ubuntu/+source/unzip:ubuntu/eoan-proposed

Last commit made on 2019-08-16
Get this branch:
git clone -b ubuntu/eoan-proposed https://git.launchpad.net/ubuntu/+source/unzip
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/eoan-proposed
Repository:
lp:ubuntu/+source/unzip

Recent commits

29e3b78... by Steve Langasek on 2019-08-16

Import patches-unapplied version 6.0-25ubuntu1 to ubuntu/eoan-proposed

Imported using git-ubuntu import.

Changelog parent: 011abaaac5d0e65a6bac90da0f23f2733960ec0d

New changelog entries:
  * Merge from Debian unstable. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

011abaa... by Santiago Vila on 2019-07-27

Import patches-unapplied version 6.0-25 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 91044b0f19dc1b4c1dc48964ff488df0e039575b

New changelog entries:
  * Apply one more patch by Mark Adler:
  - Do not raise a zip bomb alert for a misplaced central directory.
    This should allow Firefox to build again. Closes: #932404.
    Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.

91044b0... by Santiago Vila on 2019-07-11

Import patches-unapplied version 6.0-24 to debian/sid

Imported using git-ubuntu import.

Changelog parent: f63b523a4c6e804c89f872b60738b7d80b9a1cbf

New changelog entries:
  * Apply two patches by Mark Adler:
  - Fix bug in undefer_input() that misplaced the input state.
  - Detect and reject a zip bomb using overlapped entries. Closes: #931433.
    Bug discovered by David Fifield. For reference, this is CVE-2019-13232.

f63b523... by Santiago Vila on 2019-05-28

Import patches-unapplied version 6.0-23 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 083940d1cf9d275d6cdbdc1283b56bf0aec1c6b4

New changelog entries:
  * Fix lame code in fileio.c which parsed 64-bit values incorrectly.
    Thanks to David Fifield for the report. Closes: #929502.

083940d... by Santiago Vila on 2019-02-09

Import patches-unapplied version 6.0-22 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 46af5233d84bc894aa5b495f71902aa35c7ffe1e

New changelog entries:
  * Fix buffer overflow in password protected ZIP archives. Closes: #889838.
    Patch borrowed from SUSE. For reference, this is CVE-2018-1000035.
  * Rules-Requires-Root: no.

46af523... by Santiago Vila on 2016-12-11

Import patches-unapplied version 6.0-21 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9cbbea2bfcb75d0148d9fc1ceb0c04559d77cbda

New changelog entries:
  * Rename all debian/patches/* to have .patch ending.
  * Update 12-cve-2014-9636-test-compr-eb.patch to follow revised
    patch "unzip-6.0_overflow3.diff" from mancha (patch author).
    Update also to follow upstream coding style.
  * Drop workaround for gcc optimization bug on ARM (GCC Bug #764732)
    in the hope that it's not present anymore in GCC-6.
  * Allow source to be cross-built. Closes: #836051.
  * Do not ignore Unix Timestamps. Closes: #842993. Patch by the author.
  * Fix CVE-2014-9913, buffer overflow in unzip. Closes: #847485.
    Patch by the author.
  * Fix CVE-2016-9844, buffer overflow in zipinfo. Closes: #847486.
    Patch by the author.

9cbbea2... by Santiago Vila on 2015-11-09

Import patches-unapplied version 6.0-20 to debian/sid

Imported using git-ubuntu import.

Changelog parent: bab5f663f0b2221bbf47731733e42ee0bd3f13da

New changelog entries:
  * Update debian/patches/16-fix-integer-underflow-csiz-decrypted to fix
    regression on encrypted 0-byte files. Closes: #804595.
    Thanks to Marc Deslauriers for the fix in Ubuntu.

bab5f66... by Santiago Vila on 2015-10-22

Import patches-unapplied version 6.0-19 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6049126f765715e87498d0e1f2b3b77445117b81

New changelog entries:
  * Fix infinite loop when extracting password-protected archive.
    This is CVE-2015-7697. Closes: #802160.
  * Fix heap overflow when extracting password-protected archive.
    This is CVE-2015-7696. Closes: #802162.
  * Fix additional unsigned overflow on invalid input.
  * Thanks a lot to Raphaël Hertzog for the squeeze-lts release,
    from which this upload is mainly derived.

6049126... by Santiago Vila on 2015-08-16

Import patches-unapplied version 6.0-18 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 9a37810628e5abc6c879b45528cc489c7c7c62ff

New changelog entries:
  * Ship a debian/copyright file in source package instead of generating
    it a build time. Closes: #795567.

9a37810... by Santiago Vila on 2015-05-17

Import patches-unapplied version 6.0-17 to debian/sid

Imported using git-ubuntu import.

Changelog parent: ca03ff8dcf5c65805bd314695f3f1d3f8db9c543

New changelog entries:
  * Switch to dh.
  * Remove build date embedded in binary to make the build reproducible.
    Thanks to Jérémy Bobbio <email address hidden>. Closes: #782851.