zziplib-devel-0.13.69-lp150.7.1<>,Lԉ] /=„z0AH#T& l h)PШ/5 {_ ޏUR9jӼ}>>=?=xd " [ >DL0 0 l0 0 0 <0 000p0T$(89:F*G*0H+`0I, 0X,PY,l\,0]-t0^/Lb/c0d1-e12f15l17u1L0v2 w:0x;0yjosef.moellers@suse.comjosef.moellers@suse.comjosef.moellers@suse.comjosef.moellers@suse.comavindra@opensuse.orgadam.majer@suse.dejengelh@inai.deavindra@opensuse.orgjosef.moellers@suse.comjosef.moellers@suse.comjosef.moellers@suse.comjosef.moellers@suse.comjosef.moellers@suse.comtchvatal@suse.comtchvatal@suse.commpluskal@suse.comjosef.moellers@suse.com- Fixed another instance where division by 0 may occur. [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]- Prevent division by zero by first checking if uncompressed size is 0. This may happen with directories which have a compressed and uncompressed size of 0. [bsc#1129403, bsc1129403-prevent-division-by-zero.patch]- Remove any "../" components from pathnames of extracted files. [bsc#1110687, CVE-2018-17828, CVE-2018-17828.patch]- Avoid memory leak from __zzip_parse_root_directory(). Free allocated structure if its address is not passed back. [bsc#1107424, CVE-2018-16548, CVE-2018-16548.patch]- Check if data from End of central directory record makes sense. Especially the Offset of start of central directory must not a) be negative or b) point behind the end-of-file. - Check if compressed size in Central directory file header makes sense, i.e. the file's data does not extend beyond the end of the file. [bsc#1084517, CVE-2018-7726, CVE-2018-7726.patch, bsc#1084519, CVE-2018-7725, CVE-2018-7725.patch]- Update to 0.13.69: * fix a number of CVEs reported with special *.zip PoC files * completing some doc strings while checking the new man-pages to look good * update refs to point to github instead of sf.net * man-pages are generated with new dbk2man.py - docbook xmlto is optional now * a zip-program is still required for testing, but some errors are gone when not present - run spec-cleaner - don't ship Windows only file, README.MSVC6- Drop BR: fdupes since it does nothing.- Fix RPM groups. Remove ineffective --with-pic. Trim redundancies from description. Do not let fdupes run across partitions.- Update to 0.13.68: * fix a number of CVEs reported with special *.zip files * minor doc updates referencing GitHub instead of sf.net - drop CVE-2018-6381.patch * merged in a803559fa9194be895422ba3684cf6309b6bb598 - drop CVE-2018-6484.patch * merged in 0c0c9256b0903f664bca25dd8d924211f81e01d3 - drop CVE-2018-6540.patch * merged in 15b8c969df962a444dfa07b3d5bd4b27dc0dbba7 - drop CVE-2018-6542.patch * merged in 938011cd60f5a8a2a16a49e5f317aca640cf4110- Changed %license to %doc in SPEC file.- If the size of the central directory is too big, reject the file. Then, if loading the ZIP file fails, display an error message. [CVE-2018-6542.patch, CVE-2018-6542, bsc#1079094]- If an extension block is too small to hold an extension, do not use the information therein. - If the End of central directory record (EOCD) contains an Offset of start of central directory which is beyond the end of the file, reject the file. [CVE-2018-6540, bsc#1079096, CVE-2018-6540.patch]- Reject the ZIP file and report it as corrupt if the size of the central directory and/or the offset of start of central directory point beyond the end of the ZIP file. [CVE-2018-6484, boo#1078701, CVE-2018-6484.patch]- If a file is uncompressed, compressed and uncompressed sizes should be identical. [CVE-2018-6381, bsc#1078497, CVE-2018-6381.patch]- Drop tests as they fail completely anyway, not finding lib needing zip command, this should allow us to kill python dependency - Also drop docs subdir avoiding python dependency for it * The generated xmls were used for mans too but we shipped those only in devel pkg and as such we will live without them- Version update to 0.13.67: * Various fixes found by fuzzing * Merged bellow patches - Remove merged patches: * zziplib-CVE-2017-5974.patch * zziplib-CVE-2017-5975.patch * zziplib-CVE-2017-5976.patch * zziplib-CVE-2017-5978.patch * zziplib-CVE-2017-5979.patch * zziplib-CVE-2017-5981.patch - Switch to github tarball as upstream seem no longer pull it to sourceforge - Remove no longer applying patch zziplib-unzipcat-NULL-name.patch * The sourcecode was quite changed for this to work this way anymore, lets hope this is fixed too- Packaking changes: * Depend on python2 explicitly * Cleanup with spec-cleaner- Several bugs fixed: * heap-based buffer overflows (bsc#1024517, CVE-2017-5974, zziplib-CVE-2017-5974.patch) * check if "relative offset of local header" in "central directory header" really points to a local header (ZZIP_FILE_HEADER_MAGIC) (bsc#1024528, CVE-2017-5975, zziplib-CVE-2017-5975.patch) * protect against bad formatted data in extra blocks (bsc#1024531, CVE-2017-5976, zziplib-CVE-2017-5976.patch) * NULL pointer dereference in main (unzzipcat-mem.c) (bsc#1024532, bsc#1024536, CVE-2017-5975, zziplib-CVE-2017-5975.patch) * protect against huge values of "extra field length" in local file header and central file header (bsc#1024533, CVE-2017-5978, zziplib-CVE-2017-5978.patch) * clear ZZIP_ENTRY record before use. (bsc#1024534, bsc#1024535, CVE-2017-5979, CVE-2017-5977, zziplib-CVE-2017-5979.patch) * prevent unzzipcat.c from trying to print a NULL name (bsc#1024537, zziplib-unzipcat-NULL-name.patch) * Replace assert() by going to error exit. (bsc#1034539, CVE-2017-5981, zziplib-CVE-2017-5981.patch)obs-power8-05 1571818229  !"#$%&'()*+,-./00.13.690.13.690.13.690.13.690.13.69-lp150.7.10.13.69-lp150.7.1unzip-memunzzipunzzip-bigunzzip-memunzzip-mixzzcatzzdirzzxorcatzzxorcopyzzxordirzzipzzip-io.hzzip.h_config.h_msvc.hautoconf.hconf.hfetch.hfile.hformat.hfseeko.hinfo.hlib.hmemdisk.hmmapped.hplugin.hstdint.htypes.hwrap.hwrite.hzzip.hzzip32.hzziplib.hlibzzip.solibzzipfseeko.solibzzipmmapped.solibzzipwrap.sozzip-zlib-config.pczzipfseeko.pczziplib.pczzipmmapped.pczzipwrap.pczziplib.m4zziplib-develChangeLogREADMEREADME.SDLTODO/usr/bin//usr/include//usr/include/zzip//usr/lib64//usr/lib64/pkgconfig//usr/share/aclocal//usr/share/doc/packages//usr/share/doc/packages/zziplib-devel/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11326/openSUSE_Leap_15.0_Update_ports/198c5a4d7ec4c0d0f991a4294876324a-zziplib.openSUSE_Leap_15.0_Updatedrpmxz5ppc64le-suse-linux  ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=43e72f88eca526d0f8b2dedb50c0f0546feffa1f, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=4b26d8c312a1cdd7fda6824d75512ef7bab8f155, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=7d512ecb74b189937c3f636b383a8068e6b51020, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=700ac4aef0cf304168940529a2a55bd676d5844c, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=b54613c688409c9ae173bf48c67575ca2a4f1796, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=e686672a50c00c8d554f0f88fbdd299fd24e2dce, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=c539b062df1a4ac1083bfd89ea0c0b9efb6cbeed, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=a0f08bad8c40412e1b0ea7f7bafc1d2d0dfb1c7e, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=9f85924c81f940255285694a382bc5e991ef3d0d, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=278c8d0d2812698189b7c2f3d5258264eaf634dd, strippeddirectoryC source, ASCII textpkgconfig fileM4 macro processor script, ASCII textUTF-8 Unicode textASCII text  #&)RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRPRPRR PRR PRR PRR /Jg@SAWr*)vutf-82919d95a87d9521444b736ef1a72f5e22c56c6ef0b10fb9407799d191afb654a? 7zXZ !t/E ]"k%LsXNģ'68"dy-S'l=ċZ .faܘқ%[{Tky?uRc;+DKrN( Mp]`.K3!h[`e+1UIO>T51j2pGŚʯ@Q4>E5e,ݙ=bD- Yz<6p#1 J NC[KRh2ؒ)-E)> k{o" 匤B axuJ-׃,/DQ)mF,h`n#I0_xc9_Px_*ceANfGEO}dH7 bVgh5`iw8WoY( H`$,*B^;bQF|=RYׯI_L-}-_S5Vřc\[SiEJ8,F3Fd;z\v?#-!.clS 7=|V~uw l!Cߌ>p!Aud-J^%5]Yͨa#`_,)xU> : )rSo\H z!&c6}[|ٳ戴>֧ٺG)IS̤KǺBEnts!86!|aM5H_l߾jϓq ;q$%:cVxM/{:Nt h8`"="oPe`9"ň} v樯^](ŏ֖Gvļ|+D߉v|Q_~w:$Xg'Â$F8{1&c=GQS`ӳY-QN.eQN0Hߩ5˶5טH$lUYy=FȅMC湊va"٨G֯B g {Dxvn12(`&3NgS a`'*}1Ǟ?'#Ry.:}ފ"_mU298Yn<{L)_h 7"CY}0go9FМ9E_gHnJ"XN?(jg'Nt0?zDSTP$lK$*SLװEÕrJs-<kJoiIbX4Ud/hFF<{‘rAPsS3i9)+z،3PX @t2B/' ȹtiljziې2@ 8.*d09E#w\-ֈ\CZ׽uHj_G0܍a:.;!ta$8T$Q͆`i!mA7dOҤsx|mCԈMɾzNm lV:cU:%qAG1o/[%z?M)o6Y=Ssbr)M]v3(GyqR-“(I'[]TzBڃ5@6DU jع ':)#s^AK^khcW U}h2Qj˱ rH["ٯn헯xrPlE(b8,Bf%uhԁ:Sw)NRapU 䊛bwn}==.n%(R5ՍYЭ9x¶:mZ3>ƿȁNccDty{2(fvZCSEdxmC-}ZVV^jڝ3X_zKs)k!-N6$89\ VܫL}q 6t[8 aضB[aL \cX܉Rys|>A@mmH=dgt7$ݠv6=^7|]sP3mϴo2bd*16 h{'ф٠+_/px:kW+~ NgPR}m3Di%"90ogLhDȁ's!UH71ARC'¶-@[p KО,nclծƀa7Ly>kf_`\s#-@o4>yM! YZ