Relevant change,
+5.52 (28 Feb 05):
+ - win32/win32.c - defer_dir_attribs(): fixed critical "mem-access to
+ nirwana" bug when processing directory entries without any local
+ extra field; added some explaining comments
Changes:
The 5.52 maintenance release fixes a few minor problems found in the 5.51
release, closes some more security holes, adds a new AtheOS port, and
contains a Win32 extra-field code cleanup that was not finished earlier.
The most important changes are:
- (re)enabled unshrinking support by default, the LZW patents have expired
- fixed an extraction size bug for encrypted stored entries (12 excess bytes
were written with 5.51)
- fixed false "uncompressed size mismatch" messages when extracting encrypted
archive entries
- do not restore SUID/SGID/Tacky attribute bits on Unix (BeOS, AtheOS) unless
explicitely requested by new "-K" command line qualifier
- optional support for "-W" qualifier to modify the pattern matching syntax
(with -W: "*" stops at directory delimiter, "**" matches unlimited)
- prevent buffer overflow caused by bogus extra-long Zipfile specification
- performance enhancements for VMS port
- fixed windll interface handling of its extraction mode qualifiers nfflag,
ExtractOnlyNewer, noflag, PromptToOverwrite; added detailed explanation of
their meanings and interactions to the windll documentation
PR pkg/25768.
New features:
5.51a (09 Mar 02):
- no new features
5.51b (11 Jan 03):
- TANDEM: new -r option to suppress extension merging [Dave Smith]
- WinCE, new port in addition to pUnZip (GUI): command line tool usable for
"batch" processes (not quite finished, needs "makefile" cleanup, tests,
and refinements) [Simon Roberts, SPC]
- SET_DIR_ATTRIB feature code revised and reorganized to allow seamless
adaption to different OS environments; added support for restoring
directory timestamps to the WIN32 port [Kai-Uwe-Rommel, SPC]
5.51c (13 May 03):
- WinCE command line tool integration is (almost) finished: project file is
cleaned up and works with VC-embedded 3.0; port needs testing... [SPC]
5.51d (27 Feb 04):
- Cygwin is recognized as a target in the Unix port
[Charles Wilson, Cosmin Truta, SPC]
- remove support for quoting characters from all ports; this feature was a
security hole [SPC]
5.51e (01 Mar 04):
- Win32 port (list.c, unzpriv.h, win32.c, w32cfg.h): the date in (non-ZipInfo)
listings is displayed using the separator given by the system's locale,
when available [Cosmin Truta]
See History.551 in distfile for complete bug fix history.
before -lz, ensuring we only link against pkgsrc libz.
fixes a problem on Solaris where the linker would find and use
/usr/lib/libz.so *and* ${LOCALBASE}/lib/libz.so which fails at
runtime because the versions differ.
Extract from History.550:
- generic (inflate.c, globals.h, fileio.c, unzpriv.h): integrated support of
Deflate64
- added Deflate64 support to fUnZip
- SFX: made SFX_EXDIR default, added NO_SFXEXDIR option to allow switching
off the "-d exdir" support
- SFX: added simple "execute command after extraction" feature that uses a
command specification supplied with the Zip archive comment, controlled
by the CHEAP_SFX_AUTORUN compile time option
- SFX: slightly refined the CHEAP_SFX_AUTORUN code, switched off SFX_EXDIR
when CHEAP_SFX_AUTORUN is enabled, documented the new autorun feature
- extract.c, TestExtraField(): added crc32 check for PKVMS e.f. type
- extract.c, extract_or_test_entrylist(): added code for "stripping off
absolute path spec" when extracting
- unzip.h, unzip.c; mapname() in all ports except CMS/MVS, Tandem, TOPS20:
added code to strip "../" path components from extracted names and new
option "-:" to allow deactivating this security feature; changed mapname()
calling interface to allow reporting warning error levels to caller
- unzpriv.h, zipinfo.c: rudimentary support for recognizing PKWARE's new
"64-bit size specs" extra field
As well as bug fixes, including the USE_ZLIB problem.
