417 lines
15 KiB
Plaintext
417 lines
15 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Feb 21 15:26:04 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
|
|
|
|
- Use %patch -P N instead of deprecated %patchN.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Build unzip-rcc using multibuild and update unzip-rcc.spec file
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
|
|
|
|
- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
|
|
to a local string (CVE-2022-0530, bsc#1196177)
|
|
* CVE-2022-0530.patch
|
|
- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
|
|
conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
|
|
* CVE-2022-0529.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 9 11:30:06 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
|
|
|
- Add patch to fix issue with some files being incorrectly
|
|
detected as symlinks (boo#1190273)
|
|
+ unzip-initialize-the-symlink-flag.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 22 09:27:01 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
|
|
|
|
- Change unzip-doc to noarch
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com
|
|
|
|
- Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
|
|
list.c [bsc#1110194] [CVE-2018-18384]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
|
|
|
|
- Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
|
|
unable to process Windows zip64 archives because Windows
|
|
archivers set total_disks field to 0 but per standard, valid
|
|
values are 1 and higher [bnc#910683]
|
|
- Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
|
|
overflow for STORED field data [bnc#914442] [CVE-2014-9636]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
|
|
|
|
- Fix "remove failed: No such file or directory" warnings upon
|
|
package removal:
|
|
* Call 'update-alternative --remove' in %postun, not in %preun.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 8 14:11:25 UTC 2018 - kbabioch@suse.com
|
|
|
|
- Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in
|
|
password protected ZIP archives (CVE-2018-1000035 bsc#1080074)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 6 13:25:44 UTC 2017 - nico.kruber@gmail.com
|
|
|
|
- Updated Fix-CVE-2014-8139-unzip.patch: the original patch was
|
|
causing errors testing valid jar files:
|
|
$ unzip -t foo.jar
|
|
Archive: foo.jar
|
|
testing: META-INF/ bad extra-field entry:
|
|
EF block length (0 bytes) invalid (< 4)
|
|
testing: META-INF/MANIFEST.MF OK
|
|
testing: foo OK
|
|
(see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8139
|
|
where the updated patch was taken from)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 15 08:31:05 UTC 2017 - josef.moellers@suse.com
|
|
|
|
- Fixed two potential buffer overflows.
|
|
The patches were extracted from
|
|
http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and
|
|
http://antinode.info/ftp/info-zip/unzip60/list.c
|
|
(bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913,
|
|
CVE-2016-9844.patch, CVE-2014-9913.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 12 07:23:03 UTC 2016 - josef.moellers@suse.com
|
|
|
|
- When decrypting an encrypted file,
|
|
quit early if compressed size < HEAD_LEN.
|
|
When extracting avoid an infinite loop
|
|
if a file never finishes unzipping.
|
|
(bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697,
|
|
CVE-2015-7696.patch, CVE-2015-7697.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 16 14:58:41 UTC 2016 - tchvatal@suse.com
|
|
|
|
- Require properly the update-alternatives to not throw out errors
|
|
when installing in OBS chroot
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 26 13:25:54 UTC 2015 - tbehrens@suse.com
|
|
|
|
- Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in
|
|
the CRC32 verification (fixes bnc#909214)
|
|
- Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error
|
|
(*_8349_*) shows a problem in extract.c:test_compr_eb(), and:
|
|
read errors (*_6430_*, *_3422_*) show problems in
|
|
process.c:getZip64Data() (fixes bnc#909214)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 21 13:43:32 UTC 2014 - meissner@suse.com
|
|
|
|
- build with PIE
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 2 18:29:07 UTC 2013 - coolo@suse.com
|
|
|
|
- fix defaultattr for old distros
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 2 13:55:08 UTC 2013 - coolo@suse.com
|
|
|
|
- split the rcc dependency into a spec file of it's own, we don't
|
|
need that complexity during build causing cycles like this:
|
|
unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 5 10:07:44 UTC 2013 - idonmez@suse.com
|
|
|
|
- Cleanup spec file
|
|
- Add Source URL, see https://en.opensuse.org/SourceUrls
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 5 13:57:24 CEST 2011 - pth@suse.de
|
|
|
|
- Don't call isprint (bnc#620483).
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 23 14:21:44 UTC 2011 - lnussel@suse.de
|
|
|
|
- remove use of __DATE__ from correct file
|
|
|
|
-------------------------------------------------------------------
|
|
Sat May 07 23:16:45 UTC 2011 - idoenmez@novell.com
|
|
|
|
- Sync our compile time flags with Debian except Acorn stuff, this enables
|
|
UTF-8, saves an unrelated warning about lchmod being not implemented.
|
|
- Enable make check
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 28 13:50:13 UTC 2011 - lnussel@suse.de
|
|
|
|
- use dlopen for librcc0. A direct requires causes lots of other
|
|
packages to get installed such as aspell which bloats a minimal
|
|
install.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 30 19:44:17 UTC 2010 - cristian.rodriguez@opensuse.org
|
|
|
|
- Do not include build host specific info like build dates In
|
|
binaries.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 25 18:21:34 CEST 2010 - pth@suse.de
|
|
|
|
- Doing open(O_WRONLY) and then fdopen("w+") will now fail with
|
|
"Invalid Argument" whereas former glibcs would succeed. So now
|
|
do open(O_RDWR).
|
|
- Print error message when open(2) fails.
|
|
- Add debugging traces in open_outfile.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 21 16:39:24 CEST 2010 - pth@suse.de
|
|
|
|
- Update to 6.0:
|
|
* Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive
|
|
entries larger than 4 GiBytes and more than 65536 entries within a
|
|
single Zip archive. This support is currently only available for Unix,
|
|
OpenVMS and Win32/Win64.
|
|
* Support for bzip2 compression method.
|
|
* Support for UTF-8 encoded entry names, both through PKWARE's "General
|
|
Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path
|
|
extra field. (Currently, on Windows the UTF-8 handling is limited to
|
|
the character subset contained in the configured non-unicode "system
|
|
code page".)
|
|
* Fixed "Time of Creation/Time of Use" vulnerability when setting
|
|
attributes of extracted files, for Unix and Unix-like ports.
|
|
* Fixed memory leak when processing invalid deflated data.
|
|
* Fixed long-standing bug in unshrink (partial_clear), added boundary
|
|
checks against invalid compressed data.
|
|
* On Unix, keep inherited SGID attribute bit for extracted directories
|
|
unless restoration of owner/group id or SUID/SGID/Tacky attributes was
|
|
requested.
|
|
* On Unix, allow extracted filenames to contain embedded control
|
|
characters when explicitly requested by specifying the new command line
|
|
option "-^".
|
|
* On Unix, support restoration of symbolic link attributes.
|
|
* On Unix, support restoration of 32-bit UID/GID data using the new "ux"
|
|
IZUNIX3 extra field introduced with Zip 3.0.
|
|
* Support symbolic links zipped up on VMS.
|
|
* New -D option to suppress restoration of timestamps for extracted
|
|
directory entries (on those ports that support setting of directory
|
|
timestamps). By specifying "-DD", this new option also allows to
|
|
suppress timestamp restoration for ALL extracted files on all UnZip
|
|
ports which support restoration of timestamps. On VMS, the default
|
|
behaviour is now to skip restoration of directory timestamps; here,
|
|
"--D" restores ALL timestamps, "-D" restores none.
|
|
* On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP
|
|
to allow saving backup copies of overwritten files on extraction is now
|
|
enabled by default.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon May 10 16:39:20 UTC 2010 - pth@suse.de
|
|
|
|
- Use librcc to convert russian/slavic file names (bnc#540598).
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Dec 6 17:51:30 CET 2009 - jengelh@.medozas.de
|
|
|
|
- enable parallel building
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 9 15:53:53 CET 2008 - schwab@suse.de
|
|
|
|
- Fix last change.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 15 12:32:57 CEST 2008 - ro@suse.de
|
|
|
|
- use hardlink instead of softlink
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 4 13:29:27 CET 2008 - pth@suse.de
|
|
|
|
- Add patch to fix erroneous freeing of buffers (bnc#358425)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 7 12:52:06 CET 2007 - pth@suse.de
|
|
|
|
- Pass file mode when calling open with O_CREAT.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 3 13:24:27 CET 2007 - pth@suse.de
|
|
|
|
- Add patch to extend the maximum file/archive size to 2^32-8193
|
|
(4294959103) bytes.
|
|
- Add patch to fix CVE-2005-2475 (bnc#274156)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de
|
|
|
|
- fix changelog entry order
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 3 15:25:39 CEST 2007 - pth@suse.de
|
|
|
|
- Add patch from Takashi Iwai that adds a new option (-S) to
|
|
unzip and infozip that disables file name translation (bnc#267901).
|
|
- Recompress tarball with bzip2
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 27 02:30:41 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 26 15:28:44 CET 2006 - pth@suse.de
|
|
|
|
- Reject file names that are too long (bnc#140304)
|
|
- Use stack protector.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 20 17:41:23 CET 2006 - schwab@suse.de
|
|
|
|
- Don't strip binaries.
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 15 11:31:51 CET 2005 - pth@suse.de
|
|
|
|
- Compile with (limited) large file support. This will support
|
|
single files exceeding 2 GB as long as the archive stays below
|
|
that theshold.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de
|
|
|
|
- update to version 5.52 (bnc#67279)
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Aug 7 15:03:23 CEST 2004 - rommel@suse.de
|
|
|
|
- update to version 5.51
|
|
(fixes old security bugs, adds PKWARE's compression code Deflate64)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 19 18:36:21 CEST 2004 - ro@suse.de
|
|
|
|
- added -fno-strict-aliasing
|
|
- really use RPM_OPT_FLAGS
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 11 13:00:23 CET 2004 - adrian@suse.de
|
|
|
|
- build as user
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 23 16:53:44 CEST 2003 - rommel@suse.de
|
|
|
|
- replaced fix for ../ exploit with a fix both for
|
|
the ../ exploit and '/' exploit (Bugzilla #29311)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 3 12:57:38 CEST 2003 - rommel@suse.de
|
|
|
|
- added fix for ../ exploit (Bugzilla #27667)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 17 14:42:19 CET 2003 - rommel@suse.de
|
|
|
|
- fixed Summary: to be more verbose about what this package does
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 18 00:57:21 CEST 2002 - ro@suse.de
|
|
|
|
- removed bogus self-provides
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 5 11:09:32 CEST 2002 - kukuk@suse.de
|
|
|
|
- Use %ix86 macro
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 11 2002 - rommel@suse.de
|
|
|
|
- Update to 5.50
|
|
- took over parts of pmladek's patch (see below)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 24 13:43:46 CET 2002 - grimmer@suse.de
|
|
|
|
- added unzip-5.42-iso8859_2.patch to fix coding conversion
|
|
between Microsoft and Linux file names
|
|
(originally from http://www.axis.cz/linux/zip_unzip.php3,
|
|
enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek
|
|
<pmladek@suse.cz>)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 9 13:42:07 CEST 2001 - grimmer@suse.de
|
|
|
|
- Update to 5.42
|
|
- file list fixes (new license file, documentation renames)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 13 17:49:59 CET 2000 - grimmer@suse.de
|
|
|
|
- Update to 5.41 (now includes decryption support)
|
|
- now Provides and Obsoletes crunzip
|
|
- bzipped sources
|
|
- use BuildRoot
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 29 18:33:38 CET 2000 - schwab@suse.de
|
|
|
|
- Add support for ia64.
|
|
- /usr/man -> /usr/share/man
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 22 16:19:18 MET 1999 - grimmer@suse.de
|
|
|
|
- Added "Conflicts: crzip" to spec file
|
|
- cleaned up Provides: tag
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 17 16:40:10 MET 1999 - grimmer@suse.de
|
|
|
|
- Spec file cleanups
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Nov 27 15:03:07 MET 1999 - kukuk@suse.de
|
|
|
|
- Use linux_noasm Makefile target on SPARC
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de
|
|
|
|
- ran old prepare_spec on spec file to switch to new prepare_spec.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 8 16:34:57 CEST 1999 - uli@suse.de
|
|
|
|
- uses target linux_noasm for PPC
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 24 09:42:16 MET 1999 - grimmer@suse.de
|
|
|
|
- new version (5.40)
|
|
- specfile modifications
|
|
- added french description
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 11 14:29:14 MET 1999 - ro@suse.de
|
|
|
|
- use target linux_noasm for alpha
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 23 15:03:52 MET 1998 - rj@suse.de
|
|
|
|
- version 5.32
|
|
-------------------------------------------------------------------
|
|
Thu Feb 6 11:56:09 CET 1997 - rj@suse.de
|
|
|
|
- version 5.12
|
|
- new test/changes/plist files
|
|
|