Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#47039 - [unzip] 6.0-11 regression with 0-byte sized files inside a password protected zip-file

Attached to Project: Arch Linux
Opened by Levente Polyak (anthraxx) - Wednesday, 11 November 2015, 18:48 GMT
Last edited by Lukas Fleischer (lfleischer) - Sunday, 17 April 2016, 07:01 GMT
Task Type General Gripe
Category Packages: Extra
Status Closed
Assigned To Lukas Fleischer (lfleischer)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No


Hey, the security patch 'csiz-underflow.patch' with version 6.0-11 introduced a small regression when extracting zip-files that are password protected and have a 0-byte size file.

The small regression introduced with the security patch has also been fixed by ubuntu [0][1] and debian [2][3].
A test file for the regression can be found in the ubuntu bug report comments [4] (but because of security of cause only test that inside a chroot or better an isolated VM)

I have attached either a patch for the patch (*smile*) or the already fixed patch.


This task depends upon

Closed by  Lukas Fleischer (lfleischer)
Sunday, 17 April 2016, 07:01 GMT
Reason for closing:  Fixed
Additional comments about closing:  Fixed in 6.0-12.