unzip (6.0-4+deb6u3) squeeze-lts; urgency=medium

  * Non-maintainer upload by the Debian LTS team.
  * CVE-2015-7696: Fix heap overflow. Closes: #802162
  * CVE-2015-7697: Fix denial of service due to infinite loop with
    some invalid input data. Closes: #802160
  * Add a third patch fixing an integer underflow found by
    Stefan Cornelius.

 -- Raphaël Hertzog <hertzog@debian.org>  Thu, 22 Oct 2015 10:49:06 +0200

unzip (6.0-4+deb6u2) squeeze-lts; urgency=high

  * Non-maintainer upload by the Squeeze LTS Team. 
  * CVE-2014-9636: Fix heap overflow. Ensure that compressed
    and uncompressed block sizes match when using STORED method
    in extract.c. Closes: #776589.
  * CVE-2014-8139: Update patch. The old one was not right
    and had regressions with executable jar files. Closes: #775640

 -- Thorsten Alteholz <debian@alteholz.de>  Sat, 07 Feb 2015 14:01:00 +0100

unzip (6.0-4+deb6u1) squeeze-lts; urgency=high

  * Non-maintainer upload by the Squeeze LTS Team. 
  * Apply upstream fix for three security bugs.
    CVE-2014-8139: CRC32 verification heap-based overflow
    CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
    CVE-2014-8141: out-of-bounds read issues in getZip64Data()
    (Closes: #773722)

 -- Thorsten Alteholz <debian@alteholz.de>  Sun, 28 Dec 2014 19:01:00 +0100

unzip (6.0-4) unstable; urgency=low

  * Added homepage field to control file.
  * Switch to 3.0 (quilt) source format.
  * Support cross-build.

 -- Santiago Vila <sanvila@debian.org>  Sun, 21 Feb 2010 17:01:00 +0100

unzip (6.0-3) unstable; urgency=low

  * Added "set -e" to postinst and postrm.

 -- Santiago Vila <sanvila@debian.org>  Tue, 09 Feb 2010 23:53:42 +0100

unzip (6.0-2) unstable; urgency=low

  * Do not ignore errors from make clean (lintian warning)
  * Remove .comment section from executables (lintian warning).
  * Added mime stuff so that mutt is able to see the contents of a zipfile
    using "unzip -l". Closes: #474538.

 -- Santiago Vila <sanvila@debian.org>  Mon, 08 Feb 2010 18:44:00 +0100

unzip (6.0-1) unstable; urgency=low

  * New upstream release. Closes: #496989.
  * Enabled new Unicode support. Closes: #197427. This may or may not work
    for your already created zipfiles, but it's not a bug unless they were
    created using the Unicode feature present in zip 3.0.
  * Built using DATE_FORMAT=DF_YMD so that unzip -l show dates in ISO format,
    as that's the only available one which makes sense. Closes: #312886.
  * Enabled new bzip2 support. Closes: #426798.
  * Exit code for zipgrep should now be the right one. Closes: #441997.
  * The reason why a file may not be created is now shown. Closes: #478791.
  * Summary of changes in this version not being the debian/* files:
  - Manpages in section 1, not 1L.
  - Branding patch. UnZip by Debian. Original by Info-ZIP.
  - Always #include <unistd.h>. Debian GNU/kFreeBSD needs it.

 -- Santiago Vila <sanvila@debian.org>  Fri, 08 May 2009 20:02:40 +0200

unzip (5.52-12) unstable; urgency=medium

  * Fixed stack underflow in unshrink.c. Closes: #454037.
    Thanks to Christian Spieler for the patch.

 -- Santiago Vila <sanvila@debian.org>  Sat, 26 Jul 2008 16:51:38 +0200

unzip (5.52-11) unstable; urgency=high

  * Apply patch from Tavis Ormandy to address invalid free() calls in
    the inflate_dynamic() function (CVE-2008-0888).

 -- Santiago Vila <sanvila@debian.org>  Thu, 20 Mar 2008 17:53:00 +0100

unzip (5.52-10) unstable; urgency=low

  * Fixed typo in unzipsfx(1). Thanks to Kevin Ryde. Closes: #419479.

 -- Santiago Vila <sanvila@debian.org>  Mon,  2 Jul 2007 18:08:44 +0200

unzip (5.52-9) unstable; urgency=low

  * Added appropriate compiler flags for Large File Support (Closes: #192253).
    This procedure is blessed by upstream in the FAQ, and as a result,
    some .zip archives may now be uncompressed using Debian unzip.
    For those which still may not, please test unzip 6.0 beta.

 -- Santiago Vila <sanvila@debian.org>  Wed, 30 Aug 2006 10:34:24 +0200

unzip (5.52-8) unstable; urgency=low

  * Modified unix/unxcfg.h to always #include <unistd.h>.
    This should now work on GNU/kFreeBSD (Closes: #340693).

 -- Santiago Vila <sanvila@debian.org>  Tue, 25 Apr 2006 19:50:24 +0200

unzip (5.52-7) unstable; urgency=medium

  * Fixed buffer overflow when insanely long filenames are given on the
    command line. Patch from Johnny Lee. Changed some format strings so
    that they use 512 characters at most. The "right" fix will be in 5.53,
    but this should work well enough for now. Closes: #349794.
  * This is CVE-2005-4667.

 -- Santiago Vila <sanvila@debian.org>  Thu, 16 Mar 2006 10:31:20 +0100

unzip (5.52-6) unstable; urgency=medium

  * Symlinks should work again (Closes: #343680). Fix provided by
    Christian Spieler. Thanks to Carl W. Hoffman for the report.

 -- Santiago Vila <sanvila@debian.org>  Tue, 20 Dec 2005 19:18:32 +0100

unzip (5.52-5) unstable; urgency=low

  * Fixed CAN-2005-2475 the same way it will be fixed in unzip 5.53.
    Patch extracted from a prerelease provided by upstream.
  * Changed unzip banner line to reflect the fact that this is
    a "modified" release. Debian-derived distributions should probably
    do the same if they deviate from the Debian version.

 -- Santiago Vila <sanvila@debian.org>  Thu, 17 Nov 2005 16:34:24 +0100

unzip (5.52-4) unstable; urgency=medium

  * Fixed toctou vulnerability (Closes: #321927). Modified unix/unix.c
    to use fchmod() and fchown() instead of chmod() and chown() to change
    permissions and ownerships on the files actually created by unzip.
    Patch from Dan Yefimov. CAN-2005-2475.

 -- Santiago Vila <sanvila@debian.org>  Wed,  9 Nov 2005 18:05:02 +0100

unzip (5.52-3) unstable; urgency=low

  * Put manpages in section 1, not 1L.
  * Fixed more typos (Closes: #309885).

 -- Santiago Vila <sanvila@debian.org>  Wed, 25 May 2005 16:09:02 +0200

unzip (5.52-2) unstable; urgency=low

  * Fixed typos in manpage (Closes: #301915).

 -- Santiago Vila <sanvila@debian.org>  Sun, 24 Apr 2005 19:27:02 +0200

unzip (5.52-1) unstable; urgency=low

  * New upstream release.
  * Enabled new -W option via WILD_STOP_AT_DIR macro.
  * Macro USE_UNSHRINK is no longer defined, as it's now the default.

 -- Santiago Vila <sanvila@debian.org>  Tue,  1 Mar 2005 15:33:54 +0100

unzip (5.51-2) unstable; urgency=low

  * Added unshrinking support (Closes: #252563).

 -- Santiago Vila <sanvila@debian.org>  Sun,  6 Jun 2004 17:57:46 +0200

unzip (5.51-1) unstable; urgency=low

  * New upstream release, improves error message when a zipfile is not
    readable (Closes: #139331).
  * Added a newline character to the CannotOpenZipfile string for the
    previous fix to be really complete.

 -- Santiago Vila <sanvila@debian.org>  Tue, 25 May 2004 14:38:26 +0200

unzip (5.50-4) unstable; urgency=low

  * Changed __GNU__ to __GLIBC__ in unix/unxcfg.h to support glibc-based
    systems not being GNU itself, like GNU/KFreeBSD and GNU/KNetBSD.

 -- Santiago Vila <sanvila@debian.org>  Sun, 16 Nov 2003 14:45:28 +0100

unzip (5.50-3) unstable; urgency=high

  * Fixed "unzip directory traversal revisited" again (Bug #206439).
    There was still a missing case that the previous patch didn't catch.
    Patch borrowed from unzip-5.50-33.src.rpm.
  * For reference, this is (still) CAN-2003-0282.

 -- Santiago Vila <sanvila@debian.org>  Wed, 20 Aug 2003 23:00:42 +0200

unzip (5.50-2) unstable; urgency=high

  * Fixed "unzip directory traversal revisited" problem (Bug #199648).
    A filename containing ".somenonprintablechar." will not unpack
    into .. anymore. Patch borrowed from unzip-5.50-11.src.rpm.
  * For reference, this is CAN-2003-0282.
  * No more doc symlinks.

 -- Santiago Vila <sanvila@debian.org>  Mon,  7 Jul 2003 20:25:20 +0200

unzip (5.50-1) unstable; urgency=low

  * New upstream release.
  * Moved from non-US/main to main. Section: utils.

 -- Santiago Vila <sanvila@debian.org>  Sun, 24 Mar 2002 15:54:12 +0100

unzip (5.42-3) unstable; urgency=low

  * Added support for DEB_BUILD_OPTIONS.

 -- Santiago Vila <sanvila@debian.org>  Sun, 11 Nov 2001 16:25:00 +0100

unzip (5.42-2) unstable; urgency=low

  * Applied a patch from Marcus Brinkmann:
  - Closes: #99699: unzip does not build on the Hurd.
  - Modified debian/rules to support cross-compilation.

 -- Santiago Vila <sanvila@debian.org>  Wed,  6 Jun 2001 16:40:14 +0200

unzip (5.42-1) unstable; urgency=low

  * New upstream release.
  * Changed to Section: non-US.
  * Removed "packaged for Debian" from extended description.

 -- Santiago Vila <sanvila@debian.org>  Thu, 10 May 2001 16:47:41 +0200

unzip (5.41-1) unstable; urgency=low

  * New upstream release, featuring a new BSD-like license and built-in
    encryption support. Moved to non-US/main.
  * Copyright file now generated from LICENSE file.
  * Versioned Conflicts and Replaces.
  * Standards-Version: 3.1.1

 -- Santiago Vila <sanvila@debian.org>  Fri, 18 Aug 2000 19:03:59 +0200

unzip (5.40-1) unstable; urgency=low

  * New upstream release.
  * Removed `email-from-greg'.
  * Fixed URL location in copyright file.
  * Enabled -F option, as suggested by James Aylett.

 -- Santiago Vila <sanvila@ctv.es>  Fri, 22 Oct 1999 10:30:49 +0200

unzip (5.32-1) unstable; urgency=low

  * New upstream release, using pristine source.

 -- Santiago Vila <sanvila@ctv.es>  Tue,  4 Nov 1997 14:19:20 +0100

unzip (5.31-2) unstable; urgency=low

  * Removed debstd dependency.

 -- Santiago Vila <sanvila@ctv.es>  Fri, 17 Oct 1997 17:22:22 +0200

unzip (5.31-1) unstable; urgency=low

  * `copyright' file is generated from COPYING automatically.
  * Distribution unstable, Section non-free.
  * Conflicts and Replaces "unzip-crypt".
  * New upstream release.
  * First libc6 release.
  * Added md5sums.

 -- Santiago Vila <sanvila@ctv.es>  Fri, 12 Sep 1997 19:16:59 +0200

unzip (5.20-3) unstable; urgency=low

  * Changed priority from `extra' to `optional'.
  * Changed section from `misc' to `utils'.
  * Simplified debian/rules a little bit. No debstd yet.
  * Copied `History.520' as is. Added the symlink changelog -> History.520.
  * Added ToDo and BUGS to /usr/doc/unzip.
  * New maintainer.

 -- Santiago Vila <sanvila@ctv.es>  Sun, 16 Feb 1997 19:29:13 +0100

unzip (5.20-2) unstable; urgency=low

  * zipgrep manpage is now installed through the unix/Makefile
  * permissions guaranteed to be set properly for the zipgrep script
    (did not work for those who compiled from the straight sources.)
  * removed several superfluous commands from debian/rules.
  * All changes this revision are courtesy of Santiago Vila.

 -- Stuart Lamble <lamble@yoyo.cc.monash.edu.au>  Wed, 8 Jan 1997 18:48:00 +1100

unzip (5.20-1) unstable; urgency=low

  * new upstream version
  * modified the copyright to include 5.2's COPYING, just in case it's changed.
  * minor modifications to debian/rules
  * added zipgrep (from the zip package).

 -- Stuart Lamble <lamble@yoyo.cc.monash.edu.au>  Wed, 13 Nov 1996 19:35:24 +1100

unzip (5.12-15) unstable; urgency=low

  * received email from the upstream maintainers: unzip can now go into
    the distribution proper. Yippee! :-)
  * added the email in question to the copyright file.

 -- Stuart Lamble <lamble@yoyo.cc.monash.edu.au>  Sat, 19 Oct 1996 18:34:21 +1000

unzip (5.12-14) non-free; urgency=low

  * moved to the 2.1.1.0 source format
  * fixed a typo in the Maintainer field (missing the ">". Oops.)

 -- Stuart Lamble <lamble@yoyo.cc.monash.edu.au>  Sun, 1 Sep 1996 07:36:16 +1000

unzip (5.12-13) non-free; urgency=low

  * new maintainer
  * mods to make the "binary" rule portable to different platforms
  * uses dpkg-name rather than manual moving

 -- Stuart Lamble <lamble@yoyo.cc.monash.edu.au>  Tue, 30 Jul 1996 00:00:00 +0000

unzip (5.12-12) non-free; urgency=low

  * initial release (used 2 to avoid confusion with old unzip)

 -- Carl Streeter <streeter@cae.wisc.edu>  Tue, 5 Sep 1995 00:00:00 +0000
