| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| use_pycryptodome.patch | no | |||||
| 23a138a9c12ca713123ff7594a2059bfb67a6d5f.patch | [PATCH] Update test against python 3.10 | Hiroshi Miura <miurahr@linux.com> | no | 2021-10-15 | ||
| 0003-Fix-sanity-check-for-path-traversal-attack.patch | Fix sanity check for path traversal attack - Previous versions do not detect the attack in some case - fixed it by call resolve() - resolve() converts "/hoge/fuga/../../../tmp/evil.sh" to be "/tmp/evil.sh" then relative_to() can detect path traversal attack. - Add path checker in writef() and writestr() methods - When pass arcname as evil path such as "../../../../tmp/evil.sh" it raises ValueError - Add test case of bad path detection - extraction: check symlink and junction is under target folder - Fix relative_path_marker removal - Don't put windows file namespace to output file path |
Hiroshi Miura <miurahr@linux.com> | not-needed | debian | backport, https://github.com/miurahr/py7zr/commit/1bb43f17515c7f69673a1c88ab9cc72a7bbef406 | 2022-10-30 |
| 0004-Disable-pyannotate-in-test-code.patch | Disable pyannotate in test code pyannotate uses lib2to3 that will be drops in Python 3.13. This patch drops pyannotate section from test code to avoid Debian bug 1058419. |
YOKOTA Hiroshi <yokota.hgml@gmail.com> | yes | 2023-12-20 |