Package: unzip Version: 6.0-28 Severity: normal Tags: upstream patch zipgrep doesn't handle regexp with some special characters correctly, as shown below.
$ echo a.b > file1 $ echo a-b > file2 $ zip files.zip file1 file2 adding: file1 (stored 0%) adding: file2 (stored 0%) With egrep: $ egrep a\\.b file1 file2 file1:a.b $ egrep a\|b file1 file2 file1:a.b file2:a-b $ But with zipgrep: $ zipgrep a\\.b files.zip $ zipgrep a\|b files.zip $ This is due to the following code: # Escape shell-special characters in "pat". pat=` echo "$pat" | \ sed -e 's/\\\\/\\\\\\\\/g' -e 's/|/\\\|/g' -e 's/&/\\\&/g' ` which breaks the regexp. Escaping is useless because once a string is in a shell variable pat, it is no longer reinterpreted when just using "$pat". And as a consequence, escaping is incorrect because the escape characters are not removed when using "$pat". Moreover, the use of echo was not portable. I've attached a patch, which removes this useless/incorrect code. -- System Information: Debian Release: trixie/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') merged-usr: no Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=POSIX, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages unzip depends on: ii libbz2-1.0 1.0.8-5+b1 ii libc6 2.37-12 unzip recommends no packages. Versions of packages unzip suggests: ii zip 3.0-13 -- no debconf information -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Index: b/unix/zipgrep =================================================================== --- a/unix/zipgrep +++ b/unix/zipgrep @@ -49,10 +49,6 @@ status_grep_global=1 IFS=' ' -# Escape shell-special characters in "pat". -pat=` echo "$pat" | \ - sed -e 's/\\\\/\\\\\\\\/g' -e 's/|/\\\|/g' -e 's/&/\\\&/g' ` - # Use "unzip -Z1" to get a listing of the specified members from the # specified archive. Escape any backslashes in a file name. for i in `unzip -Z1 "$zipfile" ${1+"$@"} | sed -e 's/\\\\/\\\\\\\\/g' `; do