]> granicus.if.org Git - zziplib/log
zziplib
6 years agoAdded test case for CVE-2018-17828.
Josef Moellers [Wed, 10 Oct 2018 15:14:20 +0000 (17:14 +0200)]
Added test case for CVE-2018-17828.

6 years agoMerge pull request #63 from jmoellers/CVE-2018-17828
Guido U. Draheim [Thu, 4 Oct 2018 13:11:27 +0000 (15:11 +0200)]
Merge pull request #63 from jmoellers/CVE-2018-17828

Fix issue #62

6 years agoFix issue #62: Remove any "../" components from pathnames of extracted files.
Josef Moellers [Thu, 4 Oct 2018 12:21:48 +0000 (14:21 +0200)]
Fix issue #62: Remove any "../" components from pathnames of extracted files.
[CVE-2018-17828]

6 years agoMerge pull request #57 from tgurr/pkg-config
Guido U. Draheim [Thu, 13 Sep 2018 09:49:21 +0000 (11:49 +0200)]
Merge pull request #57 from tgurr/pkg-config

do not hardcode the pkg-config command

6 years agoMerge pull request #60 from jmoellers/master
Guido U. Draheim [Fri, 7 Sep 2018 12:10:55 +0000 (14:10 +0200)]
Merge pull request #60 from jmoellers/master

One more free() to avoid memory leak.

6 years agoOne more free() to avoid memory leak.
jmoellers [Fri, 7 Sep 2018 11:55:35 +0000 (13:55 +0200)]
One more free() to avoid memory leak.

6 years agoMerge pull request #59 from jmoellers/master
Guido U. Draheim [Fri, 7 Sep 2018 10:04:15 +0000 (12:04 +0200)]
Merge pull request #59 from jmoellers/master

Avoid memory leak from __zzip_parse_root_directory().

6 years agoAvoid memory leak from __zzip_parse_root_directory().
jmoellers [Fri, 7 Sep 2018 09:49:28 +0000 (11:49 +0200)]
Avoid memory leak from __zzip_parse_root_directory().

6 years agoAvoid memory leak from __zzip_parse_root_directory().
jmoellers [Fri, 7 Sep 2018 09:32:04 +0000 (11:32 +0200)]
Avoid memory leak from __zzip_parse_root_directory().

6 years agodo not hardcode the pkg-config command
Timo Gurr [Fri, 17 Aug 2018 10:54:15 +0000 (12:54 +0200)]
do not hardcode the pkg-config command

6 years agoMerge pull request #51 from keneanung/FixZzipStrndup
Guido U. Draheim [Sat, 5 May 2018 09:38:16 +0000 (11:38 +0200)]
Merge pull request #51 from keneanung/FixZzipStrndup

Fix _zzip_strndup if strndup is not available

6 years agoFix _zzip_strndup strndup is not available
keneanung [Thu, 26 Apr 2018 08:42:14 +0000 (10:42 +0200)]
Fix _zzip_strndup strndup is not available

6 years agoMerge pull request #49 from jmoellers/master
Guido U. Draheim [Mon, 26 Mar 2018 10:44:28 +0000 (12:44 +0200)]
Merge pull request #49 from jmoellers/master

zzip_mem_entry_new(): if compressed size is too big, bail out.

6 years agozzip_mem_entry_new(): if compressed size is too big, bail out.
Josef Möllers [Mon, 26 Mar 2018 10:27:34 +0000 (12:27 +0200)]
zzip_mem_entry_new(): if compressed size is too big, bail out.

6 years agoprint mails correctly in dbk2htm now
Guido Draheim [Sun, 25 Mar 2018 23:36:15 +0000 (01:36 +0200)]
print mails correctly in dbk2htm now

6 years agoprint mails correctly in dbk2htm
Guido Draheim [Sun, 25 Mar 2018 23:35:36 +0000 (01:35 +0200)]
print mails correctly in dbk2htm

6 years agomake a better overview and index.html
Guido Draheim [Sun, 25 Mar 2018 22:03:11 +0000 (00:03 +0200)]
make a better overview and index.html

6 years agodo not delete pages after packging htm/man pages tar
Guido Draheim [Sun, 25 Mar 2018 21:16:57 +0000 (23:16 +0200)]
do not delete pages after packging htm/man pages tar

6 years agogenerate overview html pages
Guido Draheim [Sun, 25 Mar 2018 21:16:36 +0000 (23:16 +0200)]
generate overview html pages

6 years agosome typos #46
Guido Draheim [Sat, 24 Mar 2018 13:58:14 +0000 (14:58 +0100)]
some typos #46

6 years agoand ensure ET.tostring() is a str() in python3 #47
Guido Draheim [Sat, 24 Mar 2018 10:40:17 +0000 (11:40 +0100)]
and ensure ET.tostring() is a str() in python3 #47

6 years agomake 'xmlto' optional in *.spec #46
Guido Draheim [Sat, 24 Mar 2018 10:30:35 +0000 (11:30 +0100)]
make 'xmlto' optional in *.spec #46

6 years agoallow dir2man to generate html, plus dir2index to complete the htmpages.tar #46
Guido Draheim [Sat, 24 Mar 2018 10:25:40 +0000 (11:25 +0100)]
allow dir2man to generate html, plus dir2index to complete the htmpages.tar #46

6 years agomake2(man) w/ refends2
Guido Draheim [Sat, 24 Mar 2018 02:55:23 +0000 (03:55 +0100)]
make2(man) w/ refends2

6 years agomake2(man) in dbk2man
Guido Draheim [Sat, 24 Mar 2018 02:52:00 +0000 (03:52 +0100)]
make2(man) in dbk2man

6 years agoallow for overview pages
Guido Draheim [Sat, 24 Mar 2018 02:41:46 +0000 (03:41 +0100)]
allow for overview pages

6 years agomake dbk2man.py compatible with xmlto commandline #46
Guido Draheim [Sat, 24 Mar 2018 00:06:06 +0000 (01:06 +0100)]
make dbk2man.py compatible with xmlto commandline #46

6 years agouse future print_statement / correct problem with missing <refentry>
Guido Draheim [Fri, 23 Mar 2018 23:31:27 +0000 (00:31 +0100)]
use future print_statement / correct problem with missing <refentry>

6 years agouse future print_statement
Guido Draheim [Fri, 23 Mar 2018 23:30:32 +0000 (00:30 +0100)]
use future print_statement

6 years agodid not compile #48
Guido Draheim [Fri, 23 Mar 2018 23:11:49 +0000 (00:11 +0100)]
did not compile #48

6 years agocollaps conditions
Guido Draheim [Fri, 23 Mar 2018 22:33:09 +0000 (23:33 +0100)]
collaps conditions

6 years agoMerge pull request #48 from jmoellers/master
Guido U. Draheim [Fri, 23 Mar 2018 22:30:10 +0000 (23:30 +0100)]
Merge pull request #48 from jmoellers/master

__zzip_parse_root_directory: Check if rootsize is non-0 and rootseek

6 years ago__zzip_parse_root_directory: Check if rootsize is non-0 and rootseek
Josef Möllers [Wed, 21 Mar 2018 08:15:09 +0000 (09:15 +0100)]
__zzip_parse_root_directory: Check if rootsize is non-0 and rootseek
lies within the archive. Fixes CVE-2018-7726.

6 years agov0.13.69 v0.13.69
Guido Draheim [Sat, 17 Mar 2018 12:46:45 +0000 (13:46 +0100)]
v0.13.69

6 years agozzip32.h was never used in opensource code #44
Guido Draheim [Fri, 16 Mar 2018 15:44:20 +0000 (16:44 +0100)]
zzip32.h was never used in opensource code #44

6 years agofix for zz_rootsize #41
Guido Draheim [Thu, 15 Mar 2018 22:54:37 +0000 (23:54 +0100)]
fix for zz_rootsize #41

6 years agosomehow the test does not not extract anythong #41
Guido Draheim [Wed, 14 Mar 2018 06:54:06 +0000 (07:54 +0100)]
somehow the test does not not extract anythong #41

6 years agotestcase - with disk_close we have EXIT_OK #40
Guido Draheim [Wed, 14 Mar 2018 06:51:44 +0000 (07:51 +0100)]
testcase - with disk_close we have EXIT_OK #40

6 years agoensure disk_close to avoid mem-leak #40
Guido Draheim [Wed, 14 Mar 2018 06:50:44 +0000 (07:50 +0100)]
ensure disk_close to avoid mem-leak #40

6 years agoadd test_65482 for memlean #40
Guido Draheim [Tue, 13 Mar 2018 01:33:52 +0000 (02:33 +0100)]
add test_65482 for memlean #40

6 years agoadd --with-asan option #40
Guido Draheim [Tue, 13 Mar 2018 01:23:29 +0000 (02:23 +0100)]
add --with-asan option #40

6 years agocheck rootseek after correction #41
Guido Draheim [Tue, 13 Mar 2018 00:50:36 +0000 (01:50 +0100)]
check rootseek after correction #41

6 years agocheck zlib space to be within buffer #39
Guido Draheim [Tue, 13 Mar 2018 00:29:44 +0000 (01:29 +0100)]
check zlib space to be within buffer #39

6 years agoadd testcase for invalid-mem #39
Guido Draheim [Tue, 13 Mar 2018 00:13:51 +0000 (01:13 +0100)]
add testcase for invalid-mem #39

6 years agoadd testcase for zzip_parse #41
Guido Draheim [Tue, 13 Mar 2018 00:04:27 +0000 (01:04 +0100)]
add testcase for zzip_parse #41

6 years agocheck rootseek and rootsize to be positive #27
Guido Draheim [Mon, 12 Mar 2018 23:23:33 +0000 (00:23 +0100)]
check rootseek and rootsize to be positive #27

6 years agocreating testcase for validation error #27
Guido Draheim [Mon, 12 Mar 2018 23:13:46 +0000 (00:13 +0100)]
creating testcase for validation error #27

6 years agoupdate test/test.zip
Guido Draheim [Mon, 12 Mar 2018 22:19:19 +0000 (23:19 +0100)]
update test/test.zip

6 years agotestcases - unzip-mem can now unpack with exitcode 0
Guido Draheim [Mon, 12 Mar 2018 22:19:02 +0000 (23:19 +0100)]
testcases - unzip-mem can now unpack with exitcode 0

6 years agostring mapping 'comprlevel' should be indexed by length, not sizeof #42 #43
Guido Draheim [Mon, 12 Mar 2018 22:06:57 +0000 (23:06 +0100)]
string mapping 'comprlevel' should be indexed by length, not sizeof #42 #43

6 years agotestcases for zzdir sigsegv on #42 #43
Guido Draheim [Mon, 12 Mar 2018 22:05:28 +0000 (23:05 +0100)]
testcases for zzdir sigsegv on #42 #43

6 years agoadd m4/ax_check_enable_debug.m4
Guido Draheim [Mon, 12 Mar 2018 21:47:15 +0000 (22:47 +0100)]
add m4/ax_check_enable_debug.m4

6 years agodocs unescape from dbk entities
Guido Draheim [Mon, 5 Mar 2018 06:26:52 +0000 (07:26 +0100)]
docs unescape from dbk entities

6 years agochange doc-clean
Guido Draheim [Mon, 5 Mar 2018 06:16:03 +0000 (07:16 +0100)]
change doc-clean

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 06:12:41 +0000 (07:12 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 06:11:20 +0000 (07:11 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 06:10:51 +0000 (07:10 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 06:04:36 +0000 (07:04 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 06:02:00 +0000 (07:02 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 05:49:37 +0000 (06:49 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 05:42:03 +0000 (06:42 +0100)]
docs

6 years agodocs
Guido Draheim [Mon, 5 Mar 2018 05:39:26 +0000 (06:39 +0100)]
docs

6 years ago Bitte geben Sie eine Commit-Beschreibung ein, um zu erklären, warum dieser
Guido Draheim [Sun, 4 Mar 2018 14:23:17 +0000 (15:23 +0100)]
 Bitte geben Sie eine Commit-Beschreibung ein, um zu erklären, warum dieser

6 years agoallow to run zziptests.py --bindir=/some/installed/bin #34
Guido Draheim [Sun, 4 Mar 2018 14:23:06 +0000 (15:23 +0100)]
allow to run zziptests.py --bindir=/some/installed/bin #34

6 years agoMerge pull request #38 from jwilk-forks/spelling
Guido U. Draheim [Sat, 3 Mar 2018 19:17:26 +0000 (20:17 +0100)]
Merge pull request #38 from jwilk-forks/spelling

Fix typo

6 years agoFix typo
Jakub Wilk [Sat, 3 Mar 2018 18:12:00 +0000 (19:12 +0100)]
Fix typo

6 years agofix test_63812 - it does show the filename now
Guido Draheim [Fri, 2 Mar 2018 00:31:11 +0000 (01:31 +0100)]
fix test_63812 - it does show the filename now

6 years agoadjust test_63819 - it had really been 141 at the source url
Guido Draheim [Fri, 2 Mar 2018 00:26:17 +0000 (01:26 +0100)]
adjust test_63819 - it had really been 141 at the source url

6 years agoadjust test_59782
Guido Draheim [Fri, 2 Mar 2018 00:22:28 +0000 (01:22 +0100)]
adjust test_59782

6 years agoadjust test_59752
Guido Draheim [Fri, 2 Mar 2018 00:19:54 +0000 (01:19 +0100)]
adjust test_59752

6 years agoupdate to libtool-2.4.6 #32
Guido Draheim [Fri, 2 Mar 2018 00:15:05 +0000 (01:15 +0100)]
update to libtool-2.4.6 #32

6 years agoupgrade from automake-1.13 to automake-1.15 #32
Guido Draheim [Thu, 1 Mar 2018 23:50:24 +0000 (00:50 +0100)]
upgrade from automake-1.13 to automake-1.15 #32

6 years agodo not check int/long/ptr sizes when stdint.h is available #33
Guido Draheim [Thu, 1 Mar 2018 23:41:02 +0000 (00:41 +0100)]
do not check int/long/ptr sizes when stdint.h is available #33

6 years agofix to use _zzip_fnmatch #6
Guido Draheim [Thu, 1 Mar 2018 23:09:02 +0000 (00:09 +0100)]
fix to use _zzip_fnmatch #6

6 years agouse MKZIP when building test0.zip #20
Guido Draheim [Thu, 1 Mar 2018 22:48:49 +0000 (23:48 +0100)]
use MKZIP when building test0.zip #20

6 years agouse MKZIP when building test0.zip #20
Guido Draheim [Thu, 1 Mar 2018 22:47:03 +0000 (23:47 +0100)]
use MKZIP when building test0.zip #20

6 years agofix to use _zzip_fnmatch #6
Guido Draheim [Thu, 1 Mar 2018 22:42:26 +0000 (23:42 +0100)]
fix to use _zzip_fnmatch #6

6 years agoemulating 'cp -s' behaviour #31
Guido Draheim [Thu, 1 Mar 2018 22:30:49 +0000 (23:30 +0100)]
emulating 'cp -s' behaviour #31

6 years agouse autoconfigured $(PYTHON) #31 #8
Guido Draheim [Thu, 1 Mar 2018 22:25:15 +0000 (23:25 +0100)]
use autoconfigured $(PYTHON) #31 #8

6 years agouse 'zzip/__fnmatch.h' defines #6
Guido Draheim [Thu, 1 Mar 2018 22:01:26 +0000 (23:01 +0100)]
use 'zzip/__fnmatch.h' defines #6

6 years agointroduce _zzip_FNM_NOESCAPE/_PATHNAME/_PERIOD #6
Guido Draheim [Thu, 1 Mar 2018 21:51:13 +0000 (22:51 +0100)]
introduce _zzip_FNM_NOESCAPE/_PATHNAME/_PERIOD #6

6 years ago__mmap.h does not need to store the fileMapping handle according to MINGW patches #30
Guido Draheim [Thu, 1 Mar 2018 18:57:36 +0000 (19:57 +0100)]
__mmap.h does not need to store the fileMapping handle according to MINGW patches #30

6 years agouse intptr_t in align4, removing a truncation warning #29
Guido Draheim [Thu, 1 Mar 2018 17:55:44 +0000 (18:55 +0100)]
use intptr_t in align4, removing a truncation warning #29

6 years agoadd stdint.h intptr_t emulation #29 #30
Guido Draheim [Thu, 1 Mar 2018 17:52:42 +0000 (18:52 +0100)]
add stdint.h intptr_t emulation #29 #30

6 years agouse fopen('wb') for output files / patch from TexLive TLpatches/patch-01-binary
Guido Draheim [Thu, 1 Mar 2018 17:12:44 +0000 (18:12 +0100)]
use fopen('wb') for output files / patch from TexLive TLpatches/patch-01-binary

6 years agoadding dbk2man.py to regenerate manpages.tar without xmlto #8
Guido Draheim [Thu, 1 Mar 2018 13:41:07 +0000 (14:41 +0100)]
adding dbk2man.py to regenerate manpages.tar without xmlto #8

6 years agoremake test0.zip and push to shipped test/test.zip #20
Guido Draheim [Thu, 1 Mar 2018 01:09:35 +0000 (02:09 +0100)]
remake test0.zip and push to shipped test/test.zip #20

6 years agoedit last patch - move stdlib to ifdef-section, and make the internal function static #25
Guido Draheim [Thu, 1 Mar 2018 00:18:43 +0000 (01:18 +0100)]
edit last patch - move stdlib to ifdef-section, and make the internal function static #25

6 years agoMerge pull request #28 from mojca/strnlen
Guido U. Draheim [Thu, 1 Mar 2018 00:10:59 +0000 (01:10 +0100)]
Merge pull request #28 from mojca/strnlen

provide a workaround for missing strnlen #25

6 years agoprovide a workaround for missing strnlen #25
Mojca Miklavec [Wed, 28 Feb 2018 14:09:55 +0000 (15:09 +0100)]
provide a workaround for missing strnlen #25

The strnlen function is only defined in POSIX.1-2008.
It is missing on Solaris 10 or Mac OS X 10.6 for example.

6 years agoMerge pull request #26 from jmoellers/master
Guido U. Draheim [Tue, 13 Feb 2018 10:02:37 +0000 (11:02 +0100)]
Merge pull request #26 from jmoellers/master

If the size of the central directory is too big, reject the file.

6 years agoIf the size of the central directory is too big, reject the file.
Josef Möllers [Tue, 13 Feb 2018 09:36:44 +0000 (10:36 +0100)]
If the size of the central directory is too big, reject the file.

6 years agoMerge pull request #19 from jmoellers/master
Guido U. Draheim [Tue, 6 Feb 2018 16:22:34 +0000 (17:22 +0100)]
Merge pull request #19 from jmoellers/master

Make sure an extension block is large enough.

6 years ago- If an extension block is too small to hold an extension,
Josef Möllers [Tue, 6 Feb 2018 15:16:36 +0000 (16:16 +0100)]
- If an extension block is too small to hold an extension,
  do not use the information therein.
- If the End of central directory record (EOCD) contains an
  Offset of start of central directory which is beyond the end of
  the file, reject the file.
  [CVE-2018-6540]

6 years agov0.13.68 v0.13.68
Guido Draheim [Mon, 5 Feb 2018 20:46:57 +0000 (21:46 +0100)]
v0.13.68

6 years ago'Now hosted on' message to github.com #13
Guido Draheim [Mon, 5 Feb 2018 20:41:54 +0000 (21:41 +0100)]
'Now hosted on' message to github.com #13

6 years agoupdate docs with references to github.com #13
Guido Draheim [Mon, 5 Feb 2018 20:10:47 +0000 (21:10 +0100)]
update docs with references to github.com #13

6 years agoignore dir-entries errors elsewhere as well
Guido Draheim [Mon, 5 Feb 2018 14:26:22 +0000 (15:26 +0100)]
ignore dir-entries errors elsewhere as well

6 years agoonly firstlevel subdir was made, and later dir-entries may be directories
Guido Draheim [Mon, 5 Feb 2018 14:22:40 +0000 (15:22 +0100)]
only firstlevel subdir was made, and later dir-entries may be directories

6 years agolist works, but unpack fails #17
Guido Draheim [Mon, 5 Feb 2018 13:44:45 +0000 (14:44 +0100)]
list works, but unpack fails #17