Created by James Westby on 2009-06-28 and last modified on 2009-06-28
Get this branch:
bzr branch lp:ubuntu/hardy/unzip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

15. By Kees Cook on 2008-03-19

* SECURITY UPDATE: arbitrary code execution via heap corruption.
* inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
* References

14. By Matthias Klose on 2007-07-17

* Merge with Debian; remaining changes:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.
  - support UTF-8 file names.

13. By Matthias Klose on 2007-03-31

Apply patch from https://bugzilla.altlinux.org/long_list.cgi?buglist=4871
to support UTF-8 file names. Ubuntu #10979.

12. By Matthias Klose on 2007-03-05

* Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address.

11. By Michael Vogt on 2006-11-22

Merge from debian unstable.

10. By Martin Pitt on 2006-06-30

* Merge from debian unstable; only Ubuntu changes left:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.

9. By Martin Pitt on 2006-03-23

* const.h, process.c: Limit the maximum length of displayed file names to
  512 bytes, to avoid spewage with excessively long file names (which caused
  buffer overflows until the recent security fix for CVE-2005-4667).
* Thanks to Santiago Vila for pointing this out.

8. By Martin Pitt on 2006-02-15

Previous security update scrambled the output fields in the contents
listing, fix that regression.

7. By Martin Pitt on 2006-02-10

* SECURITY UPDATE: Arbitrary code execution on specially crafted long file
  names (which should not happen in many scenarios, though).
* unzpriv.h, Info macro:
  - Use snprintf() instead of sprintf() as inner formatting function.
  - Use fputs() instead of fprintf() as outer function to ignore leftover
    format strings which might not have been substituted in the inner
  - Throw away the three different implementations of that macro and use
    just one safe one.
  - CVE-2005-4667

6. By Michael Vogt on 2005-12-28

Resynchronise with Debian.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.