------------------------------------------------------------------- Tue Jan 23 16:09:51 UTC 2018 - bjorn.lie@gmail.com - Update to version 0.8 (CVE-2018-5345): + This fixes the security bug known as CVE-2018-5345. + Always check the return value when writing to the stream. + Do not crash when ncbytes is larger than the buffer size. + Don't encode timezone in generated files. + Don't use version script if unsupported. + Explicitly enable C99 support. + Fix a few 'Dereference of null pointer' warnings. + Fix buffer overrun when generating Huffman codes. + Fix builddir != srcdir builds. + Fix dependency on generated .h file. + Fix invalid return annotation. + Fix the calculation of the checksum on big endian machines. + Fix -Wimplicit-fallthrough=. + Use glib-mkenum's prefixes to avoid sed. + Updated translations. - Minor spec cleanup, use autosetup macro. ------------------------------------------------------------------- Sat Mar 12 16:10:10 UTC 2016 - zaitor@opensuse.org - Update to version 0.7: + Learn to rewind if needed during extraction (bgo#763377). + Fix extraction of files without cdata (bgo#763376). + Do not abort with a critical warning if a file has an incorrect checksum. + Set utf8 flag automatically (bgo#754091). + Fix wrong modification date (bgo#753040). + Build warning fixes. + Updated translations. - Drop gcab-checksum.patch: Fixed in a different way upstream. ------------------------------------------------------------------- Mon Mar 30 15:16:56 UTC 2015 - dimstar@opensuse.org - Update to version 0.6: + Fix for the AFL-detected crashes. + Add file information getters (get_attributes(), get_date(), get_size()). + gcab learned --list-details to list files with those informations. + Fix the file date when creating cab. + Build-sys fixes. ------------------------------------------------------------------- Sat Mar 21 16:48:27 UTC 2015 - schwab@linux-m68k.org - Add gcab-checksum.patch: fix checksum computation (bgo#746580). ------------------------------------------------------------------- Mon Mar 9 16:34:49 UTC 2015 - zaitor@opensuse.org - Update to version 0.5: + Fix path traversal: do not escape from output directory. + Add gcab_cabinet_get_signature(). + Build warning fixes. + Updated translations. - Drop gcab-CVE-2015-0552.patch: fixed upstream. ------------------------------------------------------------------- Tue Jan 6 11:08:14 UTC 2015 - dimstar@opensuse.org - Add gcab-CVE-2015-0552.patch: Avoid path traversal (boo#911814, bgo#742331, CVE-2015-0552). ------------------------------------------------------------------- Wed Mar 6 20:29:35 UTC 2013 - dimstar@opensuse.org - Initial package, version 0.4.