Changelog for
libplist++-devel-2.0.0-lp152.3.9.x86_64.rpm :
* Mon May 01 2017 mgorseAATTsuse.com- update to version 2.0.0:
* Improved malformed XML and binary plist detection and error handling
* Add parser debug/error output (when compiled with - -enable-debug), controlled via environment variables
* Fix unicode character handling
* Add PLIST_IS_
* helper macros for the different node types
* Extend date/time range and date conversion issues
* Plug several memory leaks
* Speed improvements for handling large plist files
* Includes security fixes for:
* CVE-2017-6440, CVE-2017-6439, CVE-2017-6438, CVE-2017-6437,
* CVE-2017-6436, CVE-2017-6435, CVE-2017-5836, CVE-2017-5835,
* CVE-2017-5834,
* CVE-2017-5545,
* CVE-2017-7982 (boo#1035312) ... and several others that didn\'t receive any CVE (yet).
* Thu Feb 02 2017 jengelhAATTinai.de- RPM group assignment fixes
* Wed Jan 25 2017 iAATTmarguerite.su- update version 1.12+git20170119.6a44dfb
* xplist: Fix limiited but possible XXE security vulnerability with XML
* plistutil: use static buffer for stat()
* plistutil: Plug some memory leaks
* bplist: Fix possible crash in plist_from_bin() caused by access to already freed memory
* bplist: Plug memory leaks caused by unused and unfreed buffer
* bplist: Refactor binary plist parsing in a recursive way
* xplist: Get rid of setlocale() and use custom function to print floating point values
* Node.cpp: let plist_t operations free _node when in a container
* cython: Fix module build with libplist already installed
* bplist: Speed up plist_to_bin conversion for large plists
* Implemented plist_is_binary() and plist_from_memory()
* plist_data_compare: Make sure to compare the node sizes for integer nodes
* xplist: Plug memory leak when converting PLIST_UID nodes to XML
* Change internal storage of PLIST_DATE values from struct timeval to double
* Use time64 implementation by Michael G Schwern to extend allowed date/time range
* remove libxml2 in favor of custom XML parsing
* base64: Rework base64decode to handle split encoded data correctly
* plistutil: Prevent OOB heap buffer read by checking input size
* plistutil: Use plist_is_binary() to check for binary plist data
* bplist: Improve UINT_TO_HOST macro, remove uint24_from_be function
* bplist: Check for invalid offset_size in bplist trailer
* bplist: Use proper struct for binary plist trailer
* bplist: Check for invalid ref_size in bplist trailer- fixed CVE-2017-5209, boo#1019531
* The base64decode function in base64.c allows attackers to obtaiin sensitive info from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.
* Tue Oct 21 2014 m.szuleckiAATTlibimobiledevice.org- Enable %check as it is provided by libplist and improves quality
* Fri Oct 17 2014 m.szuleckiAATTlibimobiledevice.org- Update to version 1.12
* Fix plist_from_bin() changing value nodes to key nodes in dictionaries
* Avoid exporting non-public symbols
* Prevent crash in plist_from_bin() when parsing unusual binary plists
* Fix crash in String|Key::GetValue() and actually make C++ interface work
* Fix memory leaks in new_xml_plist() and parse_real_node()
* Fix header guards to conform to C++ standard
* Update Cython based Python bindings and remove plist_new_key()
* Fix key nodes not being output correctly if they contained XML entities
* Fix handling and storage of signed vs. unsigned integer values
* Fix date handling to respect the \"Mac Epoch\" instead of \"Unix Epoch\"
* Remove plist_set_type() as it should not be used
* Fix deprecated macros to work with older LLVM/Clang
* Fix various shadowed declarations
* Add documentation to explicitly describe memory buffer ownership
* Fix memory leak in plist_from_bin()
* Add various test cases based on fixes
* Fix wrong timezone related date/time conversion of date nodes
* Fix endian detection on MIPS architecture
* Fix parallel build for autotools
* Mon Jun 16 2014 iAATTmarguerite.su- update version 1.11
* Deprecated plist_dict_insert_item() in favor of plist_dict_set_item()
* Updated cython bindings for Python 3.x
* Removed swig python bindings
* Changed build system to autotools
* Added new plist_dict_merge() function
* WIN32 (MinGW) + OSX compilation fixes
* Made base64 decoding thread safe- remove patch: libplist-1.8-pkgconfig.patch
* upstream fixed- added plist.pxd, needed by python-imobiledevice build
* Mon Apr 15 2013 mmeisterAATTsuse.com- Added url as source. Please see http://en.opensuse.org/SourceUrls
* Tue Aug 28 2012 cfarrellAATTsuse.com- license update: LGPL-2.1+ LGPL-2.1 can be relicensed to GPL without further permission. No need to explicitly call out the GPL as a license option. Fedora has been using LGPL-2.1+ for awhile so gain compatibility there too
* Mon Apr 09 2012 opensuseAATTsukimashita.com- Allow compilation on 11.4 by disabling cython bindings
* Mon Apr 02 2012 opensuseAATTsukimashita.com- Update to version 1.8
* Add Cython based Python bindings
* Fix memory corruption in libcnary
* Fix building on Big Endian systems
* Removed glib dependency, libplist now uses bundled libcnary
* Fix building of Python bindings with GCC 4.6- Do not build SWIG bindings for Python- Remove gcc46_build_fix.patch due to upstream fixes- Update pkgconfig patch