File libplist.changes of Package libplist.4095

Overview Repositories Revisions Requests Users Attributes Meta

File libplist.changes of Package libplist.4095

-------------------------------------------------------------------
Tue May  2 20:35:33 UTC 2017 - mgorse@suse.com

- Add libplist-boo1029631-32bit.patch: ensure that sanity checks
  work on 32-bit platforms (boo#1029631 CVE-2017-6440).

-------------------------------------------------------------------
Mon May  1 20:05:46 UTC 2017 - mgorse@suse.com

- Add libplist-boo1035312-overflow-fixes.patch: add some safety
  checks, backported from upstream (boo#1035312 CVE-2017-7982).

-------------------------------------------------------------------
Tue Feb  7 12:13:33 UTC 2017 - alarrosa@suse.com

- Add patches from upstream to fix a multitude of memory leaks,
  out of bound reads and writes and check index ranges:
  0001-Fix-possible-crash-in-plist_from_bin-caused-by-access-to-already-freed-memory.patch
  0002-Plug-memory-leaks-caused-by-unused-and-unfreed-buffer.patch
  0003-Refactor-binary-plist-parsing-in-a-recursive-way.patch
  0004-Make-sure-to-compare-the-node-sizes-for-integer-nodes.patch
  0005-Change-internal-storage-of-PLIST_DATE-values-from-struct-timeval-to-double.patch
  0006-Fix-possible-out-of-bounds-read-in-parse_dict_node-with-proper-bounds-checking.patch
  0007-Fix-possible-out-of-bounds-reads-in-parse_bin_node.patch
  0008-Make-sure-the-index-in-parse_bin_node_at_index-is-actually-within-the-offset-table.patch
  0009-Prevent-out-of-bounds-read-in-plist_from_bin-when-parsing-offset_table.patch
  0010-Make-sure-to-error-out-if-allocation-of-used_indexes-buffer-in-plist_from_bin-fails.patch
  0011-Disallow-key-nodes-with-non-string-node-types.patch
  0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
  0013-Improve-UINT_TO_HOST-macro-remove-uint24_from_be-function.patch
  0014-Check-for-invalid-offset_size-in-bplist-trailer.patch
  0015-Use-proper-struct-for-binary-plist-trailer.patch
  0016-Mass-rename-dict_size-and-param_dict_size-to-more-appropiate-ref_size.patch
  0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch
  0018-Avoid-heap-buffer-allocation-when-parsing-array-dict-string-data-node-sizes-14.patch
  0019-Unify-size-node-parsing-for-data-string-array-dict-nodes.patch
  0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch
  0021-Fix-OOB-write-on-heap-buffer-and-improve-recursion-check.patch
  0022-Make-sure-node-index-is-smaller-than-number-of-objects.patch
  0023-Make-sure-the-offset-table-is-in-the-correct-range.patch
  0024-Plug-memory-leak-in-case-parsing-a-dictionary-key-fails.patch
  0026-bplist-Improve-real-date-node-de-serialization.patch
  0027-bplist-Improve-parsing-unicode-nodes.patch
  0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
  0030-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
  0031-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch
  0032-bplist-Properly-handle-some-more-malloc-failure-situ.patch
  0033-plist-Fix-assert-to-allow-16-or-8-byte-integer-sizes.patch
  C0001-Plug-memory-leak-when-converting-PLIST_UID-nodes-to-XML.patch
  C0002-Improve-writing-of-array-and-dictionary-nodes.patch
  C0003-Improve-writing-of-integer-nodes.patch
  C0004-Fix-UID-node-parsing-to-match-Apples-parser.patch
  C0005-Improve-writing-of-UID-nodes.patch
  C0006-Improve-writing-of-data-string-and-unicode-nodes.patch
  C0007-Improve-writing-of-offset-table.patch
- Added patches from upstream so the previous list of patches (which
  was prepared for libplist 1.12) apply correctly in libplist :
  A0001-fix-compiler-warnings.patch
  A0002-fix-invalid-memory-access-in-copy_plist_data.patch
  A0003-implemented-handling-of-UID-keyed-encoding-type.patch
  A0004-use-__FLOAT_WORD_ORDER__-instead-of-__VFP_FP__-for-floating-point-endianness-detection.patch
  A0005-prevent-segmentation-fault-in-plist_from_bin.patch
  A0006-Fix-timezone-bound-date-time-conversion.patch
  A0007-Fix-memory-leaking-caused-by-unused-nodes-in-plist_from_bin.patch
  A0008-Silence-compiler-warnings-about-shadowing-global-declarations.patch
  A0009-Fix-PLIST_DATE-parsing-in-xml_to_node.patch
  A0010-Fix-PLIST_DATE-handling-to-respect-the-Mac-epoch.patch
  A0011-Handle-signed-vs-unsigned-integer-values-correctly.patch
  A0012-Silence-compiler-warning-about-always-true-comparison-due-to-type-mismatch.patch
  A0013-Prevent-crash-in-plist_from_bin-when-parsing-unusually-structured-binary-plist.patch
  A0014-Drop-src-common.h-and-use-byte-order-macros-from-config.h-directly.patch
  A0015-Fix-plist_from_bin-changing-value-nodes-to-key-nodes-in-dictionaries.patch
- Renamed 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to
  0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to integrate
  the patch in the list of patches sorted by date.
- In particular, 0011-Disallow-key-nodes-with-non-string-node-types.patch
  fixes a type inconsistency by which a maliciously crafted file could
  cause the application to crash (bsc#1023807, CVE-2017-5836).
- 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch fixes a
  vulnerability by which a maliciously crafted file could cause libplist
  to allocate large amounts of memory and consume lots of CPU
  (bsc#1023822, CVE-2017-5835).
- 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch
  fixes a vulnerability by which a maliciously crafted file could cause
  a heap buffer overflow and a segmentation fault (bsc#1023848,
  CVE-2017-5834)
- Also added these patches from upstream:
  B0002-base64-use-strtok_r-instead-of-strtok-to-make-sure-were-thread-safe.patch
  B0003-base64-get-rid-of-strtok_r-and-use-strspn-strcspn-instead.patch
  B0004-silence-compiler-warning-by-using-correct-type.patch
  B0005-base64-Prevent-buffer-overflow-by-not-decoding-blocks-with-less-than-4-chrs.patch
  B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch
  B0007-base64-Rework-base64decode-to-handle-split-encoded-data.patch
- These patches fix CVE-2017-5209 and boo#1019531: The base64decode function
  in base64.c allows attackers to obtaiin sensitive info from
  process memory or cause a denial of service (buffer over-read)
  via split encoded Apple Property List data.
- Added drop-common.h.patch . This is a cutted-down version of an
  upstream patch needed as a dependency for the rest of patches.

-------------------------------------------------------------------
Tue Jan 31 17:24:19 UTC 2017 - alarrosa@suse.com

- Add 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch
  This patch (from upstream, rebased) prevents an OOB heap buffer
  read which could allow attackers to obtain sensitive information
  from process memory or cause a DoS (bsc#1021610, CVE-2017-5545).

-------------------------------------------------------------------
Mon Apr 15 12:54:38 UTC 2013 - mmeister@suse.com

- Added url as source.
  Please see http://en.opensuse.org/SourceUrls

-------------------------------------------------------------------
Tue Aug 28 15:52:14 UTC 2012 - cfarrell@suse.com

- license update: LGPL-2.1+
  LGPL-2.1 can be relicensed to GPL without further permission. No need to
  explicitly call out the GPL as a license option. Fedora has been using
  LGPL-2.1+ for awhile so gain compatibility there too

-------------------------------------------------------------------
Mon Apr 09 15:45:03 CEST 2012 - opensuse@sukimashita.com

- Allow compilation on 11.4 by disabling cython bindings

-------------------------------------------------------------------
Mon Apr 02 15:54:57 CEST 2012 - opensuse@sukimashita.com

- Update to version 1.8
  * Add Cython based Python bindings
  * Fix memory corruption in libcnary
  * Fix building on Big Endian systems
  * Removed glib dependency, libplist now uses bundled libcnary
  * Fix building of Python bindings with GCC 4.6
- Do not build SWIG bindings for Python
- Remove gcc46_build_fix.patch due to upstream fixes
- Update pkgconfig patch

-------------------------------------------------------------------
Tue Jan 31 10:50:25 UTC 2012 - jengelh@medozas.de

- Remove redundant tags/sections per specfile guideline suggestions
- Parallel building using %_smp_mflags

-------------------------------------------------------------------
Wed Oct  5 12:24:02 UTC 2011 - uli@suse.com

- cross-build fix: set cmake root, python paths
- cross-build workaround: move installed files from sysroot to
  real root

-------------------------------------------------------------------
Tue Jun 28 13:59:00 UTC 2011 - aj@suse.de

- Add baselibs.conf - needed by usbmuxd's baselibs.conf.

-------------------------------------------------------------------
Mon May 16 22:18:07 UTC 2011 - cgiboudeaux@gmx.com

- Add gcc46_build_fix.patch. Fixes build with GCC4.6

-------------------------------------------------------------------
Sun Mar 20 18:17:36 CEST 2011 - opensuse@sukimashita.com

- Update to version 1.4
  * New maintainer and source location
  * Update AUTHORS from git history
  * Fix Unicode writing in binary plists
  * Update plist doctype
  * Fix Dictionary copy constructor
  * Fix Mac OS X library install path detection
  * Plug memory leak when writing Unicode data
- Remove pkgconfig patch due to upstream fixes

-------------------------------------------------------------------
Wed Dec  8 21:18:28 UTC 2010 - cristian.rodriguez@opensuse.org

- Fix both -devel package dependencies and broken pkgconfig file

-------------------------------------------------------------------
Tue Apr 27 11:20:20 CEST 2010 - opensuse@sukimashita.com

- Update to version 1.3
  * Endianness, alignment and type-punning fixes
  * Fix armel floating point endianess 
  * Allow compiling with mingw on Windows
  * Minor bugfixes

-------------------------------------------------------------------
Thu Apr  1 00:17:48 CEST 2010 - vuntz@opensuse.org

- Clean up packaging, based on what I did in multimedia:libs.

-------------------------------------------------------------------
Thu Mar 25 11:14:40 CET 2010 - meissner@suse.de

- run prepare_spec

-------------------------------------------------------------------
Fri Jan 22 01:40:54 CEST 2010 - opensuse@sukimashita.com

- Update to version 1.2
  * Fix xml entity conversion
  * Silence build warnings
- Remove upstreamed patches

-------------------------------------------------------------------
Sat Jan 09 11:07:34 CEST 2010 - opensuse@sukimashita.com

- Add patches to fix xml entity conversion and tests

-------------------------------------------------------------------
Wed Dec 30 18:33:27 CEST 2009 - opensuse@sukimashita.com

- Update to version 1.1
  * Fix use of integer nodes within Python Bindings

-------------------------------------------------------------------
Tue Dec 08 00:20:17 CEST 2009 - opensuse@sukimashita.com

- Update to version 1.0
  * Bugfixes
  * Remove deprecated API

-------------------------------------------------------------------
Wed Oct 28 21:01:57 CEST 2009 - opensuse@sukimashita.com

- Update to version 0.16
  * Build fixes
  * Fix issues with SWIG

-------------------------------------------------------------------
Sat Oct 24 23:53:01 CEST 2009 - opensuse@sukimashita.com

- Update to version 0.15
  * Build fixes
- Update to version 0.14
  * Add C++ binding
  * Refactor API
  * Bugfixes

-------------------------------------------------------------------
Sun Jul 19 00:06:10 CEST 2009 - opensuse@sukimashita.com

- Update to version 0.13
  * Add plist_copy for deep node copies
  * Add node setter functions
  * Unlink nodes from parent if free'd
  * Update Python bindings

-------------------------------------------------------------------
Wed May 06 01:06:10 CEST 2009 - opensuse@sukimashita.com

- Update to version 0.12
  * Merge ascii and unicode handling in PLIST_STRING using UTF-8
  * Remove unicode related declaration in API (breaks API&ABI)
  * Fix bad variable type for date elements
  * Silence compiler warnings
  * Plugged few memory leaks

-------------------------------------------------------------------
Wed Apr 22 00:02:19 CET 2009 - opensuse@sukimashita.com

- Update to version 0.11
  * Fix Python binding segfaults
  * Python API additions
  * Better binary buffer handling in Python bindings

-------------------------------------------------------------------
Sun Apr 12 19:17:41 CET 2009 - opensuse@sukimashita.com

- Update to version 0.10

-------------------------------------------------------------------
Tue Apr 07 10:20:57 CET 2009 - opensuse@sukimashita.com

- Add patch to fix uninitialized buffer

-------------------------------------------------------------------
Sat Apr 04 11:08:16 CET 2009 - opensuse@sukimashita.com

- Initial package created

Places

File libplist.changes of Package libplist.4095

Places