Ubuntu
unzip package

unzip rejects Microsoft OneDrive zip files

Bug #2051952 reported by Marc Deslauriers
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unzip (Ubuntu)
Fix Released
Undecided
Marc Deslauriers
Focal
Fix Released
Undecided
Marc Deslauriers
Jammy
Fix Released
Undecided
Marc Deslauriers
Mantic
Fix Released
Undecided
Marc Deslauriers
Noble
Fix Released
Undecided
Marc Deslauriers

Bug Description

[Impact]
unzip rejects Microsoft OneDrive zip files. See the detailed explanation here:

https://www.bitsgalore.org/2020/03/11/does-microsoft-onedrive-export-large-ZIP-files-that-are-corrupt

tl;dr;
Microsoft mishandles the "Total number of disks" field when using the ZIP64 extension. It should start at 1, they use 0, which isn't a valid value. Unzip doesn't properly handle the invalid value.

[Test Plan]
- Download the test zip file from comment #1.
- unzip should extract it without issue (it contains a test.txt text file)
- if unzip fails, it will spew out a weird error message like the following:

$ unzip test.zip
Archive: test.zip
error [test.zip]: missing 4294967098 bytes in zipfile
  (attempting to process anyway)
error [test.zip]: start of central directory not found;
  zipfile corrupt.
  (please check that you have transferred or created the zipfile in the
  appropriate BINARY mode and that you have compiled UnZip properly)

[Where problems could occur]
This simple patch just accepts 0 as a valid total number of disks. I suppose if it was wrong it would mishandle multi-disk archives, though multi-disk archives should have a good value in that field.

See original description
Marc Deslauriers (mdeslaur)
Changed in unzip (Ubuntu Focal):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unzip (Ubuntu Jammy):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unzip (Ubuntu Mantic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in unzip (Ubuntu Noble):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Here is a small test zip file that has 0 in the total number of disks field

Changed in unzip (Ubuntu Noble):
status: New → Fix Committed
description: updated
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :
Changed in unzip (Ubuntu Focal):
status: New → In Progress
Changed in unzip (Ubuntu Jammy):
status: New → In Progress
Changed in unzip (Ubuntu Mantic):
status: New → In Progress
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Packages have been uploaded for processing by the sru team. Thanks!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unzip - 6.0-28ubuntu2

---------------
unzip (6.0-28ubuntu2) noble; urgency=medium

  * Properly handle Microsoft ZIP64 file (LP: #2051952)
    - debian/patches/handle_windows_zip64.patch: ignore invalid "Total
      number of disks" field in process.c.

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2024 10:48:08 -0500

Changed in unzip (Ubuntu Noble):
status: Fix Committed → Fix Released
Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello Marc, or anyone else affected,

Accepted unzip into mantic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unzip/6.0-28ubuntu1.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-mantic to verification-done-mantic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-mantic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unzip (Ubuntu Mantic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-mantic
Changed in unzip (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Robie Basak (racb) wrote :

Hello Marc, or anyone else affected,

Accepted unzip into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unzip/6.0-26ubuntu3.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unzip (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed-focal
Revision history for this message
Robie Basak (racb) wrote :

Hello Marc, or anyone else affected,

Accepted unzip into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unzip/6.0-25ubuntu1.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (unzip/6.0-25ubuntu1.2)

All autopkgtests for the newly accepted unzip (6.0-25ubuntu1.2) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

auto-multiple-choice/1.4.0-4ubuntu1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#unzip

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (unzip/6.0-28ubuntu1.1)

All autopkgtests for the newly accepted unzip (6.0-28ubuntu1.1) for mantic have finished running.
The following regressions have been reported in tests triggered by the package:

mysql-8.0/8.0.36-0ubuntu0.23.10.1 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/mantic/update_excuses.html#unzip

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

The autopkgtest failures in comments #10 and #11 have been retried and have now passed.

I have tested (6.0-25ubuntu1.2) on focal, (6.0-26ubuntu3.2) on jammy and (6.0-28ubuntu1.1) on mantic per the test procedure above, and all 3 of them successfully extracted the test zip file after updating.

tags: added: verification-done verification-done-focal verification-done-jammy verification-done-mantic
removed: verification-needed verification-needed-focal verification-needed-jammy verification-needed-mantic
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unzip - 6.0-28ubuntu1.1

---------------
unzip (6.0-28ubuntu1.1) mantic; urgency=medium

  * Properly handle Microsoft ZIP64 file (LP: #2051952)
    - debian/patches/handle_windows_zip64.patch: ignore invalid "Total
      number of disks" field in process.c.

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2024 10:48:08 -0500

Changed in unzip (Ubuntu Mantic):
status: Fix Committed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote : Update Released

The verification of the Stable Release Update for unzip has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unzip - 6.0-26ubuntu3.2

---------------
unzip (6.0-26ubuntu3.2) jammy; urgency=medium

  * Properly handle Microsoft ZIP64 file (LP: #2051952)
    - debian/patches/handle_windows_zip64.patch: ignore invalid "Total
      number of disks" field in process.c.

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2024 10:52:55 -0500

Changed in unzip (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unzip - 6.0-25ubuntu1.2

---------------
unzip (6.0-25ubuntu1.2) focal; urgency=medium

  * Properly handle Microsoft ZIP64 file (LP: #2051952)
    - debian/patches/handle_windows_zip64.patch: ignore invalid "Total
      number of disks" field in process.c.

 -- Marc Deslauriers <email address hidden> Thu, 01 Feb 2024 10:54:32 -0500

Changed in unzip (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.