--- /dev/null
+--- unzip-5.52.orig/unzpriv.h 2006-02-18 00:17:52.000000000 +0100
++++ unzip-5.52/unzpriv.h 2006-02-18 00:01:42.000000000 +0100
+@@ -2274,17 +2274,18 @@
+ * (char *)(sprintf sprf_arg, (buf))) == EOF)
+ */
+ #ifndef Info /* may already have been defined for redirection */
++# define wsizesnprintf(buf, ...) snprintf (buf, WSIZE-1, __VA_ARGS__)
+ # ifdef FUNZIP
+ # define Info(buf,flag,sprf_arg) \
+- fprintf((flag)&1? stderr : stdout, (char *)(sprintf sprf_arg, (buf)))
++ fputs((char *)(wsizesnprintf sprf_arg, (buf)), (flag)&1? stderr : stdout)
+ # else
+ # ifdef INT_SPRINTF /* optimized version for "int sprintf()" flavour */
+ # define Info(buf,flag,sprf_arg) \
+- (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)sprintf sprf_arg, (flag))
++ (*G.message)((zvoid *)&G, (uch *)(buf), (ulg)wsizesnprintf sprf_arg, (flag))
+ # else /* generic version, does not use sprintf() return value */
+ # define Info(buf,flag,sprf_arg) \
+ (*G.message)((zvoid *)&G, (uch *)(buf), \
+- (ulg)(sprintf sprf_arg, strlen((char *)(buf))), (flag))
++ (ulg)(wsizesnprintf sprf_arg, strlen((char *)(buf))), (flag))
+ # endif
+ # endif
+ #endif /* !Info */
Summary(uk): òÏÚÐÁËÏ×Õ×ÁÞ ÆÁÊÌ¦× .zip
Name: unzip
Version: 5.52
-Release: 2
+Release: 3
License: distributable
Group: Applications/Archiving
Source0: ftp://ftp.info-zip.org/pub/infozip/src/%{name}552.tar.gz
# Source1-md5: d7f8b0b09f6e8d89591b4dc25e335764
Patch0: %{name}-opt.patch
Patch1: %{name}-CAN-2005-2475.patch
+Patch2: %{name}-cve-2005-4667.patch
URL: http://www.info-zip.org/
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
rm -f Makefile
ln -sf unix/Makefile Makefile