forked from pool/apache-commons-compress
110 lines
4.9 KiB
Plaintext
110 lines
4.9 KiB
Plaintext
-------------------------------------------------------------------
|
|
Mon Mar 21 08:57:33 UTC 2022 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Added patch:
|
|
* 0003-Remove-Pack200-compressor.patch
|
|
+ Remove support for pack200 which depends on old asm3
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Updated to 1.21
|
|
* When reading a specially crafted 7Z archive, the construction of
|
|
the list of codecs that decompress an entry can result in an
|
|
infinite loop. This could be used to mount a denial of service
|
|
attack against services that use Compress' sevenz package.
|
|
(CVE-2021-35515, bsc#1188463)
|
|
* When reading a specially crafted 7Z archive, Compress can be
|
|
made to allocate large amounts of memory that finally leads to
|
|
an out of memory error even for very small inputs. This could
|
|
be used to mount a denial of service attack against services
|
|
that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
|
|
* When reading a specially crafted TAR archive, Compress can be
|
|
made to allocate large amounts of memory that finally leads to
|
|
an out of memory error even for very small inputs. This could be
|
|
used to mount a denial of service attack against services that
|
|
use Compress' tar package. (CVE-2021-35517, bsc#1188465)
|
|
* When reading a specially crafted ZIP archive, Compress can be
|
|
made to allocate large amounts of memory that finally leads to
|
|
an out of memory error even for very small inputs. This could
|
|
be used to mount a denial of service attack against services
|
|
that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
|
|
- New dependency on asm3 for Pack200 compressor
|
|
- Rebased patch fix_java_8_compatibility.patch to a new context and
|
|
added some new ocurrences
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 28 08:57:02 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
|
|
|
|
- Updated to 1.19 [bsc#1148475, CVE-2019-12402]
|
|
* ZipFile could get stuck in an infinite loop when parsing ZIP archives
|
|
with certain strong encryption headers (CVE-2019-12402).
|
|
* ZipArchiveInputStream and ZipFile will no longer throw an exception if
|
|
an extra field generally understood by Commons Compress is malformed
|
|
but rather turn them into UnrecognizedExtraField instances. You can
|
|
influence the way extra fields are parsed in more detail by using the
|
|
new getExtraFields(ExtraFieldParsingBehavior) method of ZipArchiveEntry now.
|
|
* Some of the ZIP extra fields related to strong encryption will now
|
|
throw ZipExceptions rather than ArrayIndexOutOfBoundsExceptions in
|
|
certain cases when used directly. There is no practical difference
|
|
when they are read via ZipArchiveInputStream or ZipFile.
|
|
* ParallelScatterZipCreator now writes entries in the same order they have
|
|
been added to the archive.
|
|
* ZipArchiveInputStream and ZipFile are more forgiving when parsing extra
|
|
fields by default now.
|
|
* TarArchiveInputStream has a new lenient mode that may allow it to read
|
|
certain broken archives.
|
|
- Rebased patch fix_java_8_compatibility.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 25 17:32:03 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Remove pom parent, since we don't use it when not building with
|
|
maven
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 27 16:48:58 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
|
|
|
- Add missing RPM group for %name-javadoc.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 25 09:10:54 UTC 2019 - Fridrich Strba <fstrba@suse.com>
|
|
|
|
- Rename package to apache-commons-compress
|
|
* Upgrade to version 1.18
|
|
* Use build.xml file generated ba mvn ant:ant and simplified
|
|
manually after
|
|
+ Allows building with ant and considerably shortens build
|
|
cycle
|
|
- Added patches
|
|
* 0001-Remove-Brotli-compressor.patch
|
|
+ do not build Brotli compressor, since we don't have its
|
|
dependencies
|
|
* 0002-Remove-ZSTD-compressor.patch
|
|
+ do not build ZSTD compressor, since we don't have its
|
|
dependencies
|
|
* fix_java_8_compatibility.patch
|
|
+ restore Java 8 compatibility in java.nio.ByteBuffer use
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 18 10:43:23 UTC 2017 - fstrba@suse.com
|
|
|
|
- Fix build with jdk9: specify java source and target 1.6
|
|
- Build also the javadoc package
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 19 16:04:30 UTC 2017 - tchvatal@suse.com
|
|
|
|
- Fix build under new javapackage-tools
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 29 14:57:33 UTC 2012 - mvyskocil@suse.com
|
|
|
|
- use saxon and saxon-scripts only when using maven
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 14 16:05:37 CEST 2009 - mvyskocil@suse.cz
|
|
|
|
- 'Initial SUSE packaging from jpackage.org 5.0'
|
|
|