commit unzip for openSUSE:Factory

2020-06-04 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2020-06-04 17:50:50

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new.3606 (New)


Package is "unzip"

Thu Jun  4 17:50:50 2020 rev:45 rq:808172 version:6.00

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2018-10-22 
11:06:58.244090295 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new.3606/unzip.changes2020-06-04 
17:51:09.204021181 +0200
@@ -1,0 +2,5 @@
+Fri May 22 09:27:01 UTC 2020 - Yunhe Guo 
+
+- Change unzip-doc to noarch
+
+---



Other differences:
--
++ unzip.spec ++
--- /var/tmp/diff_new_pack.AAgXzC/_old  2020-06-04 17:51:11.480028422 +0200
+++ /var/tmp/diff_new_pack.AAgXzC/_new  2020-06-04 17:51:11.484028435 +0200
@@ -75,6 +75,7 @@
 %package doc
 Summary:Documentation files for unzip
 Group:  Productivity/Archiving/Compression
+BuildArch:  noarch
 
 %description doc
 UnZip is an extraction utility for archives compressed in .zip format




commit unzip for openSUSE:Factory

2018-10-22 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2018-10-22 11:06:36

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Mon Oct 22 11:06:36 2018 rev:44 rq:643125 version:6.00

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2018-07-04 
23:53:27.980002354 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2018-10-22 
11:06:57.236091138 +0200
@@ -1,0 +2,6 @@
+Thu Oct 11 14:49:01 UTC 2018 - kstreit...@suse.com
+
+- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
+  list.c [bsc#1110194]
+
+---
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2018-07-04 
23:53:28.02333 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-10-22 
11:06:58.244090295 +0200
@@ -1,0 +2,6 @@
+Thu Oct 11 14:49:01 UTC 2018 - kstreit...@suse.com
+
+- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
+  list.c [bsc#1110194] [CVE-2018-18384]
+
+---

New:

  unzip60-cfactorstr_overflow.patch



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.fEDKWI/_old  2018-10-22 11:06:59.340089380 +0200
+++ /var/tmp/diff_new_pack.fEDKWI/_new  2018-10-22 11:06:59.344089376 +0200
@@ -59,6 +59,7 @@
 Patch19:CVE-2018-135.patch
 Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:unzip60-total_disks_zero.patch
+Patch22:unzip60-cfactorstr_overflow.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends: %{_name}-doc
@@ -104,6 +105,7 @@
 %patch19 -p0
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ unzip.spec ++
--- /var/tmp/diff_new_pack.fEDKWI/_old  2018-10-22 11:06:59.364089360 +0200
+++ /var/tmp/diff_new_pack.fEDKWI/_new  2018-10-22 11:06:59.368089356 +0200
@@ -59,6 +59,7 @@
 Patch19:CVE-2018-135.patch
 Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:unzip60-total_disks_zero.patch
+Patch22:unzip60-cfactorstr_overflow.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends: %{_name}-doc
@@ -104,6 +105,7 @@
 %patch19 -p0
 %patch20 -p1
 %patch21 -p1
+%patch22 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ unzip60-cfactorstr_overflow.patch ++
--- unzip60/list.c  
+++ unzip60/list.c  
@@ -97,7 +97,7 @@ int list_files(__G)/* return PK-type
 {
 int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
 #ifndef WINDLL
-char sgn, cfactorstr[10];
+char sgn, cfactorstr[1+10+1+1];/* %NUL */
 int longhdr=(uO.vflag>1);
 #endif
 int date_format;
@@ -389,9 +389,9 @@ int list_files(__G)/* return PK-type
 }
 #else /* !WINDLL */
 if (cfactor == 100)
-sprintf(cfactorstr, LoadFarString(CompFactor100));
+snprintf(cfactorstr, sizeof(cfactorstr), 
LoadFarString(CompFactor100));
 else
-sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, 
cfactor);
+snprintf(cfactorstr, sizeof(cfactorstr), 
LoadFarString(CompFactorStr), sgn, cfactor);
 if (longhdr)
 Info(slide, 0, ((char *)slide, LoadFarString(LongHdrStats),
   FmZofft(G.crec.ucsize, "8", "u"), methbuf,
@@ -471,9 +471,9 @@ int list_files(__G)/* return PK-type
 
 #else /* !WINDLL */
 if (cfactor == 100)
-sprintf(cfactorstr, LoadFarString(CompFactor100));
+snprintf(cfactorstr, sizeof(cfactorstr), 
LoadFarString(CompFactor100));
 else
-sprintf(cfactorstr, LoadFarString(CompFactorStr), sgn, cfactor);
+snprintf(cfactorstr, sizeof(cfactorstr), 
LoadFarString(CompFactorStr), sgn, cfactor);
 if (longhdr) {
 Info(slide, 0, ((char *)slide, LoadFarString(LongFileTrailer),
   FmZofft(tot_ucsize, "8", "u"), FmZofft(tot_csize, "8", "u"),



commit unzip for openSUSE:Factory

2018-07-04 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2018-07-04 23:52:05

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Wed Jul  4 23:52:05 2018 rev:43 rq:619412 version:6.00

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2018-05-23 
16:06:28.499754826 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2018-07-04 
23:53:27.980002354 +0200
@@ -1,0 +2,10 @@
+Wed Jun 27 11:39:10 UTC 2018 - kstreit...@suse.com
+
+- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
+  unable to process Windows zip64 archives because Windows
+  archivers set total_disks field to 0 but per standard, valid
+  values are 1 and higher [bnc#910683]
+- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
+  overflow for STORED field data [bnc#914442] [CVE-2014-9636]
+
+---
unzip.changes: same change

New:

  Fix-CVE-2014-9636-unzip-buffer-overflow.patch
  unzip60-total_disks_zero.patch



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.m9DXmS/_old  2018-07-04 23:53:28.664001599 +0200
+++ /var/tmp/diff_new_pack.m9DXmS/_new  2018-07-04 23:53:28.668001595 +0200
@@ -57,6 +57,8 @@
 Patch17:CVE-2016-9844.patch
 Patch18:CVE-2014-9913.patch
 Patch19:CVE-2018-135.patch
+Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch
+Patch21:unzip60-total_disks_zero.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends: %{_name}-doc
@@ -100,6 +102,8 @@
 %patch17 -p1
 %patch18 -p1
 %patch19 -p0
+%patch20 -p1
+%patch21 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ unzip.spec ++
--- /var/tmp/diff_new_pack.m9DXmS/_old  2018-07-04 23:53:28.680001581 +0200
+++ /var/tmp/diff_new_pack.m9DXmS/_new  2018-07-04 23:53:28.684001577 +0200
@@ -57,6 +57,8 @@
 Patch17:CVE-2016-9844.patch
 Patch18:CVE-2014-9913.patch
 Patch19:CVE-2018-135.patch
+Patch20:Fix-CVE-2014-9636-unzip-buffer-overflow.patch
+Patch21:unzip60-total_disks_zero.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends: %{_name}-doc
@@ -100,6 +102,8 @@
 %patch17 -p1
 %patch18 -p1
 %patch19 -p0
+%patch20 -p1
+%patch21 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ Fix-CVE-2014-9636-unzip-buffer-overflow.patch ++
>From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
From: mancha 
Date: Wed, 11 Feb 2015
Subject: Info-ZIP UnZip buffer overflow

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.

---
 extract.c | 7 +++
 1 file changed, 7 insertions(+)
--- unzip60/extract.c   
+++ unzip60/extract.c   
@@ -2230,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si
 ulg eb_ucsize;
 uch *eb_ucptr;
 int r;
+ush method;
 
 if (compr_offset < 4)/* field is not compressed: */
 return PK_OK;/* do nothing and signal OK */
@@ -2246,6 +2247,13 @@ static int test_compr_eb(__G__ eb, eb_si
  ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN
 return IZ_EF_TRUNC; /* no/bad compressed data! */
 
+method = makeword(eb + (EB_HEADSIZE + compr_offset));
+if ((method == STORED) &&
+(eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
+return PK_ERR;/* compressed & uncompressed
+  * should match in STORED
+  * method */
+
 if (
 #ifdef INT_16BIT
 (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
++ unzip60-total_disks_zero.patch ++
Index: unzip60/process.c
===
--- unzip60.orig/process.c
+++ unzip60/process.c
@@ -1286,7 +1286,8 @@ static int find_ecrec64(__G__ searchlen)
 G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
 #endif
 if ((G.ecrec.number_this_disk != 0x) &&
-(G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
+(G.ecrec.number_this_disk != ecloc64_total_disks - 1) &&
+(ecloc64_total_disks != 0)) {
   /* Note: For some unknown reason, the 

commit unzip for openSUSE:Factory

2018-05-23 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2018-05-23 16:06:25

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Wed May 23 16:06:25 2018 rev:42 rq:610005 version:6.00

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2017-07-11 
08:23:39.521952358 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2018-05-23 
16:06:28.499754826 +0200
@@ -1,0 +2,13 @@
+Wed May 16 19:44:45 UTC 2018 - antoine.belv...@opensuse.org
+
+- Fix "remove failed: No such file or directory" warnings upon
+  package removal:
+  * Call 'update-alternative --remove' in %postun, not in %preun.
+
+---
+Thu Feb  8 14:11:25 UTC 2018 - kbabi...@suse.com
+
+- Add CVE-2018-135.patch: Fix a heap-based buffer overflow in 
+  password protected ZIP archives (CVE-2018-135 bsc#1080074)
+
+---
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2018-02-10 
17:53:15.294801669 +0100
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-05-23 
16:06:28.563752482 +0200
@@ -1,0 +2,7 @@
+Wed May 16 19:44:45 UTC 2018 - antoine.belv...@opensuse.org
+
+- Fix "remove failed: No such file or directory" warnings upon
+  package removal:
+  * Call 'update-alternative --remove' in %postun, not in %preun.
+
+---



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.GJRsnY/_old  2018-05-23 16:06:30.175693435 +0200
+++ /var/tmp/diff_new_pack.GJRsnY/_new  2018-05-23 16:06:30.179693288 +0200
@@ -56,8 +56,9 @@
 Patch16:CVE-2015-7697.patch
 Patch17:CVE-2016-9844.patch
 Patch18:CVE-2014-9913.patch
+Patch19:CVE-2018-135.patch
 Requires(post): update-alternatives
-Requires(preun): update-alternatives
+Requires(postun): update-alternatives
 Recommends: %{_name}-doc
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
@@ -98,6 +99,7 @@
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
+%patch19 -p0
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \
@@ -136,7 +138,7 @@
   %{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin 
"%{_bindir}/$bin-"%{_suffix} %{update_weight}
 done
 
-%preun
+%postun
 if [ "$1" = 0 ] ; then
   for bin in unzip funzip unzipsfx zipgrep; do
 %{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}

++ unzip.spec ++
--- /var/tmp/diff_new_pack.GJRsnY/_old  2018-05-23 16:06:30.211692116 +0200
+++ /var/tmp/diff_new_pack.GJRsnY/_new  2018-05-23 16:06:30.215691970 +0200
@@ -58,7 +58,7 @@
 Patch18:CVE-2014-9913.patch
 Patch19:CVE-2018-135.patch
 Requires(post): update-alternatives
-Requires(preun): update-alternatives
+Requires(postun): update-alternatives
 Recommends: %{_name}-doc
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
@@ -138,7 +138,7 @@
   %{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin 
"%{_bindir}/$bin-"%{_suffix} %{update_weight}
 done
 
-%preun
+%postun
 if [ "$1" = 0 ] ; then
   for bin in unzip funzip unzipsfx zipgrep; do
 %{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}




commit unzip for openSUSE:Factory

2018-02-10 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2018-02-10 17:53:01

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Sat Feb 10 17:53:01 2018 rev:41 rq:574312 version:6.00

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2017-07-11 
08:23:39.549948410 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2018-02-10 
17:53:15.294801669 +0100
@@ -1,0 +2,6 @@
+Thu Feb  8 14:11:25 UTC 2018 - kbabi...@suse.com
+
+- Add CVE-2018-135.patch: Fix a heap-based buffer overflow in 
+  password protected ZIP archives (CVE-2018-135 bsc#1080074)
+
+---

New:

  CVE-2018-135.patch



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.y13mXj/_old  2018-02-10 17:53:16.110772131 +0100
+++ /var/tmp/diff_new_pack.y13mXj/_new  2018-02-10 17:53:16.110772131 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed

++ unzip.spec ++
--- /var/tmp/diff_new_pack.y13mXj/_old  2018-02-10 17:53:16.130771407 +0100
+++ /var/tmp/diff_new_pack.y13mXj/_new  2018-02-10 17:53:16.134771262 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -56,6 +56,7 @@
 Patch16:CVE-2015-7697.patch
 Patch17:CVE-2016-9844.patch
 Patch18:CVE-2014-9913.patch
+Patch19:CVE-2018-135.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends: %{_name}-doc
@@ -98,6 +99,7 @@
 %patch16 -p1
 %patch17 -p1
 %patch18 -p1
+%patch19 -p0
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ CVE-2018-135.patch ++
From: 
Date: Thu Feb  8 15:10:03 CET 2018
Upstream: merged
References: http://www.info-zip.org/phpBB3/viewtopic.php?f=7=548

Index: fileio.c
===
--- fileio.c.orig
+++ fileio.c
@@ -1613,7 +1613,11 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
 int r = IZ_PW_ENTERED;
 char *m;
 char *prompt;
-
+char *zfnf;
+char *efnf;
+size_t zfnfl;
+int isOverflow;
+
 #ifndef REENTRANT
 /* tell picky compilers to shut up about "unused variable" warnings */
 pG = pG;
@@ -1621,7 +1625,15 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
 
 if (*rcnt == 0) {   /* First call for current entry */
 *rcnt = 2;
-if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
+zfnf = FnFilter1(zfn);
+efnf = FnFilter2(efn);
+zfnfl = strlen(zfnf);
+isOverflow = TRUE;
+if (2*FILNAMSIZ >= zfnfl && (2*FILNAMSIZ - zfnfl) >= strlen(efnf))
+{
+   isOverflow = FALSE;
+}
+if ((isOverflow == FALSE) && ((prompt = (char *)malloc(2*FILNAMSIZ + 
15)) != (char *)NULL)) {
 sprintf(prompt, LoadFarString(PasswPrompt),
 FnFilter1(zfn), FnFilter2(efn));
 m = prompt;



commit unzip for openSUSE:Factory

2017-07-11 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2017-07-11 08:23:38

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Tue Jul 11 08:23:38 2017 rev:40 rq:509110 version:6.00

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2017-02-19 
00:59:27.420854455 +0100
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2017-07-11 
08:23:39.521952358 +0200
@@ -1,0 +2,14 @@
+Thu Jul  6 13:25:44 UTC 2017 - nico.kru...@gmail.com
+
+- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
+  causing errors testing valid jar files:
+  $ unzip -t foo.jar
+  Archive:  foo.jar
+  testing: META-INF/   bad extra-field entry:
+EF block length (0 bytes) invalid (< 4)
+  testing: META-INF/MANIFEST.MF OK
+  testing: foo  OK
+  (see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
+   where the updated patch was taken from)
+
+---
unzip.changes: same change



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.kiakoM/_old  2017-07-11 08:23:40.309841237 +0200
+++ /var/tmp/diff_new_pack.kiakoM/_new  2017-07-11 08:23:40.309841237 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -50,6 +50,7 @@
 Patch11:unzip-no-build-date.patch
 Patch12:unzip-dont_call_isprint.patch
 Patch13:Fix-CVE-2014-8139-unzip.patch
+# 
http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
 Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
 Patch15:CVE-2015-7696.patch
 Patch16:CVE-2015-7697.patch

++ unzip.spec ++
--- /var/tmp/diff_new_pack.kiakoM/_old  2017-07-11 08:23:40.329838416 +0200
+++ /var/tmp/diff_new_pack.kiakoM/_new  2017-07-11 08:23:40.329838416 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -50,6 +50,7 @@
 Patch11:unzip-no-build-date.patch
 Patch12:unzip-dont_call_isprint.patch
 Patch13:Fix-CVE-2014-8139-unzip.patch
+# 
http://pkgs.fedoraproject.org/cgit/rpms/unzip.git/plain/unzip-6.0-cve-2014-8139.patch
 Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
 Patch15:CVE-2015-7696.patch
 Patch16:CVE-2015-7697.patch

++ Fix-CVE-2014-8139-unzip.patch ++
--- /var/tmp/diff_new_pack.kiakoM/_old  2017-07-11 08:23:40.361833904 +0200
+++ /var/tmp/diff_new_pack.kiakoM/_new  2017-07-11 08:23:40.361833904 +0200
@@ -1,15 +1,5 @@
-From 916cf1e7907f9d660bd160eb9a84f6e1cab3af5a Mon Sep 17 00:00:00 2001
-From: Thorsten Behrens 
-Date: Sat, 20 Dec 2014 00:24:54 +0100
-Subject: [PATCH 1/2] Fix CVE-2014-8139 unzip
-
-Fix heap overflow condition in the CRC32 verification.

- extract.c | 17 +++--
- 1 file changed, 15 insertions(+), 2 deletions(-)
-
 diff --git a/extract.c b/extract.c
-index 9582da5..78f637e 100644
+index 9ef80b3..c741b5f 100644
 --- a/extract.c
 +++ b/extract.c
 @@ -1,5 +1,5 @@
@@ -23,12 +13,12 @@
  #ifndef SFX
 static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
   EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
-+   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++   static ZCONST char Far TooSmallEBlength[] = "bad extra-field entry:\n \
 + EF block length (%u bytes) invalid (< %d)\n";
 static ZCONST char Far InvalidComprDataEAs[] =
   " invalid compressed data for EAs\n";
  #  if (defined(WIN32) && defined(NTSD_EAS))
-@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
+@@ -2020,7 +2022,8 @@ static int TestExtraField(__G__ ef, ef_len)
  ebID = makeword(ef);
  ebLen = (unsigned)makeword(ef+EB_LEN);
  
@@ -38,23 +28,51 @@
 /* Discovered some extra field inconsistency! */
  if (uO.qflag)
  Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_len)
-   ebLen, (ef_len - EB_HEADSIZE)));
- return PK_ERR;
- }
-+

commit unzip for openSUSE:Factory

2017-02-18 Thread root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2017-02-19 00:59:26

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2016-10-14 
09:27:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2017-02-19 
00:59:27.420854455 +0100
@@ -2 +2,11 @@
-Wed Oct 12 07:24:12 UTC 2016 - josef.moell...@suse.com
+Wed Feb 15 08:31:05 UTC 2017 - josef.moell...@suse.com
+
+- Fixed two potential buffer overflows.
+  The patches were extracted from
+  http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
+  http://antinode.info/ftp/info-zip/unzip60/list.c
+  (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
+  CVE-2016-9844.patch, CVE-2014-9913.patch)
+
+---
+Wed Oct 12 07:23:03 UTC 2016 - josef.moell...@suse.com
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2016-10-14 
09:27:21.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2017-02-19 
00:59:27.468847715 +0100
@@ -1,0 +2,10 @@
+Wed Feb 15 08:31:05 UTC 2017 - josef.moell...@suse.com
+
+- Fixed two potential buffer overflows.
+  The patches were extracted from
+  http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
+  http://antinode.info/ftp/info-zip/unzip60/list.c
+  (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
+  CVE-2016-9844.patch, CVE-2014-9913.patch)
+
+---

New:

  CVE-2014-9913.patch
  CVE-2016-9844.patch



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.3v8qxG/_old  2017-02-19 00:59:28.116756729 +0100
+++ /var/tmp/diff_new_pack.3v8qxG/_new  2017-02-19 00:59:28.120756168 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -53,6 +53,8 @@
 Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
 Patch15:CVE-2015-7696.patch
 Patch16:CVE-2015-7697.patch
+Patch17:CVE-2016-9844.patch
+Patch18:CVE-2014-9913.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends: %{_name}-doc
@@ -93,6 +95,8 @@
 %patch14 -p1
 %patch15 -p1
 %patch16 -p1
+%patch17 -p1
+%patch18 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

unzip.spec: same change
++ CVE-2014-9913.patch ++
Index: unzip60/list.c
===
--- unzip60.orig/list.c
+++ unzip60/list.c
@@ -339,7 +339,18 @@ int list_files(__G)/* return PK-type
 G.crec.compression_method == ENHDEFLATED) {
 methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
 } else if (methnum >= NUM_METHODS) {
-sprintf([4], "%03u", G.crec.compression_method);
+   /* 2013-02-26 SMS.
+* http://sourceforge.net/p/infozip/bugs/27/  CVE-2014-9913.
+* Unexpectedly large compression methods overflow
+* [].  Use the old, three-digit decimal format
+* for values which fit.  Otherwise, sacrifice the
+* colon, and use four-digit hexadecimal.
+*/
+   if (G.crec.compression_method <= 999) {
+   sprintf( [ 4], "%03u", G.crec.compression_method);
+   } else {
+   sprintf( [ 3], "%04X", G.crec.compression_method);
+   }
 }
 
 #if 0   /* GRR/Euro:  add this? */
++ CVE-2015-7697.patch ++
--- /var/tmp/diff_new_pack.3v8qxG/_old  2017-02-19 00:59:28.184747181 +0100
+++ /var/tmp/diff_new_pack.3v8qxG/_new  2017-02-19 00:59:28.188746619 +0100
@@ -26,3 +26,16 @@
  #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
  if (G.redirect_slide)
  wsize = G.redirect_size, redirSlide = G.redirect_buffer;
+Index: unzip60/zipinfo.c
+===
+--- unzip60.orig/zipinfo.c
 unzip60/zipinfo.c
+@@ -1888,7 +1888,7 @@ static int zi_short(__G)   /* return PK-
+ int k, error, error_in_archive=PK_COOL;
+ unsignedhostnum, hostver, methid, methnum, xattr;
+ char*p, workspace[12], attribs[16];
+-charmethbuf[5];
++charmethbuf[1+5+1];   /* large enough to hold 1 character + 
an unsigned short + NUL */
+ 

commit unzip for openSUSE:Factory

2016-10-14 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2016-10-14 09:27:20

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2016-06-29 
15:01:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2016-10-14 
09:27:21.0 +0200
@@ -1,0 +2,10 @@
+Wed Oct 12 07:24:12 UTC 2016 - josef.moell...@suse.com
+
+- When decrypting an encrypted file,
+  quit early if compressed size < HEAD_LEN.
+  When extracting avoid an infinite loop
+  if a file never finishes unzipping.
+  (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
+  CVE-2015-7696.patch, CVE-2015-7697.patch)
+
+---
--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2016-06-29 
15:01:38.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2016-10-14 
09:27:21.0 +0200
@@ -1,0 +2,10 @@
+Wed Oct 12 07:23:03 UTC 2016 - josef.moell...@suse.com
+
+- When decrypting an encrypted file,
+  quit early if compressed size < HEAD_LEN.
+  When extracting avoid an infinite loop
+  if a file never finishes unzipping.
+  (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
+  CVE-2015-7696.patch, CVE-2015-7697.patch)
+
+---

New:

  CVE-2015-7696.patch
  CVE-2015-7697.patch



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.8f1KBf/_old  2016-10-14 09:27:22.0 +0200
+++ /var/tmp/diff_new_pack.8f1KBf/_new  2016-10-14 09:27:22.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -51,6 +51,8 @@
 Patch12:unzip-dont_call_isprint.patch
 Patch13:Fix-CVE-2014-8139-unzip.patch
 Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
+Patch15:CVE-2015-7696.patch
+Patch16:CVE-2015-7697.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends: %{_name}-doc
@@ -89,6 +91,8 @@
 %patch12
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
+%patch16 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ unzip.spec ++
--- /var/tmp/diff_new_pack.8f1KBf/_old  2016-10-14 09:27:22.0 +0200
+++ /var/tmp/diff_new_pack.8f1KBf/_new  2016-10-14 09:27:22.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -51,6 +51,8 @@
 Patch12:unzip-dont_call_isprint.patch
 Patch13:Fix-CVE-2014-8139-unzip.patch
 Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
+Patch15:CVE-2015-7696.patch
+Patch16:CVE-2015-7697.patch
 Requires(post): update-alternatives
 Requires(preun): update-alternatives
 Recommends: %{_name}-doc
@@ -89,6 +91,8 @@
 %patch12
 %patch13 -p1
 %patch14 -p1
+%patch15 -p1
+%patch16 -p1
 
 %build
 export RPM_OPT_FLAGS="%{optflags} \

++ CVE-2015-7696.patch ++
From: Petr Stodulka 
Date: Mon, 14 Sep 2015 18:23:17 +0200
Subject: Upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
Forwarded: yes

---
 crypt.c | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

Index: unzip60/crypt.c
===
--- unzip60.orig/crypt.c
+++ unzip60/crypt.c
@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
 GLOBAL(pInfo->encrypted) = FALSE;
 defer_leftover_input(__G);
 for (n = 0; n < RAND_HEAD_LEN; n++) {
-b = NEXTBYTE;
+/* 2012-11-23 SMS.  (OUSPG report.)
+ * Quit early if compressed size < HEAD_LEN.  The resulting
+ * error message ("unable to get password") could be improved,
+ * but it's better than trying to read nonexistent data, and
+ * then continuing with a negative G.csize.  (See
+ * fileio.c:readbyte()).
+ */
+if ((b = NEXTBYTE) == (ush)EOF)
+{
+return PK_ERR;
+}
 h[n] = (uch)b;

commit unzip for openSUSE:Factory

2016-06-29 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2016-06-29 15:01:37

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is "unzip"

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2015-01-30 
06:03:17.0 +0100
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2016-06-29 
15:01:38.0 +0200
@@ -1,0 +2,6 @@
+Thu Jun 16 14:58:41 UTC 2016 - tchva...@suse.com
+
+- Require properly the update-alternatives to not throw out errors
+  when installing in OBS chroot
+
+---
unzip.changes: same change



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.9ZqEWu/_old  2016-06-29 15:01:39.0 +0200
+++ /var/tmp/diff_new_pack.9ZqEWu/_new  2016-06-29 15:01:39.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,21 +16,29 @@
 #
 
 
+%define _name unzip
+%define fileversion 60
 %bcond_without rcc
-
+%if %{with rcc}
+%define update_weight 20
+%define _suffix rcc
+BuildRequires:  librcc-devel
+Suggests:   librcc0
+Provides:   %{_name} = %{version}
+%else
+%define update_weight 10
+%define _suffix plain
+%endif
 # NOTE: unzip.spec is the major file, if you want to update unzip-rcc.spec
 # call pre_checkin.sh after editing unzip.spec
-
 Name:   unzip-rcc
-%define _name unzip
 Version:6.00
 Release:0
-%define fileversion 60
 Summary:A program to unpack compressed files
 License:BSD-3-Clause
 Group:  Productivity/Archiving/Compression
 Url:http://www.info-zip.org/
-Source: 
http://sourceforge.net/projects/infozip/files/UnZip%206.x%20%28latest%29/UnZip%206.0/%{_name}%{fileversion}.tar.gz
+Source: 
http://sourceforge.net/projects/infozip/files/UnZip%%206.x%%20%%28latest%%29/UnZip%%206.0/%{_name}%{fileversion}.tar.gz
 Source1:pre_checkin.sh
 Patch0: unzip.dif
 Patch1: unzip-iso8859_2.patch
@@ -43,20 +51,10 @@
 Patch12:unzip-dont_call_isprint.patch
 Patch13:Fix-CVE-2014-8139-unzip.patch
 Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
-%if %{with rcc}
-BuildRequires:  librcc-devel
-Suggests:   librcc0
-Provides:   %{_name} = %{version}
-%define update_weight 20
-%define _suffix rcc
-%else
-%define update_weight 10
-%define _suffix plain
-%endif
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  update-alternatives
-Requires:   update-alternatives
+Requires(post): update-alternatives
+Requires(preun): update-alternatives
 Recommends: %{_name}-doc
+BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
 UnZip is an extraction utility for archives compressed in .zip format
@@ -102,7 +100,7 @@
 make %{?_smp_mflags}  -f unix/Makefile LF2="-ldl -pie" linux_noasm
 
 %check
-make -f unix/Makefile check
+make %{?_smp_mflags} -f unix/Makefile check
 
 %install
 mkdir -p %{buildroot}%{_sysconfdir}/alternatives
@@ -114,7 +112,7 @@
 install unix/zipgrep "%{buildroot}%{_bindir}/zipgrep-"%{_suffix}
 for i in unzip funzip unzipsfx zipgrep; do
   touch %{buildroot}%{_sysconfdir}/alternatives/$i
-  ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%_bindir/$i
+  ln -s %{_sysconfdir}/alternatives/$i %{buildroot}%{_bindir}/$i
 done
 
 # do not have the docu in both packages
@@ -126,36 +124,36 @@
 
 %post
 for bin in unzip funzip unzipsfx zipgrep; do
-  /usr/sbin/update-alternatives --install %{_bindir}/$bin $bin 
"%{_bindir}/$bin-"%{_suffix} %{update_weight}
+  %{_sbindir}/update-alternatives --install %{_bindir}/$bin $bin 
"%{_bindir}/$bin-"%{_suffix} %{update_weight}
 done
 
 %preun
 if [ "$1" = 0 ] ; then
   for bin in unzip funzip unzipsfx zipgrep; do
-/usr/sbin/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
+%{_sbindir}/update-alternatives --remove $bin "%{_bindir}/$bin"-%{_suffix}
   done
 fi
 
 %files
 %defattr(-,root,root)
-%ghost %_sysconfdir/alternatives/unzip
+%ghost %{_sysconfdir}/alternatives/unzip
 %{_bindir}/unzip
 %{_bindir}/unzip-%{_suffix}
-%ghost %_sysconfdir/alternatives/funzip
+%ghost %{_sysconfdir}/alternatives/funzip
 %{_bindir}/funzip
 %{_bindir}/funzip-%{_suffix}
-%ghost %_sysconfdir/alternatives/unzipsfx
+%ghost %{_sysconfdir}/alternatives/unzipsfx
 %{_bindir}/unzipsfx
 %{_bindir}/unzipsfx-%{_suffix}
 %{_bindir}/zipinfo
-%ghost 

commit unzip for openSUSE:Factory

2015-01-29 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2015-01-30 06:03:15

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is unzip

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2014-12-23 
11:48:37.0 +0100
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2015-01-30 
06:03:17.0 +0100
@@ -1,0 +2,10 @@
+Mon Jan 26 13:25:54 UTC 2015 - tbehr...@suse.com
+
+- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
+  the CRC32 verification (fixes bnc#909214)
+- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
+  (*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
+  read errors (*_6430_*, *_3422_*) show problems in
+  process.c:getZip64Data() (fixes bnc#909214)
+
+---
unzip.changes: same change

New:

  Fix-CVE-2014-8139-unzip.patch
  Fix-CVE-2014-8140-and-CVE-2014-8141.patch



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.wU5lp5/_old  2015-01-30 06:03:18.0 +0100
+++ /var/tmp/diff_new_pack.wU5lp5/_new  2015-01-30 06:03:18.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -41,6 +41,8 @@
 Patch10:unzip-5.52-use_librcc.patch
 Patch11:unzip-no-build-date.patch
 Patch12:unzip-dont_call_isprint.patch
+Patch13:Fix-CVE-2014-8139-unzip.patch
+Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
 %if %{with rcc}
 BuildRequires:  librcc-devel
 Suggests:   librcc0
@@ -87,6 +89,8 @@
 %endif
 %patch11
 %patch12
+%patch13 -p1
+%patch14 -p1
 
 %build
 export RPM_OPT_FLAGS=%{optflags} \

++ unzip.spec ++
--- /var/tmp/diff_new_pack.wU5lp5/_old  2015-01-30 06:03:18.0 +0100
+++ /var/tmp/diff_new_pack.wU5lp5/_new  2015-01-30 06:03:18.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -41,6 +41,8 @@
 Patch10:unzip-5.52-use_librcc.patch
 Patch11:unzip-no-build-date.patch
 Patch12:unzip-dont_call_isprint.patch
+Patch13:Fix-CVE-2014-8139-unzip.patch
+Patch14:Fix-CVE-2014-8140-and-CVE-2014-8141.patch
 %if %{with rcc}
 BuildRequires:  librcc-devel
 Suggests:   librcc0
@@ -87,6 +89,8 @@
 %endif
 %patch11
 %patch12
+%patch13 -p1
+%patch14 -p1
 
 %build
 export RPM_OPT_FLAGS=%{optflags} \

++ Fix-CVE-2014-8139-unzip.patch ++
From 916cf1e7907f9d660bd160eb9a84f6e1cab3af5a Mon Sep 17 00:00:00 2001
From: Thorsten Behrens tbehr...@suse.com
Date: Sat, 20 Dec 2014 00:24:54 +0100
Subject: [PATCH 1/2] Fix CVE-2014-8139 unzip

Fix heap overflow condition in the CRC32 verification.
---
 extract.c | 17 +++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/extract.c b/extract.c
index 9582da5..78f637e 100644
--- a/extract.c
+++ b/extract.c
@@ -1,5 +1,5 @@
 /*
-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
+  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
 
   See the accompanying file LICENSE, version 2009-Jan-02 or later
   (the contents of which are also included in unzip.h) for terms of use.
@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
 #ifndef SFX
static ZCONST char Far InconsistEFlength[] = bad extra-field entry:\n \
  EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n;
+   static ZCONST char Far TooSmallEFlength[] = bad extra-field entry:\n \
+ EF block length (%u bytes) invalid ( %d)\n;
static ZCONST char Far InvalidComprDataEAs[] =
   invalid compressed data for EAs\n;
 #  if (defined(WIN32)  defined(NTSD_EAS))
@@ -2023,7 +2025,8 @@ static int TestExtraField(__G__ ef, ef_len)
 ebID = makeword(ef);
 ebLen = (unsigned)makeword(ef+EB_LEN);
 
-if (ebLen  (ef_len - EB_HEADSIZE)) {
+if (ebLen  (ef_len - EB_HEADSIZE))
+{
/* Discovered some extra field inconsistency! */
 if (uO.qflag)
 Info(slide, 1, ((char *)slide, %-22s ,
@@ -2032,6 +2035,16 @@ static int TestExtraField(__G__ ef, ef_len)
   ebLen, (ef_len - 

commit unzip for openSUSE:Factory

2014-12-23 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2014-12-23 11:50:06

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is unzip

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2013-08-13 
11:08:33.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2014-12-23 
11:48:37.0 +0100
@@ -1,0 +2,5 @@
+Sun Dec 21 13:43:32 UTC 2014 - meiss...@suse.com
+
+- build with PIE
+
+---
unzip.changes: same change



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.C1joFn/_old  2014-12-23 11:48:38.0 +0100
+++ /var/tmp/diff_new_pack.C1joFn/_new  2014-12-23 11:48:38.0 +0100
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip-rcc
 #
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -93,9 +93,9 @@
 -D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
 -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
 -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
--DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing
+-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing -fPIE
 
-make %{?_smp_mflags}  -f unix/Makefile LF2=-ldl linux_noasm
+make %{?_smp_mflags}  -f unix/Makefile LF2=-ldl -pie linux_noasm
 
 %check
 make -f unix/Makefile check

unzip.spec: same change
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit unzip for openSUSE:Factory

2013-08-13 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2013-08-13 11:08:31

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is unzip

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip-rcc.changes  2013-08-04 
17:25:48.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2013-08-13 
11:08:33.0 +0200
@@ -1,0 +2,5 @@
+Fri Aug  2 18:29:07 UTC 2013 - co...@suse.com
+
+- fix defaultattr for old distros
+
+---
unzip.changes: same change



Other differences:
--
++ unzip-rcc.spec ++
--- /var/tmp/diff_new_pack.dI1hib/_old  2013-08-13 11:08:34.0 +0200
+++ /var/tmp/diff_new_pack.dI1hib/_new  2013-08-13 11:08:34.0 +0200
@@ -150,6 +150,7 @@
 
 %if %{without rcc}
 %files doc
+%defattr(-,root,root)
 %doc %{_mandir}/man1/*
 %doc BUGS Contents History.* LICENSE README ToDo WHERE
 %doc *.txt proginfo

unzip.spec: same change
++ pre_checkin.sh ++
--- /var/tmp/diff_new_pack.dI1hib/_old  2013-08-13 11:08:34.0 +0200
+++ /var/tmp/diff_new_pack.dI1hib/_new  2013-08-13 11:08:34.0 +0200
@@ -6,3 +6,5 @@
 sed -i -e 's,Name: .*,Name: unzip-rcc,' unzip-rcc.spec
 sed -i -e 's,%bcond_with rcc,%bcond_without rcc,' unzip-rcc.spec
 
+osc service localrun format_spec_file
+

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit unzip for openSUSE:Factory

2013-08-04 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2013-08-04 17:25:47

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is unzip

Changes:

New Changes file:

--- /dev/null   2013-07-23 23:44:04.804033756 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip-rcc.changes 2013-08-04 
17:25:48.0 +0200
@@ -0,0 +1,295 @@
+---
+Fri Aug  2 13:55:08 UTC 2013 - co...@suse.com
+
+- split the rcc dependency into a spec file of it's own, we don't
+  need that complexity during build causing cycles like this:
+unzip - librcc - libproxy - libXau - xorg-x11-proto-devel - 
docbook-xsl-stylesheets
+
+---
+Fri Apr  5 10:07:44 UTC 2013 - idon...@suse.com
+
+- Cleanup spec file
+- Add Source URL, see https://en.opensuse.org/SourceUrls
+
+---
+Fri Aug  5 13:57:24 CEST 2011 - p...@suse.de
+
+- Don't call isprint (bnc#620483).
+
+---
+Mon May 23 14:21:44 UTC 2011 - lnus...@suse.de
+
+- remove use of __DATE__ from correct file
+
+---
+Sat May 07 23:16:45 UTC 2011 - idoen...@novell.com
+
+- Sync our compile time flags with Debian except Acorn stuff, this enables 
+   UTF-8, saves an unrelated warning about lchmod being not implemented.
+- Enable make check
+
+---
+Fri Jan 28 13:50:13 UTC 2011 - lnus...@suse.de
+
+- use dlopen for librcc0. A direct requires causes lots of other
+  packages to get installed such as aspell which bloats a minimal
+  install.
+
+---
+Mon Aug 30 19:44:17 UTC 2010 - cristian.rodrig...@opensuse.org
+
+- Do not include build host specific info like build dates In
+  binaries. 
+
+---
+Fri Jun 25 18:21:34 CEST 2010 - p...@suse.de
+
+- Doing open(O_WRONLY) and then fdopen(w+) will now fail with
+  Invalid Argument whereas former glibcs would succeed. So now
+  do open(O_RDWR).
+- Print error message when open(2) fails.
+- Add debugging traces in open_outfile.
+
+---
+Fri May 21 16:39:24 CEST 2010 - p...@suse.de
+
+- Update to 6.0:
+  *  Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
+ entries larger than 4 GiBytes and more than 65536 entries within a
+ single Zip archive.  This support is currently only available for Unix,
+ OpenVMS and Win32/Win64.
+  * Support for bzip2 compression method.
+  * Support for UTF-8 encoded entry names, both through PKWARE's General
+Purpose Flags Bit 11 indicator and Info-ZIP's new up unicode path
+extra field.  (Currently, on Windows the UTF-8 handling is limited to
+the character subset contained in the configured non-unicode system
+code page.)
+  * Fixed Time of Creation/Time of Use vulnerability when setting
+attributes of extracted files, for Unix and Unix-like ports.
+  * Fixed memory leak when processing invalid deflated data.
+  * Fixed long-standing bug in unshrink (partial_clear), added boundary
+checks against invalid compressed data.
+  * On Unix, keep inherited SGID attribute bit for extracted directories
+unless restoration of owner/group id or SUID/SGID/Tacky attributes was
+requested.
+  * On Unix, allow extracted filenames to contain embedded control
+characters when explicitly requested by specifying the new command line
+option -^.
+  * On Unix, support restoration of symbolic link attributes.
+  * On Unix, support restoration of 32-bit UID/GID data using the new ux
+IZUNIX3 extra field introduced with Zip 3.0.
+  * Support symbolic links zipped up on VMS.
+  * New -D option to suppress restoration of timestamps for extracted
+directory entries (on those ports that support setting of directory
+timestamps).  By specifying -DD, this new option also allows to
+suppress timestamp restoration for ALL extracted files on all UnZip
+ports which support restoration of timestamps.  On VMS, the default
+behaviour is now to skip restoration of directory timestamps; here,
+--D restores ALL timestamps, -D restores none.
+  * On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
+to allow saving backup copies of overwritten files on extraction is now
+enabled by default.
+
+---
+Mon May 10 16:39:20 UTC 2010 - p...@suse.de
+
+- Use 

commit unzip for openSUSE:Factory

2013-04-14 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2013-04-14 13:02:09

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is unzip, Maintainer is p...@suse.com

Changes:

--- /work/SRC/openSUSE:Factory/unzip/unzip.changes  2011-09-23 
12:49:30.0 +0200
+++ /work/SRC/openSUSE:Factory/.unzip.new/unzip.changes 2013-04-14 
13:02:10.0 +0200
@@ -1,0 +2,6 @@
+Fri Apr  5 10:07:44 UTC 2013 - idon...@suse.com
+
+- Cleanup spec file
+- Add Source URL, see https://en.opensuse.org/SourceUrls
+
+---

Old:

  unzip60.tar.bz2

New:

  unzip60.tar.gz



Other differences:
--
++ unzip.spec ++
--- /var/tmp/diff_new_pack.sJG03Y/_old  2013-04-14 13:02:12.0 +0200
+++ /var/tmp/diff_new_pack.sJG03Y/_new  2013-04-14 13:02:12.0 +0200
@@ -1,7 +1,7 @@
 #
 # spec file for package unzip
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,15 @@
 #
 
 
-
 Name:   unzip
-License:BSD-3-Clause
-Group:  Productivity/Archiving/Compression
-AutoReqProv:on
 Version:6.00
-Release:12
+Release:0
 %define fileversion 60
 Summary:A program to unpack compressed files
-Source: %{name}%{fileversion}.tar.bz2
+License:BSD-3-Clause
+Group:  Productivity/Archiving/Compression
 Url:http://www.info-zip.org/
+Source: 
http://sourceforge.net/projects/infozip/files/UnZip%206.x%20%28latest%29/UnZip%206.0/%{name}%{fileversion}.tar.gz
 Patch0: unzip.dif
 Patch1: unzip-iso8859_2.patch
 Patch3: unzip-optflags.patch
@@ -36,9 +34,9 @@
 Patch10:unzip-5.52-use_librcc.patch
 Patch11:unzip-no-build-date.patch
 Patch12:unzip-dont_call_isprint.patch
-BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  librcc-devel
 Suggests:   librcc0
+BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 
 %description
 UnZip is an extraction utility for archives compressed in .zip format
@@ -47,12 +45,6 @@
 program, our primary objectives have been portability and non-MS-DOS
 functionality. This version can also extract encrypted archives.
 
-
-
-Authors:
-
-Info-ZIP zip-b...@lists.wku.edu
-
 %prep
 %setup -q -n %{name}%{fileversion}
 %patch0
@@ -66,7 +58,7 @@
 %patch12
 
 %build
-export RPM_OPT_FLAGS=%optflags \
+export RPM_OPT_FLAGS=%{optflags} \
 -D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
 -DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
 -DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
@@ -78,19 +70,16 @@
 make -f unix/Makefile check
 
 %install
-mkdir -p $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1}
+mkdir -p %{buildroot}{%{_bindir},%{_mandir}/man1}
 for i in unzip funzip unzipsfx;\
-do install $i $RPM_BUILD_ROOT%{_bindir};done;
-ln -s unzip $RPM_BUILD_ROOT%{_bindir}/zipinfo
-install unix/zipgrep $RPM_BUILD_ROOT%{_bindir}
+do install $i %{buildroot}%{_bindir};done;
+ln -s unzip %{buildroot}%{_bindir}/zipinfo
+install unix/zipgrep %{buildroot}%{_bindir}
 for i in man/*.1;  \
 do \
-  install -m 644 $i $RPM_BUILD_ROOT%{_mandir}/man1/
+  install -m 644 $i %{buildroot}%{_mandir}/man1/
 done
 
-%clean
-rm -rf $RPM_BUILD_ROOT
-
 %files
 %defattr(-,root,root)
 %doc %{_mandir}/man1/*

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit unzip for openSUSE:Factory

2011-12-06 Thread h_root
Hello community,

here is the log from the commit of package unzip for openSUSE:Factory checked 
in at 2011-12-06 19:10:39

Comparing /work/SRC/openSUSE:Factory/unzip (Old)
 and  /work/SRC/openSUSE:Factory/.unzip.new (New)


Package is unzip, Maintainer is p...@suse.com

Changes:




Other differences:
--
++ unzip.spec ++
--- /var/tmp/diff_new_pack.0h92zg/_old  2011-12-06 19:45:06.0 +0100
+++ /var/tmp/diff_new_pack.0h92zg/_new  2011-12-06 19:45:06.0 +0100
@@ -18,7 +18,7 @@
 
 
 Name:   unzip
-License:BSD3c
+License:BSD-3-Clause
 Group:  Productivity/Archiving/Compression
 AutoReqProv:on
 Version:6.00

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit unzip for openSUSE:Factory

2011-08-06 Thread h_root

Hello community,

here is the log from the commit of package unzip for openSUSE:Factory
checked in at Sat Aug 6 19:09:43 CEST 2011.




--- unzip/unzip.changes 2011-05-23 16:22:07.0 +0200
+++ /mounts/work_src_done/STABLE/unzip/unzip.changes2011-08-05 
14:03:53.0 +0200
@@ -1,0 +2,5 @@
+Fri Aug  5 13:57:24 CEST 2011 - p...@suse.de
+
+- Don't call isprint (bnc#620483).
+
+---

calling whatdependson for head-i586


New:

  unzip-dont_call_isprint.patch



Other differences:
--
++ unzip.spec ++
--- /var/tmp/diff_new_pack.1P7ZiM/_old  2011-08-06 19:09:10.0 +0200
+++ /var/tmp/diff_new_pack.1P7ZiM/_new  2011-08-06 19:09:10.0 +0200
@@ -22,7 +22,7 @@
 Group:  Productivity/Archiving/Compression
 AutoReqProv:on
 Version:6.00
-Release:10
+Release:12
 %define fileversion 60
 Summary:A program to unpack compressed files
 Source: %{name}%{fileversion}.tar.bz2
@@ -35,6 +35,7 @@
 Patch8: unzip-open_missing_mode.patch
 Patch10:unzip-5.52-use_librcc.patch
 Patch11:unzip-no-build-date.patch
+Patch12:unzip-dont_call_isprint.patch
 BuildRoot:  %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  librcc-devel
 Suggests:   librcc0
@@ -62,6 +63,7 @@
 %patch8
 %patch10
 %patch11
+%patch12
 
 %build
 export RPM_OPT_FLAGS=%optflags \

++ unzip-dont_call_isprint.patch ++
Author: Suren A. Chilingaryan c...@dside.dyndns.org

Index: extract.c
===
--- extract.c.orig  2009-03-14 04:32:52.0 +0300
+++ extract.c   2010-07-07 17:29:52.0 +0400
@@ -2596,7 +2596,7 @@ char *fnfilter(raw, space, size)   /* co
  */
 #   define UZ_FNFILTER_REPLACECHAR  '?'
 # endif
-if (!isprint(*r)) {
+if (*r  32) { //(!isprint(*r)) {
 if (*r  32) {
 /* ASCII control codes are escaped as ^{letter}. */
 if (se != NULL  (s  (space + (size-4 {





Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org



commit unzip for openSUSE:Factory

2011-05-09 Thread h_root

Hello community,

here is the log from the commit of package unzip for openSUSE:Factory
checked in at Mon May 9 08:58:47 CEST 2011.




--- unzip/unzip.changes 2011-01-28 14:51:03.0 +0100
+++ /mounts/work_src_done/STABLE/unzip/unzip.changes2011-05-07 
23:18:48.0 +0200
@@ -1,0 +2,7 @@
+Sat May 07 23:16:45 UTC 2011 - idoen...@novell.com
+
+- Sync our compile time flags with Debian except Acorn stuff, this enables 
+   UTF-8, saves an unrelated warning about lchmod being not implemented.
+- Enable make check
+
+---

calling whatdependson for head-i586




Other differences:
--
++ unzip.spec ++
--- /var/tmp/diff_new_pack.YkrxZR/_old  2011-05-09 08:49:45.0 +0200
+++ /var/tmp/diff_new_pack.YkrxZR/_new  2011-05-09 08:49:45.0 +0200
@@ -22,7 +22,7 @@
 Group:  Productivity/Archiving/Compression
 AutoReqProv:on
 Version:6.00
-Release:3
+Release:8
 %define fileversion 60
 Summary:A program to unpack compressed files
 Source: %{name}%{fileversion}.tar.bz2
@@ -64,8 +64,16 @@
 %patch11
 
 %build
-export RPM_OPT_FLAGS=%optflags -DLARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 
-D_GNU_SOURCE -fstack-protector -I. -DRCC_LAZY -fno-strict-aliasing
-make %{?jobs:-j%jobs} -f unix/Makefile LF2=-ldl linux_noasm
+export RPM_OPT_FLAGS=%optflags \
+-D_GNU_SOURCE -DRCC_LAZY -DWILD_STOP_AT_DIR \
+-DLARGE_FILE_SUPPORT -DUNICODE_SUPPORT \
+-DUNICODE_WCHAR -DUTF8_MAYBE_NATIVE -DNO_LCHMOD \
+-DDATE_FORMAT=DF_YMD -I. -fstack-protector -fno-strict-aliasing
+
+make %{?_smp_mflags}  -f unix/Makefile LF2=-ldl linux_noasm
+
+%check
+make -f unix/Makefile check
 
 %install
 mkdir -p $RPM_BUILD_ROOT{%{_bindir},%{_mandir}/man1}






Remember to have fun...

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org