[Buildroot] [PATCH 2017.02.x] busybox: add upstream post-1.26.2 fixes

Peter Korsgaard peter at korsgaard.com
Sat Oct 21 17:13:09 UTC 2017


Suggested-by: Scott Fan <fancp2007 at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 ...r-brain-damaged-HTTP-servers.-Closes-9471.patch |  87 ++++
 ...rly-use-CDF-to-find-compressed-files.-Clo.patch | 494 ++++++++++++++++++++
 .../0005-typo-fix-in-config-help-text.patch        |  27 ++
 ...e-now-pointless-lseek-which-returns-curre.patch |  50 ++
 ...t-use-CDF.extra_len-read-local-file-heade.patch | 509 +++++++++++++++++++++
 ...0008-httpd-fix-handling-of-range-requests.patch |  27 ++
 6 files changed, 1194 insertions(+)
 create mode 100644 package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch
 create mode 100644 package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch
 create mode 100644 package/busybox/0005-typo-fix-in-config-help-text.patch
 create mode 100644 package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch
 create mode 100644 package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch
 create mode 100644 package/busybox/0008-httpd-fix-handling-of-range-requests.patch

diff --git a/package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch b/package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch
new file mode 100644
index 0000000000..a39bc894ed
--- /dev/null
+++ b/package/busybox/0003-wget-fix-for-brain-damaged-HTTP-servers.-Closes-9471.patch
@@ -0,0 +1,87 @@
+From dac762a702d01c8c2d42135795cc9bf23ff324a2 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux at googlemail.com>
+Date: Wed, 11 Jan 2017 20:16:45 +0100
+Subject: [PATCH] wget: fix for brain-damaged HTTP servers. Closes 9471
+
+write(3, "GET / HTTP/1.1\r\nUser-Agent: Wget\r\nConnection: close\r\n\r\n", 74) = 74
+shutdown(3, SHUT_WR)    = 0
+alarm(900)              = 900
+read(3, "", 1024)       = 0
+write(2, "wget: error getting response\n", 29) = 29
+exit(1)
+
+The peer simply does not return anything. It closes its connection.
+
+Probably it detects wget closing its writing end: shutdown(3, SHUT_WR).
+
+The point it, closing write side of the socket is _valid_ for HTTP.
+wget sent the full request, it won't be sending anything more:
+it will only receive the response, and that's it.
+
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ networking/wget.c | 26 ++++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
+
+diff --git a/networking/wget.c b/networking/wget.c
+index b082a0f59..afb09f587 100644
+--- a/networking/wget.c
++++ b/networking/wget.c
+@@ -141,6 +141,8 @@
+ #endif
+ 
+ 
++#define SSL_SUPPORTED (ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER)
++
+ struct host_info {
+ 	char *allocated;
+ 	const char *path;
+@@ -151,7 +153,7 @@ struct host_info {
+ };
+ static const char P_FTP[] ALIGN1 = "ftp";
+ static const char P_HTTP[] ALIGN1 = "http";
+-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
++#if SSL_SUPPORTED
+ static const char P_HTTPS[] ALIGN1 = "https";
+ #endif
+ 
+@@ -452,7 +454,7 @@ static void parse_url(const char *src_url, struct host_info *h)
+ 		if (strcmp(url, P_FTP) == 0) {
+ 			h->port = bb_lookup_port(P_FTP, "tcp", 21);
+ 		} else
+-#if ENABLE_FEATURE_WGET_OPENSSL || ENABLE_FEATURE_WGET_SSL_HELPER
++#if SSL_SUPPORTED
+ 		if (strcmp(url, P_HTTPS) == 0) {
+ 			h->port = bb_lookup_port(P_HTTPS, "tcp", 443);
+ 			h->protocol = P_HTTPS;
+@@ -1093,12 +1095,20 @@ static void download_one_url(const char *url)
+ 		}
+ 
+ 		fflush(sfp);
+-		/* If we use SSL helper, keeping our end of the socket open for writing
+-		 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
+-		 * even after child closes its copy of the fd.
+-		 * This helps:
+-		 */
+-		shutdown(fileno(sfp), SHUT_WR);
++
++/* Tried doing this unconditionally.
++ * Cloudflare and nginx/1.11.5 are shocked to see SHUT_WR on non-HTTPS.
++ */
++#if SSL_SUPPORTED
++		if (target.protocol == P_HTTPS) {
++			/* If we use SSL helper, keeping our end of the socket open for writing
++			 * makes our end (i.e. the same fd!) readable (EAGAIN instead of EOF)
++			 * even after child closes its copy of the fd.
++			 * This helps:
++			 */
++			shutdown(fileno(sfp), SHUT_WR);
++		}
++#endif
+ 
+ 		/*
+ 		 * Retrieve HTTP response line and check for "200" status code.
+-- 
+2.11.0
+
diff --git a/package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch b/package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch
new file mode 100644
index 0000000000..66d309d877
--- /dev/null
+++ b/package/busybox/0004-unzip-properly-use-CDF-to-find-compressed-files.-Clo.patch
@@ -0,0 +1,494 @@
+From fa654812e79d2422b41cfff6443e2abcb7737517 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux at googlemail.com>
+Date: Thu, 5 Jan 2017 11:43:53 +0100
+Subject: [PATCH] unzip: properly use CDF to find compressed files. Closes 9536
+
+function                                             old     new   delta
+unzip_main                                          2437    2350     -87
+
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ archival/unzip.c      | 285 +++++++++++++++++++++++++++++---------------------
+ testsuite/unzip.tests |   6 +-
+ 2 files changed, 168 insertions(+), 123 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index c540485ac..edef22f75 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -16,7 +16,6 @@
+  * TODO
+  * Zip64 + other methods
+  */
+-
+ //config:config UNZIP
+ //config:	bool "unzip"
+ //config:	default y
+@@ -24,8 +23,17 @@
+ //config:	  unzip will list or extract files from a ZIP archive,
+ //config:	  commonly found on DOS/WIN systems. The default behavior
+ //config:	  (with no options) is to extract the archive into the
+-//config:	  current directory. Use the `-d' option to extract to a
+-//config:	  directory of your choice.
++//config:	  current directory.
++//config:
++//config:config FEATURE_UNZIP_CDF
++//config:	bool "Read and use Central Directory data"
++//config:	default y
++//config:	depends on UNZIP
++//config:	help
++//config:	  If you know that you only need to deal with simple
++//config:	  ZIP files without deleted/updated files, SFX archves etc,
++//config:	  you can reduce code size by unselecting this option.
++//config:	  To support less trivial ZIPs, say Y.
+ 
+ //applet:IF_UNZIP(APPLET(unzip, BB_DIR_USR_BIN, BB_SUID_DROP))
+ //kbuild:lib-$(CONFIG_UNZIP) += unzip.o
+@@ -80,30 +88,20 @@ typedef union {
+ 		uint32_t ucmpsize PACKED;       /* 18-21 */
+ 		uint16_t filename_len;          /* 22-23 */
+ 		uint16_t extra_len;             /* 24-25 */
++		/* filename follows (not NUL terminated) */
++		/* extra field follows */
++		/* data follows */
+ 	} formatted PACKED;
+ } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
+ 
+-/* Check the offset of the last element, not the length.  This leniency
+- * allows for poor packing, whereby the overall struct may be too long,
+- * even though the elements are all in the right place.
+- */
+-struct BUG_zip_header_must_be_26_bytes {
+-	char BUG_zip_header_must_be_26_bytes[
+-		offsetof(zip_header_t, formatted.extra_len) + 2
+-			== ZIP_HEADER_LEN ? 1 : -1];
+-};
+-
+-#define FIX_ENDIANNESS_ZIP(zip_header) do { \
+-	(zip_header).formatted.version      = SWAP_LE16((zip_header).formatted.version     ); \
+-	(zip_header).formatted.method       = SWAP_LE16((zip_header).formatted.method      ); \
+-	(zip_header).formatted.modtime      = SWAP_LE16((zip_header).formatted.modtime     ); \
+-	(zip_header).formatted.moddate      = SWAP_LE16((zip_header).formatted.moddate     ); \
++#define FIX_ENDIANNESS_ZIP(zip_header) \
++do { if (BB_BIG_ENDIAN) { \
+ 	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
+ 	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
+ 	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
+ 	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
+ 	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
+-} while (0)
++}} while (0)
+ 
+ #define CDF_HEADER_LEN 42
+ 
+@@ -115,8 +113,8 @@ typedef union {
+ 		uint16_t version_needed;        /* 2-3 */
+ 		uint16_t cdf_flags;             /* 4-5 */
+ 		uint16_t method;                /* 6-7 */
+-		uint16_t mtime;                 /* 8-9 */
+-		uint16_t mdate;                 /* 10-11 */
++		uint16_t modtime;               /* 8-9 */
++		uint16_t moddate;               /* 10-11 */
+ 		uint32_t crc32;                 /* 12-15 */
+ 		uint32_t cmpsize;               /* 16-19 */
+ 		uint32_t ucmpsize;              /* 20-23 */
+@@ -127,27 +125,27 @@ typedef union {
+ 		uint16_t internal_file_attributes; /* 32-33 */
+ 		uint32_t external_file_attributes PACKED; /* 34-37 */
+ 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
++		/* filename follows (not NUL terminated) */
++		/* extra field follows */
++		/* comment follows */
+ 	} formatted PACKED;
+ } cdf_header_t;
+ 
+-struct BUG_cdf_header_must_be_42_bytes {
+-	char BUG_cdf_header_must_be_42_bytes[
+-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
+-			== CDF_HEADER_LEN ? 1 : -1];
+-};
+-
+-#define FIX_ENDIANNESS_CDF(cdf_header) do { \
++#define FIX_ENDIANNESS_CDF(cdf_header) \
++do { if (BB_BIG_ENDIAN) { \
++	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
++	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
++	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
++	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
++	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
+ 	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
+ 	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
+ 	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
+ 	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
+ 	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
+ 	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
+-	IF_DESKTOP( \
+-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+ 	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
+-	) \
+-} while (0)
++}} while (0)
+ 
+ #define CDE_HEADER_LEN 16
+ 
+@@ -166,20 +164,38 @@ typedef union {
+ 	} formatted PACKED;
+ } cde_header_t;
+ 
+-struct BUG_cde_header_must_be_16_bytes {
++#define FIX_ENDIANNESS_CDE(cde_header) \
++do { if (BB_BIG_ENDIAN) { \
++	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
++}} while (0)
++
++struct BUG {
++	/* Check the offset of the last element, not the length.  This leniency
++	 * allows for poor packing, whereby the overall struct may be too long,
++	 * even though the elements are all in the right place.
++	 */
++	char BUG_zip_header_must_be_26_bytes[
++		offsetof(zip_header_t, formatted.extra_len) + 2
++			== ZIP_HEADER_LEN ? 1 : -1];
++	char BUG_cdf_header_must_be_42_bytes[
++		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
++			== CDF_HEADER_LEN ? 1 : -1];
+ 	char BUG_cde_header_must_be_16_bytes[
+ 		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
+ };
+ 
+-#define FIX_ENDIANNESS_CDE(cde_header) do { \
+-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
+-} while (0)
+ 
+ enum { zip_fd = 3 };
+ 
+ 
+-#if ENABLE_DESKTOP
++/* This value means that we failed to find CDF */
++#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
++
++#if !ENABLE_FEATURE_UNZIP_CDF
+ 
++# define find_cdf_offset() BAD_CDF_OFFSET
++
++#else
+ /* Seen in the wild:
+  * Self-extracting PRO2K3XP_32.exe contains 19078464 byte zip archive,
+  * where CDE was nearly 48 kbytes before EOF.
+@@ -188,25 +204,26 @@ enum { zip_fd = 3 };
+  * To make extraction work, bumped PEEK_FROM_END from 16k to 64k.
+  */
+ #define PEEK_FROM_END (64*1024)
+-
+-/* This value means that we failed to find CDF */
+-#define BAD_CDF_OFFSET ((uint32_t)0xffffffff)
+-
+ /* NB: does not preserve file position! */
+ static uint32_t find_cdf_offset(void)
+ {
+ 	cde_header_t cde_header;
++	unsigned char *buf;
+ 	unsigned char *p;
+ 	off_t end;
+-	unsigned char *buf = xzalloc(PEEK_FROM_END);
+ 	uint32_t found;
+ 
+-	end = xlseek(zip_fd, 0, SEEK_END);
++	end = lseek(zip_fd, 0, SEEK_END);
++	if (end == (off_t) -1)
++		return BAD_CDF_OFFSET;
++
+ 	end -= PEEK_FROM_END;
+ 	if (end < 0)
+ 		end = 0;
++
+ 	dbg("Looking for cdf_offset starting from 0x%"OFF_FMT"x", end);
+  	xlseek(zip_fd, end, SEEK_SET);
++	buf = xzalloc(PEEK_FROM_END);
+ 	full_read(zip_fd, buf, PEEK_FROM_END);
+ 
+ 	found = BAD_CDF_OFFSET;
+@@ -252,30 +269,36 @@ static uint32_t find_cdf_offset(void)
+ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ {
+ 	off_t org;
++	uint32_t magic;
+ 
+-	org = xlseek(zip_fd, 0, SEEK_CUR);
++	if (cdf_offset == BAD_CDF_OFFSET)
++		return cdf_offset;
+ 
+-	if (!cdf_offset)
+-		cdf_offset = find_cdf_offset();
+-
+-	if (cdf_offset != BAD_CDF_OFFSET) {
+-		dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+-		xlseek(zip_fd, cdf_offset + 4, SEEK_SET);
+-		xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+-		FIX_ENDIANNESS_CDF(*cdf_ptr);
+-		dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-			(unsigned)cdf_ptr->formatted.file_name_length,
+-			(unsigned)cdf_ptr->formatted.extra_field_length,
+-			(unsigned)cdf_ptr->formatted.file_comment_length
+-		);
+-		cdf_offset += 4 + CDF_HEADER_LEN
+-			+ cdf_ptr->formatted.file_name_length
+-			+ cdf_ptr->formatted.extra_field_length
+-			+ cdf_ptr->formatted.file_comment_length;
++	org = xlseek(zip_fd, 0, SEEK_CUR);
++	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
++	xlseek(zip_fd, cdf_offset, SEEK_SET);
++	xread(zip_fd, &magic, 4);
++	/* Central Directory End? */
++	if (magic == ZIP_CDE_MAGIC) {
++		dbg("got ZIP_CDE_MAGIC");
++		return 0; /* EOF */
+ 	}
++	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
++	/* Caller doesn't need this: */
++	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
++	/* xlseek(zip_fd, org, SEEK_SET); */
++
++	FIX_ENDIANNESS_CDF(*cdf_ptr);
++	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
++		(unsigned)cdf_ptr->formatted.file_name_length,
++		(unsigned)cdf_ptr->formatted.extra_field_length,
++		(unsigned)cdf_ptr->formatted.file_comment_length
++	);
++	cdf_offset += 4 + CDF_HEADER_LEN
++		+ cdf_ptr->formatted.file_name_length
++		+ cdf_ptr->formatted.extra_field_length
++		+ cdf_ptr->formatted.file_comment_length;
+ 
+-	dbg("Returning file position to 0x%"OFF_FMT"x", org);
+-	xlseek(zip_fd, org, SEEK_SET);
+ 	return cdf_offset;
+ };
+ #endif
+@@ -324,6 +347,7 @@ static void unzip_extract(zip_header_t *zip_header, int dst_fd)
+ 			bb_error_msg("bad length");
+ 		}
+ 	}
++	/* TODO? method 12: bzip2, method 14: LZMA */
+ }
+ 
+ static void my_fgets80(char *buf80)
+@@ -339,15 +363,12 @@ int unzip_main(int argc, char **argv)
+ {
+ 	enum { O_PROMPT, O_NEVER, O_ALWAYS };
+ 
+-	zip_header_t zip_header;
+ 	smallint quiet = 0;
+-	IF_NOT_DESKTOP(const) smallint verbose = 0;
++	IF_NOT_FEATURE_UNZIP_CDF(const) smallint verbose = 0;
+ 	smallint listing = 0;
+ 	smallint overwrite = O_PROMPT;
+ 	smallint x_opt_seen;
+-#if ENABLE_DESKTOP
+ 	uint32_t cdf_offset;
+-#endif
+ 	unsigned long total_usize;
+ 	unsigned long total_size;
+ 	unsigned total_entries;
+@@ -430,7 +451,7 @@ int unzip_main(int argc, char **argv)
+ 			break;
+ 
+ 		case 'v': /* Verbose list */
+-			IF_DESKTOP(verbose++;)
++			IF_FEATURE_UNZIP_CDF(verbose++;)
+ 			listing = 1;
+ 			break;
+ 
+@@ -545,78 +566,102 @@ int unzip_main(int argc, char **argv)
+ 	total_usize = 0;
+ 	total_size = 0;
+ 	total_entries = 0;
+-#if ENABLE_DESKTOP
+-	cdf_offset = 0;
+-#endif
++	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
+ 	while (1) {
+-		uint32_t magic;
++		zip_header_t zip_header;
+ 		mode_t dir_mode = 0777;
+-#if ENABLE_DESKTOP
++#if ENABLE_FEATURE_UNZIP_CDF
+ 		mode_t file_mode = 0666;
+ #endif
+ 
+-		/* Check magic number */
+-		xread(zip_fd, &magic, 4);
+-		/* Central directory? It's at the end, so exit */
+-		if (magic == ZIP_CDF_MAGIC) {
+-			dbg("got ZIP_CDF_MAGIC");
+-			break;
+-		}
+-#if ENABLE_DESKTOP
+-		/* Data descriptor? It was a streaming file, go on */
+-		if (magic == ZIP_DD_MAGIC) {
+-			dbg("got ZIP_DD_MAGIC");
+-			/* skip over duplicate crc32, cmpsize and ucmpsize */
+-			unzip_skip(3 * 4);
+-			continue;
+-		}
+-#endif
+-		if (magic != ZIP_FILEHEADER_MAGIC)
+-			bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+-		dbg("got ZIP_FILEHEADER_MAGIC");
+-
+-		/* Read the file header */
+-		xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-		FIX_ENDIANNESS_ZIP(zip_header);
+-		if ((zip_header.formatted.method != 0) && (zip_header.formatted.method != 8)) {
+-			bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
+-		}
+-#if !ENABLE_DESKTOP
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
+-			bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+-		}
+-#else
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
+-			/* 0x0001 - encrypted */
+-			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+-		}
++		if (!ENABLE_FEATURE_UNZIP_CDF || cdf_offset == BAD_CDF_OFFSET) {
++			/* Normally happens when input is unseekable.
++			 *
++			 * Valid ZIP file has Central Directory at the end
++			 * with central directory file headers (CDFs).
++			 * After it, there is a Central Directory End structure.
++			 * CDFs identify what files are in the ZIP and where
++			 * they are located. This allows ZIP readers to load
++			 * the list of files without reading the entire ZIP archive.
++			 * ZIP files may be appended to, only files specified in
++			 * the CD are valid. Scanning for local file headers is
++			 * not a correct algorithm.
++			 *
++			 * We try to do the above, and resort to "linear" reading
++			 * of ZIP file only if seek failed or CDE wasn't found.
++			 */
++			uint32_t magic;
+ 
+-		if (cdf_offset != BAD_CDF_OFFSET) {
++			/* Check magic number */
++			xread(zip_fd, &magic, 4);
++			/* Central directory? It's at the end, so exit */
++			if (magic == ZIP_CDF_MAGIC) {
++				dbg("got ZIP_CDF_MAGIC");
++				break;
++			}
++			/* Data descriptor? It was a streaming file, go on */
++			if (magic == ZIP_DD_MAGIC) {
++				dbg("got ZIP_DD_MAGIC");
++				/* skip over duplicate crc32, cmpsize and ucmpsize */
++				unzip_skip(3 * 4);
++				continue;
++			}
++			if (magic != ZIP_FILEHEADER_MAGIC)
++				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
++			dbg("got ZIP_FILEHEADER_MAGIC");
++
++			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip_header);
++			if ((zip_header.formatted.method != 0)
++			 && (zip_header.formatted.method != 8)
++			) {
++				/* TODO? method 12: bzip2, method 14: LZMA */
++				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
++			}
++			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
++				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
++			}
++		}
++#if ENABLE_FEATURE_UNZIP_CDF
++		else {
++			/* cdf_offset is valid (and we know the file is seekable) */
+ 			cdf_header_t cdf_header;
+ 			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
+-			/*
+-			 * Note: cdf_offset can become BAD_CDF_OFFSET after the above call.
+-			 */
++			if (cdf_offset == 0) /* EOF? */
++				break;
++# if 0
++			xlseek(zip_fd,
++				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
++				SEEK_SET);
++			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip_header);
+ 			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
+ 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
+-				 * only from Central Directory. See unzip_doc.txt
++				 * only from Central Directory.
+ 				 */
+ 				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
+ 				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
+ 				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
+ 			}
++# else
++			/* CDF has the same data as local header, no need to read the latter */
++			memcpy(&zip_header.formatted.version,
++				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
++			xlseek(zip_fd,
++				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
++				SEEK_SET);
++# endif
+ 			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
+ 				/* This archive is created on Unix */
+ 				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
+ 			}
+ 		}
+-		if (cdf_offset == BAD_CDF_OFFSET
+-		 && (zip_header.formatted.zip_flags & SWAP_LE16(0x0008))
+-		) {
+-			/* If it's a streaming zip, we _require_ CDF */
+-			bb_error_msg_and_die("can't find file table");
+-		}
+ #endif
++
++		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
++			/* 0x0001 - encrypted */
++			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
++		}
+ 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
+ 			(unsigned)zip_header.formatted.cmpsize,
+ 			(unsigned)zip_header.formatted.extra_len,
+@@ -751,7 +796,7 @@ int unzip_main(int argc, char **argv)
+ 			overwrite = O_ALWAYS;
+ 		case 'y': /* Open file and fall into unzip */
+ 			unzip_create_leading_dirs(dst_fn);
+-#if ENABLE_DESKTOP
++#if ENABLE_FEATURE_UNZIP_CDF
+ 			dst_fd = xopen3(dst_fn, O_WRONLY | O_CREAT | O_TRUNC, file_mode);
+ #else
+ 			dst_fd = xopen(dst_fn, O_WRONLY | O_CREAT | O_TRUNC);
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index d8738a3bd..d9c45242c 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -31,11 +31,10 @@ rmdir foo
+ rm foo.zip
+ 
+ # File containing some damaged encrypted stream
++optional FEATURE_UNZIP_CDF
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+-  inflating: ]3j½r«IK-%Ix
+-unzip: corrupted data
+-unzip: inflate error
++unzip: short read
+ 1
+ " \
+ "" "\
+@@ -49,6 +48,7 @@ BDYAAAAMAAEADQAAADIADQAAAEEAAAASw73Ct1DKokohPXQiNzA+FAI1HCcW
+ NzITNFBLBQUKAC4JAA04Cw0EOhZQSwUGAQAABAIAAgCZAAAAeQAAAAIALhM=
+ ====
+ "
++SKIP=
+ 
+ rm *
+ 
+-- 
+2.11.0
+
diff --git a/package/busybox/0005-typo-fix-in-config-help-text.patch b/package/busybox/0005-typo-fix-in-config-help-text.patch
new file mode 100644
index 0000000000..33b91707ec
--- /dev/null
+++ b/package/busybox/0005-typo-fix-in-config-help-text.patch
@@ -0,0 +1,27 @@
+From f8692dc6a0035788a83821fa18b987d8748f97a7 Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux at googlemail.com>
+Date: Thu, 5 Jan 2017 11:47:28 +0100
+Subject: [PATCH] typo fix in config help text
+
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ archival/unzip.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index edef22f75..f1726439d 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -31,7 +31,7 @@
+ //config:	depends on UNZIP
+ //config:	help
+ //config:	  If you know that you only need to deal with simple
+-//config:	  ZIP files without deleted/updated files, SFX archves etc,
++//config:	  ZIP files without deleted/updated files, SFX archives etc,
+ //config:	  you can reduce code size by unselecting this option.
+ //config:	  To support less trivial ZIPs, say Y.
+ 
+-- 
+2.11.0
+
diff --git a/package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch b/package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch
new file mode 100644
index 0000000000..ebe08c4904
--- /dev/null
+++ b/package/busybox/0006-unzip-remove-now-pointless-lseek-which-returns-curre.patch
@@ -0,0 +1,50 @@
+From 50504d3a3badb8ab80bd33797abcbb3b7427c267 Mon Sep 17 00:00:00 2001
+From: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
+Date: Thu, 5 Jan 2017 19:07:54 +0100
+Subject: [PATCH] unzip: remove now-pointless lseek which returns current
+ position
+
+archival/unzip.c: In function 'read_next_cdf':
+archival/unzip.c:271:8: warning: variable 'org' set but
+                                 not used [-Wunused-but-set-variable]
+  off_t org;
+        ^~~
+
+Signed-off-by: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ archival/unzip.c | 5 -----
+ 1 file changed, 5 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index f1726439d..98a71c09d 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -268,13 +268,11 @@ static uint32_t find_cdf_offset(void)
+ 
+ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ {
+-	off_t org;
+ 	uint32_t magic;
+ 
+ 	if (cdf_offset == BAD_CDF_OFFSET)
+ 		return cdf_offset;
+ 
+-	org = xlseek(zip_fd, 0, SEEK_CUR);
+ 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ 	xlseek(zip_fd, cdf_offset, SEEK_SET);
+ 	xread(zip_fd, &magic, 4);
+@@ -284,9 +282,6 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ 		return 0; /* EOF */
+ 	}
+ 	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
+-	/* Caller doesn't need this: */
+-	/* dbg("Returning file position to 0x%"OFF_FMT"x", org); */
+-	/* xlseek(zip_fd, org, SEEK_SET); */
+ 
+ 	FIX_ENDIANNESS_CDF(*cdf_ptr);
+ 	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-- 
+2.11.0
+
diff --git a/package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch b/package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch
new file mode 100644
index 0000000000..97482c3954
--- /dev/null
+++ b/package/busybox/0007-unzip-do-not-use-CDF.extra_len-read-local-file-heade.patch
@@ -0,0 +1,509 @@
+From ee72302ac5e3b0b2217f616ab316d3c89e5a1f4c Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux at googlemail.com>
+Date: Sun, 8 Jan 2017 14:14:19 +0100
+Subject: [PATCH] unzip: do not use CDF.extra_len, read local file header.
+ Closes 9536
+
+While at it, shorten many field and variable names.
+
+function                                             old     new   delta
+unzip_main                                          2334    2376     +42
+
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ archival/unzip.c      | 236 ++++++++++++++++++++++++++------------------------
+ testsuite/unzip.tests |   4 +-
+ 2 files changed, 125 insertions(+), 115 deletions(-)
+
+diff --git a/archival/unzip.c b/archival/unzip.c
+index 98a71c09d..921493591 100644
+--- a/archival/unzip.c
++++ b/archival/unzip.c
+@@ -62,8 +62,8 @@
+ enum {
+ #if BB_BIG_ENDIAN
+ 	ZIP_FILEHEADER_MAGIC = 0x504b0304,
+-	ZIP_CDF_MAGIC        = 0x504b0102, /* central directory's file header */
+-	ZIP_CDE_MAGIC        = 0x504b0506, /* "end of central directory" record */
++	ZIP_CDF_MAGIC        = 0x504b0102, /* CDF item */
++	ZIP_CDE_MAGIC        = 0x504b0506, /* End of CDF */
+ 	ZIP_DD_MAGIC         = 0x504b0708,
+ #else
+ 	ZIP_FILEHEADER_MAGIC = 0x04034b50,
+@@ -91,16 +91,16 @@ typedef union {
+ 		/* filename follows (not NUL terminated) */
+ 		/* extra field follows */
+ 		/* data follows */
+-	} formatted PACKED;
++	} fmt PACKED;
+ } zip_header_t; /* PACKED - gcc 4.2.1 doesn't like it (spews warning) */
+ 
+-#define FIX_ENDIANNESS_ZIP(zip_header) \
++#define FIX_ENDIANNESS_ZIP(zip) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(zip_header).formatted.crc32        = SWAP_LE32((zip_header).formatted.crc32       ); \
+-	(zip_header).formatted.cmpsize      = SWAP_LE32((zip_header).formatted.cmpsize     ); \
+-	(zip_header).formatted.ucmpsize     = SWAP_LE32((zip_header).formatted.ucmpsize    ); \
+-	(zip_header).formatted.filename_len = SWAP_LE16((zip_header).formatted.filename_len); \
+-	(zip_header).formatted.extra_len    = SWAP_LE16((zip_header).formatted.extra_len   ); \
++	(zip).fmt.crc32         = SWAP_LE32((zip).fmt.crc32       ); \
++	(zip).fmt.cmpsize       = SWAP_LE32((zip).fmt.cmpsize     ); \
++	(zip).fmt.ucmpsize      = SWAP_LE32((zip).fmt.ucmpsize    ); \
++	(zip).fmt.filename_len  = SWAP_LE16((zip).fmt.filename_len); \
++	(zip).fmt.extra_len     = SWAP_LE16((zip).fmt.extra_len   ); \
+ }} while (0)
+ 
+ #define CDF_HEADER_LEN 42
+@@ -118,39 +118,39 @@ typedef union {
+ 		uint32_t crc32;                 /* 12-15 */
+ 		uint32_t cmpsize;               /* 16-19 */
+ 		uint32_t ucmpsize;              /* 20-23 */
+-		uint16_t file_name_length;      /* 24-25 */
+-		uint16_t extra_field_length;    /* 26-27 */
++		uint16_t filename_len;          /* 24-25 */
++		uint16_t extra_len;             /* 26-27 */
+ 		uint16_t file_comment_length;   /* 28-29 */
+ 		uint16_t disk_number_start;     /* 30-31 */
+-		uint16_t internal_file_attributes; /* 32-33 */
+-		uint32_t external_file_attributes PACKED; /* 34-37 */
++		uint16_t internal_attributes;   /* 32-33 */
++		uint32_t external_attributes PACKED; /* 34-37 */
+ 		uint32_t relative_offset_of_local_header PACKED; /* 38-41 */
+ 		/* filename follows (not NUL terminated) */
+ 		/* extra field follows */
+-		/* comment follows */
+-	} formatted PACKED;
++		/* file comment follows */
++	} fmt PACKED;
+ } cdf_header_t;
+ 
+-#define FIX_ENDIANNESS_CDF(cdf_header) \
++#define FIX_ENDIANNESS_CDF(cdf) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(cdf_header).formatted.version_made_by = SWAP_LE16((cdf_header).formatted.version_made_by); \
+-	(cdf_header).formatted.version_needed = SWAP_LE16((cdf_header).formatted.version_needed); \
+-	(cdf_header).formatted.method       = SWAP_LE16((cdf_header).formatted.method      ); \
+-	(cdf_header).formatted.modtime      = SWAP_LE16((cdf_header).formatted.modtime     ); \
+-	(cdf_header).formatted.moddate      = SWAP_LE16((cdf_header).formatted.moddate     ); \
+-	(cdf_header).formatted.crc32        = SWAP_LE32((cdf_header).formatted.crc32       ); \
+-	(cdf_header).formatted.cmpsize      = SWAP_LE32((cdf_header).formatted.cmpsize     ); \
+-	(cdf_header).formatted.ucmpsize     = SWAP_LE32((cdf_header).formatted.ucmpsize    ); \
+-	(cdf_header).formatted.file_name_length = SWAP_LE16((cdf_header).formatted.file_name_length); \
+-	(cdf_header).formatted.extra_field_length = SWAP_LE16((cdf_header).formatted.extra_field_length); \
+-	(cdf_header).formatted.file_comment_length = SWAP_LE16((cdf_header).formatted.file_comment_length); \
+-	(cdf_header).formatted.external_file_attributes = SWAP_LE32((cdf_header).formatted.external_file_attributes); \
++	(cdf).fmt.version_made_by = SWAP_LE16((cdf).fmt.version_made_by); \
++	(cdf).fmt.version_needed = SWAP_LE16((cdf).fmt.version_needed); \
++	(cdf).fmt.method        = SWAP_LE16((cdf).fmt.method      ); \
++	(cdf).fmt.modtime       = SWAP_LE16((cdf).fmt.modtime     ); \
++	(cdf).fmt.moddate       = SWAP_LE16((cdf).fmt.moddate     ); \
++	(cdf).fmt.crc32         = SWAP_LE32((cdf).fmt.crc32       ); \
++	(cdf).fmt.cmpsize       = SWAP_LE32((cdf).fmt.cmpsize     ); \
++	(cdf).fmt.ucmpsize      = SWAP_LE32((cdf).fmt.ucmpsize    ); \
++	(cdf).fmt.filename_len  = SWAP_LE16((cdf).fmt.filename_len); \
++	(cdf).fmt.extra_len     = SWAP_LE16((cdf).fmt.extra_len   ); \
++	(cdf).fmt.file_comment_length = SWAP_LE16((cdf).fmt.file_comment_length); \
++	(cdf).fmt.external_attributes = SWAP_LE32((cdf).fmt.external_attributes); \
+ }} while (0)
+ 
+-#define CDE_HEADER_LEN 16
++#define CDE_LEN 16
+ 
+ typedef union {
+-	uint8_t raw[CDE_HEADER_LEN];
++	uint8_t raw[CDE_LEN];
+ 	struct {
+ 		/* uint32_t signature; 50 4b 05 06 */
+ 		uint16_t this_disk_no;
+@@ -159,14 +159,14 @@ typedef union {
+ 		uint16_t cdf_entries_total;
+ 		uint32_t cdf_size;
+ 		uint32_t cdf_offset;
+-		/* uint16_t file_comment_length; */
+-		/* .ZIP file comment (variable size) */
+-	} formatted PACKED;
+-} cde_header_t;
++		/* uint16_t archive_comment_length; */
++		/* archive comment follows */
++	} fmt PACKED;
++} cde_t;
+ 
+-#define FIX_ENDIANNESS_CDE(cde_header) \
++#define FIX_ENDIANNESS_CDE(cde) \
+ do { if (BB_BIG_ENDIAN) { \
+-	(cde_header).formatted.cdf_offset = SWAP_LE32((cde_header).formatted.cdf_offset); \
++	(cde).fmt.cdf_offset = SWAP_LE32((cde).fmt.cdf_offset); \
+ }} while (0)
+ 
+ struct BUG {
+@@ -175,13 +175,13 @@ struct BUG {
+ 	 * even though the elements are all in the right place.
+ 	 */
+ 	char BUG_zip_header_must_be_26_bytes[
+-		offsetof(zip_header_t, formatted.extra_len) + 2
++		offsetof(zip_header_t, fmt.extra_len) + 2
+ 			== ZIP_HEADER_LEN ? 1 : -1];
+ 	char BUG_cdf_header_must_be_42_bytes[
+-		offsetof(cdf_header_t, formatted.relative_offset_of_local_header) + 4
++		offsetof(cdf_header_t, fmt.relative_offset_of_local_header) + 4
+ 			== CDF_HEADER_LEN ? 1 : -1];
+-	char BUG_cde_header_must_be_16_bytes[
+-		sizeof(cde_header_t) == CDE_HEADER_LEN ? 1 : -1];
++	char BUG_cde_must_be_16_bytes[
++		sizeof(cde_t) == CDE_LEN ? 1 : -1];
+ };
+ 
+ 
+@@ -207,7 +207,7 @@ enum { zip_fd = 3 };
+ /* NB: does not preserve file position! */
+ static uint32_t find_cdf_offset(void)
+ {
+-	cde_header_t cde_header;
++	cde_t cde;
+ 	unsigned char *buf;
+ 	unsigned char *p;
+ 	off_t end;
+@@ -228,7 +228,7 @@ static uint32_t find_cdf_offset(void)
+ 
+ 	found = BAD_CDF_OFFSET;
+ 	p = buf;
+-	while (p <= buf + PEEK_FROM_END - CDE_HEADER_LEN - 4) {
++	while (p <= buf + PEEK_FROM_END - CDE_LEN - 4) {
+ 		if (*p != 'P') {
+ 			p++;
+ 			continue;
+@@ -240,19 +240,19 @@ static uint32_t find_cdf_offset(void)
+ 		if (*++p != 6)
+ 			continue;
+ 		/* we found CDE! */
+-		memcpy(cde_header.raw, p + 1, CDE_HEADER_LEN);
+-		FIX_ENDIANNESS_CDE(cde_header);
++		memcpy(cde.raw, p + 1, CDE_LEN);
++		FIX_ENDIANNESS_CDE(cde);
+ 		/*
+ 		 * I've seen .ZIP files with seemingly valid CDEs
+ 		 * where cdf_offset points past EOF - ??
+ 		 * This check ignores such CDEs:
+ 		 */
+-		if (cde_header.formatted.cdf_offset < end + (p - buf)) {
+-			found = cde_header.formatted.cdf_offset;
++		if (cde.fmt.cdf_offset < end + (p - buf)) {
++			found = cde.fmt.cdf_offset;
+ 			dbg("Possible cdf_offset:0x%x at 0x%"OFF_FMT"x",
+ 				(unsigned)found, end + (p-3 - buf));
+ 			dbg("  cdf_offset+cdf_size:0x%x",
+-				(unsigned)(found + SWAP_LE32(cde_header.formatted.cdf_size)));
++				(unsigned)(found + SWAP_LE32(cde.fmt.cdf_size)));
+ 			/*
+ 			 * We do not "break" here because only the last CDE is valid.
+ 			 * I've seen a .zip archive which contained a .zip file,
+@@ -266,7 +266,7 @@ static uint32_t find_cdf_offset(void)
+ 	return found;
+ };
+ 
+-static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
++static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf)
+ {
+ 	uint32_t magic;
+ 
+@@ -276,23 +276,25 @@ static uint32_t read_next_cdf(uint32_t cdf_offset, cdf_header_t *cdf_ptr)
+ 	dbg("Reading CDF at 0x%x", (unsigned)cdf_offset);
+ 	xlseek(zip_fd, cdf_offset, SEEK_SET);
+ 	xread(zip_fd, &magic, 4);
+-	/* Central Directory End? */
++	/* Central Directory End? Assume CDF has ended.
++	 * (more correct method is to use cde.cdf_entries_total counter)
++	 */
+ 	if (magic == ZIP_CDE_MAGIC) {
+ 		dbg("got ZIP_CDE_MAGIC");
+ 		return 0; /* EOF */
+ 	}
+-	xread(zip_fd, cdf_ptr->raw, CDF_HEADER_LEN);
++	xread(zip_fd, cdf->raw, CDF_HEADER_LEN);
+ 
+-	FIX_ENDIANNESS_CDF(*cdf_ptr);
+-	dbg("  file_name_length:%u extra_field_length:%u file_comment_length:%u",
+-		(unsigned)cdf_ptr->formatted.file_name_length,
+-		(unsigned)cdf_ptr->formatted.extra_field_length,
+-		(unsigned)cdf_ptr->formatted.file_comment_length
++	FIX_ENDIANNESS_CDF(*cdf);
++	dbg("  filename_len:%u extra_len:%u file_comment_length:%u",
++		(unsigned)cdf->fmt.filename_len,
++		(unsigned)cdf->fmt.extra_len,
++		(unsigned)cdf->fmt.file_comment_length
+ 	);
+ 	cdf_offset += 4 + CDF_HEADER_LEN
+-		+ cdf_ptr->formatted.file_name_length
+-		+ cdf_ptr->formatted.extra_field_length
+-		+ cdf_ptr->formatted.file_comment_length;
++		+ cdf->fmt.filename_len
++		+ cdf->fmt.extra_len
++		+ cdf->fmt.file_comment_length;
+ 
+ 	return cdf_offset;
+ };
+@@ -315,28 +317,28 @@ static void unzip_create_leading_dirs(const char *fn)
+ 	free(name);
+ }
+ 
+-static void unzip_extract(zip_header_t *zip_header, int dst_fd)
++static void unzip_extract(zip_header_t *zip, int dst_fd)
+ {
+-	if (zip_header->formatted.method == 0) {
++	if (zip->fmt.method == 0) {
+ 		/* Method 0 - stored (not compressed) */
+-		off_t size = zip_header->formatted.ucmpsize;
++		off_t size = zip->fmt.ucmpsize;
+ 		if (size)
+ 			bb_copyfd_exact_size(zip_fd, dst_fd, size);
+ 	} else {
+ 		/* Method 8 - inflate */
+ 		transformer_state_t xstate;
+ 		init_transformer_state(&xstate);
+-		xstate.bytes_in = zip_header->formatted.cmpsize;
++		xstate.bytes_in = zip->fmt.cmpsize;
+ 		xstate.src_fd = zip_fd;
+ 		xstate.dst_fd = dst_fd;
+ 		if (inflate_unzip(&xstate) < 0)
+ 			bb_error_msg_and_die("inflate error");
+ 		/* Validate decompression - crc */
+-		if (zip_header->formatted.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
++		if (zip->fmt.crc32 != (xstate.crc32 ^ 0xffffffffL)) {
+ 			bb_error_msg_and_die("crc error");
+ 		}
+ 		/* Validate decompression - size */
+-		if (zip_header->formatted.ucmpsize != xstate.bytes_out) {
++		if (zip->fmt.ucmpsize != xstate.bytes_out) {
+ 			/* Don't die. Who knows, maybe len calculation
+ 			 * was botched somewhere. After all, crc matched! */
+ 			bb_error_msg("bad length");
+@@ -563,7 +565,7 @@ int unzip_main(int argc, char **argv)
+ 	total_entries = 0;
+ 	cdf_offset = find_cdf_offset();	/* try to seek to the end, find CDE and CDF start */
+ 	while (1) {
+-		zip_header_t zip_header;
++		zip_header_t zip;
+ 		mode_t dir_mode = 0777;
+ #if ENABLE_FEATURE_UNZIP_CDF
+ 		mode_t file_mode = 0666;
+@@ -589,7 +591,7 @@ int unzip_main(int argc, char **argv)
+ 
+ 			/* Check magic number */
+ 			xread(zip_fd, &magic, 4);
+-			/* Central directory? It's at the end, so exit */
++			/* CDF item? Assume there are no more files, exit */
+ 			if (magic == ZIP_CDF_MAGIC) {
+ 				dbg("got ZIP_CDF_MAGIC");
+ 				break;
+@@ -605,71 +607,74 @@ int unzip_main(int argc, char **argv)
+ 				bb_error_msg_and_die("invalid zip magic %08X", (int)magic);
+ 			dbg("got ZIP_FILEHEADER_MAGIC");
+ 
+-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-			FIX_ENDIANNESS_ZIP(zip_header);
+-			if ((zip_header.formatted.method != 0)
+-			 && (zip_header.formatted.method != 8)
++			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip);
++			if ((zip.fmt.method != 0)
++			 && (zip.fmt.method != 8)
+ 			) {
+ 				/* TODO? method 12: bzip2, method 14: LZMA */
+-				bb_error_msg_and_die("unsupported method %d", zip_header.formatted.method);
++				bb_error_msg_and_die("unsupported method %d", zip.fmt.method);
+ 			}
+-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0009)) {
++			if (zip.fmt.zip_flags & SWAP_LE16(0x0009)) {
+ 				bb_error_msg_and_die("zip flags 1 and 8 are not supported");
+ 			}
+ 		}
+ #if ENABLE_FEATURE_UNZIP_CDF
+ 		else {
+ 			/* cdf_offset is valid (and we know the file is seekable) */
+-			cdf_header_t cdf_header;
+-			cdf_offset = read_next_cdf(cdf_offset, &cdf_header);
++			cdf_header_t cdf;
++			cdf_offset = read_next_cdf(cdf_offset, &cdf);
+ 			if (cdf_offset == 0) /* EOF? */
+ 				break;
+-# if 0
++# if 1
+ 			xlseek(zip_fd,
+-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4,
++				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4,
+ 				SEEK_SET);
+-			xread(zip_fd, zip_header.raw, ZIP_HEADER_LEN);
+-			FIX_ENDIANNESS_ZIP(zip_header);
+-			if (zip_header.formatted.zip_flags & SWAP_LE16(0x0008)) {
++			xread(zip_fd, zip.raw, ZIP_HEADER_LEN);
++			FIX_ENDIANNESS_ZIP(zip);
++			if (zip.fmt.zip_flags & SWAP_LE16(0x0008)) {
+ 				/* 0x0008 - streaming. [u]cmpsize can be reliably gotten
+ 				 * only from Central Directory.
+ 				 */
+-				zip_header.formatted.crc32    = cdf_header.formatted.crc32;
+-				zip_header.formatted.cmpsize  = cdf_header.formatted.cmpsize;
+-				zip_header.formatted.ucmpsize = cdf_header.formatted.ucmpsize;
++				zip.fmt.crc32    = cdf.fmt.crc32;
++				zip.fmt.cmpsize  = cdf.fmt.cmpsize;
++				zip.fmt.ucmpsize = cdf.fmt.ucmpsize;
+ 			}
+ # else
+-			/* CDF has the same data as local header, no need to read the latter */
+-			memcpy(&zip_header.formatted.version,
+-				&cdf_header.formatted.version_needed, ZIP_HEADER_LEN);
++			/* CDF has the same data as local header, no need to read the latter...
++			 * ...not really. An archive was seen with cdf.extra_len == 6 but
++			 * zip.extra_len == 0.
++			 */
++			memcpy(&zip.fmt.version,
++				&cdf.fmt.version_needed, ZIP_HEADER_LEN);
+ 			xlseek(zip_fd,
+-				SWAP_LE32(cdf_header.formatted.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
++				SWAP_LE32(cdf.fmt.relative_offset_of_local_header) + 4 + ZIP_HEADER_LEN,
+ 				SEEK_SET);
+ # endif
+-			if ((cdf_header.formatted.version_made_by >> 8) == 3) {
++			if ((cdf.fmt.version_made_by >> 8) == 3) {
+ 				/* This archive is created on Unix */
+-				dir_mode = file_mode = (cdf_header.formatted.external_file_attributes >> 16);
++				dir_mode = file_mode = (cdf.fmt.external_attributes >> 16);
+ 			}
+ 		}
+ #endif
+ 
+-		if (zip_header.formatted.zip_flags & SWAP_LE16(0x0001)) {
++		if (zip.fmt.zip_flags & SWAP_LE16(0x0001)) {
+ 			/* 0x0001 - encrypted */
+ 			bb_error_msg_and_die("zip flag 1 (encryption) is not supported");
+ 		}
+ 		dbg("File cmpsize:0x%x extra_len:0x%x ucmpsize:0x%x",
+-			(unsigned)zip_header.formatted.cmpsize,
+-			(unsigned)zip_header.formatted.extra_len,
+-			(unsigned)zip_header.formatted.ucmpsize
++			(unsigned)zip.fmt.cmpsize,
++			(unsigned)zip.fmt.extra_len,
++			(unsigned)zip.fmt.ucmpsize
+ 		);
+ 
+ 		/* Read filename */
+ 		free(dst_fn);
+-		dst_fn = xzalloc(zip_header.formatted.filename_len + 1);
+-		xread(zip_fd, dst_fn, zip_header.formatted.filename_len);
++		dst_fn = xzalloc(zip.fmt.filename_len + 1);
++		xread(zip_fd, dst_fn, zip.fmt.filename_len);
+ 
+ 		/* Skip extra header bytes */
+-		unzip_skip(zip_header.formatted.extra_len);
++		unzip_skip(zip.fmt.extra_len);
+ 
+ 		/* Guard against "/abspath", "/../" and similar attacks */
+ 		overlapping_strcpy(dst_fn, strip_unsafe_prefix(dst_fn));
+@@ -684,32 +689,32 @@ int unzip_main(int argc, char **argv)
+ 				/* List entry */
+ 				char dtbuf[sizeof("mm-dd-yyyy hh:mm")];
+ 				sprintf(dtbuf, "%02u-%02u-%04u %02u:%02u",
+-					(zip_header.formatted.moddate >> 5) & 0xf,  // mm: 0x01e0
+-					(zip_header.formatted.moddate)      & 0x1f, // dd: 0x001f
+-					(zip_header.formatted.moddate >> 9) + 1980, // yy: 0xfe00
+-					(zip_header.formatted.modtime >> 11),       // hh: 0xf800
+-					(zip_header.formatted.modtime >> 5) & 0x3f  // mm: 0x07e0
+-					// seconds/2 are not shown, encoded in ----------- 0x001f
++					(zip.fmt.moddate >> 5) & 0xf,  // mm: 0x01e0
++					(zip.fmt.moddate)      & 0x1f, // dd: 0x001f
++					(zip.fmt.moddate >> 9) + 1980, // yy: 0xfe00
++					(zip.fmt.modtime >> 11),       // hh: 0xf800
++					(zip.fmt.modtime >> 5) & 0x3f  // mm: 0x07e0
++					// seconds/2 not shown, encoded in -- 0x001f
+ 				);
+ 				if (!verbose) {
+ 					//      "  Length      Date    Time    Name\n"
+ 					//      "---------  ---------- -----   ----"
+ 					printf(       "%9u  " "%s   "         "%s\n",
+-						(unsigned)zip_header.formatted.ucmpsize,
++						(unsigned)zip.fmt.ucmpsize,
+ 						dtbuf,
+ 						dst_fn);
+ 				} else {
+-					unsigned long percents = zip_header.formatted.ucmpsize - zip_header.formatted.cmpsize;
++					unsigned long percents = zip.fmt.ucmpsize - zip.fmt.cmpsize;
+ 					if ((int32_t)percents < 0)
+ 						percents = 0; /* happens if ucmpsize < cmpsize */
+ 					percents = percents * 100;
+-					if (zip_header.formatted.ucmpsize)
+-						percents /= zip_header.formatted.ucmpsize;
++					if (zip.fmt.ucmpsize)
++						percents /= zip.fmt.ucmpsize;
+ 					//      " Length   Method    Size  Cmpr    Date    Time   CRC-32   Name\n"
+ 					//      "--------  ------  ------- ---- ---------- ----- --------  ----"
+ 					printf(      "%8u  %s"        "%9u%4u%% " "%s "         "%08x  "  "%s\n",
+-						(unsigned)zip_header.formatted.ucmpsize,
+-						zip_header.formatted.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
++						(unsigned)zip.fmt.ucmpsize,
++						zip.fmt.method == 0 ? "Stored" : "Defl:N", /* Defl is method 8 */
+ /* TODO: show other methods?
+  *  1 - Shrunk
+  *  2 - Reduced with compression factor 1
+@@ -722,15 +727,16 @@ int unzip_main(int argc, char **argv)
+  * 10 - PKWARE Data Compression Library Imploding
+  * 11 - Reserved by PKWARE
+  * 12 - BZIP2
++ * 14 - LZMA
+  */
+-						(unsigned)zip_header.formatted.cmpsize,
++						(unsigned)zip.fmt.cmpsize,
+ 						(unsigned)percents,
+ 						dtbuf,
+-						zip_header.formatted.crc32,
++						zip.fmt.crc32,
+ 						dst_fn);
+-					total_size += zip_header.formatted.cmpsize;
++					total_size += zip.fmt.cmpsize;
+ 				}
+-				total_usize += zip_header.formatted.ucmpsize;
++				total_usize += zip.fmt.ucmpsize;
+ 				i = 'n';
+ 			} else if (dst_fd == STDOUT_FILENO) {
+ 				/* Extracting to STDOUT */
+@@ -798,9 +804,11 @@ int unzip_main(int argc, char **argv)
+ #endif
+ 		case -1: /* Unzip */
+ 			if (!quiet) {
+-				printf("  inflating: %s\n", dst_fn);
++				printf(/* zip.fmt.method == 0
++					? " extracting: %s\n"
++					: */ "  inflating: %s\n", dst_fn);
+ 			}
+-			unzip_extract(&zip_header, dst_fd);
++			unzip_extract(&zip, dst_fd);
+ 			if (dst_fd != STDOUT_FILENO) {
+ 				/* closing STDOUT is potentially bad for future business */
+ 				close(dst_fd);
+@@ -811,7 +819,7 @@ int unzip_main(int argc, char **argv)
+ 			overwrite = O_NEVER;
+ 		case 'n':
+ 			/* Skip entry data */
+-			unzip_skip(zip_header.formatted.cmpsize);
++			unzip_skip(zip.fmt.cmpsize);
+ 			break;
+ 
+ 		case 'r':
+diff --git a/testsuite/unzip.tests b/testsuite/unzip.tests
+index d9c45242c..2e4becdb8 100755
+--- a/testsuite/unzip.tests
++++ b/testsuite/unzip.tests
+@@ -34,7 +34,9 @@ rm foo.zip
+ optional FEATURE_UNZIP_CDF
+ testing "unzip (bad archive)" "uudecode; unzip bad.zip 2>&1; echo \$?" \
+ "Archive:  bad.zip
+-unzip: short read
++  inflating: ]3j½r«IK-%Ix
++unzip: corrupted data
++unzip: inflate error
+ 1
+ " \
+ "" "\
+-- 
+2.11.0
+
diff --git a/package/busybox/0008-httpd-fix-handling-of-range-requests.patch b/package/busybox/0008-httpd-fix-handling-of-range-requests.patch
new file mode 100644
index 0000000000..3b9d70f742
--- /dev/null
+++ b/package/busybox/0008-httpd-fix-handling-of-range-requests.patch
@@ -0,0 +1,27 @@
+From 4316dff48aacb29307e1b52cb761fef603759b9d Mon Sep 17 00:00:00 2001
+From: Denys Vlasenko <vda.linux at googlemail.com>
+Date: Mon, 18 Sep 2017 13:09:11 +0200
+Subject: [PATCH] httpd: fix handling of range requests
+
+Signed-off-by: Denys Vlasenko <vda.linux at googlemail.com>
+Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
+---
+ networking/httpd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/networking/httpd.c b/networking/httpd.c
+index d301d598d..84d819723 100644
+--- a/networking/httpd.c
++++ b/networking/httpd.c
+@@ -2337,7 +2337,7 @@ static void handle_incoming_and_exit(const len_and_sockaddr *fromAddr)
+ 			if (STRNCASECMP(iobuf, "Range:") == 0) {
+ 				/* We know only bytes=NNN-[MMM] */
+ 				char *s = skip_whitespace(iobuf + sizeof("Range:")-1);
+-				if (is_prefixed_with(s, "bytes=") == 0) {
++				if (is_prefixed_with(s, "bytes=")) {
+ 					s += sizeof("bytes=")-1;
+ 					range_start = BB_STRTOOFF(s, &s, 10);
+ 					if (s[0] != '-' || range_start < 0) {
+-- 
+2.11.0
+
-- 
2.11.0




More information about the buildroot mailing list