Commit Graph

199 Commits

Author SHA1 Message Date
Mark Adler
fff132fe7c Avoid the use of a reserved macro name in contrib/minizip/ioapi.h. 2024-09-01 13:16:26 -07:00
Mark Adler
4cacc3562b Add header file dependencies to contrib/minizip/Makefile. 2024-07-31 22:32:56 -07:00
Mark Adler
be24a8f4ca Avoid use of stdint.h in contrib/minizip. 2024-07-31 22:32:47 -07:00
Mark Adler
e011d8c164 Add deflateUsed() function to get the used bits in the last byte.
This returns the number of used bits in the last byte of a stream
that has just been compressed with deflate.
2024-07-01 19:34:40 -05:00
Mark Adler
7e6f0784cc Remedy conflict between libzip and minizip zip.h.
minizip.pc.in would add @include@/minizip to the include path,
which would permit simply #include <zip.h> to use minizip. However
that conflicts with the zip.h from libzip that is put in the root
include directory. This now does not add /minizip to the include
path. Now when using pkg-config, #include <minizip/zip.h> must be
used, where #include <zip.h> would be used for libzip. This is an
incompatible change with the previous state. Users of minizip and
pkg-config will need to update their code. #include <unzip.h> will
need to be updated to #include <minizip/unzip.h> as well.
2024-06-04 09:36:01 -07:00
Matthieu Longo
1b70083bed Replace autotools macro AC_HELP_STRING with AS_HELP_STRING.
In minizip's configure.ac. AC_HELP_STRING is obsolete.
2024-04-29 18:14:17 -07:00
Lwisce Zeng
2ba25b2dda Use z_const for setting msg to literal strings. 2024-04-01 11:49:05 -07:00
Mark Adler
0f51fb4933 Avert minizip warnings for MSVC. 2024-03-29 12:20:37 -07:00
Mark Adler
d201f04c72 Avoid conversion warning on 32-bit architectures in minizip. 2024-03-22 22:47:36 -07:00
Alexander Miller
f02ea29e5f Improve detection of UNIX-style systems in minizip.
Not all toolchains on UNIX-style operating systems predefine
"unix". For example, it's missing on NetBSD, OpenBSD/gcc, AIX,
HP-UX. There is no single macro defined everywhere, but checking
both "__unix__" and "__unix" should cover everything except macOS,
which is already checked for using "__APPLE__".

Note that case sensitivity should default to off on macOS and
cygwin, so the check there is different.
2024-03-16 11:18:50 -07:00
Mark Adler
99b229487c Avoid signed shift in minizip zip.c. 2024-03-12 13:40:57 -07:00
Mark Adler
f60ce91139 Improve random number seeding in skipset.h. 2024-03-10 23:21:10 -07:00
Mark Adler
4a5e3e7d25 Add zipAlreadyThere() to minizip zip.c to help avoid duplicates. 2024-03-10 00:37:23 -08:00
Mark Adler
54e205f878 Permit changing minizip Makefile optimization with CFLAGS. 2024-03-09 23:53:44 -08:00
Mark Adler
fd5fe8b17e Further address Microsoft deprecation warnings. 2024-02-09 20:11:54 -08:00
Mark Adler
985a62d118 Address Microsoft deprecation warnings. 2024-02-08 18:45:49 -08:00
Justin Dhillon
504403f3e4 Fix broken links. 2024-02-07 15:35:51 -08:00
Mark Adler
b14484997a Fix version numbers in vstudio definition files.
They can only have a major and a minor version.
2024-01-28 12:54:11 -08:00
Mark Adler
f56ad0aafa Note termination of returned strings in contrib/minizip/unzip.h. 2024-01-23 12:00:26 -08:00
Mark Adler
d4eaa1d939 Avoid unterminated file name in contrib/minizip/miniunz.c. 2024-01-23 08:19:24 -08:00
Mark Adler
da5937705d Permit compiling contrib/minizip/unzip.c with decryption. 2024-01-23 08:02:38 -08:00
Mark Adler
9f0f2d4f9f Change version number on develop branch to 1.3.1.1. 2024-01-22 13:07:41 -08:00
Mark Adler
51b7f2abda zlib 1.3.1 2024-01-22 10:32:37 -08:00
Mark Adler
c06dfecb8a Use Makefile compiler for minizip-test target. 2024-01-21 09:25:44 -08:00
Dimitri Papadopoulos
fe41d18921 Correct typos in source code. 2024-01-17 16:43:38 -08:00
Matt Wilson
14a5f8f266 Neutralize zip file traversal attacks in miniunz.
Archive formats such as .zip files are generally susceptible to
so-called "traversal attacks". This allows an attacker to craft
an archive that writes to unexpected locations of the file system
(e.g., /etc/shadow) if an unspecting root user were to unpack a
malicious archive.

This patch neutralizes absolute paths such as /tmp/moo and deeply
relative paths such as dummy/../../../../../../../../../../tmp/moo

The Debian project requested CVE-2014-9485 be allocated for the
first identified weakness. The fix was incomplete, resulting in a
revised patch applied here. Since there wasn't an updated version
released by Debian with the incomplete fix, I suggest we use this
CVE to identify both issues.

Link: https://security.snyk.io/research/zip-slip-vulnerability
Link: https://bugs.debian.org/774321
Link: https://bugs.debian.org/776831
Link: https://nvd.nist.gov/vuln/detail/CVE-2014-9485
Reported-by: Jakub Wilk <jwilk@debian.org>
Fixed-by: Michael Gilbert <mgilbert@debian.org>
2024-01-17 15:08:08 -08:00
THE-Spellchecker
01155ccc3f Fix random typos over several source and text files. 2024-01-17 13:49:11 -08:00
William Leara
190168cc1c Correct case of MSDOS in contrib/minizip/miniunz.c. 2024-01-17 12:48:27 -08:00
William Leara
762cf49e63 Refer to correct function in contrib/minizip/unzip.c comment. 2024-01-17 12:46:14 -08:00
Paul Ivanov
643e17b749 Correct repeated words in source file comments and a readme. 2023-11-14 18:44:32 -08:00
Mark Adler
15c45adb76 Fix decision on the emission of Zip64 end records in minizip.
The appnote says that if the number of entries in the end record
is 0xffff, then the actual number of entries will be found in the
Zip64 end record. Therefore if the number of entries is equal to
0xffff, it can't be in the end record by itself, since that is an
instruction to get the number from the Zip64 end record. This code
would just store 0xffff in the end record in that case, not making
a Zip64 end record. This commit fixes that.
2023-11-07 15:46:41 -08:00
tbeu
88e50f1705 Update miniunz version. 2023-08-20 11:38:03 -07:00
Mark Adler
79a0e447a0 Update version and date in contrib/nuget. 2023-08-19 23:17:29 -07:00
Mark Adler
8988e03256 Update version numbers and year in contrib/vstudio/vc17. 2023-08-19 17:13:12 -07:00
Mark Adler
7192d692be Update vc directory in contrib/nuget. 2023-08-19 17:07:35 -07:00
Mark Adler
60bfe641af Rename contrib/vstudio/vc143 to vc17.
This makes it consistent with the other vstudio projects, which
use the version number.
2023-08-19 12:13:00 -07:00
Hans Wennborg
73331a6a04 Reject overflows of zip header fields in minizip.
This checks the lengths of the file name, extra field, and comment
that would be put in the zip headers, and rejects them if they are
too long. They are each limited to 65535 bytes in length by the zip
format. This also avoids possible buffer overflows if the provided
fields are too long.
2023-08-19 11:56:12 -07:00
AraHaan
4a47c1bf3d Add project and solution files for building a nuget package. 2023-08-19 10:57:26 -07:00
AraHaan
d7de5971f4 Add VS2022 project files.
Also replaced Itanium with ARM and ARM64 configurations.
2023-08-19 10:54:50 -07:00
Mark Adler
4c5a81c2ae Remove carriage returns from contrib/vstudio/readme.txt. 2023-08-19 10:43:36 -07:00
Mark Adler
3a98b57e55 Change version number on develop branch to 1.3.0.1. 2023-08-18 13:23:07 -07:00
Mark Adler
09155eaa2f zlib 1.3 2023-08-18 01:45:36 -07:00
Mark Adler
25bbd7f5a6 Avoid uninitialized and unused warnings in contrib/minizip. 2023-08-17 22:35:43 -07:00
Bastian Germann
efc9c7b801 Add license to contrib/untgz.
A zlib license was agreed to by the authors.
2023-08-17 17:10:12 -07:00
Dimitri Papadopoulos
6951bc609b Fix typos in contrib/ada. 2023-08-14 08:17:22 -07:00
Mark Adler
89ef46ba09 Remove redundant includes in minizip. 2023-08-13 17:46:47 -07:00
Mark Adler
384e50eea4 Remove TRYFREE macro from minizip. 2023-08-13 17:43:36 -07:00
Dimitri Papadopoulos
c7ddcc2e0e Fix some spelling errors. 2023-08-03 13:53:24 -07:00
Eugene Golushkov
be7aa11551 Read multiple bytes instead of byte-by-byte in minizip unzip.c.
Use a single ZREAD64 call in the unz64local_getShort/Long/Long64
implementation, rather than read it byte by byte.
2023-08-03 11:43:34 -07:00
Gilles Vollant
aa154e3da0 Support Haiku in minizip. 2023-08-03 11:17:07 -07:00