pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
unzip: commited to pkgsrc
Module Name: pkgsrc-wip
Committed By: kikadf <kikadf.01%gmail.com@localhost>
Pushed By: kikadf
Date: Sun Aug 24 19:07:39 2025 +0200
Changeset: 9333867c1b9f341845caa7560d1e47b41c2e5629
Modified Files:
Makefile
Removed Files:
unzip/COMMIT_MSG
unzip/DESCR
unzip/Makefile
unzip/PLIST
unzip/distinfo
unzip/patches/patch-ab
unzip/patches/patch-ac
unzip/patches/patch-crypt.c
unzip/patches/patch-extract.c
unzip/patches/patch-fileio.c
unzip/patches/patch-globals.c
unzip/patches/patch-globals.h
unzip/patches/patch-list.c
unzip/patches/patch-man_unzip.1
unzip/patches/patch-process.c
unzip/patches/patch-unix_unxcfg.h
unzip/patches/patch-unzip.c
unzip/patches/patch-unzip.h
unzip/patches/patch-unzpriv.h
unzip/patches/patch-zipinfo.c
Log Message:
unzip: commited to pkgsrc
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=9333867c1b9f341845caa7560d1e47b41c2e5629
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
Makefile | 1 -
unzip/COMMIT_MSG | 26 ---
unzip/DESCR | 22 ---
unzip/Makefile | 64 ------
unzip/PLIST | 16 --
unzip/distinfo | 20 --
unzip/patches/patch-ab | 33 ----
unzip/patches/patch-ac | 48 -----
unzip/patches/patch-crypt.c | 26 ---
unzip/patches/patch-extract.c | 407 --------------------------------------
unzip/patches/patch-fileio.c | 135 -------------
unzip/patches/patch-globals.c | 23 ---
unzip/patches/patch-globals.h | 40 ----
unzip/patches/patch-list.c | 54 -----
unzip/patches/patch-man_unzip.1 | 24 ---
unzip/patches/patch-process.c | 271 -------------------------
unzip/patches/patch-unix_unxcfg.h | 48 -----
unzip/patches/patch-unzip.c | 46 -----
unzip/patches/patch-unzip.h | 30 ---
unzip/patches/patch-unzpriv.h | 39 ----
unzip/patches/patch-zipinfo.c | 27 ---
21 files changed, 1400 deletions(-)
diffs:
diff --git a/Makefile b/Makefile
index 9b5bb20cb1..bb3a7a9d40 100644
--- a/Makefile
+++ b/Makefile
@@ -5861,7 +5861,6 @@ SUBDIR+= unnethack
SUBDIR+= unpaper
SUBDIR+= unrealtournament-server
SUBDIR+= unrest
-SUBDIR+= unzip
SUBDIR+= uperf
SUBDIR+= uprof
SUBDIR+= ups-monitor
diff --git a/unzip/COMMIT_MSG b/unzip/COMMIT_MSG
deleted file mode 100644
index a7212acc03..0000000000
--- a/unzip/COMMIT_MSG
+++ /dev/null
@@ -1,26 +0,0 @@
-archivers/unzip: fix some CVEs
-
-Fix CVE-2018-1000035
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
- https://www.bamsoftware.com/hacks/zipbomb/
- With patches:
- $ /usr/pkg/bin/unzip zbsm.zip
- Archive: zbsm.zip
- inflating: 0
- error: invalid zip file with overlapped components (possible zip bomb)
- To unzip the file anyway, rerun the command with UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environmnent variable
-
-Fix CVE-2021-4217
- https://gitlab.archlinux.org/archlinux/packaging/packages/unzip/-/raw/main/unzip-6.0_CVE-2021-4217.patch
-
diff --git a/unzip/DESCR b/unzip/DESCR
deleted file mode 100644
index 48c21b4b41..0000000000
--- a/unzip/DESCR
+++ /dev/null
@@ -1,22 +0,0 @@
-Unzip will list, test, or extract files from a ZIP archive, commonly
-found on MS-DOS systems. The default behavior (with no options) is to
-extract into the current directory (and subdirectories below it) all
-files from the specified ZIP archive. Unzip is compatible with
-archives created by PKWARE's PKZIP, but in many cases the program
-options or default behaviors differ.
-
-Zipinfo lists technical information about files in a ZIP archive, most
-commonly found on MS-DOS systems. Such information includes file access
-permissions, encryption status, type of compression, version and operating
-system or file system of compressing program, and the like.
-
-Funzip acts as a filter; that is, it assumes that a ZIP archive is
-being piped into standard input, and it extracts the first member from
-the archive to stdout. If there is an argument, then the input comes
-from the specified file instead of from stdin.
-
-Unzipsfx is a modified version of unzip designed to be prepended to
-existing ZIP archives in order to form self-extracting archives.
-Instead of taking its first non-flag argument to be the zipfile(s) to
-be extracted, unzipsfx seeks itself under the name by which it was
-invoked and tests or extracts the contents of the appended archive.
diff --git a/unzip/Makefile b/unzip/Makefile
deleted file mode 100644
index 77d162720f..0000000000
--- a/unzip/Makefile
+++ /dev/null
@@ -1,64 +0,0 @@
-# $NetBSD: Makefile,v 1.101 2025/07/03 09:59:10 jperkin Exp $
-
-DISTNAME= unzip60
-PKGNAME= unzip-6.0
-PKGREVISION= 11
-CATEGORIES= archivers
-MASTER_SITES= ftp://ftp.info-zip.org/pub/infozip/src/
-EXTRACT_SUFX= .tgz
-
-MAINTAINER= pkgsrc-users%NetBSD.org@localhost
-HOMEPAGE= http://www.info-zip.org/UnZip.html
-COMMENT= List, test and extract compressed files in a ZIP archive
-LICENSE= info-zip
-
-REPLACE_SH= unix/zipgrep
-
-USE_TOOLS+= gmake
-
-CONFLICTS= fcrackzip<1.0nb1
-
-.include "../../mk/bsd.prefs.mk"
-
-MAKE_FILE= unix/Makefile
-BUILD_TARGET= generic_zlib unzipsfx
-
-.if ${OPSYS:M*BSD} != "" || ${OPSYS} == "Darwin"
-CPPFLAGS+= -DBSD
-.endif
-.if (${OPSYS} == "SunOS" || \
- ${OPSYS} == "OSF1" || \
- ${OPSYS} == "AIX" || \
- ${OPSYS} == "OpenBSD" || \
- ${OPSYS} == "Cygwin" || \
- ${OPSYS} == "UnixWare" || \
- (${OPSYS} == "Darwin" && !empty(OS_VERSION:M[01234678].*))) || \
- ${OS_VARIANT} == "SCOOSR5" || \
- ${OPSYS} == "Linux"
-CPPFLAGS+= -DNO_LCHMOD
-.endif
-CPPFLAGS+= -DUNIX -Dunix -DUSE_UNSHRINK -I.
-.if !${MACHINE_PLATFORM:MSunOS-*-sparc}
-CPPFLAGS+= -DLARGE_FILE_SUPPORT
-.endif
-
-MAKE_FLAGS+= CF=${CPPFLAGS:Q}\ ${CFLAGS:Q}
-MAKE_FLAGS+= LF2=${_STRIPFLAG_CC:Q}\ ${LDFLAGS:Q}\ -lz
-
-INSTALLATION_DIRS= bin ${PKGMANDIR}/man1 share/doc/unzip
-
-TEST_TARGET= check
-
-do-install:
- cd ${WRKSRC} && ${INSTALL_PROGRAM} unzip funzip unzipsfx ${DESTDIR}${PREFIX}/bin
- ${LN} -sf unzip ${DESTDIR}${PREFIX}/bin/zipinfo
- cd ${WRKSRC}/unix && ${INSTALL_SCRIPT} zipgrep ${DESTDIR}${PREFIX}/bin
- cd ${WRKSRC}/man && ${INSTALL_MAN} funzip.1 unzip.1 unzipsfx.1 \
- zipgrep.1 zipinfo.1 ${DESTDIR}${PREFIX}/${PKGMANDIR}/man1
- cd ${WRKSRC} && ${INSTALL_DATA} BUGS LICENSE README WHERE \
- ${DESTDIR}${PREFIX}/share/doc/unzip
- cd ${WRKSRC} && ${INSTALL_DATA} COPYING.OLD \
- ${DESTDIR}${PREFIX}/share/doc/unzip
-
-.include "../../devel/zlib/buildlink3.mk"
-.include "../../mk/bsd.pkg.mk"
diff --git a/unzip/PLIST b/unzip/PLIST
deleted file mode 100644
index 5b88f72004..0000000000
--- a/unzip/PLIST
+++ /dev/null
@@ -1,16 +0,0 @@
-@comment $NetBSD: PLIST,v 1.4 2010/03/03 16:27:57 wiz Exp $
-bin/funzip
-bin/unzip
-bin/unzipsfx
-bin/zipgrep
-bin/zipinfo
-man/man1/funzip.1
-man/man1/unzip.1
-man/man1/unzipsfx.1
-man/man1/zipgrep.1
-man/man1/zipinfo.1
-share/doc/unzip/BUGS
-share/doc/unzip/COPYING.OLD
-share/doc/unzip/LICENSE
-share/doc/unzip/README
-share/doc/unzip/WHERE
diff --git a/unzip/distinfo b/unzip/distinfo
deleted file mode 100644
index 71ed882530..0000000000
--- a/unzip/distinfo
+++ /dev/null
@@ -1,20 +0,0 @@
-$NetBSD: distinfo,v 1.37 2025/07/03 09:59:10 jperkin Exp $
-
-BLAKE2s (unzip60.tgz) = d083b60907af71a6870edc1e87be4566dee486d5089e1fc3b57cc6ebac00818f
-SHA512 (unzip60.tgz) = 0694e403ebc57b37218e00ec1a406cae5cc9c5b52b6798e0d4590840b6cdbf9ddc0d9471f67af783e960f8fa2e620394d51384257dca23d06bcd90224a80ce5d
-Size (unzip60.tgz) = 1376845 bytes
-SHA1 (patch-ab) = 672635c469e0a53ac9808f8155ee38643a8acf69
-SHA1 (patch-ac) = 0e1eb1e868bc2a26500b1d895bae2d9e7bc105ff
-SHA1 (patch-crypt.c) = e44e14ba2c8e5651659c6756a5adbe88b4385ca4
-SHA1 (patch-extract.c) = cc5756372f3bc4fbdbf06a118a506d5045b17578
-SHA1 (patch-fileio.c) = 761051e87782f8bb0b195ecd0ea6e000e9f93530
-SHA1 (patch-globals.c) = c9f7467c3a5baf837d3561752b0e9d8383098bcb
-SHA1 (patch-globals.h) = 9c21780eb795cca6379832c73183b3bef11c884e
-SHA1 (patch-list.c) = 29e6dc3f5d40bb087a8bff58f75eb02568f3ad87
-SHA1 (patch-man_unzip.1) = e7d43e774c909a1f06f19bba7b6c2870f9402ce9
-SHA1 (patch-process.c) = 4f451259055a240e4d99baa61349e31f6832a3e2
-SHA1 (patch-unix_unxcfg.h) = 8128ea53719ca88e9a4f4788fb7b4f706399f8ae
-SHA1 (patch-unzip.c) = e17e9c0f7bcb400de2e2da79a9fa1eca8e279e37
-SHA1 (patch-unzip.h) = fe448902952fe8597f0009942f86d3fc6d06dc7c
-SHA1 (patch-unzpriv.h) = fb8d0e8d1eea195d6ecdd7bc7773a3e30db3da8a
-SHA1 (patch-zipinfo.c) = 0d93fd9b145e7e707762119ee30ddf8eac9c2f31
diff --git a/unzip/patches/patch-ab b/unzip/patches/patch-ab
deleted file mode 100644
index dbd0e38fe9..0000000000
--- a/unzip/patches/patch-ab
+++ /dev/null
@@ -1,33 +0,0 @@
-$NetBSD: patch-ab,v 1.7 2012/04/25 19:35:02 wiz Exp $
-
-pkgsrc adaptation.
-
---- unix/Makefile.orig 2009-01-18 22:41:18.000000000 +0000
-+++ unix/Makefile
-@@ -42,7 +42,7 @@
- # such as -DDOSWILD).
-
- # UnZip flags
--CC = cc# try using "gcc" target rather than changing this (CC and LD
-+#CC = cc# try using "gcc" target rather than changing this (CC and LD
- LD = $(CC)# must match, else "unresolved symbol: ___main" is possible)
- AS = as
- LOC = $(D_USE_BZ2) $(LOCAL_UNZIP)
-@@ -580,7 +580,7 @@ generic_bz2: unix_make
- generic_zlib: unix_make
- @echo\
- "This target assumes zlib (libz.a or libz.so.*) is already installed."
-- $(MAKE) unzip funzip CF="$(CF) -DUSE_ZLIB" LF2="-lz $(LF2)"
-+ $(MAKE) unzip funzip CF="$(CF) -DUSE_ZLIB" LF2="$(LF2)"
-
- # Generic GNU C shared library. This is an example of how to compile UnZip as
- # a shared library. (Doing so as a static library would be similar.) See also
-@@ -651,7 +651,7 @@ vax: unzips # general-purpose VAX targe
- bsd: _bsd # generic BSD (BSD 4.2 & Ultrix handled in unzip.h)
-
- _bsd: unix_make
-- $(MAKE) unzips CF="$(CF) -DBSD"
-+ $(MAKE) unzips CF="$(CF) -DBSD -DUNIX"
-
- #----------------------------------------------------------------------------
- # SysV group (for extern long timezone and ioctl.h instead of sgtty.h):
diff --git a/unzip/patches/patch-ac b/unzip/patches/patch-ac
deleted file mode 100644
index c00b34b549..0000000000
--- a/unzip/patches/patch-ac
+++ /dev/null
@@ -1,48 +0,0 @@
-$NetBSD: patch-ac,v 1.3 2012/09/14 13:10:48 wiz Exp $
-
-Fix build with -DFUNZIP.
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
---- inflate.c.orig 2008-07-30 03:31:08.000000000 +0200
-+++ inflate.c
-@@ -473,7 +473,11 @@ int UZinflate(__G__ is_defl64)
- retval = 2;
- } else {
- /* output write failure */
-+#ifdef FUNZIP
-+ retval = PK_DISK;
-+#else
- retval = (G.disk_full != 0 ? PK_DISK : IZ_CTRLC);
-+#endif
- }
- } else {
- Trace((stderr, "oops! (inflateBack9() err = %d)\n", err));
-@@ -538,7 +542,11 @@ int UZinflate(__G__ is_defl64)
- retval = 2;
- } else {
- /* output write failure */
-+#ifdef FUNZIP
-+ retval = PK_DISK;
-+#else
- retval = (G.disk_full != 0 ? PK_DISK : IZ_CTRLC);
-+#endif
- }
- } else {
- Trace((stderr, "oops! (inflateBack() err = %d)\n", err));
-@@ -700,7 +708,7 @@ int UZinflate(__G__ is_defl64)
- G.dstrm.total_out));
-
- G.inptr = (uch *)G.dstrm.next_in;
-- G.incnt = (G.inbuf + INBUFSIZ) - G.inptr; /* reset for other routines */
-+ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */
-
- uzinflate_cleanup_exit:
- err = inflateReset(&G.dstrm);
diff --git a/unzip/patches/patch-crypt.c b/unzip/patches/patch-crypt.c
deleted file mode 100644
index a4cfedd8f5..0000000000
--- a/unzip/patches/patch-crypt.c
+++ /dev/null
@@ -1,26 +0,0 @@
-$NetBSD: patch-crypt.c,v 1.1 2015/11/11 12:47:27 wiz Exp $
-
-Bug fix for heap overflow, from Debian.
-CVE-2015-7696
-
---- crypt.c.orig 2007-01-05 15:47:36.000000000 +0000
-+++ crypt.c
-@@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)
- GLOBAL(pInfo->encrypted) = FALSE;
- defer_leftover_input(__G);
- for (n = 0; n < RAND_HEAD_LEN; n++) {
-- b = NEXTBYTE;
-+ /* 2012-11-23 SMS. (OUSPG report.)
-+ * Quit early if compressed size < HEAD_LEN. The resulting
-+ * error message ("unable to get password") could be improved,
-+ * but it's better than trying to read nonexistent data, and
-+ * then continuing with a negative G.csize. (See
-+ * fileio.c:readbyte()).
-+ */
-+ if ((b = NEXTBYTE) == (ush)EOF)
-+ {
-+ return PK_ERR;
-+ }
- h[n] = (uch)b;
- Trace((stdout, " (%02x)", h[n]));
- }
diff --git a/unzip/patches/patch-extract.c b/unzip/patches/patch-extract.c
deleted file mode 100644
index c81eb9c98a..0000000000
--- a/unzip/patches/patch-extract.c
+++ /dev/null
@@ -1,407 +0,0 @@
-$NetBSD: patch-extract.c,v 1.3 2015/11/11 12:47:27 wiz Exp $
-
-Fixes for
-* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
-* https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8140
-* http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow2.diff via
- http://seclists.org/oss-sec/2014/q4/1131 and
- http://seclists.org/oss-sec/2014/q4/507 and later version
- http://sf.net/projects/mancha/files/sec/unzip-6.0_overflow3.diff via
- http://www.openwall.com/lists/oss-security/2015/02/11/7
-
-By carefully crafting a corrupt ZIP archive with "extra fields" that
-purport to have compressed blocks larger than the corresponding
-uncompressed blocks in STORED no-compression mode, an attacker can
-trigger a heap overflow that can result in application crash or
-possibly have other unspecified impact.
-
-This patch ensures that when extra fields use STORED mode, the
-"compressed" and uncompressed block sizes match.
-* CVE-2015-7697 (from Debian)
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802160
-* integer underflow
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802160
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-
-
---- extract.c.orig 2009-03-14 02:32:52.000000000 +0100
-+++ extract.c
-@@ -1,5 +1,5 @@
- /*
-- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
-+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
-
- See the accompanying file LICENSE, version 2009-Jan-02 or later
- (the contents of which are also included in unzip.h) for terms of use.
-@@ -298,6 +298,8 @@ char ZCONST Far TruncNTSD[] =
- #ifndef SFX
- static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
- EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
-+ static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
-+ EF block length (%u bytes) invalid (< %d)\n";
- static ZCONST char Far InvalidComprDataEAs[] =
- " invalid compressed data for EAs\n";
- # if (defined(WIN32) && defined(NTSD_EAS))
-@@ -319,6 +321,126 @@ static ZCONST char Far UnsupportedExtraF
- "\nerror: unsupported extra-field compression type (%u)--skipping\n";
- static ZCONST char Far BadExtraFieldCRC[] =
- "error [%s]: bad extra-field CRC %08lx (should be %08lx)\n";
-+static ZCONST char Far NotEnoughMemCover[] =
-+ "error: not enough memory for bomb detection\n";
-+static ZCONST char Far OverlappedComponents[] =
-+ "error: invalid zip file with overlapped components (possible zip bomb)\n \
-+To unzip the file anyway, rerun the command with UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environmnent variable\n";
-+
-+
-+
-+
-+
-+/* A growable list of spans. */
-+typedef zoff_t bound_t;
-+typedef struct {
-+ bound_t beg; /* start of the span */
-+ bound_t end; /* one past the end of the span */
-+} span_t;
-+typedef struct {
-+ span_t *span; /* allocated, distinct, and sorted list of spans */
-+ size_t num; /* number of spans in the list */
-+ size_t max; /* allocated number of spans (num <= max) */
-+} cover_t;
-+
-+/*
-+ * Return the index of the first span in cover whose beg is greater than val.
-+ * If there is no such span, then cover->num is returned.
-+ */
-+static size_t cover_find(cover, val)
-+ cover_t *cover;
-+ bound_t val;
-+{
-+ size_t lo = 0, hi = cover->num;
-+ while (lo < hi) {
-+ size_t mid = (lo + hi) >> 1;
-+ if (val < cover->span[mid].beg)
-+ hi = mid;
-+ else
-+ lo = mid + 1;
-+ }
-+ return hi;
-+}
-+
-+/* Return true if val lies within any one of the spans in cover. */
-+static int cover_within(cover, val)
-+ cover_t *cover;
-+ bound_t val;
-+{
-+ size_t pos = cover_find(cover, val);
-+ return pos > 0 && val < cover->span[pos - 1].end;
-+}
-+
-+/*
-+ * Add a new span to the list, but only if the new span does not overlap any
-+ * spans already in the list. The new span covers the values beg..end-1. beg
-+ * must be less than end.
-+ *
-+ * Keep the list sorted and merge adjacent spans. Grow the allocated space for
-+ * the list as needed. On success, 0 is returned. If the new span overlaps any
-+ * existing spans, then 1 is returned and the new span is not added to the
-+ * list. If the new span is invalid because beg is greater than or equal to
-+ * end, then -1 is returned. If the list needs to be grown but the memory
-+ * allocation fails, then -2 is returned.
-+ */
-+static int cover_add(cover, beg, end)
-+ cover_t *cover;
-+ bound_t beg;
-+ bound_t end;
-+{
-+ size_t pos;
-+ int prec, foll;
-+
-+ if (beg >= end)
-+ /* The new span is invalid. */
-+ return -1;
-+
-+ /* Find where the new span should go, and make sure that it does not
-+ overlap with any existing spans. */
-+ pos = cover_find(cover, beg);
-+ if ((pos > 0 && beg < cover->span[pos - 1].end) ||
-+ (pos < cover->num && end > cover->span[pos].beg))
-+ return 1;
-+
-+ /* Check for adjacencies. */
-+ prec = pos > 0 && beg == cover->span[pos - 1].end;
-+ foll = pos < cover->num && end == cover->span[pos].beg;
-+ if (prec && foll) {
-+ /* The new span connects the preceding and following spans. Merge the
-+ following span into the preceding span, and delete the following
-+ span. */
-+ cover->span[pos - 1].end = cover->span[pos].end;
-+ cover->num--;
-+ memmove(cover->span + pos, cover->span + pos + 1,
-+ (cover->num - pos) * sizeof(span_t));
-+ }
-+ else if (prec)
-+ /* The new span is adjacent only to the preceding span. Extend the end
-+ of the preceding span. */
-+ cover->span[pos - 1].end = end;
-+ else if (foll)
-+ /* The new span is adjacent only to the following span. Extend the
-+ beginning of the following span. */
-+ cover->span[pos].beg = beg;
-+ else {
-+ /* The new span has gaps between both the preceding and the following
-+ spans. Assure that there is room and insert the span. */
-+ if (cover->num == cover->max) {
-+ size_t max = cover->max == 0 ? 16 : cover->max << 1;
-+ span_t *span = realloc(cover->span, max * sizeof(span_t));
-+ if (span == NULL)
-+ return -2;
-+ cover->span = span;
-+ cover->max = max;
-+ }
-+ memmove(cover->span + pos + 1, cover->span + pos,
-+ (cover->num - pos) * sizeof(span_t));
-+ cover->num++;
-+ cover->span[pos].beg = beg;
-+ cover->span[pos].end = end;
-+ }
-+ return 0;
-+}
-
-
-
-@@ -374,6 +496,44 @@ int extract_or_test_files(__G) /* ret
- }
- #endif /* !SFX || SFX_EXDIR */
-
-+ /* One more: initialize cover structure for bomb detection. Start with
-+ spans that cover any extra bytes at the start, the central directory,
-+ the end of central directory record (including the Zip64 end of central
-+ directory locator, if present), and the Zip64 end of central directory
-+ record, if present. */
-+ if (uO.zipbomb == TRUE) {
-+ if (G.cover == NULL) {
-+ G.cover = malloc(sizeof(cover_t));
-+ if (G.cover == NULL) {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(NotEnoughMemCover)));
-+ return PK_MEM;
-+ }
-+ ((cover_t *)G.cover)->span = NULL;
-+ ((cover_t *)G.cover)->max = 0;
-+ }
-+ ((cover_t *)G.cover)->num = 0;
-+ if (cover_add((cover_t *)G.cover,
-+ G.extra_bytes + G.ecrec.offset_start_central_directory,
-+ G.extra_bytes + G.ecrec.offset_start_central_directory +
-+ G.ecrec.size_central_directory) != 0) {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(NotEnoughMemCover)));
-+ return PK_MEM;
-+ }
-+ if ((G.extra_bytes != 0 &&
-+ cover_add((cover_t *)G.cover, 0, G.extra_bytes) != 0) ||
-+ (G.ecrec.have_ecr64 &&
-+ cover_add((cover_t *)G.cover, G.ecrec.ec64_start,
-+ G.ecrec.ec64_end) != 0) ||
-+ cover_add((cover_t *)G.cover, G.ecrec.ec_start,
-+ G.ecrec.ec_end) != 0) {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(OverlappedComponents)));
-+ return PK_BOMB;
-+ }
-+ }
-+
- /*---------------------------------------------------------------------------
- The basic idea of this function is as follows. Since the central di-
- rectory lies at the end of the zipfile and the member files lie at the
-@@ -498,6 +658,7 @@ int extract_or_test_files(__G) /* ret
- break;
- }
- }
-+ G.pInfo->zip64 = FALSE;
- if ((error = do_string(__G__ G.crec.extra_field_length,
- EXTRA_FIELD)) != 0)
- {
-@@ -591,7 +752,8 @@ int extract_or_test_files(__G) /* ret
- if (error > error_in_archive)
- error_in_archive = error;
- /* ...and keep going (unless disk full or user break) */
-- if (G.disk_full > 1 || error_in_archive == IZ_CTRLC) {
-+ if (G.disk_full > 1 || error_in_archive == IZ_CTRLC ||
-+ error == PK_BOMB) {
- /* clear reached_end to signal premature stop ... */
- reached_end = FALSE;
- /* ... and cancel scanning the central directory */
-@@ -1060,6 +1222,13 @@ static int extract_or_test_entrylist(__G
-
- /* seek_zipf(__G__ pInfo->offset); */
- request = G.pInfo->offset + G.extra_bytes;
-+ if (uO.zipbomb == TRUE) {
-+ if (cover_within((cover_t *)G.cover, request)) {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(OverlappedComponents)));
-+ return PK_BOMB;
-+ }
-+ }
- inbuf_offset = request % INBUFSIZ;
- bufstart = request - inbuf_offset;
-
-@@ -1255,8 +1424,17 @@ static int extract_or_test_entrylist(__G
- if (G.lrec.compression_method == STORED) {
- zusz_t csiz_decrypted = G.lrec.csize;
-
-- if (G.pInfo->encrypted)
-+ if (G.pInfo->encrypted) {
-+ if (csiz_decrypted <= 12) {
-+ /* handle the error now to prevent unsigned overflow */
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarStringSmall(ErrUnzipNoFile),
-+ LoadFarString(InvalidComprData),
-+ LoadFarStringSmall2(Inflate)));
-+ return PK_ERR;
-+ }
- csiz_decrypted -= 12;
-+ }
- if (G.lrec.ucsize != csiz_decrypted) {
- Info(slide, 0x401, ((char *)slide,
- LoadFarStringSmall2(WrnStorUCSizCSizDiff),
-@@ -1591,6 +1769,20 @@ reprompt:
- return IZ_CTRLC; /* cancel operation by user request */
- }
- #endif
-+ if (uO.zipbomb == TRUE) {
-+ error = cover_add((cover_t *)G.cover, request,
-+ G.cur_zipfile_bufstart + (G.inptr - G.inbuf));
-+ if (error < 0) {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(NotEnoughMemCover)));
-+ return PK_MEM;
-+ }
-+ if (error != 0) {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(OverlappedComponents)));
-+ return PK_BOMB;
-+ }
-+ }
- #ifdef MACOS /* MacOS is no preemptive OS, thus call event-handling by hand */
- UserStop();
- #endif
-@@ -1992,6 +2184,37 @@ static int extract_or_test_member(__G)
- }
-
- undefer_input(__G);
-+
-+ if (uO.zipbomb == TRUE) {
-+ if ((G.lrec.general_purpose_bit_flag & 8) != 0) {
-+ /* skip over data descriptor (harder than it sounds, due to signature
-+ * ambiguity)
-+ */
-+# define SIG 0x08074b50
-+# define LOW 0xffffffff
-+ uch buf[12];
-+ unsigned shy = 12 - readbuf((char *)buf, 12);
-+ ulg crc = shy ? 0 : makelong(buf);
-+ ulg clen = shy ? 0 : makelong(buf + 4);
-+ ulg ulen = shy ? 0 : makelong(buf + 8); /* or high clen if ZIP64 */
-+ if (crc == SIG && /* if not SIG, no signature */
-+ (G.lrec.crc32 != SIG || /* if not SIG, have signature */
-+ (clen == SIG && /* if not SIG, no signature */
-+ ((G.lrec.csize & LOW) != SIG || /* if not SIG, have signature */
-+ (ulen == SIG && /* if not SIG, no signature */
-+ (G.pInfo->zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
-+ /* if not SIG, have signature */
-+ )))))
-+ /* skip four more bytes to account for signature */
-+ shy += 4 - readbuf((char *)buf, 4);
-+ if (G.pInfo->zip64)
-+ shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
-+ if (shy)
-+ error = PK_ERR;
-+
-+ }
-+ }
-+
- return error;
-
- } /* end function extract_or_test_member() */
-@@ -2023,7 +2246,8 @@ static int TestExtraField(__G__ ef, ef_l
- ebID = makeword(ef);
- ebLen = (unsigned)makeword(ef+EB_LEN);
-
-- if (ebLen > (ef_len - EB_HEADSIZE)) {
-+ if (ebLen > (ef_len - EB_HEADSIZE))
-+ {
- /* Discovered some extra field inconsistency! */
- if (uO.qflag)
- Info(slide, 1, ((char *)slide, "%-22s ",
-@@ -2032,6 +2256,16 @@ static int TestExtraField(__G__ ef, ef_l
- ebLen, (ef_len - EB_HEADSIZE)));
- return PK_ERR;
- }
-+ else if (ebLen < EB_HEADSIZE)
-+ {
-+ /* Extra block length smaller than header length. */
-+ if (uO.qflag)
-+ Info(slide, 1, ((char *)slide, "%-22s ",
-+ FnFilter1(G.filename)));
-+ Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
-+ ebLen, EB_HEADSIZE));
-+ return PK_ERR;
-+ }
-
- switch (ebID) {
- case EF_OS2:
-@@ -2217,6 +2451,7 @@ static int test_compr_eb(__G__ eb, eb_si
- ulg eb_ucsize;
- uch *eb_ucptr;
- int r;
-+ ush method;
-
- if (compr_offset < 4) /* field is not compressed: */
- return PK_OK; /* do nothing and signal OK */
-@@ -2226,6 +2461,13 @@ static int test_compr_eb(__G__ eb, eb_si
- eb_size <= (compr_offset + EB_CMPRHEADLEN)))
- return IZ_EF_TRUNC; /* no compressed data! */
-
-+ method = makeword(eb + (EB_HEADSIZE + compr_offset));
-+ if ((method == STORED) &&
-+ (eb_size - compr_offset - EB_CMPRHEADLEN != eb_ucsize))
-+ return PK_ERR; /* compressed & uncompressed
-+ * should match in STORED
-+ * method */
-+
- if (
- #ifdef INT_16BIT
- (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
-@@ -2701,6 +2943,12 @@ __GDEF
- int repeated_buf_err;
- bz_stream bstrm;
-
-+ if (G.incnt <= 0 && G.csize <= 0L) {
-+ /* avoid an infinite loop */
-+ Trace((stderr, "UZbunzip2() got empty input\n"));
-+ return 2;
-+ }
-+
- #if (defined(DLL) && !defined(NO_SLIDE_REDIR))
- if (G.redirect_slide)
- wsize = G.redirect_size, redirSlide = G.redirect_buffer;
-@@ -2808,7 +3056,7 @@ __GDEF
- #endif
-
- G.inptr = (uch *)bstrm.next_in;
-- G.incnt = (G.inbuf + INBUFSIZ) - G.inptr; /* reset for other routines */
-+ G.incnt -= G.inptr - G.inbuf; /* reset for other routines */
-
- uzbunzip_cleanup_exit:
- err = BZ2_bzDecompressEnd(&bstrm);
diff --git a/unzip/patches/patch-fileio.c b/unzip/patches/patch-fileio.c
deleted file mode 100644
index cdda0d03e9..0000000000
--- a/unzip/patches/patch-fileio.c
+++ /dev/null
@@ -1,135 +0,0 @@
-$NetBSD: patch-fileio.c,v 1.2 2024/08/06 14:40:13 nia Exp $
-
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8141
-https://sources.debian.org/patches/unzip/6.0-28/28-cve-2022-0529-and-cve-2022-0530.patch/
-
-Fix CVE-2018-1000035
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-6.0-cve-2018-1000035-heap-based-overflow.patch
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-
---- fileio.c.orig 2009-04-20 02:03:44.000000000 +0200
-+++ fileio.c
-@@ -1,5 +1,5 @@
- /*
-- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
-+ Copyright (c) 1990-2017 Info-ZIP. All rights reserved.
-
- See the accompanying file LICENSE, version 2009-Jan-02 or later
- (the contents of which are also included in unzip.h) for terms of use.
-@@ -171,11 +171,15 @@ static ZCONST char Far ReadError[] = "er
- static ZCONST char Far FilenameTooLongTrunc[] =
- "warning: filename too long--truncating.\n";
- #ifdef UNICODE_SUPPORT
-+ static ZCONST char Far UFilenameCorrupt[] =
-+ "error: Unicode filename corrupt.\n";
- static ZCONST char Far UFilenameTooLongTrunc[] =
-- "warning: Converted unicode filename too long--truncating.\n";
-+ "warning: Converted Unicode filename too long--truncating.\n";
- #endif
- static ZCONST char Far ExtraFieldTooLong[] =
- "warning: extra field too long (%d). Ignoring...\n";
-+static ZCONST char Far ExtraFieldCorrupt[] =
-+ "warning: extra field (type: 0x%04x) corrupt. Continuing...\n";
-
- #ifdef WINDLL
- static ZCONST char Far DiskFullQuery[] =
-@@ -530,8 +534,10 @@ void undefer_input(__G)
- * This condition was checked when G.incnt_leftover was set > 0 in
- * defer_leftover_input(), and it is NOT allowed to touch G.csize
- * before calling undefer_input() when (G.incnt_leftover > 0)
-- * (single exception: see read_byte()'s "G.csize <= 0" handling) !!
-+ * (single exception: see readbyte()'s "G.csize <= 0" handling) !!
- */
-+ if (G.csize < 0L)
-+ G.csize = 0L;
- G.incnt = G.incnt_leftover + (int)G.csize;
- G.inptr = G.inptr_leftover - (int)G.csize;
- G.incnt_leftover = 0;
-@@ -1580,6 +1586,8 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
- int r = IZ_PW_ENTERED;
- char *m;
- char *prompt;
-+ char *ep;
-+ char *zp;
-
- #ifndef REENTRANT
- /* tell picky compilers to shut up about "unused variable" warnings */
-@@ -1588,9 +1596,12 @@ int UZ_EXP UzpPassword (pG, rcnt, pwbuf,
-
- if (*rcnt == 0) { /* First call for current entry */
- *rcnt = 2;
-- if ((prompt = (char *)malloc(2*FILNAMSIZ + 15)) != (char *)NULL) {
-- sprintf(prompt, LoadFarString(PasswPrompt),
-- FnFilter1(zfn), FnFilter2(efn));
-+ zp = FnFilter1( zfn);
-+ ep = FnFilter2( efn);
-+ prompt = (char *)malloc( /* Slightly too long (2* "%s"). */
-+ sizeof( PasswPrompt)+ strlen( zp)+ strlen( ep));
-+ if (prompt != (char *)NULL) {
-+ sprintf(prompt, LoadFarString(PasswPrompt), zp, ep);
- m = prompt;
- } else
- m = (char *)LoadFarString(PasswPrompt2);
-@@ -2295,7 +2306,12 @@ int do_string(__G__ length, option) /*
- if (readbuf(__G__ (char *)G.extra_field, length) == 0)
- return PK_EOF;
- /* Looks like here is where extra fields are read */
-- getZip64Data(__G__ G.extra_field, length);
-+ if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
-+ {
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
-+ error = PK_WARN;
-+ }
- #ifdef UNICODE_SUPPORT
- G.unipath_filename = NULL;
- if (G.UzO.U_flag < 2) {
-@@ -2340,16 +2356,30 @@ int do_string(__G__ length, option) /*
- /* convert UTF-8 to local character set */
- fn = utf8_to_local_string(G.unipath_filename,
- G.unicode_escape_all);
-- /* make sure filename is short enough */
-- if (strlen(fn) >= FILNAMSIZ) {
-- fn[FILNAMSIZ - 1] = '\0';
-+
-+ /* 2022-07-22 SMS, et al. CVE-2022-0530
-+ * Detect conversion failure, emit message.
-+ * Continue with unconverted name.
-+ */
-+ if (fn == NULL)
-+ {
- Info(slide, 0x401, ((char *)slide,
-- LoadFarString(UFilenameTooLongTrunc)));
-- error = PK_WARN;
-+ LoadFarString(UFilenameCorrupt)));
-+ error = PK_ERR;
-+ }
-+ else
-+ {
-+ /* make sure filename is short enough */
-+ if (strlen(fn) >= FILNAMSIZ) {
-+ fn[FILNAMSIZ - 1] = '\0';
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString(UFilenameTooLongTrunc)));
-+ error = PK_WARN;
-+ }
-+ /* replace filename with converted UTF-8 */
-+ strcpy(G.filename, fn);
-+ free(fn);
- }
-- /* replace filename with converted UTF-8 */
-- strcpy(G.filename, fn);
-- free(fn);
- }
- # endif /* UNICODE_WCHAR */
- if (G.unipath_filename != G.filename_full)
diff --git a/unzip/patches/patch-globals.c b/unzip/patches/patch-globals.c
deleted file mode 100644
index ce398789a0..0000000000
--- a/unzip/patches/patch-globals.c
+++ /dev/null
@@ -1,23 +0,0 @@
-$NetBSD$
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-
---- globals.c.orig 2025-08-23 16:31:09.322300882 +0200
-+++ globals.c
-@@ -181,6 +181,7 @@ Uz_Globs *globalsCtor()
- # if (!defined(NO_TIMESTAMPS))
- uO.D_flag=1; /* default to '-D', no restoration of dir timestamps */
- # endif
-+ G.cover = NULL; /* not allocated yet */
- #endif
-
- uO.lflag=(-1);
diff --git a/unzip/patches/patch-globals.h b/unzip/patches/patch-globals.h
deleted file mode 100644
index 8fe438347d..0000000000
--- a/unzip/patches/patch-globals.h
+++ /dev/null
@@ -1,40 +0,0 @@
-$NetBSD: patch-globals.h,v 1.1 2024/08/05 09:03:00 tnn Exp $
-
-Match return type of get_crc_table() from zlib.h.
-Without it we get an error with GCC 14.
-This looks somewhat sketchy but make test succeeds,
-and 32-bit is the correct width for the crc32 table, so ...
-
-extract.c:363:25: error: assignment to 'const ulg *' {aka 'const long unsigned int *'} from incompatible pointer type 'const z_crc_t *' {aka 'const unsigned int *'} [-Wincompatible-pointer-types]
-363 | if ((CRC_32_TAB = get_crc_table()) == NULL) {
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-
---- globals.h.orig 2009-02-22 20:25:04.000000000 +0100
-+++ globals.h
-@@ -226,7 +226,7 @@ typedef struct Globals {
- #if (!defined(USE_ZLIB) || defined(USE_OWN_CRCTAB))
- ZCONST ulg near *crc_32_tab;
- #else
-- ZCONST ulg Far *crc_32_tab;
-+ ZCONST z_crc_t Far *crc_32_tab;
- #endif
- ulg crc32val; /* CRC shift reg. (was static in funzip) */
-
-@@ -266,6 +266,7 @@ typedef struct Globals {
- int reported_backslash; /* extract.c static */
- int disk_full;
- int newfile;
-+ void **cover; /* used in extract.c for bomb detection */
-
- int didCRlast; /* fileio static */
- ulg numlines; /* fileio static: number of lines printed */
diff --git a/unzip/patches/patch-list.c b/unzip/patches/patch-list.c
deleted file mode 100644
index e0961ec9f1..0000000000
--- a/unzip/patches/patch-list.c
+++ /dev/null
@@ -1,54 +0,0 @@
-$NetBSD: patch-list.c,v 1.3 2019/07/15 14:08:03 nia Exp $
-
-chunk 1:
-CVE-2018-18384 fix from
-https://sourceforge.net/p/infozip/bugs/53/
-and
-https://sources.debian.org/patches/unzip/6.0-24/07-increase-size-of-cfactorstr.patch/
-
-chunk 2:
-Big-hammer fix for
-http://seclists.org/oss-sec/2014/q4/497
-
-chunk 3:
-CVE-2014-9913 fix from
-https://people.debian.org/~sanvila/unzip/cve-2014-9913/cve-2014-9913-unzip-buffer-overflow.txt
-via
-http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=529
-
---- list.c.orig 2009-02-08 17:11:34.000000000 +0000
-+++ list.c
-@@ -97,7 +97,7 @@ int list_files(__G) /* return PK-type
- {
- int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
- #ifndef WINDLL
-- char sgn, cfactorstr[10];
-+ char sgn, cfactorstr[12];
- int longhdr=(uO.vflag>1);
- #endif
- int date_format;
-@@ -116,7 +116,7 @@ int list_files(__G) /* return PK-type
- ulg acl_size, tot_aclsize=0L, tot_aclfiles=0L;
- #endif
- min_info info;
-- char methbuf[8];
-+ char methbuf[80];
- static ZCONST char dtype[]="NXFS"; /* see zi_short() */
- static ZCONST char Far method[NUM_METHODS+1][8] =
- {"Stored", "Shrunk", "Reduce1", "Reduce2", "Reduce3", "Reduce4",
-@@ -339,7 +339,14 @@ int list_files(__G) /* return PK-type
- G.crec.compression_method == ENHDEFLATED) {
- methbuf[5] = dtype[(G.crec.general_purpose_bit_flag>>1) & 3];
- } else if (methnum >= NUM_METHODS) {
-- sprintf(&methbuf[4], "%03u", G.crec.compression_method);
-+ /* Fix for CVE-2014-9913, similar to CVE-2016-9844.
-+ * Use the old decimal format only for values which fit.
-+ */
-+ if (G.crec.compression_method <= 999) {
-+ sprintf( &methbuf[ 4], "%03u", G.crec.compression_method);
-+ } else {
-+ sprintf( &methbuf[ 3], "%04X", G.crec.compression_method);
-+ }
- }
-
- #if 0 /* GRR/Euro: add this? */
diff --git a/unzip/patches/patch-man_unzip.1 b/unzip/patches/patch-man_unzip.1
deleted file mode 100644
index b18fdc8e7d..0000000000
--- a/unzip/patches/patch-man_unzip.1
+++ /dev/null
@@ -1,24 +0,0 @@
-$NetBSD$
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-
---- man/unzip.1.orig 2025-08-23 16:32:18.527847647 +0200
-+++ man/unzip.1
-@@ -850,6 +850,8 @@ the specified zipfiles were not found.
- invalid options were specified on the command line.
- .IP 11
- no matching files were found.
-+.IP 12
-+invalid zip file with overlapped components (possible zip-bomb). The zip-bomb checks can be disabled by using the UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environment variable.
- .IP 50
- the disk is (or was) full during extraction.
- .IP 51
diff --git a/unzip/patches/patch-process.c b/unzip/patches/patch-process.c
deleted file mode 100644
index f6946bf864..0000000000
--- a/unzip/patches/patch-process.c
+++ /dev/null
@@ -1,271 +0,0 @@
-$NetBSD: patch-process.c,v 1.2 2024/08/06 14:40:13 nia Exp $
-
-https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8141
-https://sources.debian.org/patches/unzip/6.0-28/28-cve-2022-0529-and-cve-2022-0530.patch/
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-Fix CVE-2021-4217
- https://gitlab.archlinux.org/archlinux/packaging/packages/unzip/-/raw/main/unzip-6.0_CVE-2021-4217.patch
-
---- process.c.orig 2009-03-06 02:25:10.000000000 +0100
-+++ process.c
-@@ -1,5 +1,5 @@
- /*
-- Copyright (c) 1990-2009 Info-ZIP. All rights reserved.
-+ Copyright (c) 1990-2014 Info-ZIP. All rights reserved.
-
- See the accompanying file LICENSE, version 2009-Jan-02 or later
- (the contents of which are also included in unzip.h) for terms of use.
-@@ -222,6 +222,8 @@ static ZCONST char Far ZipfileCommTrunc1
- "\nwarning: Unicode Path version > 1\n";
- static ZCONST char Far UnicodeMismatchError[] =
- "\nwarning: Unicode Path checksum invalid\n";
-+ static ZCONST char Far UFilenameTooLongTrunc[] =
-+ "warning: filename too long (P1) -- truncating.\n";
- #endif
-
-
-@@ -637,6 +639,13 @@ void free_G_buffers(__G) /* releases
- }
- #endif
-
-+ /* Free the cover span list and the cover structure. */
-+ if (G.cover != NULL) {
-+ free(*(G.cover));
-+ free(G.cover);
-+ G.cover = NULL;
-+ }
-+
- } /* end function free_G_buffers() */
-
-
-@@ -1401,6 +1410,10 @@ static int find_ecrec64(__G__ searchlen)
-
- /* Now, we are (almost) sure that we have a Zip64 archive. */
- G.ecrec.have_ecr64 = 1;
-+ G.ecrec.ec_start -= ECLOC64_SIZE+4;
-+ G.ecrec.ec64_start = ecrec64_start_offset;
-+ G.ecrec.ec64_end = ecrec64_start_offset +
-+ 12 + makeint64(&byterec[ECREC64_LENGTH]);
-
- /* Update the "end-of-central-dir offset" for later checks. */
- G.real_ecrec_offset = ecrec64_start_offset;
-@@ -1535,6 +1548,8 @@ static int find_ecrec(__G__ searchlen)
- makelong(&byterec[OFFSET_START_CENTRAL_DIRECTORY]);
- G.ecrec.zipfile_comment_length =
- makeword(&byterec[ZIPFILE_COMMENT_LENGTH]);
-+ G.ecrec.ec_start = G.real_ecrec_offset;
-+ G.ecrec.ec_end = G.ecrec.ec_start + 22 + G.ecrec.zipfile_comment_length;
-
- /* Now, we have to read the archive comment, BEFORE the file pointer
- is moved away backwards to seek for a Zip64 ECLOC64 structure.
-@@ -1888,48 +1903,85 @@ int getZip64Data(__G__ ef_buf, ef_len)
- and a 4-byte version of disk start number.
- Sets both local header and central header fields. Not terribly clever,
- but it means that this procedure is only called in one place.
-+
-+ 2014-12-05 SMS. (oCERT.org report.) CVE-2014-8141.
-+ Added checks to ensure that enough data are available before calling
-+ makeint64() or makelong(). Replaced various sizeof() values with
-+ simple ("4" or "8") constants. (The Zip64 structures do not depend
-+ on our variable sizes.) Error handling is crude, but we should now
-+ stay within the buffer.
- ---------------------------------------------------------------------------*/
-
-+#define Z64FLGS 0xffff
-+#define Z64FLGL 0xffffffff
-+
- if (ef_len == 0 || ef_buf == NULL)
- return PK_COOL;
-
- Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
- ef_len));
-
-- while (ef_len >= EB_HEADSIZE) {
-+ while (ef_len >= EB_HEADSIZE)
-+ {
- eb_id = makeword(EB_ID + ef_buf);
- eb_len = makeword(EB_LEN + ef_buf);
-
-- if (eb_len > (ef_len - EB_HEADSIZE)) {
-- /* discovered some extra field inconsistency! */
-+ if (eb_len > (ef_len - EB_HEADSIZE))
-+ {
-+ /* Extra block length exceeds remaining extra field length. */
- Trace((stderr,
- "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
- ef_len - EB_HEADSIZE));
- break;
- }
-- if (eb_id == EF_PKSZ64) {
-
-- int offset = EB_HEADSIZE;
-+ if (eb_id == EF_PKSZ64)
-+ {
-+ unsigned offset = EB_HEADSIZE;
-
-- if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
-- G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.ucsize);
-+ if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
-+ {
-+ if (offset+ 8 > ef_len)
-+ return PK_ERR;
-+
-+ G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
-+ offset += 8;
- }
-- if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
-- G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.csize);
-+
-+ if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
-+ {
-+ if (offset+ 8 > ef_len)
-+ return PK_ERR;
-+
-+ G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
-+ offset += 8;
- }
-- if (G.crec.relative_offset_local_header == 0xffffffff){
-+
-+ if (G.crec.relative_offset_local_header == Z64FLGL)
-+ {
-+ if (offset+ 8 > ef_len)
-+ return PK_ERR;
-+
- G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
-- offset += sizeof(G.crec.relative_offset_local_header);
-+ offset += 8;
- }
-- if (G.crec.disk_number_start == 0xffff){
-+
-+ if (G.crec.disk_number_start == Z64FLGS)
-+ {
-+ if (offset+ 4 > ef_len)
-+ return PK_ERR;
-+
- G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
-- offset += sizeof(G.crec.disk_number_start);
-+ offset += 4;
- }
-+#if 0
-+ break; /* Expect only one EF_PKSZ64 block. */
-+#endif /* 0 */
-+
-+ G.pInfo->zip64 = TRUE;
- }
-
-- /* Skip this extra field block */
-+ /* Skip this extra field block. */
- ef_buf += (eb_len + EB_HEADSIZE);
- ef_len -= (eb_len + EB_HEADSIZE);
- }
-@@ -1984,7 +2036,7 @@ int getUnicodeData(__G__ ef_buf, ef_len)
- }
- if (eb_id == EF_UNIPATH) {
-
-- int offset = EB_HEADSIZE;
-+ unsigned offset = EB_HEADSIZE;
- ush ULen = eb_len - 5;
- ulg chksum = CRCVAL_INITIAL;
-
-@@ -2002,10 +2054,14 @@ int getUnicodeData(__G__ ef_buf, ef_len)
- G.unipath_checksum = makelong(offset + ef_buf);
- offset += 4;
-
-+ if (!G.filename_full) {
-+ /* Check if we have a unicode extra section but no filename set */
-+ return PK_ERR;
-+ }
-+
- /*
- * Compute 32-bit crc
- */
--
- chksum = crc32(chksum, (uch *)(G.filename_full),
- strlen(G.filename_full));
-
-@@ -2440,16 +2496,17 @@ char *wide_to_local_string(wide_string,
- int state_dependent;
- int wsize = 0;
- int max_bytes = MB_CUR_MAX;
-- char buf[9];
-+ char buf[ MB_CUR_MAX+ 1]; /* ("+1" not really needed?) */
- char *buffer = NULL;
- char *local_string = NULL;
-+ size_t buffer_size; /* CVE-2022-0529 */
-
- for (wsize = 0; wide_string[wsize]; wsize++) ;
-
- if (max_bytes < MAX_ESCAPE_BYTES)
- max_bytes = MAX_ESCAPE_BYTES;
--
-- if ((buffer = (char *)malloc(wsize * max_bytes + 1)) == NULL) {
-+ buffer_size = wsize * max_bytes + 1; /* Reused below. */
-+ if ((buffer = (char *)malloc( buffer_size)) == NULL) {
- return NULL;
- }
-
-@@ -2487,8 +2544,28 @@ char *wide_to_local_string(wide_string,
- } else {
- /* no MB for this wide */
- /* use escape for wide character */
-- char *escape_string = wide_to_escape_string(wide_string[i]);
-- strcat(buffer, escape_string);
-+ size_t buffer_len;
-+ size_t escape_string_len;
-+ char *escape_string;
-+ int err_msg = 0;
-+
-+ escape_string = wide_to_escape_string(wide_string[i]);
-+ buffer_len = strlen( buffer);
-+ escape_string_len = strlen( escape_string);
-+
-+ /* Append escape string, as space allows. */
-+ /* 2022-07-18 SMS, et al. CVE-2022-0529 */
-+ if (escape_string_len > buffer_size- buffer_len- 1)
-+ {
-+ escape_string_len = buffer_size- buffer_len- 1;
-+ if (err_msg == 0)
-+ {
-+ err_msg = 1;
-+ Info(slide, 0x401, ((char *)slide,
-+ LoadFarString( UFilenameTooLongTrunc)));
-+ }
-+ }
-+ strncat( buffer, escape_string, escape_string_len);
- free(escape_string);
- }
- }
-@@ -2540,9 +2617,18 @@ char *utf8_to_local_string(utf8_string,
- ZCONST char *utf8_string;
- int escape_all;
- {
-- zwchar *wide = utf8_to_wide_string(utf8_string);
-- char *loc = wide_to_local_string(wide, escape_all);
-- free(wide);
-+ zwchar *wide;
-+ char *loc = NULL;
-+
-+ wide = utf8_to_wide_string( utf8_string);
-+
-+ /* 2022-07-25 SMS, et al. CVE-2022-0530 */
-+ if (wide != NULL)
-+ {
-+ loc = wide_to_local_string( wide, escape_all);
-+ free( wide);
-+ }
-+
- return loc;
- }
-
diff --git a/unzip/patches/patch-unix_unxcfg.h b/unzip/patches/patch-unix_unxcfg.h
deleted file mode 100644
index adbac7d5d4..0000000000
--- a/unzip/patches/patch-unix_unxcfg.h
+++ /dev/null
@@ -1,48 +0,0 @@
-$NetBSD: patch-unix_unxcfg.h,v 1.4 2025/07/03 09:59:10 jperkin Exp $
-
-* Fix build on Debian GNU/kFreeBSD.
-* Fix build under OpenBSD 5.5
- Patch from OpenBSD Ports
- "timeb was already well deprecated on 4.4BSD"
-* Remove K&R prototype for gmtime()
-
---- unix/unxcfg.h.orig 2009-04-16 18:36:12.000000000 +0000
-+++ unix/unxcfg.h
-@@ -52,6 +52,7 @@
-
- #include <sys/types.h> /* off_t, time_t, dev_t, ... */
- #include <sys/stat.h>
-+#include <unistd.h>
-
- #ifdef NO_OFF_T
- typedef long zoff_t;
-@@ -111,16 +112,17 @@ typedef struct stat z_stat;
-
- #ifdef BSD
- # include <sys/time.h>
--# include <sys/timeb.h>
-+# ifndef BSD4_4
-+# include <sys/timeb.h>
-+# endif
- # if (defined(_AIX) || defined(__GLIBC__) || defined(__GNU__))
- # include <time.h>
- # endif
- #else
- # include <time.h>
-- struct tm *gmtime(), *localtime();
- #endif
-
--#if (defined(BSD4_4) || (defined(SYSV) && defined(MODERN)))
-+#if (defined(BSD4_4) || defined(__illumos__) || (defined(SYSV) && defined(MODERN)))
- # include <unistd.h> /* this includes utime.h on SGIs */
- # if (defined(BSD4_4) || defined(linux) || defined(__GLIBC__))
- # include <utime.h>
-@@ -130,7 +132,7 @@ typedef struct stat z_stat;
- # include <utime.h>
- # define GOT_UTIMBUF
- # endif
--# if (!defined(GOT_UTIMBUF) && defined(__GNU__))
-+# if (!defined(GOT_UTIMBUF) && (defined(__GNU__) || defined(__illumos__)))
- # include <utime.h>
- # define GOT_UTIMBUF
- # endif
diff --git a/unzip/patches/patch-unzip.c b/unzip/patches/patch-unzip.c
deleted file mode 100644
index 38c9a0be4a..0000000000
--- a/unzip/patches/patch-unzip.c
+++ /dev/null
@@ -1,46 +0,0 @@
-$NetBSD$
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
-
---- unzip.c.orig 2025-08-23 16:32:58.736449614 +0200
-+++ unzip.c
-@@ -1329,10 +1329,9 @@ int uz_opts(__G__ pargc, pargv)
- int *pargc;
- char ***pargv;
- {
-- char **argv, *s;
-+ char **argv, *s, *zipbomb_envar;
- int argc, c, error=FALSE, negative=0, showhelp=0;
-
--
- argc = *pargc;
- argv = *pargv;
-
-@@ -1923,6 +1922,18 @@ opts_done: /* yes, very ugly...but only
- else
- G.extract_flag = TRUE;
-
-+ /* Disable the zipbomb detection, this is the only option set only via the shell variables but it should at least not clash with something in the future. */
-+ zipbomb_envar = getenv("UNZIP_DISABLE_ZIPBOMB_DETECTION");
-+ uO.zipbomb = TRUE;
-+ if (zipbomb_envar != NULL) {
-+ /* strcasecmp might be a better approach here but it is POSIX-only */
-+ if ((strcmp ("TRUE", zipbomb_envar) == 0)
-+ || (strcmp ("True", zipbomb_envar) == 0)
-+ || (strcmp ("true",zipbomb_envar) == 0)) {
-+ uO.zipbomb = FALSE;
-+ }
-+ }
-+
- *pargc = argc;
- *pargv = argv;
- return PK_OK;
diff --git a/unzip/patches/patch-unzip.h b/unzip/patches/patch-unzip.h
deleted file mode 100644
index ec0c3e7bf0..0000000000
--- a/unzip/patches/patch-unzip.h
+++ /dev/null
@@ -1,30 +0,0 @@
-$NetBSD$
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
---- unzip.h.orig 2025-08-23 16:31:36.969582988 +0200
-+++ unzip.h
-@@ -559,6 +559,7 @@ typedef struct _UzpOpts {
- #ifdef UNIX
- int cflxflag; /* -^: allow control chars in extracted filenames */
- #endif
-+ int zipbomb;
- #endif /* !FUNZIP */
- } UzpOpts;
-
-@@ -645,6 +646,7 @@ typedef struct _Uzp_cdir_Rec {
- #define PK_NOZIP 9 /* zipfile not found */
- #define PK_PARAM 10 /* bad or illegal parameters specified */
- #define PK_FIND 11 /* no files found */
-+#define PK_BOMB 12 /* likely zip bomb */
- #define PK_DISK 50 /* disk full */
- #define PK_EOF 51 /* unexpected EOF */
-
diff --git a/unzip/patches/patch-unzpriv.h b/unzip/patches/patch-unzpriv.h
deleted file mode 100644
index 143892c9be..0000000000
--- a/unzip/patches/patch-unzpriv.h
+++ /dev/null
@@ -1,39 +0,0 @@
-$NetBSD$
-
-Fix CVE-2019-13232
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part1.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part2.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part3.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-manpage.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part4.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part5.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-part6.patch
- https://src.fedoraproject.org/rpms/unzip/raw/rawhide/f/unzip-zipbomb-switch.patch
-
---- unzpriv.h.orig 2025-08-23 16:31:58.373631717 +0200
-+++ unzpriv.h
-@@ -2031,6 +2031,7 @@ typedef struct min_info {
- #ifdef UNICODE_SUPPORT
- unsigned GPFIsUTF8: 1; /* crec gen_purpose_flag UTF-8 bit 11 is set */
- #endif
-+ unsigned zip64: 1; /* true if entry has Zip64 extra block */
- #ifndef SFX
- char Far *cfilname; /* central header version of filename */
- #endif
-@@ -2185,6 +2186,16 @@ typedef struct VMStimbuf {
- int have_ecr64; /* valid Zip64 ecdir-record exists */
- int is_zip64_archive; /* Zip64 ecdir-record is mandatory */
- ush zipfile_comment_length;
-+ zusz_t ec_start, ec_end; /* offsets of start and end of the
-+ end of central directory record,
-+ including if present the Zip64
-+ end of central directory locator,
-+ which immediately precedes the
-+ end of central directory record */
-+ zusz_t ec64_start, ec64_end; /* if have_ecr64 is true, then these
-+ are the offsets of the start and
-+ end of the Zip64 end of central
-+ directory record */
- } ecdir_rec;
-
-
diff --git a/unzip/patches/patch-zipinfo.c b/unzip/patches/patch-zipinfo.c
deleted file mode 100644
index 0110ba0f99..0000000000
--- a/unzip/patches/patch-zipinfo.c
+++ /dev/null
@@ -1,27 +0,0 @@
-$NetBSD: patch-zipinfo.c,v 1.1 2017/02/04 23:25:59 wiz Exp $
-
-Fix crash in zipinfo, CVE-2016-9844.
-http://www.openwall.com/lists/oss-security/2016/12/05/19
-
---- zipinfo.c.orig 2009-02-08 17:04:30.000000000 +0000
-+++ zipinfo.c
-@@ -1921,7 +1921,18 @@ static int zi_short(__G) /* return PK-
- ush dnum=(ush)((G.crec.general_purpose_bit_flag>>1) & 3);
- methbuf[3] = dtype[dnum];
- } else if (methnum >= NUM_METHODS) { /* unknown */
-- sprintf(&methbuf[1], "%03u", G.crec.compression_method);
-+ /* 2016-12-05 SMS.
-+ * https://launchpad.net/bugs/1643750
-+ * Unexpectedly large compression methods overflow
-+ * &methbuf[]. Use the old, three-digit decimal format
-+ * for values which fit. Otherwise, sacrifice the "u",
-+ * and use four-digit hexadecimal.
-+ */
-+ if (G.crec.compression_method <= 999) {
-+ sprintf( &methbuf[ 1], "%03u", G.crec.compression_method);
-+ } else {
-+ sprintf( &methbuf[ 0], "%04X", G.crec.compression_method);
-+ }
- }
-
- for (k = 0; k < 15; ++k)
Home |
Main Index |
Thread Index |
Old Index