Bug 740012 - unzip creates a link instead of extracting the file for some .zip archives
Summary: unzip creates a link instead of extracting the file for some .zip archives
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: unzip
Version: 6.4
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: rc
: ---
Assignee: pstodulk
QA Contact: Robin Hack
URL:
Whiteboard:
Depends On:
Blocks: 1254457
TreeView+ depends on / blocked
 
Reported: 2011-09-20 17:06 UTC by Scott Eikenberry
Modified: 2016-07-07 11:57 UTC (History)
4 users (show)

Fixed In Version: unzip-6.0-3.el6
Doc Type: Bug Fix
Doc Text:
Cause: There was missing initialisation of symlink flag in information about entry (file). Consequence: When archive contains more then 16k entries and one of the 16k entries is reused & symlink is presented, some another entries can be presented wrong as symlinks instead of regular files. Fix: Added missing initialisation of symlink flag. Result: Regular files are not evaluated as symlinks anymore.
Clone Of:
: 1276746 (view as bug list)
Environment:
Last Closed: 2015-12-15 16:36:27 UTC


Attachments (Terms of Use)
Undertaken patch (493 bytes, patch)
2013-10-21 07:52 UTC, pstodulk
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2648 normal SHIPPED_LIVE unzip bug fix and enhancement update 2015-12-15 21:35:53 UTC

Description Scott Eikenberry 2011-09-20 17:06:26 UTC
Description of problem:

There is  a problem with unzip 6.0 that did not occur with unzip 5.5.  We have noticed that some Zip files when extracted put in bad symbolic links where there should be a file.  This has happened recently with a few McAfee DAT files.

The orginal DAT zip file can be fetched from McAfee.

Here is the version info:

$ unzip -h
UnZip 6.00 of 20 April 2009, by Info-ZIP.  Maintained by C. Spieler.  Send
bug reports using http://www.info-zip.org/zip-bug.html; see README for details.

$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.0 (Santiago)

Here is a listing of the zip contents:

$unzip -v avvdat-6473.zip
Archive:  avvdat-6473.zip
Length   Method    Size  Cmpr    Date    Time   CRC-32   Name
--------  ------  ------- ---- ---------- ----- --------  ----
    8689  Defl:X     3410  61% 09-18-2011 06:40 22147a15  legal.txt
  624369  Stored   624369   0% 09-18-2011 06:40 7b442ef4  avvclean.dat
  438737  Stored   438737   0% 09-18-2011 06:40 af4df8f3  avvnames.dat
116665550  Stored 116665550   0% 09-18-2011 06:40 3918b107  avvscan.dat
--------          -------  ---                            -------
117737345         117732066   0%                            4 files

Here is the output of the zip extraction (notice the "linking"):
$ unzip \avvdat-6473.zip
Archive:  avvdat-6473.zip
  inflating: legal.txt
extracting: avvclean.dat
extracting: avvnames.dat
    linking: avvscan.dat             -> Copyright (c) McAfee DAT file^Z^A
finishing deferred symbolic links:
  avvscan.dat            -> Copyright (c) McAfee DAT file^Z^A

Here is what the extracted files from the ZIP look like:

$ ls -la
total 116168
drwxr-xr-x 2 sde stage      4096 Sep 20 00:49 .
drwxr-xr-x 3 sde stage      4096 Sep 20 00:46 ..
-rw-r--r-- 1 sde stage    624369 Sep 18 06:40 avvclean.dat
-rw-r--r-- 1 sde stage 117732659 Sep 20 00:47 avvdat-6473.zip
-rw-r--r-- 1 sde stage    438737 Sep 18 06:40 avvnames.dat
lrwxrwxrwx 1 sde stage        31 Sep 20 00:49 avvscan.dat -> Copyright (c) McAfee DAT file??
-rw-r--r-- 1 sde stage      8689 Sep 18 06:40 legal.txt

It appears the Debian bug forum has listed and fixed this same issue:
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630078>

Comment 2 RHEL Product and Program Management 2011-09-20 17:29:30 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 3 RHEL Product and Program Management 2012-09-07 05:09:44 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 5 pstodulk 2013-10-21 08:45:51 UTC
For reproduce:
wget https://github.com/mono/mono/archive/master.zip
unzip master.zip
[....]
finishing deferred symbolic links:

mono-master/mcs/class/System.Configuration/System.Configuration_test_net_2_0.dll.config
-> Test/App.config

mono-master/mcs/class/System.Configuration/System.Configuration_test_net_4_0.dll.config
-> Test/App.config

mono-master/mcs/class/System.Configuration/System.Configuration_test_net_4_5.dll.config
-> Test/App.config

mono-master/mcs/class/System.Web/Test/mainsoft/MainsoftWebApp/System_Web_UI_WebControls/DataGridColumn/DataGridColumn_HeaderText.aspx
-> <%@ Page Language="c#" AutoEventWireup="false"
[... more cruft from the contents of the file ...]
---------------------------------------
And errmsg "Filename too long". 
Added patch in attachment.

Comment 11 errata-xmlrpc 2015-12-15 16:36:27 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2648.html


Note You need to log in before you can comment on or make changes to this bug.