Package: unzip / 6.0-21

Metadata

Package Version Patches format
unzip 6.0-21 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 manpages in section 1 not in section 1l.patch | (download)

man/funzip.1 | 8 4 + 4 - 0 !
man/unzip.1 | 24 12 + 12 - 0 !
man/unzipsfx.1 | 32 16 + 16 - 0 !
man/zipgrep.1 | 8 4 + 4 - 0 !
man/zipinfo.1 | 10 5 + 5 - 0 !
5 files changed, 41 insertions(+), 41 deletions(-)

 in debian, manpages are in section 1, not in section 1l
X-Debian-version: 5.52-3


02 this is debian unzip.patch | (download)

unzip.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 "branding patch": unzip by debian. original by info-zip.
X-Debian-version: 5.52-5


03 include unistd for kfreebsd.patch | (download)

unix/unxcfg.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 #include <unistd.h> for kfreebsd
Bug-Debian: https://bugs.debian.org/340693
X-Debian-version: 5.52-8


04 handle pkware verification bit.patch | (download)

process.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 handle the pkware verification bit of internal attributes
Bug-Debian: https://bugs.debian.org/630078
X-Debian-version: 6.0-5


05 fix uid gid handling.patch | (download)

process.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 restore uid and gid information when requested
Bug-Debian: https://bugs.debian.org/689212
X-Debian-version: 6.0-8


06 initialize the symlink flag.patch | (download)

process.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 initialize the symlink flag
Bug-Debian: https://bugs.debian.org/717029
X-Debian-version: 6.0-10


07 increase size of cfactorstr.patch | (download)

list.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 increase size of cfactorstr array to avoid buffer overflow
Bug-Debian: https://bugs.debian.org/741384
X-Debian-version: 6.0-11


08 allow greater hostver values.patch | (download)

zipinfo.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 zipinfo.c: do not crash when hostver byte is >= 100


09 cve 2014 8139 crc overflow.patch | (download)

extract.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 fix cve-2014-8139: crc32 verification heap-based overflow
Bug-Debian: https://bugs.debian.org/773722


10 cve 2014 8140 test compr eb.patch | (download)

extract.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 fix cve-2014-8140: out-of-bounds write issue in test_compr_eb()
Bug-Debian: https://bugs.debian.org/773722


11 cve 2014 8141 getzip64data.patch | (download)

fileio.c | 9 8 + 1 - 0 !
process.c | 68 51 + 17 - 0 !
2 files changed, 59 insertions(+), 18 deletions(-)

 fix cve-2014-8141: out-of-bounds read issues in getzip64data()
Bug-Debian: https://bugs.debian.org/773722


12 cve 2014 9636 test compr eb.patch | (download)

extract.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 info-zip unzip buffer overflow
Bug-Debian: https://bugs.debian.org/776589

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.


13 remove build date.patch | (download)

unix/unix.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove build date
Bug-Debian: https://bugs.debian.org/782851
 In order to make unzip build reproducibly, we remove the
 (already optional) build date from the binary.


14 cve 2015 7696.patch | (download)

crypt.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
15 cve 2015 7697.patch | (download)

extract.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 fix infinite loop when extracting empty bzip2 data
Bug-Debian: https://bugs.debian.org/802160
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944
16 fix integer underflow csiz decrypted.patch | (download)

extract.c | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

 [patch] extract: prevent unsigned overflow on invalid input
17 restore unix timestamps accurately.patch | (download)

process.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 do not ignore extra fields containing unix timestamps
Bug-Debian: https://bugs.debian.org/842993
X-Debian-version: 6.0-21


18 cve 2014 9913 unzip buffer overflow.patch | (download)

list.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 fix cve-2014-9913, buffer overflow in unzip
Bug: https://sourceforge.net/p/infozip/bugs/27/
Bug-Debian: https://bugs.debian.org/847485
Bug-Ubuntu: https://launchpad.net/bugs/387350
X-Debian-version: 6.0-21


19 cve 2016 9844 zipinfo buffer overflow.patch | (download)

zipinfo.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 fix cve-2016-9844, buffer overflow in zipinfo
Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750
X-Debian-version: 6.0-21