Merge pull request #3449 from citrus-it/unzip

unzip was not building with bzip2 support

build/unzip/build.sh

@@ -31,8 +31,10 @@ HARDLINK_TARGETS="
 "
 SKIP_LICENCES="*"
 
-# Copied from upstream's pkg makefile
-export LOCAL_UNZIP="-DUNICODE_SUPPORT -DNO_WORKING_ISPRINT -DUNICODE_WCHAR"
+CONFIGURE_OPTS="
+    -DWILD_STOP_AT_DIR
+"
+export LOCAL_UNZIP="${CONFIGURE_OPTS[0]//$'\n'/}"
 
 configure_amd64() {
     export i386
@@ -48,6 +50,7 @@ configure_aarch64() {
 }
 
 pre_install() {
+    ldd $PROG | $EGREP -s libbz2 || logerr "unzip was built without bzip2"
     save_variable MAKE_INSTALL_ARGS
     MAKE_INSTALL_ARGS+=" prefix=$DESTDIR$PREFIX"
 }
@@ -58,7 +61,7 @@ post_install() {
 
 
 BASE_MAKE_ARGS="-f unix/Makefile"
-MAKE_ARGS="$BASE_MAKE_ARGS generic IZ_BZIP2=bzip2"
+MAKE_ARGS="$BASE_MAKE_ARGS generic"
 MAKE_INSTALL_ARGS="$BASE_MAKE_ARGS install"
 
 init

build/unzip/patches/CVE-2014-8139-crc-overflow.patch

@@ -1,4 +1,4 @@
-diff -wpruN '--exclude=*.orig' a~/extract.c a/extract.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/extract.c a/extract.c
 --- a~/extract.c	1970-01-01 00:00:00
 +++ a/extract.c	1970-01-01 00:00:00
 @@ -1,5 +1,5 @@

build/unzip/patches/CVE-2014-8140-test-compr-eb.patch

@@ -1,4 +1,4 @@
-diff -wpruN '--exclude=*.orig' a~/extract.c a/extract.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/extract.c a/extract.c
 --- a~/extract.c	1970-01-01 00:00:00
 +++ a/extract.c	1970-01-01 00:00:00
 @@ -2232,10 +2232,17 @@ static int test_compr_eb(__G__ eb, eb_si

build/unzip/patches/CVE-2014-8141-getzip64data.patch

@@ -1,4 +1,4 @@
-diff -wpruN '--exclude=*.orig' a~/fileio.c a/fileio.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/fileio.c a/fileio.c
 --- a~/fileio.c	1970-01-01 00:00:00
 +++ a/fileio.c	1970-01-01 00:00:00
 @@ -176,6 +176,8 @@ static ZCONST char Far FilenameTooLongTr
@@ -24,7 +24,7 @@ diff -wpruN '--exclude=*.orig' a~/fileio.c a/fileio.c
  #ifdef UNICODE_SUPPORT
              G.unipath_filename = NULL;
              if (G.UzO.U_flag < 2) {
-diff -wpruN '--exclude=*.orig' a~/process.c a/process.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/process.c a/process.c
 --- a~/process.c	1970-01-01 00:00:00
 +++ a/process.c	1970-01-01 00:00:00
 @@ -1,5 +1,5 @@

build/unzip/patches/CVE-2014-9636-test-compr-eb.patch

@@ -1,4 +1,4 @@
-diff -wpruN '--exclude=*.orig' a~/extract.c a/extract.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/extract.c a/extract.c
 --- a~/extract.c	1970-01-01 00:00:00
 +++ a/extract.c	1970-01-01 00:00:00
 @@ -2228,6 +2228,7 @@ static int test_compr_eb(__G__ eb, eb_si

build/unzip/patches/CVE-2014-9913-unzip-buffer-overflow.patch

@@ -5,7 +5,7 @@ Bug-Debian: https://bugs.debian.org/847485
 Bug-Ubuntu: https://launchpad.net/bugs/387350
 X-Debian-version: 6.0-21
 
-diff -wpruN '--exclude=*.orig' a~/list.c a/list.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/list.c a/list.c
 --- a~/list.c	1970-01-01 00:00:00
 +++ a/list.c	1970-01-01 00:00:00
 @@ -339,7 +339,18 @@ int list_files(__G)    /* return PK-type

build/unzip/patches/CVE-2015-7696-heap-overflow.patch

@@ -5,7 +5,7 @@ Bug-Debian: https://bugs.debian.org/802162
 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
 Origin: https://bugzilla.redhat.com/attachment.cgi?id=1073002
 
-diff -wpruN '--exclude=*.orig' a~/crypt.c a/crypt.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/crypt.c a/crypt.c
 --- a~/crypt.c	1970-01-01 00:00:00
 +++ a/crypt.c	1970-01-01 00:00:00
 @@ -465,7 +465,17 @@ int decrypt(__G__ passwrd)

build/unzip/patches/CVE-2015-7697-infinite-loop.patch

@@ -5,7 +5,7 @@ Bug-Debian: https://bugs.debian.org/802160
 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
 Origin: other, https://bugzilla.redhat.com/attachment.cgi?id=1073339
 
-diff -wpruN '--exclude=*.orig' a~/extract.c a/extract.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/extract.c a/extract.c
 --- a~/extract.c	1970-01-01 00:00:00
 +++ a/extract.c	1970-01-01 00:00:00
 @@ -2728,6 +2728,12 @@ __GDEF

build/unzip/patches/CVE-2016-9844-zipinfo-buffer-overflow.patch

@@ -4,7 +4,7 @@ Bug-Debian: https://bugs.debian.org/847486
 Bug-Ubuntu: https://launchpad.net/bugs/1643750
 X-Debian-version: 6.0-21
 
-diff -wpruN '--exclude=*.orig' a~/zipinfo.c a/zipinfo.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/zipinfo.c a/zipinfo.c
 --- a~/zipinfo.c	1970-01-01 00:00:00
 +++ a/zipinfo.c	1970-01-01 00:00:00
 @@ -1921,7 +1921,18 @@ static int zi_short(__G)   /* return PK-

build/unzip/patches/CVE-2018-1000035-overflow-password-protect.patch

@@ -1,4 +1,4 @@
-diff -wpruN '--exclude=*.orig' a~/fileio.c a/fileio.c
+diff -wpruN --no-dereference '--exclude=*.orig' a~/fileio.c a/fileio.c
 --- a~/fileio.c	1970-01-01 00:00:00
 +++ a/fileio.c	1970-01-01 00:00:00
 @@ -1,5 +1,5 @@

build/unzip/patches/CVE-2019-13232a.patch

@@ -0,0 +1,23 @@
+From: Mark Adler <[email protected]>
+Subject: Fix bug in undefer_input() that misplaced the input state.
+Origin: https://github.com/madler/unzip/commit/41beb477c5744bc396fa1162ee0c14218ec12213
+Bug-Debian: https://bugs.debian.org/931433
+X-Debian-version: 6.0-24
+
+    Fix bug in undefer_input() that misplaced the input state.
+
+diff -wpruN --no-dereference '--exclude=*.orig' a~/fileio.c a/fileio.c
+--- a~/fileio.c	1970-01-01 00:00:00
++++ a/fileio.c	1970-01-01 00:00:00
+@@ -532,8 +532,10 @@ void undefer_input(__G)
+          * This condition was checked when G.incnt_leftover was set > 0 in
+          * defer_leftover_input(), and it is NOT allowed to touch G.csize
+          * before calling undefer_input() when (G.incnt_leftover > 0)
+-         * (single exception: see read_byte()'s  "G.csize <= 0" handling) !!
++         * (single exception: see readbyte()'s  "G.csize <= 0" handling) !!
+          */
++        if (G.csize < 0L)
++            G.csize = 0L;
+         G.incnt = G.incnt_leftover + (int)G.csize;
+         G.inptr = G.inptr_leftover - (int)G.csize;
+         G.incnt_leftover = 0;