aboutsummaryrefslogtreecommitdiff
path: root/contrib/minizip (follow)
Commit message (Collapse)AuthorAgeFilesLines
* zlib 1.3.1v1.3.1masterMark Adler2024-01-221-1/+1
|
* Use Makefile compiler for minizip-test target.Mark Adler2024-01-211-1/+1
|
* Correct typos in source code.Dimitri Papadopoulos2024-01-171-1/+1
|
* Neutralize zip file traversal attacks in miniunz.Matt Wilson2024-01-171-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | Archive formats such as .zip files are generally susceptible to so-called "traversal attacks". This allows an attacker to craft an archive that writes to unexpected locations of the file system (e.g., /etc/shadow) if an unspecting root user were to unpack a malicious archive. This patch neutralizes absolute paths such as /tmp/moo and deeply relative paths such as dummy/../../../../../../../../../../tmp/moo The Debian project requested CVE-2014-9485 be allocated for the first identified weakness. The fix was incomplete, resulting in a revised patch applied here. Since there wasn't an updated version released by Debian with the incomplete fix, I suggest we use this CVE to identify both issues. Link: https://security.snyk.io/research/zip-slip-vulnerability Link: https://bugs.debian.org/774321 Link: https://bugs.debian.org/776831 Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 Reported-by: Jakub Wilk <jwilk@debian.org> Fixed-by: Michael Gilbert <mgilbert@debian.org>
* Fix random typos over several source and text files.THE-Spellchecker2024-01-173-5/+5
|
* Correct case of MSDOS in contrib/minizip/miniunz.c.William Leara2024-01-171-1/+1
|
* Refer to correct function in contrib/minizip/unzip.c comment.William Leara2024-01-171-1/+1
|
* Correct repeated words in source file comments and a readme.Paul Ivanov2023-11-143-5/+5
|
* Fix decision on the emission of Zip64 end records in minizip.Mark Adler2023-11-071-1/+1
| | | | | | | | | | The appnote says that if the number of entries in the end record is 0xffff, then the actual number of entries will be found in the Zip64 end record. Therefore if the number of entries is equal to 0xffff, it can't be in the end record by itself, since that is an instruction to get the number from the Zip64 end record. This code would just store 0xffff in the end record in that case, not making a Zip64 end record. This commit fixes that.
* Update miniunz version.tbeu2023-08-201-1/+1
|
* Reject overflows of zip header fields in minizip.Hans Wennborg2023-08-191-0/+11
| | | | | | | | This checks the lengths of the file name, extra field, and comment that would be put in the zip headers, and rejects them if they are too long. They are each limited to 65535 bytes in length by the zip format. This also avoids possible buffer overflows if the provided fields are too long.
* Change version number on develop branch to 1.3.0.1.Mark Adler2023-08-181-1/+1
|
* zlib 1.3v1.3Mark Adler2023-08-181-1/+1
|
* Avoid uninitialized and unused warnings in contrib/minizip.Mark Adler2023-08-172-2/+8
|
* Remove redundant includes in minizip.Mark Adler2023-08-132-4/+0
|
* Remove TRYFREE macro from minizip.Mark Adler2023-08-132-25/+19
|
* Read multiple bytes instead of byte-by-byte in minizip unzip.c.Eugene Golushkov2023-08-031-96/+38
| | | | | Use a single ZREAD64 call in the unz64local_getShort/Long/Long64 implementation, rather than read it byte by byte.
* Support Haiku in minizip.Gilles Vollant2023-08-034-4/+4
|
* Correct dummy filetime() prototype in minizip.c.Xiang Xiao2023-08-031-1/+1
| | | | Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com>
* Match sign of printf directive to sign of argument in minizip.Mark Adler2023-07-291-1/+1
|
* Fix logic error in minizip argument processing.Mark Adler2023-07-291-1/+1
|
* Fix typos found by codespell in minizipDimitri Papadopoulos2023-07-298-36/+36
|
* Fix reading disk number start on zip64 files in minizip.Mark Adler2023-07-291-4/+2
|
* Remove duplicated code #806Gilles Vollant2023-07-291-1/+0
|
* minizip: Fix being unable to open empty zip fileRedworkDE2023-07-291-22/+26
|
* Fix cast in minizip's ioapi.c for Windows.Mark Adler2023-04-171-1/+1
|
* Remove K&R function definitions from contrib/minizip.Mark Adler2023-04-1512-759/+514
|
* Change version number on develop branch to 1.2.13.1.Mark Adler2022-10-151-1/+1
|
* zlib 1.2.13v1.2.13Mark Adler2022-10-121-1/+1
|
* Find other BSD's without *64 functions in contrib/minizip/ioapi.h.Mark Adler2022-10-101-1/+1
|
* Avoid C89 warning in contrib/minizip/crypt.h.Mark Adler2022-10-101-1/+1
|
* Comment out unused code in contrib/minizip/minizip.c.Mark Adler2022-10-091-2/+2
|
* Remove some harmless semicolons in minizip.Mark Adler2022-10-062-2/+2
|
* Security and warning fixes for minizip. [gvollant]Mark Adler2022-10-062-7/+4
| | | | Remove unused code and unnecessary test for free().
* Fix incorrect cast in minizip's ioapi.c.Mark Adler2022-10-061-1/+1
|
* Fix c89 compatibility in minizip's ioapi.c. [gvollant]Mark Adler2022-10-061-10/+10
|
* Fix compile with Windows 10 SDK. (gvollant)Mark Adler2022-03-281-0/+5
|
* Change version number on develop branch to 1.2.12.1.Mark Adler2022-03-271-1/+1
|
* zlib 1.2.12v1.2.12Mark Adler2022-03-271-1/+1
|
* Clean up minizip to reduce warnings for testing.Mark Adler2022-01-019-87/+96
| | | | Also fix Makefile test target and permit added compile options.
* Fix unztell64() in minizip to work past 4GB. (Daniël Hörchner)Mark Adler2022-01-011-0/+3
| | | | | | | | | | | | The issue is that unztell64() does not return the correct value if the position in the current file (in the ZIP archive) is beyond 4 GB. The cause is that unzReadCurrentFile() does not account for pfile_in_zip_read_info->stream.total_out at line 1854 of unzip.c wrapping around (it is a 32-bit variable). So, on line 1860 uTotalOutAfter can be *less* than uTotalOutBefore, propagating the wraparound to uOutThis, which in turn is added to pfile_in_zip_read_info->total_out_64. That has the effect of subtracting 4 GB.
* minizip warning fix if MAXU32 already defined. (gvollant)Mark Adler2021-12-311-3/+5
|
* Fix indentation in minizip's zip.c.Mark Adler2021-07-081-2/+2
|
* Improve portability of contrib/minizip.Mark Adler2021-02-104-10/+21
|
* Change version number to 1.2.11.1.Mark Adler2017-01-151-1/+1
|
* zlib 1.2.11v1.2.11Mark Adler2017-01-151-1/+1
|
* Change version number to 1.2.10.1.Mark Adler2017-01-151-1/+1
|
* zlib 1.2.10v1.2.10Mark Adler2017-01-021-1/+1
|
* Change version number to zlib 1.2.9.1.Mark Adler2017-01-011-1/+1
|
* zlib 1.2.9v1.2.9Mark Adler2016-12-311-1/+1
|