]> granicus.if.org Git - zziplib/log
zziplib
6 years agoMerge pull request #28 from mojca/strnlen
Guido U. Draheim [Thu, 1 Mar 2018 00:10:59 +0000 (01:10 +0100)]
Merge pull request #28 from mojca/strnlen

provide a workaround for missing strnlen #25

6 years agoprovide a workaround for missing strnlen #25
Mojca Miklavec [Wed, 28 Feb 2018 14:09:55 +0000 (15:09 +0100)]
provide a workaround for missing strnlen #25

The strnlen function is only defined in POSIX.1-2008.
It is missing on Solaris 10 or Mac OS X 10.6 for example.

6 years agoMerge pull request #26 from jmoellers/master
Guido U. Draheim [Tue, 13 Feb 2018 10:02:37 +0000 (11:02 +0100)]
Merge pull request #26 from jmoellers/master

If the size of the central directory is too big, reject the file.

6 years agoIf the size of the central directory is too big, reject the file.
Josef Möllers [Tue, 13 Feb 2018 09:36:44 +0000 (10:36 +0100)]
If the size of the central directory is too big, reject the file.

6 years agoMerge pull request #19 from jmoellers/master
Guido U. Draheim [Tue, 6 Feb 2018 16:22:34 +0000 (17:22 +0100)]
Merge pull request #19 from jmoellers/master

Make sure an extension block is large enough.

6 years ago- If an extension block is too small to hold an extension,
Josef Möllers [Tue, 6 Feb 2018 15:16:36 +0000 (16:16 +0100)]
- If an extension block is too small to hold an extension,
  do not use the information therein.
- If the End of central directory record (EOCD) contains an
  Offset of start of central directory which is beyond the end of
  the file, reject the file.
  [CVE-2018-6540]

6 years agov0.13.68 v0.13.68
Guido Draheim [Mon, 5 Feb 2018 20:46:57 +0000 (21:46 +0100)]
v0.13.68

6 years ago'Now hosted on' message to github.com #13
Guido Draheim [Mon, 5 Feb 2018 20:41:54 +0000 (21:41 +0100)]
'Now hosted on' message to github.com #13

6 years agoupdate docs with references to github.com #13
Guido Draheim [Mon, 5 Feb 2018 20:10:47 +0000 (21:10 +0100)]
update docs with references to github.com #13

6 years agoignore dir-entries errors elsewhere as well
Guido Draheim [Mon, 5 Feb 2018 14:26:22 +0000 (15:26 +0100)]
ignore dir-entries errors elsewhere as well

6 years agoonly firstlevel subdir was made, and later dir-entries may be directories
Guido Draheim [Mon, 5 Feb 2018 14:22:40 +0000 (15:22 +0100)]
only firstlevel subdir was made, and later dir-entries may be directories

6 years agolist works, but unpack fails #17
Guido Draheim [Mon, 5 Feb 2018 13:44:45 +0000 (14:44 +0100)]
list works, but unpack fails #17

6 years agofopen may fail for a bad name -> EXIT_ERRORS in that case #17
Guido Draheim [Mon, 5 Feb 2018 13:37:13 +0000 (14:37 +0100)]
fopen may fail for a bad name -> EXIT_ERRORS in that case #17

6 years agofixed test_65402 on CVE #15
Guido Draheim [Mon, 5 Feb 2018 12:58:42 +0000 (13:58 +0100)]
fixed test_65402 on CVE #15

6 years agoneed to check on endbuf for stored files #15
Guido Draheim [Mon, 5 Feb 2018 12:57:49 +0000 (13:57 +0100)]
need to check on endbuf for stored files #15

6 years agorephrase pre-malloc check
Guido Draheim [Mon, 5 Feb 2018 12:09:25 +0000 (13:09 +0100)]
rephrase pre-malloc check

6 years agocheck on null in macros
Guido Draheim [Mon, 5 Feb 2018 11:50:37 +0000 (12:50 +0100)]
check on null in macros

6 years agodo not run perror in lib-code, just make debug diagnostics
Guido Draheim [Mon, 5 Feb 2018 11:29:28 +0000 (12:29 +0100)]
do not run perror in lib-code, just make debug diagnostics

6 years agomore DBG for diskopen
Guido Draheim [Mon, 5 Feb 2018 11:21:34 +0000 (12:21 +0100)]
more DBG for diskopen

6 years agoadapt testcases for DBG
Guido Draheim [Mon, 5 Feb 2018 11:02:59 +0000 (12:02 +0100)]
adapt testcases for DBG

6 years agouse DBG in cat-mem
Guido Draheim [Mon, 5 Feb 2018 10:59:37 +0000 (11:59 +0100)]
use DBG in cat-mem

6 years agocheck on test_63113
Guido Draheim [Mon, 5 Feb 2018 10:51:47 +0000 (11:51 +0100)]
check on test_63113

6 years agocheck on test_63013
Guido Draheim [Mon, 5 Feb 2018 10:50:16 +0000 (11:50 +0100)]
check on test_63013

6 years agocheck on test_64848
Guido Draheim [Mon, 5 Feb 2018 10:49:14 +0000 (11:49 +0100)]
check on test_64848

6 years agocheck on test_64018
Guido Draheim [Mon, 5 Feb 2018 10:47:45 +0000 (11:47 +0100)]
check on test_64018

6 years agocorrecting download-raw for older CVEs and checking the sizes
Guido Draheim [Mon, 5 Feb 2018 10:44:14 +0000 (11:44 +0100)]
correcting download-raw for older CVEs and checking the sizes

6 years agoadding test_63018 with zzdir
Guido Draheim [Mon, 5 Feb 2018 10:26:23 +0000 (11:26 +0100)]
adding test_63018 with zzdir

6 years agoadding test_64848 with zzdir
Guido Draheim [Mon, 5 Feb 2018 10:18:07 +0000 (11:18 +0100)]
adding test_64848 with zzdir

6 years agodouble check test_65414
Guido Draheim [Mon, 5 Feb 2018 10:12:02 +0000 (11:12 +0100)]
double check test_65414

6 years agoallow to run 'make test_xxxx' directly
Guido Draheim [Mon, 5 Feb 2018 10:07:01 +0000 (11:07 +0100)]
allow to run 'make test_xxxx' directly

6 years agodouble-checking download-size, correcting raw-download from github
Guido Draheim [Mon, 5 Feb 2018 09:59:28 +0000 (10:59 +0100)]
double-checking download-size, correcting raw-download from github

6 years agoreorganize testcases for CVEs
Guido Draheim [Mon, 5 Feb 2018 09:29:14 +0000 (10:29 +0100)]
reorganize testcases for CVEs

6 years agofix error as zzip_entry_strdup_name might return NULL #4 #12
Guido Draheim [Mon, 5 Feb 2018 02:37:23 +0000 (03:37 +0100)]
fix error as zzip_entry_strdup_name might return NULL #4 #12

6 years agoadapt tests to be run --without-debug configuration
Guido Draheim [Mon, 5 Feb 2018 02:10:57 +0000 (03:10 +0100)]
adapt tests to be run --without-debug configuration

6 years agotest_63119 should reproduce #11 but it is ok
Guido Draheim [Mon, 5 Feb 2018 01:20:05 +0000 (02:20 +0100)]
test_63119 should reproduce #11 but it is ok

6 years agotest_65419 should reproduce CVE-2918-6541 but it is ok
Guido Draheim [Mon, 5 Feb 2018 01:12:41 +0000 (02:12 +0100)]
test_65419 should reproduce CVE-2918-6541 but it is ok

6 years agotest_65427 should reproduce CVE-2918-6542 but it is ok
Guido Draheim [Sun, 4 Feb 2018 22:48:13 +0000 (23:48 +0100)]
test_65427 should reproduce CVE-2918-6542 but it is ok

6 years agoexpecting test_59806 (2 of 2)
Guido Draheim [Sun, 4 Feb 2018 22:35:22 +0000 (23:35 +0100)]
expecting test_59806 (2 of 2)

6 years agoCVE 5977 fix complete
Guido Draheim [Sun, 4 Feb 2018 22:32:23 +0000 (23:32 +0100)]
CVE 5977 fix complete

6 years agoCVE 5978 - bus error in test_59786
Guido Draheim [Sun, 4 Feb 2018 22:30:48 +0000 (23:30 +0100)]
CVE 5978 - bus error in test_59786

6 years agoCVE 5979 test_59788 leaves empty file
Guido Draheim [Sun, 4 Feb 2018 22:26:28 +0000 (23:26 +0100)]
CVE 5979 test_59788 leaves empty file

6 years agoCVE 5974 test_59748 leaves empty file
Guido Draheim [Sun, 4 Feb 2018 22:25:05 +0000 (23:25 +0100)]
CVE 5974 test_59748 leaves empty file

6 years agoCVE 5975 says corrupted now
Guido Draheim [Sun, 4 Feb 2018 22:23:03 +0000 (23:23 +0100)]
CVE 5975 says corrupted now

6 years agoCVE 5976 - test_59768 leaves empty file
Guido Draheim [Sun, 4 Feb 2018 22:20:21 +0000 (23:20 +0100)]
CVE 5976 - test_59768 leaves empty file

6 years agoCVE 5980 - bus error test_59806 #4
Guido Draheim [Sun, 4 Feb 2018 22:13:46 +0000 (23:13 +0100)]
CVE 5980 - bus error test_59806 #4

6 years agoCVE 5981 not fatal
Guido Draheim [Sun, 4 Feb 2018 22:07:46 +0000 (23:07 +0100)]
CVE 5981 not fatal

6 years agoCVE 6301 not fatal #10
Guido Draheim [Sun, 4 Feb 2018 22:05:21 +0000 (23:05 +0100)]
CVE 6301 not fatal #10

6 years agoCVE 6311 not fatal #11
Guido Draheim [Sun, 4 Feb 2018 22:03:36 +0000 (23:03 +0100)]
CVE 6311 not fatal #11

6 years agoCVE 6381 not fatal #12
Guido Draheim [Sun, 4 Feb 2018 22:01:53 +0000 (23:01 +0100)]
CVE 6381 not fatal #12

6 years agocorrect gres(run.errors usage
Guido Draheim [Sun, 4 Feb 2018 21:59:43 +0000 (22:59 +0100)]
correct gres(run.errors usage

6 years agoCVE 6484 not fatal #14
Guido Draheim [Sun, 4 Feb 2018 21:53:44 +0000 (22:53 +0100)]
CVE 6484 not fatal #14

6 years agoCVE 6542 not fatal #17
Guido Draheim [Sun, 4 Feb 2018 21:28:31 +0000 (22:28 +0100)]
CVE 6542 not fatal #17

6 years agoCVE 6541 not fatal #16
Guido Draheim [Sun, 4 Feb 2018 21:23:12 +0000 (22:23 +0100)]
CVE 6541 not fatal #16

6 years agoadding bins/unzzip-states.h for explicit exit-codes of test-programs
Guido Draheim [Sun, 4 Feb 2018 21:18:58 +0000 (22:18 +0100)]
adding bins/unzzip-states.h for explicit exit-codes of test-programs

6 years agoMerge branch 'master' of github.com:gdraheim/zziplib
Guido Draheim [Sun, 4 Feb 2018 17:34:05 +0000 (18:34 +0100)]
Merge branch 'master' of github.com:gdraheim/zziplib

6 years agochange DBG MSG
Guido Draheim [Sun, 4 Feb 2018 17:33:49 +0000 (18:33 +0100)]
change DBG MSG

6 years agoadd LD_LIBRARY_PATH for command calls
Guido Draheim [Sun, 4 Feb 2018 17:01:57 +0000 (18:01 +0100)]
add LD_LIBRARY_PATH for command calls

6 years agoMerge pull request #18 from jmoellers/master
Guido U. Draheim [Sun, 4 Feb 2018 14:12:14 +0000 (15:12 +0100)]
Merge pull request #18 from jmoellers/master

Reject the ZIP file and report it as corrupt if the size of the

6 years agoadd test_6542* for #17 CVE
Guido Draheim [Sun, 4 Feb 2018 14:08:17 +0000 (15:08 +0100)]
add test_6542* for #17 CVE

6 years agoadd test_6541* for #16 CVE
Guido Draheim [Sun, 4 Feb 2018 14:06:22 +0000 (15:06 +0100)]
add test_6541* for #16 CVE

6 years agoadd test_6540* for #15 CVE
Guido Draheim [Sun, 4 Feb 2018 14:04:12 +0000 (15:04 +0100)]
add test_6540* for #15 CVE

6 years agoadd test_6484* for #14 CVE
Guido Draheim [Sun, 4 Feb 2018 14:02:07 +0000 (15:02 +0100)]
add test_6484* for #14 CVE

6 years agoadd test_6381* for #12 CVE
Guido Draheim [Sun, 4 Feb 2018 13:58:35 +0000 (14:58 +0100)]
add test_6381* for #12 CVE

6 years agoadd test_6311* for #11 CVE
Guido Draheim [Sun, 4 Feb 2018 13:53:14 +0000 (14:53 +0100)]
add test_6311* for #11 CVE

6 years agoadd test_6301* for #10 CVE
Guido Draheim [Sun, 4 Feb 2018 13:47:04 +0000 (14:47 +0100)]
add test_6301* for #10 CVE

6 years agouse testdir() for tmpdir in CVE tests
Guido Draheim [Sun, 4 Feb 2018 13:18:54 +0000 (14:18 +0100)]
use testdir() for tmpdir in CVE tests

6 years agooptimize download without trycopy
Guido Draheim [Sun, 4 Feb 2018 13:09:50 +0000 (14:09 +0100)]
optimize download without trycopy

6 years agofix testdir usage
Guido Draheim [Sun, 4 Feb 2018 12:57:08 +0000 (13:57 +0100)]
fix testdir usage

6 years ago9000 testdir
Guido Draheim [Sun, 4 Feb 2018 12:42:47 +0000 (13:42 +0100)]
9000 testdir

6 years agorenumber testcases to 5 digits
Guido Draheim [Sun, 4 Feb 2018 12:27:57 +0000 (13:27 +0100)]
renumber testcases to 5 digits

6 years agoReject the ZIP file and report it as corrupt if the size of the
Josef Möllers [Fri, 2 Feb 2018 13:09:32 +0000 (14:09 +0100)]
Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file. [CVE-2018-6484]

6 years agomerge CVE-2018-6381.patch from @jmoellers #12
Guido Draheim [Thu, 1 Feb 2018 11:27:49 +0000 (12:27 +0100)]
merge CVE-2018-6381.patch from @jmoellers #12

7 years agoMerge pull request #9 from stweil/master
Guido U. Draheim [Sun, 24 Sep 2017 23:09:11 +0000 (01:09 +0200)]
Merge pull request #9 from stweil/master

Fix some typos

7 years agoFix some typos
Stefan Weil [Sat, 16 Sep 2017 19:58:02 +0000 (21:58 +0200)]
Fix some typos

Most of them were found by codespell.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
7 years agozipextract for zzip - 18 expected
Guido Draheim [Mon, 12 Jun 2017 20:05:12 +0000 (22:05 +0200)]
zipextract for zzip - 18 expected

7 years agozipextract base - what could be extracted
Guido Draheim [Mon, 12 Jun 2017 19:33:02 +0000 (21:33 +0200)]
zipextract base - what could be extracted

7 years agoCVE-2017-5974
Guido Draheim [Mon, 12 Jun 2017 18:42:51 +0000 (20:42 +0200)]
CVE-2017-5974

7 years agotestcases with unzzip-mix (2 expected)
Guido Draheim [Mon, 12 Jun 2017 18:30:20 +0000 (20:30 +0200)]
testcases with unzzip-mix (2 expected)

7 years agoCVE-2017-5981 testcase
Guido Draheim [Mon, 12 Jun 2017 18:23:53 +0000 (20:23 +0200)]
CVE-2017-5981 testcase

7 years agoCVE-2017-5980 testcase
Guido Draheim [Mon, 12 Jun 2017 18:18:12 +0000 (20:18 +0200)]
CVE-2017-5980 testcase

7 years agoCVE-2017-5976 testcase
Guido Draheim [Mon, 12 Jun 2017 18:14:29 +0000 (20:14 +0200)]
CVE-2017-5976 testcase

7 years agoCVE-2017-5975 testcase
Guido Draheim [Mon, 12 Jun 2017 18:10:45 +0000 (20:10 +0200)]
CVE-2017-5975 testcase

7 years agoCVE-2017-5974 testcase (and correcting the other testcases)
Guido Draheim [Mon, 12 Jun 2017 18:05:11 +0000 (20:05 +0200)]
CVE-2017-5974 testcase (and correcting the other testcases)

7 years agoCVE-2017-5979 testcase
Guido Draheim [Mon, 12 Jun 2017 17:41:27 +0000 (19:41 +0200)]
CVE-2017-5979 testcase

7 years agoCVE-2017-5978 testcase
Guido Draheim [Mon, 12 Jun 2017 17:39:00 +0000 (19:39 +0200)]
CVE-2017-5978 testcase

7 years agoCVE-2017-5977 testcase
Guido Draheim [Mon, 12 Jun 2017 17:30:07 +0000 (19:30 +0200)]
CVE-2017-5977 testcase

7 years agointroduce zzip/__errno.h to help with missing EBADMSG
Guido Draheim [Mon, 12 Jun 2017 01:04:16 +0000 (03:04 +0200)]
introduce zzip/__errno.h to help with missing EBADMSG

7 years agov0.13.67 v0.13.67
Guido Draheim [Mon, 12 Jun 2017 00:54:33 +0000 (02:54 +0200)]
v0.13.67

7 years agouse existing zzip/__fnmatch.h in bins/*.c
Guido Draheim [Mon, 12 Jun 2017 00:14:45 +0000 (02:14 +0200)]
use existing zzip/__fnmatch.h in bins/*.c

7 years agocut out _mkdir to zzip/__mkdir.h and use bin/*.c as well
Guido Draheim [Mon, 12 Jun 2017 00:04:42 +0000 (02:04 +0200)]
cut out _mkdir to zzip/__mkdir.h and use bin/*.c as well

7 years agomove _zzip_strndup to new zzip/__string.h and use it in bins/*.c
Guido Draheim [Sun, 11 Jun 2017 23:56:26 +0000 (01:56 +0200)]
move _zzip_strndup to new zzip/__string.h and use it in bins/*.c

7 years agouse zzip_mem_entry_find_extra_block, deprecate the old func
Guido Draheim [Sun, 11 Jun 2017 23:52:26 +0000 (01:52 +0200)]
use zzip_mem_entry_find_extra_block, deprecate the old func

7 years agoCVE-2017-5974
Guido Draheim [Tue, 23 May 2017 21:31:25 +0000 (23:31 +0200)]
CVE-2017-5974

7 years agoCVE-2017-5979
Guido Draheim [Tue, 23 May 2017 21:03:39 +0000 (23:03 +0200)]
CVE-2017-5979

7 years agofix that problem
Guido Draheim [Tue, 16 May 2017 00:32:23 +0000 (02:32 +0200)]
fix that problem

7 years agoreport a run-error as an exception
Guido Draheim [Fri, 28 Apr 2017 00:03:10 +0000 (02:03 +0200)]
report a run-error as an exception

7 years agoshow the segefault
Guido Draheim [Thu, 27 Apr 2017 19:23:00 +0000 (21:23 +0200)]
show the segefault

7 years agocheck test5.zip by usage
Guido Draheim [Tue, 25 Apr 2017 21:49:12 +0000 (23:49 +0200)]
check test5.zip by usage

7 years agoadd test5.zip with subdirs
Guido Draheim [Tue, 25 Apr 2017 21:33:46 +0000 (23:33 +0200)]
add test5.zip with subdirs

7 years agopush test4.zip into the megabyte range
Guido Draheim [Tue, 25 Apr 2017 20:50:07 +0000 (22:50 +0200)]
push test4.zip into the megabyte range