We are slowly working on getting a new website going for Zipios. The main idea is that we want to be able to upload some more pages than just the documentation. Not only that, we want to support having more than one version of the documentation.

Binary Packages

We create a Debian compatible package on Launchpad. This can be found here: Zipios and other Snap! C++ packages.

Note: the list of packages includes many others that are used with Snap! C++. Zipios is likely to be the one at the bottom. Click on the name and it should open with a list of packages you can download. You should also be able to install that package repository with APT and then simply use `apt-get install libzipios` and `apt-get install libzipios-dev` as may be required by your environment. The documentation can be retrieved with `apt-get install libzipios-doc`.

Running the unit tests (v2.x)

Testing on various systesm, I determined that to all the unit tests in one go, you need about 50Mb of memory. The fact is that some tests create zip files in memory. The library used by itself would require very little in comparison unless you load a large number of files and keep them in memory.

A computer with 512Mb of RAM is enough to run the tests although I suggest at least 1Gb. One processor is enough since we do not offer a multithreaded version of the tests. However, since we use cmake, you can compile using any number of processors and that will make it a lot faster. (i.e. use the -j command line option with make to compile multiple source files at once, as in make -j16 -C BUILD; it is very fast anyway.)

CVE-2019-13453

Mike Salvadore found a bug in version 0.1.5 where a loop would never check for the end of the file flag or any other I/O error. As a result the loop would become infinite when that happened (which it could if you were to pass an invalid Zip file as input.)

Mike offered a patch, which I ameliorated a bit (a second loop was also affected) and got report CVE-2019-13453 as a result.

The patch info are in file infinite_loop.patch and version 0.1.7 is the new official version with that patch included in it.

WARNING: sourceforge.net does not offer a way to edit the CVS so the newest version is in the GIT repository instead. Make sure to switch to the GIT repository if you are directly using the source. Otherwise, just switch to the newer tarball version (0.1.7).