SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python-plist-1.12-11.1.x86_64.rpm :
Tue Jul 25 14:00:00 2017 mgorseAATTsuse.com
- Add libplist-boo1029707-base64-invalid-read.patch: prevent
undefined shift when parsing invalid base64 encoded data
(boo#1029707 CVE-2017-6437).

Wed May 3 14:00:00 2017 mgorseAATTsuse.com
- Add libplist-boo1035312-overflow-fixes.patch: add some safety
checks, backported from upstream (boo#1035312 CVE-2017-7982).
- Add libplist-boo1029631-32bit.patch: ensure that sanity checks
work on 32-bit platforms, and fix data range checks (boo#1029631
boo#1029638 boo#1029706 boo#1029751 CVE-2017-6440 CVE-2017-6439
CVE-2017-6438 CVE-2017-6436).

Tue Feb 7 13:00:00 2017 alarrosaAATTsuse.com
- Add patches from upstream to fix a multitude of memory leaks,
out of bound reads and writes and check index ranges:
0001-Fix-possible-crash-in-plist_from_bin-caused-by-access-to-already-freed-memory.patch
0002-Plug-memory-leaks-caused-by-unused-and-unfreed-buffer.patch
0003-Refactor-binary-plist-parsing-in-a-recursive-way.patch
0004-Make-sure-to-compare-the-node-sizes-for-integer-nodes.patch
0005-Change-internal-storage-of-PLIST_DATE-values-from-struct-timeval-to-double.patch
0006-Fix-possible-out-of-bounds-read-in-parse_dict_node-with-proper-bounds-checking.patch
0007-Fix-possible-out-of-bounds-reads-in-parse_bin_node.patch
0008-Make-sure-the-index-in-parse_bin_node_at_index-is-actually-within-the-offset-table.patch
0009-Prevent-out-of-bounds-read-in-plist_from_bin-when-parsing-offset_table.patch
0010-Make-sure-to-error-out-if-allocation-of-used_indexes-buffer-in-plist_from_bin-fails.patch
0011-Disallow-key-nodes-with-non-string-node-types.patch
0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
0013-Improve-UINT_TO_HOST-macro-remove-uint24_from_be-function.patch
0014-Check-for-invalid-offset_size-in-bplist-trailer.patch
0015-Use-proper-struct-for-binary-plist-trailer.patch
0016-Mass-rename-dict_size-and-param_dict_size-to-more-appropiate-ref_size.patch
0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch
0018-Avoid-heap-buffer-allocation-when-parsing-array-dict-string-data-node-sizes-14.patch
0019-Unify-size-node-parsing-for-data-string-array-dict-nodes.patch
0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch
0021-Fix-OOB-write-on-heap-buffer-and-improve-recursion-check.patch
0022-Make-sure-node-index-is-smaller-than-number-of-objects.patch
0023-Make-sure-the-offset-table-is-in-the-correct-range.patch
0024-Plug-memory-leak-in-case-parsing-a-dictionary-key-fails.patch
0026-bplist-Improve-real-date-node-de-serialization.patch
0027-bplist-Improve-parsing-unicode-nodes.patch
0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
(boo#1029639 CVE-2017-6435)
0030-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
0031-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
0032-bplist-Properly-handle-some-more-malloc-failure-situ.patch
0033-plist-Fix-assert-to-allow-16-or-8-byte-integer-sizes.patch
C0001-Plug-memory-leak-when-converting-PLIST_UID-nodes-to-XML.patch
C0002-Improve-writing-of-array-and-dictionary-nodes.patch
C0003-Improve-writing-of-integer-nodes.patch
C0004-Fix-UID-node-parsing-to-match-Apples-parser.patch
C0005-Improve-writing-of-UID-nodes.patch
C0006-Improve-writing-of-data-string-and-unicode-nodes.patch
C0007-Improve-writing-of-offset-table.patch
- Renamed 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to
0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to integrate
the patch in the list of patches sorted by date.
- In particular, 0011-Disallow-key-nodes-with-non-string-node-types.patch
fixes a type inconsistency by which a maliciously crafted file could
cause the application to crash (bsc#1023807, CVE-2017-5836).
- 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch fixes a
vulnerability by which a maliciously crafted file could cause libplist
to allocate large amounts of memory and consume lots of CPU
(bsc#1023822, CVE-2017-5835).
- 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch
fixes a vulnerability by which a maliciously crafted file could cause
a heap buffer overflow and a segmentation fault (bsc#1023848,
CVE-2017-5834)
- Dropped CVE-2017-5209 and added
B0005-base64-Prevent-buffer-overflow-by-not-decoding-blocks-with-less-than-4-chrs.patch
B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch
B0007-base64-Rework-base64decode-to-handle-split-encoded-data.patch
to replace the former. These patches fix the same CVE issue in the
same way but they retain the information of the commits from upstream
that fix it and add another check for a pointer to be inside bounds
(boo#1019531, CVE-2017-5209)

Tue Jan 31 13:00:00 2017 alarrosaAATTsuse.com
- Add 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
This patch (from upstream, rebased) prevents an OOB heap buffer
read which could allow attackers to obtain sensitive information
from process memory or cause a DoS (bsc#1021610, CVE-2017-5545).

Wed Jan 25 13:00:00 2017 iAATTmarguerite.su
- Fixed CVE-2017-5209 and boo#1019531: The base64decode function
in base64.c allows attackers to obtaiin sensitive info from
process memory or cause a denial of service (buffer over-read)
via split encoded Apple Property List data.
- Added patch CVE-2017-5209.patch

* Rework base64decode to handle spliti encoded data correctly

* The credit goes to Nikias Bassen , here\'s just
a backport of the upstream commit

Tue Oct 21 14:00:00 2014 m.szuleckiAATTlibimobiledevice.org
- Enable %check as it is provided by libplist and improves quality

Fri Oct 17 14:00:00 2014 m.szuleckiAATTlibimobiledevice.org
- Update to version 1.12

* Fix plist_from_bin() changing value nodes to key nodes in dictionaries

* Avoid exporting non-public symbols

* Prevent crash in plist_from_bin() when parsing unusual binary plists

* Fix crash in String|Key::GetValue() and actually make C++ interface work

* Fix memory leaks in new_xml_plist() and parse_real_node()

* Fix header guards to conform to C++ standard

* Update Cython based Python bindings and remove plist_new_key()

* Fix key nodes not being output correctly if they contained XML entities

* Fix handling and storage of signed vs. unsigned integer values

* Fix date handling to respect the \"Mac Epoch\" instead of \"Unix Epoch\"

* Remove plist_set_type() as it should not be used

* Fix deprecated macros to work with older LLVM/Clang

* Fix various shadowed declarations

* Add documentation to explicitly describe memory buffer ownership

* Fix memory leak in plist_from_bin()

* Add various test cases based on fixes

* Fix wrong timezone related date/time conversion of date nodes

* Fix endian detection on MIPS architecture

* Fix parallel build for autotools

Mon Jun 16 14:00:00 2014 iAATTmarguerite.su
- update version 1.11

* Deprecated plist_dict_insert_item() in favor of plist_dict_set_item()

* Updated cython bindings for Python 3.x

* Removed swig python bindings

* Changed build system to autotools

* Added new plist_dict_merge() function

* WIN32 (MinGW) + OSX compilation fixes

* Made base64 decoding thread safe
- remove patch: libplist-1.8-pkgconfig.patch

* upstream fixed
- added plist.pxd, needed by python-imobiledevice build

Mon Apr 15 14:00:00 2013 mmeisterAATTsuse.com
- Added url as source.
Please see http://en.opensuse.org/SourceUrls

Tue Aug 28 14:00:00 2012 cfarrellAATTsuse.com
- license update: LGPL-2.1+
LGPL-2.1 can be relicensed to GPL without further permission. No need to
explicitly call out the GPL as a license option. Fedora has been using
LGPL-2.1+ for awhile so gain compatibility there too

Mon Apr 9 14:00:00 2012 opensuseAATTsukimashita.com
- Allow compilation on 11.4 by disabling cython bindings

Mon Apr 2 14:00:00 2012 opensuseAATTsukimashita.com
- Update to version 1.8

* Add Cython based Python bindings

* Fix memory corruption in libcnary

* Fix building on Big Endian systems

* Removed glib dependency, libplist now uses bundled libcnary

* Fix building of Python bindings with GCC 4.6
- Do not build SWIG bindings for Python
- Remove gcc46_build_fix.patch due to upstream fixes
- Update pkgconfig patch

Tue Jan 31 13:00:00 2012 jengelhAATTmedozas.de
- Remove redundant tags/sections per specfile guideline suggestions
- Parallel building using %_smp_mflags

Wed Oct 5 14:00:00 2011 uliAATTsuse.com
- cross-build fix: set cmake root, python paths
- cross-build workaround: move installed files from sysroot to
real root

Tue Jun 28 14:00:00 2011 ajAATTsuse.de
- Add baselibs.conf - needed by usbmuxd\'s baselibs.conf.

Mon May 16 14:00:00 2011 cgiboudeauxAATTgmx.com
- Add gcc46_build_fix.patch. Fixes build with GCC4.6

Sun Mar 20 13:00:00 2011 opensuseAATTsukimashita.com
- Update to version 1.4

* New maintainer and source location

* Update AUTHORS from git history

* Fix Unicode writing in binary plists

* Update plist doctype

* Fix Dictionary copy constructor

* Fix Mac OS X library install path detection

* Plug memory leak when writing Unicode data
- Remove pkgconfig patch due to upstream fixes

Wed Dec 8 13:00:00 2010 cristian.rodriguezAATTopensuse.org
- Fix both -devel package dependencies and broken pkgconfig file

Tue Apr 27 14:00:00 2010 opensuseAATTsukimashita.com
- Update to version 1.3

* Endianness, alignment and type-punning fixes

* Fix armel floating point endianess

* Allow compiling with mingw on Windows

* Minor bugfixes

Wed Mar 31 14:00:00 2010 vuntzAATTopensuse.org
- Clean up packaging, based on what I did in multimedia:libs.

Thu Mar 25 13:00:00 2010 meissnerAATTsuse.de
- run prepare_spec

Thu Jan 21 13:00:00 2010 opensuseAATTsukimashita.com
- Update to version 1.2

* Fix xml entity conversion

* Silence build warnings
- Remove upstreamed patches

Sat Jan 9 13:00:00 2010 opensuseAATTsukimashita.com
- Add patches to fix xml entity conversion and tests

Wed Dec 30 13:00:00 2009 opensuseAATTsukimashita.com
- Update to version 1.1

* Fix use of integer nodes within Python Bindings

Mon Dec 7 13:00:00 2009 opensuseAATTsukimashita.com
- Update to version 1.0

* Bugfixes

* Remove deprecated API

Wed Oct 28 13:00:00 2009 opensuseAATTsukimashita.com
- Update to version 0.16

* Build fixes

* Fix issues with SWIG

Sat Oct 24 14:00:00 2009 opensuseAATTsukimashita.com
- Update to version 0.15

* Build fixes
- Update to version 0.14

* Add C++ binding

* Refactor API

* Bugfixes

Sat Jul 18 14:00:00 2009 opensuseAATTsukimashita.com
- Update to version 0.13

* Add plist_copy for deep node copies

* Add node setter functions

* Unlink nodes from parent if free\'d

* Update Python bindings

Tue May 5 14:00:00 2009 opensuseAATTsukimashita.com
- Update to version 0.12

* Merge ascii and unicode handling in PLIST_STRING using UTF-8

* Remove unicode related declaration in API (breaks API&ABI)

* Fix bad variable type for date elements

* Silence compiler warnings

* Plugged few memory leaks

Tue Apr 21 14:00:00 2009 opensuseAATTsukimashita.com
- Update to version 0.11

* Fix Python binding segfaults

* Python API additions

* Better binary buffer handling in Python bindings

Sun Apr 12 14:00:00 2009 opensuseAATTsukimashita.com
- Update to version 0.10

Tue Apr 7 14:00:00 2009 opensuseAATTsukimashita.com
- Add patch to fix uninitialized buffer

Sat Apr 4 14:00:00 2009 opensuseAATTsukimashita.com
- Initial package created


  
ICM