Hello community, here is the log from the commit of package libplist for openSUSE:Factory checked in at 2017-01-27 10:46:34 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libplist (Old) and /work/SRC/openSUSE:Factory/.libplist.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libplist" Changes: -------- --- /work/SRC/openSUSE:Factory/libplist/libplist.changes 2014-11-05 16:26:38.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libplist.new/libplist.changes 2017-02-03 17:48:14.867171040 +0100 @@ -1,0 +2,39 @@ +Wed Jan 25 15:39:22 UTC 2017 - [email protected] + +- update version 1.12+git20170119.6a44dfb + * xplist: Fix limiited but possible XXE security vulnerability + with XML + * plistutil: use static buffer for stat() + * plistutil: Plug some memory leaks + * bplist: Fix possible crash in plist_from_bin() caused by access + to already freed memory + * bplist: Plug memory leaks caused by unused and unfreed buffer + * bplist: Refactor binary plist parsing in a recursive way + * xplist: Get rid of setlocale() and use custom function to print + floating point values + * Node.cpp: let plist_t operations free _node when in a container + * cython: Fix module build with libplist already installed + * bplist: Speed up plist_to_bin conversion for large plists + * Implemented plist_is_binary() and plist_from_memory() + * plist_data_compare: Make sure to compare the node sizes for integer + nodes + * xplist: Plug memory leak when converting PLIST_UID nodes to XML + * Change internal storage of PLIST_DATE values from struct timeval + to double + * Use time64 implementation by Michael G Schwern to extend allowed + date/time range + * remove libxml2 in favor of custom XML parsing + * base64: Rework base64decode to handle split encoded data correctly + * plistutil: Prevent OOB heap buffer read by checking input size + * plistutil: Use plist_is_binary() to check for binary plist data + * bplist: Improve UINT_TO_HOST macro, remove uint24_from_be function + * bplist: Check for invalid offset_size in bplist trailer + * bplist: Use proper struct for binary plist trailer + * bplist: Check for invalid ref_size in bplist trailer +- fixed CVE-2017-5209, boo#1019531 + * The base64decode function in base64.c allows attackers to + obtaiin sensitive info from process memory or cause a denial + of service (buffer over-read) via split encoded Apple Property + List data. + +------------------------------------------------------------------- Old: ---- libplist-1.12.tar.bz2 New: ---- libplist-1.12+git20170119.6a44dfb.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libplist.spec ++++++ --- /var/tmp/diff_new_pack.nbetxc/_old 2017-02-03 17:48:15.647061094 +0100 +++ /var/tmp/diff_new_pack.nbetxc/_new 2017-02-03 17:48:15.647061094 +0100 @@ -1,7 +1,7 @@ # # spec file for package libplist # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,17 +17,18 @@ Name: libplist -Version: 1.12 +Version: 1.12+git20170119.6a44dfb Release: 0 Summary: Library for handling Apple Binary and XML Property Lists License: GPL-2.0 and LGPL-2.1+ Group: System/Libraries -Url: http://cgit.sukimashita.com/libplist.git -Source: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2 +Url: https://cgit.libimobiledevice.org/libplist.git +#Source: http://www.libimobiledevice.org/downloads/%{name}-%{version}.tar.bz2 +Source: %{name}-%{version}.tar.xz Source99: baselibs.conf BuildRequires: gcc-c++ -BuildRequires: libxml2-devel >= 2.7.8 -BuildRequires: pkg-config +BuildRequires: libtool +BuildRequires: pkgconfig BuildRequires: python-cython BuildRequires: python-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -100,6 +101,7 @@ %prep %setup -q +NO_CONFIGURE=1 ./autogen.sh %build %configure --disable-static @@ -109,7 +111,7 @@ TZ=Europe/Vienna make check VERBOSE=1 %install -make DESTDIR=%{buildroot} install %{?_smp_mflags} +make %{?_smp_mflags} DESTDIR=%{buildroot} install find %{buildroot} -type f -name "*.la" -delete -print rm -rf %{buildroot}%{python_sitearch}/*.la @@ -123,11 +125,8 @@ %endif %post -n libplist3 -p /sbin/ldconfig - %postun -n libplist3 -p /sbin/ldconfig - %post -n libplist++3 -p /sbin/ldconfig - %postun -n libplist++3 -p /sbin/ldconfig %files -n libplist3
