| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | zlib 1.3.1v1.3.1master | Mark Adler | 2024-01-22 | 19 | -40/+40 |
| | | |||||
| * | Use Makefile compiler for minizip-test target. | Mark Adler | 2024-01-21 | 1 | -1/+1 |
| | | |||||
| * | Correct typos in source code. | Dimitri Papadopoulos | 2024-01-17 | 2 | -5/+5 |
| | | |||||
| * | Neutralize zip file traversal attacks in miniunz. | Matt Wilson | 2024-01-17 | 1 | -0/+14 |
| | | | | | | | | | | | | | | | | | | | | | | | | | Archive formats such as .zip files are generally susceptible to so-called "traversal attacks". This allows an attacker to craft an archive that writes to unexpected locations of the file system (e.g., /etc/shadow) if an unspecting root user were to unpack a malicious archive. This patch neutralizes absolute paths such as /tmp/moo and deeply relative paths such as dummy/../../../../../../../../../../tmp/moo The Debian project requested CVE-2014-9485 be allocated for the first identified weakness. The fix was incomplete, resulting in a revised patch applied here. Since there wasn't an updated version released by Debian with the incomplete fix, I suggest we use this CVE to identify both issues. Link: https://security.snyk.io/research/zip-slip-vulnerability Link: https://bugs.debian.org/774321 Link: https://bugs.debian.org/776831 Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485 Reported-by: Jakub Wilk <jwilk@debian.org> Fixed-by: Michael Gilbert <mgilbert@debian.org> | ||||
| * | Fix random typos over several source and text files. | THE-Spellchecker | 2024-01-17 | 5 | -8/+8 |
| | | |||||
| * | Correct case of MSDOS in contrib/minizip/miniunz.c. | William Leara | 2024-01-17 | 1 | -1/+1 |
| | | |||||
| * | Refer to correct function in contrib/minizip/unzip.c comment. | William Leara | 2024-01-17 | 1 | -1/+1 |
| | | |||||
| * | Correct repeated words in source file comments and a readme. | Paul Ivanov | 2023-11-14 | 4 | -7/+7 |
| | | |||||
| * | Fix decision on the emission of Zip64 end records in minizip. | Mark Adler | 2023-11-07 | 1 | -1/+1 |
| | | | | | | | | | | | The appnote says that if the number of entries in the end record is 0xffff, then the actual number of entries will be found in the Zip64 end record. Therefore if the number of entries is equal to 0xffff, it can't be in the end record by itself, since that is an instruction to get the number from the Zip64 end record. This code would just store 0xffff in the end record in that case, not making a Zip64 end record. This commit fixes that. | ||||
| * | Update miniunz version. | tbeu | 2023-08-20 | 1 | -1/+1 |
| | | |||||
| * | Update version and date in contrib/nuget. | Mark Adler | 2023-08-19 | 1 | -2/+2 |
| | | |||||
| * | Update version numbers and year in contrib/vstudio/vc17. | Mark Adler | 2023-08-19 | 2 | -5/+5 |
| | | |||||
| * | Update vc directory in contrib/nuget. | Mark Adler | 2023-08-19 | 1 | -8/+8 |
| | | |||||
| * | Rename contrib/vstudio/vc143 to vc17. | Mark Adler | 2023-08-19 | 9 | -0/+0 |
| | | | | | | This makes it consistent with the other vstudio projects, which use the version number. | ||||
| * | Reject overflows of zip header fields in minizip. | Hans Wennborg | 2023-08-19 | 1 | -0/+11 |
| | | | | | | | | | This checks the lengths of the file name, extra field, and comment that would be put in the zip headers, and rejects them if they are too long. They are each limited to 65535 bytes in length by the zip format. This also avoids possible buffer overflows if the provided fields are too long. | ||||
| * | Add project and solution files for building a nuget package. | AraHaan | 2023-08-19 | 2 | -0/+65 |
| | | |||||
| * | Add VS2022 project files. | AraHaan | 2023-08-19 | 10 | -1/+3549 |
| | | | | | Also replaced Itanium with ARM and ARM64 configurations. | ||||
| * | Remove carriage returns from contrib/vstudio/readme.txt. | Mark Adler | 2023-08-19 | 1 | -75/+75 |
| | | |||||
| * | Change version number on develop branch to 1.3.0.1. | Mark Adler | 2023-08-18 | 9 | -20/+20 |
| | | |||||
| * | zlib 1.3v1.3 | Mark Adler | 2023-08-18 | 16 | -33/+33 |
| | | |||||
| * | Avoid uninitialized and unused warnings in contrib/minizip. | Mark Adler | 2023-08-17 | 2 | -2/+8 |
| | | |||||
| * | Add license to contrib/untgz. | Bastian Germann | 2023-08-17 | 1 | -0/+16 |
| | | | | | A zlib license was agreed to by the authors. | ||||
| * | Fix typos in contrib/ada. | Dimitri Papadopoulos | 2023-08-14 | 2 | -3/+3 |
| | | |||||
| * | Remove redundant includes in minizip. | Mark Adler | 2023-08-13 | 2 | -4/+0 |
| | | |||||
| * | Remove TRYFREE macro from minizip. | Mark Adler | 2023-08-13 | 2 | -25/+19 |
| | | |||||
| * | Fix some spelling errors. | Dimitri Papadopoulos | 2023-08-03 | 8 | -11/+11 |
| | | |||||
| * | Read multiple bytes instead of byte-by-byte in minizip unzip.c. | Eugene Golushkov | 2023-08-03 | 1 | -96/+38 |
| | | | | | | Use a single ZREAD64 call in the unz64local_getShort/Long/Long64 implementation, rather than read it byte by byte. | ||||
| * | Support Haiku in minizip. | Gilles Vollant | 2023-08-03 | 4 | -4/+4 |
| | | |||||
| * | Correct dummy filetime() prototype in minizip.c. | Xiang Xiao | 2023-08-03 | 1 | -1/+1 |
| | | | | | Signed-off-by: Xiang Xiao <xiaoxiang@xiaomi.com> | ||||
| * | Match sign of printf directive to sign of argument in testzlib. | Mark Adler | 2023-07-29 | 1 | -1/+1 |
| | | |||||
| * | Match sign of printf directive to sign of argument in minizip. | Mark Adler | 2023-07-29 | 1 | -1/+1 |
| | | |||||
| * | Fix logic error in minizip argument processing. | Mark Adler | 2023-07-29 | 1 | -1/+1 |
| | | |||||
| * | Fix typos found by codespell in minizip | Dimitri Papadopoulos | 2023-07-29 | 8 | -36/+36 |
| | | |||||
| * | Fix reading disk number start on zip64 files in minizip. | Mark Adler | 2023-07-29 | 1 | -4/+2 |
| | | |||||
| * | Remove duplicated code #806 | Gilles Vollant | 2023-07-29 | 1 | -1/+0 |
| | | |||||
| * | minizip: Fix being unable to open empty zip file | RedworkDE | 2023-07-29 | 1 | -22/+26 |
| | | |||||
| * | Fix cast in minizip's ioapi.c for Windows. | Mark Adler | 2023-04-17 | 1 | -1/+1 |
| | | |||||
| * | Remove use of OF() from contrib/untgz and render it compilable. | Mark Adler | 2023-04-15 | 1 | -35/+12 |
| | | |||||
| * | Remove K&R function definitions from contrib/minizip. | Mark Adler | 2023-04-15 | 12 | -759/+514 |
| | | |||||
| * | Remove K&R function definitions from infback9. | Mark Adler | 2023-04-15 | 4 | -37/+20 |
| | | |||||
| * | Change version number on develop branch to 1.2.13.1. | Mark Adler | 2022-10-15 | 11 | -22/+22 |
| | | |||||
| * | zlib 1.2.13v1.2.13 | Mark Adler | 2022-10-12 | 11 | -22/+22 |
| | | |||||
| * | Find other BSD's without *64 functions in contrib/minizip/ioapi.h. | Mark Adler | 2022-10-10 | 1 | -1/+1 |
| | | |||||
| * | Avoid C89 warning in contrib/minizip/crypt.h. | Mark Adler | 2022-10-10 | 1 | -1/+1 |
| | | |||||
| * | Comment out unused code in contrib/minizip/minizip.c. | Mark Adler | 2022-10-09 | 1 | -2/+2 |
| | | |||||
| * | Remove some harmless semicolons in minizip. | Mark Adler | 2022-10-06 | 2 | -2/+2 |
| | | |||||
| * | Security and warning fixes for minizip. [gvollant] | Mark Adler | 2022-10-06 | 2 | -7/+4 |
| | | | | | Remove unused code and unnecessary test for free(). | ||||
| * | Fix incorrect cast in minizip's ioapi.c. | Mark Adler | 2022-10-06 | 1 | -1/+1 |
| | | |||||
| * | Fix c89 compatibility in minizip's ioapi.c. [gvollant] | Mark Adler | 2022-10-06 | 1 | -10/+10 |
| | | |||||
| * | Remove deleted assembler code references. | Mark Adler | 2022-10-06 | 25 | -542/+188 |
| | | | | | | | The code was removed, but the builds that used the code were not updated. This fixes that. Thanks to Adenilson and toxieainc for the patches. | ||||
 |
index : zlib | |
| A mirror of https://github.com/madler/zlib.git |
| aboutsummaryrefslogtreecommitdiff |