zziplib-devel-32bit-0.13.69-lp150.2.3.1 4 > $
A p [ȕո/=r{
ڡCJܥVVd
q(%SfGʤt)NuOi8}j7
T>L
.tD#"oox"m fe9VG96:I|6S=-^?t;k1ș@nv(RK/2_#vcC
YW!Փ9Nt˕¦t{>x^[IexP XX}߅_S6u=df662aeed1a0911df2b0eac9496471636cb573cd e8f2a35c90afadbb450c8fb7fa2727fe82512f11ae12aab8b6a1c5aefa41ea05 " [ȕո/=B[G0Hiaߑh/VMjXND{1mxzu!pC66B\?2#Ж݂թoØ #Fl7UyfK
X{-D?+0 w+)Z{L&wK$Ӗ""D1<8ì&6
πԐ\'G5;V~ŵn+ > p 9 p ? ` d * c # B H P ` h
p
0 T d 0 ( \ 8 d 9 : G H I X Y \ 8 ] H ^ b c M d e f l u v \ C zziplib-devel-32bit 0.13.69 lp150.2.3.1 Development files for zziplib, a ZIP compression library That are the header files needed for developing applications using
ZZipLib. [ȕcloud127 openSUSE Leap 15.0 openSUSE LGPL-2.1+ http://bugs.opensuse.org Development/Libraries/C and C++ http://zziplib.sourceforge.net linux x86_64 [ȕ[ȕ[ȕ[ȕ libzzip-0-64.so.13.0.69 libzzipfseeko-0-64.so.13.0.69 libzzipmmapped-0-64.so.13.0.69 libzzipwrap-0-64.so.13.0.69 root root root root root root root root zziplib-0.13.69-lp150.2.3.1.src.rpm zziplib-devel-32bit zziplib-devel-32bit(x86-32)
libzzip-0-13-32bit rpmlib(CompressedFileNames) rpmlib(FileDigests) rpmlib(PayloadFilesHavePrefix) rpmlib(PayloadIsXz) zziplib-devel 0.13.69 3.0.4-1 4.6.0-1 4.0-1 5.2-1 0.13.69 4.14.1 [ Z@Z@Z@Z@ZjZ$ZZyZtRZs@Zg#Zg#Y@XӸQD^Pf@Nǚ@Ns:@MKy7@JmJ8josef.moellers@suse.com josef.moellers@suse.com avindra@opensuse.org adam.majer@suse.de jengelh@inai.de avindra@opensuse.org josef.moellers@suse.com josef.moellers@suse.com josef.moellers@suse.com josef.moellers@suse.com josef.moellers@suse.com tchvatal@suse.com tchvatal@suse.com mpluskal@suse.com josef.moellers@suse.com schwab@linux-m68k.org p.drouand@gmail.com coolo@suse.com jengelh@medozas.de crrodriguez@opensuse.org dimstar@opensuse.org coolo@novell.com coolo@novell.com - Remove any "../" components from pathnames of extracted files.
[bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch] - Check if data from End of central directory record makes sense.
Especially the Offset of start of central directory must not
a) be negative or
b) point behind the end-of-file.
- Check if compressed size in Central directory file header
makes sense, i.e. the file's data does not extend beyond the
end of the file.
[bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch,
bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch] - Update to 0.13.69:
* fix a number of CVEs reported with special *.zip PoC files
* completing some doc strings while checking the new man-pages to
look good
* update refs to point to github instead of sf.net
* man-pages are generated with new dbk2man.py - docbook xmlto is
optional now
* a zip-program is still required for testing, but some errors
are gone when not present
- run spec-cleaner
- don't ship Windows only file, README.MSVC6 - Drop BR: fdupes since it does nothing. - Fix RPM groups. Remove ineffective --with-pic.
Trim redundancies from description.
Do not let fdupes run across partitions. - Update to 0.13.68:
* fix a number of CVEs reported with special *.zip files
* minor doc updates referencing GitHub instead of sf.net
- drop CVE-2018-6381.patch
* merged in a803559fa9194be895422ba3684cf6309b6bb598
- drop CVE-2018-6484.patch
* merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3
- drop CVE-2018-6540.patch
* merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7
- drop CVE-2018-6542.patch
* merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110 - Changed %license to %doc in SPEC file. - If the size of the central directory is too big, reject
the file.
Then, if loading the ZIP file fails, display an error message.
[CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094] - If an extension block is too small to hold an extension,
do not use the information therein.
- If the End of central directory record (EOCD) contains an
Offset of start of central directory which is beyond the end of
the file, reject the file.
[CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch] - Reject the ZIP file and report it as corrupt if the size of the
central directory and/or the offset of start of central directory
point beyond the end of the ZIP file.
[CVE-2018-6484, boo#1078701, CVE-2018-6484.patch] - If a file is uncompressed, compressed and uncompressed sizes
should be identical.
[CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch] - Drop tests as they fail completely anyway, not finding lib needing
zip command, this should allow us to kill python dependency
- Also drop docs subdir avoiding python dependency for it
* The generated xmls were used for mans too but we shipped those
only in devel pkg and as such we will live without them - Version update to 0.13.67:
* Various fixes found by fuzzing
* Merged bellow patches
- Remove merged patches:
* zziplib-CVE-2017-5974.patch
* zziplib-CVE-2017-5975.patch
* zziplib-CVE-2017-5976.patch
* zziplib-CVE-2017-5978.patch
* zziplib-CVE-2017-5979.patch
* zziplib-CVE-2017-5981.patch
- Switch to github tarball as upstream seem no longer pull it to
sourceforge
- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch
* The sourcecode was quite changed for this to work this way
anymore, lets hope this is fixed too - Packaking changes:
* Depend on python2 explicitly
* Cleanup with spec-cleaner - Several bugs fixed:
* heap-based buffer overflows
(bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch)
* check if "relative offset of local header" in "central
directory header" really points to a local header
(ZZIP_FILE_HEADER_MAGIC)
(bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch)
* protect against bad formatted data in extra blocks
(bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch)
* NULL pointer dereference in main (unzzipcat-mem.c)
(bsc#1024532, bsc#1024536, CVE-2017-5975,
zziplib-CVE-2017-5975.patch)
* protect against huge values of "extra field length"
in local file header and central file header
(bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch)
* clear ZZIP_ENTRY record before use.
(bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977,
zziplib-CVE-2017-5979.patch)
* prevent unzzipcat.c from trying to print a NULL name
(bsc#1024537, zziplib-unzipcat-NULL-name.patch)
* Replace assert() by going to error exit.
(bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch) - zziplib-largefile.patch: Enable largefile support
- Enable debug information - Update to 0.13.62 version:
* configure.ac: fallback to libtool -export-dynamic unless being sure to
use gnu-ld --export-dynamic. The darwin case is a bit special here
as the c-compiler and linker might be from different worlds.
* Makefile.am: allow nonstaic build
* wrap fd.open like in the Fedora patch
- Remove the package name on summary
- Add dos2unix as build dependencie to fix a wrong file encoding - add libtool as buildrequire to avoid implicit dependency - Implement shlib policy/packaging for package, add baselibs.conf
and resolve redundant constructs - Fix build with gcc 4.6 - Update to version 0.13.58:
+ Some bugs fixed, see ChangeLog - update to version 0.13.56 - fixes many smaller issues
(see Changelog) - fix build with automake 1.11 0.13.69-lp150.2.3.1 0.13.69-lp150.2.3.1 libzzip.so libzzipfseeko.so libzzipmmapped.so libzzipwrap.so /usr/lib/ -fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g obs://build.opensuse.org/openSUSE:Maintenance:8962/openSUSE_Leap_15.0_Update/21ca535e7739d3117537f8cded7e7374-zziplib.openSUSE_Leap_15.0_Update cpio xz 5 x86_64-suse-linux utf-8 9a696aeba2fce1c82e4e38babe9a72195ec02a8237487e46d93ffd3e51b8a9ed ? p 7zXZ
! t/ ]
cr$x#?/H'%]Pc!uH[ pq>1!xj\܀(dW;%
<k%.7EIJ?jh693]0z
&x `|>$츾` d9m
馨[Y{gL[WmD 0\
YZ