SOURCES/unzip-6.0-wcstombs-fortify.patch

@@ -0,0 +1,11 @@
+--- unzip60/extract.c	2023-01-25 07:05:58.742254870 -0500
++++ unzip60.new/extract.c	2023-01-25 07:04:48.073435349 -0500
+@@ -2889,7 +2889,7 @@ char *fnfilter(raw, space, size)   /* co
+             strcpy( (char *)space, raw);
+             return (char *)space;
+         }
+-        woslen = wcstombs( newraw, wostring, (woslen * MB_CUR_MAX) + 1);
++        woslen = wcstombs( newraw, wostring, woslen + 1);
+ 
+         if (size > 0) {
+             slim = space + size - 4;

SOURCES/unzip-gnu89-build.patch

@@ -0,0 +1,15 @@
+unzip uses C89-only features, so it needs to be built in C89 mode.
+
+diff --git a/unix/Makefile b/unix/Makefile
+index ab32270cf4b9b2cf..5eabbe13095e1f58 100644
+--- a/unix/Makefile
++++ b/unix/Makefile
+@@ -545,7 +545,7 @@ generic:	flags	   # now try autoconfigure first
+ #	make $(MAKEF) unzips CF="${CF} `cat flags`"
+ 
+ generic_gcc:
+-	$(MAKE) $(MAKEF) generic CC=gcc IZ_BZIP2="$(IZ_BZIP2)"
++	$(MAKE) $(MAKEF) generic CC="gcc -std=gnu89" IZ_BZIP2="$(IZ_BZIP2)"
+ 
+ # extensions to perform SVR4 package-creation after compilation
+ generic_pkg:	generic svr4package

SOURCES/unzip-zipbomb-switch.patch

@@ -140,14 +140,29 @@ index 878817d..3e58071 100644
          /* skip over data descriptor (harder than it sounds, due to signature
           * ambiguity)
           */
-@@ -2189,6 +2196,7 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
+@@ -2189,16 +2196,16 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
-             shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
+               ((G.lrec.csize & LOW) != SIG ||   /* if not SIG, have signature */
+                (ulen == SIG &&                  /* if not SIG, no signature */
+                 (G.pInfo->zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
+-                                                /* if not SIG, have signature */
++                /* if not SIG, have signature */
+                 )))))
+-                   /* skip four more bytes to account for signature */
+-                   shy += 4 - readbuf((char *)buf, 4);
++          /* skip four more bytes to account for signature */
++          shy += 4 - readbuf((char *)buf, 4);
+         if (G.pInfo->zip64)
+-            shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
++          shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
          if (shy)
-             error = PK_ERR;
+-            error = PK_ERR;
++          error = PK_ERR;
 +      }
      }
- 
+-
      return error;
+ 
+ } /* end function extract_or_test_member() */
 diff --git a/unzip.c b/unzip.c
 index 8dbfc95..abb3644 100644
 --- a/unzip.c

SPECS/unzip.spec

@@ -1,4 +1,3 @@
-
 # Settings for EL <= 7
 %if 0%{?rhel} && 0%{?rhel} <= 7
 %{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
@@ -7,8 +6,8 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 56%{?dist}
+Release: 64%{?dist}
-License: BSD
+License: Info-ZIP
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz
 
 # Not sent to upstream.
@@ -72,8 +71,10 @@ Patch30: unzip-zipbomb-part4.patch
 Patch31: unzip-zipbomb-part5.patch
 Patch32: unzip-zipbomb-part6.patch
 Patch33: unzip-zipbomb-switch.patch
+Patch34: unzip-gnu89-build.patch
+Patch35: unzip-6.0-wcstombs-fortify.patch
 
-URL: http://www.info-zip.org/UnZip.html
+URL: http://infozip.sourceforge.net
 BuildRequires: make
 BuildRequires:  bzip2-devel, gcc
 
@@ -124,21 +125,18 @@ a zip archive.
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
+%patch34 -p1
+%patch35 -p1
 
 %build
-# Use the C implementation of CRC instead of assembly (only on i386, other architectures use C by default)
-sed -i -e 's:-DASM_CRC::g' unix/configure
-sed -i -e 's:CRC32OA="crc_gcc.o":CRC32OA="":g' unix/configure
-
 # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
-# NOMEMCPY solve problem with memory overlapping - decomression is slowly,
+# NOMEMCPY solve problem with memory overlapping - decompression is slowly,
 # but successfull.
 %make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
                       LFLAGS2="%{?__global_ldflags}" generic_gcc
 
 %install
-rm -rf $RPM_BUILD_ROOT
+make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 INSTALL="cp -p" install
-make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install
 
 %files
 %license LICENSE COPYING.OLD
@@ -147,28 +145,54 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*
 
 %changelog
-* Wed Jan 26 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-56
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 6.0-64
-- Use the C crc implementation instead of the asm (i686 only, other arches already use C)
+- Bump release for June 2024 mass rebuild
-Related: rhbz#2045075
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-63
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-62
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 6.0-61
+- migrate to SPDX license format
+
+* Wed Jan 25 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 6.0-60
+- Fix length passed to wcstombs call (#2164068)
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-59
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Nov 09 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-59
+- Rebuild with the -std=gnu89 flag
+Resolves: rhbz#1750694
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-58
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-57
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Dec 16 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-56
+- Update the manpage regarding the 6.0-55
 
-* Wed Jan 05 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-55
+* Mon Dec 13 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-55
-- Rebuild with the gating tests enabled
+- Allow to opt-out of the zipbomb detection
-Related: rhbz#2036946
 
-* Mon Dec 20 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-54
+* Tue Nov 09 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-54
-- Add an environment variable that disables the zipbomb detection
+- Update the URL
-  Resolves: rhbz#2031730
 
-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-53
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-53
-- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-  Related: rhbz#1991688
 
-* Fri Apr 30 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-52
+* Thu Apr 29 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-52
-- Add several patches dealing with false positice zipbomb detection
+- Sync the zipbomb false postives fixes with rhel
-Resolves: #1954651
+- zipbomb-part4 patch introduced in 6.0-51 has been renamed to part6 and part4 and part5 have been ported from rhel
+Resolves: 1953565
 
-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-51
+* Thu Mar 25 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-51
-- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+- Fix false positive in the zipbomb detection
+Related: 1920632
 
 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-50
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild