unzip (6.0-28ubuntu4.1) noble-security; urgency=medium
* SECURITY UPDATE: Null pointer dereference in unzip (LP: #1957077)
- debian/patches/CVE-2021-4217.patch: Fix null pointer dereference and
use of uninitialized data.
- CVE-2021-4217
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 02 Oct 2024 09:29:19 -0400
unzip (6.0-28ubuntu4) noble; urgency=high
* No change rebuild for 64-bit time_t and frame pointers.
-- Julian Andres Klode <juliank@ubuntu.com> Mon, 08 Apr 2024 18:21:21 +0200
unzip (6.0-28ubuntu3) noble; urgency=medium
* d/t/*: Added autopkgtest (LP: #2023994)
* d/p/29-fix-troff-warning.patch:
Removes monospace directives to fix troff warnings (LP: #2054670)
* d/p/20-unzip60-alt-iconv-utf8.patch
* Refreshed as ab-style patch.
* Added documentation for `-I` and `-O` options to `unzip -hh`.
* Added documentation for `-I` and `-O` options to unzip (man/unzip.1) and
zipinfo (man/zipinfo.1) man pages (LP: #138307).
* Fixed garbled output when `zipinfo` or `unzip -Z` is called
without arguments (LP: #1429939).
-- Dominik Viererbe <dominik.viererbe@canonical.com> Thu, 22 Feb 2024 02:48:49 +0200
unzip (6.0-28ubuntu2) noble; urgency=medium
* Properly handle Microsoft ZIP64 file (LP: #2051952)
- debian/patches/handle_windows_zip64.patch: ignore invalid "Total
number of disks" field in process.c.
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 01 Feb 2024 10:48:08 -0500
unzip (6.0-28ubuntu1) mantic; urgency=medium
* Merge from Debian unstable (LP: #2021565). Remaining changes:
- d/p/20-unzip60-alt-iconv-utf8.patch: Add patch from archlinux
which adds the -O option, allowing a charset to be specified
for the proper unzipping of non-Latin and non-Unicode filenames.
-- Dominik Viererbe <dominik.viererbe@canonical.com> Tue, 30 May 2023 13:34:18 +0300
unzip (6.0-28) unstable; urgency=medium
* Drop debian/source/lintian-overrides, obsolete since version 6.0-18.
* Update URI for Info-ZIP license in copyright file.
* Update standards version to 4.6.2.
* Run wrap-and-sort.
* Update Homepage.
-- Santiago Vila <sanvila@debian.org> Sun, 19 Feb 2023 19:02:00 +0100
unzip (6.0-27ubuntu1) kinetic; urgency=medium
* Merge from Debian unstable (LP: #198740)
Remaining changes:
- Add patch from archlinux which adds the -O option, allowing a charset
to be specified for the proper unzipping of non-Latin and non-Unicode
filenames.
-- Heinrich Schuchardt <heinrich.schuchardt@canonical.com> Tue, 23 Aug 2022 14:51:42 +0200
unzip (6.0-27) unstable; urgency=medium
* Apply upstream patch for CVE-2022-0529 and CVE-2022-0530.
- Fix null pointer dereference on invalid UTF-8 input.
- Fix wide string conversion in process.c.
Closes: #1010355.
-- Santiago Vila <sanvila@debian.org> Tue, 02 Aug 2022 19:05:00 +0200
unzip (6.0-26ubuntu3) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Fri, 25 Mar 2022 10:59:33 +0100
unzip (6.0-26ubuntu2) impish; urgency=medium
* No-change rebuild to build packages with zstd compression.
-- Matthias Klose <doko@ubuntu.com> Thu, 07 Oct 2021 12:25:55 +0200
unzip (6.0-26ubuntu1) hirsute; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add patch from archlinux which adds the -O option, allowing a charset
to be specified for the proper unzipping of non-Latin and non-Unicode
filenames.
-- Steve Langasek <steve.langasek@ubuntu.com> Fri, 29 Jan 2021 12:10:20 -0800
unzip (6.0-26) unstable; urgency=medium
* Two more patches from Mark Adler for CVE-2019-13232. Closes: #963996.
- Fix bug in UZbunzip2() that incorrectly updated G.incnt.
- Fix bug in UZinflate() that incorrectly updated G.incnt.
* Avoid weird zipgrep errors when no members are present.
Thanks to Kevin Locke. Closes: #972233.
* Update dependency on debhelper.
-- Santiago Vila <sanvila@debian.org> Sun, 10 Jan 2021 15:34:00 +0100
unzip (6.0-25ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add patch from archlinux which adds the -O option, allowing a charset
to be specified for the proper unzipping of non-Latin and non-Unicode
filenames.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 15 Aug 2019 23:39:12 -0700
unzip (6.0-25) unstable; urgency=medium
* Apply one more patch by Mark Adler:
- Do not raise a zip bomb alert for a misplaced central directory.
This should allow Firefox to build again. Closes: #932404.
Reported by Peter Green. Hopefully CVE-2019-13232 is fixed now.
-- Santiago Vila <sanvila@debian.org> Sat, 27 Jul 2019 18:01:36 +0200
unzip (6.0-24ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- Add patch from archlinux which adds the -O option, allowing a charset
to be specified for the proper unzipping of non-Latin and non-Unicode
filenames.
-- Steve Langasek <steve.langasek@ubuntu.com> Mon, 15 Jul 2019 22:02:02 -0700
unzip (6.0-24) unstable; urgency=medium
* Apply two patches by Mark Adler:
- Fix bug in undefer_input() that misplaced the input state.
- Detect and reject a zip bomb using overlapped entries. Closes: #931433.
Bug discovered by David Fifield. For reference, this is CVE-2019-13232.
-- Santiago Vila <sanvila@debian.org> Thu, 11 Jul 2019 18:03:34 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog unzip`.
Generated by dwww version 1.16 on Mon Dec 15 21:02:23 CET 2025.