From cb33bfd9040f90bf0175e66c7c453ebf89be5a06 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Oct 22 2019 20:25:25 +0000 Subject: import zziplib-0.13.62-11.el7 --- diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..836fe72 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/zziplib-0.13.62.tar.bz2 diff --git a/.zziplib.metadata b/.zziplib.metadata new file mode 100644 index 0000000..5a70f40 --- /dev/null +++ b/.zziplib.metadata @@ -0,0 +1 @@ +cf8b642abd9db618324a1b98cc71492a007cd687 SOURCES/zziplib-0.13.62.tar.bz2 diff --git a/SOURCES/0001-fix-CVE-2018-7725.patch b/SOURCES/0001-fix-CVE-2018-7725.patch new file mode 100644 index 0000000..f9e266b --- /dev/null +++ b/SOURCES/0001-fix-CVE-2018-7725.patch @@ -0,0 +1,68 @@ +From 13f4d47275aca28de7b117359da79f1000e9bcb7 Mon Sep 17 00:00:00 2001 +From: Jakub Martisko +Date: Wed, 23 May 2018 09:59:18 +0200 +Subject: [PATCH] fix: CVE-2018-7725 + +--- + zzip/memdisk.c | 9 +++++++++ + zzip/mmapped.c | 11 ++++++++++- + 2 files changed, 19 insertions(+), 1 deletion(-) + +diff --git a/zzip/memdisk.c b/zzip/memdisk.c +index dc00ea8..043893e 100644 +--- a/zzip/memdisk.c ++++ b/zzip/memdisk.c +@@ -413,11 +413,21 @@ zzip_mem_entry_fopen(ZZIP_MEM_DISK * dir, ZZIP_MEM_ENTRY * entry) + file->zlib.avail_in = zzip_mem_entry_csize(entry); + file->zlib.next_in = zzip_mem_entry_to_data(entry); + ++ if (file->zlib.next_in + file->zlib.avail_in >= file->endbuf) ++ goto error; ++ if (file->zlib.next_in < file->buffer) ++ goto error; ++ + if (! zzip_mem_entry_data_deflated(entry) || + inflateInit2(&file->zlib, -MAX_WBITS) != Z_OK) + { free (file); return 0; } + + return file; ++ ++error: ++ errno = EBADMSG; ++ free (file); ++ return NULL; + } + + zzip__new__ ZZIP_MEM_DISK_FILE * +diff --git a/zzip/mmapped.c b/zzip/mmapped.c +index 6fafc11..ed3a6cc 100644 +--- a/zzip/mmapped.c ++++ b/zzip/mmapped.c +@@ -549,7 +549,12 @@ zzip_disk_entry_fopen(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry) + file->avail = zzip_file_header_usize(header); + + if (! file->avail || zzip_file_header_data_stored(header)) +- { file->stored = zzip_file_header_to_data (header); return file; } ++ { ++ file->stored = zzip_file_header_to_data (header); ++ if (file->stored + file->avail >= disk->endbuf) ++ goto error; ++ return file; ++ } + + file->stored = 0; + file->zlib.opaque = 0; +@@ -563,6 +568,10 @@ zzip_disk_entry_fopen(ZZIP_DISK * disk, ZZIP_DISK_ENTRY * entry) + { free (file); return 0; } + + return file; ++error: ++ free (file); ++ errno = EBADMSG; ++ return 0; + ____; + } + +-- +2.14.3 + diff --git a/SOURCES/0001-fix-CVE-2018-7726.patch b/SOURCES/0001-fix-CVE-2018-7726.patch new file mode 100644 index 0000000..7c13c13 --- /dev/null +++ b/SOURCES/0001-fix-CVE-2018-7726.patch @@ -0,0 +1,49 @@ +From 7eec5e4b9a4b6efea5ef5f6b793a6cbef40e980d Mon Sep 17 00:00:00 2001 +From: Jakub Martisko +Date: Wed, 23 May 2018 10:15:07 +0200 +Subject: [PATCH] fix: CVE-2018-7726 + +--- + zzip/zip.c | 12 ++++++++++++ + 1 file changed, 12 insertions(+) + +diff --git a/zzip/zip.c b/zzip/zip.c +index a574b24..a6c7ced 100644 +--- a/zzip/zip.c ++++ b/zzip/zip.c +@@ -323,6 +323,8 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize, + trailer->zz_rootseek = zzip_disk_trailer_rootseek(orig); + trailer->zz_rootsize = zzip_disk_trailer_rootsize(orig); + # endif ++ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0) ++ return(ZZIP_CORRUPTED); // forged value + + __fixup_rootseek(offset + tail - mapped, trailer); + { return(0); } +@@ -343,6 +345,14 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize, + zzip_disk64_trailer_finalentries(orig); + trailer->zz_rootseek = zzip_disk64_trailer_rootseek(orig); + trailer->zz_rootsize = zzip_disk64_trailer_rootsize(orig); ++ if (trailer->zz_rootseek < 0 || trailer->zz_rootsize < 0) ++ return(ZZIP_CORRUPTED); // forged value ++ /* ++ * "extract data from files archived in a single zip file." ++ * So the file offsets must be within the current ZIP archive! ++ */ ++ if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize) ++ return(ZZIP_CORRUPTED); + { return(0); } + # endif + } +@@ -410,6 +420,8 @@ __zzip_parse_root_directory(int fd, + zzip_off64_t zz_rootsize = _disk_trailer_rootsize(trailer); + zzip_off64_t zz_rootseek = _disk_trailer_rootseek(trailer); + __correct_rootseek(zz_rootseek, zz_rootsize, trailer); ++ if (zz_entries < 0 || zz_rootseek < 0 || zz_rootsize < 0) ++ return ZZIP_CORRUPTED; + + hdr0 = (struct zzip_dir_hdr *) malloc(zz_rootsize); + if (! hdr0) +-- +2.14.3 + diff --git a/SOURCES/0001-fix-CVE-2018-7727.patch b/SOURCES/0001-fix-CVE-2018-7727.patch new file mode 100644 index 0000000..746c1ce --- /dev/null +++ b/SOURCES/0001-fix-CVE-2018-7727.patch @@ -0,0 +1,101 @@ +From 81da2f651b65dbd2f387625d304ab14ed8b2ca29 Mon Sep 17 00:00:00 2001 +From: Jakub Martisko +Date: Thu, 14 Jun 2018 09:19:41 +0200 +Subject: [PATCH] fix: CVE-2018-7727 + +--- + bins/unzip-mem.c | 2 +- + bins/unzzipcat-mem.c | 7 +++---- + bins/unzzipdir-mem.c | 8 ++++---- + 3 files changed, 8 insertions(+), 9 deletions(-) + +diff --git a/bins/unzip-mem.c b/bins/unzip-mem.c +index 3f7d7f0..0b28b9b 100644 +--- a/bins/unzip-mem.c ++++ b/bins/unzip-mem.c +@@ -409,7 +409,7 @@ main (int argc, char ** argv) + } + } + } +- ++ zzip_mem_disk_close(disk); + return status; + } + +diff --git a/bins/unzzipcat-mem.c b/bins/unzzipcat-mem.c +index 7474854..6f16989 100644 +--- a/bins/unzzipcat-mem.c ++++ b/bins/unzzipcat-mem.c +@@ -93,10 +93,9 @@ main (int argc, char ** argv) + char* name = zzip_mem_entry_to_name (entry); + printf ("%s\n", name); + } +- return 0; + } + +- if (argc == 3) ++ else if (argc == 3) + { /* list from one spec */ + ZZIP_MEM_ENTRY* entry = 0; + while ((entry = zzip_mem_disk_findmatch(disk, argv[2], entry, 0, 0))) +@@ -104,10 +103,9 @@ main (int argc, char ** argv) + zzip_mem_entry_fprint (disk, entry, stdout); + } + +- return 0; + } + +- for (argn=1; argn < argc; argn++) ++ else for (argn=1; argn < argc; argn++) + { /* list only the matching entries - each in order of commandline */ + ZZIP_MEM_ENTRY* entry = zzip_mem_disk_findfirst(disk); + for (; entry ; entry = zzip_mem_disk_findnext(disk, entry)) +@@ -118,6 +116,7 @@ main (int argc, char ** argv) + zzip_mem_disk_cat_file (disk, name, stdout); + } + } ++ zzip_mem_disk_close(disk); + return 0; + } + +diff --git a/bins/unzzipdir-mem.c b/bins/unzzipdir-mem.c +index dc02077..9ebdb6d 100644 +--- a/bins/unzzipdir-mem.c ++++ b/bins/unzzipdir-mem.c +@@ -64,10 +64,9 @@ main (int argc, char ** argv) + char* name = zzip_mem_entry_to_name (entry); + printf ("%s\n", name); + } +- return 0; + } + +- if (argc == 3) ++ else if (argc == 3) + { /* list from one spec */ + ZZIP_MEM_ENTRY* entry = 0; + while ((entry = zzip_mem_disk_findmatch(disk, argv[2], entry, 0, 0))) +@@ -75,9 +74,9 @@ main (int argc, char ** argv) + char* name = zzip_mem_entry_to_name (entry); + printf ("%s\n", name); + } +- return 0; + } + ++ else + { /* list only the matching entries - in order of zip directory */ + ZZIP_MEM_ENTRY* entry = zzip_mem_disk_findfirst(disk); + for (; entry ; entry = zzip_mem_disk_findnext(disk, entry)) +@@ -90,8 +89,9 @@ main (int argc, char ** argv) + printf ("%s\n", name); + } + } +- return 0; + } ++ zzip_mem_disk_close(disk); ++ return 0; + } + + /* +-- +2.14.4 + diff --git a/SOURCES/CVE-2018-16548.part1.patch b/SOURCES/CVE-2018-16548.part1.patch new file mode 100644 index 0000000..893180e --- /dev/null +++ b/SOURCES/CVE-2018-16548.part1.patch @@ -0,0 +1,71 @@ +From 9411bde3e4a70a81ff3ffd256b71927b2d90dcbb Mon Sep 17 00:00:00 2001 +From: jmoellers +Date: Fri, 7 Sep 2018 11:32:04 +0200 +Subject: [PATCH] Avoid memory leak from __zzip_parse_root_directory(). + +--- + test/test.zip | Bin 1361 -> 1361 bytes + zzip/zip.c | 36 ++++++++++++++++++++++++++++++++++-- + 2 files changed, 34 insertions(+), 2 deletions(-) + +diff --git a/zzip/zip.c b/zzip/zip.c +index 88b833b..a685280 100644 +--- a/zzip/zip.c ++++ b/zzip/zip.c +@@ -475,9 +475,15 @@ __zzip_parse_root_directory(int fd, + else + { + if (io->fd.seeks(fd, zz_rootseek + zz_offset, SEEK_SET) < 0) ++ { ++ free(hdr0); + return ZZIP_DIR_SEEK; ++ } + if (io->fd.read(fd, &dirent, sizeof(dirent)) < __sizeof(dirent)) ++ { ++ free(hdr0); + return ZZIP_DIR_READ; ++ } + d = &dirent; + } + +@@ -577,12 +583,38 @@ __zzip_parse_root_directory(int fd, + + if (hdr_return) + *hdr_return = hdr0; ++ else ++ { ++ /* If it is not assigned to *hdr_return, it will never be free()'d */ ++ free(hdr0); ++ /* Make sure we don't free it again in case of error */ ++ hdr0 = NULL; ++ } + } /* else zero (sane) entries */ + # ifndef ZZIP_ALLOW_MODULO_ENTRIES +- return (entries != zz_entries ? ZZIP_CORRUPTED : 0); ++ if (entries != zz_entries) ++ { ++ /* If it was assigned to *hdr_return, undo assignment */ ++ if (p_reclen && hdr_return) ++ *hdr_return = NULL; ++ /* Free it, if it was not already free()'d */ ++ if (hdr0 != NULL) ++ free(hdr0); ++ return ZZIP_CORRUPTED; ++ } + # else +- return ((entries & (unsigned)0xFFFF) != zz_entries ? ZZIP_CORRUPTED : 0); ++ if (((entries & (unsigned)0xFFFF) != zz_entries) ++ { ++ /* If it was assigned to *hdr_return, undo assignment */ ++ if (p_reclen && hdr_return) ++ *hdr_return = NULL; ++ /* Free it, if it was not already free()'d */ ++ if (hdr0 != NULL) ++ free(hdr0); ++ return ZZIP_CORRUPTED; ++ } + # endif ++ return 0; + } + + /* ------------------------- high-level interface ------------------------- */ diff --git a/SOURCES/CVE-2018-16548.part2.patch b/SOURCES/CVE-2018-16548.part2.patch new file mode 100644 index 0000000..b9bea26 --- /dev/null +++ b/SOURCES/CVE-2018-16548.part2.patch @@ -0,0 +1,50 @@ +From d2e5d5c53212e54a97ad64b793a4389193fec687 Mon Sep 17 00:00:00 2001 +From: jmoellers +Date: Fri, 7 Sep 2018 11:49:28 +0200 +Subject: [PATCH] Avoid memory leak from __zzip_parse_root_directory(). + +--- + zzip/zip.c | 25 ++----------------------- + 1 file changed, 2 insertions(+), 23 deletions(-) + +diff --git a/zzip/zip.c b/zzip/zip.c +index a685280..51a1a4d 100644 +--- a/zzip/zip.c ++++ b/zzip/zip.c +@@ -587,34 +587,13 @@ __zzip_parse_root_directory(int fd, + { + /* If it is not assigned to *hdr_return, it will never be free()'d */ + free(hdr0); +- /* Make sure we don't free it again in case of error */ +- hdr0 = NULL; + } + } /* else zero (sane) entries */ + # ifndef ZZIP_ALLOW_MODULO_ENTRIES +- if (entries != zz_entries) +- { +- /* If it was assigned to *hdr_return, undo assignment */ +- if (p_reclen && hdr_return) +- *hdr_return = NULL; +- /* Free it, if it was not already free()'d */ +- if (hdr0 != NULL) +- free(hdr0); +- return ZZIP_CORRUPTED; +- } ++ return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; + # else +- if (((entries & (unsigned)0xFFFF) != zz_entries) +- { +- /* If it was assigned to *hdr_return, undo assignment */ +- if (p_reclen && hdr_return) +- *hdr_return = NULL; +- /* Free it, if it was not already free()'d */ +- if (hdr0 != NULL) +- free(hdr0); +- return ZZIP_CORRUPTED; +- } ++ return ((entries & (unsigned)0xFFFF) != zz_entries) ? ZZIP_CORRUPTED : 0; + # endif +- return 0; + } + + /* ------------------------- high-level interface ------------------------- */ diff --git a/SOURCES/CVE-2018-16548.part3.patch b/SOURCES/CVE-2018-16548.part3.patch new file mode 100644 index 0000000..f2f8214 --- /dev/null +++ b/SOURCES/CVE-2018-16548.part3.patch @@ -0,0 +1,22 @@ +From 0e1dadb05c1473b9df2d7b8f298dab801778ef99 Mon Sep 17 00:00:00 2001 +From: jmoellers +Date: Fri, 7 Sep 2018 13:55:35 +0200 +Subject: [PATCH] One more free() to avoid memory leak. + +--- + zzip/zip.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/zzip/zip.c b/zzip/zip.c +index 51a1a4d..bc6c080 100644 +--- a/zzip/zip.c ++++ b/zzip/zip.c +@@ -589,6 +589,8 @@ __zzip_parse_root_directory(int fd, + free(hdr0); + } + } /* else zero (sane) entries */ ++ else ++ free(hdr0); + # ifndef ZZIP_ALLOW_MODULO_ENTRIES + return (entries != zz_entries) ? ZZIP_CORRUPTED : 0; + # else diff --git a/SOURCES/CVE-2018-6541.patch b/SOURCES/CVE-2018-6541.patch new file mode 100644 index 0000000..0f471db --- /dev/null +++ b/SOURCES/CVE-2018-6541.patch @@ -0,0 +1,23 @@ +From 0c0c9256b0903f664bca25dd8d924211f81e01d3 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Josef=20M=C3=B6llers?= +Date: Fri, 2 Feb 2018 14:09:32 +0100 +Subject: [PATCH] Reject the ZIP file and report it as corrupt if the size of + the central directory and/or the offset of start of central directory point + beyond the end of the ZIP file. [CVE-2018-6484] +diff --git a/zzip/zip.c b/zzip/zip.c +index f0eac2b..67e662f 100644 +--- a/zzip/zip.c ++++ b/zzip/zip.c +@@ -320,6 +320,12 @@ __zzip_fetch_disk_trailer(int fd, zzip_off_t filesize, + return(ZZIP_CORRUPTED); // forged value + + __fixup_rootseek(offset + tail - mapped, trailer); ++ /* ++ * "extract data from files archived in a single zip file." ++ * So the file offsets must be within the current ZIP archive! ++ */ ++ if (trailer->zz_rootseek >= filesize || (trailer->zz_rootseek + trailer->zz_rootsize) >= filesize) ++ return(ZZIP_CORRUPTED); + { return(0); } + } else if ((*tail == 'P') && + end - tail >= diff --git a/SOURCES/zziplib-0.13.59-multilib.patch b/SOURCES/zziplib-0.13.59-multilib.patch new file mode 100644 index 0000000..f4b7a98 --- /dev/null +++ b/SOURCES/zziplib-0.13.59-multilib.patch @@ -0,0 +1,42 @@ +diff -Naupr zziplib-0.13.59.orig/zzip/_config.h zziplib-0.13.59/zzip/_config.h +--- zziplib-0.13.59.orig/zzip/_config.h 2010-02-14 22:29:34.000000000 +0100 ++++ zziplib-0.13.59/zzip/_config.h 2010-12-04 16:22:19.809534085 +0100 +@@ -133,7 +133,11 @@ + + /* whether the system defaults to 32bit off_t but can do 64bit when requested + */ +-/* #undef LARGEFILE_SENSITIVE */ ++#if __WORDSIZE == 32 ++#ifndef ZZIP_LARGEFILE_SENSITIVE ++#define ZZIP_LARGEFILE_SENSITIVE 1 ++#endif ++#endif + + /* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +@@ -178,8 +181,12 @@ + + /* The number of bytes in type long */ + #ifndef ZZIP_SIZEOF_LONG ++#if __WORDSIZE == 32 ++#define ZZIP_SIZEOF_LONG 4 ++#elif __WORDSIZE == 64 + #define ZZIP_SIZEOF_LONG 8 + #endif ++#endif + + /* The number of bytes in type short */ + #ifndef ZZIP_SIZEOF_SHORT +@@ -209,7 +216,11 @@ + #endif + + /* Number of bits in a file offset, on hosts where this is settable. */ +-/* #undef _FILE_OFFSET_BITS */ ++#if __WORDSIZE == 32 ++#ifndef ZZIP__FILE_OFFSET_BITS ++#define ZZIP__FILE_OFFSET_BITS 64 ++#endif ++#endif + + /* Define for large files, on AIX-style hosts. */ + /* #undef _LARGE_FILES */ diff --git a/SPECS/zziplib.spec b/SPECS/zziplib.spec new file mode 100644 index 0000000..efc0633 --- /dev/null +++ b/SPECS/zziplib.spec @@ -0,0 +1,245 @@ +Summary: Lightweight library to easily extract data from zip files +Name: zziplib +Version: 0.13.62 +Release: 11%{?dist} +License: LGPLv2+ or MPLv1.1 +Group: Applications/Archiving +URL: http://zziplib.sourceforge.net/ +Source: http://switch.dl.sourceforge.net/project/zziplib/zziplib13/%{version}/zziplib-%{version}.tar.bz2 +Patch0: zziplib-0.13.59-multilib.patch +Patch1: 0001-fix-CVE-2018-7725.patch +Patch2: 0001-fix-CVE-2018-7726.patch +Patch3: 0001-fix-CVE-2018-7727.patch + +Patch4: CVE-2018-16548.part1.patch +Patch5: CVE-2018-16548.part2.patch +Patch6: CVE-2018-16548.part3.patch + +Patch7: CVE-2018-6541.patch + +BuildRequires: perl +BuildRequires: python +BuildRequires: zip +BuildRequires: xmlto +BuildRequires: zlib-devel +BuildRequires: SDL-devel +BuildRequires: pkgconfig +#BuildRequires: autoconf +#BuildRequires: automake + +%description +The zziplib library is intentionally lightweight, it offers the ability to +easily extract data from files archived in a single zip file. Applications +can bundle files into a single zip archive and access them. The implementation +is based only on the (free) subset of compression with the zlib algorithm +which is actually used by the zip/unzip tools. + +%package utils +Summary: Utilities for the zziplib library +Group: Applications/Archiving +Requires: %{name}%{?_isa} = %{version}-%{release} + +%description utils +The zziplib library is intentionally lightweight, it offers the ability to +easily extract data from files archived in a single zip file. Applications +can bundle files into a single zip archive and access them. The implementation +is based only on the (free) subset of compression with the zlib algorithm +which is actually used by the zip/unzip tools. + +This packages contains all the utilities that come with the zziplib library. + +%package devel +Summary: Development files for the zziplib library +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig +Requires: zlib-devel +Requires: SDL-devel + +%description devel +The zziplib library is intentionally lightweight, it offers the ability to +easily extract data from files archived in a single zip file. Applications +can bundle files into a single zip archive and access them. The implementation +is based only on the (free) subset of compression with the zlib algorithm +which is actually used by the zip/unzip tools. + +This package contains files required to build applications that will use the +zziplib library. + +%prep +%setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 + +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 + +%patch7 -p1 +# Save the common patched _config.h file to overwrite the generated one +cp -a zzip/_config.h _config.h + +%build +export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing" +%configure \ + --disable-static \ + --enable-sdl \ + --enable-frame-pointer +# Remove rpath on 64bit archs +sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' */libtool +sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' */libtool +%{__make} %{?_smp_mflags} + +%install +make install DESTDIR=%{buildroot} +# Overwrite the platform specific _config.h with our own modified common one +rm -f %{buildroot}%{_includedir}/zzip/_config.h +install -p -m 0644 _config.h %{buildroot}%{_includedir}/zzip/_config.h + +%post -p /sbin/ldconfig + +%postun -p /sbin/ldconfig + +%files +%doc docs/COPYING* ChangeLog README TODO +%{_libdir}/*.so.* + +%files utils +%{_bindir}/* + +%files devel +%doc docs/README.SDL docs/*.htm +%{_includedir}/* +%exclude %{_libdir}/*.la +%{_libdir}/*.so +%{_libdir}/pkgconfig/*.pc +%{_datadir}/aclocal/*.m4 +%{_mandir}/man3/* + +%changelog +* Thu Feb 28 2019 Jakub Martisko - 0.13.62-11 +- Fix CVE-2018-6541 +- Part of the original patch has already been applied in the past (CVE-2018-7726), + so the bug should not be reproducible in a way described in the github + issue, even without this commit. Applying the rest of the original patch anyway. +- https://github.com/gdraheim/zziplib/issues/16 +- Related: CVE-2018-6541 + +* Thu Feb 28 2019 Jakub Martisko - 0.13.62-10 +- Fix CVE-2018-16548 +- Resolves: CVE-2018-16548 + +* Wed Jun 20 2018 Jakub Martisko - 0.13.62-9 +- Fix covscan warning +- "Variable "file" going out of scope leaks the storage it points to." + has been introduced by the original version of 0001-fix-CVE-2018-7725.patch +- Related: 1558596 + +* Thu Jun 14 2018 Jakub Martisko - 0.13.62-8 +- Fix CVE-2018-7727 +- Resolves: 1558891 + +* Wed Jun 13 2018 Jakub Martisko - 0.13.62-7 +- Fix CVE-2018-7726 +- Resolves: 1558623 + +* Wed Jun 13 2018 Jakub Martisko - 0.13.62-6 +- Fix CVE-2018-7725 +- Resolves: 1558596 + +* Fri Jan 24 2014 Daniel Mach - 0.13.62-5 +- Mass rebuild 2014-01-24 + +* Fri Dec 27 2013 Daniel Mach - 0.13.62-4 +- Mass rebuild 2013-12-27 + +* Thu Jul 4 2013 Michal Luscon 0.13.62-3 +- Fix source address + +* Wed Jan 30 2013 Jindrich Novy 0.13.62-2 +- rebuild with -fno-strict-aliasing + +* Wed Oct 10 2012 Matthias Saou 0.13.62-1 +- Update to 0.13.62. +- Remove no longer needed -Wl patch. + +* Sun Jul 22 2012 Fedora Release Engineering - 0.13.60-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Thu Mar 8 2012 Tom Callaway - 0.13.60-1 +- update to 0.13.60 + +* Sat Jan 14 2012 Fedora Release Engineering - 0.13.59-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 0.13.59-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Thu Dec 9 2010 Hans de Goede 0.13.59-2 +- Fix broken zzip/_config.h which causes apps using zziplib to fail to compile + +* Sat Dec 4 2010 Matthias Saou 0.13.59-1 +- Update to 0.13.59. +- Remove no longer needed 'open' patch. +- Rebase the multilib patch, still required. +- Re-enable _smp_mflags, build works again with it apparently. + +* Mon Jul 27 2009 Fedora Release Engineering - 0.13.49-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 0.13.49-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Mon Dec 22 2008 Matthias Saou 0.13.49-6 +- Patch _config.h to make it identical for 32bit and 64bit archs (#343521). + +* Tue Feb 19 2008 Fedora Release Engineering +- Autorebuild for GCC 4.3 + +* Wed Aug 8 2007 Matthias Saou 0.13.49-4 +- Include patch to fix fd.open calls with recent glibc. +- Disable _smp_mflags since the docs fail to build. + +* Fri Aug 3 2007 Matthias Saou 0.13.49-3 +- Update License field. + +* Tue Jun 19 2007 Matthias Saou 0.13.49-2 +- Disable static lib build instead of excluding it later. +- Remove rpath on 64bit archs. +- Switch to using DESTDIR install method. + +* Mon Mar 26 2007 Matthias Saou 0.13.49-1 +- Update to 0.13.49 to fix CVE-2007-1614 (rhbz #233700). +- Include new man3 pages to the devel sub-package. + +* Mon Aug 28 2006 Matthias Saou 0.13.47-1 +- Update to 0.13.47. +- FC6 rebuild. + +* Mon Jul 24 2006 Matthias Saou 0.13.45-3 +- Split off -utils sub-package (#199467). Could have been plain "zzip"? +- Have sub-packages require exact release too. +- Build require automake to make the aclocal-1.9 check happy. +- Use --enable-frame-pointer otherwise -g gets removed from the CFLAGS. + +* Mon Mar 6 2006 Matthias Saou 0.13.45-2 +- FC5 rebuild. + +* Thu Feb 9 2006 Matthias Saou 0.13.45-1 +- Update to 0.13.45. +- Exclude static library. + +* Sun May 22 2005 Jeremy Katz - 0.13.38-2 +- rebuild on all arches + +* Tue Apr 5 2005 Matthias Saou 0.13.38-1 +- Update to 0.13.38, fixes gcc4 compile issues (Adrian Reber). + +* Tue Nov 16 2004 Matthias Saou 0.13.36-2 +- Bump release to provide Extras upgrade path. + +* Tue Jun 8 2004 Matthias Saou 0.13.36-1 +- Initial RPM release. +