I'm not sure if this is the right place to report bugs, but I'll try here.
The unzip utility from APK fails to unzip empty files with an error:
error: invalid compression data to inflate
This does not fail with the Ubuntu unzip utility, (or with Windows). I think it would be good to follow what those tools do and just create the empty file instead of failing.
I'm not exactly sure which patch from Ubuntu's unzip fixes the issue; I don't know any C code.
Edited
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Child items
0
Show closed items
GraphQL error: The resource that you are attempting to access does not exist or you don't have permission to perform this action
No child items are currently open.
Linked items
0
Link issues together to show that they're related.
Learn more.
I assume you mean the busybox version of unzip? Can you try to install the unzip package and see if that has the same issue?
If it's just the busybox version that has this problem, that I would suggest reporting it to busybox, but it might be that the actual unzip package is suitable for you.
apk add --no-cache unzip# unzip -VUnZip 6.00 of 20 April 2009, by Info-ZIP. Maintained by C. Spieler. Sendbug reports using http://www.info-zip.org/zip-bug.html; see README for details.
I assume that would be the Alpine package?
I do have a ZIP file that reliably produces the error, but unfortunately, it's a proprietary file that I can't upload here. I'll try to reduce the problem and get back to you.
OK, I think I found it. If the zip file is protected with a password and the zip contains a file with 0 bytes, the inflate process fails. Using the alpine container image to test (with podman on Ubuntu 20.04):
$ cd /tmp$ touch empty_file.txt$ zip -e zip_with_empty_file.zip empty_file.txtEnter password:Verify password: adding: empty_file.txt (stored 0%)$ podman run -it -v /tmp/zip_with_empty_file.zip:/tmp/zip_with_empty_file.zip alpine /bin/sh/ # apk add unzipfetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gzfetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz(1/1) Installing unzip (6.0-r7)Executing busybox-1.31.1-r16.triggerOK: 6 MiB in 15 packages/ # cd /tmp/tmp # unzip -P password zip_with_empty_file.zipArchive: zip_with_empty_file.zip error: invalid compressed data to inflate
This is an upstream issue with unzip then. Sadly it seems it's no longer maintained, the last official release is 11 years ago.
Ubuntu (debian) has quite a list of patches for unzip, so maybe one of those patches fixes this issue, I could not quickly find one that is relevant (and some of them we already have)
There are several packages explicitly depending on unzip:
main:
mercurial
nagios
zip
community:
ark
flit
fwup
gnome-shell
gucharmap
hunspell-de-de
opam
openrct2
testing:
artifactory-oss
atari800
bazel2
bazel3
diffoscope
seamonkey
winetricks
zef
We would need to verify for each of those packages whether they work with bb unzip. Because they explicitly depend on unzip, I assume there is a reason for it.
We would need to verify for each of those packages whether they work with bb unzip. Because they explicitly depend on unzip, I assume there is a reason for it.
bb unzip doesn't support a lot of features, for example encrypted zip files.
Ubuntu (debian) has quite a list of patches for unzip, so maybe one of those patches fixes this issue, I could not quickly find one that is relevant (and some of them we already have)
I think I've isolated the bug; seems like an off-by-one error? Line 82 of main/unzip/unzip-6.0-heap-overflow-infloop.patch has if (csiz_decrypted <= 12) whereas the corresponding Fedora patch and the corresponding Debian patch has if (csiz_decrypted < 12). Looks like the Fedora patch was updated November 2015. I have confirmed that making that change and building the alpine package fixes that issue.
Alternative idea: Simply import all debian patches and use debian as upstream for this package?
That may be a good idea. I also confirmed that downloading the Debian patches and updating the APKBUILD to reflect those packages works.
I have created a merge request !12764 (merged) with the fix to the unzip patch as a short term fix. (I don't know there are conventions that I should be following that I missed.)
I suppose it could be decided later to follow Debian or Fedora patches as upstream.