Changelog for
unzip-doc-6.00-89.1.x86_64.rpm :
Thu Oct 11 14:00:00 2018 kstreitovaAATTsuse.com
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
list.c [bsc#1110194] [CVE-2018-18384]
Wed Jun 27 14:00:00 2018 kstreitovaAATTsuse.com
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
unable to process Windows zip64 archives because Windows
archivers set total_disks field to 0 but per standard, valid
values are 1 and higher [bnc#910683]
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
Wed May 16 14:00:00 2018 antoine.belvireAATTopensuse.org
- Fix \"remove failed: No such file or directory\" warnings upon
package removal:
* Call \'update-alternative --remove\' in %postun, not in %preun.
Thu Feb 8 13:00:00 2018 kbabiochAATTsuse.com
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
Thu Jul 6 14:00:00 2017 nico.kruberAATTgmail.com
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
causing errors testing valid jar files:
$ unzip -t foo.jar
Archive: foo.jar
testing: META-INF/ bad extra-field entry:
EF block length (0 bytes) invalid (< 4)
testing: META-INF/MANIFEST.MF OK
testing: foo OK
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
where the updated patch was taken from)
Wed Feb 15 13:00:00 2017 josef.moellersAATTsuse.com
- Fixed two potential buffer overflows.
The patches were extracted from
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
http://antinode.info/ftp/info-zip/unzip60/list.c
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
CVE-2016-9844.patch, CVE-2014-9913.patch)
Wed Oct 12 14:00:00 2016 josef.moellersAATTsuse.com
- When decrypting an encrypted file,
quit early if compressed size < HEAD_LEN.
When extracting avoid an infinite loop
if a file never finishes unzipping.
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
CVE-2015-7696.patch, CVE-2015-7697.patch)
Thu Jun 16 14:00:00 2016 tchvatalAATTsuse.com
- Require properly the update-alternatives to not throw out errors
when installing in OBS chroot
Mon Jan 26 13:00:00 2015 tbehrensAATTsuse.com
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
the CRC32 verification (fixes bnc#909214)
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
(
*_8349_
*) shows a problem in extract.c:test_compr_eb(), and:
read errors (
*_6430_
*,
*_3422_
*) show problems in
process.c:getZip64Data() (fixes bnc#909214)
Sun Dec 21 13:00:00 2014 meissnerAATTsuse.com
- build with PIE
Fri Aug 2 14:00:00 2013 cooloAATTsuse.com
- fix defaultattr for old distros
Fri Aug 2 14:00:00 2013 cooloAATTsuse.com
- split the rcc dependency into a spec file of it\'s own, we don\'t
need that complexity during build causing cycles like this:
unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
Fri Apr 5 14:00:00 2013 idonmezAATTsuse.com
- Cleanup spec file
- Add Source URL, see https://en.opensuse.org/SourceUrls
Fri Aug 5 14:00:00 2011 pthAATTsuse.de
- Don\'t call isprint (bnc#620483).
Mon May 23 14:00:00 2011 lnusselAATTsuse.de
- remove use of __DATE__ from correct file
Sat May 7 14:00:00 2011 idoenmezAATTnovell.com
- Sync our compile time flags with Debian except Acorn stuff, this enables
UTF-8, saves an unrelated warning about lchmod being not implemented.
- Enable make check
Fri Jan 28 13:00:00 2011 lnusselAATTsuse.de
- use dlopen for librcc0. A direct requires causes lots of other
packages to get installed such as aspell which bloats a minimal
install.
Mon Aug 30 14:00:00 2010 cristian.rodriguezAATTopensuse.org
- Do not include build host specific info like build dates In
binaries.
Fri Jun 25 14:00:00 2010 pthAATTsuse.de
- Doing open(O_WRONLY) and then fdopen(\"w+\") will now fail with
\"Invalid Argument\" whereas former glibcs would succeed. So now
do open(O_RDWR).
- Print error message when open(2) fails.
- Add debugging traces in open_outfile.
Fri May 21 14:00:00 2010 pthAATTsuse.de
- Update to 6.0:
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
entries larger than 4 GiBytes and more than 65536 entries within a
single Zip archive. This support is currently only available for Unix,
OpenVMS and Win32/Win64.
* Support for bzip2 compression method.
* Support for UTF-8 encoded entry names, both through PKWARE\'s \"General
Purpose Flags Bit 11\" indicator and Info-ZIP\'s new \"up\" unicode path
extra field. (Currently, on Windows the UTF-8 handling is limited to
the character subset contained in the configured non-unicode \"system
code page\".)
* Fixed \"Time of Creation/Time of Use\" vulnerability when setting
attributes of extracted files, for Unix and Unix-like ports.
* Fixed memory leak when processing invalid deflated data.
* Fixed long-standing bug in unshrink (partial_clear), added boundary
checks against invalid compressed data.
* On Unix, keep inherited SGID attribute bit for extracted directories
unless restoration of owner/group id or SUID/SGID/Tacky attributes was
requested.
* On Unix, allow extracted filenames to contain embedded control
characters when explicitly requested by specifying the new command line
option \"-^\".
* On Unix, support restoration of symbolic link attributes.
* On Unix, support restoration of 32-bit UID/GID data using the new \"ux\"
IZUNIX3 extra field introduced with Zip 3.0.
* Support symbolic links zipped up on VMS.
* New -D option to suppress restoration of timestamps for extracted
directory entries (on those ports that support setting of directory
timestamps). By specifying \"-DD\", this new option also allows to
suppress timestamp restoration for ALL extracted files on all UnZip
ports which support restoration of timestamps. On VMS, the default
behaviour is now to skip restoration of directory timestamps; here,
\"--D\" restores ALL timestamps, \"-D\" restores none.
* On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
to allow saving backup copies of overwritten files on extraction is now
enabled by default.
Mon May 10 14:00:00 2010 pthAATTsuse.de
- Use librcc to convert russian/slavic file names (bnc#540598).
Sun Dec 6 13:00:00 2009 jengelhAATT.medozas.de
- enable parallel building