unzip-6.0-8.parabola1: fix FS#43300 -> https://bugs.archlinux.org/task/43300

3 files changed, 197 insertions, 8 deletions

diff --git a/libre/unzip/PKGBUILD b/libre/unzip/PKGBUILD
index e65d23aaf..adbf9b116 100644
--- a/libre/unzip/PKGBUILD
+++ b/libre/unzip/PKGBUILD
@@ -1,5 +1,5 @@
-# $Id: PKGBUILD 215748 2014-06-30 11:29:59Z bisson $
-# Maintainer (Arch):
+# $Id: PKGBUILD 228865 2015-01-09 19:38:36Z bisson $
+# Maintainer (Arch): Gaetan Bisson <bisson@archlinux.org>
 # Contributor (Arch): Douglas Soares de Andrade <douglas@archlinux.org>
 # Contributor (Arch): Robson Peixoto
 
@@ -7,7 +7,7 @@ _pkgname=unzip-libre
 pkgname=unzip
 pkgver=6.0
 _pkgver=${pkgver/./}
-pkgrel=7.parabola1
+pkgrel=8.parabola1
 pkgdesc='For extracting and viewing files in .zip archives'
 url='http://www.info-zip.org/UnZip.html'
 arch=('i686' 'x86_64' 'mips64el')
@@ -17,10 +17,14 @@ conflicts=("${_pkgname}")
 replaces=("${_pkgname}")
 mksource=("http://downloads.sourceforge.net/infozip/${pkgname}${_pkgver}.tar.gz"
           'match.patch')
-source=("https://repo.parabola.nu/other/${_pkgname}/${pkgname}${_pkgver}-libre.tar.gz")
-mkmd5sums=('62b490407489521db863b523a7f86375'
-           'e6d9f0c204c2abe6a57dc5e1637d5140')
-md5sums=('bbe4b7f4d48b2f939b5e43fde0ac7762')
+source=("https://repo.parabola.nu/other/${_pkgname}/${pkgname}${_pkgver}-libre.tar.gz"
+        'getZip64Data.patch'
+        'crc32.patch')
+mksha1sums=('abf7de8a4018a983590ed6f5cbd990d4740f8a22'
+            '63bb2bb8483088d5975ce17443dd31b0362c08c9')
+sha1sums=('80808a3b520f8b73ee3a4dc4b5c29411cba43aa2'
+          '691d0751bf0bc98cf9f9889dee39baccabefdc4d'
+          '82c9fe9172779a0ee92a187d544e74e8f512b013')
 
 mksource() {
 	cd "${srcdir}/${pkgname}${_pkgver}"
@@ -29,6 +33,13 @@ mksource() {
 	patch -Np0 -i ${srcdir}/match.patch
 }
 
+prepare() {
+	cd "${srcdir}/${pkgname}${_pkgver}"
+	sed -i "/MANDIR =/s#)/#)/share/#" unix/Makefile
+	patch -i ../getZip64Data.patch # FS#43300
+	patch -i ../crc32.patch # FS#43300
+}
+
 build() {
 	cd "${srcdir}/${pkgname}${_pkgver}"
 
@@ -43,7 +54,7 @@ build() {
 		unzips
 }
 
-package(){
+package() {
 	cd "${srcdir}/${pkgname}${_pkgver}"
 	make -f unix/Makefile prefix="${pkgdir}"/usr install
 	install -Dm644 LICENSE "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"
diff --git a/libre/unzip/crc32.patch b/libre/unzip/crc32.patch
new file mode 100644
index 000000000..43b29d783
--- /dev/null
+++ b/libre/unzip/crc32.patch
@@ -0,0 +1,45 @@
+--- unzip60/extract.c	2010-04-03 14:41:55 -0500
++++ unzip60/extract.c	2014-12-03 15:33:35 -0600
+@@ -1,5 +1,5 @@ 
+ /*
+-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
++  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
+ 
+   See the accompanying file LICENSE, version 2009-Jan-02 or later
+   (the contents of which are also included in unzip.h) for terms of use.
+@@ -298,6 +298,8 @@ 
+ #ifndef SFX
+    static ZCONST char Far InconsistEFlength[] = "bad extra-field entry:\n \
+      EF block length (%u bytes) exceeds remaining EF data (%u bytes)\n";
++   static ZCONST char Far TooSmallEFlength[] = "bad extra-field entry:\n \
++     EF block length (%u bytes) invalid (< %d)\n";
+    static ZCONST char Far InvalidComprDataEAs[] =
+      " invalid compressed data for EAs\n";
+ #  if (defined(WIN32) && defined(NTSD_EAS))
+@@ -2023,7 +2025,8 @@ 
+         ebID = makeword(ef);
+         ebLen = (unsigned)makeword(ef+EB_LEN);
+ 
+-        if (ebLen > (ef_len - EB_HEADSIZE)) {
++        if (ebLen > (ef_len - EB_HEADSIZE))
++        {
+            /* Discovered some extra field inconsistency! */
+             if (uO.qflag)
+                 Info(slide, 1, ((char *)slide, "%-22s ",
+@@ -2032,6 +2035,16 @@ 
+               ebLen, (ef_len - EB_HEADSIZE)));
+             return PK_ERR;
+         }
++        else if (ebLen < EB_HEADSIZE)
++        {
++            /* Extra block length smaller than header length. */
++            if (uO.qflag)
++                Info(slide, 1, ((char *)slide, "%-22s ",
++                  FnFilter1(G.filename)));
++            Info(slide, 1, ((char *)slide, LoadFarString(TooSmallEFlength),
++              ebLen, EB_HEADSIZE));
++            return PK_ERR;
++        }
+ 
+         switch (ebID) {
+             case EF_OS2:
diff --git a/libre/unzip/getZip64Data.patch b/libre/unzip/getZip64Data.patch
new file mode 100644
index 000000000..1684c7391
--- /dev/null
+++ b/libre/unzip/getZip64Data.patch
@@ -0,0 +1,133 @@
+--- process.c	2009-03-06 02:25:10.000000000 +0100
++++ process.c	2014-12-05 22:42:39.000000000 +0100
+@@ -1,5 +1,5 @@ 
+ /*
+-  Copyright (c) 1990-2009 Info-ZIP.  All rights reserved.
++  Copyright (c) 1990-2014 Info-ZIP.  All rights reserved.
+ 
+   See the accompanying file LICENSE, version 2009-Jan-02 or later
+   (the contents of which are also included in unzip.h) for terms of use.
+@@ -1888,48 +1888,82 @@ int getZip64Data(__G__ ef_buf, ef_len)
+     and a 4-byte version of disk start number.
+     Sets both local header and central header fields.  Not terribly clever,
+     but it means that this procedure is only called in one place.
++
++    2014-12-05 SMS.
++    Added checks to ensure that enough data are available before calling
++    makeint64() or makelong().  Replaced various sizeof() values with
++    simple ("4" or "8") constants.  (The Zip64 structures do not depend
++    on our variable sizes.)  Error handling is crude, but we should now
++    stay within the buffer.
+   ---------------------------------------------------------------------------*/
+ 
++#define Z64FLGS 0xffff
++#define Z64FLGL 0xffffffff
++
+     if (ef_len == 0 || ef_buf == NULL)
+         return PK_COOL;
+ 
+     Trace((stderr,"\ngetZip64Data: scanning extra field of length %u\n",
+       ef_len));
+ 
+-    while (ef_len >= EB_HEADSIZE) {
++    while (ef_len >= EB_HEADSIZE)
++    {
+         eb_id = makeword(EB_ID + ef_buf);
+         eb_len = makeword(EB_LEN + ef_buf);
+ 
+-        if (eb_len > (ef_len - EB_HEADSIZE)) {
+-            /* discovered some extra field inconsistency! */
++        if (eb_len > (ef_len - EB_HEADSIZE))
++        {
++            /* Extra block length exceeds remaining extra field length. */
+             Trace((stderr,
+               "getZip64Data: block length %u > rest ef_size %u\n", eb_len,
+               ef_len - EB_HEADSIZE));
+             break;
+         }
+-        if (eb_id == EF_PKSZ64) {
+-
++        if (eb_id == EF_PKSZ64)
++        {
+           int offset = EB_HEADSIZE;
+ 
+-          if (G.crec.ucsize == 0xffffffff || G.lrec.ucsize == 0xffffffff){
+-            G.lrec.ucsize = G.crec.ucsize = makeint64(offset + ef_buf);
+-            offset += sizeof(G.crec.ucsize);
++          if ((G.crec.ucsize == Z64FLGL) || (G.lrec.ucsize == Z64FLGL))
++          {
++            if (offset+ 8 > ef_len)
++              return PK_ERR;
++
++            G.crec.ucsize = G.lrec.ucsize = makeint64(offset + ef_buf);
++            offset += 8;
+           }
+-          if (G.crec.csize == 0xffffffff || G.lrec.csize == 0xffffffff){
+-            G.csize = G.lrec.csize = G.crec.csize = makeint64(offset + ef_buf);
+-            offset += sizeof(G.crec.csize);
++
++          if ((G.crec.csize == Z64FLGL) || (G.lrec.csize == Z64FLGL))
++          {
++            if (offset+ 8 > ef_len)
++              return PK_ERR;
++
++            G.csize = G.crec.csize = G.lrec.csize = makeint64(offset + ef_buf);
++            offset += 8;
+           }
+-          if (G.crec.relative_offset_local_header == 0xffffffff){
++
++          if (G.crec.relative_offset_local_header == Z64FLGL)
++          {
++            if (offset+ 8 > ef_len)
++              return PK_ERR;
++
+             G.crec.relative_offset_local_header = makeint64(offset + ef_buf);
+-            offset += sizeof(G.crec.relative_offset_local_header);
++            offset += 8;
+           }
+-          if (G.crec.disk_number_start == 0xffff){
++
++          if (G.crec.disk_number_start == Z64FLGS)
++          {
++            if (offset+ 4 > ef_len)
++              return PK_ERR;
++
+             G.crec.disk_number_start = (zuvl_t)makelong(offset + ef_buf);
+-            offset += sizeof(G.crec.disk_number_start);
++            offset += 4;
+           }
++#if 0
++          break;                /* Expect only one EF_PKSZ64 block. */
++#endif /* 0 */
+         }
+ 
+-        /* Skip this extra field block */
++        /* Skip this extra field block. */
+         ef_buf += (eb_len + EB_HEADSIZE);
+         ef_len -= (eb_len + EB_HEADSIZE);
+     }
+--- fileio.c	2009-04-20 02:03:44.000000000 +0200
++++ fileio.c	2014-12-05 22:44:16.000000000 +0100
+@@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
+ #endif
+ static ZCONST char Far ExtraFieldTooLong[] =
+   "warning:  extra field too long (%d).  Ignoring...\n";
++static ZCONST char Far ExtraFieldCorrupt[] =
++  "warning:  extra field (type: 0x%04x) corrupt.  Continuing...\n";
+ 
+ #ifdef WINDLL
+    static ZCONST char Far DiskFullQuery[] =
+@@ -2295,7 +2297,12 @@ int do_string(__G__ length, option)   /*
+             if (readbuf(__G__ (char *)G.extra_field, length) == 0)
+                 return PK_EOF;
+             /* Looks like here is where extra fields are read */
+-            getZip64Data(__G__ G.extra_field, length);
++            if (getZip64Data(__G__ G.extra_field, length) != PK_COOL)
++            {
++                Info(slide, 0x401, ((char *)slide,
++                 LoadFarString( ExtraFieldCorrupt), EF_PKSZ64));
++                error = PK_WARN;
++            }
+ #ifdef UNICODE_SUPPORT
+             G.unipath_filename = NULL;
+             if (G.UzO.U_flag < 2) {