RPM Search

Changelog for libplist3-debuginfo-1.12-9.1.x86_64.rpm :

* Wed May 03 2017 mgorseAATTsuse.com- Add libplist-boo1035312-overflow-fixes.patch: add some safety checks, backported from upstream (boo#1035312 CVE-2017-7982).- Add libplist-boo1029631-32bit.patch: ensure that sanity checks work on 32-bit platforms (boo#1029631 CVE-2017-6440).
* Tue Feb 07 2017 alarrosaAATTsuse.com- Add patches from upstream to fix a multitude of memory leaks, out of bound reads and writes and check index ranges: 0001-Fix-possible-crash-in-plist_from_bin-caused-by-access-to-already-freed-memory.patch 0002-Plug-memory-leaks-caused-by-unused-and-unfreed-buffer.patch 0003-Refactor-binary-plist-parsing-in-a-recursive-way.patch 0004-Make-sure-to-compare-the-node-sizes-for-integer-nodes.patch 0005-Change-internal-storage-of-PLIST_DATE-values-from-struct-timeval-to-double.patch 0006-Fix-possible-out-of-bounds-read-in-parse_dict_node-with-proper-bounds-checking.patch 0007-Fix-possible-out-of-bounds-reads-in-parse_bin_node.patch 0008-Make-sure-the-index-in-parse_bin_node_at_index-is-actually-within-the-offset-table.patch 0009-Prevent-out-of-bounds-read-in-plist_from_bin-when-parsing-offset_table.patch 0010-Make-sure-to-error-out-if-allocation-of-used_indexes-buffer-in-plist_from_bin-fails.patch 0011-Disallow-key-nodes-with-non-string-node-types.patch 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch 0013-Improve-UINT_TO_HOST-macro-remove-uint24_from_be-function.patch 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch 0015-Use-proper-struct-for-binary-plist-trailer.patch 0016-Mass-rename-dict_size-and-param_dict_size-to-more-appropiate-ref_size.patch 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch 0018-Avoid-heap-buffer-allocation-when-parsing-array-dict-string-data-node-sizes-14.patch 0019-Unify-size-node-parsing-for-data-string-array-dict-nodes.patch 0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch 0021-Fix-OOB-write-on-heap-buffer-and-improve-recursion-check.patch 0022-Make-sure-node-index-is-smaller-than-number-of-objects.patch 0023-Make-sure-the-offset-table-is-in-the-correct-range.patch 0024-Plug-memory-leak-in-case-parsing-a-dictionary-key-fails.patch 0026-bplist-Improve-real-date-node-de-serialization.patch 0027-bplist-Improve-parsing-unicode-nodes.patch 0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch 0030-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch 0031-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch 0032-bplist-Properly-handle-some-more-malloc-failure-situ.patch 0033-plist-Fix-assert-to-allow-16-or-8-byte-integer-sizes.patch C0001-Plug-memory-leak-when-converting-PLIST_UID-nodes-to-XML.patch C0002-Improve-writing-of-array-and-dictionary-nodes.patch C0003-Improve-writing-of-integer-nodes.patch C0004-Fix-UID-node-parsing-to-match-Apples-parser.patch C0005-Improve-writing-of-UID-nodes.patch C0006-Improve-writing-of-data-string-and-unicode-nodes.patch C0007-Improve-writing-of-offset-table.patch- Renamed 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to integrate the patch in the list of patches sorted by date.- In particular, 0011-Disallow-key-nodes-with-non-string-node-types.patch fixes a type inconsistency by which a maliciously crafted file could cause the application to crash (bsc#1023807, CVE-2017-5836).- 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch fixes a vulnerability by which a maliciously crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822, CVE-2017-5835).- 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch fixes a vulnerability by which a maliciously crafted file could cause a heap buffer overflow and a segmentation fault (bsc#1023848, CVE-2017-5834)- Dropped CVE-2017-5209 and added B0005-base64-Prevent-buffer-overflow-by-not-decoding-blocks-with-less-than-4-chrs.patch B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch B0007-base64-Rework-base64decode-to-handle-split-encoded-data.patch to replace the former. These patches fix the same CVE issue in the same way but they retain the information of the commits from upstream that fix it and add another check for a pointer to be inside bounds (boo#1019531, CVE-2017-5209)
* Tue Jan 31 2017 alarrosaAATTsuse.com- Add 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch This patch (from upstream, rebased) prevents an OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610, CVE-2017-5545).
* Wed Jan 25 2017 iAATTmarguerite.su- Fixed CVE-2017-5209 and boo#1019531: The base64decode function in base64.c allows attackers to obtaiin sensitive info from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data.- Added patch CVE-2017-5209.patch
* Rework base64decode to handle spliti encoded data correctly
* The credit goes to Nikias Bassen , here\'s just a backport of the upstream commit
* Tue Oct 21 2014 m.szuleckiAATTlibimobiledevice.org- Enable %check as it is provided by libplist and improves quality
* Fri Oct 17 2014 m.szuleckiAATTlibimobiledevice.org- Update to version 1.12
* Fix plist_from_bin() changing value nodes to key nodes in dictionaries
* Avoid exporting non-public symbols
* Prevent crash in plist_from_bin() when parsing unusual binary plists
* Fix crash in String|Key::GetValue() and actually make C++ interface work
* Fix memory leaks in new_xml_plist() and parse_real_node()
* Fix header guards to conform to C++ standard
* Update Cython based Python bindings and remove plist_new_key()
* Fix key nodes not being output correctly if they contained XML entities
* Fix handling and storage of signed vs. unsigned integer values
* Fix date handling to respect the \"Mac Epoch\" instead of \"Unix Epoch\"
* Remove plist_set_type() as it should not be used
* Fix deprecated macros to work with older LLVM/Clang
* Fix various shadowed declarations
* Add documentation to explicitly describe memory buffer ownership
* Fix memory leak in plist_from_bin()
* Add various test cases based on fixes
* Fix wrong timezone related date/time conversion of date nodes
* Fix endian detection on MIPS architecture
* Fix parallel build for autotools
* Mon Jun 16 2014 iAATTmarguerite.su- update version 1.11
* Deprecated plist_dict_insert_item() in favor of plist_dict_set_item()
* Updated cython bindings for Python 3.x
* Removed swig python bindings
* Changed build system to autotools
* Added new plist_dict_merge() function
* WIN32 (MinGW) + OSX compilation fixes
* Made base64 decoding thread safe- remove patch: libplist-1.8-pkgconfig.patch
* upstream fixed- added plist.pxd, needed by python-imobiledevice build
* Mon Apr 15 2013 mmeisterAATTsuse.com- Added url as source. Please see http://en.opensuse.org/SourceUrls
* Tue Aug 28 2012 cfarrellAATTsuse.com- license update: LGPL-2.1+ LGPL-2.1 can be relicensed to GPL without further permission. No need to explicitly call out the GPL as a license option. Fedora has been using LGPL-2.1+ for awhile so gain compatibility there too
* Mon Apr 09 2012 opensuseAATTsukimashita.com- Allow compilation on 11.4 by disabling cython bindings
* Mon Apr 02 2012 opensuseAATTsukimashita.com- Update to version 1.8
* Add Cython based Python bindings
* Fix memory corruption in libcnary
* Fix building on Big Endian systems
* Removed glib dependency, libplist now uses bundled libcnary
* Fix building of Python bindings with GCC 4.6- Do not build SWIG bindings for Python- Remove gcc46_build_fix.patch due to upstream fixes- Update pkgconfig patch
* Tue Jan 31 2012 jengelhAATTmedozas.de- Remove redundant tags/sections per specfile guideline suggestions- Parallel building using %_smp_mflags
* Wed Oct 05 2011 uliAATTsuse.com- cross-build fix: set cmake root, python paths- cross-build workaround: move installed files from sysroot to real root
* Tue Jun 28 2011 ajAATTsuse.de- Add baselibs.conf - needed by usbmuxd\'s baselibs.conf.
* Mon May 16 2011 cgiboudeauxAATTgmx.com- Add gcc46_build_fix.patch. Fixes build with GCC4.6
* Sun Mar 20 2011 opensuseAATTsukimashita.com- Update to version 1.4
* New maintainer and source location
* Update AUTHORS from git history
* Fix Unicode writing in binary plists
* Update plist doctype
* Fix Dictionary copy constructor
* Fix Mac OS X library install path detection
* Plug memory leak when writing Unicode data- Remove pkgconfig patch due to upstream fixes
* Wed Dec 08 2010 cristian.rodriguezAATTopensuse.org- Fix both -devel package dependencies and broken pkgconfig file
* Tue Apr 27 2010 opensuseAATTsukimashita.com- Update to version 1.3
* Endianness, alignment and type-punning fixes
* Fix armel floating point endianess
* Allow compiling with mingw on Windows
* Minor bugfixes
* Wed Mar 31 2010 vuntzAATTopensuse.org- Clean up packaging, based on what I did in multimedia:libs.
* Thu Mar 25 2010 meissnerAATTsuse.de- run prepare_spec
* Thu Jan 21 2010 opensuseAATTsukimashita.com- Update to version 1.2
* Fix xml entity conversion
* Silence build warnings- Remove upstreamed patches
* Sat Jan 09 2010 opensuseAATTsukimashita.com- Add patches to fix xml entity conversion and tests
* Wed Dec 30 2009 opensuseAATTsukimashita.com- Update to version 1.1
* Fix use of integer nodes within Python Bindings
* Mon Dec 07 2009 opensuseAATTsukimashita.com- Update to version 1.0
* Bugfixes
* Remove deprecated API
* Wed Oct 28 2009 opensuseAATTsukimashita.com- Update to version 0.16
* Build fixes
* Fix issues with SWIG
* Sat Oct 24 2009 opensuseAATTsukimashita.com- Update to version 0.15
* Build fixes- Update to version 0.14
* Add C++ binding
* Refactor API
* Bugfixes
* Sat Jul 18 2009 opensuseAATTsukimashita.com- Update to version 0.13
* Add plist_copy for deep node copies
* Add node setter functions
* Unlink nodes from parent if free\'d
* Update Python bindings
* Tue May 05 2009 opensuseAATTsukimashita.com- Update to version 0.12
* Merge ascii and unicode handling in PLIST_STRING using UTF-8
* Remove unicode related declaration in API (breaks API&ABI)
* Fix bad variable type for date elements
* Silence compiler warnings
* Plugged few memory leaks
* Tue Apr 21 2009 opensuseAATTsukimashita.com- Update to version 0.11
* Fix Python binding segfaults
* Python API additions
* Better binary buffer handling in Python bindings
* Sun Apr 12 2009 opensuseAATTsukimashita.com- Update to version 0.10
* Tue Apr 07 2009 opensuseAATTsukimashita.com- Add patch to fix uninitialized buffer
* Sat Apr 04 2009 opensuseAATTsukimashita.com- Initial package created