Hello community, here is the log from the commit of package libzip for openSUSE:Factory checked in at 2012-03-22 12:35:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libzip (Old) and /work/SRC/openSUSE:Factory/.libzip.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzip", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/libzip/libzip.changes 2012-02-16 16:19:28.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libzip.new/libzip.changes 2012-03-22 12:36:15.000000000 +0100 @@ -1,0 +2,7 @@ +Tue Mar 20 16:12:30 UTC 2012 - [email protected] + +- updated to 0.10.1: fixes + * CVE-2012-1162 [bnc#751829] + * CVE-2012-1163 [bnc#751830] + +------------------------------------------------------------------- Old: ---- libzip-0.10.tar.bz2 New: ---- libzip-0.10.1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libzip.spec ++++++ --- /var/tmp/diff_new_pack.Q0N11j/_old 2012-03-22 12:36:17.000000000 +0100 +++ /var/tmp/diff_new_pack.Q0N11j/_new 2012-03-22 12:36:17.000000000 +0100 @@ -16,8 +16,9 @@ # + Name: libzip -Version: 0.10 +Version: 0.10.1 Release: 0 Summary: C library for reading, creating, and modifying zip archives License: BSD-3-Clause ++++++ libzip-0.10.tar.bz2 -> libzip-0.10.1.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/CMakeLists.txt new/libzip-0.10.1/CMakeLists.txt --- old/libzip-0.10/CMakeLists.txt 2011-03-18 13:53:20.000000000 +0100 +++ new/libzip-0.10.1/CMakeLists.txt 2012-03-15 10:33:17.000000000 +0100 @@ -20,7 +20,7 @@ SET(PACKAGE_NAME ${PACKAGE}) SET(PACKAGE_VERSION_MAJOR "0") SET(PACKAGE_VERSION_MINOR "10") -SET(PACKAGE_VERSION_PATCH "0") +SET(PACKAGE_VERSION_PATCH "1") SET(VERSION "${PACKAGE_VERSION_MAJOR}.${PACKAGE_VERSION_MINOR}.${PACKAGE_VERSION_PATCH}") SET(PACKAGE_VERSION ${VERSION}) SET(PACKAGE_STRING "${PACKAGE_NAME} ${PACKAGE_VERSION}") diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/NEWS new/libzip-0.10.1/NEWS --- old/libzip-0.10/NEWS 2011-03-18 12:37:10.000000000 +0100 +++ new/libzip-0.10.1/NEWS 2012-03-15 10:38:10.000000000 +0100 @@ -1,3 +1,8 @@ +0.10.1 [2012/03/20] + +* Fixed CVE-2012-1162 +* Fixed CVE-2012-1163 + 0.10 [2010/03/18] * Added zip_get_num_files(), deprecated zip_get_num_entries(). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/THANKS new/libzip-0.10.1/THANKS --- old/libzip-0.10/THANKS 2011-03-16 12:18:44.000000000 +0100 +++ new/libzip-0.10.1/THANKS 2012-03-15 10:35:10.000000000 +0100 @@ -17,3 +17,4 @@ Simon Talbot <[email protected]> Stephen Bryant <[email protected]> Tarmo Pikaro <[email protected]> +Timo Warns <[email protected]> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/configure new/libzip-0.10.1/configure --- old/libzip-0.10/configure 2011-03-18 12:38:18.000000000 +0100 +++ new/libzip-0.10.1/configure 2012-03-15 10:38:16.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for libzip 0.10. +# Generated by GNU Autoconf 2.68 for libzip 0.10.1. # # Report bugs to <[email protected]>. # @@ -709,8 +709,8 @@ # Identity of this package. PACKAGE_NAME='libzip' PACKAGE_TARNAME='libzip' -PACKAGE_VERSION='0.10' -PACKAGE_STRING='libzip 0.10' +PACKAGE_VERSION='0.10.1' +PACKAGE_STRING='libzip 0.10.1' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -881,8 +881,7 @@ LDFLAGS LIBS CPPFLAGS -CPP -CPPFLAGS' +CPP' # Initialize some variables set by options. @@ -1425,7 +1424,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libzip 0.10 to adapt to many kinds of systems. +\`configure' configures libzip 0.10.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1495,7 +1494,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libzip 0.10:";; + short | recursive ) echo "Configuration of libzip 0.10.1:";; esac cat <<\_ACEOF @@ -1595,7 +1594,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libzip configure 0.10 +libzip configure 0.10.1 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -2299,7 +2298,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libzip $as_me 0.10, which was +It was created by libzip $as_me 0.10.1, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -3118,7 +3117,7 @@ # Define the identity of the package. PACKAGE='libzip' - VERSION='0.10' + VERSION='0.10.1' cat >>confdefs.h <<_ACEOF @@ -5043,13 +5042,13 @@ else lt_cv_nm_interface="BSD nm" echo "int some_variable = 0;" > conftest.$ac_ext - (eval echo "\"\$as_me:5046: $ac_compile\"" >&5) + (eval echo "\"\$as_me:5045: $ac_compile\"" >&5) (eval "$ac_compile" 2>conftest.err) cat conftest.err >&5 - (eval echo "\"\$as_me:5049: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval echo "\"\$as_me:5048: $NM \\\"conftest.$ac_objext\\\"\"" >&5) (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) cat conftest.err >&5 - (eval echo "\"\$as_me:5052: output\"" >&5) + (eval echo "\"\$as_me:5051: output\"" >&5) cat conftest.out >&5 if $GREP 'External.*some_variable' conftest.out > /dev/null; then lt_cv_nm_interface="MS dumpbin" @@ -6254,7 +6253,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 6257 "configure"' > conftest.$ac_ext + echo '#line 6256 "configure"' > conftest.$ac_ext if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -7783,11 +7782,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:7786: $lt_compile\"" >&5) + (eval echo "\"\$as_me:7785: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:7790: \$? = $ac_status" >&5 + echo "$as_me:7789: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8122,11 +8121,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8125: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8124: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8129: \$? = $ac_status" >&5 + echo "$as_me:8128: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8227,11 +8226,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8230: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8229: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8234: \$? = $ac_status" >&5 + echo "$as_me:8233: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -8282,11 +8281,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8285: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8284: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8289: \$? = $ac_status" >&5 + echo "$as_me:8288: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10649,7 +10648,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 10652 "configure" +#line 10651 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -10745,7 +10744,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext <<_LT_EOF -#line 10748 "configure" +#line 10747 "configure" #include "confdefs.h" #if HAVE_DLFCN_H @@ -11903,7 +11902,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libzip $as_me 0.10, which was +This file was extended by libzip $as_me 0.10.1, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -11969,7 +11968,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libzip config.status 0.10 +libzip config.status 0.10.1 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/configure.ac new/libzip-0.10.1/configure.ac --- old/libzip-0.10/configure.ac 2011-03-18 12:37:29.000000000 +0100 +++ new/libzip-0.10.1/configure.ac 2012-03-15 10:33:24.000000000 +0100 @@ -1,5 +1,5 @@ AC_PREREQ(2.57) -AC_INIT([libzip],[0.10],[[email protected]]) +AC_INIT([libzip],[0.10.1],[[email protected]]) AC_CONFIG_SRCDIR([lib/zip_add.c]) AC_CONFIG_HEADERS([config.h]) AC_CONFIG_MACRO_DIR([m4]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/lib/zip_open.c new/libzip-0.10.1/lib/zip_open.c --- old/libzip-0.10/lib/zip_open.c 2011-03-16 12:18:44.000000000 +0100 +++ new/libzip-0.10.1/lib/zip_open.c 2012-03-15 10:31:52.000000000 +0100 @@ -200,7 +200,7 @@ cd->comment = NULL; cd->comment_len = _zip_read2(&cdp); - if (cd->offset+cd->size > buf_offset + (eocd-buf)) { + if (((zip_uint64_t)cd->offset)+cd->size > buf_offset + (eocd-buf)) { /* cdir spans past EOCD record */ _zip_error_set(error, ZIP_ER_INCONS, 0); cd->nentry = 0; @@ -257,7 +257,7 @@ left = cd->size; i=0; - do { + while (i<cd->nentry && left > 0) { if ((_zip_dirent_read(cd->entry+i, fp, bufp, &left, 0, error)) < 0) { cd->nentry = i; _zip_cdir_free(cd); @@ -274,7 +274,7 @@ return NULL; } } - } while (i<cd->nentry && left > 0); + } cd->nentry = i; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/lib/zipconf.h new/libzip-0.10.1/lib/zipconf.h --- old/libzip-0.10/lib/zipconf.h 2011-03-18 13:51:33.000000000 +0100 +++ new/libzip-0.10.1/lib/zipconf.h 2012-03-15 10:38:23.000000000 +0100 @@ -8,7 +8,7 @@ based on ../config.h. */ -#define LIBZIP_VERSION "0.10" +#define LIBZIP_VERSION "0.10.1" #define LIBZIP_VERSION_MAJOR 0 #define LIBZIP_VERSION_MINOR 10 #define LIBZIP_VERSION_MICRO 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/regress/Makefile.in new/libzip-0.10.1/regress/Makefile.in --- old/libzip-0.10/regress/Makefile.in 2011-03-18 12:38:32.000000000 +0100 +++ new/libzip-0.10.1/regress/Makefile.in 2012-03-15 10:38:41.000000000 +0100 @@ -43,7 +43,7 @@ tryopen$(EXEEXT) EXTRA_PROGRAMS = deltest$(EXEEXT) ziptest$(EXEEXT) subdir = regress -DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in TODO +DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \ $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libzip-0.10/regress/TODO new/libzip-0.10.1/regress/TODO --- old/libzip-0.10/regress/TODO 2011-03-16 17:17:36.000000000 +0100 +++ new/libzip-0.10.1/regress/TODO 1970-01-01 01:00:00.000000000 +0100 @@ -1,4 +0,0 @@ - /* ZIP_ER_OPEN */ - /* ZIP_ER_READ */ - /* ZIP_ER_SEEK */ - /* ZIP_ER_INCONS */ ++++++ libzip-ocloexec.patch ++++++ --- /var/tmp/diff_new_pack.Q0N11j/_old 2012-03-22 12:36:17.000000000 +0100 +++ /var/tmp/diff_new_pack.Q0N11j/_new 2012-03-22 12:36:17.000000000 +0100 @@ -1,3 +1,5 @@ +Index: lib/zip_close.c +=================================================================== --- lib/zip_close.c.orig +++ lib/zip_close.c @@ -44,9 +44,9 @@ @@ -29,6 +31,8 @@ _zip_error_set(&za->error, ZIP_ER_TMPOPEN, errno); free(temp); return NULL; +Index: lib/zip_open.c +=================================================================== --- lib/zip_open.c.orig +++ lib/zip_open.c @@ -71,7 +71,7 @@ zip_open(const char *fn, int flags, int @@ -40,6 +44,8 @@ set_error(zep, NULL, ZIP_ER_OPEN); return NULL; } +Index: lib/zip_source_filep.c +=================================================================== --- lib/zip_source_filep.c.orig +++ lib/zip_source_filep.c @@ -133,7 +133,7 @@ read_file(void *state, void *data, zip_u @@ -51,12 +57,14 @@ z->e[0] = ZIP_ER_OPEN; z->e[1] = errno; return -1; +Index: configure.ac +=================================================================== --- configure.ac.orig +++ configure.ac @@ -1,4 +1,4 @@ -AC_PREREQ(2.57) +AC_PREREQ([2.68]) - AC_INIT([libzip],[0.10],[[email protected]]) + AC_INIT([libzip],[0.10.1],[[email protected]]) AC_CONFIG_SRCDIR([lib/zip_add.c]) AC_CONFIG_HEADERS([config.h]) @@ -7,7 +7,9 @@ AM_INIT_AUTOMAKE @@ -79,6 +87,8 @@ AC_CHECK_FUNCS([_open _snprintf _strcmpi _strdup _stricmp fseeko ftello getopt open snprintf strcasecmp strdup]) AC_CHECK_FUNCS([mkstemp], [], [AC_LIBOBJ(mkstemp)]) +Index: lib/Makefile.am +=================================================================== --- lib/Makefile.am.orig +++ lib/Makefile.am @@ -1,5 +1,5 @@ @@ -88,6 +98,8 @@ lib_LTLIBRARIES = libzip.la noinst_HEADERS = zipint.h include_HEADERS = zip.h +Index: regress/Makefile.am +=================================================================== --- regress/Makefile.am.orig +++ regress/Makefile.am @@ -45,7 +45,6 @@ TESTS= \ @@ -105,6 +117,8 @@ -AM_CPPFLAGS=-I${top_srcdir}/lib +AM_CPPFLAGS=-I${top_srcdir}/lib -include ${top_srcdir}/config.h LDADD=${top_builddir}/lib/libzip.la +Index: lib/zipint.h +=================================================================== --- lib/zipint.h.orig +++ lib/zipint.h @@ -43,7 +43,6 @@ @@ -115,6 +129,8 @@ #ifndef HAVE_FSEEKO #define fseeko(s, o, w) (fseek((s), (long int)(o), (w))) +Index: src/Makefile.am +=================================================================== --- src/Makefile.am.orig +++ src/Makefile.am @@ -1,3 +1,4 @@ @@ -122,6 +138,8 @@ bin_PROGRAMS=zipcmp zipmerge ziptorrent zipcmp_CPPFLAGS=-I${top_srcdir}/lib +Index: regress/tryopen.c +=================================================================== --- regress/tryopen.c.orig +++ regress/tryopen.c @@ -39,6 +39,7 @@ @@ -132,6 +150,8 @@ #include "zip.h" +Index: regress/fread.c +=================================================================== --- regress/fread.c.orig +++ regress/fread.c @@ -95,7 +95,7 @@ main(int argc, char *argv[]) -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
