From b0c208034f34b9f068ee84946ec146cbe0b781fa Mon Sep 17 00:00:00 2001
From: wenyuzifangtest001 <wenyuzifangtest001@user.noreply.gitee.com>
Date: Mon, 15 Sep 2025 12:10:51 +0800
Subject: [PATCH] Update code from upstream

---
 buffer_overflow.patch          |  12 ++++++++++++
 sast.patch                     |  11 +++++++++++
 zip-3.0-format-security.patch  |  20 ++++++++++++++++++++
 zip-gnu89-build.patch          |  15 +++++++++++++++
 zip.spec                       |  15 ++++++++++++---
 zip-3.0.tar.gz => zip30.tar.gz | Bin
 zipnote.patch                  |  13 +++++++++++++
 7 files changed, 83 insertions(+), 3 deletions(-)
 create mode 100644 buffer_overflow.patch
 create mode 100644 sast.patch
 create mode 100644 zip-3.0-format-security.patch
 create mode 100644 zip-gnu89-build.patch
 rename zip-3.0.tar.gz => zip30.tar.gz (100%)
 create mode 100644 zipnote.patch

diff --git a/buffer_overflow.patch b/buffer_overflow.patch
new file mode 100644
index 0000000..2ee3fff
--- /dev/null
+++ b/buffer_overflow.patch
@@ -0,0 +1,12 @@
+diff -urp zip30/fileio.c zip30/fileio.c
+--- zip30/fileio.c	2008-05-29 03:13:24.000000000 +0300
++++ zip30/fileio.c	2023-05-02 12:19:50.488314853 +0300
+@@ -3502,7 +3502,7 @@ zwchar *local_to_wide_string(local_strin
+   if ((wc_string = (wchar_t *)malloc((wsize + 1) * sizeof(wchar_t))) == NULL) {
+     ZIPERR(ZE_MEM, "local_to_wide_string");
+   }
+-  wsize = mbstowcs(wc_string, local_string, strlen(local_string) + 1);
++  wsize = mbstowcs(wc_string, local_string, wsize + 1);
+   wc_string[wsize] = (wchar_t) 0;
+ 
+   /* in case wchar_t is not zwchar */
diff --git a/sast.patch b/sast.patch
new file mode 100644
index 0000000..1afd7b7
--- /dev/null
+++ b/sast.patch
@@ -0,0 +1,11 @@
+--- ./util.c.old	2025-01-28 14:32:33.064491685 +0100
++++ ./util.c	2025-01-28 14:34:51.331444527 +0100
+@@ -862,7 +862,7 @@
+ 
+             /* remove escape characters */
+             while ((argstart = MBSCHR(argstart, '\\')) != NULL) {
+-                strcpy(argstart, argstart + 1);
++                memmove(argstart, argstart +1, strlen(argstart)+1);
+                 if (*argstart)
+                     ++argstart;
+             }
diff --git a/zip-3.0-format-security.patch b/zip-3.0-format-security.patch
new file mode 100644
index 0000000..54ce2e6
--- /dev/null
+++ b/zip-3.0-format-security.patch
@@ -0,0 +1,20 @@
+--- a/zip.c	
++++ a/zip.c	
+@@ -1028,7 +1028,7 @@ local void help_extended()
+ 
+   for (i = 0; i < sizeof(text)/sizeof(char *); i++)
+   {
+-    printf(text[i]);
++    printf("%s", text[i]);
+     putchar('\n');
+   }
+ #ifdef DOS
+@@ -1225,7 +1225,7 @@ local void version_info()
+             CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE);
+   for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++)
+   {
+-    printf(cryptnote[i]);
++    printf("%s", cryptnote[i]);
+     putchar('\n');
+   }
+   ++i;  /* crypt support means there IS at least one compilation option */
diff --git a/zip-gnu89-build.patch b/zip-gnu89-build.patch
new file mode 100644
index 0000000..65ee7a7
--- /dev/null
+++ b/zip-gnu89-build.patch
@@ -0,0 +1,15 @@
+zip uses C89-only features, so it needs to be built in C89 mode.
+
+diff --git a/unix/Makefile b/unix/Makefile
+index 86cf54bf0f56cea9..244390893eab5fc6 100644
+--- a/unix/Makefile
++++ b/unix/Makefile
+@@ -202,7 +202,7 @@ generic: flags
+ 	eval $(MAKE) $(MAKEF) zips `cat flags`
+ 
+ generic_gcc:
+-	$(MAKE) $(MAKEF) generic CC=gcc CPP="gcc -E"
++	$(MAKE) $(MAKEF) generic CC="gcc -std=gnu89" CPP="gcc -E"
+ 
+ # AT&T 6300 PLUS (don't know yet how to allocate 64K bytes):
+ att6300nodir:
diff --git a/zip.spec b/zip.spec
index 1f4a056..7eedf7d 100644
--- a/zip.spec
+++ b/zip.spec
@@ -1,13 +1,18 @@
-%define   anolis_release 24
+%define anolis_release		25
 Name:     zip
-Version:  3.0
+Version:	3.0
 Release:  %{anolis_release}%{?dist}
 License:  BSD
 URL:      http://www.info-zip.org/Zip.html
-Source:   http://downloads.sourceforge.net/infozip/%{name}30.tar.gz#/%{name}-%{version}.tar.gz
+Source0:	http://downloads.sourceforge.net/infozip/zip30.tar.gz
 Summary:  A file compression and packaging utility compatible with PKZIP
 
 Patch1:   0001-zip-3.0-format-security.patch
+Patch2:	buffer_overflow.patch
+Patch3:	sast.patch
+Patch4:	zip-gnu89-build.patch
+Patch5:	zip-3.0-format-security.patch
+Patch6:	zipnote.patch
 
 BuildRequires:  make
 BuildRequires:  bzip2-devel, gcc
@@ -67,6 +72,10 @@ mkdir -p $RPM_BULD_ROOT%{_mandir}/man1
 %doc README CHANGES TODO WHATSNEW WHERE README.CR
 
 %changelog
+* Mon Sep 15 2025 wenyuzifangtest001 <wenyuzifangtest001@user.noreply.gitee.com> - 3.0-25
+- Apply patch to ensure compatibility with C89 standards and prevent build errors
+- Fix unsafe printf usage to prevent vulnerabilities and improve code safety
+- Fix incorrect file handle closure to prevent resource leaks and undefined behavior
 * Thu Dec 22 2022 Funda Wang <fundawang@yeah.net> - 3.0-24
 - Bump release for upgrading from anolis 8
 
diff --git a/zip-3.0.tar.gz b/zip30.tar.gz
similarity index 100%
rename from zip-3.0.tar.gz
rename to zip30.tar.gz
diff --git a/zipnote.patch b/zipnote.patch
new file mode 100644
index 0000000..4177a7d
--- /dev/null
+++ b/zipnote.patch
@@ -0,0 +1,13 @@
+diff --git a/zipnote.c b/zipnote.c
+index 5e02cb6..996f012 100644
+--- a/zipnote.c
++++ b/zipnote.c
+@@ -661,7 +661,7 @@ char **argv;            /* command line tokens */
+     if ((r = zipcopy(z)) != ZE_OK)
+       ziperr(r, "was copying an entry");
+   }
+-  fclose(x);
++  fclose(in_file);
+ 
+   /* Write central directory and end of central directory with new comments */
+   if ((c = zftello(y)) == (zoff_t)-1)    /* get start of central */
-- 
Gitee