Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian....@packages.debian.org
Usertags: pu
Hello release managers.
There are three bugs in unzip which I would like to see fixed in wheezy.
They are not security bugs but IMHO they are the kind of bug worthy
enough to fix in a point release.
I'd like to ask permission to make an upload for wheezy fixing those bugs.
This is the debdiff between 6.0-8+deb7u2 (currently in security.debian.org)
and the proposed upload 6.0-8+deb7u3.
Thanks.
diff -Nru unzip-6.0/debian/changelog unzip-6.0/debian/changelog
--- unzip-6.0/debian/changelog 2015-02-03 08:00:47.000000000 +0100
+++ unzip-6.0/debian/changelog 2015-05-28 12:06:34.000000000 +0200
@@ -1,3 +1,15 @@
+unzip (6.0-8+deb7u3) wheezy; urgency=medium
+
+ * Apply the following patches from jessie:
+ - Fixed bug "unzip thinks some files are symlinks". Closes: #717029.
+ Reported by Jeff King. Patch by Andreas Schwab.
+ - Increase size of cfactorstr array in list.c to avoid a buffer
+ overflow problem. Closes: #741384.
+ - Fix zipinfo crash where a value <= 25.5 was printed in a buffer
+ having room only for values < 10.0. Closes: #744212.
+
+ -- Santiago Vila <sanv...@debian.org> Thu, 28 May 2015 12:01:14 +0200
+
unzip (6.0-8+deb7u2) wheezy-security; urgency=high
* Security upload.
diff -Nru unzip-6.0/debian/patches/06-initialize-the-symlink-flag unzip-6.0/debian/patches/06-initialize-the-symlink-flag
--- unzip-6.0/debian/patches/06-initialize-the-symlink-flag 1970-01-01 01:00:00.000000000 +0100
+++ unzip-6.0/debian/patches/06-initialize-the-symlink-flag 2015-05-28 12:00:00.000000000 +0200
@@ -0,0 +1,20 @@
+From: Andreas Schwab <sch...@linux-m68k.org>
+Subject: Initialize the symlink flag
+Bug-Debian: http://bugs.debian.org/717029
+X-Debian-version: 6.0-10
+
+--- a/process.c
++++ b/process.c
+@@ -1758,6 +1758,12 @@
+ = (G.crec.general_purpose_bit_flag & (1 << 11)) == (1 << 11);
+ #endif
+
++#ifdef SYMLINKS
++ /* Initialize the symlink flag, may be set by the platform-specific
++ mapattr function. */
++ G.pInfo->symlink = 0;
++#endif
++
+ return PK_COOL;
+
+ } /* end function process_cdir_file_hdr() */
diff -Nru unzip-6.0/debian/patches/07-increase-size-of-cfactorstr unzip-6.0/debian/patches/07-increase-size-of-cfactorstr
--- unzip-6.0/debian/patches/07-increase-size-of-cfactorstr 1970-01-01 01:00:00.000000000 +0100
+++ unzip-6.0/debian/patches/07-increase-size-of-cfactorstr 2015-05-28 12:00:00.000000000 +0200
@@ -0,0 +1,16 @@
+From: sms
+Subject: Increase size of cfactorstr array to avoid buffer overflow
+Bug-Debian: http://bugs.debian.org/741384
+X-Debian-version: 6.0-11
+
+--- a/list.c
++++ b/list.c
+@@ -97,7 +97,7 @@
+ {
+ int do_this_file=FALSE, cfactor, error, error_in_archive=PK_COOL;
+ #ifndef WINDLL
+- char sgn, cfactorstr[10];
++ char sgn, cfactorstr[12];
+ int longhdr=(uO.vflag>1);
+ #endif
+ int date_format;
diff -Nru unzip-6.0/debian/patches/08-allow-greater-hostver-values unzip-6.0/debian/patches/08-allow-greater-hostver-values
--- unzip-6.0/debian/patches/08-allow-greater-hostver-values 1970-01-01 01:00:00.000000000 +0100
+++ unzip-6.0/debian/patches/08-allow-greater-hostver-values 2015-05-28 12:00:00.000000000 +0200
@@ -0,0 +1,14 @@
+From: Santiago Vila <sanv...@debian.org>
+Subject: zipinfo.c: Do not crash when hostver byte is >= 100
+
+--- a/zipinfo.c
++++ b/zipinfo.c
+@@ -2114,7 +2114,7 @@
+ else
+ attribs[9] = (xattr & UNX_ISVTX)? 'T' : '-'; /* T==undefined */
+
+- sprintf(&attribs[12], "%u.%u", hostver/10, hostver%10);
++ sprintf(&attribs[11], "%2u.%u", hostver/10, hostver%10);
+ break;
+
+ } /* end switch (hostnum: external attributes format) */
