Accepting request 1006072 from home:dspinella:branches:Archiving

- Build unzip-rcc using multibuild and update unzip-rcc.spec file OBS-URL: https://build.opensuse.org/request/show/1006072 OBS-URL: https://build.opensuse.org/package/show/Archiving/unzip?expand=0&rev=60
2022-09-26 09:49:26 +00:00 · 2022-09-26 09:49:26 +00:00 · 3b4461dd25
commit 3b4461dd25
parent d7c16d7fbb
4 changed files with 45 additions and 1 deletions
--- a/3
+++ b/3
@ -0,0 +1,3 @@
+<multibuild>
+  <package>unzip-rcc</package>
+</multibuild>
--- a/unzip-rcc.changes
+++ b/unzip-rcc.changes
@ -1,8 +1,35 @@
+-------------------------------------------------------------------
+Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Build unzip-rcc using multibuild and update unzip-rcc.spec file
+
+-------------------------------------------------------------------
+Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Fix CVE-2022-0530, SIGSEGV during the conversion of an utf-8 string
+  to a local string (CVE-2022-0530, bsc#1196177)
+  * CVE-2022-0530.patch
+- Fix CVE-2022-0529, Heap out-of-bound writes and reads during
+  conversion of wide string to local string (CVE-2022-0529, bsc#1196180)
+  * CVE-2022-0529.patch
+
+-------------------------------------------------------------------
+Thu Sep  9 11:30:06 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Add patch to fix issue with some files being incorrectly
+  detected as symlinks (boo#1190273)
+  + unzip-initialize-the-symlink-flag.patch
+
+-------------------------------------------------------------------
+Fri May 22 09:27:01 UTC 2020 - Yunhe Guo <i@guoyunhe.me>
+
+- Change unzip-doc to noarch
+
 -------------------------------------------------------------------
 Thu Oct 11 14:49:01 UTC 2018 - kstreitova@suse.com

 - Add unzip60-cfactorstr_overflow.patch to fix buffer overflow in
-  list.c [bsc#1110194]
+  list.c [bsc#1110194] [CVE-2018-18384]

 -------------------------------------------------------------------
 Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
--- a/unzip-rcc.spec
+++ b/unzip-rcc.spec
@ -60,6 +60,11 @@ Patch19:        CVE-2018-1000035.patch
 Patch20:        Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:        unzip60-total_disks_zero.patch
 Patch22:        unzip60-cfactorstr_overflow.patch
+Patch23:        unzip-initialize-the-symlink-flag.patch
+# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0530 bsc#1196177
+Patch24:        CVE-2022-0530.patch
+# PATCH-FIX-UPSTREAM danilo.spinella@suse.com CVE-2022-0529 bsc#1196180
+Patch25:        CVE-2022-0529.patch
 Requires(post): update-alternatives
 Requires(postun):update-alternatives
 Recommends:     %{_name}-doc
@ -75,6 +80,7 @@ functionality. This version can also extract encrypted archives.
 %package doc
 Summary:        Documentation files for unzip
 Group:          Productivity/Archiving/Compression
+BuildArch:      noarch

 %description doc
 UnZip is an extraction utility for archives compressed in .zip format
@ -106,6 +112,9 @@ functionality. This version can also extract encrypted archives.
 %patch20 -p1
 %patch21 -p1
 %patch22 -p1
+%patch23 -p1
+%patch24 -p1
+%patch25 -p1

 %build
 export RPM_OPT_FLAGS="%{optflags} \
--- a/unzip.changes
+++ b/unzip.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Sep 26 09:17:32 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>
+
+- Build unzip-rcc using multibuild and update unzip-rcc.spec file
+
 -------------------------------------------------------------------
 Wed Sep 21 09:27:59 UTC 2022 - Danilo Spinella <danilo.spinella@suse.com>