Accepting request 452456 from home:MargueriteSu:branches:hardware

OBS-URL: https://build.opensuse.org/request/show/452456 OBS-URL: https://build.opensuse.org/package/show/hardware/libplist?expand=0&rev=6
2017-01-25 16:29:00 +00:00
parent 9b8bb83ef7
commit a6f192821b
4 changed files with 52 additions and 14 deletions
--- a/libplist.changes
+++ b/libplist.changes
@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Wed Jan 25 15:39:22 UTC 2017 - i@marguerite.su
+
+- update version 1.12+git20170119.6a44dfb
+  * xplist: Fix limiited but possible XXE security vulnerability
+    with XML
+  * plistutil: use static buffer for stat()
+  * plistutil: Plug some memory leaks
+  * bplist: Fix possible crash in plist_from_bin() caused by access
+    to already freed memory
+  * bplist: Plug memory leaks caused by unused and unfreed buffer
+  * bplist: Refactor binary plist parsing in a recursive way
+  * xplist: Get rid of setlocale() and use custom function to print
+    floating point values
+  * Node.cpp: let plist_t operations free _node when in a container
+  * cython: Fix module build with libplist already installed
+  * bplist: Speed up plist_to_bin conversion for large plists
+  * Implemented plist_is_binary() and plist_from_memory()
+  * plist_data_compare: Make sure to compare the node sizes for integer
+    nodes
+  * xplist: Plug memory leak when converting PLIST_UID nodes to XML
+  * Change internal storage of PLIST_DATE values from struct timeval
+    to double
+  * Use time64 implementation by Michael G Schwern to extend allowed
+    date/time range
+  * remove libxml2 in favor of custom XML parsing
+  * base64: Rework base64decode to handle split encoded data correctly
+  * plistutil: Prevent OOB heap buffer read by checking input size
+  * plistutil: Use plist_is_binary() to check for binary plist data
+  * bplist: Improve UINT_TO_HOST macro, remove uint24_from_be function
+  * bplist: Check for invalid offset_size in bplist trailer
+  * bplist: Use proper struct for binary plist trailer
+  * bplist: Check for invalid ref_size in bplist trailer
+- fixed CVE-2017-5209, boo#1019531
+  * The base64decode function in base64.c allows attackers to
+    obtaiin sensitive info from process memory or cause a denial
+    of service (buffer over-read) via split encoded Apple Property
+    List data. 
+
 -------------------------------------------------------------------
 Tue Oct 21 22:40:00 UTC 2014 - m.szulecki@libimobiledevice.org