Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy/unzip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

15. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via heap corruption.
* inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
* References

14. By Matthias Klose

* Merge with Debian; remaining changes:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.
  - support UTF-8 file names.

13. By Matthias Klose

Apply patch from https://bugzilla.altlinux.org/long_list.cgi?buglist=4871
to support UTF-8 file names. Ubuntu #10979.

12. By Matthias Klose

* Rebuild for changes in the amd64 toolchain.
* Set Ubuntu maintainer address.

11. By Michael Vogt

Merge from debian unstable.

10. By Martin Pitt

* Merge from debian unstable; only Ubuntu changes left:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.

9. By Martin Pitt

* const.h, process.c: Limit the maximum length of displayed file names to
  512 bytes, to avoid spewage with excessively long file names (which caused
  buffer overflows until the recent security fix for CVE-2005-4667).
* Thanks to Santiago Vila for pointing this out.

8. By Martin Pitt

Previous security update scrambled the output fields in the contents
listing, fix that regression.

7. By Martin Pitt

* SECURITY UPDATE: Arbitrary code execution on specially crafted long file
  names (which should not happen in many scenarios, though).
* unzpriv.h, Info macro:
  - Use snprintf() instead of sprintf() as inner formatting function.
  - Use fputs() instead of fprintf() as outer function to ignore leftover
    format strings which might not have been substituted in the inner
  - Throw away the three different implementations of that macro and use
    just one safe one.
  - CVE-2005-4667

6. By Michael Vogt

Resynchronise with Debian.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.