man/funzip.1 | 8 4 + 4 - 0 !
man/unzip.1 | 24 12 + 12 - 0 !
man/unzipsfx.1 | 32 16 + 16 - 0 !
man/zipgrep.1 | 8 4 + 4 - 0 !
man/zipinfo.1 | 10 5 + 5 - 0 !
5 files changed, 41 insertions(+), 41 deletions(-)

 in debian, manpages are in section 1, not in section 1l
X-Debian-version: 5.52-3

unzip.c | 3 1 + 2 - 0 !
1 file changed, 1 insertion(+), 2 deletions(-)

 "branding patch": unzip by debian. original by info-zip.
X-Debian-version: 5.52-5

unix/unxcfg.h | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 #include <unistd.h> for kfreebsd
Bug-Debian: https://bugs.debian.org/340693
X-Debian-version: 5.52-8

process.c | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 handle the pkware verification bit of internal attributes
Bug-Debian: https://bugs.debian.org/630078
X-Debian-version: 6.0-5

process.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 restore uid and gid information when requested
Bug-Debian: https://bugs.debian.org/689212
X-Debian-version: 6.0-8

process.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 initialize the symlink flag
Bug-Debian: https://bugs.debian.org/717029
X-Debian-version: 6.0-10

list.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 increase size of cfactorstr array to avoid buffer overflow
Bug-Debian: https://bugs.debian.org/741384
X-Debian-version: 6.0-11

zipinfo.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 zipinfo.c: do not crash when hostver byte is >= 100

extract.c | 17 14 + 3 - 0 !
1 file changed, 14 insertions(+), 3 deletions(-)

 fix cve-2014-8139: crc32 verification heap-based overflow
Bug-Debian: https://bugs.debian.org/773722

extract.c | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 fix cve-2014-8140: out-of-bounds write issue in test_compr_eb()
Bug-Debian: https://bugs.debian.org/773722

fileio.c | 9 8 + 1 - 0 !
process.c | 68 51 + 17 - 0 !
2 files changed, 59 insertions(+), 18 deletions(-)

 fix cve-2014-8141: out-of-bounds read issues in getzip64data()
Bug-Debian: https://bugs.debian.org/773722

extract.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 info-zip unzip buffer overflow
Bug-Debian: https://bugs.debian.org/776589

By carefully crafting a corrupt ZIP archive with "extra fields" that
purport to have compressed blocks larger than the corresponding
uncompressed blocks in STORED no-compression mode, an attacker can
trigger a heap overflow that can result in application crash or
possibly have other unspecified impact.

This patch ensures that when extra fields use STORED mode, the
"compressed" and uncompressed block sizes match.

unix/unix.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 remove build date
Bug-Debian: https://bugs.debian.org/782851
 In order to make unzip build reproducibly, we remove the
 (already optional) build date from the binary.

crypt.c | 12 11 + 1 - 0 !
1 file changed, 11 insertions(+), 1 deletion(-)

 upstream fix for heap overflow
Bug-Debian: https://bugs.debian.org/802162
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944

extract.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 fix infinite loop when extracting empty bzip2 data
Bug-Debian: https://bugs.debian.org/802160
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1260944

extract.c | 11 10 + 1 - 0 !
1 file changed, 10 insertions(+), 1 deletion(-)

 [patch] extract: prevent unsigned overflow on invalid input

process.c | 11 7 + 4 - 0 !
1 file changed, 7 insertions(+), 4 deletions(-)

 do not ignore extra fields containing unix timestamps
Bug-Debian: https://bugs.debian.org/842993
X-Debian-version: 6.0-21

list.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 fix cve-2014-9913, buffer overflow in unzip
Bug: https://sourceforge.net/p/infozip/bugs/27/
Bug-Debian: https://bugs.debian.org/847485
Bug-Ubuntu: https://launchpad.net/bugs/387350
X-Debian-version: 6.0-21

zipinfo.c | 13 12 + 1 - 0 !
1 file changed, 12 insertions(+), 1 deletion(-)

 fix cve-2016-9844, buffer overflow in zipinfo
Bug-Debian: https://bugs.debian.org/847486
Bug-Ubuntu: https://launchpad.net/bugs/1643750
X-Debian-version: 6.0-21

fileio.c | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 fix buffer overflow in password protected zip archives
Bug-Debian: https://bugs.debian.org/889838

fileio.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 fix lame code in fileio.c
Bug-Debian: https://bugs.debian.org/929502
X-Debian-version: 6.0-23

fileio.c | 4 3 + 1 - 0 !
1 file changed, 3 insertions(+), 1 deletion(-)

 fix bug in undefer_input() that misplaced the input state.

extract.c | 190 189 + 1 - 0 !
globals.c | 1 1 + 0 - 0 !
globals.h | 3 3 + 0 - 0 !
process.c | 11 11 + 0 - 0 !
unzip.h | 1 1 + 0 - 0 !
5 files changed, 205 insertions(+), 1 deletion(-)

 detect and reject a zip bomb using overlapped entries.

extract.c | 25 19 + 6 - 0 !
process.c | 6 6 + 0 - 0 !
unzpriv.h | 10 10 + 0 - 0 !
3 files changed, 35 insertions(+), 6 deletions(-)

 do not raise a zip bomb alert for a misplaced central directory.

extract.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix bug in uzbunzip2() that incorrectly updated g.incnt

inflate.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 fix bug in uzinflate() that incorrectly updated g.incnt.