. 1. http://wiki.debian.org/L10n/Japanese?action=AttachFile&do=get&target=debian-hiragana-mojibake.png 2. http://wiki.debian.org/L10n/Japanese?action=AttachFile&do=get&target=debian-hiragana.png 1 is non-patched unzip handles files (named "Debian" with Japanese hiragana character but it causes mojibake) and 2 is patched one. What I and Nobuhiro want is 2nd (patched) one. What we (at least Japanese Debian Developers/Users) want is that we see and extract zipped file with original -EXPECTED- filename. # some other distro users say "hey, Debian cannot handle Japanese zip files from Windows, but we can do that. Ha!" ... I cannot endure it anymore... ;-) I'm proud to use Debian, and hope other Debian Desktop users not think "Debian does not take care about us, but other distros do". It's very very sad. > Please note that this is more a "I need a feature that has not been > implemented yet" than "it's not working as documented". > > Will forward upstream, but I don't like the idea of introducing new > features on my own not in the original (which could become incompatible with > the features finally implemented by the original authors). Um, but this patch is tested in other distro, at Ubuntu 2007-03-31, at least for a year ago, and they did not report any problems. see https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/10979 That's longer than days packages moves from Unstable to Testing. Don't you think so? :-) So, it does not cause any wrong side effects, I believe. Please consider to patch for your package, please and please... And IMPORTANT! The patch that Nobuhiro sent is NOT right one, I think. Because I cannot extract zip file with correct characters. So I did - make a (just ugly) patch from Ubuntu package (debian-ubuntu.diff) - merged it build test package and installed it - set "UNZIP=-O CP932" to environment variables (*) - execute file-roller *) we should set such an environment variables for each locales and upstream intend to upgrade unzip, see http://www.info-zip.org/board/board.pl?m-1203938133/ and ftp://ftp.info-zip.org/pub/infozip/beta/unzip60d.zip So, we should try unzip 6.0 beta and check it works well or not (if you can package and upload it to experimental, it would be good :-) -- Regards, Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp Japanese Debian Maintainer, see http://wiki.debian.org/HidekiYamane
--- unzip_5.52-11.diff 2008-07-26 23:41:49.000000000 +0900 +++ unzip_5.52-11ubuntu1.diff 2008-07-27 00:55:05.000000000 +0900 @@ -283,6 +283,26 @@ #endif /* ?MODERN */ /* +@@ -1193,7 +1200,9 @@ + # define lastchar(ptr, len) (ptr[(len)-1]) + # define MBSCHR(str, c) strchr(str, c) + # define MBSRCHR(str, c) strrchr(str, c) +-# define SETLOCALE(category, locale) ++# ifndef SETLOCALE ++# define SETLOCALE(category, locale) ++# endif + #endif /* ?_MBCS */ + #define INCSTR(ptr) PREINCSTR(ptr) + +@@ -2563,7 +2572,7 @@ + !(((islochdr) || (isuxatt)) && \ + ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \ + (hostnum) == FS_HPFS_ || \ +- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \ ++ ((hostnum) == FS_NTFS_/* && (hostver) == 50*/)) { \ + _OEM_INTERN((string)); \ + } else { \ + _ISO_INTERN((string)); \ --- unzip-5.52.orig/zipinfo.c +++ unzip-5.52/zipinfo.c @@ -447,6 +447,10 @@ @@ -972,117 +992,68 @@ .PD .\" ========================================================================= .SH URL ---- unzip-5.52.orig/debian/copyright.in -+++ unzip-5.52/debian/copyright.in -@@ -0,0 +1,14 @@ -+This is the Debian prepackaged version of "unzip", Info-Zip's fast, -+portable, zipfile decompression utility. +--- unzip-5.52.orig/debian/changelog ++++ unzip-5.52/debian/changelog +@@ -0,0 +1,386 @@ ++unzip (5.52-11ubuntu1) intrepid; urgency=low + -+This package is currently maintained by Santiago Vila <[EMAIL PROTECTED]> -+and built from sources obtained from: ++ * Merge with Debian; remaining changes: ++ - debian/rules: Configure with large file support. ++ - unzip.c: Change banner to indicate Ubuntu modification. ++ - support UTF-8 file names. + -+ftp://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz ++ -- Matthias Klose <[EMAIL PROTECTED]> Wed, 25 Jun 2008 15:57:03 +0000 + -+The changes were fairly minimal, and consisted solely of adding -+various debian/* files to the distribution, plus several miscellaneous -+fixes as reflected in the Debian changelog. ++unzip (5.52-11) unstable; urgency=high + -+Copyright: ++ * Apply patch from Tavis Ormandy to address invalid free() calls in ++ the inflate_dynamic() function (CVE-2008-0888). + ---- unzip-5.52.orig/debian/rules -+++ unzip-5.52/debian/rules -@@ -0,0 +1,54 @@ -+#!/usr/bin/make -f ++ -- Santiago Vila <[EMAIL PROTECTED]> Thu, 20 Mar 2008 17:53:00 +0100 + -+package = unzip -+docdir = debian/tmp/usr/share/doc/$(package) -+history = History.552 ++unzip (5.52-10ubuntu2) hardy; urgency=low + -+CC = gcc -+CFLAGS = -g -Wall $$(getconf LFS_CFLAGS) -+DEFINES = -DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -+INSTALL_PROGRAM = install ++ * SECURITY UPDATE: arbitrary code execution via heap corruption. ++ * inflate.c: fix invalid free() calls, patch from Tavis Ormandy. ++ * References ++ CVE-2008-0888 + -+ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) -+ CFLAGS += -O2 -+endif -+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) -+ INSTALL_PROGRAM += -s -+endif ++ -- Kees Cook <[EMAIL PROTECTED]> Wed, 19 Mar 2008 12:08:30 -0700 + -+build: -+ $(MAKE) -f unix/Makefile LF2="" \ -+ CC="$(CC)" CF="$(CFLAGS) -I. $(DEFINES)" unzips -+ touch build ++unzip (5.52-10ubuntu1) gutsy; urgency=low + -+clean: -+ rm -f build -+ -$(MAKE) -f unix/Makefile clean -+ rm -rf *~ debian/tmp debian/*~ debian/files* debian/substvars ++ * Merge with Debian; remaining changes: ++ - debian/rules: Configure with large file support. ++ - unzip.c: Change banner to indicate Ubuntu modification. ++ - support UTF-8 file names. + -+binary-indep: build ++ -- Matthias Klose <[EMAIL PROTECTED]> Tue, 17 Jul 2007 10:03:01 +0000 + -+binary-arch: build -+ rm -rf debian/tmp -+ install -d debian/tmp/DEBIAN $(docdir) -+ cd debian/tmp && install -d usr/bin usr/man/man1 -+ $(MAKE) -f unix/Makefile install prefix=`pwd`/debian/tmp/usr \ -+ INSTALL_PROGRAM="$(INSTALL_PROGRAM)" -+ cat debian/copyright.in LICENSE > $(docdir)/copyright -+ cp debian/changelog $(docdir)/changelog.Debian -+ cp -p History.* BUGS ToDo $(docdir) -+ cd $(docdir) && gzip -9 changelog.Debian History.* -+ ln -s $(history).gz $(docdir)/changelog.gz -+ gzip -r9 debian/tmp/usr/man -+ cd debian/tmp && mv usr/man usr/share -+ dpkg-shlibdeps unzip -+ dpkg-gencontrol -isp -+ cd debian/tmp && \ -+ md5sum `find * -type f ! -regex "DEBIAN/.*"` > DEBIAN/md5sums -+ chown -R root:root debian/tmp -+ chmod -R go=rX debian/tmp -+ dpkg --build debian/tmp .. ++unzip (5.52-10) unstable; urgency=low + -+binary: binary-indep binary-arch ++ * Fixed typo in unzipsfx(1). Thanks to Kevin Ryde. Closes: #419479. + -+.PHONY: binary binary-arch binary-indep clean ---- unzip-5.52.orig/debian/control -+++ unzip-5.52/debian/control -@@ -0,0 +1,19 @@ -+Source: unzip -+Section: utils -+Priority: optional -+Maintainer: Santiago Vila <[EMAIL PROTECTED]> -+Standards-Version: 3.7.2 ++ -- Santiago Vila <[EMAIL PROTECTED]> Mon, 2 Jul 2007 18:08:44 +0200 + -+Package: unzip -+Architecture: any -+Depends: ${shlibs:Depends} -+Conflicts: unzip-crypt (<< 5.41) -+Replaces: unzip-crypt (<< 5.41) -+Suggests: zip -+Description: De-archiver for .zip files -+ InfoZIP's unzip program. With the exception of multi-volume archives -+ (ie, .ZIP files that are split across several disks using PKZIP's /& option), -+ this can handle any file produced either by PKZIP, or the corresponding -+ InfoZIP zip program. -+ . -+ This version supports encryption. ---- unzip-5.52.orig/debian/changelog -+++ unzip-5.52/debian/changelog -@@ -0,0 +1,256 @@ -+unzip (5.52-11) unstable; urgency=high ++unzip (5.52-9ubuntu3) feisty; urgency=low + -+ * Apply patch from Tavis Ormandy to address invalid free() calls in -+ the inflate_dynamic() function (CVE-2008-0888). ++ * Apply patch from https://bugzilla.altlinux.org/long_list.cgi?buglist=4871 ++ to support UTF-8 file names. Ubuntu #10979. + -+ -- Santiago Vila <[EMAIL PROTECTED]> Thu, 20 Mar 2008 17:53:00 +0100 ++ -- Matthias Klose <[EMAIL PROTECTED]> Sat, 31 Mar 2007 13:10:40 +0200 + -+unzip (5.52-10) unstable; urgency=low ++unzip (5.52-9ubuntu2) feisty; urgency=low + -+ * Fixed typo in unzipsfx(1). Thanks to Kevin Ryde. Closes: #419479. ++ * Rebuild for changes in the amd64 toolchain. ++ * Set Ubuntu maintainer address. + -+ -- Santiago Vila <[EMAIL PROTECTED]> Mon, 2 Jul 2007 18:08:44 +0200 ++ -- Matthias Klose <[EMAIL PROTECTED]> Mon, 5 Mar 2007 01:27:17 +0000 ++ ++unzip (5.52-9ubuntu1) feisty; urgency=low ++ ++ * Merge from debian unstable. ++ ++ -- Michael Vogt <[EMAIL PROTECTED]> Wed, 22 Nov 2006 12:10:13 +0100 + +unzip (5.52-9) unstable; urgency=low + @@ -1093,6 +1064,14 @@ + + -- Santiago Vila <[EMAIL PROTECTED]> Wed, 30 Aug 2006 10:34:24 +0200 + ++unzip (5.52-8ubuntu1) edgy; urgency=low ++ ++ * Merge from debian unstable; only Ubuntu changes left: ++ - debian/rules: Configure with large file support. ++ - unzip.c: Change banner to indicate Ubuntu modification. ++ ++ -- Martin Pitt <[EMAIL PROTECTED]> Fri, 30 Jun 2006 11:28:40 +0200 ++ +unzip (5.52-8) unstable; urgency=low + + * Modified unix/unxcfg.h to always #include <unistd.h>. @@ -1110,6 +1089,43 @@ + + -- Santiago Vila <[EMAIL PROTECTED]> Thu, 16 Mar 2006 10:31:20 +0100 + ++unzip (5.52-6ubuntu4) dapper; urgency=low ++ ++ * const.h, process.c: Limit the maximum length of displayed file names to ++ 512 bytes, to avoid spewage with excessively long file names (which caused ++ buffer overflows until the recent security fix for CVE-2005-4667). ++ * Thanks to Santiago Vila for pointing this out. ++ ++ -- Martin Pitt <[EMAIL PROTECTED]> Thu, 23 Mar 2006 13:00:08 +0100 ++ ++unzip (5.52-6ubuntu3) dapper; urgency=low ++ ++ * Previous security update scrambled the output fields in the contents ++ listing, fix that regression. ++ ++ -- Martin Pitt <[EMAIL PROTECTED]> Wed, 15 Feb 2006 12:11:47 +0100 ++ ++unzip (5.52-6ubuntu2) dapper; urgency=low ++ ++ * SECURITY UPDATE: Arbitrary code execution on specially crafted long file ++ names (which should not happen in many scenarios, though). ++ * unzpriv.h, Info macro: ++ - Use snprintf() instead of sprintf() as inner formatting function. ++ - Use fputs() instead of fprintf() as outer function to ignore leftover ++ format strings which might not have been substituted in the inner ++ snprintf(). ++ - Throw away the three different implementations of that macro and use ++ just one safe one. ++ - CVE-2005-4667 ++ ++ -- Martin Pitt <[EMAIL PROTECTED]> Fri, 10 Feb 2006 20:14:01 +0100 ++ ++unzip (5.52-6ubuntu1) dapper; urgency=low ++ ++ * Resynchronise with Debian. ++ ++ -- Michael Vogt <[EMAIL PROTECTED]> Wed, 28 Dec 2005 11:02:39 +0100 ++ +unzip (5.52-6) unstable; urgency=medium + + * Symlinks should work again (Closes: #343680). Fix provided by @@ -1117,6 +1133,15 @@ + + -- Santiago Vila <[EMAIL PROTECTED]> Tue, 20 Dec 2005 19:18:32 +0100 + ++unzip (5.52-5ubuntu1) dapper; urgency=low ++ ++ * Resynchronise with Debian. ++ * Repaired totally scrambled changelog. ++ * unzip.c: Change Debian banner to 'Ubuntu', as advised by the Debian ++ maintainer. ++ ++ -- Martin Pitt <[EMAIL PROTECTED]> Mon, 21 Nov 2005 20:38:41 +0100 ++ +unzip (5.52-5) unstable; urgency=low + + * Fixed CAN-2005-2475 the same way it will be fixed in unzip 5.53. @@ -1127,6 +1152,12 @@ + + -- Santiago Vila <[EMAIL PROTECTED]> Thu, 17 Nov 2005 16:34:24 +0100 + ++unzip (5.52-4ubuntu1) dapper; urgency=low ++ ++ * Resynchronise with Debian. ++ ++ -- Michael Vogt <[EMAIL PROTECTED]> Fri, 11 Nov 2005 13:16:29 +0100 ++ +unzip (5.52-4) unstable; urgency=medium + + * Fixed toctou vulnerability (Closes: #321927). Modified unix/unix.c @@ -1136,6 +1167,22 @@ + + -- Santiago Vila <[EMAIL PROTECTED]> Wed, 9 Nov 2005 18:05:02 +0100 + ++unzip (5.52-3ubuntu2) breezy; urgency=low ++ ++ * SECURITY UPDATE: Fix file permission modification race. ++ * unix/unix.c: Use fchmod() instead of chmod() to change permissions on the ++ files unzip actually created, not the files another attacker might have ++ hardlinked to in the meantime. ++ * CAN-2005-2475 ++ ++ -- Martin Pitt <[EMAIL PROTECTED]> Thu, 29 Sep 2005 17:02:50 +0200 ++ ++unzip (5.52-3ubuntu1) breezy; urgency=low ++ ++ * Resynchronise with Debian. ++ ++ -- Michael Vogt <[EMAIL PROTECTED]> Tue, 28 Jun 2005 15:46:02 +0200 ++ +unzip (5.52-3) unstable; urgency=low + + * Put manpages in section 1, not 1L. @@ -1157,6 +1204,12 @@ + + -- Santiago Vila <[EMAIL PROTECTED]> Tue, 1 Mar 2005 15:33:54 +0100 + ++unzip (5.51-2ubuntu1) hoary; urgency=low ++ ++ * Fixed unzip of >2GB files, thanks to patch from ard at kwaak.net ++ ++ -- Thom May <[EMAIL PROTECTED]> Mon, 28 Feb 2005 15:25:52 +0000 ++ +unzip (5.51-2) unstable; urgency=low + + * Added unshrinking support (Closes: #252563). @@ -1327,3 +1380,101 @@ + * initial release (used 2 to avoid confusion with old unzip) + + -- Carl Streeter <[EMAIL PROTECTED]> Tue, 5 Sep 1995 00:00:00 +0000 ++ +--- unzip-5.52.orig/debian/control ++++ unzip-5.52/debian/control +@@ -0,0 +1,20 @@ ++Source: unzip ++Section: utils ++Priority: optional ++Maintainer: Ubuntu Core Developers <[EMAIL PROTECTED]> ++XSBC-Original-Maintainer: Santiago Vila <[EMAIL PROTECTED]> ++Standards-Version: 3.7.2 ++ ++Package: unzip ++Architecture: any ++Depends: ${shlibs:Depends} ++Conflicts: unzip-crypt (<< 5.41) ++Replaces: unzip-crypt (<< 5.41) ++Suggests: zip ++Description: De-archiver for .zip files ++ InfoZIP's unzip program. With the exception of multi-volume archives ++ (ie, .ZIP files that are split across several disks using PKZIP's /& option), ++ this can handle any file produced either by PKZIP, or the corresponding ++ InfoZIP zip program. ++ . ++ This version supports encryption. +--- unzip-5.52.orig/debian/copyright.in ++++ unzip-5.52/debian/copyright.in +@@ -0,0 +1,14 @@ ++This is the Debian prepackaged version of "unzip", Info-Zip's fast, ++portable, zipfile decompression utility. ++ ++This package is currently maintained by Santiago Vila <[EMAIL PROTECTED]> ++and built from sources obtained from: ++ ++ftp://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz ++ ++The changes were fairly minimal, and consisted solely of adding ++various debian/* files to the distribution, plus several miscellaneous ++fixes as reflected in the Debian changelog. ++ ++Copyright: ++ +--- unzip-5.52.orig/debian/rules ++++ unzip-5.52/debian/rules +@@ -0,0 +1,54 @@ ++#!/usr/bin/make -f ++ ++package = unzip ++docdir = debian/tmp/usr/share/doc/$(package) ++history = History.552 ++ ++CC = gcc ++CFLAGS = -g -Wall $$(getconf LFS_CFLAGS) ++DEFINES = -DACORN_FTYPE_NFS -DWILD_STOP_AT_DIR -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 ++INSTALL_PROGRAM = install ++ ++ifeq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) ++ CFLAGS += -O2 ++endif ++ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) ++ INSTALL_PROGRAM += -s ++endif ++ ++build: ++ $(MAKE) -f unix/Makefile LF2="" \ ++ CC="$(CC)" CF="$(CFLAGS) -I. $(DEFINES)" unzips ++ touch build ++ ++clean: ++ rm -f build ++ -$(MAKE) -f unix/Makefile clean ++ rm -rf *~ debian/tmp debian/*~ debian/files* debian/substvars ++ ++binary-indep: build ++ ++binary-arch: build ++ rm -rf debian/tmp ++ install -d debian/tmp/DEBIAN $(docdir) ++ cd debian/tmp && install -d usr/bin usr/man/man1 ++ $(MAKE) -f unix/Makefile install prefix=`pwd`/debian/tmp/usr \ ++ INSTALL_PROGRAM="$(INSTALL_PROGRAM)" ++ cat debian/copyright.in LICENSE > $(docdir)/copyright ++ cp debian/changelog $(docdir)/changelog.Debian ++ cp -p History.* BUGS ToDo $(docdir) ++ cd $(docdir) && gzip -9 changelog.Debian History.* ++ ln -s $(history).gz $(docdir)/changelog.gz ++ gzip -r9 debian/tmp/usr/man ++ cd debian/tmp && mv usr/man usr/share ++ dpkg-shlibdeps unzip ++ dpkg-gencontrol -isp ++ cd debian/tmp && \ ++ md5sum `find * -type f ! -regex "DEBIAN/.*"` > DEBIAN/md5sums ++ chown -R root:root debian/tmp ++ chmod -R go=rX debian/tmp ++ dpkg --build debian/tmp .. ++ ++binary: binary-indep binary-arch ++ ++.PHONY: binary binary-arch binary-indep clean