Debian Patches
Status for kf6-karchive/6.13.0-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| upstream_28b763d7_Avoid-searching-uninitialized-bytes-in-header-indexOf-PK-.patch | [PATCH] Avoid searching uninitialized bytes in `header.indexOf("PK")` `QByteArray::resize()` does not initialize newly allocated memory and `QIODevice::read()` may do a short read. Using `QByteArrayView(header.data(), n)` ensures that `indexOf("PK")` scans only the valid portion of the buffer. |
Azhar Momin <azhar-momin@outlook.com> | no | 2025-04-09 | ||
| upstream_c33e581b_Skip-two-bytes-on-invalid-header-signature-in-seekToNextHeaderToken-.patch | [PATCH] Skip two bytes on invalid header signature in `seekToNextHeaderToken()` `seekAnyHeader()` advances the stream to the start of next potential header but may not move if the stream is already positioned at a header candidate. When encountering a token that does not match an expected signature (i.e, PK\x03\x04 or PK\x01\x02) in `seekToNextHeaderToken()`, manually advance the stream by two bytes to avoid re-detecting the same invalid token in the next iteration. |
Azhar Momin <azhar-momin@outlook.com> | no | 2025-04-09 | ||
| upstream_e20f8694_kzip-Fix-position-calculation-for-archives-with-prepended-arbitrary-data.patch | [PATCH] kzip: Fix position calculation for archives with prepended arbitrary data There are two variants of non-ZIP data before the first Local File Header. Either with offset in the Central Directory reflecting the actual position, i.e. the first entry offset in the CD will point just after the additional non-ZIP header instead of 0. This is the case for e.g. self-extracting archives from WinZIP. The other is just a concatenation of non-ZIP data and a regular ZIP file, i.e. the first entry in the CD will contain an offset value of 0. unzip (Info-ZIP) and bsdunzip (libarchive) accept both variants (unzip -v provides a warning - "warning [xxx.zip]: 61 extra bytes at beginning or within zipfile"), libzip requires an explicit offset (-o 61) for the latter. Verify if the (adjusted) local file header offset in the Central Directory match the seen positions, bail out otherwise. Provide a warning similar to unzip in case there is extra data. Limit the initial header search to the first 4 MByte (previously unlimited). Also provide a more specific error message. |
=?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de> | no | upstream | 2025-04-01 | |
| upstream_3ac1505b_Fix-heap-buffer-overflow.patch | [PATCH] Fix heap buffer overflow | Albert Astals Cid <aacid@kde.org> | no | 2025-04-15 | ||
| upstream_736eae2b_kzip-Fix-crash-on-malformed-files.patch | [PATCH] kzip: Fix crash on malformed files | Albert Astals Cid <aacid@kde.org> | no | 2025-05-06 | ||
| upstream_09ddacdd_k7zip-Fix-crash-on-malformed-file.patch | [PATCH] k7zip: Fix crash on malformed file https://issues.oss-fuzz.com/issues/410420649 |
Albert Astals Cid <aacid@kde.org> | no | 2025-05-27 | ||
| upstream_7ef21db4_k7zip-Fix-infinite-loop-on-malformed-file.patch | [PATCH] k7zip: Fix infinite loop on malformed file Same file from https://issues.oss-fuzz.com/issues/410420649 |
Albert Astals Cid <aacid@kde.org> | no | 2025-05-27 |
All known versions for source package 'kf6-karchive'
- 6.13.0-2 (sid, forky, trixie)