Ubuntu
unzip package

Merge ~dviererbe/ubuntu/+source/unzip:merge-lp2021565-mantic into ubuntu/+source/unzip:debian/sid

  1. Git
  2. lp:~dviererbe/ubuntu/+source/unzip
  3. merge-lp2021565-mantic
  4. Merge into debian/sid
Proposed by Dominik Viererbe
Status: Merged
Merge reported by: Robie Basak
Merged at revision: c62a3e321dcb644342db00d7ff618dae27c1a847
Proposed branch: ~dviererbe/ubuntu/+source/unzip:merge-lp2021565-mantic
Merge into: ubuntu/+source/unzip:debian/sid
Diff against target: 623 lines (+519/-1)
4 files modified
debian/changelog (+118/-0)
debian/control (+2/-1)
debian/patches/20-unzip60-alt-iconv-utf8.patch (+398/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Steve Langasek (community) Approve
Canonical Server Reporter Pending
git-ubuntu import Pending
Review via email: mp+443804@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Dominik Viererbe (dviererbe) wrote :

PPA: https://launchpad.net/~dviererbe/+archive/ubuntu/unzip-merge-lp2021565

Basic test:

Use a zip file you have lying around and unzip it e.g.
$ unzip test.zip

Package tests:

This package contains no tests.

Revision history for this message
Steve Langasek (vorlon) :
review: Approve
Revision history for this message
Robie Basak (racb) wrote :

brdung asked me to mark this as Merged.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index dfed2d7..8cf68a5 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,12 @@
6+unzip (6.0-28ubuntu1) mantic; urgency=medium
7+
8+ * Merge from Debian unstable (LP: 2021565). Remaining changes:
9+ - d/p/20-unzip60-alt-iconv-utf8.patch: Add patch from archlinux
10+ which adds the -O option, allowing a charset to be specified
11+ for the proper unzipping of non-Latin and non-Unicode filenames.
12+
13+ -- Dominik Viererbe <dominik.viererbe@canonical.com> Tue, 30 May 2023 13:34:18 +0300
14+
15 unzip (6.0-28) unstable; urgency=medium
16
17 * Drop debian/source/lintian-overrides, obsolete since version 6.0-18.
18@@ -8,6 +17,16 @@ unzip (6.0-28) unstable; urgency=medium
19
20 -- Santiago Vila <sanvila@debian.org> Sun, 19 Feb 2023 19:02:00 +0100
21
22+unzip (6.0-27ubuntu1) kinetic; urgency=medium
23+
24+ * Merge from Debian unstable (LP: #198740)
25+ Remaining changes:
26+ - Add patch from archlinux which adds the -O option, allowing a charset
27+ to be specified for the proper unzipping of non-Latin and non-Unicode
28+ filenames.
29+
30+ -- Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tue, 23 Aug 2022 14:51:42 +0200
31+
32 unzip (6.0-27) unstable; urgency=medium
33
34 * Apply upstream patch for CVE-2022-0529 and CVE-2022-0530.
35@@ -17,6 +36,27 @@ unzip (6.0-27) unstable; urgency=medium
36
37 -- Santiago Vila <sanvila@debian.org> Tue, 02 Aug 2022 19:05:00 +0200
38
39+unzip (6.0-26ubuntu3) jammy; urgency=high
40+
41+ * No change rebuild for ppc64el baseline bump.
42+
43+ -- Julian Andres Klode <juliank@ubuntu.com> Fri, 25 Mar 2022 10:59:33 +0100
44+
45+unzip (6.0-26ubuntu2) impish; urgency=medium
46+
47+ * No-change rebuild to build packages with zstd compression.
48+
49+ -- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:25:55 +0200
50+
51+unzip (6.0-26ubuntu1) hirsute; urgency=low
52+
53+ * Merge from Debian unstable. Remaining changes:
54+ - Add patch from archlinux which adds the -O option, allowing a charset
55+ to be specified for the proper unzipping of non-Latin and non-Unicode
56+ filenames.
57+
58+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 29 Jan 2021 12:10:20 -0800
59+
60 unzip (6.0-26) unstable; urgency=medium
61
62 * Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996.
63@@ -28,6 +68,15 @@ unzip (6.0-26) unstable; urgency=medium
64
65 -- Santiago Vila <sanvila@debian.org> Sun, 10 Jan 2021 15:34:00 +0100
66
67+unzip (6.0-25ubuntu1) eoan; urgency=low
68+
69+ * Merge from Debian unstable. Remaining changes:
70+ - Add patch from archlinux which adds the -O option, allowing a charset
71+ to be specified for the proper unzipping of non-Latin and non-Unicode
72+ filenames.
73+
74+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 15 Aug 2019 23:39:12 -0700
75+
76 unzip (6.0-25) unstable; urgency=medium
77
78 * Apply one more patch by Mark Adler:
79@@ -37,6 +86,15 @@ unzip (6.0-25) unstable; urgency=medium
80
81 -- Santiago Vila <sanvila@debian.org> Sat, 27 Jul 2019 18:01:36 +0200
82
83+unzip (6.0-24ubuntu1) eoan; urgency=low
84+
85+ * Merge from Debian unstable. Remaining changes:
86+ - Add patch from archlinux which adds the -O option, allowing a charset
87+ to be specified for the proper unzipping of non-Latin and non-Unicode
88+ filenames.
89+
90+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Jul 2019 22:02:02 -0700
91+
92 unzip (6.0-24) unstable; urgency=medium
93
94 * Apply two patches by Mark Adler:
95@@ -46,6 +104,15 @@ unzip (6.0-24) unstable; urgency=medium
96
97 -- Santiago Vila <sanvila@debian.org> Thu, 11 Jul 2019 18:03:34 +0200
98
99+unzip (6.0-23ubuntu1) eoan; urgency=low
100+
101+ * Merge from Debian unstable. Remaining changes:
102+ - Add patch from archlinux which adds the -O option, allowing a charset
103+ to be specified for the proper unzipping of non-Latin and non-Unicode
104+ filenames.
105+
106+ -- Steve Langasek <steve.langasek@ubuntu.com> Tue, 28 May 2019 23:05:51 -0700
107+
108 unzip (6.0-23) unstable; urgency=medium
109
110 * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
111@@ -53,6 +120,15 @@ unzip (6.0-23) unstable; urgency=medium
112
113 -- Santiago Vila <sanvila@debian.org> Wed, 29 May 2019 00:24:08 +0200
114
115+unzip (6.0-22ubuntu1) disco; urgency=low
116+
117+ * Merge from Debian unstable. Remaining changes:
118+ - Add patch from archlinux which adds the -O option, allowing a charset
119+ to be specified for the proper unzipping of non-Latin and non-Unicode
120+ filenames.
121+
122+ -- Steve Langasek <steve.langasek@ubuntu.com> Mon, 11 Feb 2019 11:32:00 -0800
123+
124 unzip (6.0-22) unstable; urgency=medium
125
126 * Fix buffer overflow in password protected ZIP archives. Closes: #889838.
127@@ -61,6 +137,15 @@ unzip (6.0-22) unstable; urgency=medium
128
129 -- Santiago Vila <sanvila@debian.org> Sat, 09 Feb 2019 18:12:00 +0100
130
131+unzip (6.0-21ubuntu1) artful; urgency=low
132+
133+ * Merge from Debian unstable. Remaining changes:
134+ - Add patch from archlinux which adds the -O option, allowing a charset
135+ to be specified for the proper unzipping of non-Latin and non-Unicode
136+ filenames.
137+
138+ -- Steve Langasek <steve.langasek@ubuntu.com> Thu, 27 Apr 2017 22:23:23 -0700
139+
140 unzip (6.0-21) unstable; urgency=medium
141
142 * Rename all debian/patches/* to have .patch ending.
143@@ -78,6 +163,22 @@ unzip (6.0-21) unstable; urgency=medium
144
145 -- Santiago Vila <sanvila@debian.org> Sun, 11 Dec 2016 21:03:30 +0100
146
147+unzip (6.0-20ubuntu2) artful; urgency=medium
148+
149+ * No-change rebuild to pick up -fPIE compiler default in static
150+ libraries
151+
152+ -- Steve Langasek <steve.langasek@ubuntu.com> Fri, 21 Apr 2017 20:58:49 +0000
153+
154+unzip (6.0-20ubuntu1) xenial; urgency=medium
155+
156+ * Resynchronise with Debian. Remaining changes:
157+ - Add patch from archlinux which adds the -O option, allowing a charset
158+ to be specified for the proper unzipping of non-Latin and non-Unicode
159+ filenames.
160+
161+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Fri, 20 Nov 2015 09:16:18 -0500
162+
163 unzip (6.0-20) unstable; urgency=high
164
165 * Update debian/patches/16-fix-integer-underflow-csiz-decrypted to fix
166@@ -86,6 +187,22 @@ unzip (6.0-20) unstable; urgency=high
167
168 -- Santiago Vila <sanvila@debian.org> Mon, 09 Nov 2015 22:15:32 +0100
169
170+unzip (6.0-19ubuntu2) xenial; urgency=medium
171+
172+ * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
173+ regression in handling 0-byte files (LP: #1513293)
174+
175+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 09 Nov 2015 08:51:17 -0600
176+
177+unzip (6.0-19ubuntu1) xenial; urgency=medium
178+
179+ * Resynchronise with Debian. Remaining changes:
180+ - Add patch from archlinux which adds the -O option, allowing a charset
181+ to be specified for the proper unzipping of non-Latin and non-Unicode
182+ filenames.
183+
184+ -- Sebastien Bacher <seb128@ubuntu.com> Fri, 23 Oct 2015 15:58:43 +0200
185+
186 unzip (6.0-19) unstable; urgency=medium
187
188 * Fix infinite loop when extracting password-protected archive.
189@@ -521,3 +638,4 @@ unzip (5.12-12) non-free; urgency=low
190 * initial release (used 2 to avoid confusion with old unzip)
191
192 -- Carl Streeter <streeter@cae.wisc.edu> Tue, 5 Sep 1995 00:00:00 +0000
193+
194diff --git a/debian/control b/debian/control
195index fed3df4..ec0c8ba 100644
196--- a/debian/control
197+++ b/debian/control
198@@ -1,7 +1,8 @@
199 Source: unzip
200 Section: utils
201 Priority: optional
202-Maintainer: Santiago Vila <sanvila@debian.org>
203+Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
204+XSBC-Original-Maintainer: Santiago Vila <sanvila@debian.org>
205 Standards-Version: 4.6.2
206 Build-Depends: debhelper-compat (= 13), libbz2-dev
207 Homepage: https://infozip.sourceforge.net/UnZip.html
208diff --git a/debian/patches/20-unzip60-alt-iconv-utf8.patch b/debian/patches/20-unzip60-alt-iconv-utf8.patch
209new file mode 100644
210index 0000000..b9e3777
211--- /dev/null
212+++ b/debian/patches/20-unzip60-alt-iconv-utf8.patch
213@@ -0,0 +1,398 @@
214+From: Giovanni Scafora <giovanni.archlinux.org>
215+Subject: unzip files encoded with non-latin, non-unicode file names
216+Last-Update: 2015-02-11
217+
218+Updated 2015-02-11 by Marc Deslauriers <marc.deslauriers@canonical.com>
219+to fix buffer overflow in charset_to_intern()
220+
221+Index: unzip-6.0/unix/unix.c
222+===================================================================
223+--- unzip-6.0.orig/unix/unix.c 2015-02-11 08:46:43.675324290 -0500
224++++ unzip-6.0/unix/unix.c 2015-02-11 09:18:04.902081319 -0500
225+@@ -30,6 +30,9 @@
226+ #define UNZIP_INTERNAL
227+ #include "unzip.h"
228+
229++#include <iconv.h>
230++#include <langinfo.h>
231++
232+ #ifdef SCO_XENIX
233+ # define SYSNDIR
234+ #else /* SCO Unix, AIX, DNIX, TI SysV, Coherent 4.x, ... */
235+@@ -1874,3 +1877,102 @@
236+ }
237+ }
238+ #endif /* QLZIP */
239++
240++
241++typedef struct {
242++ char *local_charset;
243++ char *archive_charset;
244++} CHARSET_MAP;
245++
246++/* A mapping of local <-> archive charsets used by default to convert filenames
247++ * of DOS/Windows Zip archives. Currently very basic. */
248++static CHARSET_MAP dos_charset_map[] = {
249++ { "ANSI_X3.4-1968", "CP850" },
250++ { "ISO-8859-1", "CP850" },
251++ { "CP1252", "CP850" },
252++ { "UTF-8", "CP866" },
253++ { "KOI8-R", "CP866" },
254++ { "KOI8-U", "CP866" },
255++ { "ISO-8859-5", "CP866" }
256++};
257++
258++char OEM_CP[MAX_CP_NAME] = "";
259++char ISO_CP[MAX_CP_NAME] = "";
260++
261++/* Try to guess the default value of OEM_CP based on the current locale.
262++ * ISO_CP is left alone for now. */
263++void init_conversion_charsets()
264++{
265++ const char *local_charset;
266++ int i;
267++
268++ /* Make a guess only if OEM_CP not already set. */
269++ if(*OEM_CP == '\0') {
270++ local_charset = nl_langinfo(CODESET);
271++ for(i = 0; i < sizeof(dos_charset_map)/sizeof(CHARSET_MAP); i++)
272++ if(!strcasecmp(local_charset, dos_charset_map[i].local_charset)) {
273++ strncpy(OEM_CP, dos_charset_map[i].archive_charset,
274++ sizeof(OEM_CP));
275++ break;
276++ }
277++ }
278++}
279++
280++/* Convert a string from one encoding to the current locale using iconv().
281++ * Be as non-intrusive as possible. If error is encountered during covertion
282++ * just leave the string intact. */
283++static void charset_to_intern(char *string, char *from_charset)
284++{
285++ iconv_t cd;
286++ char *s,*d, *buf;
287++ size_t slen, dlen, buflen;
288++ const char *local_charset;
289++
290++ if(*from_charset == '\0')
291++ return;
292++
293++ buf = NULL;
294++ local_charset = nl_langinfo(CODESET);
295++
296++ if((cd = iconv_open(local_charset, from_charset)) == (iconv_t)-1)
297++ return;
298++
299++ slen = strlen(string);
300++ s = string;
301++
302++ /* Make sure OUTBUFSIZ + 1 never ends up smaller than FILNAMSIZ
303++ * as this function also gets called with G.outbuf in fileio.c
304++ */
305++ buflen = FILNAMSIZ;
306++ if (OUTBUFSIZ + 1 < FILNAMSIZ)
307++ {
308++ buflen = OUTBUFSIZ + 1;
309++ }
310++
311++ d = buf = malloc(buflen);
312++ if(!d)
313++ goto cleanup;
314++
315++ bzero(buf,buflen);
316++ dlen = buflen - 1;
317++
318++ if(iconv(cd, &s, &slen, &d, &dlen) == (size_t)-1)
319++ goto cleanup;
320++ strncpy(string, buf, buflen);
321++
322++ cleanup:
323++ free(buf);
324++ iconv_close(cd);
325++}
326++
327++/* Convert a string from OEM_CP to the current locale charset. */
328++inline void oem_intern(char *string)
329++{
330++ charset_to_intern(string, OEM_CP);
331++}
332++
333++/* Convert a string from ISO_CP to the current locale charset. */
334++inline void iso_intern(char *string)
335++{
336++ charset_to_intern(string, ISO_CP);
337++}
338+Index: unzip-6.0/unix/unxcfg.h
339+===================================================================
340+--- unzip-6.0.orig/unix/unxcfg.h 2015-02-11 08:46:43.675324290 -0500
341++++ unzip-6.0/unix/unxcfg.h 2015-02-11 08:46:43.671324260 -0500
342+@@ -228,4 +228,30 @@
343+ /* wild_dir, dirname, wildname, matchname[], dirnamelen, have_dirname, */
344+ /* and notfirstcall are used by do_wild(). */
345+
346++
347++#define MAX_CP_NAME 25
348++
349++#ifdef SETLOCALE
350++# undef SETLOCALE
351++#endif
352++#define SETLOCALE(category, locale) setlocale(category, locale)
353++#include <locale.h>
354++
355++#ifdef _ISO_INTERN
356++# undef _ISO_INTERN
357++#endif
358++#define _ISO_INTERN(str1) iso_intern(str1)
359++
360++#ifdef _OEM_INTERN
361++# undef _OEM_INTERN
362++#endif
363++#ifndef IZ_OEM2ISO_ARRAY
364++# define IZ_OEM2ISO_ARRAY
365++#endif
366++#define _OEM_INTERN(str1) oem_intern(str1)
367++
368++void iso_intern(char *);
369++void oem_intern(char *);
370++void init_conversion_charsets(void);
371++
372+ #endif /* !__unxcfg_h */
373+Index: unzip-6.0/unzip.c
374+===================================================================
375+--- unzip-6.0.orig/unzip.c 2015-02-11 08:46:43.675324290 -0500
376++++ unzip-6.0/unzip.c 2015-02-11 08:46:43.675324290 -0500
377+@@ -327,11 +327,21 @@
378+ -2 just filenames but allow -h/-t/-z -l long Unix \"ls -l\" format\n\
379+ -v verbose, multi-page format\n";
380+
381++#ifndef UNIX
382+ static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
383+ -h print header line -t print totals for listed files or for all\n\
384+ -z print zipfile comment -T print file times in sortable decimal format\
385+ \n -C be case-insensitive %s\
386+ -x exclude filenames that follow from listing\n";
387++#else /* UNIX */
388++static ZCONST char Far ZipInfoUsageLine3[] = "miscellaneous options:\n\
389++ -h print header line -t print totals for listed files or for all\n\
390++ -z print zipfile comment %c-T%c print file times in sortable decimal format\
391++\n %c-C%c be case-insensitive %s\
392++ -x exclude filenames that follow from listing\n\
393++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
394++ -I CHARSET specify a character encoding for UNIX and other archives\n";
395++#endif /* !UNIX */
396+ #ifdef MORE
397+ static ZCONST char Far ZipInfoUsageLine4[] =
398+ " -M page output through built-in \"more\"\n";
399+@@ -664,6 +674,17 @@
400+ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
401+ -C match filenames case-insensitively -L make (some) names \
402+ lowercase\n %-42s -V retain VMS version numbers\n%s";
403++#elif (defined UNIX)
404++static ZCONST char Far UnzipUsageLine4[] = "\
405++modifiers:\n\
406++ -n never overwrite existing files -q quiet mode (-qq => quieter)\n\
407++ -o overwrite files WITHOUT prompting -a auto-convert any text files\n\
408++ -j junk paths (do not make directories) -aa treat ALL files as text\n\
409++ -U use escapes for all non-ASCII Unicode -UU ignore any Unicode fields\n\
410++ -C match filenames case-insensitively -L make (some) names \
411++lowercase\n %-42s -V retain VMS version numbers\n%s\
412++ -O CHARSET specify a character encoding for DOS, Windows and OS/2 archives\n\
413++ -I CHARSET specify a character encoding for UNIX and other archives\n\n";
414+ #else /* !VMS */
415+ static ZCONST char Far UnzipUsageLine4[] = "\
416+ modifiers:\n\
417+@@ -802,6 +823,10 @@
418+ #endif /* UNICODE_SUPPORT */
419+
420+
421++#ifdef UNIX
422++ init_conversion_charsets();
423++#endif
424++
425+ #if (defined(__IBMC__) && defined(__DEBUG_ALLOC__))
426+ extern void DebugMalloc(void);
427+
428+@@ -1335,6 +1360,11 @@
429+ argc = *pargc;
430+ argv = *pargv;
431+
432++#ifdef UNIX
433++ extern char OEM_CP[MAX_CP_NAME];
434++ extern char ISO_CP[MAX_CP_NAME];
435++#endif
436++
437+ while (++argv, (--argc > 0 && *argv != NULL && **argv == '-')) {
438+ s = *argv + 1;
439+ while ((c = *s++) != 0) { /* "!= 0": prevent Turbo C warning */
440+@@ -1516,6 +1546,35 @@
441+ }
442+ break;
443+ #endif /* MACOS */
444++#ifdef UNIX
445++ case ('I'):
446++ if (negative) {
447++ Info(slide, 0x401, ((char *)slide,
448++ "error: encodings can't be negated"));
449++ return(PK_PARAM);
450++ } else {
451++ if(*s) { /* Handle the -Icharset case */
452++ /* Assume that charsets can't start with a dash to spot arguments misuse */
453++ if(*s == '-') {
454++ Info(slide, 0x401, ((char *)slide,
455++ "error: a valid character encoding should follow the -I argument"));
456++ return(PK_PARAM);
457++ }
458++ strncpy(ISO_CP, s, sizeof(ISO_CP));
459++ } else { /* -I charset */
460++ ++argv;
461++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
462++ Info(slide, 0x401, ((char *)slide,
463++ "error: a valid character encoding should follow the -I argument"));
464++ return(PK_PARAM);
465++ }
466++ s = *argv;
467++ strncpy(ISO_CP, s, sizeof(ISO_CP));
468++ }
469++ while(*(++s)); /* No params straight after charset name */
470++ }
471++ break;
472++#endif /* ?UNIX */
473+ case ('j'): /* junk pathnames/directory structure */
474+ if (negative)
475+ uO.jflag = FALSE, negative = 0;
476+@@ -1591,6 +1650,35 @@
477+ } else
478+ ++uO.overwrite_all;
479+ break;
480++#ifdef UNIX
481++ case ('O'):
482++ if (negative) {
483++ Info(slide, 0x401, ((char *)slide,
484++ "error: encodings can't be negated"));
485++ return(PK_PARAM);
486++ } else {
487++ if(*s) { /* Handle the -Ocharset case */
488++ /* Assume that charsets can't start with a dash to spot arguments misuse */
489++ if(*s == '-') {
490++ Info(slide, 0x401, ((char *)slide,
491++ "error: a valid character encoding should follow the -I argument"));
492++ return(PK_PARAM);
493++ }
494++ strncpy(OEM_CP, s, sizeof(OEM_CP));
495++ } else { /* -O charset */
496++ ++argv;
497++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
498++ Info(slide, 0x401, ((char *)slide,
499++ "error: a valid character encoding should follow the -O argument"));
500++ return(PK_PARAM);
501++ }
502++ s = *argv;
503++ strncpy(OEM_CP, s, sizeof(OEM_CP));
504++ }
505++ while(*(++s)); /* No params straight after charset name */
506++ }
507++ break;
508++#endif /* ?UNIX */
509+ case ('p'): /* pipes: extract to stdout, no messages */
510+ if (negative) {
511+ uO.cflag = FALSE;
512+Index: unzip-6.0/unzpriv.h
513+===================================================================
514+--- unzip-6.0.orig/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
515++++ unzip-6.0/unzpriv.h 2015-02-11 08:46:43.675324290 -0500
516+@@ -3008,7 +3008,7 @@
517+ !(((islochdr) || (isuxatt)) && \
518+ ((hostver) == 25 || (hostver) == 26 || (hostver) == 40))) || \
519+ (hostnum) == FS_HPFS_ || \
520+- ((hostnum) == FS_NTFS_ && (hostver) == 50)) { \
521++ ((hostnum) == FS_NTFS_ /* && (hostver) == 50 */ )) { \
522+ _OEM_INTERN((string)); \
523+ } else { \
524+ _ISO_INTERN((string)); \
525+Index: unzip-6.0/zipinfo.c
526+===================================================================
527+--- unzip-6.0.orig/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
528++++ unzip-6.0/zipinfo.c 2015-02-11 08:46:43.675324290 -0500
529+@@ -457,6 +457,10 @@
530+ int tflag_slm=TRUE, tflag_2v=FALSE;
531+ int explicit_h=FALSE, explicit_t=FALSE;
532+
533++#ifdef UNIX
534++ extern char OEM_CP[MAX_CP_NAME];
535++ extern char ISO_CP[MAX_CP_NAME];
536++#endif
537+
538+ #ifdef MACOS
539+ uO.lflag = LFLAG; /* reset default on each call */
540+@@ -501,6 +505,35 @@
541+ uO.lflag = 0;
542+ }
543+ break;
544++#ifdef UNIX
545++ case ('I'):
546++ if (negative) {
547++ Info(slide, 0x401, ((char *)slide,
548++ "error: encodings can't be negated"));
549++ return(PK_PARAM);
550++ } else {
551++ if(*s) { /* Handle the -Icharset case */
552++ /* Assume that charsets can't start with a dash to spot arguments misuse */
553++ if(*s == '-') {
554++ Info(slide, 0x401, ((char *)slide,
555++ "error: a valid character encoding should follow the -I argument"));
556++ return(PK_PARAM);
557++ }
558++ strncpy(ISO_CP, s, sizeof(ISO_CP));
559++ } else { /* -I charset */
560++ ++argv;
561++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
562++ Info(slide, 0x401, ((char *)slide,
563++ "error: a valid character encoding should follow the -I argument"));
564++ return(PK_PARAM);
565++ }
566++ s = *argv;
567++ strncpy(ISO_CP, s, sizeof(ISO_CP));
568++ }
569++ while(*(++s)); /* No params straight after charset name */
570++ }
571++ break;
572++#endif /* ?UNIX */
573+ case 'l': /* longer form of "ls -l" type listing */
574+ if (negative)
575+ uO.lflag = -2, negative = 0;
576+@@ -521,6 +554,35 @@
577+ G.M_flag = TRUE;
578+ break;
579+ #endif
580++#ifdef UNIX
581++ case ('O'):
582++ if (negative) {
583++ Info(slide, 0x401, ((char *)slide,
584++ "error: encodings can't be negated"));
585++ return(PK_PARAM);
586++ } else {
587++ if(*s) { /* Handle the -Ocharset case */
588++ /* Assume that charsets can't start with a dash to spot arguments misuse */
589++ if(*s == '-') {
590++ Info(slide, 0x401, ((char *)slide,
591++ "error: a valid character encoding should follow the -I argument"));
592++ return(PK_PARAM);
593++ }
594++ strncpy(OEM_CP, s, sizeof(OEM_CP));
595++ } else { /* -O charset */
596++ ++argv;
597++ if(!(--argc > 0 && *argv != NULL && **argv != '-')) {
598++ Info(slide, 0x401, ((char *)slide,
599++ "error: a valid character encoding should follow the -O argument"));
600++ return(PK_PARAM);
601++ }
602++ s = *argv;
603++ strncpy(OEM_CP, s, sizeof(OEM_CP));
604++ }
605++ while(*(++s)); /* No params straight after charset name */
606++ }
607++ break;
608++#endif /* ?UNIX */
609+ case 's': /* default: shorter "ls -l" type listing */
610+ if (negative)
611+ uO.lflag = -2, negative = 0;
612diff --git a/debian/patches/series b/debian/patches/series
613index 9683abb..f437c5d 100644
614--- a/debian/patches/series
615+++ b/debian/patches/series
616@@ -17,6 +17,7 @@
617 17-restore-unix-timestamps-accurately.patch
618 18-cve-2014-9913-unzip-buffer-overflow.patch
619 19-cve-2016-9844-zipinfo-buffer-overflow.patch
620+20-unzip60-alt-iconv-utf8.patch
621 20-cve-2018-1000035-unzip-buffer-overflow.patch
622 21-fix-warning-messages-on-big-files.patch
623 22-cve-2019-13232-fix-bug-in-undefer-input.patch

Subscribers

People subscribed via source and target branches