Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
unzip-rcc.3339
unzip-rcc.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File unzip-rcc.changes of Package unzip-rcc.3339
------------------------------------------------------------------- Tue Jun 26 10:56:36 UTC 2018 - kstreitova@suse.com - Add CVE-2018-1000035.patch: Fix a heap-based buffer overflow in password protected ZIP archives [CVE-2018-1000035], [bsc#1080074] - Add unzip60-total_disks_zero.patch that fixes a bug when unzip is unable to process Windows zip64 archives because Windows archivers set total_disks field to 0 but per standard, valid values are 1 and higher [bnc#910683] - Update Fix-CVE-2014-9636-unzip-buffer-overflow.patch to the new version as the original one isn't sufficient [bnc#914442] [CVE-2014-9636] ------------------------------------------------------------------- Tue Feb 21 08:16:15 UTC 2017 - josef.moellers@suse.com - Fixed two potential buffer overflows. The patches were extracted from http://antinode.info/ftp/info-zip/unzip60/zipinfo.c and http://antinode.info/ftp/info-zip/unzip60/list.c (bsc#1013992, bsc#1013993, CVE-2016-9844, CVE-2014-9913, CVE-2016-9844.patch, CVE-2014-9913) ------------------------------------------------------------------- Wed Oct 12 13:04:47 UTC 2016 - josef.moellers@suse.com - When decrypting an encrypted file, quit early if compressed size < HEAD_LEN. When extracting avoid an infinite loop if a file never finishes unzipping. (bsc#950110, bsc#950111, CVE-2015-7696, CVE-2015-7697, CVE-2015-7696.patch, CVE-2015-7697.patch) ------------------------------------------------------------------- Tue Jan 27 22:54:08 UTC 2015 - tbehrens@suse.com - Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch: fix heap overflow for STORED field data (fixes bnc#914442) ------------------------------------------------------------------- Tue Dec 23 00:22:21 UTC 2014 - meissner@suse.com - build with PIE ------------------------------------------------------------------- Mon Dec 22 00:10:41 UTC 2014 - tbehrens@suse.com - Add Fix-CVE-2014-8139-unzip.patch: fix heap overflow condition in the CRC32 verification (fixes bnc#909214) - Add Fix-CVE-2014-8140-and-CVE-2014-8141.patch: fix write error (*_8349_*) shows a problem in extract.c:test_compr_eb(), and: read errors (*_6430_*, *_3422_*) show problems in process.c:getZip64Data() (fixes bnc#909214) ------------------------------------------------------------------- Fri Aug 2 18:29:07 UTC 2013 - coolo@suse.com - fix defaultattr for old distros ------------------------------------------------------------------- Fri Aug 2 13:55:08 UTC 2013 - coolo@suse.com - split the rcc dependency into a spec file of it's own, we don't need that complexity during build causing cycles like this: unzip -> librcc -> libproxy -> libXau -> xorg-x11-proto-devel -> docbook-xsl-stylesheets ------------------------------------------------------------------- Fri Apr 5 10:07:44 UTC 2013 - idonmez@suse.com - Cleanup spec file - Add Source URL, see https://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Fri Aug 5 13:57:24 CEST 2011 - pth@suse.de - Don't call isprint (bnc#620483). ------------------------------------------------------------------- Mon May 23 14:21:44 UTC 2011 - lnussel@suse.de - remove use of __DATE__ from correct file ------------------------------------------------------------------- Sat May 07 23:16:45 UTC 2011 - idoenmez@novell.com - Sync our compile time flags with Debian except Acorn stuff, this enables UTF-8, saves an unrelated warning about lchmod being not implemented. - Enable make check ------------------------------------------------------------------- Fri Jan 28 13:50:13 UTC 2011 - lnussel@suse.de - use dlopen for librcc0. A direct requires causes lots of other packages to get installed such as aspell which bloats a minimal install. ------------------------------------------------------------------- Mon Aug 30 19:44:17 UTC 2010 - cristian.rodriguez@opensuse.org - Do not include build host specific info like build dates In binaries. ------------------------------------------------------------------- Fri Jun 25 18:21:34 CEST 2010 - pth@suse.de - Doing open(O_WRONLY) and then fdopen("w+") will now fail with "Invalid Argument" whereas former glibcs would succeed. So now do open(O_RDWR). - Print error message when open(2) fails. - Add debugging traces in open_outfile. ------------------------------------------------------------------- Fri May 21 16:39:24 CEST 2010 - pth@suse.de - Update to 6.0: * Support PKWARE ZIP64 extensions, allowing Zip archives and Zip archive entries larger than 4 GiBytes and more than 65536 entries within a single Zip archive. This support is currently only available for Unix, OpenVMS and Win32/Win64. * Support for bzip2 compression method. * Support for UTF-8 encoded entry names, both through PKWARE's "General Purpose Flags Bit 11" indicator and Info-ZIP's new "up" unicode path extra field. (Currently, on Windows the UTF-8 handling is limited to the character subset contained in the configured non-unicode "system code page".) * Fixed "Time of Creation/Time of Use" vulnerability when setting attributes of extracted files, for Unix and Unix-like ports. * Fixed memory leak when processing invalid deflated data. * Fixed long-standing bug in unshrink (partial_clear), added boundary checks against invalid compressed data. * On Unix, keep inherited SGID attribute bit for extracted directories unless restoration of owner/group id or SUID/SGID/Tacky attributes was requested. * On Unix, allow extracted filenames to contain embedded control characters when explicitly requested by specifying the new command line option "-^". * On Unix, support restoration of symbolic link attributes. * On Unix, support restoration of 32-bit UID/GID data using the new "ux" IZUNIX3 extra field introduced with Zip 3.0. * Support symbolic links zipped up on VMS. * New -D option to suppress restoration of timestamps for extracted directory entries (on those ports that support setting of directory timestamps). By specifying "-DD", this new option also allows to suppress timestamp restoration for ALL extracted files on all UnZip ports which support restoration of timestamps. On VMS, the default behaviour is now to skip restoration of directory timestamps; here, "--D" restores ALL timestamps, "-D" restores none. * On OS/2, Win32, and Unix, the (previously optional) feature UNIXBACKUP to allow saving backup copies of overwritten files on extraction is now enabled by default. ------------------------------------------------------------------- Mon May 10 16:39:20 UTC 2010 - pth@suse.de - Use librcc to convert russian/slavic file names (bnc#540598). ------------------------------------------------------------------- Sun Dec 6 17:51:30 CET 2009 - jengelh@.medozas.de - enable parallel building ------------------------------------------------------------------- Tue Dec 9 15:53:53 CET 2008 - schwab@suse.de - Fix last change. ------------------------------------------------------------------- Mon Sep 15 12:32:57 CEST 2008 - ro@suse.de - use hardlink instead of softlink ------------------------------------------------------------------- Mon Feb 4 13:29:27 CET 2008 - pth@suse.de - Add patch to fix erroneous freeing of buffers (bnc#358425) ------------------------------------------------------------------- Fri Dec 7 12:52:06 CET 2007 - pth@suse.de - Pass file mode when calling open with O_CREAT. ------------------------------------------------------------------- Mon Dec 3 13:24:27 CET 2007 - pth@suse.de - Add patch to extend the maximum file/archive size to 2^32-8193 (4294959103) bytes. - Add patch to fix CVE-2005-2475 (bnc#274156) ------------------------------------------------------------------- Thu Jun 21 17:34:10 CEST 2007 - adrian@suse.de - fix changelog entry order ------------------------------------------------------------------- Thu May 3 15:25:39 CEST 2007 - pth@suse.de - Add patch from Takashi Iwai that adds a new option (-S) to unzip and infozip that disables file name translation (bnc#267901). - Recompress tarball with bzip2 ------------------------------------------------------------------- Fri Jan 27 02:30:41 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Thu Jan 26 15:28:44 CET 2006 - pth@suse.de - Reject file names that are too long (bnc#140304) - Use stack protector. ------------------------------------------------------------------- Fri Jan 20 17:41:23 CET 2006 - schwab@suse.de - Don't strip binaries. ------------------------------------------------------------------- Thu Dec 15 11:31:51 CET 2005 - pth@suse.de - Compile with (limited) large file support. This will support single files exceeding 2 GB as long as the archive stays below that theshold. ------------------------------------------------------------------- Mon Jun 13 22:46:31 CEST 2005 - rommel@suse.de - update to version 5.52 (bnc#67279) ------------------------------------------------------------------- Sat Aug 7 15:03:23 CEST 2004 - rommel@suse.de - update to version 5.51 (fixes old security bugs, adds PKWARE's compression code Deflate64) ------------------------------------------------------------------- Wed May 19 18:36:21 CEST 2004 - ro@suse.de - added -fno-strict-aliasing - really use RPM_OPT_FLAGS ------------------------------------------------------------------- Sun Jan 11 13:00:23 CET 2004 - adrian@suse.de - build as user ------------------------------------------------------------------- Tue Sep 23 16:53:44 CEST 2003 - rommel@suse.de - replaced fix for ../ exploit with a fix both for the ../ exploit and '/' exploit (Bugzilla #29311) ------------------------------------------------------------------- Thu Jul 3 12:57:38 CEST 2003 - rommel@suse.de - added fix for ../ exploit (Bugzilla #27667) ------------------------------------------------------------------- Fri Jan 17 14:42:19 CET 2003 - rommel@suse.de - fixed Summary: to be more verbose about what this package does ------------------------------------------------------------------- Wed Sep 18 00:57:21 CEST 2002 - ro@suse.de - removed bogus self-provides ------------------------------------------------------------------- Fri Jul 5 11:09:32 CEST 2002 - kukuk@suse.de - Use %ix86 macro ------------------------------------------------------------------- Mon Mar 11 2002 - rommel@suse.de - Update to 5.50 - took over parts of pmladek's patch (see below) ------------------------------------------------------------------- Thu Jan 24 13:43:46 CET 2002 - grimmer@suse.de - added unzip-5.42-iso8859_2.patch to fix coding conversion between Microsoft and Linux file names (originally from http://www.axis.cz/linux/zip_unzip.php3, enhanced to support both ISO8859-1 and ISO8859-2 by Petr Mladek <pmladek@suse.cz>) ------------------------------------------------------------------- Mon Apr 9 13:42:07 CEST 2001 - grimmer@suse.de - Update to 5.42 - file list fixes (new license file, documentation renames) ------------------------------------------------------------------- Wed Dec 13 17:49:59 CET 2000 - grimmer@suse.de - Update to 5.41 (now includes decryption support) - now Provides and Obsoletes crunzip - bzipped sources - use BuildRoot ------------------------------------------------------------------- Tue Feb 29 18:33:38 CET 2000 - schwab@suse.de - Add support for ia64. - /usr/man -> /usr/share/man ------------------------------------------------------------------- Wed Dec 22 16:19:18 MET 1999 - grimmer@suse.de - Added "Conflicts: crzip" to spec file - cleaned up Provides: tag ------------------------------------------------------------------- Fri Dec 17 16:40:10 MET 1999 - grimmer@suse.de - Spec file cleanups ------------------------------------------------------------------- Sat Nov 27 15:03:07 MET 1999 - kukuk@suse.de - Use linux_noasm Makefile target on SPARC ------------------------------------------------------------------- Mon Sep 13 17:23:57 CEST 1999 - bs@suse.de - ran old prepare_spec on spec file to switch to new prepare_spec. ------------------------------------------------------------------- Wed Sep 8 16:34:57 CEST 1999 - uli@suse.de - uses target linux_noasm for PPC ------------------------------------------------------------------- Wed Feb 24 09:42:16 MET 1999 - grimmer@suse.de - new version (5.40) - specfile modifications - added french description ------------------------------------------------------------------- Mon Jan 11 14:29:14 MET 1999 - ro@suse.de - use target linux_noasm for alpha ------------------------------------------------------------------- Fri Jan 23 15:03:52 MET 1998 - rj@suse.de - version 5.32 ------------------------------------------------------------------- Thu Feb 6 11:56:09 CET 1997 - rj@suse.de - version 5.12 - new test/changes/plist files
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor