Opened 4 years ago
Closed 4 years ago
#12840 closed enhancement (fixed)
Deficiencies in our unzip60 build
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | 9.1 |
| Component: | BOOK | Version: | SVN |
| Severity: | normal | Keywords: | |
| Cc: |
Description
We know that there hav been locale issues in the past, which none of s can test. Today I hit a test failure in Archive::Zip (new test in the last few months) which seems to be happening because our unzip cannot deal with zip archives which contain a member compressed with bzip2.
Looking at fedora, they apply the usual shed load of patches, including a fix for the bzip2 problem, fixes for locales, and a mass of security and hardening fixes, some of which have CVEs going back to 2014 (and documented in debian), others of which are overflows (buffer, heep). At least some of these come from upstream InfoZip.
AFAICS upstream appears to be defunct (from the sourceforge page, 6.1 was in development, and likely to be the last version - but that page was last updated in 2009).
I'll look through the patches to see which seem unnecessary (so far a typo in a manpage and a change to permit symlinks). A quick and dirty test with only the configure patches shows that unzip and zipinfo will be linked to libbz2.so.
Change History (4)
comment:1 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
follow-up: 3 comment:2 by , 4 years ago
comment:3 by , 4 years ago
Replying to pierre.labastie:
Just a thought: I see we have
export BUILD_BZIP2=0when building perl in LFS. Could it have something to do with this issue? I mean for Archive::Zip, not for unzip itself.
I don't think so - the test is to confirm that unzip can handle a zip archive where a member file has been compressed with bzip2, perl itself is not the problem.
Just a thought: I see we have
when building perl in LFS. Could it have something to do with this issue? I mean for Archive::Zip, not for unzip itself.