• http://downloads.sourceforge.net/sourceforge/infozip/ (Download)
• ftp://ftp.info-zip.org/pub/infozip/src/ (Download)
• https://ftp.openbsd.org/pub/OpenBSD/distfiles// (Download)
• ftp://ftp.usa.openbsd.org/pub/OpenBSD/distfiles// (Download)
• https://ftp.fr.openbsd.org/pub/OpenBSD/distfiles// (Download)

• iconv

• (2010-04-25) Updated to version: unzip-6.0
• (2008-03-26) Updated to version: unzip-5.52p0
• (2006-07-21) Package added to openports.se, version unzip-5.52 (created)

Log message:
extend PORTROACH to skip 5.5.1 as well

Log message:
Do not perform tty operations on non-tty file descriptors.  Otherwise
pledge("tty") may abort unzip </dev/null.
discussed with deraadt@ semarie@; OK tb@ sthen@

Log message:
Do not perform tty operations on non-tty file descriptors.  Otherwise
pledge("tty") may abort unzip </dev/null.
discussed with deraadt@ semarie@; OK tb@ sthen@

Log message:
Backport the unzip CVE fixes committed by bluhm@.
%-------------------------------------------------------------------
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@
%-------------------------------------------------------------------
OK robert@.

Log message:
Backport the unzip CVE fixes committed by bluhm@.
%-------------------------------------------------------------------
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@
%-------------------------------------------------------------------
OK robert@.

Log message:
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@

Log message:
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@

Log message:
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@

Log message:
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@

Log message:
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@

Log message:
Apply a bunch of CVE and other fixes for unzip from debian and
redhat bug tracker.  Add the links to the patch files.  The fix for
CVE-2014-9636 was improved.
OK jca@

Log message:
replace libiconv module

Log message:
add an easily-greppable marker for ports known to use pledge().
it's not so important while they're only in patches in the ports tree,
but for any which get upstreamed it saves a ~100GB grep to find them.

Log message:
add portroach marker, skipv:552

Log message:
tame -> pledge
ok sthen@

Log message:
tame -> pledge
ok sthen@

Log message:
tame -> pledge
ok sthen@

Log message:
unzip can pledge to use the following: stdio rpath wpath cpath fattr tty.
This is possible now that pledge(2) treats TIOCGWINSZ like TIOCGETA, allowing
it to return ENOTTY rather than killing the process for a non-terminal device.

Log message:
unzip can pledge to use the following: stdio rpath wpath cpath fattr tty.
This is possible now that pledge(2) treats TIOCGWINSZ like TIOCGETA, allowing
it to return ENOTTY rather than killing the process for a non-terminal device.

Log message:
unzip can pledge to use the following: stdio rpath wpath cpath fattr tty.
This is possible now that pledge(2) treats TIOCGWINSZ like TIOCGETA, allowing
it to return ENOTTY rather than killing the process for a non-terminal device.

Log message:
consistent spacing
OK sthen@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
add "iconv" flavor
OK sthen@, stsp@

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian; ok sthen@

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian; ok sthen@

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian; ok sthen@

Log message:
Security fixes:
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()
Via Debian; ok sthen@

Log message:
Remove mirror.switch.ch from MASTER_SITES.
OK sthen@

Log message:
Remove hppa-specific hack adding -O0, it seems to just build and run
fine now. Fold back common MAKE_FLAGS in a single place.
From Brad.

Log message:
USE_GROFF=Yes

Log message:
update to unzip 6.0 which adds support for ZIP64 & UTF8 filenames
among other things.

Log message:
update to unzip 6.0 which adds support for ZIP64 & UTF8 filenames
among other things.

Log message:
update to unzip 6.0 which adds support for ZIP64 & UTF8 filenames
among other things.

Log message:
update to unzip 6.0 which adds support for ZIP64 & UTF8 filenames
among other things.

Log message:
Security fix for unzip;
fix CVE-2008-0888, patch from debian.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
ok grunk@ (who came up with the same diff)

Log message:
Security fix for unzip;
fix CVE-2008-0888, patch from debian.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0888
ok grunk@ (who came up with the same diff)

Log message:
zap all quotes in COMMENT/PERMIT_*

Log message:
base64 distinfo with SHA256

Log message:
fix master sites

Log message:
maintenance update to 5.52; from Alexandre Anriot

Log message:
maintenance update to 5.52; from Alexandre Anriot

Log message:
SIZE

Log message:
Mark all system libs in WANTLIB, result of running newlib-depends-check

Log message:
manpages markers.
use SHARED_ONLY to discard PFRAG.shared.

Log message:
switch to using dir/ and @info.
a few more tweaks done by the automatic update mode of make update-plist.

Log message:
Use -O0 to compile on hppa, workarounds a compiler bug which lead to
crashes, hangs, and other odd behaviour during extraction.

Log message:
keep the dash in the PKGNAME, noticed by Jacob Meuser

Log message:
update to unzip 5.51

Log message:
update to unzip 5.51

Log message:
update to unzip 5.51

Log message:
update to unzip 5.51

Log message:
update to unzip 5.51

Log message:
remove WWW lines

Log message:
MFC:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
MFC:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
MFC:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
MFC:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
Improvement on the existing directory traversal patch, fixes the case
where the path component includes a quoted slash.

Log message:
Another directory traversal issue in unzip 5.50 and earlier. Similar to
the first except this issue is triggered by prefixing the .. sequence with
certain non-printable characters which are filtered out resulting in just
the .. sequence.
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2

Log message:
Another directory traversal issue in unzip 5.50 and earlier. Similar to
the first except this issue is triggered by prefixing the .. sequence with
certain non-printable characters which are filtered out resulting in just
the .. sequence.
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2

Log message:
Another directory traversal issue in unzip 5.50 and earlier. Similar to
the first except this issue is triggered by prefixing the .. sequence with
certain non-printable characters which are filtered out resulting in just
the .. sequence.
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2

Log message:
Another directory traversal issue in unzip 5.50 and earlier. Similar to
the first except this issue is triggered by prefixing the .. sequence with
certain non-printable characters which are filtered out resulting in just
the .. sequence.
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2

Log message:
Another directory traversal issue in unzip 5.50 and earlier. Similar to
the first except this issue is triggered by prefixing the .. sequence with
certain non-printable characters which are filtered out resulting in just
the .. sequence.

Log message:
Another directory traversal issue in unzip 5.50 and earlier. Similar to
the first except this issue is triggered by prefixing the .. sequence with
certain non-printable characters which are filtered out resulting in just
the .. sequence.

Log message:
lzo     -- # GPL
lzop    -- # GNU GPL -> # GPL
macutil -- sync w/# None style
nulib   -- # Restrictive
rar     -- # Restrictive
ucl     -- # GPL
unace   -- # Copyrighted but freely distributable.
That's all the author states.  Is this acceptable as a
license?
-- Drop MAINTAINER per his request
unarj   -- # Restrictive
PERMIT_*_CDROM=No
"If you wish to distribute a modified version of UNARJ
you MUST indicate that it is a modified version both in
the program and source code."
unrar  --  # Restrictive
unzip  --  # Conditional
It is freely re-distributable with conditions which we meet.
This could use another pair of eyes to confirm.
zip    --  # Conditional
Same thing as unzip.
zoo    --  # Conditional
Different author/license but same idea as zip/unzip.

Log message:
Fix two security related issues...
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1269
MFC:
upgrade to unzip 5.50
--
From: Aaron Yourk <ayourk@srt.com>