5 changed files with 128 additions and 32 deletions
--- a/SOURCES/unzip-6.0-fix-warning-messages-on-big-files.patch
+++ b/SOURCES/unzip-6.0-fix-warning-messages-on-big-files.patch
@ -0,0 +1,15 @@
+From: "Steven M. Schweda" <sms@antinode.info>
+Subject: Fix lame code in fileio.c
+Bug-Debian: https://bugs.debian.org/929502
+X-Debian-version: 6.0-23
+
+--- a/fileio.c
+++ b/fileio.c
+@@ -2477,6 +2477,7 @@
+      */
+     return (((zusz_t)sig[7]) << 56)
+         + (((zusz_t)sig[6]) << 48)
+        + (((zusz_t)sig[5]) << 40)
+         + (((zusz_t)sig[4]) << 32)
+         + (zusz_t)((((ulg)sig[3]) << 24)
+                  + (((ulg)sig[2]) << 16)
--- a/SOURCES/unzip-6.0-wcstombs-fortify.patch
+++ b/SOURCES/unzip-6.0-wcstombs-fortify.patch
@ -0,0 +1,11 @@
+--- unzip60/extract.c	2023-01-25 07:05:58.742254870 -0500
+++ unzip60.new/extract.c	2023-01-25 07:04:48.073435349 -0500
+@@ -2889,7 +2889,7 @@ char *fnfilter(raw, space, size)   /* co
+             strcpy( (char *)space, raw);
+             return (char *)space;
+         }
+-        woslen = wcstombs( newraw, wostring, (woslen * MB_CUR_MAX) + 1);
+        woslen = wcstombs( newraw, wostring, woslen + 1);
+ 
+         if (size > 0) {
+             slim = space + size - 4;
--- a/SOURCES/unzip-gnu89-build.patch
+++ b/SOURCES/unzip-gnu89-build.patch
@ -0,0 +1,15 @@
+unzip uses C89-only features, so it needs to be built in C89 mode.
+
+diff --git a/unix/Makefile b/unix/Makefile
+index ab32270cf4b9b2cf..5eabbe13095e1f58 100644
+--- a/unix/Makefile
+++ b/unix/Makefile
+@@ -545,7 +545,7 @@ generic:	flags	   # now try autoconfigure first
+ #	make $(MAKEF) unzips CF="${CF} `cat flags`"
+ 
+ generic_gcc:
+-	$(MAKE) $(MAKEF) generic CC=gcc IZ_BZIP2="$(IZ_BZIP2)"
+	$(MAKE) $(MAKEF) generic CC="gcc -std=gnu89" IZ_BZIP2="$(IZ_BZIP2)"
+ 
+ # extensions to perform SVR4 package-creation after compilation
+ generic_pkg:	generic svr4package
--- a/SOURCES/unzip-zipbomb-switch.patch
+++ b/SOURCES/unzip-zipbomb-switch.patch
@ -140,14 +140,29 @@ index 878817d..3e58071 100644
         /* skip over data descriptor (harder than it sounds, due to signature
          * ambiguity)
          */
-@@ -2189,6 +2196,7 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
-             shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
+@@ -2189,16 +2196,16 @@ static int extract_or_test_member(__G)    /* return PK-type error code */
+               ((G.lrec.csize & LOW) != SIG ||   /* if not SIG, have signature */
+                (ulen == SIG &&                  /* if not SIG, no signature */
+                 (G.pInfo->zip64 ? G.lrec.csize >> 32 : G.lrec.ucsize) != SIG
+-                                                /* if not SIG, have signature */
+                /* if not SIG, have signature */
+                 )))))
+-                   /* skip four more bytes to account for signature */
+-                   shy += 4 - readbuf((char *)buf, 4);
+          /* skip four more bytes to account for signature */
+          shy += 4 - readbuf((char *)buf, 4);
+         if (G.pInfo->zip64)
+-            shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
+          shy += 8 - readbuf((char *)buf, 8); /* skip eight more for ZIP64 */
         if (shy)
-             error = PK_ERR;
+-            error = PK_ERR;
+          error = PK_ERR;
 +      }
     }
- 
+-
     return error;
+ 
+ } /* end function extract_or_test_member() */
 diff --git a/unzip.c b/unzip.c
 index 8dbfc95..abb3644 100644
 --- a/unzip.c
--- a/SPECS/unzip.spec
+++ b/SPECS/unzip.spec
@ -1,4 +1,3 @@
-
 # Settings for EL <= 7
 %if 0%{?rhel} && 0%{?rhel} <= 7
 %{!?__global_ldflags: %global __global_ldflags -Wl,-z,relro}
@ -7,8 +6,8 @@
 Summary: A utility for unpacking zip files
 Name: unzip
 Version: 6.0
-Release: 56%{?dist}
-License: BSD
+Release: 66%{?dist}
+License: Info-ZIP
 Source: http://downloads.sourceforge.net/infozip/unzip60.tar.gz

 # Not sent to upstream.
@ -72,8 +71,13 @@ Patch30: unzip-zipbomb-part4.patch
 Patch31: unzip-zipbomb-part5.patch
 Patch32: unzip-zipbomb-part6.patch
 Patch33: unzip-zipbomb-switch.patch
+Patch34: unzip-gnu89-build.patch
+Patch35: unzip-6.0-wcstombs-fortify.patch
+
+#https://sources.debian.org/patches/unzip/6.0-28/21-fix-warning-messages-on-big-files.patch/
+Patch36: unzip-6.0-fix-warning-messages-on-big-files.patch

-URL: http://www.info-zip.org/UnZip.html
+URL: http://infozip.sourceforge.net
 BuildRequires: make
 BuildRequires:  bzip2-devel, gcc

@ -124,21 +128,19 @@ a zip archive.
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
+%patch34 -p1
+%patch35 -p1
+%patch36 -p1

 %build
-# Use the C implementation of CRC instead of assembly (only on i386, other architectures use C by default)
-sed -i -e 's:-DASM_CRC::g' unix/configure
-sed -i -e 's:CRC32OA="crc_gcc.o":CRC32OA="":g' unix/configure
-
 # IZ_HAVE_UXUIDGID is needed for right functionality of unzip -X
-# NOMEMCPY solve problem with memory overlapping - decomression is slowly,
+# NOMEMCPY solve problem with memory overlapping - decompression is slowly,
 # but successfull.
 %make_build -f unix/Makefile CF_NOOPT="-I. -DUNIX $RPM_OPT_FLAGS -DNOMEMCPY -DIZ_HAVE_UXUIDGID -DNO_LCHMOD" \
                      LFLAGS2="%{?__global_ldflags}" generic_gcc

 %install
-rm -rf $RPM_BUILD_ROOT
-make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{_mandir}/man1 INSTALL="cp -p" install
+make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT%{_mandir}/man1 INSTALL="cp -p" install

 %files
 %license LICENSE COPYING.OLD
@ -147,28 +149,66 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT/%{
 %{_mandir}/*/*

 %changelog
-* Wed Jan 26 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-56
- Use the C crc implementation instead of the asm (i686 only, other arches already use C)
-Related: rhbz#2045075
+* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 6.0-66
+- Bump release for October 2024 mass rebuild:
+  Resolves: RHEL-64018
+
+* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 6.0-65
+- Rebuilt for MSVSphere 10
+
+* Wed Jul 03 2024 Jakub Martisko <jamartis@redhat.com> - 6.0-65
+- Fix: Unzip Fails on Large Zip Files
+- Use the patch from Debian dealing with this
+Resolves: RHEL-45993
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 6.0-64
+- Bump release for June 2024 mass rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-63
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-62
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Apr 13 2023 Lukáš Zaoral <lzaoral@redhat.com> - 6.0-61
+- migrate to SPDX license format
+
+* Wed Jan 25 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 6.0-60
+- Fix length passed to wcstombs call (#2164068)
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-59
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Wed Nov 09 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-59
+- Rebuild with the -std=gnu89 flag
+Resolves: rhbz#1750694
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-58
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-57
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Thu Dec 16 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-56
+- Update the manpage regarding the 6.0-55

-* Wed Jan 05 2022 Jakub Martisko <jamartis@redhat.com> - 6.0-55
- Rebuild with the gating tests enabled
-Related: rhbz#2036946
+* Mon Dec 13 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-55
+- Allow to opt-out of the zipbomb detection

-* Mon Dec 20 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-54
- Add an environment variable that disables the zipbomb detection
-  Resolves: rhbz#2031730
+* Tue Nov 09 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-54
+- Update the URL

-* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-53
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
-  Related: rhbz#1991688
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-53
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

-* Fri Apr 30 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-52
- Add several patches dealing with false positice zipbomb detection
-Resolves: #1954651
+* Thu Apr 29 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-52
+- Sync the zipbomb false postives fixes with rhel
+- zipbomb-part4 patch introduced in 6.0-51 has been renamed to part6 and part4 and part5 have been ported from rhel
+Resolves: 1953565

-* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 6.0-51
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+* Thu Mar 25 2021 Jakub Martisko <jamartis@redhat.com> - 6.0-51
+- Fix false positive in the zipbomb detection
+Related: 1920632

 * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 6.0-50
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild