]>
granicus.if.org Git - zziplib/log
Guido Draheim [Thu, 1 Mar 2018 23:09:02 +0000 (00:09 +0100)]
fix to use _zzip_fnmatch #6
Guido Draheim [Thu, 1 Mar 2018 22:48:49 +0000 (23:48 +0100)]
use MKZIP when building test0.zip #20
Guido Draheim [Thu, 1 Mar 2018 22:47:03 +0000 (23:47 +0100)]
use MKZIP when building test0.zip #20
Guido Draheim [Thu, 1 Mar 2018 22:42:26 +0000 (23:42 +0100)]
fix to use _zzip_fnmatch #6
Guido Draheim [Thu, 1 Mar 2018 22:30:49 +0000 (23:30 +0100)]
emulating 'cp -s' behaviour #31
Guido Draheim [Thu, 1 Mar 2018 22:25:15 +0000 (23:25 +0100)]
use autoconfigured $(PYTHON) #31 #8
Guido Draheim [Thu, 1 Mar 2018 22:01:26 +0000 (23:01 +0100)]
use 'zzip/__fnmatch.h' defines #6
Guido Draheim [Thu, 1 Mar 2018 21:51:13 +0000 (22:51 +0100)]
introduce _zzip_FNM_NOESCAPE/_PATHNAME/_PERIOD #6
Guido Draheim [Thu, 1 Mar 2018 18:57:36 +0000 (19:57 +0100)]
__mmap.h does not need to store the fileMapping handle according to MINGW patches #30
Guido Draheim [Thu, 1 Mar 2018 17:55:44 +0000 (18:55 +0100)]
use intptr_t in align4, removing a truncation warning #29
Guido Draheim [Thu, 1 Mar 2018 17:52:42 +0000 (18:52 +0100)]
add stdint.h intptr_t emulation #29 #30
Guido Draheim [Thu, 1 Mar 2018 17:12:44 +0000 (18:12 +0100)]
use fopen('wb') for output files / patch from TexLive TLpatches/patch-01-binary
Guido Draheim [Thu, 1 Mar 2018 13:41:07 +0000 (14:41 +0100)]
adding dbk2man.py to regenerate manpages.tar without xmlto #8
Guido Draheim [Thu, 1 Mar 2018 01:09:35 +0000 (02:09 +0100)]
remake test0.zip and push to shipped test/test.zip #20
Guido Draheim [Thu, 1 Mar 2018 00:18:43 +0000 (01:18 +0100)]
edit last patch - move stdlib to ifdef-section, and make the internal function static #25
Guido U. Draheim [Thu, 1 Mar 2018 00:10:59 +0000 (01:10 +0100)]
Merge pull request #28 from mojca/strnlen
provide a workaround for missing strnlen #25
Mojca Miklavec [Wed, 28 Feb 2018 14:09:55 +0000 (15:09 +0100)]
provide a workaround for missing strnlen #25
The strnlen function is only defined in POSIX.1-2008.
It is missing on Solaris 10 or Mac OS X 10.6 for example.
Guido U. Draheim [Tue, 13 Feb 2018 10:02:37 +0000 (11:02 +0100)]
Merge pull request #26 from jmoellers/master
If the size of the central directory is too big, reject the file.
Josef Möllers [Tue, 13 Feb 2018 09:36:44 +0000 (10:36 +0100)]
If the size of the central directory is too big, reject the file.
Guido U. Draheim [Tue, 6 Feb 2018 16:22:34 +0000 (17:22 +0100)]
Merge pull request #19 from jmoellers/master
Make sure an extension block is large enough.
Josef Möllers [Tue, 6 Feb 2018 15:16:36 +0000 (16:16 +0100)]
- If an extension block is too small to hold an extension,
do not use the information therein.
- If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of
the file, reject the file.
[CVE-2018-6540]
Guido Draheim [Mon, 5 Feb 2018 20:46:57 +0000 (21:46 +0100)]
v0.13.68
Guido Draheim [Mon, 5 Feb 2018 20:41:54 +0000 (21:41 +0100)]
'Now hosted on' message to github.com #13
Guido Draheim [Mon, 5 Feb 2018 20:10:47 +0000 (21:10 +0100)]
update docs with references to github.com #13
Guido Draheim [Mon, 5 Feb 2018 14:26:22 +0000 (15:26 +0100)]
ignore dir-entries errors elsewhere as well
Guido Draheim [Mon, 5 Feb 2018 14:22:40 +0000 (15:22 +0100)]
only firstlevel subdir was made, and later dir-entries may be directories
Guido Draheim [Mon, 5 Feb 2018 13:44:45 +0000 (14:44 +0100)]
list works, but unpack fails #17
Guido Draheim [Mon, 5 Feb 2018 13:37:13 +0000 (14:37 +0100)]
fopen may fail for a bad name -> EXIT_ERRORS in that case #17
Guido Draheim [Mon, 5 Feb 2018 12:58:42 +0000 (13:58 +0100)]
fixed test_65402 on CVE #15
Guido Draheim [Mon, 5 Feb 2018 12:57:49 +0000 (13:57 +0100)]
need to check on endbuf for stored files #15
Guido Draheim [Mon, 5 Feb 2018 12:09:25 +0000 (13:09 +0100)]
rephrase pre-malloc check
Guido Draheim [Mon, 5 Feb 2018 11:50:37 +0000 (12:50 +0100)]
check on null in macros
Guido Draheim [Mon, 5 Feb 2018 11:29:28 +0000 (12:29 +0100)]
do not run perror in lib-code, just make debug diagnostics
Guido Draheim [Mon, 5 Feb 2018 11:21:34 +0000 (12:21 +0100)]
more DBG for diskopen
Guido Draheim [Mon, 5 Feb 2018 11:02:59 +0000 (12:02 +0100)]
adapt testcases for DBG
Guido Draheim [Mon, 5 Feb 2018 10:59:37 +0000 (11:59 +0100)]
use DBG in cat-mem
Guido Draheim [Mon, 5 Feb 2018 10:51:47 +0000 (11:51 +0100)]
check on test_63113
Guido Draheim [Mon, 5 Feb 2018 10:50:16 +0000 (11:50 +0100)]
check on test_63013
Guido Draheim [Mon, 5 Feb 2018 10:49:14 +0000 (11:49 +0100)]
check on test_64848
Guido Draheim [Mon, 5 Feb 2018 10:47:45 +0000 (11:47 +0100)]
check on test_64018
Guido Draheim [Mon, 5 Feb 2018 10:44:14 +0000 (11:44 +0100)]
correcting download-raw for older CVEs and checking the sizes
Guido Draheim [Mon, 5 Feb 2018 10:26:23 +0000 (11:26 +0100)]
adding test_63018 with zzdir
Guido Draheim [Mon, 5 Feb 2018 10:18:07 +0000 (11:18 +0100)]
adding test_64848 with zzdir
Guido Draheim [Mon, 5 Feb 2018 10:12:02 +0000 (11:12 +0100)]
double check test_65414
Guido Draheim [Mon, 5 Feb 2018 10:07:01 +0000 (11:07 +0100)]
allow to run 'make test_xxxx' directly
Guido Draheim [Mon, 5 Feb 2018 09:59:28 +0000 (10:59 +0100)]
double-checking download-size, correcting raw-download from github
Guido Draheim [Mon, 5 Feb 2018 09:29:14 +0000 (10:29 +0100)]
reorganize testcases for CVEs
Guido Draheim [Mon, 5 Feb 2018 02:37:23 +0000 (03:37 +0100)]
fix error as zzip_entry_strdup_name might return NULL #4 #12
Guido Draheim [Mon, 5 Feb 2018 02:10:57 +0000 (03:10 +0100)]
adapt tests to be run --without-debug configuration
Guido Draheim [Mon, 5 Feb 2018 01:20:05 +0000 (02:20 +0100)]
test_63119 should reproduce #11 but it is ok
Guido Draheim [Mon, 5 Feb 2018 01:12:41 +0000 (02:12 +0100)]
test_65419 should reproduce CVE-2918-6541 but it is ok
Guido Draheim [Sun, 4 Feb 2018 22:48:13 +0000 (23:48 +0100)]
test_65427 should reproduce CVE-2918-6542 but it is ok
Guido Draheim [Sun, 4 Feb 2018 22:35:22 +0000 (23:35 +0100)]
expecting test_59806 (2 of 2)
Guido Draheim [Sun, 4 Feb 2018 22:32:23 +0000 (23:32 +0100)]
CVE 5977 fix complete
Guido Draheim [Sun, 4 Feb 2018 22:30:48 +0000 (23:30 +0100)]
CVE 5978 - bus error in test_59786
Guido Draheim [Sun, 4 Feb 2018 22:26:28 +0000 (23:26 +0100)]
CVE 5979 test_59788 leaves empty file
Guido Draheim [Sun, 4 Feb 2018 22:25:05 +0000 (23:25 +0100)]
CVE 5974 test_59748 leaves empty file
Guido Draheim [Sun, 4 Feb 2018 22:23:03 +0000 (23:23 +0100)]
CVE 5975 says corrupted now
Guido Draheim [Sun, 4 Feb 2018 22:20:21 +0000 (23:20 +0100)]
CVE 5976 - test_59768 leaves empty file
Guido Draheim [Sun, 4 Feb 2018 22:13:46 +0000 (23:13 +0100)]
CVE 5980 - bus error test_59806 #4
Guido Draheim [Sun, 4 Feb 2018 22:07:46 +0000 (23:07 +0100)]
CVE 5981 not fatal
Guido Draheim [Sun, 4 Feb 2018 22:05:21 +0000 (23:05 +0100)]
CVE 6301 not fatal #10
Guido Draheim [Sun, 4 Feb 2018 22:03:36 +0000 (23:03 +0100)]
CVE 6311 not fatal #11
Guido Draheim [Sun, 4 Feb 2018 22:01:53 +0000 (23:01 +0100)]
CVE 6381 not fatal #12
Guido Draheim [Sun, 4 Feb 2018 21:59:43 +0000 (22:59 +0100)]
correct gres(run.errors usage
Guido Draheim [Sun, 4 Feb 2018 21:53:44 +0000 (22:53 +0100)]
CVE 6484 not fatal #14
Guido Draheim [Sun, 4 Feb 2018 21:28:31 +0000 (22:28 +0100)]
CVE 6542 not fatal #17
Guido Draheim [Sun, 4 Feb 2018 21:23:12 +0000 (22:23 +0100)]
CVE 6541 not fatal #16
Guido Draheim [Sun, 4 Feb 2018 21:18:58 +0000 (22:18 +0100)]
adding bins/unzzip-states.h for explicit exit-codes of test-programs
Guido Draheim [Sun, 4 Feb 2018 17:34:05 +0000 (18:34 +0100)]
Merge branch 'master' of github.com:gdraheim/zziplib
Guido Draheim [Sun, 4 Feb 2018 17:33:49 +0000 (18:33 +0100)]
change DBG MSG
Guido Draheim [Sun, 4 Feb 2018 17:01:57 +0000 (18:01 +0100)]
add LD_LIBRARY_PATH for command calls
Guido U. Draheim [Sun, 4 Feb 2018 14:12:14 +0000 (15:12 +0100)]
Merge pull request #18 from jmoellers/master
Reject the ZIP file and report it as corrupt if the size of the
Guido Draheim [Sun, 4 Feb 2018 14:08:17 +0000 (15:08 +0100)]
add test_6542* for #17 CVE
Guido Draheim [Sun, 4 Feb 2018 14:06:22 +0000 (15:06 +0100)]
add test_6541* for #16 CVE
Guido Draheim [Sun, 4 Feb 2018 14:04:12 +0000 (15:04 +0100)]
add test_6540* for #15 CVE
Guido Draheim [Sun, 4 Feb 2018 14:02:07 +0000 (15:02 +0100)]
add test_6484* for #14 CVE
Guido Draheim [Sun, 4 Feb 2018 13:58:35 +0000 (14:58 +0100)]
add test_6381* for #12 CVE
Guido Draheim [Sun, 4 Feb 2018 13:53:14 +0000 (14:53 +0100)]
add test_6311* for #11 CVE
Guido Draheim [Sun, 4 Feb 2018 13:47:04 +0000 (14:47 +0100)]
add test_6301* for #10 CVE
Guido Draheim [Sun, 4 Feb 2018 13:18:54 +0000 (14:18 +0100)]
use testdir() for tmpdir in CVE tests
Guido Draheim [Sun, 4 Feb 2018 13:09:50 +0000 (14:09 +0100)]
optimize download without trycopy
Guido Draheim [Sun, 4 Feb 2018 12:57:08 +0000 (13:57 +0100)]
fix testdir usage
Guido Draheim [Sun, 4 Feb 2018 12:42:47 +0000 (13:42 +0100)]
9000 testdir
Guido Draheim [Sun, 4 Feb 2018 12:27:57 +0000 (13:27 +0100)]
renumber testcases to 5 digits
Josef Möllers [Fri, 2 Feb 2018 13:09:32 +0000 (14:09 +0100)]
Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file. [CVE-2018-6484]
Guido Draheim [Thu, 1 Feb 2018 11:27:49 +0000 (12:27 +0100)]
merge CVE-2018-6381.patch from @jmoellers #12
Guido U. Draheim [Sun, 24 Sep 2017 23:09:11 +0000 (01:09 +0200)]
Merge pull request #9 from stweil/master
Fix some typos
Stefan Weil [Sat, 16 Sep 2017 19:58:02 +0000 (21:58 +0200)]
Fix some typos
Most of them were found by codespell.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Guido Draheim [Mon, 12 Jun 2017 20:05:12 +0000 (22:05 +0200)]
zipextract for zzip - 18 expected
Guido Draheim [Mon, 12 Jun 2017 19:33:02 +0000 (21:33 +0200)]
zipextract base - what could be extracted
Guido Draheim [Mon, 12 Jun 2017 18:42:51 +0000 (20:42 +0200)]
CVE-2017-5974
Guido Draheim [Mon, 12 Jun 2017 18:30:20 +0000 (20:30 +0200)]
testcases with unzzip-mix (2 expected)
Guido Draheim [Mon, 12 Jun 2017 18:23:53 +0000 (20:23 +0200)]
CVE-2017-5981 testcase
Guido Draheim [Mon, 12 Jun 2017 18:18:12 +0000 (20:18 +0200)]
CVE-2017-5980 testcase
Guido Draheim [Mon, 12 Jun 2017 18:14:29 +0000 (20:14 +0200)]
CVE-2017-5976 testcase
Guido Draheim [Mon, 12 Jun 2017 18:10:45 +0000 (20:10 +0200)]
CVE-2017-5975 testcase
Guido Draheim [Mon, 12 Jun 2017 18:05:11 +0000 (20:05 +0200)]
CVE-2017-5974 testcase (and correcting the other testcases)
Guido Draheim [Mon, 12 Jun 2017 17:41:27 +0000 (19:41 +0200)]
CVE-2017-5979 testcase
Guido Draheim [Mon, 12 Jun 2017 17:39:00 +0000 (19:39 +0200)]
CVE-2017-5978 testcase