pool/lzo
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 239294 from home:darix:branches:Base:System

Browse Source 
- update to 2.08 (bnc#883947) CVE-2014-4607
  - Updated the Autoconf scripts to fix some reported build
    problems.
  - Added CMake build support.
  - Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
  * Fixed a potential integer overflow condition in the "safe"
    decompressor variants which could result in a possible buffer
    overrun when processing maliciously crafted compressed input
    data.
    Fortunately this issue only affects 32-bit systems and also can
    only happen if you use uncommonly huge buffer sizes where you
    have to decompress more than 16 MiB (> 2^24 bytes) untrusted
    compressed bytes within a single function call, so the
    practical implications are limited.
    POTENTIAL SECURITY ISSUE. CVE-2014-4607.
  * Removed support for ancient configurations like 16-bit "huge"
    pointers - LZO now requires a flat 32-bit or 64-bit memory
    model.
  * Assorted cleanups.

OBS-URL: https://build.opensuse.org/request/show/239294
OBS-URL: https://build.opensuse.org/package/show/Base:System/lzo?expand=0&rev=24
This commit is contained in:
Marcus Meissner 2014-07-02 11:45:01 +00:00 committed by Git OBS Bridge
parent b9a8eb886c
commit d00ef480b7
4 changed files with 31 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lzo-2.06.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ff79e6f836d62d3f86ef6ce893ed65d07e638ef4d3cb952963471b4234d43e73
size 583045

3
lzo-2.08.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ac1b3e4dee46febe9fd28737eb7f5692d3232ef1a01da10444394c3d47536614
size 589045

27
lzo.changes
View File

@ -1,3 +1,30 @@
-------------------------------------------------------------------
Wed Jul 2 11:35:21 UTC 2014 - mrueckert@suse.de
- update to 2.08 (bnc#883947) CVE-2014-4607
- Updated the Autoconf scripts to fix some reported build
problems.
- Added CMake build support.
- Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
* Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
Fortunately this issue only affects 32-bit systems and also can
only happen if you use uncommonly huge buffer sizes where you
have to decompress more than 16 MiB (> 2^24 bytes) untrusted
compressed bytes within a single function call, so the
practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge"
pointers - LZO now requires a flat 32-bit or 64-bit memory
model.
* Assorted cleanups.
-------------------------------------------------------------------
Tue Apr 16 12:26:44 UTC 2013 - mmeister@suse.com

2
lzo.spec
View File

@ -18,7 +18,7 @@
Name: lzo
Url: http://www.oberhumer.com/opensource/lzo/
Version: 2.06
Version: 2.08
Release: 0
Source: http://www.oberhumer.com/opensource/%{name}/download/%{name}-%{version}.tar.gz
Source2: baselibs.conf