2018-02-19 09:26:53 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sun Feb 18 03:25:53 UTC 2018 - avindra@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Update to 0.13.68:
|
|
|
|
|
* fix a number of CVEs reported with special *.zip files
|
|
|
|
|
* minor doc updates referencing GitHub instead of sf.net
|
|
|
|
|
- drop CVE-2018-6381.patch
|
|
|
|
|
* merged in a803559fa9194be895422ba3684cf6309b6bb598
|
|
|
|
|
- drop CVE-2018-6484.patch
|
|
|
|
|
* merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3
|
|
|
|
|
- drop CVE-2018-6540.patch
|
|
|
|
|
* merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7
|
|
|
|
|
- drop CVE-2018-6542.patch
|
|
|
|
|
* merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110
|
|
|
|
|
|
2018-02-15 13:29:28 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Feb 14 13:36:43 UTC 2018 - josef.moellers@suse.com
|
|
|
|
|
|
|
|
|
|
- Changed %license to %doc in SPEC file.
|
|
|
|
|
|
2018-02-13 12:30:53 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 12 16:14:31 UTC 2018 - josef.moellers@suse.com
|
|
|
|
|
|
|
|
|
|
- If the size of the central directory is too big, reject
|
|
|
|
|
the file.
|
|
|
|
|
Then, if loading the ZIP file fails, display an error message.
|
|
|
|
|
[CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]
|
|
|
|
|
|
2018-02-07 11:37:38 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Feb 6 14:55:03 UTC 2018 - josef.moellers@suse.com
|
|
|
|
|
|
|
|
|
|
- If an extension block is too small to hold an extension,
|
|
|
|
|
do not use the information therein.
|
|
|
|
|
- If the End of central directory record (EOCD) contains an
|
|
|
|
|
Offset of start of central directory which is beyond the end of
|
|
|
|
|
the file, reject the file.
|
|
|
|
|
[CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]
|
|
|
|
|
|
2018-02-05 10:50:07 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Feb 2 09:31:49 UTC 2018 - josef.moellers@suse.com
|
|
|
|
|
|
|
|
|
|
- Reject the ZIP file and report it as corrupt if the size of the
|
|
|
|
|
central directory and/or the offset of start of central directory
|
|
|
|
|
point beyond the end of the ZIP file.
|
|
|
|
|
[CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Feb 1 10:49:56 UTC 2018 - josef.moellers@suse.com
|
|
|
|
|
|
|
|
|
|
- If a file is uncompressed, compressed and uncompressed sizes
|
|
|
|
|
should be identical.
|
|
|
|
|
[CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]
|
|
|
|
|
|
2018-01-26 16:23:16 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 23 20:18:19 UTC 2018 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Drop tests as they fail completely anyway, not finding lib needing
|
|
|
|
|
zip command, this should allow us to kill python dependency
|
|
|
|
|
- Also drop docs subdir avoiding python dependency for it
|
|
|
|
|
* The generated xmls were used for mans too but we shipped those
|
|
|
|
|
only in devel pkg and as such we will live without them
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Jan 23 20:03:01 UTC 2018 - tchvatal@suse.com
|
|
|
|
|
|
|
|
|
|
- Version update to 0.13.67:
|
|
|
|
|
* Various fixes found by fuzzing
|
|
|
|
|
* Merged bellow patches
|
|
|
|
|
- Remove merged patches:
|
|
|
|
|
* zziplib-CVE-2017-5974.patch
|
|
|
|
|
* zziplib-CVE-2017-5975.patch
|
|
|
|
|
* zziplib-CVE-2017-5976.patch
|
|
|
|
|
* zziplib-CVE-2017-5978.patch
|
|
|
|
|
* zziplib-CVE-2017-5979.patch
|
|
|
|
|
* zziplib-CVE-2017-5981.patch
|
|
|
|
|
- Switch to github tarball as upstream seem no longer pull it to
|
|
|
|
|
sourceforge
|
|
|
|
|
- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch
|
|
|
|
|
* The sourcecode was quite changed for this to work this way
|
|
|
|
|
anymore, lets hope this is fixed too
|
|
|
|
|
|
2017-11-06 12:37:57 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Nov 1 12:37:02 UTC 2017 - mpluskal@suse.com
|
|
|
|
|
|
|
|
|
|
- Packaking changes:
|
|
|
|
|
* Depend on python2 explicitly
|
|
|
|
|
* Cleanup with spec-cleaner
|
|
|
|
|
|
2013-03-19 09:04:02 +00:00
|
|
|
-------------------------------------------------------------------
|
2017-03-23 13:33:15 +00:00
|
|
|
Thu Mar 23 13:32:03 UTC 2017 - josef.moellers@suse.com
|
|
|
|
|
|
|
|
|
|
- Several bugs fixed:
|
|
|
|
|
* heap-based buffer overflows
|
|
|
|
|
(bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch)
|
|
|
|
|
* check if "relative offset of local header" in "central
|
|
|
|
|
directory header" really points to a local header
|
|
|
|
|
(ZZIP_FILE_HEADER_MAGIC)
|
|
|
|
|
(bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch)
|
|
|
|
|
* protect against bad formatted data in extra blocks
|
|
|
|
|
(bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch)
|
|
|
|
|
* NULL pointer dereference in main (unzzipcat-mem.c)
|
|
|
|
|
(bsc#1024532, bsc#1024536, CVE-2017-5975,
|
|
|
|
|
zziplib-CVE-2017-5975.patch)
|
|
|
|
|
* protect against huge values of "extra field length"
|
|
|
|
|
in local file header and central file header
|
|
|
|
|
(bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch)
|
|
|
|
|
* clear ZZIP_ENTRY record before use.
|
|
|
|
|
(bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977,
|
|
|
|
|
zziplib-CVE-2017-5979.patch)
|
|
|
|
|
* prevent unzzipcat.c from trying to print a NULL name
|
|
|
|
|
(bsc#1024537, zziplib-unzipcat-NULL-name.patch)
|
|
|
|
|
* Replace assert() by going to error exit.
|
|
|
|
|
(bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch)
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
2013-03-19 09:04:02 +00:00
|
|
|
Sat Mar 16 21:37:21 UTC 2013 - schwab@linux-m68k.org
|
|
|
|
|
|
|
|
|
|
- zziplib-largefile.patch: Enable largefile support
|
|
|
|
|
- Enable debug information
|
|
|
|
|
|
2012-12-15 19:01:02 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Dec 15 18:36:24 UTC 2012 - p.drouand@gmail.com
|
|
|
|
|
|
|
|
|
|
- Update to 0.13.62 version:
|
|
|
|
|
* configure.ac: fallback to libtool -export-dynamic unless being sure to
|
|
|
|
|
use gnu-ld --export-dynamic. The darwin case is a bit special here
|
|
|
|
|
as the c-compiler and linker might be from different worlds.
|
|
|
|
|
* Makefile.am: allow nonstaic build
|
|
|
|
|
* wrap fd.open like in the Fedora patch
|
|
|
|
|
- Remove the package name on summary
|
|
|
|
|
- Add dos2unix as build dependencie to fix a wrong file encoding
|
|
|
|
|
|
2011-11-19 20:13:40 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Nov 19 15:38:23 UTC 2011 - coolo@suse.com
|
|
|
|
|
|
|
|
|
|
- add libtool as buildrequire to avoid implicit dependency
|
|
|
|
|
|
2011-09-21 07:28:59 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Sep 16 16:02:33 UTC 2011 - jengelh@medozas.de
|
|
|
|
|
|
|
|
|
|
- Implement shlib policy/packaging for package, add baselibs.conf
|
|
|
|
|
and resolve redundant constructs
|
|
|
|
|
|
2011-04-30 19:06:06 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Sat Apr 30 15:22:39 UTC 2011 - crrodriguez@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Fix build with gcc 4.6
|
|
|
|
|
|
2010-02-28 12:30:36 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Feb 15 16:43:03 CET 2010 - dimstar@opensuse.org
|
|
|
|
|
|
|
|
|
|
- Update to version 0.13.58:
|
|
|
|
|
+ Some bugs fixed, see ChangeLog
|
|
|
|
|
|
2009-08-13 15:39:31 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jul 27 16:24:06 CEST 2009 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
- update to version 0.13.56 - fixes many smaller issues
|
|
|
|
|
(see Changelog)
|
|
|
|
|
|
2009-06-19 22:33:34 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Jun 17 10:05:23 CEST 2009 - coolo@novell.com
|
|
|
|
|
|
|
|
|
|
- fix build with automake 1.11
|
|
|
|
|
|
2009-01-27 01:29:32 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Jan 26 20:39:14 CET 2009 - crrodriguez@suse.de
|
|
|
|
|
|
|
|
|
|
- remove "la" files
|
|
|
|
|
|
2008-10-25 02:54:35 +00:00
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Oct 24 12:32:13 CEST 2008 - wgottwalt@suse.de
|
|
|
|
|
|
|
|
|
|
- removed ./msvc7/pkzip.exe and ./msvc8/zip.exe to avoid license
|
|
|
|
|
problems
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Wed Aug 15 05:35:45 CEST 2007 - crrodriguez@suse.de
|
|
|
|
|
|
|
|
|
|
- update to version 0.13.49 fixes #260734 buffer overflow
|
|
|
|
|
due to wrong usage of strcpy()
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Thu Mar 29 20:59:38 CEST 2007 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- adjust buildrequires
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon Dec 4 15:10:35 CET 2006 - dmueller@suse.de
|
|
|
|
|
|
|
|
|
|
- don't build as root
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Tue Oct 3 11:24:24 CEST 2006 - aj@suse.de
|
|
|
|
|
|
|
|
|
|
- Fix build.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Fri Aug 18 08:15:46 CEST 2006 - aj@suse.de
|
|
|
|
|
|
|
|
|
|
- Fix build.
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
|
|
|
Mon May 22 13:53:45 CEST 2006 - wgottwalt@suse.de
|
|
|
|
|
|
|
|
|
|
- initial release
|
|
|
|
|
- still problems with the "make check" build option
|
