diff --git a/archivers/zip/Makefile b/archivers/zip/Makefile index 0826bd37bce8..eb392156abf8 100644 --- a/archivers/zip/Makefile +++ b/archivers/zip/Makefile @@ -1,43 +1,43 @@ PORTNAME= zip PORTVERSION= 3.0 -PORTREVISION= 4 +PORTREVISION= 5 CATEGORIES= archivers MASTER_SITES= SF/info${PORTNAME}/Zip%203.x%20%28latest%29/${PORTVERSION} DISTNAME= ${PORTNAME}${PORTVERSION:S/.//g} MAINTAINER= fuz@FreeBSD.org COMMENT= Create/update ZIP files compatible with PKZIP WWW= https://infozip.sourceforge.net/Zip.html # License is BSD-based, but not identical, so install with documentation LICENSE= BSD3CLAUSE LICENSE_FILE= ${WRKSRC}/LICENSE USES= cpe CPE_VENDOR= info-zip_project OPTIONS_DEFINE= DOCS CFLAGS+= -Wno-deprecated-non-prototype MAKE_ARGS= CC="${CC}" CFLAGS="${CFLAGS}" MAKEFILE= unix/Makefile ALL_TARGET= generic PLIST_FILES= bin/zip bin/zipcloak bin/zipnote bin/zipsplit \ share/man/man1/zip.1.gz share/man/man1/zipcloak.1.gz \ share/man/man1/zipnote.1.gz share/man/man1/zipsplit.1.gz PORTDOCS= * do-install: .for p in ${PLIST_FILES:Mbin*:T} ${INSTALL_PROGRAM} ${WRKSRC}/${p} ${STAGEDIR}${PREFIX}/bin ${INSTALL_MAN} ${WRKSRC}/man/${p}.1 ${STAGEDIR}${PREFIX}/share/man/man1 .endfor do-install-DOCS-on: @${MKDIR} ${STAGEDIR}${DOCSDIR} cd ${WRKSRC}/ && ${INSTALL_DATA} CHANGES README* TODO WHATSNEW WHERE ${STAGEDIR}${DOCSDIR} .include diff --git a/archivers/zip/files/patch-fileio.c b/archivers/zip/files/patch-fileio.c new file mode 100644 index 000000000000..8cd84ef1b5f9 --- /dev/null +++ b/archivers/zip/files/patch-fileio.c @@ -0,0 +1,19 @@ +From: Shengjing Zhu +Subject: Fix buffer overflow when filename contains unicode characters +Bug-Debian: https://bugs.debian.org/1077054 +Bug-Debian: https://bugs.debian.org/1093629 +Bug-Ubuntu: https://launchpad.net/bugs/2062535 +Forwarded: https://sourceforge.net/p/infozip/bugs/81/ +Origin: https://src.fedoraproject.org/rpms/zip/raw/f41/f/buffer_overflow.patch + +--- fileio.c.orig 2008-05-29 00:13:24 UTC ++++ fileio.c +@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_string) + if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) { + ZIPERR(ZE_MEM, "local_to_wide_string"); + } +- wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1); ++ wsize = mbstowcs(wc_string, local_string, wsize + 1); + wc_string[wsize] = (wchar_t) 0; + + /* in case wchar_t is not zwchar */ diff --git a/archivers/zip/files/patch-unix_unix.c b/archivers/zip/files/patch-unix_unix.c new file mode 100644 index 000000000000..22a92db74d40 --- /dev/null +++ b/archivers/zip/files/patch-unix_unix.c @@ -0,0 +1,15 @@ +From: Marcin Owsiany +Subject: Fix symlink update detection +Bug-Debian: https://bugs.debian.org/1005943 + +--- unix/unix.c.orig 2008-06-19 04:26:18 UTC ++++ unix/unix.c +@@ -423,7 +423,7 @@ ulg filetime(f, a, n, t) + } + } + if (n != NULL) +- *n = (s.st_mode & S_IFMT) == S_IFREG ? s.st_size : -1L; ++ *n = ((s.st_mode & S_IFMT) == S_IFREG || (s.st_mode & S_IFMT) == S_IFLNK) ? s.st_size : -1L; + if (t != NULL) { + t->atime = s.st_atime; + t->mtime = s.st_mtime; diff --git a/archivers/zip/files/patch-zip.c b/archivers/zip/files/patch-zip.c new file mode 100644 index 000000000000..d81182e3baf1 --- /dev/null +++ b/archivers/zip/files/patch-zip.c @@ -0,0 +1,43 @@ +From: Santiago Vila +Subject: Use format specifier %s to print strings, not the string itself +Bug-Debian: https://bugs.debian.org/673476 +X-Debian-version: 3.0-5 + +From: Florent 'Skia' Jacquet +Subject: Fix buffer overflow when using '-T -TT' +Bug-Debian: https://bugs.debian.org/1093629 +Bug-Ubuntu: https://launchpad.net/bugs/2093024 +Forwarded: https://sourceforge.net/p/infozip/bugs/81/ + +strlen(unzip_path) + strlen(zipname) + " " + "'" + "'" + '\0' +The additional space required in the `cmd` buffer is 4, not 3. + +--- zip.c.orig 2008-07-05 16:34:06 UTC ++++ zip.c +@@ -1028,7 +1028,7 @@ local void help_extended() + + for (i = 0; i < sizeof(text)/sizeof(char *); i++) + { +- printf(text[i]); ++ printf("%s", text[i]); + putchar('\n'); + } + #ifdef DOS +@@ -1225,7 +1225,7 @@ local void version_info() + CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE); + for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++) + { +- printf(cryptnote[i]); ++ printf("%s", cryptnote[i]); + putchar('\n'); + } + ++i; /* crypt support means there IS at least one compilation option */ +@@ -1437,7 +1437,7 @@ local void check_zipfile(zipname, zippath) + /* Replace first {} with archive name. If no {} append name to string. */ + here = strstr(unzip_path, "{}"); + +- if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 3)) == NULL) { ++ if ((cmd = malloc(strlen(unzip_path) + strlen(zipname) + 4)) == NULL) { + ziperr(ZE_MEM, "building command string for testing archive"); + } + diff --git a/archivers/zip/files/patch-zipnote.c b/archivers/zip/files/patch-zipnote.c new file mode 100644 index 000000000000..01b1d97f91f2 --- /dev/null +++ b/archivers/zip/files/patch-zipnote.c @@ -0,0 +1,16 @@ +From: Christian Spieler +Subject: zipnote.c: Close in_file instead of undefined file x +Bug-Debian: https://bugs.debian.org/628594 +X-Debian-version: 3.0-4 + +--- zipnote.c.orig 2008-05-08 08:17:08 UTC ++++ zipnote.c +@@ -661,7 +661,7 @@ char **argv; /* command line tokens */ + if ((r = zipcopy(z)) != ZE_OK) + ziperr(r, "was copying an entry"); + } +- fclose(x); ++ fclose(in_file); + + /* Write central directory and end of central directory with new comments */ + if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */