control: tags -1 patch control: severity -1 important Hi,
zip as shipped currently with Debian squeeze lacks encoding support. This is a widely known problem with some workarounds. https://superuser.com/questions/872596/decompress-zip-with-given-encoding https://unix.stackexchange.com/questions/251969/how-can-i-correctly-decompress-a-zip-archive-of-files-with-hebrew-names Seemingly the same problem is reported as https://bugs.debian.org/696914 too. Apparently, Ubuntu, Arch, Redhat and FreeBSD ships (or shipped) patched version of unzip to cope with this widely known encoding issue (it seems this is a more than 10 year hanging issue. Upstream change seemd to broke old patch sometime in history. But I see Ubuntu has an updated patch.). Knowing slow upstream, maybe it is good idea to apply a patch to fix this shortcomings on Debian too. Arch bug and patch in 2009: https://bugs.archlinux.org/task/15256 Ubuntu discussion on this bug is here: https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/580961 In this: Mathew Hodson (mathew-hodson) wrote on 2016-05-16: #198 I've closed the remaining tasks. This particular bug was fixed in Precise and later. For remaining issues in p7zip and file-roller, see Bug #1382106 and Bug #495880 Current Ubuntu fixed this bug and its diff is here: https://ubuntudiff.debian.net/q/package/unzip unzip (6.0-21ubuntu1) artful; urgency=low * Merge from Debian unstable. Remaining changes: - Add patch from archlinux which adds the -O option, allowing a charset to be specified for the proper unzipping of non-Latin and non-Unicode filenames. Looks quite reasonable. The same patch has been in use from unzip version 6.0-19ubuntu1 packaged by Sebastien Bacher <seb...@ubuntu.com> Fri, 23 Oct 2015 15:58:43 +0200 So this patch should have been well tested by know! As long as we apply the same patch as Ubuntu, security concern is minimal, too. (I understand that, with so many recent CVE fixes, you may be very conservative deviating from the upstream.) If you don't feel like updating under freeze, please seriously consider uploading right after the release and backporting. Regards, Osamu
signature.asc
Description: PGP signature
