Change log for zziplib package in Ubuntu

zziplib (0.13.62-3.2ubuntu1.1) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2018-7727.patch: fixed a denial of service in memdisk
    - debian/patches/CVE-2020-18442-[1-5].patch: fixed an infinite loop in zzip
    - CVE-2018-7727
    - CVE-2020-18442

 -- Amir Naseredini <email address hidden>  Thu, 17 Aug 2023 12:16:53 +0100

Available diffs

• diff from 0.13.62-3.2ubuntu1 (in Ubuntu) to 0.13.62-3.2ubuntu1.1 (2.7 KiB)

zziplib (0.13.72+dfsg.1-1.1) unstable; urgency=medium

  * Non-Maintainer Upload.
  * Fix (i386) cross-compilation.

 -- Lukas Märdian <email address hidden>  Mon, 21 Jun 2021 14:42:07 +0200

Available diffs

• diff from 0.13.62-3.3 to 0.13.72+dfsg.1-1.1 (634.6 KiB)

zziplib (0.13.62-3.3) unstable; urgency=medium

  * Non-maintainer upload.
  * Build using python2. Closes: #856566, #967237.
  * Update home page. Closes: #863892.
  * Update watch file.

 -- Matthias Klose <email address hidden>  Thu, 04 Mar 2021 09:54:37 +0100

Available diffs

• diff from 0.13.62-3.2ubuntu1 (in Ubuntu) to 0.13.62-3.3 (827 bytes)

zziplib (0.13.62-3.2ubuntu1) focal; urgency=medium

  * Build using python2.

 -- Matthias Klose <email address hidden>  Wed, 01 Apr 2020 14:06:43 +0200

Available diffs

• diff from 0.13.62-3.2 (in Debian) to 0.13.62-3.2ubuntu1 (1.2 KiB)

zziplib (0.13.62-3.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Invalid memory access in zzip_disk_fread (CVE-2018-6381) (Closes: #889096)
  * Reject the ZIP file and report it as corrupt if the size of the central
    directory and/or the offset of start of central directory point beyond the
    end of the ZIP file (CVE-2018-6484, CVE-2018-6541, CVE-2018-6869)
    (Closes: #889089)
  * bus error in zzip_disk_findfirst function in zzip/mmapped.c
    (CVE-2018-6540) (Closes: #923659)
  * out of bound read in mmapped.c:zzip_disk_fread() causes crash
    (CVE-2018-7725) (Closes: #913165)
  * Bus error in zip.c:__zzip_parse_root_directory() cause crash via crafted
    zip file (CVE-2018-7726) (Closes: #913165)
  * Memory leak triggered in the function __zzip_parse_root_directory in zip.c
    (CVE-2018-16548) (Closes: #910335)

 -- Salvatore Bonaccorso <email address hidden>  Mon, 04 Mar 2019 22:43:14 +0100

Available diffs

• diff from 0.13.62-3.1ubuntu1 (in Ubuntu) to 0.13.62-3.2 (6.3 KiB)

zziplib (0.13.62-3.1ubuntu1) cosmic; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

 -- Marc Deslauriers <email address hidden>  Fri, 29 Jun 2018 11:26:58 -0400

Available diffs

• diff from 0.13.62-3.1 (in Debian) to 0.13.62-3.1ubuntu1 (3.6 KiB)

zziplib (0.13.62-2ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

 -- Marc Deslauriers <email address hidden>  Fri, 29 Jun 2018 12:28:33 -0400

Available diffs

• diff from 0.13.62-2ubuntu0.1 to 0.13.62-2ubuntu0.2 (3.4 KiB)

zziplib (0.13.62-3ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

 -- Marc Deslauriers <email address hidden>  Fri, 29 Jun 2018 12:27:57 -0400

Available diffs

• diff from 0.13.62-3ubuntu0.16.04.1 to 0.13.62-3ubuntu0.16.04.2 (3.4 KiB)

zziplib (0.13.62-3.1ubuntu0.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

 -- Marc Deslauriers <email address hidden>  Fri, 29 Jun 2018 11:26:58 -0400

Available diffs

• diff from 0.13.62-3.1 (in Debian) to 0.13.62-3.1ubuntu0.18.04.1 (3.7 KiB)

zziplib (0.13.62-3.1ubuntu0.17.10.1) artful-security; urgency=medium

  * SECURITY UPDATE: invalid mem access in zzip_disk_fread
    - debian/patches/CVE-2018-6381.patch: check sizes in zzip/memdisk.c.
    - CVE-2018-6381
  * SECURITY UPDATE: alignment and bus errors in __zzip_fetch_disk_trailer
    - debian/patches/CVE-2018-6484.patch: check sizes in zzip/zip.c.
    - CVE-2018-6484
    - CVE-2018-6541
    - CVE-2018-6869
  * SECURITY UPDATE: bus error in zzip_disk_findfirst
    - debian/patches/CVE-2018-6540.patch: check endbuf in zzip/mmapped.c.
    - CVE-2018-6540
  * SECURITY UPDATE: invalid memory dereference
    - debian/patches/CVE-2018-7725.patch: check zlib space in
      zzip/memdisk.c, zzip/mmapped.c.
    - CVE-2018-7725
  * SECURITY UPDATE: bus error in __zzip_parse_root_directory
    - debian/patches/CVE-2018-7726-1.patch: check rootseek and rootsize in
      zzip/zip.c.
    - debian/patches/CVE-2018-7726-2.patch: check rootseek in zzip/zip.c.
    - debian/patches/CVE-2018-7726-3.patch: check zz_rootsize in
      zzip/zip.c.
    - CVE-2018-7726

 -- Marc Deslauriers <email address hidden>  Fri, 29 Jun 2018 12:27:02 -0400

Available diffs

• diff from 0.13.62-3.1 (in Debian) to 0.13.62-3.1ubuntu0.17.10.1 (3.7 KiB)

zziplib (0.13.62-3ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      0.13.62-3.1 release. Thanks to Josef Moellers of SuSE and
      Moritz Muehlenhoff of Debian!
    - CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
      CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

 -- Marc Deslauriers <email address hidden>  Tue, 13 Jun 2017 09:40:14 -0400

Available diffs

• diff from 0.13.62-3 (in Debian) to 0.13.62-3ubuntu0.16.04.1 (3.1 KiB)

zziplib (0.13.62-3ubuntu0.16.10.1) yakkety-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      0.13.62-3.1 release. Thanks to Josef Moellers of SuSE and
      Moritz Muehlenhoff of Debian!
    - CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
      CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

 -- Marc Deslauriers <email address hidden>  Tue, 13 Jun 2017 09:40:14 -0400

Available diffs

• diff from 0.13.62-3 (in Debian) to 0.13.62-3ubuntu0.16.10.1 (3.1 KiB)

zziplib (0.13.62-2ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      0.13.62-3.1 release. Thanks to Josef Moellers of SuSE and
      Moritz Muehlenhoff of Debian!
    - CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
      CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

 -- Marc Deslauriers <email address hidden>  Tue, 13 Jun 2017 10:04:06 -0400

Available diffs

• diff from 0.13.62-2 (in Debian) to 0.13.62-2ubuntu0.1 (3.1 KiB)

zziplib (0.13.62-3ubuntu0.17.04.1) zesty-security; urgency=medium

  * SECURITY UPDATE: multiple security issues
    - debian/patches/*: synchronize security fixes with Debian's
      0.13.62-3.1 release. Thanks to Josef Moellers of SuSE and
      Moritz Muehlenhoff of Debian!
    - CVE-2017-5974, CVE-2017-5975, CVE-2017-5976, CVE-2017-5978,
      CVE-2017-5979, CVE-2017-5980, CVE-2017-5981

 -- Marc Deslauriers <email address hidden>  Tue, 13 Jun 2017 09:40:14 -0400

Available diffs

• diff from 0.13.62-3 (in Debian) to 0.13.62-3ubuntu0.17.04.1 (3.1 KiB)

zziplib (0.13.62-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix multiple security issues (Closes: #854727). Thanks to Josef
    Moellers of SuSE for the patches!

 -- Moritz Muehlenhoff <email address hidden>  Sun, 04 Jun 2017 09:03:20 +0200

Available diffs

• diff from 0.13.62-3 to 0.13.62-3.1 (2.8 KiB)

zziplib (0.13.62-3) unstable; urgency=medium


  * debian/rules: Lintian error cleaning pkg-config-bad-directive

 -- Scott Howard <email address hidden>  Sun, 24 Aug 2014 22:20:40 -0400

Available diffs

• diff from 0.13.62-2 to 0.13.62-3 (546 bytes)

zziplib (0.13.62-2) unstable; urgency=low


  * Merge in Ubuntu changes to use dh-autoreconf to ensure package
    remains buildable across future ports. Thanks to Steve Langasek.
    (Closes: #736810)

 -- Scott Howard <email address hidden>  Sun, 26 Jan 2014 18:54:39 -0500

Available diffs

• diff from 0.13.56-2ubuntu1 (in Ubuntu) to 0.13.62-2 (134.4 KiB)

zziplib (0.13.56-2ubuntu1) trusty; urgency=medium

  * Merge from Debian unstable, remaining changes:
    - Use dh-autoreconf.
    - Fix handling of @RESOLVE@ for newer autotools.
    - zzip/Makefile.am: fix install target dependencies.
  * Migrate Ubuntu changes to 3.0 (quilt) format.

Available diffs

• diff from 0.13.56-1.1ubuntu2 to 0.13.56-2ubuntu1 (20.6 KiB)

zziplib (0.13.56-1.1ubuntu2) trusty; urgency=medium

  * Use dh-autoreconf.
  * Fix handling of @RESOLVE@ for newer autotools.
  * zzip/Makefile.am: fix install target dependencies.
 -- Steve Langasek <email address hidden>   Fri, 13 Dec 2013 20:28:33 +0000

Available diffs

• diff from 0.13.56-1.1ubuntu1 to 0.13.56-1.1ubuntu2 (1.7 KiB)

zziplib (0.13.56-1.1ubuntu1) saucy; urgency=low

  * Update config.{guess,sub}.
 -- Matthias Klose <email address hidden>   Tue, 23 Jul 2013 14:16:21 +0200

Available diffs

• diff from 0.13.56-1.1 (in Debian) to 0.13.56-1.1ubuntu1 (15.3 KiB)

zziplib (0.13.56-1.1) unstable; urgency=low


  * Non-maintainer upload.
  * Fix "FTBFS: x86_64-linux-gnu-gcc: error: unrecognized option 
    '--export-dynamic'": apply patch from Ubuntu / Matthias Klose: 
    - Pass correct linker option. LP: #832895. Closes: #625064.
  * Fix "Emptying dependency_libs in .la files": use recipe provided by Neil
    Williams in the bug report. Closes: #633335

 -- gregor herrmann <email address hidden>  Thu, 06 Oct 2011 20:07:37 +0200

zziplib (0.13.56-1ubuntu1) oneiric; urgency=low

  * Pass correct linker option. LP: #832895. Closes: #625064.
 -- Matthias Klose <email address hidden>   Mon, 12 Sep 2011 09:51:08 +0200

Available diffs

• diff from 0.13.56-1 to 0.13.56-1ubuntu1 (496 bytes)

zziplib (0.13.56-1) unstable; urgency=low

  * New Upstream Version
    - update debian/man3.patch
    - remove msvc8/zip.exe and msvc7/pkzip.exe
  * Upgrade the standard version to 3.8.2
  * Add the vcs information to debian/control
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  06 Nov 2009 10:41:49 +0000

Available diffs

• diff from 0.13.54-1 to 0.13.56-1 (14.3 KiB)

zziplib (0.13.54-1) unstable; urgency=low

  * New Maintainer. Closes: #529561
  * New Upstream Version. Closes: #530850
  * Fixed the lintian warnings of manpages.
  * 01-fetch.patch: dropped as it was merged upstream

 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  15 Jun 2009 11:19:14 +0100

Available diffs

• diff from 0.13.50-1 to 0.13.54-1 (529.3 KiB)

zziplib (0.13.50-1) unstable; urgency=low

  * New upstream version 
    - Update 01-fetch.patch
  * debhelper compat version is 7
  * Standards version is 3.8.1
  * Run dh_prep instead of dh_clean -k
  * Add debian/watch

 -- Ubuntu Archive Auto-Sync <email address hidden>   Wed,  29 Apr 2009 12:17:55 +0100

Available diffs

• diff from 0.13.49-4 to 0.13.50-1 (171.0 KiB)

zziplib (0.13.49-4) unstable; urgency=low

  * NMU acknowledgement. Closes: #443880 
  * Fixed the following lintian issues:
    - zziplib source: out-of-date-standards-version 3.7.2 (current is 3.7.3)
    - zziplib: description-contains-homepage

zziplib (0.13.49-3) unstable; urgency=low

  * Fixed SIGSEGV on hppa, ia64, sparc, closes: #443880.
    Patch by brian m. carlson <email address hidden>
    Patch: 01-zip.c.patch
  * Fixed FTBFS if build twice in a row, closes: #442779.
  * Build-depends on quilt

 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  15 Nov 2007 14:17:34 +0000

zziplib (0.13.49-2) unstable; urgency=low

  * debian/rules: added configure option --datadir, closes: #439395.

zziplib (0.12.83-8) unstable; urgency=low

  * New maintainer.
  * Fixed "libzzip-dev: Override says libdevel - optional, .deb says
    devel - optional".

zziplib (0.12.83-6) unstable; urgency=low

  * bins/zziptest.c: fixed a cast to pointer from integer of different size.
  * Bumped Standards-Version to 3.7.2 (nochanges).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  15 Jun 2006 16:32:04 +0100

zziplib (0.12.83-5) unstable; urgency=low


  * zzip/zzip.h: include sys/types.h instead of stddef.h, so that zziplib
    could be built on GNU/Hurd and GNU/kFreeBSD.

 -- Aurelien Jarno <email address hidden>  Sun,  3 Jul 2005 11:42:08 +0200

zziplib (0.12.83-1) unstable; urgency=low


  * New upstream version.

 -- Aurelien Jarno <email address hidden>  Sun, 26 Sep 2004 21:48:52 +0200

zziplib (0.10.82-1) unstable; urgency=low


  * Initial Release (closes: bug#173511, bug#222397).

 -- Aurelien Jarno <email address hidden>  Mon, 29 Mar 2004 12:41:28 +0200