From 8af78b3cd48b25ce3a4581992e78bd97762a5693 Mon Sep 17 00:00:00 2001
From: qhw01063182 <qhw01063182@alibaba-inc.com>
Date: Tue, 23 Sep 2025 13:37:07 +0800
Subject: [PATCH] [CVE] CVE-2022-0530

Signed-off-by: qhw01063182 <qhw01063182@alibaba-inc.com>
---
 CVE-2022-0530.patch | 27 +++++++++++++++++++++++++++
 unzip.spec          |  8 +++++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-0530.patch

diff --git a/CVE-2022-0530.patch b/CVE-2022-0530.patch
new file mode 100644
index 0000000..a9df2e1
--- /dev/null
+++ b/CVE-2022-0530.patch
@@ -0,0 +1,27 @@
+diff --git a/fileio.c b/fileio.c
+index 6290824..77e4b5f 100644
+--- a/fileio.c
++++ b/fileio.c
+@@ -2361,6 +2361,9 @@ int do_string(__G__ length, option)   /* return PK-type error code */
+                   /* convert UTF-8 to local character set */
+                   fn = utf8_to_local_string(G.unipath_filename,
+                                             G.unicode_escape_all);
++                  if (fn == NULL)
++                    return PK_ERR;
++
+                   /* make sure filename is short enough */
+                   if (strlen(fn) >= FILNAMSIZ) {
+                     fn[FILNAMSIZ - 1] = '\0';
+diff --git a/process.c b/process.c
+index d2a846e..715bc0f 100644
+--- a/process.c
++++ b/process.c
+@@ -2605,6 +2605,8 @@ char *utf8_to_local_string(utf8_string, escape_all)
+   int escape_all;
+ {
+   zwchar *wide = utf8_to_wide_string(utf8_string);
++  if (wide == NULL)
++    return NULL;
+   char *loc = wide_to_local_string(wide, escape_all);
+   free(wide);
+   return loc;
diff --git a/unzip.spec b/unzip.spec
index aaacc81..5d7c769 100644
--- a/unzip.spec
+++ b/unzip.spec
@@ -1,4 +1,4 @@
-%define   anolis_release 4
+%define   anolis_release 5
 
 Name:     unzip
 Epoch:    1
@@ -70,6 +70,9 @@ Patch31: 0031-unzip-zipbomb-part6.patch
 Patch32: 0032-unzip-zipbomb-switch.patch
 Patch33: 33-bugfix-for-CVE-2022-0529.patch
 
+#https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1010355;filename=CVE-2022-0530.patch;msg=5
+Patch34: CVE-2022-0530.patch
+
 BuildRequires:  make
 BuildRequires:  bzip2-devel, gcc
 
@@ -114,6 +117,9 @@ make -f unix/Makefile prefix=$RPM_BUILD_ROOT%{_prefix} MANDIR=$RPM_BUILD_ROOT%{_
 %doc README BUGS
 
 %changelog
+* Tue Sep 23 2025 Hong Wei Qin <qhw01063182@alibaba-inc.com> - 1:6.0-5
+- Fix CVE-2022-0530
+
 * Tue Sep 02 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 1:6.0-4
 - Fix CVE-2022-0529
 
-- 
Gitee