SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libzzip-0-13-0.13.67-13.9.1.x86_64.rpm :
Thu May 3 14:00:00 2018 josef.moellersAATTsuse.com
- If the size of the central directory is too big, reject
the file.
Then, if loading the ZIP file fails, display an error message.
[CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]

Tue Mar 20 13:00:00 2018 josef.moellersAATTsuse.com
- Check if data from End of central directory record makes sense.
Especially the Offset of start of central directory must not
a) be negative or
b) point behind the end-of-file.
- Check if compressed size in Central directory file header
makes sense, i.e. the file\'s data does not extend beyond the
end of the file.
[bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch,
bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch]

Tue Feb 20 13:00:00 2018 meissnerAATTsuse.com
- package COPYING.LIB correctly

Tue Feb 6 13:00:00 2018 josef.moellersAATTsuse.com
- If an extension block is too small to hold an extension,
do not use the information therein.
- If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of
the file, reject the file.
[CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]

Fri Feb 2 13:00:00 2018 josef.moellersAATTsuse.com
- Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file.
[CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]

Thu Feb 1 13:00:00 2018 josef.moellersAATTsuse.com
- If a file is uncompressed, compressed and uncompressed sizes
should be identical.
[CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]

Tue Jan 23 13:00:00 2018 tchvatalAATTsuse.com
- Drop tests as they fail completely anyway, not finding lib needing
zip command, this should allow us to kill python dependency
- Also drop docs subdir avoiding python dependency for it

* The generated xmls were used for mans too but we shipped those
only in devel pkg and as such we will live without them

Tue Jan 23 13:00:00 2018 tchvatalAATTsuse.com
- Version update to 0.13.67:

* Various fixes found by fuzzing

* Merged bellow patches
- Remove merged patches:

* zziplib-CVE-2017-5974.patch

* zziplib-CVE-2017-5975.patch

* zziplib-CVE-2017-5976.patch

* zziplib-CVE-2017-5978.patch

* zziplib-CVE-2017-5979.patch

* zziplib-CVE-2017-5981.patch
- Switch to github tarball as upstream seem no longer pull it to
sourceforge
- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch

* The sourcecode was quite changed for this to work this way
anymore, lets hope this is fixed too

Wed Nov 1 13:00:00 2017 mpluskalAATTsuse.com
- Packaking changes:

* Depend on python2 explicitly

* Cleanup with spec-cleaner

Thu Mar 23 13:00:00 2017 josef.moellersAATTsuse.com
- Several bugs fixed:

* heap-based buffer overflows
(bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch)

* check if \"relative offset of local header\" in \"central
directory header\" really points to a local header
(ZZIP_FILE_HEADER_MAGIC)
(bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch)

* protect against bad formatted data in extra blocks
(bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch)

* NULL pointer dereference in main (unzzipcat-mem.c)
(bsc#1024532, bsc#1024536, CVE-2017-5975,
zziplib-CVE-2017-5975.patch)

* protect against huge values of \"extra field length\"
in local file header and central file header
(bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch)

* clear ZZIP_ENTRY record before use.
(bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977,
zziplib-CVE-2017-5979.patch)

* prevent unzzipcat.c from trying to print a NULL name
(bsc#1024537, zziplib-unzipcat-NULL-name.patch)

* Replace assert() by going to error exit.
(bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch)

Sat Mar 16 13:00:00 2013 schwabAATTlinux-m68k.org
- zziplib-largefile.patch: Enable largefile support
- Enable debug information

Sat Dec 15 13:00:00 2012 p.drouandAATTgmail.com
- Update to 0.13.62 version:

* configure.ac: fallback to libtool -export-dynamic unless being sure to
use gnu-ld --export-dynamic. The darwin case is a bit special here
as the c-compiler and linker might be from different worlds.

* Makefile.am: allow nonstaic build

* wrap fd.open like in the Fedora patch
- Remove the package name on summary
- Add dos2unix as build dependencie to fix a wrong file encoding

Sat Nov 19 13:00:00 2011 cooloAATTsuse.com
- add libtool as buildrequire to avoid implicit dependency

Fri Sep 16 14:00:00 2011 jengelhAATTmedozas.de
- Implement shlib policy/packaging for package, add baselibs.conf
and resolve redundant constructs

Sat Apr 30 14:00:00 2011 crrodriguezAATTopensuse.org
- Fix build with gcc 4.6

Mon Feb 15 13:00:00 2010 dimstarAATTopensuse.org
- Update to version 0.13.58:
+ Some bugs fixed, see ChangeLog

Mon Jul 27 14:00:00 2009 cooloAATTnovell.com
- update to version 0.13.56 - fixes many smaller issues
(see Changelog)

Wed Jun 17 14:00:00 2009 cooloAATTnovell.com
- fix build with automake 1.11


  
ICM