--- zip-2.32/unix/configure	2006-02-18 06:58:56 +0100
+++ zip-2.32/unix/configure	2006-07-02 15:31:34 +0200
@@ -50,15 +50,9 @@
 fi
 
 echo Check for the C preprocessor
-# on SVR4, cc -E does not produce correct assembler files. Need /lib/cpp.
-CPP="${CC} -E"
-# solaris as(1) needs -P, maybe others as well ?
-[ -f /usr/ccs/lib/cpp ] && CPP="/usr/ccs/lib/cpp -P"
-[ -f /usr/lib/cpp ] && CPP=/usr/lib/cpp
-[ -f /lib/cpp ] && CPP=/lib/cpp
-[ -f /usr/bin/cpp ] && CPP=/usr/bin/cpp
-[ -f /xenix ] && CPP="${CC} -E"
-[ -f /lynx.os ] && CPP="${CC} -E"
+# use the OpenPKG GCC cpp binary unconditionally,
+# because on some platforms, the native one is broken
+CPP="@l_cpp@"
 
 echo "#include <stdio.h>" > conftest.c
 $CPP conftest.c >/dev/null 2>/dev/null || CPP="${CC} -E"
@@ -74,7 +68,7 @@
     echo "int foo() { return 0;}" > conftest.c
     $CC -c conftest.c >/dev/null 2>/dev/null
     echo Check if compiler generates underlines
-    nm conftest.o | grep "(^|[^_])foo" >/dev/null 2>/dev/null
+    nm conftest.o | grep "[^_]foo" >/dev/null 2>/dev/null
     [ $? -eq 0 ] && CPP="${CPP} -DNO_UNDERLINE"
     if eval "$CPP crc_i386.S > _crc_i386.s 2>/dev/null"; then
       if eval "$CC -c _crc_i386.s >/dev/null 2>/dev/null" && [ -f _crc_i386.o ]

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282
    Directory traversal vulnerability in UnZip 5.50 allows attackers to
    overwrite arbitrary files via invalid characters between two . (dot)
    characters, which are filtered and result in a ".." sequence.