Package: zip Version: 3.0-13 Severity: wishlist Dear Maintainer,
A thing has happened; the upstream info-zip team had released a beta version of info-zip that has support for AES-128 and AES-256 encrypted zip files; however the upstream beta never gets any security fixes. For that matter, the main upstream package doesn't get security fixes either, which is why the version we have already says "by Debian". Therefore I find myself in the unexpected place of having to request a backport of the AES support code to Debian's zip 3.0 and unzip 6.0, and ultimately I'd prefer for it to use the direct implementation of AES rather than take a dependency on libressl; the upstream AES support code should be usable with a manual merge. -- System Information: Debian Release: 12.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-26-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages zip depends on: ii libbz2-1.0 1.0.8-5+b1 ii libc6 2.36-9+deb12u8 Versions of packages zip recommends: ii unzip 6.0-28 zip suggests no packages. -- no debconf information
