Hello community,
here is the log from the commit of package libzip for openSUSE:Factory checked
in at 2012-03-22 12:35:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libzip (Old)
and /work/SRC/openSUSE:Factory/.libzip.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzip", Maintainer is ""
Changes:
--------
--- /work/SRC/openSUSE:Factory/libzip/libzip.changes 2012-02-16
16:19:28.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libzip.new/libzip.changes 2012-03-22
12:36:15.000000000 +0100
@@ -1,0 +2,7 @@
+Tue Mar 20 16:12:30 UTC 2012 - pgaj...@suse.com
+
+- updated to 0.10.1: fixes
+ * CVE-2012-1162 [bnc#751829]
+ * CVE-2012-1163 [bnc#751830]
+
+-------------------------------------------------------------------
Old:
----
libzip-0.10.tar.bz2
New:
----
libzip-0.10.1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libzip.spec ++++++
--- /var/tmp/diff_new_pack.Q0N11j/_old 2012-03-22 12:36:17.000000000 +0100
+++ /var/tmp/diff_new_pack.Q0N11j/_new 2012-03-22 12:36:17.000000000 +0100
@@ -16,8 +16,9 @@
#
+
Name: libzip
-Version: 0.10
+Version: 0.10.1
Release: 0
Summary: C library for reading, creating, and modifying zip archives
License: BSD-3-Clause
++++++ libzip-0.10.tar.bz2 -> libzip-0.10.1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/CMakeLists.txt
new/libzip-0.10.1/CMakeLists.txt
--- old/libzip-0.10/CMakeLists.txt 2011-03-18 13:53:20.000000000 +0100
+++ new/libzip-0.10.1/CMakeLists.txt 2012-03-15 10:33:17.000000000 +0100
@@ -20,7 +20,7 @@
SET(PACKAGE_NAME ${PACKAGE})
SET(PACKAGE_VERSION_MAJOR "0")
SET(PACKAGE_VERSION_MINOR "10")
-SET(PACKAGE_VERSION_PATCH "0")
+SET(PACKAGE_VERSION_PATCH "1")
SET(VERSION
"${PACKAGE_VERSION_MAJOR}.${PACKAGE_VERSION_MINOR}.${PACKAGE_VERSION_PATCH}")
SET(PACKAGE_VERSION ${VERSION})
SET(PACKAGE_STRING "${PACKAGE_NAME} ${PACKAGE_VERSION}")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/NEWS new/libzip-0.10.1/NEWS
--- old/libzip-0.10/NEWS 2011-03-18 12:37:10.000000000 +0100
+++ new/libzip-0.10.1/NEWS 2012-03-15 10:38:10.000000000 +0100
@@ -1,3 +1,8 @@
+0.10.1 [2012/03/20]
+
+* Fixed CVE-2012-1162
+* Fixed CVE-2012-1163
+
0.10 [2010/03/18]
* Added zip_get_num_files(), deprecated zip_get_num_entries().
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/THANKS new/libzip-0.10.1/THANKS
--- old/libzip-0.10/THANKS 2011-03-16 12:18:44.000000000 +0100
+++ new/libzip-0.10.1/THANKS 2012-03-15 10:35:10.000000000 +0100
@@ -17,3 +17,4 @@
Simon Talbot <sim...@nse.co.uk>
Stephen Bryant <st...@bawue.de>
Tarmo Pikaro <tap...@yahoo.com>
+Timo Warns <wa...@pre-sense.de>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/configure new/libzip-0.10.1/configure
--- old/libzip-0.10/configure 2011-03-18 12:38:18.000000000 +0100
+++ new/libzip-0.10.1/configure 2012-03-15 10:38:16.000000000 +0100
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for libzip 0.10.
+# Generated by GNU Autoconf 2.68 for libzip 0.10.1.
#
# Report bugs to <libzip-disc...@nih.at>.
#
@@ -709,8 +709,8 @@
# Identity of this package.
PACKAGE_NAME='libzip'
PACKAGE_TARNAME='libzip'
-PACKAGE_VERSION='0.10'
-PACKAGE_STRING='libzip 0.10'
+PACKAGE_VERSION='0.10.1'
+PACKAGE_STRING='libzip 0.10.1'
PACKAGE_BUGREPORT='libzip-disc...@nih.at'
PACKAGE_URL=''
@@ -881,8 +881,7 @@
LDFLAGS
LIBS
CPPFLAGS
-CPP
-CPPFLAGS'
+CPP'
# Initialize some variables set by options.
@@ -1425,7 +1424,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libzip 0.10 to adapt to many kinds of systems.
+\`configure' configures libzip 0.10.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1495,7 +1494,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libzip 0.10:";;
+ short | recursive ) echo "Configuration of libzip 0.10.1:";;
esac
cat <<\_ACEOF
@@ -1595,7 +1594,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libzip configure 0.10
+libzip configure 0.10.1
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2299,7 +2298,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libzip $as_me 0.10, which was
+It was created by libzip $as_me 0.10.1, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3118,7 +3117,7 @@
# Define the identity of the package.
PACKAGE='libzip'
- VERSION='0.10'
+ VERSION='0.10.1'
cat >>confdefs.h <<_ACEOF
@@ -5043,13 +5042,13 @@
else
lt_cv_nm_interface="BSD nm"
echo "int some_variable = 0;" > conftest.$ac_ext
- (eval echo "\"\$as_me:5046: $ac_compile\"" >&5)
+ (eval echo "\"\$as_me:5045: $ac_compile\"" >&5)
(eval "$ac_compile" 2>conftest.err)
cat conftest.err >&5
- (eval echo "\"\$as_me:5049: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+ (eval echo "\"\$as_me:5048: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
(eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
cat conftest.err >&5
- (eval echo "\"\$as_me:5052: output\"" >&5)
+ (eval echo "\"\$as_me:5051: output\"" >&5)
cat conftest.out >&5
if $GREP 'External.*some_variable' conftest.out > /dev/null; then
lt_cv_nm_interface="MS dumpbin"
@@ -6254,7 +6253,7 @@
;;
*-*-irix6*)
# Find out which ABI we are using.
- echo '#line 6257 "configure"' > conftest.$ac_ext
+ echo '#line 6256 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@@ -7783,11 +7782,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:7786: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:7785: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:7790: \$? = $ac_status" >&5
+ echo "$as_me:7789: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8122,11 +8121,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8125: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8124: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
- echo "$as_me:8129: \$? = $ac_status" >&5
+ echo "$as_me:8128: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@@ -8227,11 +8226,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8230: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8229: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8234: \$? = $ac_status" >&5
+ echo "$as_me:8233: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -8282,11 +8281,11 @@
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
- (eval echo "\"\$as_me:8285: $lt_compile\"" >&5)
+ (eval echo "\"\$as_me:8284: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
- echo "$as_me:8289: \$? = $ac_status" >&5
+ echo "$as_me:8288: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@@ -10649,7 +10648,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10652 "configure"
+#line 10651 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -10745,7 +10744,7 @@
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<_LT_EOF
-#line 10748 "configure"
+#line 10747 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@@ -11903,7 +11902,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libzip $as_me 0.10, which was
+This file was extended by libzip $as_me 0.10.1, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -11969,7 +11968,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libzip config.status 0.10
+libzip config.status 0.10.1
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/configure.ac
new/libzip-0.10.1/configure.ac
--- old/libzip-0.10/configure.ac 2011-03-18 12:37:29.000000000 +0100
+++ new/libzip-0.10.1/configure.ac 2012-03-15 10:33:24.000000000 +0100
@@ -1,5 +1,5 @@
AC_PREREQ(2.57)
-AC_INIT([libzip],[0.10],[libzip-disc...@nih.at])
+AC_INIT([libzip],[0.10.1],[libzip-disc...@nih.at])
AC_CONFIG_SRCDIR([lib/zip_add.c])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_MACRO_DIR([m4])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/lib/zip_open.c
new/libzip-0.10.1/lib/zip_open.c
--- old/libzip-0.10/lib/zip_open.c 2011-03-16 12:18:44.000000000 +0100
+++ new/libzip-0.10.1/lib/zip_open.c 2012-03-15 10:31:52.000000000 +0100
@@ -200,7 +200,7 @@
cd->comment = NULL;
cd->comment_len = _zip_read2(&cdp);
- if (cd->offset+cd->size > buf_offset + (eocd-buf)) {
+ if (((zip_uint64_t)cd->offset)+cd->size > buf_offset + (eocd-buf)) {
/* cdir spans past EOCD record */
_zip_error_set(error, ZIP_ER_INCONS, 0);
cd->nentry = 0;
@@ -257,7 +257,7 @@
left = cd->size;
i=0;
- do {
+ while (i<cd->nentry && left > 0) {
if ((_zip_dirent_read(cd->entry+i, fp, bufp, &left, 0, error)) < 0) {
cd->nentry = i;
_zip_cdir_free(cd);
@@ -274,7 +274,7 @@
return NULL;
}
}
- } while (i<cd->nentry && left > 0);
+ }
cd->nentry = i;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/lib/zipconf.h
new/libzip-0.10.1/lib/zipconf.h
--- old/libzip-0.10/lib/zipconf.h 2011-03-18 13:51:33.000000000 +0100
+++ new/libzip-0.10.1/lib/zipconf.h 2012-03-15 10:38:23.000000000 +0100
@@ -8,7 +8,7 @@
based on ../config.h.
*/
-#define LIBZIP_VERSION "0.10"
+#define LIBZIP_VERSION "0.10.1"
#define LIBZIP_VERSION_MAJOR 0
#define LIBZIP_VERSION_MINOR 10
#define LIBZIP_VERSION_MICRO 0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/regress/Makefile.in
new/libzip-0.10.1/regress/Makefile.in
--- old/libzip-0.10/regress/Makefile.in 2011-03-18 12:38:32.000000000 +0100
+++ new/libzip-0.10.1/regress/Makefile.in 2012-03-15 10:38:41.000000000
+0100
@@ -43,7 +43,7 @@
tryopen$(EXEEXT)
EXTRA_PROGRAMS = deltest$(EXEEXT) ziptest$(EXEEXT)
subdir = regress
-DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in TODO
+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libzip-0.10/regress/TODO
new/libzip-0.10.1/regress/TODO
--- old/libzip-0.10/regress/TODO 2011-03-16 17:17:36.000000000 +0100
+++ new/libzip-0.10.1/regress/TODO 1970-01-01 01:00:00.000000000 +0100
@@ -1,4 +0,0 @@
- /* ZIP_ER_OPEN */
- /* ZIP_ER_READ */
- /* ZIP_ER_SEEK */
- /* ZIP_ER_INCONS */
++++++ libzip-ocloexec.patch ++++++
--- /var/tmp/diff_new_pack.Q0N11j/_old 2012-03-22 12:36:17.000000000 +0100
+++ /var/tmp/diff_new_pack.Q0N11j/_new 2012-03-22 12:36:17.000000000 +0100
@@ -1,3 +1,5 @@
+Index: lib/zip_close.c
+===================================================================
--- lib/zip_close.c.orig
+++ lib/zip_close.c
@@ -44,9 +44,9 @@
@@ -29,6 +31,8 @@
_zip_error_set(&za->error, ZIP_ER_TMPOPEN, errno);
free(temp);
return NULL;
+Index: lib/zip_open.c
+===================================================================
--- lib/zip_open.c.orig
+++ lib/zip_open.c
@@ -71,7 +71,7 @@ zip_open(const char *fn, int flags, int
@@ -40,6 +44,8 @@
set_error(zep, NULL, ZIP_ER_OPEN);
return NULL;
}
+Index: lib/zip_source_filep.c
+===================================================================
--- lib/zip_source_filep.c.orig
+++ lib/zip_source_filep.c
@@ -133,7 +133,7 @@ read_file(void *state, void *data, zip_u
@@ -51,12 +57,14 @@
z->e[0] = ZIP_ER_OPEN;
z->e[1] = errno;
return -1;
+Index: configure.ac
+===================================================================
--- configure.ac.orig
+++ configure.ac
@@ -1,4 +1,4 @@
-AC_PREREQ(2.57)
+AC_PREREQ([2.68])
- AC_INIT([libzip],[0.10],[libzip-disc...@nih.at])
+ AC_INIT([libzip],[0.10.1],[libzip-disc...@nih.at])
AC_CONFIG_SRCDIR([lib/zip_add.c])
AC_CONFIG_HEADERS([config.h])
@@ -7,7 +7,9 @@ AM_INIT_AUTOMAKE
@@ -79,6 +87,8 @@
AC_CHECK_FUNCS([_open _snprintf _strcmpi _strdup _stricmp fseeko ftello
getopt open snprintf strcasecmp strdup])
AC_CHECK_FUNCS([mkstemp], [], [AC_LIBOBJ(mkstemp)])
+Index: lib/Makefile.am
+===================================================================
--- lib/Makefile.am.orig
+++ lib/Makefile.am
@@ -1,5 +1,5 @@
@@ -88,6 +98,8 @@
lib_LTLIBRARIES = libzip.la
noinst_HEADERS = zipint.h
include_HEADERS = zip.h
+Index: regress/Makefile.am
+===================================================================
--- regress/Makefile.am.orig
+++ regress/Makefile.am
@@ -45,7 +45,6 @@ TESTS= \
@@ -105,6 +117,8 @@
-AM_CPPFLAGS=-I${top_srcdir}/lib
+AM_CPPFLAGS=-I${top_srcdir}/lib -include ${top_srcdir}/config.h
LDADD=${top_builddir}/lib/libzip.la
+Index: lib/zipint.h
+===================================================================
--- lib/zipint.h.orig
+++ lib/zipint.h
@@ -43,7 +43,6 @@
@@ -115,6 +129,8 @@
#ifndef HAVE_FSEEKO
#define fseeko(s, o, w) (fseek((s), (long int)(o), (w)))
+Index: src/Makefile.am
+===================================================================
--- src/Makefile.am.orig
+++ src/Makefile.am
@@ -1,3 +1,4 @@
@@ -122,6 +138,8 @@
bin_PROGRAMS=zipcmp zipmerge ziptorrent
zipcmp_CPPFLAGS=-I${top_srcdir}/lib
+Index: regress/tryopen.c
+===================================================================
--- regress/tryopen.c.orig
+++ regress/tryopen.c
@@ -39,6 +39,7 @@
@@ -132,6 +150,8 @@
#include "zip.h"
+Index: regress/fread.c
+===================================================================
--- regress/fread.c.orig
+++ regress/fread.c
@@ -95,7 +95,7 @@ main(int argc, char *argv[])
--
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org
