- Jan 22, 2025
-
- Jun 08, 2024
-
- Oct 06, 2023
-
-
T.J. Townsend authored
-
- May 30, 2023
-
-
Jelle van der Waa authored
sources.debian.org links are not stable, so version the patch in git.
-
- Jan 15, 2023
-
-
Evangelos Foutras authored
devtools 20230105-1 enables the debug option by default. A follow-up commit will remove debug from alongside other options.
-
- Aug 10, 2022
-
-
Jonas Witschel authored
-
- Feb 16, 2022
-
-
Jonas Witschel authored
This patch allows opting out of the zip bomb detection using the UNZIP_DISABLE_ZIPBOMB_DETECTION environment variable. unzip-zipbomb-manpage.patch got updated accordingly in upstream commit https://src.fedoraproject.org/rpms/unzip/c/d68949f359685b90a93cb3d30e239e9cd68d27dc to mention this variable in the man page.
-
Jonas Witschel authored
-
Jonas Witschel authored
See https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1957077 for a bug report including a reproducer and a proposed patch. The first part of the patch is already covered by "unzip-6.0-valgrind.patch", so apply only the changes to process.c directly related to CVE-2021-4217. After applying the patch, the reproducer does not crash unzip any more.
-
- Nov 16, 2021
-
-
Jonas Witschel authored
unzip-6.0-fix-recmatch.patch has been reported to cause some archives not to be extracted completely, and unzip-6.0-caseinsensitive.patch builds upon this patch and cannot be applied without it. Since both patches are not security-related, drop them to improve compatibility with existing ZIP archives.
-
- Nov 03, 2021
-
-
Jonas Witschel authored
These are now downloaded directly from Fedora.
-
Jonas Witschel authored
This fixes a couple of bugs and security issues, most notably CVE-2016-9844, CVE-2018-18384, CVE-2018-1000035 (FS#69739), FS#60433, FS#70981 and FS#71725. All available patches that Fedora applies to date have been considered, apart from unzip-6.0-bzip2-configure.patch, unzip-6.0-configure.patch (two configure patches Arch does not require) and unzip-6.0-manpage-fix.patch (a trivial spelling fix in a man page.
-
Jonas Witschel authored
This is done in preparation for adding more patches from Fedore to fix various security issues. The contents of the patches is identical to the existing ones, apart from unzip-6.0-cve-2014-8139.patch, which is an updated version of crc32.patch, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1174844 The three patches csiz-underflow.patch, empty-input.patch and nextbyte-overflow.patch are all incorporated into the single unzip-6.0-heap-overflow-infloop.patch.
-
- Sep 12, 2021
-
-
Jelle van der Waa authored
-
- Apr 24, 2020
-
-
Jelle van der Waa authored
-
- Mar 03, 2019
-
-
Lukas Fleischer authored
-
- Nov 09, 2018
-
-
Jelle van der Waa authored
-
- Nov 15, 2017
-
-
Evangelos Foutras authored
-
- Apr 17, 2016
-
-
Lukas Fleischer authored
-
- Nov 03, 2015
-
-
Gaetan Bisson authored
-
- Mar 15, 2015
-
-
Gaetan Bisson authored
-
- Jan 10, 2015
-
-
Gaetan Bisson authored
-
- Jan 09, 2015
-
-
Gaetan Bisson authored
-
- Jun 30, 2014
-
-
Gaetan Bisson authored
-
Gaetan Bisson authored
-
- Jun 29, 2014
-
-
Gaetan Bisson authored
-
- Feb 17, 2012
-
-
Allan McRae authored
-
- Feb 27, 2010
-
-
Thayer Williams authored
-
- Jun 25, 2009
-
-
Giovanni Scafora authored
-
Giovanni Scafora authored
-
- Jun 10, 2009
-
-
Douglas Soares de Andrade authored
-
Douglas Soares de Andrade authored
-
- Apr 18, 2008
-
-
Aaron Griffin authored
-
- Apr 06, 2008
-
-
Aaron Griffin authored
-