Package: apktool / 2.7.0+dfsg-7
Metadata
Package | Version | Patches format |
---|---|---|
apktool | 2.7.0+dfsg-7 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
debian wrapper.patch | (download) |
scripts/linux/apktool |
26 12 + 14 - 0 ! |
debian wrapper |
use_system_framework.patch | (download) |
brut.apktool/apktool-lib/src/main/java/brut/androlib/res/AndrolibResources.java |
8 7 + 1 - 0 ! |
use_system_framework Rather than including a package provided apk in the jar, just read it directly from where it gets installed. |
use_system_aapt.patch | (download) |
brut.apktool/apktool-lib/src/main/java/brut/androlib/options/BuildOptions.java |
2 1 + 1 - 0 ! |
use_system_aapt |
build.patch | (download) |
brut.apktool/apktool-cli/build.gradle |
10 3 + 7 - 0 ! |
build |
CVE 2024 21633 Prevent arbitrary file writes with malicious resourc.patch | (download) |
brut.apktool/apktool-lib/src/main/java/brut/androlib/res/decoder/ResFileDecoder.java |
8 8 + 0 - 0 ! |
[patch 1/1] prevent arbitrary file writes with malicious resource names. (#3484) CVE-2024-21633 * refactor: rename sanitize function * fix: expose getDir * fix: safe handling of untrusted resource names - fixes: GHSA-2hqv-2xv4-5h5w * test: sample file for GHSA-2hqv-2xv4-5h5w * refactor: avoid detection of absolute files for resource check * chore: enable info mode on gradle * test: skip test on windows * chore: debug windows handling * fix: normalize entry with file separators * fix: normalize filepath after cleansing * chore: Android paths are not OS specific * refactor: use java.nio for path traversal checking * chore: align path separator on Windows for Zip files * chore: rework towards basic directory traversal * chore: remove '--info' on build.yml |