ubuntu/+source/unzip:ubuntu/trusty-security

Last commit made on 2015-11-09
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/unzip
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/unzip

Recent commits

2f3b4e5... by Marc Deslauriers on 2015-11-09

Import patches-unapplied version 6.0-9ubuntu1.5 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: fe86c215b778c40eebc3e646838b55dcefd2c95c

New changelog entries:
  * debian/patches/16-fix-integer-underflow-csiz-decrypted: updated to fix
    regression in handling 0-byte files (LP: #1513293)

fe86c21... by Marc Deslauriers on 2015-10-29

Import patches-unapplied version 6.0-9ubuntu1.4 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7d6e317e18e105817c385406d78a06f937217468

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow
    - debian/patches/14-cve-2015-7696: add check to crypt.c.
    - CVE-2015-7696
  * SECURITY UPDATE: infinite loop when extracting empty bzip2 data
    - debian/patches/15-cve-2015-7697: check for empty input in extract.c.
    - CVE-2015-7697
  * SECURITY UPDATE: unsigned overflow on invalid input
    - debian/patches/16-fix-integer-underflow-csiz-decrypted: make sure
      csiz_decrypted doesn't overflow in extract.c.
    - No CVE number

7d6e317... by Marc Deslauriers on 2015-02-17

Import patches-unapplied version 6.0-9ubuntu1.3 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 11207790fe33d6e4efb0a6d3b41452009b99ea62

New changelog entries:
  * SECURITY UPDATE: heap overflow in charset_to_intern()
    - debian/patches/06-unzip60-alt-iconv-utf8: updated to fix buffer
      overflow in unix/unix.c.
    - CVE-2015-1315
  * SECURITY REGRESSION: regression with executable jar files
    - debian/patches/09-cve-2014-8139-crc-overflow: updated to fix
      regression.
  * SECURITY REGRESSION: regression with certain compressed data headers
    - debian/patches/12-cve-2014-9636-test-compr-eb: updated to fix
      regression.

1120779... by Marc Deslauriers on 2015-01-29

Import patches-unapplied version 6.0-9ubuntu1.2 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: c0071de5f3723b00717963c6bf0f646110fbd4af

New changelog entries:
  * SECURITY UPDATE: heap overflow via mismatched block sizes
    - debian/patches/12-cve-2014-9636-test-compr-eb: ensure compressed and
      uncompressed block sizes match when using STORED method in extract.c.
    - CVE-2014-9636

c0071de... by Marc Deslauriers on 2015-01-07

Import patches-unapplied version 6.0-9ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 6746801c6df473cf6cb787bf15dd370ff755578c

New changelog entries:
  * SECURITY UPDATE: CRC32 verification heap-based overflow
    - debian/patches/09-cve-2014-8139-crc-overflow: check extra block
      length in extract.c.
    - CVE-2014-8139
  * SECURITY UPDATE: out-of-bounds write issue in test_compr_eb()
    - debian/patches/10-cve-2014-8140-test-compr-eb: properly validate
      sizes in extract.c.
    - CVE-2014-8140
  * SECURITY UPDATE: out-of-bounds read issues in getZip64Data()
    - debian/patches/11-cve-2014-8141-getzip64data: validate extra fields
      in fileio.c, check sizes in process.c.
    - CVE-2014-8141

6746801... by Colin Watson on 2013-05-13

Import patches-unapplied version 6.0-9ubuntu1 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: caa9e85ab4bf1378c7a382d7b2c55cb9118c839d

New changelog entries:
  * Resynchronise with Debian. Remaining changes:
    - Add patch from archlinux which adds the -O option, allowing a charset
      to be specified for the proper unzipping of non-Latin and non-Unicode
      filenames.

caa9e85... by Santiago Vila on 2013-02-24

Import patches-unapplied version 6.0-9 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 37fc45eb4cd43f34493dd5779caf0bf2035f7520

New changelog entries:
  * Added NO_WORKING_ISPRINT to DEFINES so that UTF8 filenames are
    displayed correctly. Reported by Slavek Banko. Closes: #682682.
  * Use the right strip command when cross-building. Closes: #695141.

37fc45e... by Santiago Vila on 2012-11-28

Import patches-unapplied version 6.0-8 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 7822ba73b3c5be096592d2e64e8528efc445bc4c

New changelog entries:
  * Made unzip -X to actually restore uid/gid information.
    Closes: #689212. Thanks to Axel Scheepers for the report.
  * Disabled memcpy, as it is being used on overlapping buffers,
    leading to data corruption. Closes: #694601.
    Thanks to M Joonas Pihlaja for the report.

7822ba7... by Santiago Vila on 2012-06-30

Import patches-unapplied version 6.0-7 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 44eacefdff2e80efe0fdf500175f5db03d70ec32

New changelog entries:
  * Added Multi-Arch: foreign. Closes: #678812.

44eacef... by Santiago Vila on 2012-03-31

Import patches-unapplied version 6.0-6 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 60a091539bea113e753f60f65b1c2e8b51209f30

New changelog entries:
  * Added hardening flags. Closes: #656268.