Debian Bug report logs - #689212
unzip doesn't restore uid/gid

version graph

Package: unzip; Maintainer for unzip is Santiago Vila <sanvila@debian.org>; Source for unzip is src:unzip.

Reported by: Axel Scheepers <axel.scheepers@xs4all.nl>

Date: Sun, 30 Sep 2012 12:21:01 UTC

Severity: important

Tags: upstream

Found in version unzip/6.0-7

Fixed in version unzip/6.0-8

Done: Santiago Vila <sanvila@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Santiago Vila <sanvila@debian.org>:
Bug#689212; Package unzip. (Sun, 30 Sep 2012 12:21:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Axel Scheepers <axel.scheepers@xs4all.nl>:
New Bug report received and forwarded. Copy sent to Santiago Vila <sanvila@debian.org>. (Sun, 30 Sep 2012 12:21:03 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Axel Scheepers <axel.scheepers@xs4all.nl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: unzip doesn't restore uid/gid
Date: Sun, 30 Sep 2012 14:16:36 +0200
Package: unzip
Version: 6.0-7
Severity: important
Tags: upstream

When unzipping a file with -X unzip doesn't restore uid/gid information
although it is present in the zip file. I asked about this on the infozip
forum and they confirmed it was a bug in the build system. They also 
supplied patches to make it work which I'll include.

You can see the discussion on 
http://www.info-zip.org/phpBB3/viewtopic.php?f=3&t=402

This is the debian/rules patch:
--- unzip-6.0/debian/rules      2012-03-31 23:57:19.000000000 +0200
+++ unzip-6.0.patched/debian/rules      2012-09-30 14:02:51.000000000 +0200
@@ -28,6 +28,7 @@
 
 build:
        $(MAKE) -f unix/Makefile D_USE_BZ2=-DUSE_BZIP2 L_BZ2=-lbz2 \
+        LOCAL_UNZIP=-DIZ_HAVE_UXUIDGID \
                CC="$(CC)" LF2="$(LDFLAGS)" \
                CF="$(CFLAGS) $(CPPFLAGS) -I. $(DEFINES)" unzips
        touch build

and the process.c file patch:
--- unzip610b/process.c 2010-10-31 21:00:00.000000000 +0100
+++ process.c   2012-09-30 12:35:27.000000000 +0200
@@ -2993,9 +2993,9 @@
         */
 
 #ifdef IZ_HAVE_UXUIDGID
-            if (eb_len >= EB_UX3_MINLEN
-                && z_uidgid != NULL
-                && (*((EB_HEADSIZE + 0) + ef_buf) == 1)
+            if ((eb_len >= EB_UX3_MINLEN)
+                && (z_uidgid != NULL)
+                && ((*((EB_HEADSIZE + 0) + ef_buf) == 1)))
                     /* only know about version 1 */
             {
                 uch uid_size;
@@ -3007,10 +3007,10 @@
                 flags &= ~0x0ff;      /* ignore any previous UNIX field */
 
                 if ( read_ux3_value((EB_HEADSIZE + 2) + ef_buf,
-                                    uid_size, z_uidgid[0])
+                                    uid_size, &z_uidgid[0])
                     &&
                      read_ux3_value((EB_HEADSIZE + uid_size + 3) + ef_buf,
-                                    gid_size, z_uidgid[1]) )
+                                    gid_size, &z_uidgid[1]) )
                 {
                     flags |= EB_UX2_VALID;   /* signal success */
                 }

Kind regards,
Axel

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash

Versions of packages unzip depends on:
ii  libbz2-1.0  1.0.6-4
ii  libc6       2.13-35

unzip recommends no packages.

Versions of packages unzip suggests:
ii  zip  3.0-6

-- no debconf information



Reply sent to Santiago Vila <sanvila@debian.org>:
You have taken responsibility. (Wed, 28 Nov 2012 12:03:12 GMT) Full text and rfc822 format available.

Notification sent to Axel Scheepers <axel.scheepers@xs4all.nl>:
Bug acknowledged by developer. (Wed, 28 Nov 2012 12:03:12 GMT) Full text and rfc822 format available.

Message #10 received at 689212-close@bugs.debian.org (full text, mbox):

From: Santiago Vila <sanvila@debian.org>
To: 689212-close@bugs.debian.org
Subject: Bug#689212: fixed in unzip 6.0-8
Date: Wed, 28 Nov 2012 12:02:36 +0000
Source: unzip
Source-Version: 6.0-8

We believe that the bug you reported is fixed in the latest version of
unzip, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 689212@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <sanvila@debian.org> (supplier of updated unzip package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 28 Nov 2012 12:41:34 +0100
Source: unzip
Binary: unzip
Architecture: source amd64
Version: 6.0-8
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila <sanvila@debian.org>
Changed-By: Santiago Vila <sanvila@debian.org>
Description: 
 unzip      - De-archiver for .zip files
Closes: 689212 694601
Changes: 
 unzip (6.0-8) unstable; urgency=low
 .
   * Made unzip -X to actually restore uid/gid information.
     Closes: #689212. Thanks to Axel Scheepers for the report.
   * Disabled memcpy, as it is being used on overlapping buffers,
     leading to data corruption. Closes: #694601.
     Thanks to M Joonas Pihlaja for the report.
Checksums-Sha1: 
 f6a553de2fa4de07f8fed6e72ee2ecebea9a6836 1319 unzip_6.0-8.dsc
 4e3686255f6cc4ba1719fbcc080f991580538042 11051 unzip_6.0-8.debian.tar.gz
 56c219d6bbbac6cc0f9b8db63d4c5ce871b6418a 194310 unzip_6.0-8_amd64.deb
Checksums-Sha256: 
 36a0dcf6939b600e6403776bc4ad3be618093effa24fe2fc1f7f7dc3b7841b40 1319 unzip_6.0-8.dsc
 1e0c8bcf612d81aa3b59e76d532204fb1d0d070e2a1c87f15c1ab4017a8278e8 11051 unzip_6.0-8.debian.tar.gz
 305952404915c7ecc9185b48987373f681fb7604ec1284118ae9d34ff05f7e28 194310 unzip_6.0-8_amd64.deb
Files: 
 ba070a7b75b4cf34b206cb82c9d18b6f 1319 utils optional unzip_6.0-8.dsc
 af71582c81e60328af63ef28c127eb3d 11051 utils optional unzip_6.0-8.debian.tar.gz
 86f654728b3aaf17338af6bd2050d6de 194310 utils optional unzip_6.0-8_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJQtfjYAAoJEEHOfwufG4sy6aIH/1Q12M6iVHjUMZI0ONmNuZm8
Gsmu762TOHsVzr7oc+/Xc7kq4NFMJWjr8QqWmLDPu3F5G47PrALqawzuI6PezTg7
Bw4UigSxhGnEEYef7e/NRMYiQXzIjvE/VmgfQczbpGKWaKiQC6jguPESwUY9HZdP
xgr10HaurmG6U3qV2cSiaZJlZMgZOVVqCcncH9X1YQ80WhfzsLQxtCJd2hkjLGWK
uMBr/2Aqjo4PZD9yPgYaQn3EpHvegItj5MyEhWMu6Xr0w/dKpLQ9FGexeveJ5m1L
qm0wpq2kGX/R0nJMnEe+e/zC7gr5fyUgBgDZzIIXns9hCbKjMWOnM3Y9hmm11RQ=
=aEqQ
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 06 Jan 2013 07:25:54 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 11:43:40 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.