From bba2bd35c579fb04160527a227273acec0fe7ed3 Mon Sep 17 00:00:00 2001 From: John Vogel Date: Sun, 19 Apr 2020 16:54:36 -0400 Subject: [PATCH] zziplib: update to 0.13.71 --- zziplib/.footprint | 24 +- zziplib/.signature | 17 +- ...ew-if-compressed-size-is-too-big-bai.patch | 32 - ...zip_strndup-strndup-is-not-available.patch | 33 - ...eak-from-__zzip_parse_root_directory.patch | 77 --- ...eak-from-__zzip_parse_root_directory.patch | 53 -- ...6-One-more-free-to-avoid-memory-leak.patch | 25 - ...ove-any-.-components-from-pathnames-.patch | 344 ---------- zziplib/0009-Code-cleanup-in-bins.patch | 635 ------------------ zziplib/0010-Prevent-division-by-zero.patch | 30 - zziplib/0012-Update-unzip-mem.c.patch | 25 - zziplib/Pkgfile | 26 +- 12 files changed, 19 insertions(+), 1302 deletions(-) delete mode 100644 zziplib/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch delete mode 100644 zziplib/0002-Fix-_zzip_strndup-strndup-is-not-available.patch delete mode 100644 zziplib/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch delete mode 100644 zziplib/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch delete mode 100644 zziplib/0006-One-more-free-to-avoid-memory-leak.patch delete mode 100644 zziplib/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch delete mode 100644 zziplib/0009-Code-cleanup-in-bins.patch delete mode 100644 zziplib/0010-Prevent-division-by-zero.patch delete mode 100644 zziplib/0012-Update-unzip-mem.c.patch diff --git a/zziplib/.footprint b/zziplib/.footprint index 7f60ab805..41c465773 100644 --- a/zziplib/.footprint +++ b/zziplib/.footprint @@ -38,28 +38,28 @@ drwxr-xr-x root/root usr/lib/ lrwxrwxrwx root/root usr/lib/libzzip-0.so.10 -> libzzip-0.so.13 lrwxrwxrwx root/root usr/lib/libzzip-0.so.11 -> libzzip-0.so.13 lrwxrwxrwx root/root usr/lib/libzzip-0.so.12 -> libzzip-0.so.13 -lrwxrwxrwx root/root usr/lib/libzzip-0.so.13 -> libzzip-0.so.13.0.69 --rwxr-xr-x root/root usr/lib/libzzip-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzip-0.so.13 -> libzzip-0.so.13.0.71 +-rwxr-xr-x root/root usr/lib/libzzip-0.so.13.0.71 -rwxr-xr-x root/root usr/lib/libzzip.la -lrwxrwxrwx root/root usr/lib/libzzip.so -> libzzip-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzip.so -> libzzip-0.so.13.0.71 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.10 -> libzzipfseeko-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.11 -> libzzipfseeko-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.12 -> libzzipfseeko-0.so.13 -lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.13 -> libzzipfseeko-0.so.13.0.69 --rwxr-xr-x root/root usr/lib/libzzipfseeko-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzipfseeko-0.so.13 -> libzzipfseeko-0.so.13.0.71 +-rwxr-xr-x root/root usr/lib/libzzipfseeko-0.so.13.0.71 -rwxr-xr-x root/root usr/lib/libzzipfseeko.la -lrwxrwxrwx root/root usr/lib/libzzipfseeko.so -> libzzipfseeko-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzipfseeko.so -> libzzipfseeko-0.so.13.0.71 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.10 -> libzzipmmapped-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.11 -> libzzipmmapped-0.so.13 lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.12 -> libzzipmmapped-0.so.13 -lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.13 -> libzzipmmapped-0.so.13.0.69 --rwxr-xr-x root/root usr/lib/libzzipmmapped-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzipmmapped-0.so.13 -> libzzipmmapped-0.so.13.0.71 +-rwxr-xr-x root/root usr/lib/libzzipmmapped-0.so.13.0.71 -rwxr-xr-x root/root usr/lib/libzzipmmapped.la -lrwxrwxrwx root/root usr/lib/libzzipmmapped.so -> libzzipmmapped-0.so.13.0.69 -lrwxrwxrwx root/root usr/lib/libzzipwrap-0.so.13 -> libzzipwrap-0.so.13.0.69 --rwxr-xr-x root/root usr/lib/libzzipwrap-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzipmmapped.so -> libzzipmmapped-0.so.13.0.71 +lrwxrwxrwx root/root usr/lib/libzzipwrap-0.so.13 -> libzzipwrap-0.so.13.0.71 +-rwxr-xr-x root/root usr/lib/libzzipwrap-0.so.13.0.71 -rwxr-xr-x root/root usr/lib/libzzipwrap.la -lrwxrwxrwx root/root usr/lib/libzzipwrap.so -> libzzipwrap-0.so.13.0.69 +lrwxrwxrwx root/root usr/lib/libzzipwrap.so -> libzzipwrap-0.so.13.0.71 drwxr-xr-x root/root usr/lib/pkgconfig/ -rw-r--r-- root/root usr/lib/pkgconfig/zzip-zlib-config.pc -rw-r--r-- root/root usr/lib/pkgconfig/zzipfseeko.pc diff --git a/zziplib/.signature b/zziplib/.signature index 7c876f1c5..744763e5e 100644 --- a/zziplib/.signature +++ b/zziplib/.signature @@ -1,14 +1,5 @@ untrusted comment: verify with /etc/ports/contrib.pub -RWSagIOpLGJF323YBX3OvObwjGcNjANZfcFfjB3VYx169yHRwKkQQco/ToW0DSglPWAe9m5We0mxU4rD5ZvEqAMxJJy7L7BzOgE= -SHA256 (Pkgfile) = e1283c4767ac6eb3de6ff0836e4d7da2fca0a4e6eabc1b6c5580835f3d1db8dc -SHA256 (.footprint) = 528ac7b321f52007b62da2bf243b296d8b28decb7738ef9de87b57fde0d3e74e -SHA256 (zziplib-0.13.69.tar.gz) = 846246d7cdeee405d8d21e2922c6e97f55f24ecbe3b6dcf5778073a88f120544 -SHA256 (0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch) = aca062fe1ef9145a0975a49b629354b0ea4e83fb1136d686c0d4c743e4aa04c5 -SHA256 (0002-Fix-_zzip_strndup-strndup-is-not-available.patch) = 77d1c39b70d78c3dd675869d7a5856f401fe2668b96a511b2e31f458a122e22a -SHA256 (0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch) = 5592eadaf4b06ae20046c063ef8efc349767db386270dcf75b5ba4d6afda698a -SHA256 (0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch) = 6f399d542378d1772dc3fd5077cba86c421d241fcad551c9cf1c315e4ecdd831 -SHA256 (0006-One-more-free-to-avoid-memory-leak.patch) = caf7d43083badf77b09a89d2906c09495ff5e09753abdfd7d46838f3404e6b48 -SHA256 (0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch) = c4ecd34bf0628d4fa6ecb6ecc6c8c79b3a457bc9cd8d5417a2770224d6a2d8be -SHA256 (0009-Code-cleanup-in-bins.patch) = 80b7cdaddfd28774dbdb2e61c4e170217fe0b08575cf8730167ce438f2ac8556 -SHA256 (0010-Prevent-division-by-zero.patch) = c1558b4ddf3f51db56e3b24a894990ff70591604942193b92b43256bf062d716 -SHA256 (0012-Update-unzip-mem.c.patch) = 00ba27e936c4e5ea7b2efd3d3a1e360931d86472e43649e25af9dd12207229e5 +RWSagIOpLGJF3zJY7VvqCEBkhkBLCKyniuWqBDnxA+/YHD9DougMEFWixNiZ9x0Wx7ummoE5aC5qt4I3RfCqvgVXJ50ADmo4RAE= +SHA256 (Pkgfile) = fa8d6d858d0b4e1f4f79dcd9f64154751696510801ee594c5859dbebcfec7562 +SHA256 (.footprint) = 34a8454214edf058caa654bfcd0879aabd9d3cff33c6dc93b6591d51cb2a4266 +SHA256 (zziplib-0.13.71.tar.gz) = 2ee1e0fbbb78ec7cc46bde5b62857bc51f8d665dd265577cf93584344b8b9de2 diff --git a/zziplib/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch b/zziplib/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch deleted file mode 100644 index 7a8e60aed..000000000 --- a/zziplib/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 4393a756cea723e6d4b2fa70310f64a2e1303f94 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Josef=20M=C3=B6llers?= -Date: Mon, 26 Mar 2018 12:27:34 +0200 -Subject: [PATCH 01/19] zzip_mem_entry_new(): if compressed size is too big, - bail out. - ---- - zzip/memdisk.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git a/zzip/memdisk.c b/zzip/memdisk.c -index 8d5743d..7c59602 100644 ---- a/zzip/memdisk.c -+++ b/zzip/memdisk.c -@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry) - item->zz_filetype = zzip_disk_entry_get_filetype(entry); - - /* -+ * If zz_data+zz_csize exceeds the size of the file, bail out -+ */ -+ if ((item->zz_data + item->zz_csize) < disk->buffer || -+ (item->zz_data + item->zz_csize) >= disk->endbuf) -+ { -+ goto error; -+ } -+ /* - * If the file is uncompressed, zz_csize and zz_usize should be the same - * If they are not, we cannot guarantee that either is correct, so ... - */ --- -2.22.0 - diff --git a/zziplib/0002-Fix-_zzip_strndup-strndup-is-not-available.patch b/zziplib/0002-Fix-_zzip_strndup-strndup-is-not-available.patch deleted file mode 100644 index 323f2edf8..000000000 --- a/zziplib/0002-Fix-_zzip_strndup-strndup-is-not-available.patch +++ /dev/null @@ -1,33 +0,0 @@ -From dfe0c84409db09f207ca0050fbe5492a5692f117 Mon Sep 17 00:00:00 2001 -From: keneanung -Date: Thu, 26 Apr 2018 10:42:14 +0200 -Subject: [PATCH 02/19] Fix _zzip_strndup strndup is not available - ---- - zzip/__string.h | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/zzip/__string.h b/zzip/__string.h -index cd56714..2103a3b 100644 ---- a/zzip/__string.h -+++ b/zzip/__string.h -@@ -31,6 +31,7 @@ _zzip_strnlen(const char *p, size_t maxlen) - #if defined ZZIP_HAVE_STRNDUP || defined strndup - #define _zzip_strndup strndup - #else -+#include - - /* if your system does not have strndup: */ - zzip__new__ static char * -@@ -42,7 +43,7 @@ _zzip_strndup(char const *p, size_t maxlen) - } else - { - size_t len = _zzip_strnlen(p, maxlen); -- char* r = malloc(len + 1); -+ char* r = (char *)malloc(len + 1); - if (r == NULL) - return NULL; /* errno = ENOMEM */ - r[len] = '\0'; --- -2.22.0 - diff --git a/zziplib/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch b/zziplib/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch deleted file mode 100644 index 1940817e8..000000000 --- a/zziplib/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch +++ /dev/null @@ -1,77 +0,0 @@ -From 9411bde3e4a70a81ff3ffd256b71927b2d90dcbb Mon Sep 17 00:00:00 2001 -From: jmoellers -Date: Fri, 7 Sep 2018 11:32:04 +0200 -Subject: [PATCH 04/19] Avoid memory leak from __zzip_parse_root_directory(). - ---- - test/test.zip | Bin 1361 -> 1361 bytes - zzip/zip.c | 36 ++++++++++++++++++++++++++++++++++-- - 2 files changed, 34 insertions(+), 2 deletions(-) - -diff --git a/test/test.zip b/test/test.zip -index 2c992ea..952d475 100644 -Binary files a/test/test.zip and b/test/test.zip differ -diff --git a/zzip/zip.c b/zzip/zip.c -index 88b833b..a685280 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -475,9 +475,15 @@ __zzip_parse_root_directory(int fd, - } else - { - if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) -+ { -+ free(hdr0); - return ZZIP_DIR_SEEK; -+ } - if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) -+ { -+ free(hdr0); - return ZZIP_DIR_READ; -+ } - d = &dirent; - } - -@@ -577,12 +583,38 @@ __zzip_parse_root_directory(int fd, - - if (hdr_return) - *hdr_return = hdr0; -+ else -+ { -+ /* If it is not assigned to *hdr_return, it will never be free()'d */ -+ free(hdr0); -+ /* Make sure we don't free it again in case of error */ -+ hdr0 = NULL; -+ } - } /* else zero (sane) entries */ - # ifndef ZZIP_ALLOW_MODULO_ENTRIES -- return (entries != zz_entries ? ZZIP_CORRUPTED : 0); -+ if (entries != zz_entries) -+ { -+ /* If it was assigned to *hdr_return, undo assignment */ -+ if (p_reclen && hdr_return) -+ *hdr_return = NULL; -+ /* Free it, if it was not already free()'d */ -+ if (hdr0 != NULL) -+ free(hdr0); -+ return ZZIP_CORRUPTED; -+ } - # else -- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); -+ if (((entries & (unsigned)0xFFFF) != zz_entries) -+ { -+ /* If it was assigned to *hdr_return, undo assignment */ -+ if (p_reclen && hdr_return) -+ *hdr_return = NULL; -+ /* Free it, if it was not already free()'d */ -+ if (hdr0 != NULL) -+ free(hdr0); -+ return ZZIP_CORRUPTED; -+ } - # endif -+ return 0; - } - - /* ------------------------- high-level interface ------------------------- */ --- -2.22.0 - diff --git a/zziplib/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch b/zziplib/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch deleted file mode 100644 index 2394beaf5..000000000 --- a/zziplib/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch +++ /dev/null @@ -1,53 +0,0 @@ -From d2e5d5c53212e54a97ad64b793a4389193fec687 Mon Sep 17 00:00:00 2001 -From: jmoellers -Date: Fri, 7 Sep 2018 11:49:28 +0200 -Subject: [PATCH 05/19] Avoid memory leak from __zzip_parse_root_directory(). - ---- - zzip/zip.c | 25 ++----------------------- - 1 file changed, 2 insertions(+), 23 deletions(-) - -diff --git a/zzip/zip.c b/zzip/zip.c -index a685280..51a1a4d 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -587,34 +587,13 @@ __zzip_parse_root_directory(int fd, - { - /* If it is not assigned to *hdr_return, it will never be free()'d */ - free(hdr0); -- /* Make sure we don't free it again in case of error */ -- hdr0 = NULL; - } - } /* else zero (sane) entries */ - # ifndef ZZIP_ALLOW_MODULO_ENTRIES -- if (entries != zz_entries) -- { -- /* If it was assigned to *hdr_return, undo assignment */ -- if (p_reclen && hdr_return) -- *hdr_return = NULL; -- /* Free it, if it was not already free()'d */ -- if (hdr0 != NULL) -- free(hdr0); -- return ZZIP_CORRUPTED; -- } -+ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; - # else -- if (((entries & (unsigned)0xFFFF) != zz_entries) -- { -- /* If it was assigned to *hdr_return, undo assignment */ -- if (p_reclen && hdr_return) -- *hdr_return = NULL; -- /* Free it, if it was not already free()'d */ -- if (hdr0 != NULL) -- free(hdr0); -- return ZZIP_CORRUPTED; -- } -+ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; - # endif -- return 0; - } - - /* ------------------------- high-level interface ------------------------- */ --- -2.22.0 - diff --git a/zziplib/0006-One-more-free-to-avoid-memory-leak.patch b/zziplib/0006-One-more-free-to-avoid-memory-leak.patch deleted file mode 100644 index 22b314607..000000000 --- a/zziplib/0006-One-more-free-to-avoid-memory-leak.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 0e1dadb05c1473b9df2d7b8f298dab801778ef99 Mon Sep 17 00:00:00 2001 -From: jmoellers -Date: Fri, 7 Sep 2018 13:55:35 +0200 -Subject: [PATCH 06/19] One more free() to avoid memory leak. - ---- - zzip/zip.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/zzip/zip.c b/zzip/zip.c -index 51a1a4d..bc6c080 100644 ---- a/zzip/zip.c -+++ b/zzip/zip.c -@@ -589,6 +589,8 @@ __zzip_parse_root_directory(int fd, - free(hdr0); - } - } /* else zero (sane) entries */ -+ else -+ free(hdr0); - # ifndef ZZIP_ALLOW_MODULO_ENTRIES - return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; - # else --- -2.22.0 - diff --git a/zziplib/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch b/zziplib/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch deleted file mode 100644 index 83fde4c29..000000000 --- a/zziplib/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch +++ /dev/null @@ -1,344 +0,0 @@ -From 81dfa6b3e08f6934885ba5c98939587d6850d08e Mon Sep 17 00:00:00 2001 -From: Josef Moellers -Date: Thu, 4 Oct 2018 14:21:48 +0200 -Subject: [PATCH 07/19] Fix issue #62: Remove any "../" components from - pathnames of extracted files. [CVE-2018-17828] - ---- - bins/unzzipcat-big.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - bins/unzzipcat-mem.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - bins/unzzipcat-mix.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - bins/unzzipcat-zip.c | 57 +++++++++++++++++++++++++++++++++++++++++++- - 4 files changed, 224 insertions(+), 4 deletions(-) - -diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c -index 982d262..88c4d65 100644 ---- a/bins/unzzipcat-big.c -+++ b/bins/unzzipcat-big.c -@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -70,6 +112,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -79,7 +131,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - -diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c -index 9bc966b..793bde8 100644 ---- a/bins/unzzipcat-mem.c -+++ b/bins/unzzipcat-mem.c -@@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -75,6 +117,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - static int unzzip_cat (int argc, char ** argv, int extract) -diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c -index 91c2f00..73b6ed6 100644 ---- a/bins/unzzipcat-mix.c -+++ b/bins/unzzipcat-mix.c -@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -86,6 +128,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - static int unzzip_cat (int argc, char ** argv, int extract) -diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c -index 2810f85..7f7f3fa 100644 ---- a/bins/unzzipcat-zip.c -+++ b/bins/unzzipcat-zip.c -@@ -69,6 +69,48 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - } - } - -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ - static void makedirs(const char* name) - { - char* p = strrchr(name, '/'); -@@ -86,6 +128,16 @@ static void makedirs(const char* name) - - static FILE* create_fopen(char* name, char* mode, int subdirs) - { -+ char *name_stripped; -+ FILE *fp; -+ int mustfree = 0; -+ -+ if ((name_stripped = strdup(name)) != NULL) -+ { -+ remove_dotdotslash(name_stripped); -+ name = name_stripped; -+ mustfree = 1; -+ } - if (subdirs) - { - char* p = strrchr(name, '/'); -@@ -95,7 +147,10 @@ static FILE* create_fopen(char* name, char* mode, int subdirs) - free (dir_name); - } - } -- return fopen(name, mode); -+ fp = fopen(name, mode); -+ if (mustfree) -+ free(name_stripped); -+ return fp; - } - - static int unzzip_cat (int argc, char ** argv, int extract) --- -2.22.0 - diff --git a/zziplib/0009-Code-cleanup-in-bins.patch b/zziplib/0009-Code-cleanup-in-bins.patch deleted file mode 100644 index c700a896f..000000000 --- a/zziplib/0009-Code-cleanup-in-bins.patch +++ /dev/null @@ -1,635 +0,0 @@ -From f888547b1bb7f2354d66912fed62e2a5053b76e6 Mon Sep 17 00:00:00 2001 -From: Josef Moellers -Date: Fri, 12 Oct 2018 16:45:47 +0200 -Subject: [PATCH 09/19] Code cleanup in "bins". - ---- - bins/unzzip.c | 113 +++++++++++++++++++++++++++++++++++++++++ - bins/unzzipcat-big.c | 91 ++------------------------------- - bins/unzzipcat-mem.c | 91 ++------------------------------- - bins/unzzipcat-mix.c | 116 ++----------------------------------------- - bins/unzzipcat-zip.c | 116 ++----------------------------------------- - 5 files changed, 125 insertions(+), 402 deletions(-) - -diff --git a/bins/unzzip.c b/bins/unzzip.c -index f91c5eb..5426049 100644 ---- a/bins/unzzip.c -+++ b/bins/unzzip.c -@@ -5,8 +5,14 @@ - * This file is used as an example to clarify zzip api usage. - */ - -+#include - #include -+#include -+#include -+#include -+#include - #include -+#include - #include - #include "unzzipcat-zip.h" - #include "unzzipdir-zip.h" -@@ -32,6 +38,113 @@ static int unzzip_help(void) - return 0; - } - -+/* Functions used by unzzipcat-*.c: */ -+int exitcode(int e) -+{ -+ switch (e) -+ { -+ case ZZIP_NO_ERROR: -+ return EXIT_OK; -+ case ZZIP_OUTOFMEM: /* out of memory */ -+ return EXIT_ENOMEM; -+ case ZZIP_DIR_OPEN: /* failed to open zipfile, see errno for details */ -+ return EXIT_ZIP_NOT_FOUND; -+ case ZZIP_DIR_STAT: /* failed to fstat zipfile, see errno for details */ -+ case ZZIP_DIR_SEEK: /* failed to lseek zipfile, see errno for details */ -+ case ZZIP_DIR_READ: /* failed to read zipfile, see errno for details */ -+ case ZZIP_DIR_TOO_SHORT: -+ case ZZIP_DIR_EDH_MISSING: -+ return EXIT_FILEFORMAT; -+ case ZZIP_DIRSIZE: -+ return EXIT_EARLY_END_OF_FILE; -+ case ZZIP_ENOENT: -+ return EXIT_FILE_NOT_FOUND; -+ case ZZIP_UNSUPP_COMPR: -+ return EXIT_UNSUPPORTED_COMPRESSION; -+ case ZZIP_CORRUPTED: -+ case ZZIP_UNDEF: -+ case ZZIP_DIR_LARGEFILE: -+ return EXIT_FILEFORMAT; -+ } -+ return EXIT_ERRORS; -+} -+ -+/* -+ * NAME: remove_dotdotslash -+ * PURPOSE: To remove any "../" components from the given pathname -+ * ARGUMENTS: path: path name with maybe "../" components -+ * RETURNS: Nothing, "path" is modified in-place -+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -+ * Also, "path" is not used after creating it. -+ * So modifying "path" in-place is safe to do. -+ */ -+static inline void -+remove_dotdotslash(char *path) -+{ -+ /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -+ char *dotdotslash; -+ int warned = 0; -+ -+ dotdotslash = path; -+ while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -+ { -+ /* -+ * Remove only if at the beginning of the pathname ("../path/name") -+ * or when preceded by a slash ("path/../name"), -+ * otherwise not ("path../name..")! -+ */ -+ if (dotdotslash == path || dotdotslash[-1] == '/') -+ { -+ char *src, *dst; -+ if (!warned) -+ { -+ /* Note: the first time through the pathname is still intact */ -+ fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -+ warned = 1; -+ } -+ /* We cannot use strcpy(), as there "The strings may not overlap" */ -+ for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -+ ; -+ } -+ else -+ dotdotslash +=3; /* skip this instance to prevent infinite loop */ -+ } -+} -+ -+static void makedirs(const char* name) -+{ -+ char* p = strrchr(name, '/'); -+ if (p) { -+ char* dir_name = _zzip_strndup(name, p-name); -+ makedirs(dir_name); -+ free (dir_name); -+ } -+ if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST) -+ { -+ DBG3("while mkdir %s : %s", name, strerror(errno)); -+ } -+ errno = 0; -+} -+ -+FILE* create_fopen(char* name, char* mode, int subdirs) -+{ -+ char name_stripped[PATH_MAX]; -+ -+ strncpy(name_stripped, name, PATH_MAX); -+ remove_dotdotslash(name_stripped); -+ -+ if (subdirs) -+ { -+ char* p = strrchr(name_stripped, '/'); -+ if (p) { -+ char* dir_name = _zzip_strndup(name_stripped, p-name); -+ makedirs(dir_name); -+ free (dir_name); -+ } -+ } -+ return fopen(name_stripped, mode); -+} -+ - int - main (int argc, char ** argv) - { -diff --git a/bins/unzzipcat-big.c b/bins/unzzipcat-big.c -index 88c4d65..111ef47 100644 ---- a/bins/unzzipcat-big.c -+++ b/bins/unzzipcat-big.c -@@ -16,10 +16,9 @@ - #include "unzzipcat-zip.h" - #include "unzzip-states.h" - --static int exitcode(int e) --{ -- return EXIT_ERRORS; --} -+/* Functions in unzzip.c: */ -+extern int exitcode(int); -+extern FILE* create_fopen(char*, char*, int); - - static void unzzip_big_entry_fprint(ZZIP_ENTRY* entry, FILE* out) - { -@@ -53,90 +52,6 @@ static void unzzip_cat_file(FILE* disk, char* name, FILE* out) - } - } - --/* -- * NAME: remove_dotdotslash -- * PURPOSE: To remove any "../" components from the given pathname -- * ARGUMENTS: path: path name with maybe "../" components -- * RETURNS: Nothing, "path" is modified in-place -- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -- * Also, "path" is not used after creating it. -- * So modifying "path" in-place is safe to do. -- */ --static inline void --remove_dotdotslash(char *path) --{ -- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -- char *dotdotslash; -- int warned = 0; -- -- dotdotslash = path; -- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -- { -- /* -- * Remove only if at the beginning of the pathname ("../path/name") -- * or when preceded by a slash ("path/../name"), -- * otherwise not ("path../name..")! -- */ -- if (dotdotslash == path || dotdotslash[-1] == '/') -- { -- char *src, *dst; -- if (!warned) -- { -- /* Note: the first time through the pathname is still intact */ -- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -- warned = 1; -- } -- /* We cannot use strcpy(), as there "The strings may not overlap" */ -- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -- ; -- } -- else -- dotdotslash +=3; /* skip this instance to prevent infinite loop */ -- } --} -- --static void makedirs(const char* name) --{ -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST) -- { -- DBG3("while mkdir %s : %s", name, strerror(errno)); -- } -- errno = 0; --} -- --static FILE* create_fopen(char* name, char* mode, int subdirs) --{ -- char *name_stripped; -- FILE *fp; -- int mustfree = 0; -- -- if ((name_stripped = strdup(name)) != NULL) -- { -- remove_dotdotslash(name_stripped); -- name = name_stripped; -- mustfree = 1; -- } -- if (subdirs) -- { -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- } -- fp = fopen(name, mode); -- if (mustfree) -- free(name_stripped); -- return fp; --} -- - - static int unzzip_cat (int argc, char ** argv, int extract) - { -diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c -index 793bde8..cfa27ab 100644 ---- a/bins/unzzipcat-mem.c -+++ b/bins/unzzipcat-mem.c -@@ -24,10 +24,9 @@ - #include - #endif - --static int exitcode(int e) --{ -- return EXIT_ERRORS; --} -+/* Functions in unzzip.c: */ -+extern int exitcode(int); -+extern FILE* create_fopen(char*, char*, int); - - static void unzzip_mem_entry_fprint(ZZIP_MEM_DISK* disk, - ZZIP_MEM_ENTRY* entry, FILE* out) -@@ -58,90 +57,6 @@ static void unzzip_mem_disk_cat_file(ZZIP_MEM_DISK* disk, char* name, FILE* out) - } - } - --/* -- * NAME: remove_dotdotslash -- * PURPOSE: To remove any "../" components from the given pathname -- * ARGUMENTS: path: path name with maybe "../" components -- * RETURNS: Nothing, "path" is modified in-place -- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -- * Also, "path" is not used after creating it. -- * So modifying "path" in-place is safe to do. -- */ --static inline void --remove_dotdotslash(char *path) --{ -- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -- char *dotdotslash; -- int warned = 0; -- -- dotdotslash = path; -- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -- { -- /* -- * Remove only if at the beginning of the pathname ("../path/name") -- * or when preceded by a slash ("path/../name"), -- * otherwise not ("path../name..")! -- */ -- if (dotdotslash == path || dotdotslash[-1] == '/') -- { -- char *src, *dst; -- if (!warned) -- { -- /* Note: the first time through the pathname is still intact */ -- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -- warned = 1; -- } -- /* We cannot use strcpy(), as there "The strings may not overlap" */ -- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -- ; -- } -- else -- dotdotslash +=3; /* skip this instance to prevent infinite loop */ -- } --} -- --static void makedirs(const char* name) --{ -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST) -- { -- DBG3("while mkdir %s : %s", name, strerror(errno)); -- } -- errno = 0; --} -- --static FILE* create_fopen(char* name, char* mode, int subdirs) --{ -- char *name_stripped; -- FILE *fp; -- int mustfree = 0; -- -- if ((name_stripped = strdup(name)) != NULL) -- { -- remove_dotdotslash(name_stripped); -- name = name_stripped; -- mustfree = 1; -- } -- if (subdirs) -- { -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- } -- fp = fopen(name, mode); -- if (mustfree) -- free(name_stripped); -- return fp; --} -- - static int unzzip_cat (int argc, char ** argv, int extract) - { - int done = 0; -diff --git a/bins/unzzipcat-mix.c b/bins/unzzipcat-mix.c -index 73b6ed6..5a32b1d 100644 ---- a/bins/unzzipcat-mix.c -+++ b/bins/unzzipcat-mix.c -@@ -24,35 +24,9 @@ - #include - #endif - --static int exitcode(int e) --{ -- switch (e) -- { -- case ZZIP_NO_ERROR: -- return EXIT_OK; -- case ZZIP_OUTOFMEM: /* out of memory */ -- return EXIT_ENOMEM; -- case ZZIP_DIR_OPEN: /* failed to open zipfile, see errno for details */ -- return EXIT_ZIP_NOT_FOUND; -- case ZZIP_DIR_STAT: /* failed to fstat zipfile, see errno for details */ -- case ZZIP_DIR_SEEK: /* failed to lseek zipfile, see errno for details */ -- case ZZIP_DIR_READ: /* failed to read zipfile, see errno for details */ -- case ZZIP_DIR_TOO_SHORT: -- case ZZIP_DIR_EDH_MISSING: -- return EXIT_FILEFORMAT; -- case ZZIP_DIRSIZE: -- return EXIT_EARLY_END_OF_FILE; -- case ZZIP_ENOENT: -- return EXIT_FILE_NOT_FOUND; -- case ZZIP_UNSUPP_COMPR: -- return EXIT_UNSUPPORTED_COMPRESSION; -- case ZZIP_CORRUPTED: -- case ZZIP_UNDEF: -- case ZZIP_DIR_LARGEFILE: -- return EXIT_FILEFORMAT; -- } -- return EXIT_ERRORS; --} -+/* Functions in unzzip.c: */ -+extern int exitcode(int); -+extern FILE* create_fopen(char*, char*, int); - - static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - { -@@ -69,90 +43,6 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - } - } - --/* -- * NAME: remove_dotdotslash -- * PURPOSE: To remove any "../" components from the given pathname -- * ARGUMENTS: path: path name with maybe "../" components -- * RETURNS: Nothing, "path" is modified in-place -- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -- * Also, "path" is not used after creating it. -- * So modifying "path" in-place is safe to do. -- */ --static inline void --remove_dotdotslash(char *path) --{ -- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -- char *dotdotslash; -- int warned = 0; -- -- dotdotslash = path; -- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -- { -- /* -- * Remove only if at the beginning of the pathname ("../path/name") -- * or when preceded by a slash ("path/../name"), -- * otherwise not ("path../name..")! -- */ -- if (dotdotslash == path || dotdotslash[-1] == '/') -- { -- char *src, *dst; -- if (!warned) -- { -- /* Note: the first time through the pathname is still intact */ -- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -- warned = 1; -- } -- /* We cannot use strcpy(), as there "The strings may not overlap" */ -- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -- ; -- } -- else -- dotdotslash +=3; /* skip this instance to prevent infinite loop */ -- } --} -- --static void makedirs(const char* name) --{ -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST) -- { -- DBG3("while mkdir %s : %s", name, strerror(errno)); -- } -- errno = 0; --} -- --static FILE* create_fopen(char* name, char* mode, int subdirs) --{ -- char *name_stripped; -- FILE *fp; -- int mustfree = 0; -- -- if ((name_stripped = strdup(name)) != NULL) -- { -- remove_dotdotslash(name_stripped); -- name = name_stripped; -- mustfree = 1; -- } -- if (subdirs) -- { -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- } -- fp = fopen(name, mode); -- if (mustfree) -- free(name_stripped); -- return fp; --} -- - static int unzzip_cat (int argc, char ** argv, int extract) - { - int done = 0; -diff --git a/bins/unzzipcat-zip.c b/bins/unzzipcat-zip.c -index 7f7f3fa..be5e7fa 100644 ---- a/bins/unzzipcat-zip.c -+++ b/bins/unzzipcat-zip.c -@@ -24,35 +24,9 @@ - #include - #endif - --static int exitcode(int e) --{ -- switch (e) -- { -- case ZZIP_NO_ERROR: -- return EXIT_OK; -- case ZZIP_OUTOFMEM: /* out of memory */ -- return EXIT_ENOMEM; -- case ZZIP_DIR_OPEN: /* failed to open zipfile, see errno for details */ -- return EXIT_ZIP_NOT_FOUND; -- case ZZIP_DIR_STAT: /* failed to fstat zipfile, see errno for details */ -- case ZZIP_DIR_SEEK: /* failed to lseek zipfile, see errno for details */ -- case ZZIP_DIR_READ: /* failed to read zipfile, see errno for details */ -- case ZZIP_DIR_TOO_SHORT: -- case ZZIP_DIR_EDH_MISSING: -- return EXIT_FILEFORMAT; -- case ZZIP_DIRSIZE: -- return EXIT_EARLY_END_OF_FILE; -- case ZZIP_ENOENT: -- return EXIT_FILE_NOT_FOUND; -- case ZZIP_UNSUPP_COMPR: -- return EXIT_UNSUPPORTED_COMPRESSION; -- case ZZIP_CORRUPTED: -- case ZZIP_UNDEF: -- case ZZIP_DIR_LARGEFILE: -- return EXIT_FILEFORMAT; -- } -- return EXIT_ERRORS; --} -+/* Functions in unzzip.c: */ -+extern int exitcode(int); -+extern FILE* create_fopen(char*, char*, int); - - static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - { -@@ -69,90 +43,6 @@ static void unzzip_cat_file(ZZIP_DIR* disk, char* name, FILE* out) - } - } - --/* -- * NAME: remove_dotdotslash -- * PURPOSE: To remove any "../" components from the given pathname -- * ARGUMENTS: path: path name with maybe "../" components -- * RETURNS: Nothing, "path" is modified in-place -- * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! -- * Also, "path" is not used after creating it. -- * So modifying "path" in-place is safe to do. -- */ --static inline void --remove_dotdotslash(char *path) --{ -- /* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ -- char *dotdotslash; -- int warned = 0; -- -- dotdotslash = path; -- while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) -- { -- /* -- * Remove only if at the beginning of the pathname ("../path/name") -- * or when preceded by a slash ("path/../name"), -- * otherwise not ("path../name..")! -- */ -- if (dotdotslash == path || dotdotslash[-1] == '/') -- { -- char *src, *dst; -- if (!warned) -- { -- /* Note: the first time through the pathname is still intact */ -- fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); -- warned = 1; -- } -- /* We cannot use strcpy(), as there "The strings may not overlap" */ -- for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) -- ; -- } -- else -- dotdotslash +=3; /* skip this instance to prevent infinite loop */ -- } --} -- --static void makedirs(const char* name) --{ -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- if (_zzip_mkdir(name, 0775) == -1 && errno != EEXIST) -- { -- DBG3("while mkdir %s : %s", name, strerror(errno)); -- } -- errno = 0; --} -- --static FILE* create_fopen(char* name, char* mode, int subdirs) --{ -- char *name_stripped; -- FILE *fp; -- int mustfree = 0; -- -- if ((name_stripped = strdup(name)) != NULL) -- { -- remove_dotdotslash(name_stripped); -- name = name_stripped; -- mustfree = 1; -- } -- if (subdirs) -- { -- char* p = strrchr(name, '/'); -- if (p) { -- char* dir_name = _zzip_strndup(name, p-name); -- makedirs(dir_name); -- free (dir_name); -- } -- } -- fp = fopen(name, mode); -- if (mustfree) -- free(name_stripped); -- return fp; --} -- - static int unzzip_cat (int argc, char ** argv, int extract) - { - int done = 0; --- -2.22.0 - diff --git a/zziplib/0010-Prevent-division-by-zero.patch b/zziplib/0010-Prevent-division-by-zero.patch deleted file mode 100644 index a84d791bf..000000000 --- a/zziplib/0010-Prevent-division-by-zero.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 220b12635668fd524f950fd2e5c7635a43a90bdd Mon Sep 17 00:00:00 2001 -From: Josef Moellers -Date: Mon, 1 Apr 2019 16:28:00 +0200 -Subject: [PATCH 10/19] Prevent division by zero - ---- - bins/unzip-mem.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c -index c45cb72..c576290 100644 ---- a/bins/unzip-mem.c -+++ b/bins/unzip-mem.c -@@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP_MEM_ENTRY* entry) - if (*name == '\n') name++; - - if (option_verbose) { -+ long percentage; -+ -+ percentage = usize ? (L (100 - (csize*100/usize))) : 100; /* 100% if file size is 0 */ - printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n", - L usize, exp, comprlevel[compr], L csize, exp, -- L (100 - (csize*100/usize)), -+ percentage, - _zzip_ctime(&mtime), crc32, name, comment); - } else { - printf(" %8li%c %s %s %s\n", --- -2.22.0 - diff --git a/zziplib/0012-Update-unzip-mem.c.patch b/zziplib/0012-Update-unzip-mem.c.patch deleted file mode 100644 index 2a88f779e..000000000 --- a/zziplib/0012-Update-unzip-mem.c.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 82feb94da77a60c9d85e7ddfc037f363a30be457 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Josef=20M=C3=B6llers?= -Date: Thu, 4 Apr 2019 11:30:08 +0200 -Subject: [PATCH 12/19] Update unzip-mem.c - ---- - bins/unzip-mem.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c -index c576290..a42d448 100644 ---- a/bins/unzip-mem.c -+++ b/bins/unzip-mem.c -@@ -233,7 +233,7 @@ static void zzip_mem_entry_direntry(ZZIP_MEM_ENTRY* entry) - if (option_verbose) { - long percentage; - -- percentage = usize ? (L (100 - (csize*100/usize))) : 100; /* 100% if file size is 0 */ -+ percentage = usize ? (L (100 - (csize*100/usize))) : 0; /* 0% if file size is 0 */ - printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n", - L usize, exp, comprlevel[compr], L csize, exp, - percentage, --- -2.22.0 - diff --git a/zziplib/Pkgfile b/zziplib/Pkgfile index 7884f9d22..6b6827eae 100644 --- a/zziplib/Pkgfile +++ b/zziplib/Pkgfile @@ -4,33 +4,13 @@ # Depends on: zlib python name=zziplib -version=0.13.69 -release=2 -source=(https://github.com/gdraheim/$name/archive/v$version/$name-$version.tar.gz - 0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch - 0002-Fix-_zzip_strndup-strndup-is-not-available.patch - 0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch - 0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch - 0006-One-more-free-to-avoid-memory-leak.patch - 0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch - 0009-Code-cleanup-in-bins.patch - 0010-Prevent-division-by-zero.patch - 0012-Update-unzip-mem.c.patch) +version=0.13.71 +release=1 +source=(https://github.com/gdraheim/$name/archive/v$version/$name-$version.tar.gz) build() { cd $name-$version - # Upstream bug fixes (maybe create considated patch) - patch -p1 -i $SRC/0001-zzip_mem_entry_new-if-compressed-size-is-too-big-bai.patch - patch -p1 -i $SRC/0002-Fix-_zzip_strndup-strndup-is-not-available.patch - patch -p1 -i $SRC/0004-Avoid-memory-leak-from-__zzip_parse_root_directory.patch - patch -p1 -i $SRC/0005-Avoid-memory-leak-from-__zzip_parse_root_directory.patch - patch -p1 -i $SRC/0006-One-more-free-to-avoid-memory-leak.patch - patch -p1 -i $SRC/0007-Fix-issue-62-Remove-any-.-components-from-pathnames-.patch - patch -p1 -i $SRC/0009-Code-cleanup-in-bins.patch - patch -p1 -i $SRC/0010-Prevent-division-by-zero.patch - patch -p1 -i $SRC/0012-Update-unzip-mem.c.patch - # docs building currently broken for almost 1/6 or more of manpages # TODO: troubleshoot and report upstream sed -i -e 's,^\(SUBDIRS = .*\) docs\(.*\)$,\1\2,' \