SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libzzip-0-13-0.13.72-1.3.x86_64.rpm :

* Sun Feb 07 2021 Dirk Müller - update to 0.13.72:
* The testbuilds were fixed to make cmake install and automake install the same
* The cmake install did need patches for man3 installation on Unix
* The cmake install did need patches for dll installation on Windows
* The cmake install did need patches for dylib installation on MacOS
* The cmake install did need patches for pkgconfig generation
* Bump testbuilds to modern distro versions (ubuntu 20.04 centos 7.9 / 8.3)
* Takeover docker_mirror.py for air-gap testings (for testbuilds.py)
* handle UNZZIP-NOTFOUND in cmake and mark Ubuntu \'unzip\' to be broken
* merge patches for zzip_pread feature from Max Kellermann
* merge patches for some bugs being found and reported via GitHub issues
* run azure-pipelines with -DZZIP_TESTCVE=OFF to skip CVE
*.zip downloads
* use zziptests.py --downloadonly to get the CVE zip files for local storage
* switch to cmake build system- remove zziplib-0.13.62-wronglinking.patch zziplib-largefile.patch: obsolete with switch to cmake
* Tue Apr 28 2020 Paolo Stivanin - Update to 0.13.71:
* testbuilds fixes
* fixes to bring base, sdl, manpages and site docs to same level
* Tue Apr 14 2020 Josef Möllers - Update to 1.13.70:
* there have been tons of bugfixes over the last two years ...
* Thanks go to Patrick Steinhardt (then at Aservo) for python3 updates
* Thanks go to Josef Moellers (working at SUSE Labs) for many CVE fixes
* and of course all the other patches that came in via github issues.
* I have cleaned up sources to only uses Python3 (as needed by 2020).
* !!! The old automake/autconf/libtool system will be dumped soon!!!
* The build system was ported to \'cmake\' .. (last tested cmake 3.10.2) Obsoletes patches - CVE-2018-7726.patch - CVE-2018-7725.patch - CVE-2018-16548.patch - CVE-2018-17828.patch - bsc1129403-prevent-division-by-zero.patch [zziplib-0.13.70.tar.gz, CVE-2018-7726.patch, CVE-2018-7725.patch, CVE-2018-16548.patch, CVE-2018-17828.patch, bsc1129403-prevent-division-by-zero.patch]
* Mon Feb 24 2020 Josef Möllers - Corrected control flow in zzip_mem_entry_make() to gain correct exit status. [bsc#1154002, bsc1154002-prevent-unnecessary-perror.patch]
* Fri Dec 13 2019 Josef Möllers - Make an unconditional error message conditional by checking the return value of a function call. Also removed an unwanted debug output. [bsc#154002, bsc1154002-prevent-unnecessary-perror.patch, CVE-2018-7725.patch]
* Thu Oct 17 2019 Josef Möllers - Fixed another instance where division by 0 may occur. [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]
* Thu Jun 13 2019 josef.moellersAATTsuse.com- Prevent division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]
* Thu Oct 04 2018 josef.moellersAATTsuse.com- Remove any \"../\" components from pathnames of extracted files. [bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch]
* Fri Sep 07 2018 josef.moellersAATTsuse.com- Avoid memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]
* Mon Mar 19 2018 josef.moellersAATTsuse.com- Check if data from End of central directory record makes sense. Especially the Offset of start of central directory must not a) be negative or b) point behind the end-of-file.- Check if compressed size in Central directory file header makes sense, i.e. the file\'s data does not extend beyond the end of the file. [bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch, bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch]
* Sat Mar 17 2018 avindraAATTopensuse.org- Update to 0.13.69:
* fix a number of CVEs reported with special
*.zip PoC files
* completing some doc strings while checking the new man-pages to look good
* update refs to point to github instead of sf.net
* man-pages are generated with new dbk2man.py - docbook xmlto is optional now
* a zip-program is still required for testing, but some errors are gone when not present- run spec-cleaner- don\'t ship Windows only file, README.MSVC6
* Mon Feb 19 2018 adam.majerAATTsuse.de- Drop BR: fdupes since it does nothing.
* Mon Feb 19 2018 jengelhAATTinai.de- Fix RPM groups. Remove ineffective --with-pic. Trim redundancies from description. Do not let fdupes run across partitions.
* Sun Feb 18 2018 avindraAATTopensuse.org- Update to 0.13.68:
* fix a number of CVEs reported with special
*.zip files
* minor doc updates referencing GitHub instead of sf.net- drop CVE-2018-6381.patch
* merged in a803559fa9194be895422ba3684cf6309b6bb598- drop CVE-2018-6484.patch
* merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3- drop CVE-2018-6540.patch
* merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7- drop CVE-2018-6542.patch
* merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110
* Wed Feb 14 2018 josef.moellersAATTsuse.com- Changed %license to %doc in SPEC file.
* Mon Feb 12 2018 josef.moellersAATTsuse.com- If the size of the central directory is too big, reject the file. Then, if loading the ZIP file fails, display an error message. [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]
* Tue Feb 06 2018 josef.moellersAATTsuse.com- If an extension block is too small to hold an extension, do not use the information therein.- If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. [CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]
* Fri Feb 02 2018 josef.moellersAATTsuse.com- Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. [CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]
* Thu Feb 01 2018 josef.moellersAATTsuse.com- If a file is uncompressed, compressed and uncompressed sizes should be identical. [CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]
* Tue Jan 23 2018 tchvatalAATTsuse.com- Drop tests as they fail completely anyway, not finding lib needing zip command, this should allow us to kill python dependency- Also drop docs subdir avoiding python dependency for it
* The generated xmls were used for mans too but we shipped those only in devel pkg and as such we will live without them
* Tue Jan 23 2018 tchvatalAATTsuse.com- Version update to 0.13.67:
* Various fixes found by fuzzing
* Merged bellow patches- Remove merged patches:
* zziplib-CVE-2017-5974.patch
* zziplib-CVE-2017-5975.patch
* zziplib-CVE-2017-5976.patch
* zziplib-CVE-2017-5978.patch
* zziplib-CVE-2017-5979.patch
* zziplib-CVE-2017-5981.patch- Switch to github tarball as upstream seem no longer pull it to sourceforge- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch
* The sourcecode was quite changed for this to work this way anymore, lets hope this is fixed too
  
ICM