Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3
libplist
libplist.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libplist.changes of Package libplist
------------------------------------------------------------------- Wed May 3 17:39:06 UTC 2017 - mgorse@suse.com - Add libplist-boo1035312-overflow-fixes.patch: add some safety checks, backported from upstream (boo#1035312 CVE-2017-7982). - Add libplist-boo1029631-32bit.patch: ensure that sanity checks work on 32-bit platforms (boo#1029631 CVE-2017-6440). ------------------------------------------------------------------- Tue Feb 7 12:13:33 UTC 2017 - alarrosa@suse.com - Add patches from upstream to fix a multitude of memory leaks, out of bound reads and writes and check index ranges: 0001-Fix-possible-crash-in-plist_from_bin-caused-by-access-to-already-freed-memory.patch 0002-Plug-memory-leaks-caused-by-unused-and-unfreed-buffer.patch 0003-Refactor-binary-plist-parsing-in-a-recursive-way.patch 0004-Make-sure-to-compare-the-node-sizes-for-integer-nodes.patch 0005-Change-internal-storage-of-PLIST_DATE-values-from-struct-timeval-to-double.patch 0006-Fix-possible-out-of-bounds-read-in-parse_dict_node-with-proper-bounds-checking.patch 0007-Fix-possible-out-of-bounds-reads-in-parse_bin_node.patch 0008-Make-sure-the-index-in-parse_bin_node_at_index-is-actually-within-the-offset-table.patch 0009-Prevent-out-of-bounds-read-in-plist_from_bin-when-parsing-offset_table.patch 0010-Make-sure-to-error-out-if-allocation-of-used_indexes-buffer-in-plist_from_bin-fails.patch 0011-Disallow-key-nodes-with-non-string-node-types.patch 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch 0013-Improve-UINT_TO_HOST-macro-remove-uint24_from_be-function.patch 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch 0015-Use-proper-struct-for-binary-plist-trailer.patch 0016-Mass-rename-dict_size-and-param_dict_size-to-more-appropiate-ref_size.patch 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch 0018-Avoid-heap-buffer-allocation-when-parsing-array-dict-string-data-node-sizes-14.patch 0019-Unify-size-node-parsing-for-data-string-array-dict-nodes.patch 0020-Prevent-OOB-read-when-parsing-data-string-array-dict-size-nodes.patch 0021-Fix-OOB-write-on-heap-buffer-and-improve-recursion-check.patch 0022-Make-sure-node-index-is-smaller-than-number-of-objects.patch 0023-Make-sure-the-offset-table-is-in-the-correct-range.patch 0024-Plug-memory-leak-in-case-parsing-a-dictionary-key-fails.patch 0026-bplist-Improve-real-date-node-de-serialization.patch 0027-bplist-Improve-parsing-unicode-nodes.patch 0029-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch 0030-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch 0031-bplist-Make-sure-to-bail-out-if-malloc-fails-in-pars.patch 0032-bplist-Properly-handle-some-more-malloc-failure-situ.patch 0033-plist-Fix-assert-to-allow-16-or-8-byte-integer-sizes.patch C0001-Plug-memory-leak-when-converting-PLIST_UID-nodes-to-XML.patch C0002-Improve-writing-of-array-and-dictionary-nodes.patch C0003-Improve-writing-of-integer-nodes.patch C0004-Fix-UID-node-parsing-to-match-Apples-parser.patch C0005-Improve-writing-of-UID-nodes.patch C0006-Improve-writing-of-data-string-and-unicode-nodes.patch C0007-Improve-writing-of-offset-table.patch - Renamed 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to 0012-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch to integrate the patch in the list of patches sorted by date. - In particular, 0011-Disallow-key-nodes-with-non-string-node-types.patch fixes a type inconsistency by which a maliciously crafted file could cause the application to crash (bsc#1023807, CVE-2017-5836). - 0014-Check-for-invalid-offset_size-in-bplist-trailer.patch fixes a vulnerability by which a maliciously crafted file could cause libplist to allocate large amounts of memory and consume lots of CPU (bsc#1023822, CVE-2017-5835). - 0017-Fix-possible-out-of-bounds-read-in-parse_array_node-with-proper-bounds-checking.patch fixes a vulnerability by which a maliciously crafted file could cause a heap buffer overflow and a segmentation fault (bsc#1023848, CVE-2017-5834) - Dropped CVE-2017-5209 and added B0005-base64-Prevent-buffer-overflow-by-not-decoding-blocks-with-less-than-4-chrs.patch B0006-Prevent-use-strlen-in-base64decode-when-input-buffer-size-is-known.patch B0007-base64-Rework-base64decode-to-handle-split-encoded-data.patch to replace the former. These patches fix the same CVE issue in the same way but they retain the information of the commits from upstream that fix it and add another check for a pointer to be inside bounds (boo#1019531, CVE-2017-5209) ------------------------------------------------------------------- Tue Jan 31 17:24:19 UTC 2017 - alarrosa@suse.com - Add 0001-Prevent-OOB-heap-buffer-read-by-checking-input-size.patch This patch (from upstream, rebased) prevents an OOB heap buffer read which could allow attackers to obtain sensitive information from process memory or cause a DoS (bsc#1021610, CVE-2017-5545). ------------------------------------------------------------------- Wed Jan 25 15:15:51 UTC 2017 - i@marguerite.su - Fixed CVE-2017-5209 and boo#1019531: The base64decode function in base64.c allows attackers to obtaiin sensitive info from process memory or cause a denial of service (buffer over-read) via split encoded Apple Property List data. - Added patch CVE-2017-5209.patch * Rework base64decode to handle spliti encoded data correctly * The credit goes to Nikias Bassen <nikias@gmx.li>, here's just a backport of the upstream commit ------------------------------------------------------------------- Tue Oct 21 22:40:00 UTC 2014 - m.szulecki@libimobiledevice.org - Enable %check as it is provided by libplist and improves quality ------------------------------------------------------------------- Fri Oct 17 03:30:00 CEST 2014 - m.szulecki@libimobiledevice.org - Update to version 1.12 * Fix plist_from_bin() changing value nodes to key nodes in dictionaries * Avoid exporting non-public symbols * Prevent crash in plist_from_bin() when parsing unusual binary plists * Fix crash in String|Key::GetValue() and actually make C++ interface work * Fix memory leaks in new_xml_plist() and parse_real_node() * Fix header guards to conform to C++ standard * Update Cython based Python bindings and remove plist_new_key() * Fix key nodes not being output correctly if they contained XML entities * Fix handling and storage of signed vs. unsigned integer values * Fix date handling to respect the "Mac Epoch" instead of "Unix Epoch" * Remove plist_set_type() as it should not be used * Fix deprecated macros to work with older LLVM/Clang * Fix various shadowed declarations * Add documentation to explicitly describe memory buffer ownership * Fix memory leak in plist_from_bin() * Add various test cases based on fixes * Fix wrong timezone related date/time conversion of date nodes * Fix endian detection on MIPS architecture * Fix parallel build for autotools ------------------------------------------------------------------- Mon Jun 16 15:29:11 UTC 2014 - i@marguerite.su - update version 1.11 * Deprecated plist_dict_insert_item() in favor of plist_dict_set_item() * Updated cython bindings for Python 3.x * Removed swig python bindings * Changed build system to autotools * Added new plist_dict_merge() function * WIN32 (MinGW) + OSX compilation fixes * Made base64 decoding thread safe - remove patch: libplist-1.8-pkgconfig.patch * upstream fixed - added plist.pxd, needed by python-imobiledevice build ------------------------------------------------------------------- Mon Apr 15 12:54:38 UTC 2013 - mmeister@suse.com - Added url as source. Please see http://en.opensuse.org/SourceUrls ------------------------------------------------------------------- Tue Aug 28 15:52:14 UTC 2012 - cfarrell@suse.com - license update: LGPL-2.1+ LGPL-2.1 can be relicensed to GPL without further permission. No need to explicitly call out the GPL as a license option. Fedora has been using LGPL-2.1+ for awhile so gain compatibility there too ------------------------------------------------------------------- Mon Apr 09 15:45:03 CEST 2012 - opensuse@sukimashita.com - Allow compilation on 11.4 by disabling cython bindings ------------------------------------------------------------------- Mon Apr 02 15:54:57 CEST 2012 - opensuse@sukimashita.com - Update to version 1.8 * Add Cython based Python bindings * Fix memory corruption in libcnary * Fix building on Big Endian systems * Removed glib dependency, libplist now uses bundled libcnary * Fix building of Python bindings with GCC 4.6 - Do not build SWIG bindings for Python - Remove gcc46_build_fix.patch due to upstream fixes - Update pkgconfig patch ------------------------------------------------------------------- Tue Jan 31 10:50:25 UTC 2012 - jengelh@medozas.de - Remove redundant tags/sections per specfile guideline suggestions - Parallel building using %_smp_mflags ------------------------------------------------------------------- Wed Oct 5 12:24:02 UTC 2011 - uli@suse.com - cross-build fix: set cmake root, python paths - cross-build workaround: move installed files from sysroot to real root ------------------------------------------------------------------- Tue Jun 28 13:59:00 UTC 2011 - aj@suse.de - Add baselibs.conf - needed by usbmuxd's baselibs.conf. ------------------------------------------------------------------- Mon May 16 22:18:07 UTC 2011 - cgiboudeaux@gmx.com - Add gcc46_build_fix.patch. Fixes build with GCC4.6 ------------------------------------------------------------------- Sun Mar 20 18:17:36 CEST 2011 - opensuse@sukimashita.com - Update to version 1.4 * New maintainer and source location * Update AUTHORS from git history * Fix Unicode writing in binary plists * Update plist doctype * Fix Dictionary copy constructor * Fix Mac OS X library install path detection * Plug memory leak when writing Unicode data - Remove pkgconfig patch due to upstream fixes ------------------------------------------------------------------- Wed Dec 8 21:18:28 UTC 2010 - cristian.rodriguez@opensuse.org - Fix both -devel package dependencies and broken pkgconfig file ------------------------------------------------------------------- Tue Apr 27 11:20:20 CEST 2010 - opensuse@sukimashita.com - Update to version 1.3 * Endianness, alignment and type-punning fixes * Fix armel floating point endianess * Allow compiling with mingw on Windows * Minor bugfixes ------------------------------------------------------------------- Thu Apr 1 00:17:48 CEST 2010 - vuntz@opensuse.org - Clean up packaging, based on what I did in multimedia:libs. ------------------------------------------------------------------- Thu Mar 25 11:14:40 CET 2010 - meissner@suse.de - run prepare_spec ------------------------------------------------------------------- Fri Jan 22 01:40:54 CEST 2010 - opensuse@sukimashita.com - Update to version 1.2 * Fix xml entity conversion * Silence build warnings - Remove upstreamed patches ------------------------------------------------------------------- Sat Jan 09 11:07:34 CEST 2010 - opensuse@sukimashita.com - Add patches to fix xml entity conversion and tests ------------------------------------------------------------------- Wed Dec 30 18:33:27 CEST 2009 - opensuse@sukimashita.com - Update to version 1.1 * Fix use of integer nodes within Python Bindings ------------------------------------------------------------------- Tue Dec 08 00:20:17 CEST 2009 - opensuse@sukimashita.com - Update to version 1.0 * Bugfixes * Remove deprecated API ------------------------------------------------------------------- Wed Oct 28 21:01:57 CEST 2009 - opensuse@sukimashita.com - Update to version 0.16 * Build fixes * Fix issues with SWIG ------------------------------------------------------------------- Sat Oct 24 23:53:01 CEST 2009 - opensuse@sukimashita.com - Update to version 0.15 * Build fixes - Update to version 0.14 * Add C++ binding * Refactor API * Bugfixes ------------------------------------------------------------------- Sun Jul 19 00:06:10 CEST 2009 - opensuse@sukimashita.com - Update to version 0.13 * Add plist_copy for deep node copies * Add node setter functions * Unlink nodes from parent if free'd * Update Python bindings ------------------------------------------------------------------- Wed May 06 01:06:10 CEST 2009 - opensuse@sukimashita.com - Update to version 0.12 * Merge ascii and unicode handling in PLIST_STRING using UTF-8 * Remove unicode related declaration in API (breaks API&ABI) * Fix bad variable type for date elements * Silence compiler warnings * Plugged few memory leaks ------------------------------------------------------------------- Wed Apr 22 00:02:19 CET 2009 - opensuse@sukimashita.com - Update to version 0.11 * Fix Python binding segfaults * Python API additions * Better binary buffer handling in Python bindings ------------------------------------------------------------------- Sun Apr 12 19:17:41 CET 2009 - opensuse@sukimashita.com - Update to version 0.10 ------------------------------------------------------------------- Tue Apr 07 10:20:57 CET 2009 - opensuse@sukimashita.com - Add patch to fix uninitialized buffer ------------------------------------------------------------------- Sat Apr 04 11:08:16 CET 2009 - opensuse@sukimashita.com - Initial package created
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor