zziplib-0.13.69-lp150.2.3.1 4 > $ A p [ȕո/=%¿?:wvE+ |S )W0=qflD6BO@~f(tғVJC˧ƊQ87-A3d*PG !Pr%4,v5t8bU &SֈIG_C(AkF62mZd8q eh_pR#esvn$tazZ牥@^4Q~(6f%uUu 338e218e09984a04647226a3fc6a685bd3019ba6 9064f484b4878df7a377e71edef4b6ae20f2f26b1ff5db75001016e8919b0768 [ȕո/=| $++0nzYʼA*O,%z>C䥗dCrjD·X囎4Ox @_AXD8mPCC31S%|L~&HnU}=WؕyYP=^4vIˤS8e#s.pQN!,r.hmY5apwHJE.{."`h
3D߄ON`c > p 5 ! ? ! d
6 ,
, P
$ H h ( 8 9 l : F Y G p H I R \ ] ^ c d != e !B f !G !L !P !V ! C zziplib 0.13.69 lp150.2.3.1 ZIP Compression Library ZZipLib is a library for dealing with ZIP and ZIP-like archives by
using algorithms of zlib. [ȕcloud127 openSUSE Leap 15.0 openSUSE LGPL-2.1+ http://bugs.opensuse.org Development/Libraries/C and C++ baselibs.conf zziplib-0.13.69.tar.gz CVE-2018-17828.patch CVE-2018-7725.patch CVE-2018-7726.patch zziplib-largefile.patch zziplib-0.13.62-wronglinking.patch zziplib-0.13.62.patch http://zziplib.sourceforge.net linux i586 (r
7 K F r ' [|Z3ZNy0P̿lP̾Zg Z [ȕc339cb1d0b7c0215fb7b8a97dee06b6dd59722c82ce02e6609b6aac776ded500 8aa44e43e7aadcfd50d01d721098eed88b2c398bce4f126ea95b9176978a2acc 80626aab3d169656310712c13366b92b62dfd036797071f5cee31834214d4c2d da3081638524538c5f10f0ec3ee3e5fb64a1212df9c70e213cfed06a8e4e06be 4cb4081c7167e60ecf2fcac622f1cd05019058432b3a0b01ee436d2432fd87ed c2729a30b247967241f41c7106fb54b2a1bdc8a22e6d3ce058a88fa6729f17b3 846246d7cdeee405d8d21e2922c6e97f55f24ecbe3b6dcf5778073a88f120544 66245337028fc2cc09bb107dbc3d2bdc8243d58ab0b57218e01498b421f2feac 2acabcefd0aca360584b969dcd73f9d670682d8a3e704719b5c5e4d20fa41cd1 root root root root root root root root root root root root root root root root root root
autoconf automake libtool pkgconfig pkgconfig(zlib) rpmlib(CompressedFileNames) rpmlib(FileDigests) xmlto 3.0.4-1 4.6.0-1 4.14.1 [ Z@Z@Z@Z@ZjZ$ZZyZtRZs@Zg#Zg#Y@XӸQD^Pf@Nǚ@Ns:@MKy7@JmJ8I}IFF@Et
E"PDDqjosef.moellers@suse.com josef.moellers@suse.com avindra@opensuse.org adam.majer@suse.de jengelh@inai.de avindra@opensuse.org josef.moellers@suse.com josef.moellers@suse.com josef.moellers@suse.com josef.moellers@suse.com josef.moellers@suse.com tchvatal@suse.com tchvatal@suse.com mpluskal@suse.com josef.moellers@suse.com schwab@linux-m68k.org p.drouand@gmail.com coolo@suse.com jengelh@medozas.de crrodriguez@opensuse.org dimstar@opensuse.org coolo@novell.com coolo@novell.com crrodriguez@suse.de wgottwalt@suse.de crrodriguez@suse.de dmueller@suse.de dmueller@suse.de aj@suse.de aj@suse.de wgottwalt@suse.de - Remove any "../" components from pathnames of extracted files.
[bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch] - Check if data from End of central directory record makes sense.
Especially the Offset of start of central directory must not
a) be negative or
b) point behind the end-of-file.
- Check if compressed size in Central directory file header
makes sense, i.e. the file's data does not extend beyond the
end of the file.
[bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch,
bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch] - Update to 0.13.69:
* fix a number of CVEs reported with special *.zip PoC files
* completing some doc strings while checking the new man-pages to
look good
* update refs to point to github instead of sf.net
* man-pages are generated with new dbk2man.py - docbook xmlto is
optional now
* a zip-program is still required for testing, but some errors
are gone when not present
- run spec-cleaner
- don't ship Windows only file, README.MSVC6 - Drop BR: fdupes since it does nothing. - Fix RPM groups. Remove ineffective --with-pic.
Trim redundancies from description.
Do not let fdupes run across partitions. - Update to 0.13.68:
* fix a number of CVEs reported with special *.zip files
* minor doc updates referencing GitHub instead of sf.net
- drop CVE-2018-6381.patch
* merged in a803559fa9194be895422ba3684cf6309b6bb598
- drop CVE-2018-6484.patch
* merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3
- drop CVE-2018-6540.patch
* merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7
- drop CVE-2018-6542.patch
* merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110 - Changed %license to %doc in SPEC file. - If the size of the central directory is too big, reject
the file.
Then, if loading the ZIP file fails, display an error message.
[CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094] - If an extension block is too small to hold an extension,
do not use the information therein.
- If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of
the file, reject the file.
[CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch] - Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file.
[CVE-2018-6484, boo#1078701, CVE-2018-6484.patch] - If a file is uncompressed, compressed and uncompressed sizes
should be identical.
[CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch] - Drop tests as they fail completely anyway, not finding lib needing
zip command, this should allow us to kill python dependency
- Also drop docs subdir avoiding python dependency for it
* The generated xmls were used for mans too but we shipped those
only in devel pkg and as such we will live without them - Version update to 0.13.67:
* Various fixes found by fuzzing
* Merged bellow patches
- Remove merged patches:
* zziplib-CVE-2017-5974.patch
* zziplib-CVE-2017-5975.patch
* zziplib-CVE-2017-5976.patch
* zziplib-CVE-2017-5978.patch
* zziplib-CVE-2017-5979.patch
* zziplib-CVE-2017-5981.patch
- Switch to github tarball as upstream seem no longer pull it to
sourceforge
- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch
* The sourcecode was quite changed for this to work this way
anymore, lets hope this is fixed too - Packaking changes:
* Depend on python2 explicitly
* Cleanup with spec-cleaner - Several bugs fixed:
* heap-based buffer overflows
(bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch)
* check if "relative offset of local header" in "central
directory header" really points to a local header
(ZZIP_FILE_HEADER_MAGIC)
(bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch)
* protect against bad formatted data in extra blocks
(bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch)
* NULL pointer dereference in main (unzzipcat-mem.c)
(bsc#1024532, bsc#1024536, CVE-2017-5975,
zziplib-CVE-2017-5975.patch)
* protect against huge values of "extra field length"
in local file header and central file header
(bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch)
* clear ZZIP_ENTRY record before use.
(bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977,
zziplib-CVE-2017-5979.patch)
* prevent unzzipcat.c from trying to print a NULL name
(bsc#1024537, zziplib-unzipcat-NULL-name.patch)
* Replace assert() by going to error exit.
(bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch) - zziplib-largefile.patch: Enable largefile support
- Enable debug information - Update to 0.13.62 version:
* configure.ac: fallback to libtool -export-dynamic unless being sure to
use gnu-ld --export-dynamic. The darwin case is a bit special here
as the c-compiler and linker might be from different worlds.
* Makefile.am: allow nonstaic build
* wrap fd.open like in the Fedora patch
- Remove the package name on summary
- Add dos2unix as build dependencie to fix a wrong file encoding - add libtool as buildrequire to avoid implicit dependency - Implement shlib policy/packaging for package, add baselibs.conf
and resolve redundant constructs - Fix build with gcc 4.6 - Update to version 0.13.58:
+ Some bugs fixed, see ChangeLog - update to version 0.13.56 - fixes many smaller issues
(see Changelog) - fix build with automake 1.11 - remove "la" files - removed ./msvc7/pkzip.exe and ./msvc8/zip.exe to avoid license
problems - update to version 0.13.49 fixes #260734 buffer overflow
due to wrong usage of strcpy() - adjust buildrequires - don't build as root - Fix build. - Fix build. - initial release
- still problems with the "make check" build option cloud127 1539872202 CVE-2018-17828.patch CVE-2018-7725.patch CVE-2018-7726.patch baselibs.conf zziplib-0.13.62-wronglinking.patch zziplib-0.13.62.patch zziplib-0.13.69.tar.gz zziplib-largefile.patch zziplib.spec obs://build.opensuse.org/openSUSE:Maintenance:8962/openSUSE_Leap_15.0_Update/21ca535e7739d3117537f8cded7e7374-zziplib.openSUSE_Leap_15.0_Update cpio gzip 9 utf-8 a036cfd7cddb8c53813c63222848807e1ea405406bc74eeae5f261f7fe375c51 ? X[7NU@PT{]:H N!tޛM:(
"T鈂 A@D)_ԣ{9`ffkoOY\ $燀-Hu#(.&WF<<bn ::8
J8B