From a1bab35c28cb1ef169f2dd9a0e6733b2c9f766d4ae2e3e672e88881c20557c6a Mon Sep 17 00:00:00 2001 From: Denisart Benjamin Date: Wed, 18 Nov 2015 15:17:23 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libmaxminddb?expand=0&rev=8 --- libmaxminddb.changes | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/libmaxminddb.changes b/libmaxminddb.changes index e14c030..69ba1c0 100644 --- a/libmaxminddb.changes +++ b/libmaxminddb.changes @@ -1,3 +1,27 @@ +------------------------------------------------------------------- +Wed Nov 18 15:15:37 UTC 2015 - p.drouand@gmail.com + +- Update to version 1.1.2 + * IMPORTANT: This release includes a number of important security + fixes. Among these fixes is improved validation of the database + metadata. Unfortunately, MaxMind GeoIP2 and GeoLite2 databases + created earlier than January 28, 2014, had an invalid data type + for the record_size in the metadata. Previously these databases + worked on little endian machines with libmaxminddb but did not + work on big endian machines. Due to increased safety checks when + reading the file, these databases will no longer work on any + platform. If you are using one of these databases, we recommend + that you upgrade to the latest GeoLite2 or GeoIP2 database + * Added pkg-config support. + * Several segmentation faults found with afl-fuzz were fixed. These + were caused by missing bounds checking and missing verification + of data type. + MMDB_get_entry_data_list will now fail on data structures with a + depth greater than 512 and data structures that are cyclic. This + should not affect any known MaxMind DB in production. All databases + produced by MaxMind have a depth of less than five. +- Add a build dependency to pkg-config + ------------------------------------------------------------------- Sun Jul 26 13:48:17 UTC 2015 - p.drouand@gmail.com