commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2020-05-02 22:15:47 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.2738 (New) Package is "zziplib" Sat May 2 22:15:47 2020 rev:38 rq:799298 version:0.13.71 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2020-04-25 20:07:02.731389539 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new.2738/zziplib.changes 2020-05-02 22:16:03.396375056 +0200 @@ -1,0 +2,7 @@ +Tue Apr 28 06:21:51 UTC 2020 - Paolo Stivanin + +- Update to 0.13.71: + * testbuilds fixes + * fixes to bring base, sdl, manpages and site docs to same level + +--- Old: zziplib-0.13.70.tar.gz New: zziplib-0.13.71.tar.gz Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.wC9yEi/_old 2020-05-02 22:16:03.900376112 +0200 +++ /var/tmp/diff_new_pack.wC9yEi/_new 2020-05-02 22:16:03.904376120 +0200 @@ -18,7 +18,7 @@ %define lname libzzip-0-13 Name: zziplib -Version:0.13.70 +Version:0.13.71 Release:0 Summary:ZIP Compression Library License:LGPL-2.1-or-later ++ zziplib-0.13.70.tar.gz -> zziplib-0.13.71.tar.gz ++ 7417 lines of diff (skipped)
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2020-04-25 20:06:49 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.2738 (New) Package is "zziplib" Sat Apr 25 20:06:49 2020 rev:37 rq:795502 version:0.13.70 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2020-03-11 18:32:17.450896624 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new.2738/zziplib.changes 2020-04-25 20:07:02.731389539 +0200 @@ -1,0 +2,21 @@ +Tue Apr 14 08:28:53 UTC 2020 - Josef Möllers + +- Update to 1.13.70: + * there have been tons of bugfixes over the last two years ... + * Thanks go to Patrick Steinhardt (then at Aservo) for python3 updates + * Thanks go to Josef Moellers (working at SUSE Labs) for many CVE fixes + * and of course all the other patches that came in via github issues. + * I have cleaned up sources to only uses Python3 (as needed by 2020). + * !!! The old automake/autconf/libtool system will be dumped soon!!! + * The build system was ported to 'cmake' .. (last tested cmake 3.10.2) + Obsoletes patches + - CVE-2018-7726.patch + - CVE-2018-7725.patch + - CVE-2018-16548.patch + - CVE-2018-17828.patch + - bsc1129403-prevent-division-by-zero.patch + [zziplib-0.13.70.tar.gz, CVE-2018-7726.patch, CVE-2018-7725.patch, + CVE-2018-16548.patch, CVE-2018-17828.patch, + bsc1129403-prevent-division-by-zero.patch] + +--- Old: CVE-2018-16548.patch CVE-2018-17828.patch CVE-2018-7725.patch CVE-2018-7726.patch bsc1129403-prevent-division-by-zero.patch zziplib-0.13.69.tar.gz New: zziplib-0.13.70.tar.gz Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.jgMybu/_old 2020-04-25 20:07:03.423390966 +0200 +++ /var/tmp/diff_new_pack.jgMybu/_new 2020-04-25 20:07:03.423390966 +0200 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,22 +18,17 @@ %define lname libzzip-0-13 Name: zziplib -Version:0.13.69 +Version:0.13.70 Release:0 Summary:ZIP Compression Library License:LGPL-2.1-or-later Group: Development/Libraries/C and C++ -Url:http://zziplib.sourceforge.net +URL:http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch -Patch3: CVE-2018-7726.patch -Patch4: CVE-2018-7725.patch -Patch5: CVE-2018-16548.patch -Patch6: CVE-2018-17828.patch -Patch7: bsc1129403-prevent-division-by-zero.patch Patch8: bsc1154002-prevent-unnecessary-perror.patch BuildRequires: autoconf BuildRequires: automake @@ -71,11 +66,6 @@ %patch0 %patch1 %patch2 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 %patch8 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++ zziplib-0.13.69.tar.gz -> zziplib-0.13.70.tar.gz ++ 6172 lines of diff (skipped)
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2020-03-11 18:32:13 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.3160 (New) Package is "zziplib" Wed Mar 11 18:32:13 2020 rev:36 rq:782086 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-12-16 17:26:30.155956935 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new.3160/zziplib.changes 2020-03-11 18:32:17.450896624 +0100 @@ -1,0 +2,7 @@ +Mon Feb 24 15:08:13 UTC 2020 - Josef Möllers + +- Corrected control flow in zzip_mem_entry_make() to + gain correct exit status. + [bsc#1154002, bsc1154002-prevent-unnecessary-perror.patch] + +--- Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.4wKIvC/_old 2020-03-11 18:32:18.654897363 +0100 +++ /var/tmp/diff_new_pack.4wKIvC/_new 2020-03-11 18:32:18.654897363 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ bsc1154002-prevent-unnecessary-perror.patch ++ --- /var/tmp/diff_new_pack.4wKIvC/_old 2020-03-11 18:32:18.682897380 +0100 +++ /var/tmp/diff_new_pack.4wKIvC/_new 2020-03-11 18:32:18.686897383 +0100 @@ -2,12 +2,12 @@ === --- zziplib-0.13.69.orig/bins/unzip-mem.c +++ zziplib-0.13.69/bins/unzip-mem.c -@@ -93,7 +93,7 @@ static void zzip_mem_entry_make(ZZIP_MEM +@@ -92,7 +92,7 @@ static void zzip_mem_entry_make(ZZIP_MEM + ZZIP_MEM_ENTRY* entry) { FILE* file = fopen (entry->zz_name, "wb"); - if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); } --perror (entry->zz_name); -+else perror (entry->zz_name); +-if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); } ++if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); return; } + perror (entry->zz_name); if (status < EXIT_WARNINGS) status = EXIT_WARNINGS; } -
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2019-12-16 17:26:27 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.4691 (New) Package is "zziplib" Mon Dec 16 17:26:27 2019 rev:35 rq:756875 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-10-30 14:42:21.449833842 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new.4691/zziplib.changes 2019-12-16 17:26:30.155956935 +0100 @@ -1,0 +2,9 @@ +Fri Dec 13 12:28:30 UTC 2019 - Josef Möllers + +- Make an unconditional error message conditional by checking + the return value of a function call. + Also removed an unwanted debug output. + [bsc#154002, bsc1154002-prevent-unnecessary-perror.patch, + CVE-2018-7725.patch] + +--- New: bsc1154002-prevent-unnecessary-perror.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.solnFj/_old 2019-12-16 17:26:30.959956613 +0100 +++ /var/tmp/diff_new_pack.solnFj/_new 2019-12-16 17:26:30.963956611 +0100 @@ -34,6 +34,7 @@ Patch5: CVE-2018-16548.patch Patch6: CVE-2018-17828.patch Patch7: bsc1129403-prevent-division-by-zero.patch +Patch8: bsc1154002-prevent-unnecessary-perror.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -75,6 +76,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++ CVE-2018-7725.patch ++ --- /var/tmp/diff_new_pack.solnFj/_old 2019-12-16 17:26:30.987956601 +0100 +++ /var/tmp/diff_new_pack.solnFj/_new 2019-12-16 17:26:30.987956601 +0100 @@ -17,6 +17,14 @@ * If the file is uncompressed, zz_csize and zz_usize should be the same * If they are not, we cannot guarantee that either is correct, so ... */ +@@ -521,7 +529,6 @@ zzip_mem_entry_fopen(ZZIP_MEM_DISK * dir + file->zlib.avail_in = zzip_mem_entry_csize(entry); + file->zlib.next_in = zzip_mem_entry_to_data(entry); + +-debug2("compressed size %i", (int) file->zlib.avail_in); + if (file->zlib.next_in + file->zlib.avail_in >= file->endbuf) + goto error; + if (file->zlib.next_in < file->buffer) Index: zziplib-0.13.69/zzip/zip.c === --- zziplib-0.13.69.orig/zzip/zip.c ++ bsc1154002-prevent-unnecessary-perror.patch ++ Index: zziplib-0.13.69/bins/unzip-mem.c === --- zziplib-0.13.69.orig/bins/unzip-mem.c +++ zziplib-0.13.69/bins/unzip-mem.c @@ -93,7 +93,7 @@ static void zzip_mem_entry_make(ZZIP_MEM { FILE* file = fopen (entry->zz_name, "wb"); if (file) { zzip_mem_entry_pipe (disk, entry, file); fclose (file); } -perror (entry->zz_name); +else perror (entry->zz_name); if (status < EXIT_WARNINGS) status = EXIT_WARNINGS; }
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2019-10-30 14:42:20 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.2990 (New) Package is "zziplib" Wed Oct 30 14:42:20 2019 rev:34 rq:743449 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2019-06-18 14:53:21.037519304 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new.2990/zziplib.changes 2019-10-30 14:42:21.449833842 +0100 @@ -1,0 +2,6 @@ +Thu Oct 17 09:30:20 UTC 2019 - Josef Möllers + +- Fixed another instance where division by 0 may occur. + [bsc#1129403, bsc1129403-prevent-division-by-zero.patch] + +--- Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.ULm8qO/_old 2019-10-30 14:42:22.229834672 +0100 +++ /var/tmp/diff_new_pack.ULm8qO/_new 2019-10-30 14:42:22.233834677 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,7 +21,7 @@ Version:0.13.69 Release:0 Summary:ZIP Compression Library -License:LGPL-2.1+ +License:LGPL-2.1-or-later Group: Development/Libraries/C and C++ Url:http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz ++ bsc1129403-prevent-division-by-zero.patch ++ --- /var/tmp/diff_new_pack.ULm8qO/_old 2019-10-30 14:42:22.277834723 +0100 +++ /var/tmp/diff_new_pack.ULm8qO/_new 2019-10-30 14:42:22.277834723 +0100 @@ -2,7 +2,27 @@ === --- zziplib-0.13.69.orig/bins/unzip-mem.c +++ zziplib-0.13.69/bins/unzip-mem.c -@@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP +@@ -186,6 +186,7 @@ static void zzip_mem_entry_direntry_star + static void zzip_mem_entry_direntry_done (void) + { + char exp = ' '; ++long percentage; + if (sum_usize / 1024 > 1024*1024*1024) { exp = 'G'; + sum_usize /= 1024*1024*1024; sum_usize /= 1024*1024*1024; } + if (sum_usize > 1024*1024*1024) { exp = 'M'; +@@ -199,9 +200,10 @@ static void zzip_mem_entry_direntry_done + return; + verbose: + printf(" -- --- - \n"); ++percentage = sum_usize ? (L (100 - (sum_csize*100/sum_usize))) : 0; /* 0% if file size is 0 */ + printf("%8li%c %8li%c %3li%% %8li %s\n", + L sum_usize, exp, L sum_csize, exp, +- L (100 - (sum_csize*100/sum_usize)), L sum_files, ++ percentage, L sum_files, + sum_files == 1 ? "file" : "files"); + } + +@@ -231,9 +233,12 @@ static void zzip_mem_entry_direntry(ZZIP if (*name == '\n') name++; if (option_verbose) {
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2019-06-18 14:53:18 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new.4811 (New) Package is "zziplib" Tue Jun 18 14:53:18 2019 rev:33 rq:709891 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-10-11 11:42:53.342982522 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new.4811/zziplib.changes 2019-06-18 14:53:21.037519304 +0200 @@ -1,0 +2,8 @@ +Thu Jun 13 06:39:36 UTC 2019 - josef.moell...@suse.com + +- Prevent division by zero by first checking if uncompressed size + is 0. This may happen with directories which have a compressed + and uncompressed size of 0. + [bsc#1129403, bsc1129403-prevent-division-by-zero.patch] + +--- New: bsc1129403-prevent-division-by-zero.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.qaYbKV/_old 2019-06-18 14:53:21.681518822 +0200 +++ /var/tmp/diff_new_pack.qaYbKV/_new 2019-06-18 14:53:21.685518819 +0200 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -33,6 +33,7 @@ Patch4: CVE-2018-7725.patch Patch5: CVE-2018-16548.patch Patch6: CVE-2018-17828.patch +Patch7: bsc1129403-prevent-division-by-zero.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -73,6 +74,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++ bsc1129403-prevent-division-by-zero.patch ++ Index: zziplib-0.13.69/bins/unzip-mem.c === --- zziplib-0.13.69.orig/bins/unzip-mem.c +++ zziplib-0.13.69/bins/unzip-mem.c @@ -231,9 +231,12 @@ static void zzip_mem_entry_direntry(ZZIP if (*name == '\n') name++; if (option_verbose) { + long percentage; + + percentage = usize ? (L (100 - (csize*100/usize))) : 0; /* 0% if file size is 0 */ printf("%8li%c %s %8li%c%3li%% %s %8lx %s %s\n", L usize, exp, comprlevel[compr], L csize, exp, - L (100 - (csize*100/usize)), + percentage, _zzip_ctime(&mtime), crc32, name, comment); } else { printf(" %8li%c %s %s %s\n", Index: zziplib-0.13.69/test/zziptests.py === --- zziplib-0.13.69.orig/test/zziptests.py +++ zziplib-0.13.69/test/zziptests.py @@ -3429,6 +3429,26 @@ class ZZipTest(unittest.TestCase): txt = open(txtfile).read() self.assertEqual(txt.split("\n"), run.output.split("\n")) + def test_65485_list_verbose_compressed_with_directory(self): +""" verbously list a zipfile containing directories """ +tmpdir = self.testdir() +workdir = tmpdir + "/d" +zipname = "ZIPfile" +os.makedirs(workdir) +f= open(tmpdir + "/d/file","w+") +for i in range(10): + f.write("This is line %d\r\n" % (i+1)) +f.close() +# create the ZIPfile +exe=self.bins("zzip") +run = shell("chdir {tmpdir} && ../{exe} -9 {zipname}.zip d".format(**locals())) +self.assertFalse(run.returncode) +# list the ZIPfile +exe=self.bins("unzip-mem"); +run = shell("chdir {tmpdir} && ../{exe} -v {zipname}.zip".format(**locals())) +self.assertFalse(run.returncode) +self.rm_testdir() + def test_99000_make_test1w_zip(self): """ create a test1w.zip using zzip/write functions. """ exe=self.bins("zzip")
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-10-11 11:42:49 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Thu Oct 11 11:42:49 2018 rev:32 rq:639943 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-09-20 11:39:36.932921486 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-10-11 11:42:53.342982522 +0200 @@ -1,0 +2,6 @@ +Thu Oct 4 08:14:00 UTC 2018 - josef.moell...@suse.com + +- Remove any "../" components from pathnames of extracted files. + [bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch] + +--- New: CVE-2018-17828.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.KQQvMN/_old 2018-10-11 11:42:54.206981422 +0200 +++ /var/tmp/diff_new_pack.KQQvMN/_new 2018-10-11 11:42:54.206981422 +0200 @@ -21,7 +21,7 @@ Version:0.13.69 Release:0 Summary:ZIP Compression Library -License:LGPL-2.1-or-later +License:LGPL-2.1+ Group: Development/Libraries/C and C++ Url:http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz @@ -32,6 +32,7 @@ Patch3: CVE-2018-7726.patch Patch4: CVE-2018-7725.patch Patch5: CVE-2018-16548.patch +Patch6: CVE-2018-17828.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -71,6 +72,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++ CVE-2018-17828.patch ++ Index: zziplib-0.13.69/bins/unzzipcat-mem.c === --- zziplib-0.13.69.orig/bins/unzzipcat-mem.c +++ zziplib-0.13.69/bins/unzzipcat-mem.c @@ -58,6 +58,48 @@ static void unzzip_mem_disk_cat_file(ZZI } } +/* + * NAME: remove_dotdotslash + * PURPOSE: To remove any "../" components from the given pathname + * ARGUMENTS: path: path name with maybe "../" components + * RETURNS: Nothing, "path" is modified in-place + * NOTE: removing "../" from the path ALWAYS shortens the path, never adds to it! + * Also, "path" is not used after creating it. + * So modifying "path" in-place is safe to do. + */ +static inline void +remove_dotdotslash(char *path) +{ +/* Note: removing "../" from the path ALWAYS shortens the path, never adds to it! */ +char *dotdotslash; +int warned = 0; + +dotdotslash = path; +while ((dotdotslash = strstr(dotdotslash, "../")) != NULL) +{ +/* + * Remove only if at the beginning of the pathname ("../path/name") + * or when preceded by a slash ("path/../name"), + * otherwise not ("path../name..")! + */ +if (dotdotslash == path || dotdotslash[-1] == '/') +{ +char *src, *dst; +if (!warned) +{ +/* Note: the first time through the pathname is still intact */ +fprintf(stderr, "Removing \"../\" path component(s) in %s\n", path); +warned = 1; +} +/* We cannot use strcpy(), as there "The strings may not overlap" */ +for (src = dotdotslash+3, dst=dotdotslash; (*dst = *src) != '\0'; src++, dst++) +; +} +else +dotdotslash +=3; /* skip this instance to prevent infinite loop */ +} +} + static void makedirs(const char* name) { char* p = strrchr(name, '/'); @@ -75,6 +117,16 @@ static void makedirs(const char* name) static FILE* create_fopen(char* name, char* mode, int subdirs) { + char *name_stripped; + FILE *fp; + int mustfree = 0; + + if ((name_stripped = strdup(name)) != NULL) + { + remove_dotdotslash(name_stripped); + name = name_stripped; + mustfree = 1; + } if (subdirs) { char* p = strrchr(name, '/'); @@ -84,7 +136,10 @@ static FILE* create_fopen(char* name, ch free (dir_name); } } - return fopen(name, mode); + fp = fopen(name, mode); + if (mustfree) + free(name_stripped); +return fp; } static int unzzip_cat (int argc, char ** argv, int extract) Index: zziplib-0.13.69/bins/unzzipcat-big.c === --- zziplib-0.13.69.orig/bins/unzzipcat-big.c +++ zziplib-0.13.69/bins/unzzipcat-big.c @@ -53,6 +53,48 @@ static void unzzip_cat_file(FILE* disk, } } +/* + * NAME: remove_dot
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-09-20 11:39:26 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Thu Sep 20 11:39:26 2018 rev:31 rq:634660 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-03-26 12:01:11.518866901 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-09-20 11:39:36.932921486 +0200 @@ -1,0 +2,7 @@ +Fri Sep 7 11:51:45 UTC 2018 - josef.moell...@suse.com + +- Avoid memory leak from __zzip_parse_root_directory(). + Free allocated structure if its address is not passed back. + [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch] + +--- New: CVE-2018-16548.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.xkR3pA/_old 2018-09-20 11:39:38.620920494 +0200 +++ /var/tmp/diff_new_pack.xkR3pA/_new 2018-09-20 11:39:38.620920494 +0200 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,9 +21,8 @@ Version:0.13.69 Release:0 Summary:ZIP Compression Library -License:LGPL-2.1+ +License:LGPL-2.1-or-later Group: Development/Libraries/C and C++ -# License:LGPL-2.1-or-later Url:http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2:baselibs.conf @@ -32,6 +31,7 @@ Patch2: zziplib-largefile.patch Patch3: CVE-2018-7726.patch Patch4: CVE-2018-7725.patch +Patch5: CVE-2018-16548.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -70,6 +70,7 @@ %patch2 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++ CVE-2018-16548.patch ++ Index: zziplib-0.13.69/zzip/zip.c === --- zziplib-0.13.69.orig/zzip/zip.c +++ zziplib-0.13.69/zzip/zip.c @@ -477,9 +477,15 @@ __zzip_parse_root_directory(int fd, } else { if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) + { + free(hdr0); return ZZIP_DIR_SEEK; + } if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) + { + free(hdr0); return ZZIP_DIR_READ; + } d = &dirent; } @@ -579,11 +585,18 @@ __zzip_parse_root_directory(int fd, if (hdr_return) *hdr_return = hdr0; + else + { + /* If it is not assigned to *hdr_return, it will never be free()'d */ + free(hdr0); + } } /* else zero (sane) entries */ +else +free(hdr0); # ifndef ZZIP_ALLOW_MODULO_ENTRIES -return (entries != zz_entries ? ZZIP_CORRUPTED : 0); +return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; # else -return ((entries & (unsigned)0x) != zz_entries ? ZZIP_CORRUPTED : 0); +return ((entries & (unsigned)0x) != zz_entries) ? ZZIP_CORRUPTED : 0; # endif }
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-03-26 12:00:51 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Mon Mar 26 12:00:51 2018 rev:30 rq:588696 version:0.13.69 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-24 16:37:31.157466434 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-03-26 12:01:11.518866901 +0200 @@ -1,0 +2,28 @@ +Mon Mar 19 13:57:10 UTC 2018 - josef.moell...@suse.com + +- Check if data from End of central directory record makes sense. + Especially the Offset of start of central directory must not + a) be negative or + b) point behind the end-of-file. +- Check if compressed size in Central directory file header + makes sense, i.e. the file's data does not extend beyond the + end of the file. + [bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch, + bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch] + +--- +Sat Mar 17 18:53:19 UTC 2018 - avin...@opensuse.org + +- Update to 0.13.69: + * fix a number of CVEs reported with special *.zip PoC files + * completing some doc strings while checking the new man-pages to +look good + * update refs to point to github instead of sf.net + * man-pages are generated with new dbk2man.py - docbook xmlto is +optional now + * a zip-program is still required for testing, but some errors +are gone when not present +- run spec-cleaner +- don't ship Windows only file, README.MSVC6 + +--- Old: zziplib-0.13.68.tar.gz New: CVE-2018-7725.patch CVE-2018-7726.patch zziplib-0.13.69.tar.gz Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.DPHu4M/_old 2018-03-26 12:01:13.610791430 +0200 +++ /var/tmp/diff_new_pack.DPHu4M/_new 2018-03-26 12:01:13.618791141 +0200 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,17 +18,20 @@ %define lname libzzip-0-13 Name: zziplib -Version:0.13.68 +Version:0.13.69 Release:0 Summary:ZIP Compression Library License:LGPL-2.1+ Group: Development/Libraries/C and C++ +# License:LGPL-2.1-or-later Url:http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch +Patch3: CVE-2018-7726.patch +Patch4: CVE-2018-7725.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: libtool @@ -65,6 +68,8 @@ %patch0 %patch1 %patch2 +%patch3 -p1 +%patch4 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am @@ -85,11 +90,11 @@ %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} -%doc COPYING.LIB +%license COPYING.LIB %{_libdir}/libzzip*.so.* %files devel -%doc docs/README* ChangeLog README TODO +%doc docs/README.SDL ChangeLog README TODO %{_bindir}/unzzip* %{_bindir}/zz* %{_bindir}/unzip-mem ++ CVE-2018-7725.patch ++ Index: zziplib-0.13.69/zzip/memdisk.c === --- zziplib-0.13.69.orig/zzip/memdisk.c +++ zziplib-0.13.69/zzip/memdisk.c @@ -222,6 +222,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI item->zz_filetype = zzip_disk_entry_get_filetype(entry); /* + * If zz_data+zz_csize exceeds the size of the file, bail out + */ +if ((item->zz_data + item->zz_csize) < disk->buffer || +(item->zz_data + item->zz_csize) >= disk->endbuf) +{ +goto error; +} +/* * If the file is uncompressed, zz_csize and zz_usize should be the same * If they are not, we cannot guarantee that either is correct, so ... */ Index: zziplib-0.13.69/zzip/zip.c === --- zziplib-0.13.69.orig/zzip/zip.c +++ zziplib-0.13.69/zzip/zip.c @@ -408,7 +408,7 @@ __zzip_parse_root_directory(int fd, struct _disk_trailer *trailer, struct zzip_dir_hdr **hdr_return, zzip_plugin_io_t io, -
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-02-24 16:37:28 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Sat Feb 24 16:37:28 2018 rev:29 rq:579215 version:0.13.68 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-21 14:07:50.558030161 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-24 16:37:31.157466434 +0100 @@ -1,0 +2,12 @@ +Mon Feb 19 12:55:26 UTC 2018 - adam.ma...@suse.de + +- Drop BR: fdupes since it does nothing. + +--- +Mon Feb 19 11:30:47 UTC 2018 - jeng...@inai.de + +- Fix RPM groups. Remove ineffective --with-pic. + Trim redundancies from description. + Do not let fdupes run across partitions. + +--- Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.O4KJMh/_old 2018-02-24 16:37:32.285425838 +0100 +++ /var/tmp/diff_new_pack.O4KJMh/_new 2018-02-24 16:37:32.289425694 +0100 @@ -20,9 +20,9 @@ Name: zziplib Version:0.13.68 Release:0 -Summary:Free Zip Compression Library with an Easy-to-Use API +Summary:ZIP Compression Library License:LGPL-2.1+ -Group: System/Libraries +Group: Development/Libraries/C and C++ Url:http://zziplib.sourceforge.net Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2:baselibs.conf @@ -31,28 +31,27 @@ Patch2: zziplib-largefile.patch BuildRequires: autoconf BuildRequires: automake -BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: xmlto BuildRequires: pkgconfig(zlib) %description -ZZipLib is a library for dealing with zip and zip-like archives by -using free algorithms of zlib. +ZZipLib is a library for dealing with ZIP and ZIP-like archives by +using algorithms of zlib. %package -n %{lname} -Summary:Free zip compression library with easy to use API +Summary:ZIP compression library Group: System/Libraries Obsoletes: zziplib < %{version}-%{release} Provides: zziplib = %{version}-%{release} %description -n %{lname} -ZZipLib is a library for dealing with zip and zip-like archives by -using free algorithms of zlib. +ZZipLib is a library for dealing with ZIP and ZIP-like archives by +using algorithms of zlib. %package devel -Summary:Free zip compression library with easy to use API +Summary:Development files for zziplib, a ZIP compression library Group: Development/Libraries/C and C++ Requires: %{lname} = %{version} Requires: pkgconfig(zlib) @@ -74,15 +73,13 @@ %configure \ --with-largefile \ --enable-frame-pointer \ - --disable-static \ - --with-pic + --disable-static make %{?_smp_mflags} %install %make_install rm -f docs/Make* docs/zziplib-manpages.ar find %{buildroot} -type f -name "*.la" -delete -print -%fdupes %{buildroot} %post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-02-21 14:07:47 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Wed Feb 21 14:07:47 2018 rev:28 rq:577974 version:0.13.68 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-16 21:40:49.431415249 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-21 14:07:50.558030161 +0100 @@ -1,0 +2,15 @@ +Sun Feb 18 03:25:53 UTC 2018 - avin...@opensuse.org + +- Update to 0.13.68: + * fix a number of CVEs reported with special *.zip files + * minor doc updates referencing GitHub instead of sf.net +- drop CVE-2018-6381.patch + * merged in a803559fa9194be895422ba3684cf6309b6bb598 +- drop CVE-2018-6484.patch + * merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3 +- drop CVE-2018-6540.patch + * merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7 +- drop CVE-2018-6542.patch + * merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110 + +--- Old: CVE-2018-6381.patch CVE-2018-6484.patch CVE-2018-6540.patch CVE-2018-6542.patch v0.13.67.tar.gz New: zziplib-0.13.68.tar.gz Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.MAVhh8/_old 2018-02-21 14:07:51.673989974 +0100 +++ /var/tmp/diff_new_pack.MAVhh8/_new 2018-02-21 14:07:51.673989974 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,21 +18,17 @@ %define lname libzzip-0-13 Name: zziplib -Version:0.13.67 +Version:0.13.68 Release:0 Summary:Free Zip Compression Library with an Easy-to-Use API License:LGPL-2.1+ Group: System/Libraries Url:http://zziplib.sourceforge.net -Source0:https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz +Source0: https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source2:baselibs.conf Patch0: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch -Patch3: CVE-2018-6381.patch -Patch4: CVE-2018-6484.patch -Patch5: CVE-2018-6540.patch -Patch6: CVE-2018-6542.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -70,10 +66,6 @@ %patch0 %patch1 %patch2 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-02-16 21:40:46 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Fri Feb 16 21:40:46 2018 rev:27 rq:577013 version:0.13.67 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-02-09 15:45:22.196079635 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-16 21:40:49.431415249 +0100 @@ -1,0 +2,13 @@ +Wed Feb 14 13:36:43 UTC 2018 - josef.moell...@suse.com + +- Changed %license to %doc in SPEC file. + +--- +Mon Feb 12 16:14:31 UTC 2018 - josef.moell...@suse.com + +- If the size of the central directory is too big, reject + the file. + Then, if loading the ZIP file fails, display an error message. + [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094] + +--- New: CVE-2018-6542.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.BTuyQg/_old 2018-02-16 21:40:50.451378465 +0100 +++ /var/tmp/diff_new_pack.BTuyQg/_new 2018-02-16 21:40:50.455378321 +0100 @@ -32,6 +32,7 @@ Patch3: CVE-2018-6381.patch Patch4: CVE-2018-6484.patch Patch5: CVE-2018-6540.patch +Patch6: CVE-2018-6542.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -72,6 +73,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am @@ -94,7 +96,7 @@ %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} -%license COPYING.LIB +%doc COPYING.LIB %{_libdir}/libzzip*.so.* %files devel ++ CVE-2018-6542.patch ++ Index: zziplib-0.13.67/zzip/mmapped.c === --- zziplib-0.13.67.orig/zzip/mmapped.c +++ zziplib-0.13.67/zzip/mmapped.c @@ -413,16 +413,19 @@ zzip_disk_findfirst(ZZIP_DISK * disk) for (; p >= disk->buffer; p--) { zzip_byte_t *root; /* (struct zzip_disk_entry*) */ + zzip_size_t rootsize; /* Size of root central directory */ + if (zzip_disk_trailer_check_magic(p)) { struct zzip_disk_trailer *trailer = (struct zzip_disk_trailer *) p; zzip_size_t rootseek = zzip_disk_trailer_get_rootseek(trailer); + rootsize = zzip_disk_trailer_get_rootsize(trailer); + root = disk->buffer + rootseek; DBG2("disk rootseek at %lli", (long long)rootseek); if (root > p) { /* the first disk_entry is after the disk_trailer? can't be! */ -zzip_size_t rootsize = zzip_disk_trailer_get_rootsize(trailer); DBG2("have rootsize at %lli", (long long)rootsize); if (disk->buffer + rootsize > p) continue; @@ -441,6 +444,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk) return 0; } zzip_size_t rootseek = zzip_disk64_trailer_get_rootseek(trailer); + rootsize = zzip_disk64_trailer_get_rootsize(trailer); DBG2("disk64 rootseek at %lli", (long long)rootseek); root = disk->buffer + rootseek; if (root > p) @@ -457,7 +461,7 @@ zzip_disk_findfirst(ZZIP_DISK * disk) errno = EBADMSG; return 0; } - if (root >= disk->endbuf) + if (root >= disk->endbuf || (root + rootsize) >= disk->endbuf) { DBG1("root behind endbuf should be impossible"); errno = EBADMSG; Index: zziplib-0.13.67/zzip/memdisk.c === --- zziplib-0.13.67.orig/zzip/memdisk.c +++ zziplib-0.13.67/zzip/memdisk.c @@ -143,6 +143,7 @@ zzip_mem_disk_load(ZZIP_MEM_DISK * dir, zzip_mem_disk_unload(dir); ___ long count = 0; ___ struct zzip_disk_entry *entry = zzip_disk_findfirst(disk); +if (!entry) goto error; for (; entry; entry = zzip_disk_findnext(disk, entry)) { ZZIP_MEM_ENTRY *item = zzip_mem_entry_new(disk, entry);
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-02-09 15:45:22 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Fri Feb 9 15:45:22 2018 rev:26 rq:573678 version:0.13.67 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2018-01-30 15:38:12.243971109 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-02-09 15:45:22.196079635 +0100 @@ -1,0 +2,25 @@ +Tue Feb 6 14:55:03 UTC 2018 - josef.moell...@suse.com + +- If an extension block is too small to hold an extension, + do not use the information therein. +- If the End of central directory record (EOCD) contains an + Offset of start of central directory which is beyond the end of + the file, reject the file. + [CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch] + +--- +Fri Feb 2 09:31:49 UTC 2018 - josef.moell...@suse.com + +- Reject the ZIP file and report it as corrupt if the size of the + central directory and/or the offset of start of central directory + point beyond the end of the ZIP file. + [CVE-2018-6484, boo#1078701, CVE-2018-6484.patch] + +--- +Thu Feb 1 10:49:56 UTC 2018 - josef.moell...@suse.com + +- If a file is uncompressed, compressed and uncompressed sizes + should be identical. + [CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch] + +--- New: CVE-2018-6381.patch CVE-2018-6484.patch CVE-2018-6540.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.3ajViQ/_old 2018-02-09 15:45:23.312039564 +0100 +++ /var/tmp/diff_new_pack.3ajViQ/_new 2018-02-09 15:45:23.316039421 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,9 @@ Patch0: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch +Patch3: CVE-2018-6381.patch +Patch4: CVE-2018-6484.patch +Patch5: CVE-2018-6540.patch BuildRequires: autoconf BuildRequires: automake BuildRequires: fdupes @@ -66,6 +69,9 @@ %patch0 %patch1 %patch2 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 # do not bother with html docs saving us python2 dependency sed -i -e 's:docs ::g' Makefile.am ++ CVE-2018-6381.patch ++ Index: zziplib-0.13.67/zzip/memdisk.c === --- zziplib-0.13.67.orig/zzip/memdisk.c +++ zziplib-0.13.67/zzip/memdisk.c @@ -209,6 +209,14 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI item->zz_diskstart = zzip_disk_entry_get_diskstart(entry); item->zz_filetype = zzip_disk_entry_get_filetype(entry); +/* + * If the file is uncompressed, zz_csize and zz_usize should be the same + * If they are not, we cannot guarantee that either is correct, so ... + */ +if (item->zz_compr == ZZIP_IS_STORED && item->zz_csize != item->zz_usize) +{ +goto error; +} /* zz_comment and zz_name are empty strings if not present on disk */ if (! item->zz_comment || ! item->zz_name) { ++ CVE-2018-6484.patch ++ Index: zziplib-0.13.67/zzip/zip.c === --- zziplib-0.13.67.orig/zzip/zip.c +++ zziplib-0.13.67/zzip/zip.c @@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o # endif __fixup_rootseek(offset + tail - mapped, trailer); + /* +* "extract data from files archived in a single zip file." +* So the file offsets must be within the current ZIP archive! +*/ + if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize) + return(ZZIP_CORRUPTED); { return(0); } } else if ((*tail == 'P') && end - tail >= @@ -338,6 +344,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_o zzip_disk64_trailer_finalentries(orig); trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig); trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig); + /* +
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2018-01-30 15:38:10 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Tue Jan 30 15:38:10 2018 rev:25 rq:569981 version:0.13.67 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2017-11-10 14:41:38.098275409 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2018-01-30 15:38:12.243971109 +0100 @@ -1,0 +2,28 @@ +Tue Jan 23 20:18:19 UTC 2018 - tchva...@suse.com + +- Drop tests as they fail completely anyway, not finding lib needing + zip command, this should allow us to kill python dependency +- Also drop docs subdir avoiding python dependency for it + * The generated xmls were used for mans too but we shipped those +only in devel pkg and as such we will live without them + +--- +Tue Jan 23 20:03:01 UTC 2018 - tchva...@suse.com + +- Version update to 0.13.67: + * Various fixes found by fuzzing + * Merged bellow patches +- Remove merged patches: + * zziplib-CVE-2017-5974.patch + * zziplib-CVE-2017-5975.patch + * zziplib-CVE-2017-5976.patch + * zziplib-CVE-2017-5978.patch + * zziplib-CVE-2017-5979.patch + * zziplib-CVE-2017-5981.patch +- Switch to github tarball as upstream seem no longer pull it to + sourceforge +- Remove no longer applying patch zziplib-unzipcat-NULL-name.patch + * The sourcecode was quite changed for this to work this way +anymore, lets hope this is fixed too + +--- Old: zziplib-0.13.62.tar.bz2 zziplib-CVE-2017-5974.patch zziplib-CVE-2017-5975.patch zziplib-CVE-2017-5976.patch zziplib-CVE-2017-5978.patch zziplib-CVE-2017-5979.patch zziplib-CVE-2017-5981.patch zziplib-unzipcat-NULL-name.patch New: v0.13.67.tar.gz Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.rEAbbX/_old 2018-01-30 15:38:13.291922181 +0100 +++ /var/tmp/diff_new_pack.rEAbbX/_new 2018-01-30 15:38:13.291922181 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,32 +18,23 @@ %define lname libzzip-0-13 Name: zziplib -Version:0.13.62 +Version:0.13.67 Release:0 Summary:Free Zip Compression Library with an Easy-to-Use API License:LGPL-2.1+ Group: System/Libraries Url:http://zziplib.sourceforge.net -Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 +Source0:https://github.com/gdraheim/zziplib/archive/v%{version}.tar.gz Source2:baselibs.conf Patch0: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch -Patch3: zziplib-CVE-2017-5974.patch -Patch4: zziplib-CVE-2017-5975.patch -Patch5: zziplib-CVE-2017-5976.patch -Patch6: zziplib-CVE-2017-5978.patch -Patch7: zziplib-CVE-2017-5979.patch -Patch8: zziplib-unzipcat-NULL-name.patch -Patch9: zziplib-CVE-2017-5981.patch BuildRequires: autoconf BuildRequires: automake -BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: xmlto -BuildRequires: pkgconfig(python2) BuildRequires: pkgconfig(zlib) %description @@ -75,13 +66,8 @@ %patch0 %patch1 %patch2 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +# do not bother with html docs saving us python2 dependency +sed -i -e 's:docs ::g' Makefile.am %build autoreconf -fiv @@ -94,31 +80,25 @@ %install %make_install -# Fix wrong encoding -dos2unix docs/README.MSVC6 -dos2unix docs/sdocbook.css rm -f docs/Make* docs/zziplib-manpages.ar find %{buildroot} -type f -name "*.la" -delete -print %fdupes %{buildroot} -%check -make %{?_smp_mflags} check || exit 0 - %post -n %{lname} -p /sbin/ldconfig %postun -n %{lname} -p /sbin/ldconfig %files -n %{lname} +%license COPYING.LIB %{_libdir}/libzzip*.so.* %files devel -%doc docs/README* docs/* ChangeLog README TODO +%doc docs/README* ChangeLog README TODO %{_bindir}/unzzip* %{_bindir}/zz* %{_bindir}/unzip-mem %{_libdir}/libzzip*.so %{_includedir}/* %{_libdir}/pkgconfig/*.pc -%{_mandir}/man3/* %{_datadir}/aclocal/*.m4 %changelog
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2017-11-10 14:40:06 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Fri Nov 10 14:40:06 2017 rev:24 rq:539292 version:0.13.62 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2017-03-31 15:04:43.292811777 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2017-11-10 14:41:38.098275409 +0100 @@ -1,0 +2,7 @@ +Wed Nov 1 12:37:02 UTC 2017 - mplus...@suse.com + +- Packaking changes: + * Depend on python2 explicitly + * Cleanup with spec-cleaner + +--- Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.5cUiBl/_old 2017-11-10 14:41:39.038241433 +0100 +++ /var/tmp/diff_new_pack.5cUiBl/_new 2017-11-10 14:41:39.042241288 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,17 @@ # -Name: zziplib %define lname libzzip-0-13 +Name: zziplib +Version:0.13.62 +Release:0 Summary:Free Zip Compression Library with an Easy-to-Use API License:LGPL-2.1+ Group: System/Libraries -Version:0.13.62 -Release:0 Url:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 Source2:baselibs.conf -Patch: zziplib-0.13.62.patch +Patch0: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch Patch3: zziplib-CVE-2017-5974.patch @@ -36,33 +36,35 @@ Patch7: zziplib-CVE-2017-5979.patch Patch8: zziplib-unzipcat-NULL-name.patch Patch9: zziplib-CVE-2017-5981.patch +BuildRequires: autoconf +BuildRequires: automake BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig -BuildRequires: python -BuildRequires: zlib-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: xmlto +BuildRequires: pkgconfig(python2) +BuildRequires: pkgconfig(zlib) %description ZZipLib is a library for dealing with zip and zip-like archives by using free algorithms of zlib. -%package -n %lname +%package -n %{lname} Summary:Free zip compression library with easy to use API Group: System/Libraries -Obsoletes: zziplib < %version-%release -Provides: zziplib = %version-%release +Obsoletes: zziplib < %{version}-%{release} +Provides: zziplib = %{version}-%{release} -%description -n %lname +%description -n %{lname} ZZipLib is a library for dealing with zip and zip-like archives by using free algorithms of zlib. %package devel Summary:Free zip compression library with easy to use API Group: Development/Libraries/C and C++ -Requires: %lname = %version -Requires: zlib-devel +Requires: %{lname} = %{version} +Requires: pkgconfig(zlib) %description devel That are the header files needed for developing applications using @@ -70,7 +72,7 @@ %prep %setup -q -%patch +%patch0 %patch1 %patch2 %patch3 -p1 @@ -81,35 +83,34 @@ %patch8 -p1 %patch9 -p1 -# Fix wrong encoding -dos2unix docs/README.MSVC6 -dos2unix docs/sdocbook.css - %build autoreconf -fiv -%configure --with-largefile --enable-frame-pointer --disable-static --with-pic -make %{?_smp_mflags} all; -make doc; +%configure \ + --with-largefile \ + --enable-frame-pointer \ + --disable-static \ + --with-pic +make %{?_smp_mflags} %install -%makeinstall -%{__rm} -f docs/Make* docs/zziplib-manpages.ar -find "%buildroot" -name "*.la" -type f -delete -%fdupes %buildroot +%make_install +# Fix wrong encoding +dos2unix docs/README.MSVC6 +dos2unix docs/sdocbook.css +rm -f docs/Make* docs/zziplib-manpages.ar +find %{buildroot} -type f -name "*.la" -delete -print +%fdupes %{buildroot} %check -%{__make} check || exit 0 - -%post -n %lname -p /sbin/ldconfig +make %{?_smp_mflags} check || exit 0 -%postun -n %lname -p /sbin/ldconfig +%post -n %{lname} -p /sbin/ldconfig +%postun -n %{lname} -p /sbin/ldconfig -%files -n %lname -%defattr(-,root,root) +%files -n %{lname} %{_libdir}/libzzip*.so.* %files devel -%defattr(-,root,root) %doc docs/README* docs/* ChangeLog README TODO %{_bindir}/unzzip* %{_bindir}/zz*
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2017-03-31 15:04:40 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib" Fri Mar 31 15:04:40 2017 rev:23 rq:482259 version:0.13.62 Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2013-03-22 13:07:21.0 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2017-03-31 15:04:43.292811777 +0200 @@ -1,0 +2,26 @@ +Thu Mar 23 13:32:03 UTC 2017 - josef.moell...@suse.com + +- Several bugs fixed: + * heap-based buffer overflows +(bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch) + * check if "relative offset of local header" in "central +directory header" really points to a local header +(ZZIP_FILE_HEADER_MAGIC) +(bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch) + * protect against bad formatted data in extra blocks +(bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch) + * NULL pointer dereference in main (unzzipcat-mem.c) +(bsc#1024532, bsc#1024536, CVE-2017-5975, +zziplib-CVE-2017-5975.patch) + * protect against huge values of "extra field length" +in local file header and central file header +(bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch) + * clear ZZIP_ENTRY record before use. +(bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977, +zziplib-CVE-2017-5979.patch) + * prevent unzzipcat.c from trying to print a NULL name +(bsc#1024537, zziplib-unzipcat-NULL-name.patch) + * Replace assert() by going to error exit. +(bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch) + +--- New: zziplib-CVE-2017-5974.patch zziplib-CVE-2017-5975.patch zziplib-CVE-2017-5976.patch zziplib-CVE-2017-5978.patch zziplib-CVE-2017-5979.patch zziplib-CVE-2017-5981.patch zziplib-unzipcat-NULL-name.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.KZVsC5/_old 2017-03-31 15:04:44.212681735 +0200 +++ /var/tmp/diff_new_pack.KZVsC5/_new 2017-03-31 15:04:44.216681170 +0200 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,6 +29,13 @@ Patch: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch Patch2: zziplib-largefile.patch +Patch3: zziplib-CVE-2017-5974.patch +Patch4: zziplib-CVE-2017-5975.patch +Patch5: zziplib-CVE-2017-5976.patch +Patch6: zziplib-CVE-2017-5978.patch +Patch7: zziplib-CVE-2017-5979.patch +Patch8: zziplib-unzipcat-NULL-name.patch +Patch9: zziplib-CVE-2017-5981.patch BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: libtool @@ -66,6 +73,14 @@ %patch %patch1 %patch2 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 + # Fix wrong encoding dos2unix docs/README.MSVC6 dos2unix docs/sdocbook.css ++ zziplib-CVE-2017-5974.patch ++ Index: zziplib-0.13.62/zzip/memdisk.c === --- zziplib-0.13.62.orig/zzip/memdisk.c +++ zziplib-0.13.62/zzip/memdisk.c @@ -216,12 +216,12 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI /* override sizes/offsets with zip64 values for largefile support */ zzip_extra_zip64 *block = (zzip_extra_zip64 *) zzip_mem_entry_extra_block(item, ZZIP_EXTRA_zip64); -if (block) +if (block && ZZIP_GET16(block->z_datasize) >= (8 + 8 + 8 + 4)) { -item->zz_usize = __zzip_get64(block->z_usize); -item->zz_csize = __zzip_get64(block->z_csize); -item->zz_offset = __zzip_get64(block->z_offset); -item->zz_diskstart = __zzip_get32(block->z_diskstart); +item->zz_usize = ZZIP_GET64(block->z_usize); +item->zz_csize = ZZIP_GET64(block->z_csize); +item->zz_offset = ZZIP_GET64(block->z_offset); +item->zz_diskstart = ZZIP_GET32(block->z_diskstart); } } /* NOTE: ++ zziplib-CVE-2017-5975.patch ++ Index: zziplib-0.13.62/zzip/memdisk.c === --- zziplib-0.13.62.orig/zzip/memdisk.c +++ zziplib-0.13.62/zzip/memdisk.c @@ -173,6 +173,8 @@ zzip_mem_entry_new(ZZIP_DISK * disk, ZZI return 0; /* errno=ENOMEM;
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2013-03-22 13:07:17 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib", Maintainer is "wgottw...@novell.com" Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2012-12-17 09:50:29.0 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2013-03-22 13:07:21.0 +0100 @@ -1,0 +2,6 @@ +Sat Mar 16 21:37:21 UTC 2013 - sch...@linux-m68k.org + +- zziplib-largefile.patch: Enable largefile support +- Enable debug information + +--- New: zziplib-largefile.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.ffONn0/_old 2013-03-22 13:07:25.0 +0100 +++ /var/tmp/diff_new_pack.ffONn0/_new 2013-03-22 13:07:25.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,25 +16,25 @@ # - Name: zziplib %define lname libzzip-0-13 Summary:Free Zip Compression Library with an Easy-to-Use API -Version:0.13.62 -Release:0 License:LGPL-2.1+ Group: System/Libraries +Version:0.13.62 +Release:0 Url:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 Source2:baselibs.conf Patch: zziplib-0.13.62.patch Patch1: zziplib-0.13.62-wronglinking.patch +Patch2: zziplib-largefile.patch +BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: libtool BuildRequires: pkgconfig BuildRequires: python BuildRequires: zlib-devel -BuildRequires: dos2unix BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -52,10 +52,10 @@ using free algorithms of zlib. %package devel -License:LGPL-2.1+ Summary:Free zip compression library with easy to use API Group: Development/Libraries/C and C++ -Requires: %lname = %version, zlib-devel +Requires: %lname = %version +Requires: zlib-devel %description devel That are the header files needed for developing applications using @@ -65,13 +65,14 @@ %setup -q %patch %patch1 +%patch2 # Fix wrong encoding dos2unix docs/README.MSVC6 dos2unix docs/sdocbook.css %build autoreconf -fiv -%configure --enable-largefile --disable-static --with-pic +%configure --with-largefile --enable-frame-pointer --disable-static --with-pic make %{?_smp_mflags} all; make doc; ++ zziplib-largefile.patch ++ Index: configure.ac === --- configure.ac.orig +++ configure.ac @@ -125,7 +125,7 @@ if test ".$ac_cv_sys_largefile_sensitive elif test ".$with_largefile" != ".no" ; then AC_MSG_RESULT(compiles library as 64bit off_t variant dnl - and renaming some function names) - LARGEFILE_CFLAGS="$LARGEFILE_CFLAGS -D_LARGEFILE_SOURCE" + LARGEFILE_CFLAGS="$LARGEFILE_CFLAGS -D_ZZIP_LARGEFILE -D_LARGEFILE_SOURCE" AC_MSG_RESULT(..adding CFLAGS $LARGEFILE_CFLAGS) CFLAGS="$CFLAGS $LARGEFILE_CFLAGS" AC_MSG_RESULT(..adding 64 into RELEASE_INFO for the libraries) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2012-12-17 09:50:27 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib", Maintainer is "wgottw...@novell.com" Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2011-11-21 12:52:15.0 +0100 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2012-12-17 09:50:29.0 +0100 @@ -1,0 +2,12 @@ +Sat Dec 15 18:36:24 UTC 2012 - p.drou...@gmail.com + +- Update to 0.13.62 version: + * configure.ac: fallback to libtool -export-dynamic unless being sure to + use gnu-ld --export-dynamic. The darwin case is a bit special here + as the c-compiler and linker might be from different worlds. +* Makefile.am: allow nonstaic build +* wrap fd.open like in the Fedora patch +- Remove the package name on summary +- Add dos2unix as build dependencie to fix a wrong file encoding + +--- Old: zziplib-0.13.49.patch zziplib-0.13.58-wronglinking.patch zziplib-0.13.58.tar.bz2 New: zziplib-0.13.62-wronglinking.patch zziplib-0.13.62.patch zziplib-0.13.62.tar.bz2 Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.8W4j4j/_old 2012-12-17 09:50:31.0 +0100 +++ /var/tmp/diff_new_pack.8W4j4j/_new 2012-12-17 09:50:31.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package zziplib # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,17 +19,22 @@ Name: zziplib %define lname libzzip-0-13 -Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API -Version:0.13.58 -Release:9 +Summary:Free Zip Compression Library with an Easy-to-Use API +Version:0.13.62 +Release:0 License:LGPL-2.1+ Group: System/Libraries Url:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 Source2:baselibs.conf -Patch: zziplib-0.13.49.patch -Patch1: zziplib-0.13.58-wronglinking.patch -BuildRequires: fdupes libtool pkgconfig python zlib-devel +Patch: zziplib-0.13.62.patch +Patch1: zziplib-0.13.62-wronglinking.patch +BuildRequires: fdupes +BuildRequires: libtool +BuildRequires: pkgconfig +BuildRequires: python +BuildRequires: zlib-devel +BuildRequires: dos2unix BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -37,7 +42,7 @@ using free algorithms of zlib. %package -n %lname -Summary:ZZipLib: free zip compression library with easy to use API +Summary:Free zip compression library with easy to use API Group: System/Libraries Obsoletes: zziplib < %version-%release Provides: zziplib = %version-%release @@ -48,7 +53,7 @@ %package devel License:LGPL-2.1+ -Summary:ZZipLib: free zip compression library with easy to use API +Summary:Free zip compression library with easy to use API Group: Development/Libraries/C and C++ Requires: %lname = %version, zlib-devel @@ -60,6 +65,9 @@ %setup -q %patch %patch1 +# Fix wrong encoding +dos2unix docs/README.MSVC6 +dos2unix docs/sdocbook.css %build autoreconf -fiv ++ zziplib-0.13.58-wronglinking.patch -> zziplib-0.13.62-wronglinking.patch ++ --- /work/SRC/openSUSE:Factory/zziplib/zziplib-0.13.58-wronglinking.patch 2011-09-23 12:53:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib-0.13.62-wronglinking.patch 2012-12-17 09:50:29.0 +0100 @@ -1,14 +1,14 @@ --- configure.ac.orig +++ configure.ac -@@ -288,7 +288,7 @@ case "$host_os" in - - if test ".$can_build_shared" = .no - then ZZIPLIB_LDFLAGS="" --else ZZIPLIB_LDFLAGS="--export-dynamic" -+else ZZIPLIB_LDFLAGS="-Wl,--export-dynamic" - fi - RESOLVES=' # ' - ;; +@@ -302,7 +302,7 @@ + RESOLVES=" # " + ;; *) + if test ".$can_build_shared" != ".no" ; then +- ZZIPLIB_LDFLAGS="-export-dynamic" ++ ZZIPLIB_LDFLAGS="-Wl,-export-dynamic" + if test ".$lt_cv_prog_gnu_ld" == ".yes" ; then + ZZIPLIB_LDFLAGS="${wl}--export-dynamic" + # TODO: that is for backward compatibility only --- zzip/Makefile.am.orig +++ zzip/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = 1.5 foreign ++ zziplib-0.13.49.patch -> zziplib-0.13.
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2011-12-06 19:21:37 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib", Maintainer is "wgottw...@novell.com" Changes: Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.HnOvOS/_old 2011-12-06 20:03:13.0 +0100 +++ /var/tmp/diff_new_pack.HnOvOS/_new 2011-12-06 20:03:13.0 +0100 @@ -22,7 +22,7 @@ Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API Version:0.13.58 Release:9 -License:LGPLv2.1+ +License:LGPL-2.1+ Group: System/Libraries Url:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 @@ -47,7 +47,7 @@ using free algorithms of zlib. %package devel -License:LGPLv2.1+ +License:LGPL-2.1+ Summary:ZZipLib: free zip compression library with easy to use API Group: Development/Libraries/C and C++ Requires: %lname = %version, zlib-devel -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at 2011-11-21 12:51:34 Comparing /work/SRC/openSUSE:Factory/zziplib (Old) and /work/SRC/openSUSE:Factory/.zziplib.new (New) Package is "zziplib", Maintainer is "wgottw...@novell.com" Changes: --- /work/SRC/openSUSE:Factory/zziplib/zziplib.changes 2011-09-23 12:53:46.0 +0200 +++ /work/SRC/openSUSE:Factory/.zziplib.new/zziplib.changes 2011-11-21 12:52:15.0 +0100 @@ -1,0 +2,5 @@ +Sat Nov 19 15:38:23 UTC 2011 - co...@suse.com + +- add libtool as buildrequire to avoid implicit dependency + +--- Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.yzXGMD/_old 2011-11-21 12:52:17.0 +0100 +++ /var/tmp/diff_new_pack.yzXGMD/_new 2011-11-21 12:52:17.0 +0100 @@ -24,12 +24,12 @@ Release:9 License:LGPLv2.1+ Group: System/Libraries -URL:http://zziplib.sourceforge.net +Url:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 Source2:baselibs.conf Patch: zziplib-0.13.49.patch Patch1: zziplib-0.13.58-wronglinking.patch -BuildRequires: fdupes pkgconfig python zlib-devel +BuildRequires: fdupes libtool pkgconfig python zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at Thu Sep 22 10:54:02 CEST 2011. --- zziplib/zziplib.changes 2011-04-30 21:04:22.0 +0200 +++ /mounts/work_src_done/STABLE/zziplib/zziplib.changes2011-09-16 18:18:56.0 +0200 @@ -1,0 +2,6 @@ +Fri Sep 16 16:02:33 UTC 2011 - jeng...@medozas.de + +- Implement shlib policy/packaging for package, add baselibs.conf + and resolve redundant constructs + +--- calling whatdependson for head-i586 New: baselibs.conf Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.3qo6Op/_old 2011-09-22 10:53:59.0 +0200 +++ /var/tmp/diff_new_pack.3qo6Op/_new 2011-09-22 10:53:59.0 +0200 @@ -15,32 +15,42 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild Name: zziplib +%define lname libzzip-0-13 Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API Version:0.13.58 Release:9 License:LGPLv2.1+ Group: System/Libraries -AutoReqProv:on -Url:http://zziplib.sourceforge.net +URL:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 +Source2:baselibs.conf Patch: zziplib-0.13.49.patch Patch1: zziplib-0.13.58-wronglinking.patch -BuildRequires: pkgconfig python zlib-devel +BuildRequires: fdupes pkgconfig python zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build %description ZZipLib is a library for dealing with zip and zip-like archives by using free algorithms of zlib. +%package -n %lname +Summary:ZZipLib: free zip compression library with easy to use API +Group: System/Libraries +Obsoletes: zziplib < %version-%release +Provides: zziplib = %version-%release + +%description -n %lname +ZZipLib is a library for dealing with zip and zip-like archives by +using free algorithms of zlib. + %package devel License:LGPLv2.1+ Summary:ZZipLib: free zip compression library with easy to use API Group: Development/Libraries/C and C++ -Requires: %{name} = %{version} zlib-devel +Requires: %lname = %version, zlib-devel %description devel That are the header files needed for developing applications using @@ -54,27 +64,25 @@ %build autoreconf -fiv %configure --enable-largefile --disable-static --with-pic -%{__make} %{?jobs:-j%jobs} -make doc +make %{?_smp_mflags} all; +make doc; %install -%{__make} DESTDIR=%{buildroot} install +%makeinstall %{__rm} -f docs/Make* docs/zziplib-manpages.ar -%{__rm} -f %{buildroot}%{_libdir}/*.la +find "%buildroot" -name "*.la" -type f -delete +%fdupes %buildroot %check %{__make} check || exit 0 -%clean -%{__rm} -rf %{buildroot} - -%post -p /sbin/ldconfig +%post -n %lname -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig -%files +%files -n %lname %defattr(-,root,root) -%{_libdir}/libzzip*-*.so.* +%{_libdir}/libzzip*.so.* %files devel %defattr(-,root,root) ++ baselibs.conf ++ # Obsoletes added in 0.13.58; change to "<" starting with 0.13.59 libzzip-0-13 obsoletes "zziplib- <= " provides "zziplib- = " zziplib-devel requires -zziplib- requires "libzzip-0-13- = " Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit zziplib for openSUSE:Factory
Hello community, here is the log from the commit of package zziplib for openSUSE:Factory checked in at Mon May 2 12:24:01 CEST 2011. --- zziplib/zziplib.changes 2010-02-17 10:47:43.0 +0100 +++ /mounts/work_src_done/STABLE/zziplib/zziplib.changes2011-04-30 21:04:22.0 +0200 @@ -1,0 +2,5 @@ +Sat Apr 30 15:22:39 UTC 2011 - crrodrig...@opensuse.org + +- Fix build with gcc 4.6 + +--- calling whatdependson for head-i586 New: zziplib-0.13.58-wronglinking.patch Other differences: -- ++ zziplib.spec ++ --- /var/tmp/diff_new_pack.edCvTz/_old 2011-05-02 12:23:41.0 +0200 +++ /var/tmp/diff_new_pack.edCvTz/_new 2011-05-02 12:23:41.0 +0200 @@ -1,7 +1,7 @@ # -# spec file for package zziplib (Version 0.13.58) +# spec file for package zziplib # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,13 +21,14 @@ Name: zziplib Summary:ZZipLib: Free Zip Compression Library with an Easy-to-Use API Version:0.13.58 -Release:1 +Release:9 License:LGPLv2.1+ Group: System/Libraries AutoReqProv:on Url:http://zziplib.sourceforge.net Source0: http://prdownloads.sourceforge.net/zziplib/%{name}-%{version}.tar.bz2 Patch: zziplib-0.13.49.patch +Patch1: zziplib-0.13.58-wronglinking.patch BuildRequires: pkgconfig python zlib-devel BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -48,6 +49,7 @@ %prep %setup -q %patch +%patch1 %build autoreconf -fiv ++ zziplib-0.13.58-wronglinking.patch ++ --- configure.ac.orig +++ configure.ac @@ -288,7 +288,7 @@ case "$host_os" in if test ".$can_build_shared" = .no then ZZIPLIB_LDFLAGS="" -else ZZIPLIB_LDFLAGS="--export-dynamic" +else ZZIPLIB_LDFLAGS="-Wl,--export-dynamic" fi RESOLVES=' # ' ;; --- zzip/Makefile.am.orig +++ zzip/Makefile.am @@ -2,7 +2,7 @@ AUTOMAKE_OPTIONS = 1.5 foreign AUTOTOOL_VERSION=autoconf-2.52 automake-1.5 libtool-1.4.2 DEFAULT_INCLUDES = # nothing - no default of -I. -I$(srcdir) DEFS = @DEFS@ -I$(top_builddir) -I$(top_srcdir) # also for automake 1.4 - +AM_CFLAGS = -fno-strict-aliasing lib_LTLIBRARIES = libzzip.la libzzipmmapped.la libzzipfseeko.la zzipdir = ${includedir}/zzip zzip_HEADERS = $(libzzip_la_headers) \ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org