commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2020-05-02 22:15:47 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.2738 (New) Package is "zziplib" Sat May 2 22:15:47 2020 rev:38 rq:799298 version:0.13.71 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2020-04-25 20:07:02.731389539 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new.2738/zziplib.changes 2020-05-02 22:16:03.396375056 +0200 @@ -1,0 +2,7 @@ +Tue Apr 28 06:21:51 UTC 2020 - Paolo Stivanin + +- Update to 0.13.71: + * testbuilds fixes + * fixes to bring base, sdl, manpages and site docs to same level + +--- Old: zziplib-0.13.70.tar.gz New: zziplib-0.13.71.tar.gz Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.wC9yEi/_old 2020-05-02 22:16:03.900376112 +0200 +++ /var/tmp/diff_new_pack.wC9yEi/_new 2020-05-02 22:16:03.904376120 +0200 @@ -18,7 +18,7 @@ %define lname libzzip-0-13 Name: zziplib -Version:0.13.70 +Version:0.13.71 Release:0 Summary:ZIP Compression Library License:LGPL-2.1-or-later ++ zziplib-0.13.70.tar.gz -> zziplib-0.13.71.tar.gz ++ 7417 lines of diff (skipped)
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2020-04-25 20:06:49
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new.2738 (New)
Package is "zziplib"
Sat Apr 25 20:06:49 2020 rev:37 rq:795502 version:0.13.70
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2020-03-11
18:32:17.450896624 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new.2738/zziplib.changes
2020-04-25 20:07:02.731389539 +0200
@@ -1,0 +2,21 @@
+Tue Apr 14 08:28:53 UTC 2020 - Josef Möllers
+
+- Update to 1.13.70:
+ * there have been tons of bugfixes over the last two years ...
+ * Thanks go to Patrick Steinhardt (then at Aservo) for python3 updates
+ * Thanks go to Josef Moellers (working at SUSE Labs) for many CVE fixes
+ * and of course all the other patches that came in via github issues.
+ * I have cleaned up sources to only uses Python3 (as needed by 2020).
+ * !!! The old automake/autconf/libtool system will be dumped soon!!!
+ * The build system was ported to 'cmake' .. (last tested cmake 3.10.2)
+ Obsoletes patches
+ - CVE-2018-7726.patch
+ - CVE-2018-7725.patch
+ - CVE-2018-16548.patch
+ - CVE-2018-17828.patch
+ - bsc1129403-prevent-division-by-zero.patch
+ [zziplib-0.13.70.tar.gz, CVE-2018-7726.patch, CVE-2018-7725.patch,
+ CVE-2018-16548.patch, CVE-2018-17828.patch,
+ bsc1129403-prevent-division-by-zero.patch]
+
+---
Old:
CVE-2018-16548.patch
CVE-2018-17828.patch
CVE-2018-7725.patch
CVE-2018-7726.patch
bsc1129403-prevent-division-by-zero.patch
zziplib-0.13.69.tar.gz
New:
zziplib-0.13.70.tar.gz
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.jgMybu/_old 2020-04-25 20:07:03.423390966 +0200
+++ /var/tmp/diff_new_pack.jgMybu/_new 2020-04-25 20:07:03.423390966 +0200
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,22 +18,17 @@
%define lname libzzip-0-13
Name: zziplib
-Version:0.13.69
+Version:0.13.70
Release:0
Summary:ZIP Compression Library
License:LGPL-2.1-or-later
Group: Development/Libraries/C and C++
-Url:http://zziplib.sourceforge.net
+URL:http://zziplib.sourceforge.net
Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source2:baselibs.conf
Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
-Patch3: CVE-2018-7726.patch
-Patch4: CVE-2018-7725.patch
-Patch5: CVE-2018-16548.patch
-Patch6: CVE-2018-17828.patch
-Patch7: bsc1129403-prevent-division-by-zero.patch
Patch8: bsc1154002-prevent-unnecessary-perror.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -71,11 +66,6 @@
%patch0
%patch1
%patch2
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
%patch8 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
++ zziplib-0.13.69.tar.gz -> zziplib-0.13.70.tar.gz ++
6172 lines of diff (skipped)
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2020-03-11 18:32:13
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new.3160 (New)
Package is "zziplib"
Wed Mar 11 18:32:13 2020 rev:36 rq:782086 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-12-16
17:26:30.155956935 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new.3160/zziplib.changes
2020-03-11 18:32:17.450896624 +0100
@@ -1,0 +2,7 @@
+Mon Feb 24 15:08:13 UTC 2020 - Josef Möllers
+
+- Corrected control flow in zzip_mem_entry_make() to
+ gain correct exit status.
+ [bsc#1154002, bsc1154002-prevent-unnecessary-perror.patch]
+
+---
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.4wKIvC/_old 2020-03-11 18:32:18.654897363 +0100
+++ /var/tmp/diff_new_pack.4wKIvC/_new 2020-03-11 18:32:18.654897363 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
++ bsc1154002-prevent-unnecessary-perror.patch ++
--- /var/tmp/diff_new_pack.4wKIvC/_old 2020-03-11 18:32:18.682897380 +0100
+++ /var/tmp/diff_new_pack.4wKIvC/_new 2020-03-11 18:32:18.686897383 +0100
@@ -2,12 +2,12 @@
===
--- zziplib-0.13.69.orig/bins/unzip-mem.c
+++ zziplib-0.13.69/bins/unzip-mem.c
-@@ -93,7 +93,7 @@ static void zzip_mem_entry_make(ZZIP_MEM
+@@ -92,7 +92,7 @@ static void zzip_mem_entry_make(ZZIP_MEM
+ ZZIP_MEM_ENTRY* entry)
{
FILE* file = fopen (entry->zz_name, "wb");
- if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
--perror (entry->zz_name);
-+else perror (entry->zz_name);
+-if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
++if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file);
return; }
+ perror (entry->zz_name);
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
}
-
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2019-12-16 17:26:27
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new.4691 (New)
Package is "zziplib"
Mon Dec 16 17:26:27 2019 rev:35 rq:756875 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-10-30
14:42:21.449833842 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new.4691/zziplib.changes
2019-12-16 17:26:30.155956935 +0100
@@ -1,0 +2,9 @@
+Fri Dec 13 12:28:30 UTC 2019 - Josef Möllers
+
+- Make an unconditional error message conditional by checking
+ the return value of a function call.
+ Also removed an unwanted debug output.
+ [bsc#154002, bsc1154002-prevent-unnecessary-perror.patch,
+ CVE-2018-7725.patch]
+
+---
New:
bsc1154002-prevent-unnecessary-perror.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.solnFj/_old 2019-12-16 17:26:30.959956613 +0100
+++ /var/tmp/diff_new_pack.solnFj/_new 2019-12-16 17:26:30.963956611 +0100
@@ -34,6 +34,7 @@
Patch5: CVE-2018-16548.patch
Patch6: CVE-2018-17828.patch
Patch7: bsc1129403-prevent-division-by-zero.patch
+Patch8: bsc1154002-prevent-unnecessary-perror.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -75,6 +76,7 @@
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
++ CVE-2018-7725.patch ++
--- /var/tmp/diff_new_pack.solnFj/_old 2019-12-16 17:26:30.987956601 +0100
+++ /var/tmp/diff_new_pack.solnFj/_new 2019-12-16 17:26:30.987956601 +0100
@@ -17,6 +17,14 @@
* If the file is uncompressed, zz_csize and zz_usize should be the same
* If they are not, we cannot guarantee that either is correct, so ...
*/
+@@ -521,7 +529,6 @@ zzip_mem_entry_fopen(ZZIP_MEM_DISK * dir
+ file->zlib.avail_in = zzip_mem_entry_csize(entry);
+ file->zlib.next_in = zzip_mem_entry_to_data(entry);
+
+-debug2("compressed size %i", (int) file->zlib.avail_in);
+ if (file->zlib.next_in + file->zlib.avail_in >= file->endbuf)
+ goto error;
+ if (file->zlib.next_in < file->buffer)
Index: zziplib-0.13.69/zzip/zip.c
===
--- zziplib-0.13.69.orig/zzip/zip.c
++ bsc1154002-prevent-unnecessary-perror.patch ++
Index: zziplib-0.13.69/bins/unzip-mem.c
===
--- zziplib-0.13.69.orig/bins/unzip-mem.c
+++ zziplib-0.13.69/bins/unzip-mem.c
@@ -93,7 +93,7 @@ static void zzip_mem_entry_make(ZZIP_MEM
{
FILE* file = fopen (entry->zz_name, "wb");
if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); }
-perror (entry->zz_name);
+else perror (entry->zz_name);
if (status < EXIT_WARNINGS) status = EXIT_WARNINGS;
}
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2019-10-30 14:42:20
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new.2990 (New)
Package is "zziplib"
Wed Oct 30 14:42:20 2019 rev:34 rq:743449 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-06-18
14:53:21.037519304 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new.2990/zziplib.changes
2019-10-30 14:42:21.449833842 +0100
@@ -1,0 +2,6 @@
+Thu Oct 17 09:30:20 UTC 2019 - Josef Möllers
+
+- Fixed another instance where division by 0 may occur.
+ [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]
+
+---
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.ULm8qO/_old 2019-10-30 14:42:22.229834672 +0100
+++ /var/tmp/diff_new_pack.ULm8qO/_new 2019-10-30 14:42:22.233834677 +0100
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -21,7 +21,7 @@
Version:0.13.69
Release:0
Summary:ZIP Compression Library
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Url:http://zziplib.sourceforge.net
Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
++ bsc1129403-prevent-division-by-zero.patch ++
--- /var/tmp/diff_new_pack.ULm8qO/_old 2019-10-30 14:42:22.277834723 +0100
+++ /var/tmp/diff_new_pack.ULm8qO/_new 2019-10-30 14:42:22.277834723 +0100
@@ -2,7 +2,27 @@
===
--- zziplib-0.13.69.orig/bins/unzip-mem.c
+++ zziplib-0.13.69/bins/unzip-mem.c
-@@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP
+@@ -186,6 +186,7 @@ static void zzip_mem_entry_direntry_star
+ static void zzip_mem_entry_direntry_done (void)
+ {
+ char exp = ' ';
++long percentage;
+ if (sum_usize / 1024 > 1024*1024*1024) { exp = 'G';
+ sum_usize /= 1024*1024*1024; sum_usize /= 1024*1024*1024; }
+ if (sum_usize > 1024*1024*1024) { exp = 'M';
+@@ -199,9 +200,10 @@ static void zzip_mem_entry_direntry_done
+ return;
+ verbose:
+ printf(" -- --- -
\n");
++percentage = sum_usize ? (L (100 - (sum_csize*100/sum_usize))) : 0; /* 0%
if file size is 0 */
+ printf("%8li%c %8li%c %3li%% %8li %s\n",
+ L sum_usize, exp, L sum_csize, exp,
+- L (100 - (sum_csize*100/sum_usize)), L sum_files,
++ percentage, L sum_files,
+ sum_files == 1 ? "file" : "files");
+ }
+
+@@ -231,9 +233,12 @@ static void zzip_mem_entry_direntry(ZZIP
if (*name == '\n') name++;
if (option_verbose) {
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2019-06-18 14:53:18
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new.4811 (New)
Package is "zziplib"
Tue Jun 18 14:53:18 2019 rev:33 rq:709891 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-10-11
11:42:53.342982522 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new.4811/zziplib.changes
2019-06-18 14:53:21.037519304 +0200
@@ -1,0 +2,8 @@
+Thu Jun 13 06:39:36 UTC 2019 - josef.moell...@suse.com
+
+- Prevent division by zero by first checking if uncompressed size
+ is 0. This may happen with directories which have a compressed
+ and uncompressed size of 0.
+ [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]
+
+---
New:
bsc1129403-prevent-division-by-zero.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.qaYbKV/_old 2019-06-18 14:53:21.681518822 +0200
+++ /var/tmp/diff_new_pack.qaYbKV/_new 2019-06-18 14:53:21.685518819 +0200
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -33,6 +33,7 @@
Patch4: CVE-2018-7725.patch
Patch5: CVE-2018-16548.patch
Patch6: CVE-2018-17828.patch
+Patch7: bsc1129403-prevent-division-by-zero.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -73,6 +74,7 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
++ bsc1129403-prevent-division-by-zero.patch ++
Index: zziplib-0.13.69/bins/unzip-mem.c
===
--- zziplib-0.13.69.orig/bins/unzip-mem.c
+++ zziplib-0.13.69/bins/unzip-mem.c
@@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP
if (*name == '\n') name++;
if (option_verbose) {
+ long percentage;
+
+ percentage = usize ? (L (100 - (csize*100/usize))) : 0; /* 0% if file
size is 0 */
printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n",
L usize, exp, comprlevel[compr], L csize, exp,
- L (100 - (csize*100/usize)),
+ percentage,
_zzip_ctime(), crc32, name, comment);
} else {
printf(" %8li%c %s %s %s\n",
Index: zziplib-0.13.69/test/zziptests.py
===
--- zziplib-0.13.69.orig/test/zziptests.py
+++ zziplib-0.13.69/test/zziptests.py
@@ -3429,6 +3429,26 @@ class ZZipTest(unittest.TestCase):
txt = open(txtfile).read()
self.assertEqual(txt.split("\n"), run.output.split("\n"))
+ def test_65485_list_verbose_compressed_with_directory(self):
+""" verbously list a zipfile containing directories """
+tmpdir = self.testdir()
+workdir = tmpdir + "/d"
+zipname = "ZIPfile"
+os.makedirs(workdir)
+f= open(tmpdir + "/d/file","w+")
+for i in range(10):
+ f.write("This is line %d\r\n" % (i+1))
+f.close()
+# create the ZIPfile
+exe=self.bins("zzip")
+run = shell("chdir {tmpdir} && ../{exe} -9 {zipname}.zip
d".format(**locals()))
+self.assertFalse(run.returncode)
+# list the ZIPfile
+exe=self.bins("unzip-mem");
+run = shell("chdir {tmpdir} && ../{exe} -v
{zipname}.zip".format(**locals()))
+self.assertFalse(run.returncode)
+self.rm_testdir()
+
def test_99000_make_test1w_zip(self):
""" create a test1w.zip using zzip/write functions. """
exe=self.bins("zzip")
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-10-11 11:42:49
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Thu Oct 11 11:42:49 2018 rev:32 rq:639943 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-09-20
11:39:36.932921486 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-10-11
11:42:53.342982522 +0200
@@ -1,0 +2,6 @@
+Thu Oct 4 08:14:00 UTC 2018 - josef.moell...@suse.com
+
+- Remove any "../" components from pathnames of extracted files.
+ [bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch]
+
+---
New:
CVE-2018-17828.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.KQQvMN/_old 2018-10-11 11:42:54.206981422 +0200
+++ /var/tmp/diff_new_pack.KQQvMN/_new 2018-10-11 11:42:54.206981422 +0200
@@ -21,7 +21,7 @@
Version:0.13.69
Release:0
Summary:ZIP Compression Library
-License:LGPL-2.1-or-later
+License:LGPL-2.1+
Group: Development/Libraries/C and C++
Url:http://zziplib.sourceforge.net
Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
@@ -32,6 +32,7 @@
Patch3: CVE-2018-7726.patch
Patch4: CVE-2018-7725.patch
Patch5: CVE-2018-16548.patch
+Patch6: CVE-2018-17828.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -71,6 +72,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
++ CVE-2018-17828.patch ++
Index: zziplib-0.13.69/bins/unzzipcat-mem.c
===
--- zziplib-0.13.69.orig/bins/unzzipcat-mem.c
+++ zziplib-0.13.69/bins/unzzipcat-mem.c
@@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZI
}
}
+/*
+ * NAME: remove_dotdotslash
+ * PURPOSE: To remove any "../" components from the given pathname
+ * ARGUMENTS: path: path name with maybe "../" components
+ * RETURNS: Nothing, "path" is modified in-place
+ * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to
it!
+ * Also, "path" is not used after creating it.
+ * So modifying "path" in-place is safe to do.
+ */
+static inline void
+remove_dotdotslash(char *path)
+{
+/* Note: removing "../" from the path ALWAYS shortens the path, never adds
to it! */
+char *dotdotslash;
+int warned = 0;
+
+dotdotslash = path;
+while ((dotdotslash = strstr(dotdotslash, "../")) != NULL)
+{
+/*
+ * Remove only if at the beginning of the pathname ("../path/name")
+ * or when preceded by a slash ("path/../name"),
+ * otherwise not ("path../name..")!
+ */
+if (dotdotslash == path || dotdotslash[-1] == '/')
+{
+char *src, *dst;
+if (!warned)
+{
+/* Note: the first time through the pathname is still intact */
+fprintf(stderr, "Removing \"../\" path component(s) in %s\n",
path);
+warned = 1;
+}
+/* We cannot use strcpy(), as there "The strings may not overlap"
*/
+for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0';
src++, dst++)
+;
+}
+else
+dotdotslash +=3; /* skip this instance to prevent infinite loop
*/
+}
+}
+
static void makedirs(const char* name)
{
char* p = strrchr(name, '/');
@@ -75,6 +117,16 @@ static void makedirs(const char* name)
static FILE* create_fopen(char* name, char* mode, int subdirs)
{
+ char *name_stripped;
+ FILE *fp;
+ int mustfree = 0;
+
+ if ((name_stripped = strdup(name)) != NULL)
+ {
+ remove_dotdotslash(name_stripped);
+ name = name_stripped;
+ mustfree = 1;
+ }
if (subdirs)
{
char* p = strrchr(name, '/');
@@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, ch
free (dir_name);
}
}
- return fopen(name, mode);
+ fp = fopen(name, mode);
+ if (mustfree)
+ free(name_stripped);
+return fp;
}
static int unzzip_cat (int argc, char ** argv, int extract)
Index: zziplib-0.13.69/bins/unzzipcat-big.c
===
--- zziplib-0.13.69.orig/bins/unzzipcat-big.c
+++ zziplib-0.13.69/bins/unzzipcat-big.c
@@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk,
}
}
+/*
+ * NAME:
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-09-20 11:39:26
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Thu Sep 20 11:39:26 2018 rev:31 rq:634660 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-03-26
12:01:11.518866901 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-09-20
11:39:36.932921486 +0200
@@ -1,0 +2,7 @@
+Fri Sep 7 11:51:45 UTC 2018 - josef.moell...@suse.com
+
+- Avoid memory leak from __zzip_parse_root_directory().
+ Free allocated structure if its address is not passed back.
+ [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]
+
+---
New:
CVE-2018-16548.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.xkR3pA/_old 2018-09-20 11:39:38.620920494 +0200
+++ /var/tmp/diff_new_pack.xkR3pA/_new 2018-09-20 11:39:38.620920494 +0200
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,9 +21,8 @@
Version:0.13.69
Release:0
Summary:ZIP Compression Library
-License:LGPL-2.1+
+License:LGPL-2.1-or-later
Group: Development/Libraries/C and C++
-# License:LGPL-2.1-or-later
Url:http://zziplib.sourceforge.net
Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source2:baselibs.conf
@@ -32,6 +31,7 @@
Patch2: zziplib-largefile.patch
Patch3: CVE-2018-7726.patch
Patch4: CVE-2018-7725.patch
+Patch5: CVE-2018-16548.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -70,6 +70,7 @@
%patch2
%patch3 -p1
%patch4 -p1
+%patch5 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
++ CVE-2018-16548.patch ++
Index: zziplib-0.13.69/zzip/zip.c
===
--- zziplib-0.13.69.orig/zzip/zip.c
+++ zziplib-0.13.69/zzip/zip.c
@@ -477,9 +477,15 @@ __zzip_parse_root_directory(int fd,
} else
{
if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0)
+ {
+ free(hdr0);
return ZZIP_DIR_SEEK;
+ }
if (io->fd.read(fd, , sizeof(dirent)) < __sizeof(dirent))
+ {
+ free(hdr0);
return ZZIP_DIR_READ;
+ }
d =
}
@@ -579,11 +585,18 @@ __zzip_parse_root_directory(int fd,
if (hdr_return)
*hdr_return = hdr0;
+ else
+ {
+ /* If it is not assigned to *hdr_return, it will never be free()'d
*/
+ free(hdr0);
+ }
} /* else zero (sane) entries */
+else
+free(hdr0);
# ifndef ZZIP_ALLOW_MODULO_ENTRIES
-return (entries != zz_entries ? ZZIP_CORRUPTED : 0);
+return (entries != zz_entries) ? ZZIP_CORRUPTED : 0;
# else
-return ((entries & (unsigned)0x) != zz_entries ? ZZIP_CORRUPTED : 0);
+return ((entries & (unsigned)0x) != zz_entries) ? ZZIP_CORRUPTED : 0;
# endif
}
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-03-26 12:00:51
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Mon Mar 26 12:00:51 2018 rev:30 rq:588696 version:0.13.69
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-24
16:37:31.157466434 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-03-26
12:01:11.518866901 +0200
@@ -1,0 +2,28 @@
+Mon Mar 19 13:57:10 UTC 2018 - josef.moell...@suse.com
+
+- Check if data from End of central directory record makes sense.
+ Especially the Offset of start of central directory must not
+ a) be negative or
+ b) point behind the end-of-file.
+- Check if compressed size in Central directory file header
+ makes sense, i.e. the file's data does not extend beyond the
+ end of the file.
+ [bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch,
+ bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch]
+
+---
+Sat Mar 17 18:53:19 UTC 2018 - avin...@opensuse.org
+
+- Update to 0.13.69:
+ * fix a number of CVEs reported with special *.zip PoC files
+ * completing some doc strings while checking the new man-pages to
+look good
+ * update refs to point to github instead of sf.net
+ * man-pages are generated with new dbk2man.py - docbook xmlto is
+optional now
+ * a zip-program is still required for testing, but some errors
+are gone when not present
+- run spec-cleaner
+- don't ship Windows only file, README.MSVC6
+
+---
Old:
zziplib-0.13.68.tar.gz
New:
CVE-2018-7725.patch
CVE-2018-7726.patch
zziplib-0.13.69.tar.gz
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.DPHu4M/_old 2018-03-26 12:01:13.610791430 +0200
+++ /var/tmp/diff_new_pack.DPHu4M/_new 2018-03-26 12:01:13.618791141 +0200
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,17 +18,20 @@
%define lname libzzip-0-13
Name: zziplib
-Version:0.13.68
+Version:0.13.69
Release:0
Summary:ZIP Compression Library
License:LGPL-2.1+
Group: Development/Libraries/C and C++
+# License:LGPL-2.1-or-later
Url:http://zziplib.sourceforge.net
Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source2:baselibs.conf
Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
+Patch3: CVE-2018-7726.patch
+Patch4: CVE-2018-7725.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@@ -65,6 +68,8 @@
%patch0
%patch1
%patch2
+%patch3 -p1
+%patch4 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
@@ -85,11 +90,11 @@
%postun -n %{lname} -p /sbin/ldconfig
%files -n %{lname}
-%doc COPYING.LIB
+%license COPYING.LIB
%{_libdir}/libzzip*.so.*
%files devel
-%doc docs/README* ChangeLog README TODO
+%doc docs/README.SDL ChangeLog README TODO
%{_bindir}/unzzip*
%{_bindir}/zz*
%{_bindir}/unzip-mem
++ CVE-2018-7725.patch ++
Index: zziplib-0.13.69/zzip/memdisk.c
===
--- zziplib-0.13.69.orig/zzip/memdisk.c
+++ zziplib-0.13.69/zzip/memdisk.c
@@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
item->zz_filetype = zzip_disk_entry_get_filetype(entry);
/*
+ * If zz_data+zz_csize exceeds the size of the file, bail out
+ */
+if ((item->zz_data + item->zz_csize) < disk->buffer ||
+(item->zz_data + item->zz_csize) >= disk->endbuf)
+{
+goto error;
+}
+/*
* If the file is uncompressed, zz_csize and zz_usize should be the same
* If they are not, we cannot guarantee that either is correct, so ...
*/
Index: zziplib-0.13.69/zzip/zip.c
===
--- zziplib-0.13.69.orig/zzip/zip.c
+++ zziplib-0.13.69/zzip/zip.c
@@ -408,7 +408,7 @@ __zzip_parse_root_directory(int fd,
struct _disk_trailer *trailer,
struct zzip_dir_hdr **hdr_return,
zzip_plugin_io_t io,
-
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-02-24 16:37:28
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Sat Feb 24 16:37:28 2018 rev:29 rq:579215 version:0.13.68
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-21
14:07:50.558030161 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-24
16:37:31.157466434 +0100
@@ -1,0 +2,12 @@
+Mon Feb 19 12:55:26 UTC 2018 - adam.ma...@suse.de
+
+- Drop BR: fdupes since it does nothing.
+
+---
+Mon Feb 19 11:30:47 UTC 2018 - jeng...@inai.de
+
+- Fix RPM groups. Remove ineffective --with-pic.
+ Trim redundancies from description.
+ Do not let fdupes run across partitions.
+
+---
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.O4KJMh/_old 2018-02-24 16:37:32.285425838 +0100
+++ /var/tmp/diff_new_pack.O4KJMh/_new 2018-02-24 16:37:32.289425694 +0100
@@ -20,9 +20,9 @@
Name: zziplib
Version:0.13.68
Release:0
-Summary:Free Zip Compression Library with an Easy-to-Use API
+Summary:ZIP Compression Library
License:LGPL-2.1+
-Group: System/Libraries
+Group: Development/Libraries/C and C++
Url:http://zziplib.sourceforge.net
Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source2:baselibs.conf
@@ -31,28 +31,27 @@
Patch2: zziplib-largefile.patch
BuildRequires: autoconf
BuildRequires: automake
-BuildRequires: fdupes
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: xmlto
BuildRequires: pkgconfig(zlib)
%description
-ZZipLib is a library for dealing with zip and zip-like archives by
-using free algorithms of zlib.
+ZZipLib is a library for dealing with ZIP and ZIP-like archives by
+using algorithms of zlib.
%package -n %{lname}
-Summary:Free zip compression library with easy to use API
+Summary:ZIP compression library
Group: System/Libraries
Obsoletes: zziplib < %{version}-%{release}
Provides: zziplib = %{version}-%{release}
%description -n %{lname}
-ZZipLib is a library for dealing with zip and zip-like archives by
-using free algorithms of zlib.
+ZZipLib is a library for dealing with ZIP and ZIP-like archives by
+using algorithms of zlib.
%package devel
-Summary:Free zip compression library with easy to use API
+Summary:Development files for zziplib, a ZIP compression library
Group: Development/Libraries/C and C++
Requires: %{lname} = %{version}
Requires: pkgconfig(zlib)
@@ -74,15 +73,13 @@
%configure \
--with-largefile \
--enable-frame-pointer \
- --disable-static \
- --with-pic
+ --disable-static
make %{?_smp_mflags}
%install
%make_install
rm -f docs/Make* docs/zziplib-manpages.ar
find %{buildroot} -type f -name "*.la" -delete -print
-%fdupes %{buildroot}
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-02-21 14:07:47
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Wed Feb 21 14:07:47 2018 rev:28 rq:577974 version:0.13.68
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-16
21:40:49.431415249 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-21
14:07:50.558030161 +0100
@@ -1,0 +2,15 @@
+Sun Feb 18 03:25:53 UTC 2018 - avin...@opensuse.org
+
+- Update to 0.13.68:
+ * fix a number of CVEs reported with special *.zip files
+ * minor doc updates referencing GitHub instead of sf.net
+- drop CVE-2018-6381.patch
+ * merged in a803559fa9194be895422ba3684cf6309b6bb598
+- drop CVE-2018-6484.patch
+ * merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3
+- drop CVE-2018-6540.patch
+ * merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7
+- drop CVE-2018-6542.patch
+ * merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110
+
+---
Old:
CVE-2018-6381.patch
CVE-2018-6484.patch
CVE-2018-6540.patch
CVE-2018-6542.patch
v0.13.67.tar.gz
New:
zziplib-0.13.68.tar.gz
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.MAVhh8/_old 2018-02-21 14:07:51.673989974 +0100
+++ /var/tmp/diff_new_pack.MAVhh8/_new 2018-02-21 14:07:51.673989974 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,21 +18,17 @@
%define lname libzzip-0-13
Name: zziplib
-Version:0.13.67
+Version:0.13.68
Release:0
Summary:Free Zip Compression Library with an Easy-to-Use API
License:LGPL-2.1+
Group: System/Libraries
Url:http://zziplib.sourceforge.net
-Source0:https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
+Source0:
https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source2:baselibs.conf
Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
-Patch3: CVE-2018-6381.patch
-Patch4: CVE-2018-6484.patch
-Patch5: CVE-2018-6540.patch
-Patch6: CVE-2018-6542.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -70,10 +66,6 @@
%patch0
%patch1
%patch2
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-02-16 21:40:46
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Fri Feb 16 21:40:46 2018 rev:27 rq:577013 version:0.13.67
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-09
15:45:22.196079635 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-16
21:40:49.431415249 +0100
@@ -1,0 +2,13 @@
+Wed Feb 14 13:36:43 UTC 2018 - josef.moell...@suse.com
+
+- Changed %license to %doc in SPEC file.
+
+---
+Mon Feb 12 16:14:31 UTC 2018 - josef.moell...@suse.com
+
+- If the size of the central directory is too big, reject
+ the file.
+ Then, if loading the ZIP file fails, display an error message.
+ [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]
+
+---
New:
CVE-2018-6542.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.BTuyQg/_old 2018-02-16 21:40:50.451378465 +0100
+++ /var/tmp/diff_new_pack.BTuyQg/_new 2018-02-16 21:40:50.455378321 +0100
@@ -32,6 +32,7 @@
Patch3: CVE-2018-6381.patch
Patch4: CVE-2018-6484.patch
Patch5: CVE-2018-6540.patch
+Patch6: CVE-2018-6542.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -72,6 +73,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
@@ -94,7 +96,7 @@
%postun -n %{lname} -p /sbin/ldconfig
%files -n %{lname}
-%license COPYING.LIB
+%doc COPYING.LIB
%{_libdir}/libzzip*.so.*
%files devel
++ CVE-2018-6542.patch ++
Index: zziplib-0.13.67/zzip/mmapped.c
===
--- zziplib-0.13.67.orig/zzip/mmapped.c
+++ zziplib-0.13.67/zzip/mmapped.c
@@ -413,16 +413,19 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
for (; p >= disk->buffer; p--)
{
zzip_byte_t *root; /* (struct zzip_disk_entry*) */
+ zzip_size_t rootsize; /* Size of root central directory */
+
if (zzip_disk_trailer_check_magic(p))
{
struct zzip_disk_trailer *trailer = (struct zzip_disk_trailer *) p;
zzip_size_t rootseek = zzip_disk_trailer_get_rootseek(trailer);
+ rootsize = zzip_disk_trailer_get_rootsize(trailer);
+
root = disk->buffer + rootseek;
DBG2("disk rootseek at %lli", (long long)rootseek);
if (root > p)
{
/* the first disk_entry is after the disk_trailer? can't be! */
-zzip_size_t rootsize = zzip_disk_trailer_get_rootsize(trailer);
DBG2("have rootsize at %lli", (long long)rootsize);
if (disk->buffer + rootsize > p)
continue;
@@ -441,6 +444,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
return 0;
}
zzip_size_t rootseek = zzip_disk64_trailer_get_rootseek(trailer);
+ rootsize = zzip_disk64_trailer_get_rootsize(trailer);
DBG2("disk64 rootseek at %lli", (long long)rootseek);
root = disk->buffer + rootseek;
if (root > p)
@@ -457,7 +461,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk)
errno = EBADMSG;
return 0;
}
- if (root >= disk->endbuf)
+ if (root >= disk->endbuf || (root + rootsize) >= disk->endbuf)
{
DBG1("root behind endbuf should be impossible");
errno = EBADMSG;
Index: zziplib-0.13.67/zzip/memdisk.c
===
--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
@@ -143,6 +143,7 @@ zzip_mem_disk_load(ZZIP_MEM_DISK * dir,
zzip_mem_disk_unload(dir);
___ long count = 0;
___ struct zzip_disk_entry *entry = zzip_disk_findfirst(disk);
+if (!entry) goto error;
for (; entry; entry = zzip_disk_findnext(disk, entry))
{
ZZIP_MEM_ENTRY *item = zzip_mem_entry_new(disk, entry);
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-02-09 15:45:22
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Fri Feb 9 15:45:22 2018 rev:26 rq:573678 version:0.13.67
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-01-30
15:38:12.243971109 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-09
15:45:22.196079635 +0100
@@ -1,0 +2,25 @@
+Tue Feb 6 14:55:03 UTC 2018 - josef.moell...@suse.com
+
+- If an extension block is too small to hold an extension,
+ do not use the information therein.
+- If the End of central directory record (EOCD) contains an
+ Offset of start of central directory which is beyond the end of
+ the file, reject the file.
+ [CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]
+
+---
+Fri Feb 2 09:31:49 UTC 2018 - josef.moell...@suse.com
+
+- Reject the ZIP file and report it as corrupt if the size of the
+ central directory and/or the offset of start of central directory
+ point beyond the end of the ZIP file.
+ [CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]
+
+---
+Thu Feb 1 10:49:56 UTC 2018 - josef.moell...@suse.com
+
+- If a file is uncompressed, compressed and uncompressed sizes
+ should be identical.
+ [CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]
+
+---
New:
CVE-2018-6381.patch
CVE-2018-6484.patch
CVE-2018-6540.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.3ajViQ/_old 2018-02-09 15:45:23.312039564 +0100
+++ /var/tmp/diff_new_pack.3ajViQ/_new 2018-02-09 15:45:23.316039421 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,9 @@
Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
+Patch3: CVE-2018-6381.patch
+Patch4: CVE-2018-6484.patch
+Patch5: CVE-2018-6540.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: fdupes
@@ -66,6 +69,9 @@
%patch0
%patch1
%patch2
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
# do not bother with html docs saving us python2 dependency
sed -i -e 's:docs ::g' Makefile.am
++ CVE-2018-6381.patch ++
Index: zziplib-0.13.67/zzip/memdisk.c
===
--- zziplib-0.13.67.orig/zzip/memdisk.c
+++ zziplib-0.13.67/zzip/memdisk.c
@@ -209,6 +209,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
item->zz_diskstart = zzip_disk_entry_get_diskstart(entry);
item->zz_filetype = zzip_disk_entry_get_filetype(entry);
+/*
+ * If the file is uncompressed, zz_csize and zz_usize should be the same
+ * If they are not, we cannot guarantee that either is correct, so ...
+ */
+if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize)
+{
+goto error;
+}
/* zz_comment and zz_name are empty strings if not present on disk */
if (! item->zz_comment || ! item->zz_name)
{
++ CVE-2018-6484.patch ++
Index: zziplib-0.13.67/zzip/zip.c
===
--- zziplib-0.13.67.orig/zzip/zip.c
+++ zziplib-0.13.67/zzip/zip.c
@@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
# endif
__fixup_rootseek(offset + tail - mapped, trailer);
+ /*
+* "extract data from files archived in a single zip file."
+* So the file offsets must be within the current ZIP
archive!
+*/
+ if (trailer->zz_rootseek >= filesize ||
(trailer->zz_rootseek + trailer->zz_rootsize) >= filesize)
+ return(ZZIP_CORRUPTED);
{ return(0); }
} else if ((*tail == 'P') &&
end - tail >=
@@ -338,6 +344,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o
zzip_disk64_trailer_finalentries(orig);
trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig);
trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig);
+ /*
+
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2018-01-30 15:38:10
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Tue Jan 30 15:38:10 2018 rev:25 rq:569981 version:0.13.67
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2017-11-10
14:41:38.098275409 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-01-30
15:38:12.243971109 +0100
@@ -1,0 +2,28 @@
+Tue Jan 23 20:18:19 UTC 2018 - tchva...@suse.com
+
+- Drop tests as they fail completely anyway, not finding lib needing
+ zip command, this should allow us to kill python dependency
+- Also drop docs subdir avoiding python dependency for it
+ * The generated xmls were used for mans too but we shipped those
+only in devel pkg and as such we will live without them
+
+---
+Tue Jan 23 20:03:01 UTC 2018 - tchva...@suse.com
+
+- Version update to 0.13.67:
+ * Various fixes found by fuzzing
+ * Merged bellow patches
+- Remove merged patches:
+ * zziplib-CVE-2017-5974.patch
+ * zziplib-CVE-2017-5975.patch
+ * zziplib-CVE-2017-5976.patch
+ * zziplib-CVE-2017-5978.patch
+ * zziplib-CVE-2017-5979.patch
+ * zziplib-CVE-2017-5981.patch
+- Switch to github tarball as upstream seem no longer pull it to
+ sourceforge
+- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch
+ * The sourcecode was quite changed for this to work this way
+anymore, lets hope this is fixed too
+
+---
Old:
zziplib-0.13.62.tar.bz2
zziplib-CVE-2017-5974.patch
zziplib-CVE-2017-5975.patch
zziplib-CVE-2017-5976.patch
zziplib-CVE-2017-5978.patch
zziplib-CVE-2017-5979.patch
zziplib-CVE-2017-5981.patch
zziplib-unzipcat-NULL-name.patch
New:
v0.13.67.tar.gz
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.rEAbbX/_old 2018-01-30 15:38:13.291922181 +0100
+++ /var/tmp/diff_new_pack.rEAbbX/_new 2018-01-30 15:38:13.291922181 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,32 +18,23 @@
%define lname libzzip-0-13
Name: zziplib
-Version:0.13.62
+Version:0.13.67
Release:0
Summary:Free Zip Compression Library with an Easy-to-Use API
License:LGPL-2.1+
Group: System/Libraries
Url:http://zziplib.sourceforge.net
-Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
+Source0:https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz
Source2:baselibs.conf
Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
-Patch3: zziplib-CVE-2017-5974.patch
-Patch4: zziplib-CVE-2017-5975.patch
-Patch5: zziplib-CVE-2017-5976.patch
-Patch6: zziplib-CVE-2017-5978.patch
-Patch7: zziplib-CVE-2017-5979.patch
-Patch8: zziplib-unzipcat-NULL-name.patch
-Patch9: zziplib-CVE-2017-5981.patch
BuildRequires: autoconf
BuildRequires: automake
-BuildRequires: dos2unix
BuildRequires: fdupes
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: xmlto
-BuildRequires: pkgconfig(python2)
BuildRequires: pkgconfig(zlib)
%description
@@ -75,13 +66,8 @@
%patch0
%patch1
%patch2
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
-%patch8 -p1
-%patch9 -p1
+# do not bother with html docs saving us python2 dependency
+sed -i -e 's:docs ::g' Makefile.am
%build
autoreconf -fiv
@@ -94,31 +80,25 @@
%install
%make_install
-# Fix wrong encoding
-dos2unix docs/README.MSVC6
-dos2unix docs/sdocbook.css
rm -f docs/Make* docs/zziplib-manpages.ar
find %{buildroot} -type f -name "*.la" -delete -print
%fdupes %{buildroot}
-%check
-make %{?_smp_mflags} check || exit 0
-
%post -n %{lname} -p /sbin/ldconfig
%postun -n %{lname} -p /sbin/ldconfig
%files -n %{lname}
+%license COPYING.LIB
%{_libdir}/libzzip*.so.*
%files devel
-%doc docs/README* docs/* ChangeLog README TODO
+%doc docs/README* ChangeLog README TODO
%{_bindir}/unzzip*
%{_bindir}/zz*
%{_bindir}/unzip-mem
%{_libdir}/libzzip*.so
%{_includedir}/*
%{_libdir}/pkgconfig/*.pc
-%{_mandir}/man3/*
%{_datadir}/aclocal/*.m4
%changelog
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2017-11-10 14:40:06
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Fri Nov 10 14:40:06 2017 rev:24 rq:539292 version:0.13.62
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2017-03-31
15:04:43.292811777 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2017-11-10
14:41:38.098275409 +0100
@@ -1,0 +2,7 @@
+Wed Nov 1 12:37:02 UTC 2017 - mplus...@suse.com
+
+- Packaking changes:
+ * Depend on python2 explicitly
+ * Cleanup with spec-cleaner
+
+---
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.5cUiBl/_old 2017-11-10 14:41:39.038241433 +0100
+++ /var/tmp/diff_new_pack.5cUiBl/_new 2017-11-10 14:41:39.042241288 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,17 @@
#
-Name: zziplib
%define lname libzzip-0-13
+Name: zziplib
+Version:0.13.62
+Release:0
Summary:Free Zip Compression Library with an Easy-to-Use API
License:LGPL-2.1+
Group: System/Libraries
-Version:0.13.62
-Release:0
Url:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
Source2:baselibs.conf
-Patch: zziplib-0.13.62.patch
+Patch0: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
Patch3: zziplib-CVE-2017-5974.patch
@@ -36,33 +36,35 @@
Patch7: zziplib-CVE-2017-5979.patch
Patch8: zziplib-unzipcat-NULL-name.patch
Patch9: zziplib-CVE-2017-5981.patch
+BuildRequires: autoconf
+BuildRequires: automake
BuildRequires: dos2unix
BuildRequires: fdupes
BuildRequires: libtool
BuildRequires: pkgconfig
-BuildRequires: python
-BuildRequires: zlib-devel
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: xmlto
+BuildRequires: pkgconfig(python2)
+BuildRequires: pkgconfig(zlib)
%description
ZZipLib is a library for dealing with zip and zip-like archives by
using free algorithms of zlib.
-%package -n %lname
+%package -n %{lname}
Summary:Free zip compression library with easy to use API
Group: System/Libraries
-Obsoletes: zziplib < %version-%release
-Provides: zziplib = %version-%release
+Obsoletes: zziplib < %{version}-%{release}
+Provides: zziplib = %{version}-%{release}
-%description -n %lname
+%description -n %{lname}
ZZipLib is a library for dealing with zip and zip-like archives by
using free algorithms of zlib.
%package devel
Summary:Free zip compression library with easy to use API
Group: Development/Libraries/C and C++
-Requires: %lname = %version
-Requires: zlib-devel
+Requires: %{lname} = %{version}
+Requires: pkgconfig(zlib)
%description devel
That are the header files needed for developing applications using
@@ -70,7 +72,7 @@
%prep
%setup -q
-%patch
+%patch0
%patch1
%patch2
%patch3 -p1
@@ -81,35 +83,34 @@
%patch8 -p1
%patch9 -p1
-# Fix wrong encoding
-dos2unix docs/README.MSVC6
-dos2unix docs/sdocbook.css
-
%build
autoreconf -fiv
-%configure --with-largefile --enable-frame-pointer --disable-static --with-pic
-make %{?_smp_mflags} all;
-make doc;
+%configure \
+ --with-largefile \
+ --enable-frame-pointer \
+ --disable-static \
+ --with-pic
+make %{?_smp_mflags}
%install
-%makeinstall
-%{__rm} -f docs/Make* docs/zziplib-manpages.ar
-find "%buildroot" -name "*.la" -type f -delete
-%fdupes %buildroot
+%make_install
+# Fix wrong encoding
+dos2unix docs/README.MSVC6
+dos2unix docs/sdocbook.css
+rm -f docs/Make* docs/zziplib-manpages.ar
+find %{buildroot} -type f -name "*.la" -delete -print
+%fdupes %{buildroot}
%check
-%{__make} check || exit 0
-
-%post -n %lname -p /sbin/ldconfig
+make %{?_smp_mflags} check || exit 0
-%postun -n %lname -p /sbin/ldconfig
+%post -n %{lname} -p /sbin/ldconfig
+%postun -n %{lname} -p /sbin/ldconfig
-%files -n %lname
-%defattr(-,root,root)
+%files -n %{lname}
%{_libdir}/libzzip*.so.*
%files devel
-%defattr(-,root,root)
%doc docs/README* docs/* ChangeLog README TODO
%{_bindir}/unzzip*
%{_bindir}/zz*
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2017-03-31 15:04:40
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is "zziplib"
Fri Mar 31 15:04:40 2017 rev:23 rq:482259 version:0.13.62
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2013-03-22
13:07:21.0 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2017-03-31
15:04:43.292811777 +0200
@@ -1,0 +2,26 @@
+Thu Mar 23 13:32:03 UTC 2017 - josef.moell...@suse.com
+
+- Several bugs fixed:
+ * heap-based buffer overflows
+(bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch)
+ * check if "relative offset of local header" in "central
+directory header" really points to a local header
+(ZZIP_FILE_HEADER_MAGIC)
+(bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch)
+ * protect against bad formatted data in extra blocks
+(bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch)
+ * NULL pointer dereference in main (unzzipcat-mem.c)
+(bsc#1024532, bsc#1024536, CVE-2017-5975,
+zziplib-CVE-2017-5975.patch)
+ * protect against huge values of "extra field length"
+in local file header and central file header
+(bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch)
+ * clear ZZIP_ENTRY record before use.
+(bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977,
+zziplib-CVE-2017-5979.patch)
+ * prevent unzzipcat.c from trying to print a NULL name
+(bsc#1024537, zziplib-unzipcat-NULL-name.patch)
+ * Replace assert() by going to error exit.
+(bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch)
+
+---
New:
zziplib-CVE-2017-5974.patch
zziplib-CVE-2017-5975.patch
zziplib-CVE-2017-5976.patch
zziplib-CVE-2017-5978.patch
zziplib-CVE-2017-5979.patch
zziplib-CVE-2017-5981.patch
zziplib-unzipcat-NULL-name.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.KZVsC5/_old 2017-03-31 15:04:44.212681735 +0200
+++ /var/tmp/diff_new_pack.KZVsC5/_new 2017-03-31 15:04:44.216681170 +0200
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -29,6 +29,13 @@
Patch: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
Patch2: zziplib-largefile.patch
+Patch3: zziplib-CVE-2017-5974.patch
+Patch4: zziplib-CVE-2017-5975.patch
+Patch5: zziplib-CVE-2017-5976.patch
+Patch6: zziplib-CVE-2017-5978.patch
+Patch7: zziplib-CVE-2017-5979.patch
+Patch8: zziplib-unzipcat-NULL-name.patch
+Patch9: zziplib-CVE-2017-5981.patch
BuildRequires: dos2unix
BuildRequires: fdupes
BuildRequires: libtool
@@ -66,6 +73,14 @@
%patch
%patch1
%patch2
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+
# Fix wrong encoding
dos2unix docs/README.MSVC6
dos2unix docs/sdocbook.css
++ zziplib-CVE-2017-5974.patch ++
Index: zziplib-0.13.62/zzip/memdisk.c
===
--- zziplib-0.13.62.orig/zzip/memdisk.c
+++ zziplib-0.13.62/zzip/memdisk.c
@@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
/* override sizes/offsets with zip64 values for largefile support */
zzip_extra_zip64 *block = (zzip_extra_zip64 *)
zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64);
-if (block)
+if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4))
{
-item->zz_usize = __zzip_get64(block->z_usize);
-item->zz_csize = __zzip_get64(block->z_csize);
-item->zz_offset = __zzip_get64(block->z_offset);
-item->zz_diskstart = __zzip_get32(block->z_diskstart);
+item->zz_usize = ZZIP_GET64(block->z_usize);
+item->zz_csize = ZZIP_GET64(block->z_csize);
+item->zz_offset = ZZIP_GET64(block->z_offset);
+item->zz_diskstart = ZZIP_GET32(block->z_diskstart);
}
}
/* NOTE:
++ zziplib-CVE-2017-5975.patch ++
Index: zziplib-0.13.62/zzip/memdisk.c
===
--- zziplib-0.13.62.orig/zzip/memdisk.c
+++ zziplib-0.13.62/zzip/memdisk.c
@@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI
return 0; /*
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2013-03-22 13:07:17
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is zziplib, Maintainer is wgottw...@novell.com
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2012-12-17
09:50:29.0 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2013-03-22
13:07:21.0 +0100
@@ -1,0 +2,6 @@
+Sat Mar 16 21:37:21 UTC 2013 - sch...@linux-m68k.org
+
+- zziplib-largefile.patch: Enable largefile support
+- Enable debug information
+
+---
New:
zziplib-largefile.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.ffONn0/_old 2013-03-22 13:07:25.0 +0100
+++ /var/tmp/diff_new_pack.ffONn0/_new 2013-03-22 13:07:25.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,25 +16,25 @@
#
-
Name: zziplib
%define lname libzzip-0-13
Summary:Free Zip Compression Library with an Easy-to-Use API
-Version:0.13.62
-Release:0
License:LGPL-2.1+
Group: System/Libraries
+Version:0.13.62
+Release:0
Url:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
Source2:baselibs.conf
Patch: zziplib-0.13.62.patch
Patch1: zziplib-0.13.62-wronglinking.patch
+Patch2: zziplib-largefile.patch
+BuildRequires: dos2unix
BuildRequires: fdupes
BuildRequires: libtool
BuildRequires: pkgconfig
BuildRequires: python
BuildRequires: zlib-devel
-BuildRequires: dos2unix
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -52,10 +52,10 @@
using free algorithms of zlib.
%package devel
-License:LGPL-2.1+
Summary:Free zip compression library with easy to use API
Group: Development/Libraries/C and C++
-Requires: %lname = %version, zlib-devel
+Requires: %lname = %version
+Requires: zlib-devel
%description devel
That are the header files needed for developing applications using
@@ -65,13 +65,14 @@
%setup -q
%patch
%patch1
+%patch2
# Fix wrong encoding
dos2unix docs/README.MSVC6
dos2unix docs/sdocbook.css
%build
autoreconf -fiv
-%configure --enable-largefile --disable-static --with-pic
+%configure --with-largefile --enable-frame-pointer --disable-static --with-pic
make %{?_smp_mflags} all;
make doc;
++ zziplib-largefile.patch ++
Index: configure.ac
===
--- configure.ac.orig
+++ configure.ac
@@ -125,7 +125,7 @@ if test .$ac_cv_sys_largefile_sensitive
elif test .$with_largefile != .no ; then
AC_MSG_RESULT(compiles library as 64bit off_t variant dnl
- and renaming some function names)
- LARGEFILE_CFLAGS=$LARGEFILE_CFLAGS -D_LARGEFILE_SOURCE
+ LARGEFILE_CFLAGS=$LARGEFILE_CFLAGS -D_ZZIP_LARGEFILE -D_LARGEFILE_SOURCE
AC_MSG_RESULT(..adding CFLAGS $LARGEFILE_CFLAGS)
CFLAGS=$CFLAGS $LARGEFILE_CFLAGS
AC_MSG_RESULT(..adding 64 into RELEASE_INFO for the libraries)
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2012-12-17 09:50:27
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is zziplib, Maintainer is wgottw...@novell.com
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2011-11-21
12:52:15.0 +0100
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2012-12-17
09:50:29.0 +0100
@@ -1,0 +2,12 @@
+Sat Dec 15 18:36:24 UTC 2012 - p.drou...@gmail.com
+
+- Update to 0.13.62 version:
+ * configure.ac: fallback to libtool -export-dynamic unless being sure to
+ use gnu-ld --export-dynamic. The darwin case is a bit special here
+ as the c-compiler and linker might be from different worlds.
+* Makefile.am: allow nonstaic build
+* wrap fd.open like in the Fedora patch
+- Remove the package name on summary
+- Add dos2unix as build dependencie to fix a wrong file encoding
+
+---
Old:
zziplib-0.13.49.patch
zziplib-0.13.58-wronglinking.patch
zziplib-0.13.58.tar.bz2
New:
zziplib-0.13.62-wronglinking.patch
zziplib-0.13.62.patch
zziplib-0.13.62.tar.bz2
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.8W4j4j/_old 2012-12-17 09:50:31.0 +0100
+++ /var/tmp/diff_new_pack.8W4j4j/_new 2012-12-17 09:50:31.0 +0100
@@ -1,7 +1,7 @@
#
# spec file for package zziplib
#
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,17 +19,22 @@
Name: zziplib
%define lname libzzip-0-13
-Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API
-Version:0.13.58
-Release:9
+Summary:Free Zip Compression Library with an Easy-to-Use API
+Version:0.13.62
+Release:0
License:LGPL-2.1+
Group: System/Libraries
Url:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
Source2:baselibs.conf
-Patch: zziplib-0.13.49.patch
-Patch1: zziplib-0.13.58-wronglinking.patch
-BuildRequires: fdupes libtool pkgconfig python zlib-devel
+Patch: zziplib-0.13.62.patch
+Patch1: zziplib-0.13.62-wronglinking.patch
+BuildRequires: fdupes
+BuildRequires: libtool
+BuildRequires: pkgconfig
+BuildRequires: python
+BuildRequires: zlib-devel
+BuildRequires: dos2unix
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -37,7 +42,7 @@
using free algorithms of zlib.
%package -n %lname
-Summary:ZZipLib: free zip compression library with easy to use API
+Summary:Free zip compression library with easy to use API
Group: System/Libraries
Obsoletes: zziplib %version-%release
Provides: zziplib = %version-%release
@@ -48,7 +53,7 @@
%package devel
License:LGPL-2.1+
-Summary:ZZipLib: free zip compression library with easy to use API
+Summary:Free zip compression library with easy to use API
Group: Development/Libraries/C and C++
Requires: %lname = %version, zlib-devel
@@ -60,6 +65,9 @@
%setup -q
%patch
%patch1
+# Fix wrong encoding
+dos2unix docs/README.MSVC6
+dos2unix docs/sdocbook.css
%build
autoreconf -fiv
++ zziplib-0.13.58-wronglinking.patch - zziplib-0.13.62-wronglinking.patch
++
--- /work/SRC/openSUSE:Factory/zziplib/zziplib-0.13.58-wronglinking.patch
2011-09-23 12:53:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib-0.13.62-wronglinking.patch
2012-12-17 09:50:29.0 +0100
@@ -1,14 +1,14 @@
--- configure.ac.orig
+++ configure.ac
-@@ -288,7 +288,7 @@ case $host_os in
-
- if test .$can_build_shared = .no
- then ZZIPLIB_LDFLAGS=
--else ZZIPLIB_LDFLAGS=--export-dynamic
-+else ZZIPLIB_LDFLAGS=-Wl,--export-dynamic
- fi
- RESOLVES=' # '
- ;;
+@@ -302,7 +302,7 @@
+ RESOLVES= #
+ ;; *)
+ if test .$can_build_shared != .no ; then
+- ZZIPLIB_LDFLAGS=-export-dynamic
++ ZZIPLIB_LDFLAGS=-Wl,-export-dynamic
+ if test .$lt_cv_prog_gnu_ld == .yes ; then
+ ZZIPLIB_LDFLAGS=${wl}--export-dynamic
+ # TODO: that is for backward compatibility only
--- zzip/Makefile.am.orig
+++ zzip/Makefile.am
@@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = 1.5 foreign
++ zziplib-0.13.49.patch - zziplib-0.13.62.patch ++
---
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2011-12-06 19:21:37
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is zziplib, Maintainer is wgottw...@novell.com
Changes:
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.HnOvOS/_old 2011-12-06 20:03:13.0 +0100
+++ /var/tmp/diff_new_pack.HnOvOS/_new 2011-12-06 20:03:13.0 +0100
@@ -22,7 +22,7 @@
Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API
Version:0.13.58
Release:9
-License:LGPLv2.1+
+License:LGPL-2.1+
Group: System/Libraries
Url:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
@@ -47,7 +47,7 @@
using free algorithms of zlib.
%package devel
-License:LGPLv2.1+
+License:LGPL-2.1+
Summary:ZZipLib: free zip compression library with easy to use API
Group: Development/Libraries/C and C++
Requires: %lname = %version, zlib-devel
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory checked
in at 2011-11-21 12:51:34
Comparing /work/SRC/openSUSE:Factory/zziplib (Old)
and /work/SRC/openSUSE:Factory/.zziplib.new (New)
Package is zziplib, Maintainer is wgottw...@novell.com
Changes:
--- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2011-09-23
12:53:46.0 +0200
+++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2011-11-21
12:52:15.0 +0100
@@ -1,0 +2,5 @@
+Sat Nov 19 15:38:23 UTC 2011 - co...@suse.com
+
+- add libtool as buildrequire to avoid implicit dependency
+
+---
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.yzXGMD/_old 2011-11-21 12:52:17.0 +0100
+++ /var/tmp/diff_new_pack.yzXGMD/_new 2011-11-21 12:52:17.0 +0100
@@ -24,12 +24,12 @@
Release:9
License:LGPLv2.1+
Group: System/Libraries
-URL:http://zziplib.sourceforge.net
+Url:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
Source2:baselibs.conf
Patch: zziplib-0.13.49.patch
Patch1: zziplib-0.13.58-wronglinking.patch
-BuildRequires: fdupes pkgconfig python zlib-devel
+BuildRequires: fdupes libtool pkgconfig python zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory
checked in at Thu Sep 22 10:54:02 CEST 2011.
--- zziplib/zziplib.changes 2011-04-30 21:04:22.0 +0200
+++ /mounts/work_src_done/STABLE/zziplib/zziplib.changes2011-09-16
18:18:56.0 +0200
@@ -1,0 +2,6 @@
+Fri Sep 16 16:02:33 UTC 2011 - jeng...@medozas.de
+
+- Implement shlib policy/packaging for package, add baselibs.conf
+ and resolve redundant constructs
+
+---
calling whatdependson for head-i586
New:
baselibs.conf
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.3qo6Op/_old 2011-09-22 10:53:59.0 +0200
+++ /var/tmp/diff_new_pack.3qo6Op/_new 2011-09-22 10:53:59.0 +0200
@@ -15,32 +15,42 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
-# norootforbuild
Name: zziplib
+%define lname libzzip-0-13
Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API
Version:0.13.58
Release:9
License:LGPLv2.1+
Group: System/Libraries
-AutoReqProv:on
-Url:http://zziplib.sourceforge.net
+URL:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
+Source2:baselibs.conf
Patch: zziplib-0.13.49.patch
Patch1: zziplib-0.13.58-wronglinking.patch
-BuildRequires: pkgconfig python zlib-devel
+BuildRequires: fdupes pkgconfig python zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
ZZipLib is a library for dealing with zip and zip-like archives by
using free algorithms of zlib.
+%package -n %lname
+Summary:ZZipLib: free zip compression library with easy to use API
+Group: System/Libraries
+Obsoletes: zziplib %version-%release
+Provides: zziplib = %version-%release
+
+%description -n %lname
+ZZipLib is a library for dealing with zip and zip-like archives by
+using free algorithms of zlib.
+
%package devel
License:LGPLv2.1+
Summary:ZZipLib: free zip compression library with easy to use API
Group: Development/Libraries/C and C++
-Requires: %{name} = %{version} zlib-devel
+Requires: %lname = %version, zlib-devel
%description devel
That are the header files needed for developing applications using
@@ -54,27 +64,25 @@
%build
autoreconf -fiv
%configure --enable-largefile --disable-static --with-pic
-%{__make} %{?jobs:-j%jobs}
-make doc
+make %{?_smp_mflags} all;
+make doc;
%install
-%{__make} DESTDIR=%{buildroot} install
+%makeinstall
%{__rm} -f docs/Make* docs/zziplib-manpages.ar
-%{__rm} -f %{buildroot}%{_libdir}/*.la
+find %buildroot -name *.la -type f -delete
+%fdupes %buildroot
%check
%{__make} check || exit 0
-%clean
-%{__rm} -rf %{buildroot}
-
-%post -p /sbin/ldconfig
+%post -n %lname -p /sbin/ldconfig
-%postun -p /sbin/ldconfig
+%postun -n %lname -p /sbin/ldconfig
-%files
+%files -n %lname
%defattr(-,root,root)
-%{_libdir}/libzzip*-*.so.*
+%{_libdir}/libzzip*.so.*
%files devel
%defattr(-,root,root)
++ baselibs.conf ++
# Obsoletes added in 0.13.58; change to starting with 0.13.59
libzzip-0-13
obsoletes zziplib-targettype = version
provides zziplib-targettype = version
zziplib-devel
requires -zziplib-targettype
requires libzzip-0-13-targettype = version
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community,
here is the log from the commit of package zziplib for openSUSE:Factory
checked in at Mon May 2 12:24:01 CEST 2011.
--- zziplib/zziplib.changes 2010-02-17 10:47:43.0 +0100
+++ /mounts/work_src_done/STABLE/zziplib/zziplib.changes2011-04-30
21:04:22.0 +0200
@@ -1,0 +2,5 @@
+Sat Apr 30 15:22:39 UTC 2011 - crrodrig...@opensuse.org
+
+- Fix build with gcc 4.6
+
+---
calling whatdependson for head-i586
New:
zziplib-0.13.58-wronglinking.patch
Other differences:
--
++ zziplib.spec ++
--- /var/tmp/diff_new_pack.edCvTz/_old 2011-05-02 12:23:41.0 +0200
+++ /var/tmp/diff_new_pack.edCvTz/_new 2011-05-02 12:23:41.0 +0200
@@ -1,7 +1,7 @@
#
-# spec file for package zziplib (Version 0.13.58)
+# spec file for package zziplib
#
-# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -21,13 +21,14 @@
Name: zziplib
Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API
Version:0.13.58
-Release:1
+Release:9
License:LGPLv2.1+
Group: System/Libraries
AutoReqProv:on
Url:http://zziplib.sourceforge.net
Source0:
http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2
Patch: zziplib-0.13.49.patch
+Patch1: zziplib-0.13.58-wronglinking.patch
BuildRequires: pkgconfig python zlib-devel
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -48,6 +49,7 @@
%prep
%setup -q
%patch
+%patch1
%build
autoreconf -fiv
++ zziplib-0.13.58-wronglinking.patch ++
--- configure.ac.orig
+++ configure.ac
@@ -288,7 +288,7 @@ case $host_os in
if test .$can_build_shared = .no
then ZZIPLIB_LDFLAGS=
-else ZZIPLIB_LDFLAGS=--export-dynamic
+else ZZIPLIB_LDFLAGS=-Wl,--export-dynamic
fi
RESOLVES=' # '
;;
--- zzip/Makefile.am.orig
+++ zzip/Makefile.am
@@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = 1.5 foreign
AUTOTOOL_VERSION=autoconf-2.52 automake-1.5 libtool-1.4.2
DEFAULT_INCLUDES = # nothing - no default of -I. -I$(srcdir)
DEFS = @DEFS@ -I$(top_builddir) -I$(top_srcdir) # also for automake 1.4
-
+AM_CFLAGS = -fno-strict-aliasing
lib_LTLIBRARIES = libzzip.la libzzipmmapped.la libzzipfseeko.la
zzipdir = ${includedir}/zzip
zzip_HEADERS = $(libzzip_la_headers) \
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
