SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libzzip-0-13-0.13.78-Virt.150400.95.2.x86_64.rpm :

* Thu Aug 08 2024 Valentin Lefebvre - Removing patches merged upstream: [- CVE-2020-18770.patch] [- bsc1154002-prevent-unnecessary-perror.patch] [- zziplib-0.13.62.patch]- Release to v0.13.78
* fix windows crossgcc builds
* fix ZIP64 trailer and ZIP64 extras being too short sometimes #169 #170 (bsc#1227178, CVE-2024-39134) (bsc#1227175, CVE-2024-39133)- Release to v0.13.77
* make afl to check for fuzzer bugs
* update os versions to latest from docker_mirror.py
* add missing tests scenarios for later os releases
* fix Coverage include hack
* integrate mxe/src/zziplib-2-prefer-win32-mmap.patch
* make crossgcc/windows a working example for mingw
* `./testbuilds.py clean` will drop test-related docker images
* `./testbuilds.py` will automatically run clean if everything successful
* `./testbuilds.py help` shows the available tests and commands
* in test_2xx create /external bins and compile them by linking via cmake-configs
* fix bins/CMakeLists.txt to show realistic usage of cmake find_package
* note: it seems bins/unzzip
*.c use internal headers which external programs can\'t- Release to v0.13.76
* add DEVGUIDE.md and prep release process
* add -DCOVERAGE=ON cmake option
* allow for \'make coverage\' summary
* change zzipdoc to python3 typehints
* allow for make types check on python
* remove unused make-doc.py make-doc.pl
* add bins/
*.c and test/
*.c to make format
* for bins/ --version shorten the automatic binary name #156
* simplify bins/ ssize_t construction
* tested \'make nextversion\' to ensure version number is increased
* note: last 0.13.74 was internally still named 0.13.72
* integrate opensuse patch for -Wwrite-strings for GCC4.1+
* switch to mypy minimum of python3.8
* fix dbk2man regression (from typehints changes)
* fixed again cmake bug - parallel builds can lead to race condition
* removed ubuntu1604 testbuilds - python3.5 is too old
* ubuntu2404 is ready - was waiting for sdl-dev in universe
* move definitions form zzip/stdint.h to zzip/cstdint.h
* note: some includepaths made zzip/stdint.h be found as stdint.h
* move some definitions from zzip/__hints.h to zzip/cdecl.h
* make zzip/cdecl.h use gcc\'s ansidecl.h definitions if found
* remove zzip/__hints.h in public headers - use zzip/cdecl.h instead
* the __
*.h files were not meant to be installed
* some distros have installed them anyway - that should be dropped
* the \"make format\" will check for __
*.h in public headers as well
* note: this should help to avoide it creep in again
* add \"make bins\" to ensure testing compilation of those binaries
* add PACKAGE_NAME and PACKAGE_VERSION to _msvc.h- Release to v0.13.75
* add DEVGUIDE.md and prep release process
* add -DCOVERAGE=ON cmake option
* allow for \'make coverage\' summary
* change zzipdoc to python3 typehints
* allow for make types check on python
* remove unused make-doc.py make-doc.pl
* add bins/
*.c and test/
*.c to make format
* for bins/ --version shorten the automatic binary name #156
* simplify bins/ ssize_t construction
* tested \'make nextversion\' to ensure version number is increased
* note: last 0.13.74 was internally still named 0.13.72
* integrate opensuse patch for -Wwrite-strings for GCC4.1+
* switch to mypy minimum of python3.8
* fix dbk2man regression (from typehints changes)
* fixed again cmake bug - parallel builds can lead to race condition
* removed ubuntu1604 testbuilds - python3.5 is too old
* ubuntu2404 is ready - was waiting for sdl-dev in universe
* disabled local file header offset64
* allowed to \'make fortify\' for extended debugging
* fixed all memleak bugs from address sanitizer
* fixed ZIP64 bugs - but the support is still incomplete
* fixed remaining failures as they were recorded in testsuite- Release to v0.13.74
* fixed last cmake bug - parallel builds can lead to race condition
* abolished centos8 testbuilds and prepared ubuntu24
* integrated some github patches
* prepare autoformat with clang-format (not yet enforced)- Release to v0.13.73
* Switched docs from .htm to .md format. The mksite to .html is retained.
* Some cmake patches were included. Specifically MacOS seems to be special.
* Automated builds changed from azure-pipelines to github/workflows
* Added typehints and pep8 check for the python parts of the tools and tests
* Can still update automake for now. Continues the testbuilds.py comparison.
* Mon Jul 15 2024 Martin Jambor - Add -fpermissive to %{optflags} to workaround C99 violations which cause GCC14 to throw an error by default. [boo#1225959]
* Tue Feb 27 2024 Valentin Lefebvre - assert full zzip_file_header. [bsc#1214577, CVE-2020-18770, CVE-2020-18770.patch]- Use autosetup
* Tue Feb 20 2024 Dominique Leuenberger - Use %patch -P N instead of deprecated %patchN.
* Sun Feb 07 2021 Dirk Müller - update to 0.13.72:
* The testbuilds were fixed to make cmake install and automake install the same
* The cmake install did need patches for man3 installation on Unix
* The cmake install did need patches for dll installation on Windows
* The cmake install did need patches for dylib installation on MacOS
* The cmake install did need patches for pkgconfig generation
* Bump testbuilds to modern distro versions (ubuntu 20.04 centos 7.9 / 8.3)
* Takeover docker_mirror.py for air-gap testings (for testbuilds.py)
* handle UNZZIP-NOTFOUND in cmake and mark Ubuntu \'unzip\' to be broken
* merge patches for zzip_pread feature from Max Kellermann
* merge patches for some bugs being found and reported via GitHub issues
* run azure-pipelines with -DZZIP_TESTCVE=OFF to skip CVE
*.zip downloads
* use zziptests.py --downloadonly to get the CVE zip files for local storage
* switch to cmake build system- remove zziplib-0.13.62-wronglinking.patch zziplib-largefile.patch: obsolete with switch to cmake
* Tue Apr 28 2020 Paolo Stivanin - Update to 0.13.71:
* testbuilds fixes
* fixes to bring base, sdl, manpages and site docs to same level
* Tue Apr 14 2020 Josef Möllers - Update to 1.13.70:
* there have been tons of bugfixes over the last two years ...
* Thanks go to Patrick Steinhardt (then at Aservo) for python3 updates
* Thanks go to Josef Moellers (working at SUSE Labs) for many CVE fixes
* and of course all the other patches that came in via github issues.
* I have cleaned up sources to only uses Python3 (as needed by 2020).
* !!! The old automake/autconf/libtool system will be dumped soon!!!
* The build system was ported to \'cmake\' .. (last tested cmake 3.10.2) Obsoletes patches - CVE-2018-7726.patch - CVE-2018-7725.patch - CVE-2018-16548.patch - CVE-2018-17828.patch - bsc1129403-prevent-division-by-zero.patch [zziplib-0.13.70.tar.gz, CVE-2018-7726.patch, CVE-2018-7725.patch, CVE-2018-16548.patch, CVE-2018-17828.patch, bsc1129403-prevent-division-by-zero.patch]
* Mon Feb 24 2020 Josef Möllers - Corrected control flow in zzip_mem_entry_make() to gain correct exit status. [bsc#1154002, bsc1154002-prevent-unnecessary-perror.patch]
* Fri Dec 13 2019 Josef Möllers - Make an unconditional error message conditional by checking the return value of a function call. Also removed an unwanted debug output. [bsc#154002, bsc1154002-prevent-unnecessary-perror.patch, CVE-2018-7725.patch]
* Thu Oct 17 2019 Josef Möllers - Fixed another instance where division by 0 may occur. [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]
* Thu Jun 13 2019 josef.moellersAATTsuse.com- Prevent division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]
* Thu Oct 04 2018 josef.moellersAATTsuse.com- Remove any \"../\" components from pathnames of extracted files. [bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch]
* Fri Sep 07 2018 josef.moellersAATTsuse.com- Avoid memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]
* Mon Mar 19 2018 josef.moellersAATTsuse.com- Check if data from End of central directory record makes sense. Especially the Offset of start of central directory must not a) be negative or b) point behind the end-of-file.- Check if compressed size in Central directory file header makes sense, i.e. the file\'s data does not extend beyond the end of the file. [bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch, bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch]
* Sat Mar 17 2018 avindraAATTopensuse.org- Update to 0.13.69:
* fix a number of CVEs reported with special
*.zip PoC files
* completing some doc strings while checking the new man-pages to look good
* update refs to point to github instead of sf.net
* man-pages are generated with new dbk2man.py - docbook xmlto is optional now
* a zip-program is still required for testing, but some errors are gone when not present- run spec-cleaner- don\'t ship Windows only file, README.MSVC6
* Mon Feb 19 2018 adam.majerAATTsuse.de- Drop BR: fdupes since it does nothing.
* Mon Feb 19 2018 jengelhAATTinai.de- Fix RPM groups. Remove ineffective --with-pic. Trim redundancies from description. Do not let fdupes run across partitions.
* Sun Feb 18 2018 avindraAATTopensuse.org- Update to 0.13.68:
* fix a number of CVEs reported with special
*.zip files
* minor doc updates referencing GitHub instead of sf.net- drop CVE-2018-6381.patch
* merged in a803559fa9194be895422ba3684cf6309b6bb598- drop CVE-2018-6484.patch
* merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3- drop CVE-2018-6540.patch
* merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7- drop CVE-2018-6542.patch
* merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110
* Wed Feb 14 2018 josef.moellersAATTsuse.com- Changed %license to %doc in SPEC file.
* Mon Feb 12 2018 josef.moellersAATTsuse.com- If the size of the central directory is too big, reject the file. Then, if loading the ZIP file fails, display an error message. [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]
* Tue Feb 06 2018 josef.moellersAATTsuse.com- If an extension block is too small to hold an extension, do not use the information therein.- If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. [CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]
* Fri Feb 02 2018 josef.moellersAATTsuse.com- Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. [CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]
* Thu Feb 01 2018 josef.moellersAATTsuse.com- If a file is uncompressed, compressed and uncompressed sizes should be identical. [CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]
* Tue Jan 23 2018 tchvatalAATTsuse.com- Drop tests as they fail completely anyway, not finding lib needing zip command, this should allow us to kill python dependency- Also drop docs subdir avoiding python dependency for it
* The generated xmls were used for mans too but we shipped those only in devel pkg and as such we will live without them
* Tue Jan 23 2018 tchvatalAATTsuse.com- Version update to 0.13.67:
* Various fixes found by fuzzing
* Merged bellow patches- Remove merged patches:
* zziplib-CVE-2017-5974.patch
* zziplib-CVE-2017-5975.patch
* zziplib-CVE-2017-5976.patch
* zziplib-CVE-2017-5978.patch
* zziplib-CVE-2017-5979.patch
* zziplib-CVE-2017-5981.patch- Switch to github tarball as upstream seem no longer pull it to sourceforge- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch
* The sourcecode was quite changed for this to work this way anymore, lets hope this is fixed too
* Wed Nov 01 2017 mpluskalAATTsuse.com- Packaking changes:
* Depend on python2 explicitly
* Cleanup with spec-cleaner
* Thu Mar 23 2017 josef.moellersAATTsuse.com- Several bugs fixed:
* heap-based buffer overflows (bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch)
* check if \"relative offset of local header\" in \"central directory header\" really points to a local header (ZZIP_FILE_HEADER_MAGIC) (bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch)
* protect against bad formatted data in extra blocks (bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch)
* NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532, bsc#1024536, CVE-2017-5975, zziplib-CVE-2017-5975.patch)
* protect against huge values of \"extra field length\" in local file header and central file header (bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch)
* clear ZZIP_ENTRY record before use. (bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977, zziplib-CVE-2017-5979.patch)
* prevent unzzipcat.c from trying to print a NULL name (bsc#1024537, zziplib-unzipcat-NULL-name.patch)
* Replace assert() by going to error exit. (bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch)
 
ICM