ASR_BASE
Change-Id: Icf3719cc0afe3eeb3edc7fa80a2eb5199ca9dda1
diff --git a/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch
new file mode 100644
index 0000000..ef0de6f
--- /dev/null
+++ b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch
@@ -0,0 +1,89 @@
+From fc392c939b9a18959482f588aff0afc29dd6d30a Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour at openwide.fr>
+Date: Fri, 23 Jan 2015 22:20:18 +0100
+Subject: [PATCH 6/6] unix/configure: borrow the LFS test from autotools.
+
+Infozip's LFS check can't work for cross-compilation
+since it try to run a target's binary on the host system.
+
+Instead, use to LFS test used by autotools which is a
+compilation test.
+(see autotools/lib/autoconf/specific.m4)
+
+Reported-by: Richard Genoud <richard.genoud at gmail.com>
+Signed-off-by: Romain Naour <romain.naour at openwide.fr>
+---
+ configure | 46 +++++++++++++++-------------------------------
+ 1 file changed, 15 insertions(+), 31 deletions(-)
+
+--- a/unix/configure
++++ b/unix/configure
+@@ -399,9 +399,8 @@ else
+ fi
+
+
+-# Now we set the 64-bit file environment and check the size of off_t
+-# Added 11/4/2003 EG
+-# Revised 8/12/2004 EG
++# LFS check borrowed from autotools sources
++# lib/autoconf/specific.m4
+
+ echo Check for Large File Support
+ cat > conftest.c << _EOF_
+@@ -410,23 +409,19 @@ cat > conftest.c << _EOF_
+ # define _FILE_OFFSET_BITS 64 /* select default interface as 64 bit */
+ # define _LARGE_FILES /* some OSes need this for 64-bit off_t */
+ #include <sys/types.h>
+-#include <sys/stat.h>
+-#include <unistd.h>
+-#include <stdio.h>
++
++ /* Check that off_t can represent 2**63 - 1 correctly.
++ We can't simply define LARGE_OFF_T to be 9223372036854775807,
++ since some C++ compilers masquerading as C compilers
++ incorrectly reject 9223372036854775807. */
++#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
++ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
++ && LARGE_OFF_T % 2147483647 == 1)
++ ? 1 : -1];
++
+ int main()
+ {
+- off_t offset;
+- struct stat s;
+- /* see if have 64-bit off_t */
+- if (sizeof(offset) < 8)
+- return 1;
+- printf(" off_t is %d bytes\n", sizeof(off_t));
+- /* see if have 64-bit stat */
+- if (sizeof(s.st_size) < 8) {
+- printf(" s.st_size is %d bytes\n", sizeof(s.st_size));
+- return 2;
+- }
+- return 3;
++ return 0;
+ }
+ _EOF_
+ # compile it
+@@ -434,19 +429,8 @@ $CC -o conftest conftest.c >/dev/null 2>
+ if [ $? -ne 0 ]; then
+ echo -- no Large File Support
+ else
+-# run it
+- ./conftest
+- r=$?
+- if [ $r -eq 1 ]; then
+- echo -- no Large File Support - no 64-bit off_t
+- elif [ $r -eq 2 ]; then
+- echo -- no Large File Support - no 64-bit stat
+- elif [ $r -eq 3 ]; then
+- echo -- yes we have Large File Support!
+- CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT"
+- else
+- echo -- no Large File Support - conftest returned $r
+- fi
++ echo -- yes we have Large File Support!
++ CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT"
+ fi
+
+
diff --git a/tools/zip/patches/004-do-not-set-unwanted-cflags.patch b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch
new file mode 100644
index 0000000..bfd2260
--- /dev/null
+++ b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch
@@ -0,0 +1,15 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Do not set unwanted CFLAGS, as it breaks DEB_BUILD_OPTIONS
+X-Debian-version: 2.32-1
+
+--- a/unix/configure
++++ b/unix/configure
+@@ -98,7 +98,7 @@ int main()
+ _EOF_
+ $CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null
+ if test $? -eq 0; then
+- CFLAGS_OPT='-O3'
++ # CFLAGS_OPT='-O3'
+ echo " GNU C ($CFLAGS_OPT)"
+ # Special Mac OS X shared library "ld" option?
+ if test ` uname -s 2> /dev/null ` = 'Darwin'; then
diff --git a/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch
new file mode 100644
index 0000000..8b479fa
--- /dev/null
+++ b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch
@@ -0,0 +1,21 @@
+From: Kees Cook <kees@debian.org>
+Subject: put stack markings in i386 assembly to avoid executable stack
+Bug-Debian: http://bugs.debian.org/528280
+X-Debian-version: 3.0-2
+
+--- a/crc_i386.S
++++ b/crc_i386.S
+@@ -302,3 +302,5 @@ _crc32: /* ulg c
+ #endif /* i386 || _i386 || _I386 || __i386 */
+
+ #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */
++.section .note.GNU-stack, "", @progbits
++.previous
+--- a/match.S
++++ b/match.S
+@@ -405,3 +405,5 @@ L__return:
+ #endif /* i386 || _I386 || _i386 || __i386 */
+
+ #endif /* !USE_ZLIB */
++.section .note.GNU-stack, "", @progbits
++.previous
diff --git a/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch
new file mode 100644
index 0000000..402f90a
--- /dev/null
+++ b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch
@@ -0,0 +1,16 @@
+From: Christian Spieler
+Subject: zipnote.c: Close in_file instead of undefined file x
+Bug-Debian: http://bugs.debian.org/628594
+X-Debian-version: 3.0-4
+
+--- a/zipnote.c
++++ b/zipnote.c
+@@ -661,7 +661,7 @@ char **argv; /* command line
+ if ((r = zipcopy(z)) != ZE_OK)
+ ziperr(r, "was copying an entry");
+ }
+- fclose(x);
++ fclose(in_file);
+
+ /* Write central directory and end of central directory with new comments */
+ if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */
diff --git a/tools/zip/patches/008-hardening-build-fix-1.patch b/tools/zip/patches/008-hardening-build-fix-1.patch
new file mode 100644
index 0000000..a0c3a91
--- /dev/null
+++ b/tools/zip/patches/008-hardening-build-fix-1.patch
@@ -0,0 +1,25 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Use format specifier %s to print strings, not the string itself
+Bug-Debian: http://bugs.debian.org/673476
+X-Debian-version: 3.0-5
+
+--- a/zip.c
++++ b/zip.c
+@@ -1028,7 +1028,7 @@ local void help_extended()
+
+ for (i = 0; i < sizeof(text)/sizeof(char *); i++)
+ {
+- printf(text[i]);
++ printf("%s", text[i]);
+ putchar('\n');
+ }
+ #ifdef DOS
+@@ -1225,7 +1225,7 @@ local void version_info()
+ CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE);
+ for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++)
+ {
+- printf(cryptnote[i]);
++ printf("%s", cryptnote[i]);
+ putchar('\n');
+ }
+ ++i; /* crypt support means there IS at least one compilation option */
diff --git a/tools/zip/patches/009-hardening-build-fix-2.patch b/tools/zip/patches/009-hardening-build-fix-2.patch
new file mode 100644
index 0000000..e295ffb
--- /dev/null
+++ b/tools/zip/patches/009-hardening-build-fix-2.patch
@@ -0,0 +1,16 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: unix/configure: Take linking flags from the environment
+Bug-Debian: http://bugs.debian.org/673476
+X-Debian-version: 3.0-5
+
+--- a/unix/configure
++++ b/unix/configure
+@@ -18,7 +18,7 @@ trap "rm -f conftest* core a.out; exit 1
+
+ CC=${1-cc}
+ CFLAGS=${2-"-I. -DUNIX"}
+-LFLAGS1=''
++LFLAGS1=${LDFLAGS}
+ LFLAGS2=''
+ LN="ln -s"
+
diff --git a/tools/zip/patches/010-remove-build-date.patch b/tools/zip/patches/010-remove-build-date.patch
new file mode 100644
index 0000000..5fc3852
--- /dev/null
+++ b/tools/zip/patches/010-remove-build-date.patch
@@ -0,0 +1,15 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Remove (optional) build date to make the build reproducible
+Bug-Debian: http://bugs.debian.org/779042
+
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -1020,7 +1020,7 @@ void version_local()
+
+
+ /* Define the compile date string */
+-#ifdef __DATE__
++#if 0
+ # define COMPILE_DATE " on " __DATE__
+ #else
+ # define COMPILE_DATE ""
diff --git a/tools/zip/patches/011-reproducible-mtime.patch b/tools/zip/patches/011-reproducible-mtime.patch
new file mode 100644
index 0000000..6ce8445
--- /dev/null
+++ b/tools/zip/patches/011-reproducible-mtime.patch
@@ -0,0 +1,41 @@
+From 501ae4e93fd6fa2f7d20d00d1b011f9006802eae Mon Sep 17 00:00:00 2001
+From: "Bernhard M. Wiedemann" <bwiedemann@suse.de>
+Date: Fri, 3 May 2019 16:32:24 +0200
+Subject: [PATCH] Override mtime with zip -X
+
+with SOURCE_DATE_EPOCH
+to allow for reproducible builds of .zip files
+
+See https://reproducible-builds.org/ for why this is good
+and https://reproducible-builds.org/specs/source-date-epoch/
+for the definition of this variable.
+
+Uses clamping to keep older mtimes than SOURCE_DATE_EPOCH intact.
+---
+ zipup.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+--- a/zipup.c
++++ b/zipup.c
+@@ -414,6 +414,7 @@ struct zlist far *z; /* zip entry to
+ ush tempcext = 0;
+ char *tempextra = NULL;
+ char *tempcextra = NULL;
++ const char *source_date_epoch;
+
+
+ #ifdef WINDLL
+@@ -674,6 +675,13 @@ struct zlist far *z; /* zip entry to
+
+ } /* strcmp(z->name, "-") == 0 */
+
++ if (extra_fields == 0 && (source_date_epoch = getenv("SOURCE_DATE_EPOCH")) != NULL) {
++ time_t epoch = strtoull(source_date_epoch, NULL, 10);
++ if (epoch > 0) {
++ ulg epochtim = unix2dostime(&epoch);
++ if (z->tim > epochtim) z->tim = epochtim;
++ }
++ }
+ if (extra_fields == 2) {
+ unsigned len;
+ char *p;
diff --git a/tools/zip/patches/012-make-encrypted-archives-reproducible.patch b/tools/zip/patches/012-make-encrypted-archives-reproducible.patch
new file mode 100644
index 0000000..a6259d3
--- /dev/null
+++ b/tools/zip/patches/012-make-encrypted-archives-reproducible.patch
@@ -0,0 +1,75 @@
+From db9165814823401d57383a8f9e82642129cf4223 Mon Sep 17 00:00:00 2001
+From: Sungbo Eo <mans0n@gorani.run>
+Date: Sat, 12 Feb 2022 16:42:14 +0900
+Subject: [PATCH] make encrypted archives reproducible
+
+Zip always try to generate new encryption header depending on execution
+time and process id, which is far from being reproducible. This commit
+changes the zip srand() seed to a predictable value to generate
+reproducible random bytes for the encryption header. This will compromise
+the goal of secure archive encryption, but it would not be a big problem
+for our purpose.
+
+Signed-off-by: Sungbo Eo <mans0n@gorani.run>
+---
+ crypt.c | 8 ++++++--
+ globals.c | 1 +
+ zip.h | 1 +
+ zipup.c | 2 +-
+ 4 files changed, 9 insertions(+), 3 deletions(-)
+
+--- a/crypt.c
++++ b/crypt.c
+@@ -29,7 +29,6 @@
+ version without encryption capabilities).
+ */
+
+-#define ZCRYPT_INTERNAL
+ #include "zip.h"
+ #include "crypt.h"
+ #include "ttyio.h"
+@@ -219,7 +218,12 @@ void crypthead(passwd, crc)
+ * often poorly implemented.
+ */
+ if (++calls == 1) {
+- srand((unsigned)time(NULL) ^ ZCR_SEED2);
++ unsigned zcr_seed1 = (unsigned)time(NULL);
++#ifndef ZCRYPT_INTERNAL
++ if (epoch > 0)
++ zcr_seed1 = (unsigned)epoch;
++#endif
++ srand(zcr_seed1 ^ ZCR_SEED2);
+ }
+ init_keys(passwd);
+ for (n = 0; n < RAND_HEAD_LEN-2; n++) {
+--- a/globals.c
++++ b/globals.c
+@@ -206,6 +206,7 @@ int read_split_archive = 0; /* 1=s
+ int split_method = 0; /* 0=no splits, 1=seekable, 2=data desc, -1=no */
+ uzoff_t split_size = 0; /* how big each split should be */
+ int split_bell = 0; /* when pause for next split ring bell */
++time_t epoch = 0; /* timestamp from SOURCE_DATE_EPOCH */
+ uzoff_t bytes_prev_splits = 0; /* total bytes written to all splits before this */
+ uzoff_t bytes_this_entry = 0; /* bytes written for this entry across all splits */
+ int noisy_splits = 0; /* note when splits are being created */
+--- a/zip.h
++++ b/zip.h
+@@ -502,6 +502,7 @@ extern uzoff_t bytes_this_split; /* byte
+ extern int read_split_archive; /* 1=scanzipf_reg detected spanning signature */
+ extern int split_method; /* 0=no splits, 1=seekable, 2=data descs, -1=no */
+ extern uzoff_t split_size; /* how big each split should be */
++extern time_t epoch; /* timestamp from SOURCE_DATE_EPOCH */
+ extern int split_bell; /* when pause for next split ring bell */
+ extern uzoff_t bytes_prev_splits; /* total bytes written to all splits before this */
+ extern uzoff_t bytes_this_entry; /* bytes written for this entry across all splits */
+--- a/zipup.c
++++ b/zipup.c
+@@ -676,7 +676,7 @@ struct zlist far *z; /* zip entry to
+ } /* strcmp(z->name, "-") == 0 */
+
+ if (extra_fields == 0 && (source_date_epoch = getenv("SOURCE_DATE_EPOCH")) != NULL) {
+- time_t epoch = strtoull(source_date_epoch, NULL, 10);
++ epoch = strtoull(source_date_epoch, NULL, 10);
+ if (epoch > 0) {
+ ulg epochtim = unix2dostime(&epoch);
+ if (z->tim > epochtim) z->tim = epochtim;