lp:ubuntu/edgy-updates/unzip

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/edgy-updates/unzip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

11. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via heap corruption.
* inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
* References
  CVE-2008-0888

10. By Martin Pitt

* Merge from debian unstable; only Ubuntu changes left:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.

9. By Martin Pitt

* const.h, process.c: Limit the maximum length of displayed file names to
  512 bytes, to avoid spewage with excessively long file names (which caused
  buffer overflows until the recent security fix for CVE-2005-4667).
* Thanks to Santiago Vila for pointing this out.

8. By Martin Pitt

Previous security update scrambled the output fields in the contents
listing, fix that regression.

7. By Martin Pitt

* SECURITY UPDATE: Arbitrary code execution on specially crafted long file
  names (which should not happen in many scenarios, though).
* unzpriv.h, Info macro:
  - Use snprintf() instead of sprintf() as inner formatting function.
  - Use fputs() instead of fprintf() as outer function to ignore leftover
    format strings which might not have been substituted in the inner
    snprintf().
  - Throw away the three different implementations of that macro and use
    just one safe one.
  - CVE-2005-4667

6. By Michael Vogt

Resynchronise with Debian.

5. By Martin Pitt

* Resynchronise with Debian.
* Repaired totally scrambled changelog.
* unzip.c: Change Debian banner to 'Ubuntu', as advised by the Debian
  maintainer.

4. By Martin Pitt

* SECURITY UPDATE: Fix file permission modification race.
* unix/unix.c: Use fchmod() instead of chmod() to change permissions on the
  files unzip actually created, not the files another attacker might have
  hardlinked to in the meantime.
* CAN-2005-2475

3. By Thom May

Fixed unzip of >2GB files, thanks to patch from ard at kwaak.net

2. By Santiago Vila

Added unshrinking support (Closes: #252563).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/unzip
This branch contains Public information 
Everyone can see this information.

Subscribers