SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for unzip-6.0-24.el7_9.x86_64.rpm :

* Tue Dec 07 2021 Jakub Martisko - 6.0-24- Reenable the zipbomb detection patches- Add environment variable that disables the zipbomb detection- Resolves: rhbz#2020318
* Thu Nov 11 2021 Jakub Martisko - 6.0-23- Disable the zipbomb detection patches- There were too many false positives for now, will reenable this later with an option to opt-out- Resolves: rhbz#2020318
* Thu Mar 25 2021 Jakub Martisko - 6.0-22- Fix a false positive in a zip bomb detection- Resolves: 1920632
* Mon Nov 04 2019 Jakub Martisko - 6.0-21- Fix CVE-2019-13232- Resolves: CVE-2019-13232
* Mon Feb 25 2019 Jakub Martisko - 6.0-20- Fix CVE-2018-18384 Resolves: CVE-2018-18384
* Tue Jan 09 2018 Jakub Martisko - 6.0-19- rename patch unzip-6.0-nostrip.patch to unzip-6.0-configure.patch- make linking flags configurable from the specc file- set linking flags to use relro hardening Related: #1531116
* Tue Jan 09 2018 Jakub Martisko - 6.0-18- Add -DNOLCHMOD build option, since lchmod is not availabel on Linux Anyway Related: #1531116
* Thu Jan 04 2018 Jakub Martisko - 6.0-17- Fix error with wrong CRC checks by adding -DNOMEMCPY flag Resolves: #1525636
* Wed Nov 25 2015 Petr Stodulka - 6.0-16- Added patch for build option \"-Werror=format-security\"- Added support of non-unicode non-latin charset- Fix print of non-ascii filenames- Fix troubles with symlinks for archives with many files Resolves: rhbz#1276746, rhbz#1286165, rhbz#1276744
* Wed Feb 25 2015 Petr Stodulka - 6.0-15- Fix CVE-2014-9636 CVE-2014-8139 CVE-2014-8140 CVE-2014-8141 Resolves: #1196134 #1196122 #1196126 #1196130
* Tue Jul 22 2014 Petr Stodulka - 6.0-14- Fix caseinsensitive bug Resolves: #1104018
* Fri Jan 24 2014 Daniel Mach - 6.0-13- Mass rebuild 2014-01-24
* Fri Dec 27 2013 Daniel Mach - 6.0-12- Mass rebuild 2013-12-27
* Fri Sep 27 2013 Ondrej Vasik - 6.0-11- slightly improve covered options in -hh usage and manpages (#948808)
* Mon Jun 24 2013 Tom Callaway - 6.0-10- unset WILD_STOP_AT_DIR
* Tue May 28 2013 Tom Callaway - 6.0-9- Apply changes to match.c to sync with recmatch from util.c (from zip 3.0) This also resolves the license issue in that file.
* Fri Feb 15 2013 Fedora Release Engineering - 6.0-8- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Dec 10 2012 Michal Luscon 6.0-7- Resolves: #884679 - zip files with bzip2 compression
* Sun Jul 22 2012 Fedora Release Engineering - 6.0-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- Fix minor manpage spelling mistake Resolves: #675454
* Mon Feb 07 2011 Fedora Release Engineering - 6.0-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon May 24 2010 Karel Klic - 6.0-3- Removed BuildRoot tag- Removed %clean section- Removed trailing whitespaces in the spec file
* Mon Nov 30 2009 Karel Klic - 6.0-2- Fixed a buffer overflow (rhbz#532380, unzip-6.0-attribs-overflow.patch)- Generate debuginfos (rhbz#540220, unzip-6.0-nostrip.patch)
* Mon Nov 16 2009 Karel Klic - 6.0-1- New upstream version- Compiled using `make generic_gcc` (includes asm)- Removed unzip542-rpmoptflags.patch, because RPM_OPT_FLAGS are provided using command line- Removed unzip-5.51-link-segv.patch, because the link file is not reopened in the current version- Removed unzip-5.51-link-segv2.patch, the bug was already fixed in open_outfile in 5.52- Removed unzip-5.52-toctou.patch (CAN-2005-2475), the vulnerability is fixed in the current version- Removed unzip-5.52-near-4GB.patch, unzip-5.52-near-4GB2.patch, unzip-5.52-4GB3.patch, and unzip-5.52-4GB_types.patch, because the current version supports large files- Removed unzip-5.52-long-filename.patch, the current version fixes the vulnerability by checking the length of command line arguments in unzip.c- Removed unzip-5.52-makefile.patch, because we no longer create the link manually- Removed unzip-5.52-open.patch, the current version uses umask.- Removed unzip-5.52-cve-2008-0888.patch, the current version fixes this vulnerability- Ported unzip-5.52-249057.patch to current version (unzip-6.0-close)
* Sun Jul 26 2009 Fedora Release Engineering - 5.52-11- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Wed Feb 25 2009 Fedora Release Engineering - 5.52-10- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Mar 19 2008 Ivana Varekova - 5.52-9- fix crash (double free) on malformed zip archive CVE-2008-0888 (#431438)
* Fri Feb 08 2008 Ivana Varekova - 5.52-8- fix output when out of space error appears
* Wed Jan 23 2008 Ivana Varekova - 5.52-7- fix another long file support problem
* Tue Jan 22 2008 Ivana Varekova - 5.52-6- add 4GB patch (#429674)
* Tue Sep 04 2007 Ivana Varekova - 5.52-5- fix open call
* Wed Feb 07 2007 Ivana Varekova - 5.52-4- incorporate the next peckage review comment
* Tue Feb 06 2007 Ivana Varekova - 5.52-3- Resolves: 226516 Incorporate the package review
* Wed Jul 12 2006 Jesse Keating - 5.52-2.2.1- rebuild
* Fri Feb 10 2006 Jesse Keating - 5.52-2.2- bump again for double-long bug on ppc(64)
* Tue Feb 07 2006 Jesse Keating - 5.52-2.1- rebuilt for new gcc4.1 snapshot and glibc changes
* Mon Feb 06 2006 Ivana Varekova 5.52-2- fix bug 180078 - unzip -l causing error- fix CVE-2005-4667 - unzip long file name buffer overflow
* Thu Dec 22 2005 Ivana Varekova 5.52-1- update to 5.52
* Fri Dec 09 2005 Jesse Keating - rebuilt
* Wed Aug 03 2005 Ivana Varekova 5.51-12- fix bug 164928 - TOCTOU issue in unzip
* Mon May 09 2005 Ivana Varekova 5.51-11- fix bug 156959 – invalid file mode on created files
* Mon Mar 07 2005 Ivana Varekova 5.51-10- rebuilt
* Thu Feb 10 2005 Ivana Varekova 5.51-9- fix the other problem with unpacking zipfiles containing symlinks (bug #134073)
* Thu Feb 03 2005 Ivana Varekova 5.51-8- fix segfault with unpacking of zipfiles containing dangling symlinks (bug #134073)
* Thu Dec 02 2004 Lon Hohberger 5.51-6- Rebuild
* Thu Dec 02 2004 Lon Hohberger 5.51-5- Fix segfault on extraction of symlinks
* Mon Jun 21 2004 Lon Hohberger 5.51-4- Extend max file/archive size to 2^32-8193 (4294959103) bytes
* Tue Jun 15 2004 Elliot Lee - rebuilt
* Tue Jun 08 2004 Lon Hohberger 5.51-2- Rebuild
* Tue Jun 08 2004 Lon Hohberger 5.51-1.1- Update to 5.51; remove dotdot patch.
* Fri Feb 13 2004 Elliot Lee - rebuilt
* Mon Nov 17 2003 Lon Hohberger 5.50-36- Rebuild for FC-next
* Fri Aug 01 2003 Lon Hohberger 5.50-35- Rebuild for Severn
* Fri Aug 01 2003 Lon Hohberger 5.50-34- Rebuild for Taroon
* Fri Aug 01 2003 Lon Hohberger 5.50-33- Rebuild for 9 errata
* Fri Aug 01 2003 Lon Hohberger 5.50-32- Rebuild for 8.0 errata
* Fri Aug 01 2003 Lon Hohberger 5.50-31- Rebuild for 7.3 errata
* Wed Jul 30 2003 Lon Hohberger 5.50-30- SECURITY Round 3: Fix up original patch (from 5.50-9) to fix^V/ exploit, but still allow \'-:\', which the other patch (5.50-18)does not allow. Never allow explicit writing to the rootdirectory; force users to change there and extract it manually.
* Wed Jul 30 2003 Lon Hohberger 5.50-29- Rebuild for Severn
* Wed Jul 30 2003 Lon Hohberger 5.50-28- Rebuild
* Wed Jul 30 2003 Lon Hohberger 5.50-27- Rebuild for 9
* Wed Jul 30 2003 Lon Hohberger 5.50-26- Rebuild for 8.0
* Tue Jul 22 2003 Lon Hohberger 5.50-23- Rebuild for 7.3
* Mon Jul 21 2003 Lon Hohberger 5.50-22- Rebuild for Severn
* Mon Jul 21 2003 Lon Hohberger 5.50-21- Rebuild
* Mon Jul 21 2003 Lon Hohberger 5.50-20- Rebuild for 9
* Mon Jul 21 2003 Lon Hohberger 5.50-19- Rebuild for 8.0
* Mon Jul 21 2003 Lon Hohberger 5.50-18- SECURITY: Incorporate far cleaner patch from Ben Laurie which also fixes ^V/ (quote-slash).Patch checks post-decode as opposed to inline as previouspatch does.
* Mon Jun 16 2003 Lon Hohberger 5.50-17- Rebuilt per request
* Thu Jun 12 2003 Lon Hohberger 5.50-16- Rebuilt
* Thu Jun 12 2003 Lon Hohberger 5.50-15- Rebuilt
* Thu Jun 12 2003 Lon Hohberger 5.50-14- Rebuilt: Red Hat Linux 9
* Thu Jun 12 2003 Lon Hohberger 5.50-13- Rebuilt: Red Hat Enterprise Linux 2.1
* Thu Jun 12 2003 Lon Hohberger 5.50-12- Rebuilt Red Hat Linux 8.0
* Thu Jun 12 2003 Lon Hohberger 5.50-11- Rebuilt Red Hat Linux 7.3
* Wed Jun 11 2003 Lon Hohberger 5.50-10- Rebuilt
* Wed Jun 11 2003 Lon Hohberger 5.50-9- SECURITY: Scour start of filename for ../ patterns whichinclude quote and/or control characters.
* Wed Jun 04 2003 Elliot Lee - rebuilt
* Wed Jan 22 2003 Tim Powers - rebuilt
* Thu Dec 19 2002 Tim Powers - bump and rebuild
* Fri Jun 21 2002 Tim Powers - automated rebuild
* Thu May 23 2002 Tim Powers - automated rebuild
* Thu Apr 25 2002 Trond Eivind Glomsrød 5.50-3- Rebuild
* Tue Apr 02 2002 Trond Eivind Glomsrød 5.50-2- Make it not strip
* Wed Mar 13 2002 Trond Eivind Glomsrød 5.50-1- 5.50
* Thu Feb 21 2002 Trond Eivind Glomsrød 5.42-3- Rebuild
* Wed Jan 09 2002 Tim Powers - automated rebuild
* Mon May 21 2001 Trond Eivind Glomsrød - 5.42- Don\'t strip binaries explicitly- build without assembly, it doesn\'t seem to increase performance- make it respect RPM_OPT_FLAGS, define _GNU_SOURCE- use %{_tmppath}- \"License:\" replaces \"Copyright:\"- Update URL- include zipgrep- COPYING doesn\'t exist anymore, include LICENSE instead
* Thu Jul 13 2000 Prospector - automatic rebuild
* Sun Jun 11 2000 BIll Nottingham - rebuild in new env.; FHS fixes.
* Tue Apr 18 2000 Bernhard Rosenkraenzer - 4.51 (an acceptable license at last...)
* Thu Feb 03 2000 Bill Nottingham - handle compressed man pages
* Fri Jul 30 1999 Bill Nottingham - update to 5.40
* Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 5)
* Thu Dec 17 1998 Michael Maher - built for 6.0
* Tue Aug 11 1998 Jeff Johnson - build root
* Mon Apr 27 1998 Prospector System - translations modified for de, fr, tr
* Tue Oct 21 1997 Erik Troan - builds on non i386 platforms
* Mon Oct 20 1997 Otto Hammersmith - updated the version
* Thu Jul 10 1997 Erik Troan - built against glibc
  
ICM