![[BACK]](/icons/back.gif){kind=icon}
Up to [NetBSD + pkgsrc-wip] / pkgsrc / archivers / unzip
Request diff between arbitrary revisions - Display revisions graphically
Keyword substitution: kv
Default branch: MAIN
Reduce pkglint warnings by commenting patches.
Update to 6.0:
New features in UnZip 6.0, released 20 April 2009:
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip
archive entries larger than 4 GiBytes and more than 65536 entries
within a single Zip archive. This support is currently only
available for Unix, OpenVMS and Win32/Win64.
* Support for bzip2 compression method.
* Support for UTF-8 encoded entry names, both through PKWARE's
"General Purpose Flags Bit 11" indicator and Info-ZIP's new "up"
unicode path extra field. (Currently, on Windows the UTF-8
handling is limited to the character subset contained in the
configured non-unicode "system code page".)
* Added "wrong implementation used" warning to error messages of
the MSDOS port when used under Win32, in an attempt to reduce
false bug reports.
* Fixed "Time of Creation/Time of Use" vulnerability when setting
attributes of extracted files, for Unix and Unix-like ports.
* Fixed memory leak when processing invalid deflated data.
* Fixed long-standing bug in unshrink (partial_clear), added
boundary checks against invalid compressed data.
* On Unix, keep inherited SGID attribute bit for extracted
directories unless restoration of owner/group id or SUID/SGID/Tacky
attributes was requested.
* On Unix, allow extracted filenames to contain embedded control
characters when explicitly requested by specifying the new command
line option "-^".
* On Unix, support restoration of symbolic link attributes.
* On Unix, support restoration of 32-bit UID/GID data using the
new "ux" IZUNIX3 extra field introduced with Zip 3.0.
* Support for ODS5 extended filename syntax on new OpenVMS systems.
* Support symbolic links zipped up on VMS.
* On VMS (only 8.x or better), support symbolic link creation.
* On VMS, support option to create converted text files in
Stream_LF format.
* New -D option to suppress restoration of timestamps for extracted
directory entries (on those ports that support setting of directory
timestamps). By specifying "-DD", this new option also allows
to suppress timestamp restoration for ALL extracted files on
all UnZip ports which support restoration of timestamps. On
VMS, the default behaviour is now to skip restoration of
directory timestamps; here, "--D" restores ALL timestamps,
"-D" restores none.
* On OS/2, Win32, and Unix, the (previously optional) feature
UNIXBACKUP to allow saving backup copies of overwritten files on
extraction is now enabled by default.
For the UnZip 6.0 release, we want to give special credit to Myles
Bennet, who started the job of supporting ZIP64 extensions and
Large-File (> 2GiB) and provided a first (alpha-state) port.
Add fix for the security vulnerability reported in CVE-2008-0888 taken from Debian. Bump package revision.
File on MASTER_SITE has changed EXTRACT_SUFX; checksum still the same. Adapt. Noted by Zafer Aydogan.
unzipsfx does not need libz. Patch provided by Hrvoje Habjanic in http://mail-index.netbsd.org/pkgsrc-users/2006/11/02/0003.html
Adjusted the filenames in the distinfo file to the new DIST_SUBDIR.
Pullup ticket 654 - requested by Matthias Scheler security fix for unzip Revisions pulled up: - pkgsrc/archivers/unzip/Makefile 1.56 - pkgsrc/archivers/unzip/distinfo 1.14 - pkgsrc/archivers/unzip/patches/patch-ac 1.1 Module Name: pkgsrc Committed By: tron Date: Thu Aug 4 14:20:35 UTC 2005 Modified Files: pkgsrc/archivers/unzip: Makefile distinfo Added Files: pkgsrc/archivers/unzip/patches: patch-ac Log Message: Add patch to fix the security problem described in SA16309.
Add patch to fix the security problem described in SA16309.
Pullup ticket 321 - requested by Lubomir Sedlacik
distfile update for unzip
Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile 1.53
- pkgsrc/archivers/unzip/distinfo 1.13
Module Name: pkgsrc
Committed By: salo
Date: Tue Mar 1 07:45:28 UTC 2005
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
Log Message:
Distfile changed after one day.. grrrrrrr.
Relevant change,
+5.52 (28 Feb 05):
+ - win32/win32.c - defer_dir_attribs(): fixed critical "mem-access to
+ nirwana" bug when processing directory entries without any local
+ extra field; added some explaining comments
Distfile changed after one day.. grrrrrrr. Relevant change, +5.52 (28 Feb 05): + - win32/win32.c - defer_dir_attribs(): fixed critical "mem-access to + nirwana" bug when processing directory entries without any local + extra field; added some explaining comments
Pullup ticket 320 - requested by Lubomir Sedlacik
security fix for unzip
Revisions pulled up:
- pkgsrc/archivers/unzip/Makefile 1.52
- pkgsrc/archivers/unzip/distinfo 1.12
Module Name: pkgsrc
Committed By: salo
Date: Mon Feb 28 16:50:24 UTC 2005
Modified Files:
pkgsrc/archivers/unzip: Makefile distinfo
Log Message:
Update to version 5.52
Changes:
The 5.52 maintenance release fixes a few minor problems found in the 5.51
release, closes some more security holes, adds a new AtheOS port, and
contains a Win32 extra-field code cleanup that was not finished earlier.
The most important changes are:
- (re)enabled unshrinking support by default, the LZW patents have expired
- fixed an extraction size bug for encrypted stored entries (12 excess bytes
were written with 5.51)
- fixed false "uncompressed size mismatch" messages when extracting encrypted
archive entries
- do not restore SUID/SGID/Tacky attribute bits on Unix (BeOS, AtheOS) unless
explicitely requested by new "-K" command line qualifier
- optional support for "-W" qualifier to modify the pattern matching syntax
(with -W: "*" stops at directory delimiter, "**" matches unlimited)
- prevent buffer overflow caused by bogus extra-long Zipfile specification
- performance enhancements for VMS port
- fixed windll interface handling of its extraction mode qualifiers nfflag,
ExtractOnlyNewer, noflag, PromptToOverwrite; added detailed explanation of
their meanings and interactions to the windll documentation
Update to version 5.52 Changes: The 5.52 maintenance release fixes a few minor problems found in the 5.51 release, closes some more security holes, adds a new AtheOS port, and contains a Win32 extra-field code cleanup that was not finished earlier. The most important changes are: - (re)enabled unshrinking support by default, the LZW patents have expired - fixed an extraction size bug for encrypted stored entries (12 excess bytes were written with 5.51) - fixed false "uncompressed size mismatch" messages when extracting encrypted archive entries - do not restore SUID/SGID/Tacky attribute bits on Unix (BeOS, AtheOS) unless explicitely requested by new "-K" command line qualifier - optional support for "-W" qualifier to modify the pattern matching syntax (with -W: "*" stops at directory delimiter, "**" matches unlimited) - prevent buffer overflow caused by bogus extra-long Zipfile specification - performance enhancements for VMS port - fixed windll interface handling of its extraction mode qualifiers nfflag, ExtractOnlyNewer, noflag, PromptToOverwrite; added detailed explanation of their meanings and interactions to the windll documentation
Add RMD160 digests in addition to SHA1 ones.
Update unzip to 5.51, based on patch provided by Bruce J.A. Nourish in
PR pkg/25768.
New features:
5.51a (09 Mar 02):
- no new features
5.51b (11 Jan 03):
- TANDEM: new -r option to suppress extension merging [Dave Smith]
- WinCE, new port in addition to pUnZip (GUI): command line tool usable for
"batch" processes (not quite finished, needs "makefile" cleanup, tests,
and refinements) [Simon Roberts, SPC]
- SET_DIR_ATTRIB feature code revised and reorganized to allow seamless
adaption to different OS environments; added support for restoring
directory timestamps to the WIN32 port [Kai-Uwe-Rommel, SPC]
5.51c (13 May 03):
- WinCE command line tool integration is (almost) finished: project file is
cleaned up and works with VC-embedded 3.0; port needs testing... [SPC]
5.51d (27 Feb 04):
- Cygwin is recognized as a target in the Unix port
[Charles Wilson, Cosmin Truta, SPC]
- remove support for quoting characters from all ports; this feature was a
security hole [SPC]
5.51e (01 Mar 04):
- Win32 port (list.c, unzpriv.h, win32.c, w32cfg.h): the date in (non-ZipInfo)
listings is displayed using the separator given by the system's locale,
when available [Cosmin Truta]
See History.551 in distfile for complete bug fix history.
move linker arguments around so that always ${LDFLAGS} comes
before -lz, ensuring we only link against pkgsrc libz.
fixes a problem on Solaris where the linker would find and use
/usr/lib/libz.so *and* ${LOCALBASE}/lib/libz.so which fails at
runtime because the versions differ.
Use Debian's revised patch for the directory traversal vulnerability described in CAN-2003-0282. Bump package revision.
Apply Debian's patch for the directory traversal vulnerability described in CAN-2003-0282. Bump package revision.
Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2.
Merge from pkgsrc-current in pkgsrc/archivers.
update from patches/patch-ab change. (why this was not committed by `cvs commit distinfo patches/patch-ab' with the previous makes no sense to me)
Distfile md5 changed. A diff didn't reveal any bad things. Distfile nuked from ftp.netbsd.org. Noted by march on IRC (IRCnet)
Update to 5.50.
Extract from History.550:
- generic (inflate.c, globals.h, fileio.c, unzpriv.h): integrated support of
Deflate64
- added Deflate64 support to fUnZip
- SFX: made SFX_EXDIR default, added NO_SFXEXDIR option to allow switching
off the "-d exdir" support
- SFX: added simple "execute command after extraction" feature that uses a
command specification supplied with the Zip archive comment, controlled
by the CHEAP_SFX_AUTORUN compile time option
- SFX: slightly refined the CHEAP_SFX_AUTORUN code, switched off SFX_EXDIR
when CHEAP_SFX_AUTORUN is enabled, documented the new autorun feature
- extract.c, TestExtraField(): added crc32 check for PKVMS e.f. type
- extract.c, extract_or_test_entrylist(): added code for "stripping off
absolute path spec" when extracting
- unzip.h, unzip.c; mapname() in all ports except CMS/MVS, Tandem, TOPS20:
added code to strip "../" path components from extracted names and new
option "-:" to allow deactivating this security feature; changed mapname()
calling interface to allow reporting warning error levels to caller
- unzpriv.h, zipinfo.c: rudimentary support for recognizing PKWARE's new
"64-bit size specs" extra field
As well as bug fixes, including the USE_ZLIB problem.
Move to sha1 digests, and add distfile sizes.
+ move the distfile digest/checksum value from files/md5 to distinfo + move the patch digest/checksum values from files/patch-sum to distinfo