lp:ubuntu/precise-updates/unzip

Created by Ubuntu Package Importer on 2013-11-12 and last modified on 2015-02-17
Get this branch:
bzr branch lp:ubuntu/precise-updates/unzip
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

24. By Marc Deslauriers on 2015-02-17

* SECURITY UPDATE: heap overflow in charset_to_intern()
  - debian/patches/04-unzip60-alt-iconv-utf8: updated to fix buffer
    overflow in unix/unix.c.
  - CVE-2015-1315
* SECURITY REGRESSION: regression with executable jar files
  - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
    regression.
* SECURITY REGRESSION: regression with certain compressed data headers
  - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
    regression.

23. By Marc Deslauriers on 2015-01-29

* SECURITY UPDATE: heap overflow via mismatched block sizes
  - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
    uncompressed block sizes match when using STORED method in extract.c.
  - CVE-2014-9636

22. By Marc Deslauriers on 2015-01-07

* SECURITY UPDATE: CRC32 verification heap-based overflow
  - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
    length in extract.c.
  - CVE-2014-8139
* SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
  - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
    sizes in extract.c.
  - CVE-2014-8140
* SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
  - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
    in fileio.c, check sizes in process.c.
  - CVE-2014-8141

21. By Brian Thomason on 2011-01-12

Added patch from archlinux which adds the -O option allowing a charset
to be specified for the proper unzipping of non-latin and non-unicode
filenames. (LP: #580961)

20. By Santiago Vila on 2010-02-21

* Added homepage field to control file.
* Switch to 3.0 (quilt) source format.
* Support cross-build.

19. By Alexander Sack on 2010-03-07

rebuild rest of main for armel armv7/thumb2 optimization;
UbuntuSpec:mobile-lucid-arm-gcc-v7-thumb2

18. By Santiago Vila on 2009-05-08

* New upstream release. Closes: #496989.
* Enabled new Unicode support. Closes: #197427. This may or may not work
  for your already created zipfiles, but it's not a bug unless they were
  created using the Unicode feature present in zip 3.0.
* Built using DATE_FORMAT=DF_YMD so that unzip -l show dates in ISO format,
  as that's the only available one which makes sense. Closes: #312886.
* Enabled new bzip2 support. Closes: #426798.
* Exit code for zipgrep should now be the right one. Closes: #441997.
* The reason why a file may not be created is now shown. Closes: #478791.
* Summary of changes in this version not being the debian/* files:
- Manpages in section 1, not 1L.
- Branding patch. UnZip by Debian. Original by Info-ZIP.
- Always #include <unistd.h>. Debian GNU/kFreeBSD needs it.

17. By Michael Vogt on 2008-11-12

* Merge from debian unstable, remaining changes:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.
  - support UTF-8 file names.

16. By Matthias Klose on 2008-06-25

* Merge with Debian; remaining changes:
  - debian/rules: Configure with large file support.
  - unzip.c: Change banner to indicate Ubuntu modification.
  - support UTF-8 file names.

15. By Kees Cook on 2008-03-19

* SECURITY UPDATE: arbitrary code execution via heap corruption.
* inflate.c: fix invalid free() calls, patch from Tavis Ormandy.
* References
  CVE-2008-0888

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/trusty/unzip
This branch contains Public information 
Everyone can see this information.

Subscribers