|Index||index by Group||index by Distribution||index by Vendor||index by creation date||index by Name||Mirrors||Help||Search|
|Name: apache-commons-compress||Distribution: SUSE Linux Enterprise 15|
|Version: 1.21||Vendor: SUSE LLC <https://www.suse.com/>|
|Release: 3.3.1||Build date: Wed Jul 21 15:35:27 2021|
|Group: Development/Libraries/Java||Build host: sheep01|
|Size: 1031177||Source RPM: apache-commons-compress-1.21-3.3.1.src.rpm|
|Summary: Java API for working with compressed files and archivers|
The Apache Commons Compress library defines an API for working with ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files. In version 1.14 read-only support for Brotli decompression has been added, but it has been removed from this package.
* Tue Jul 20 2021 firstname.lastname@example.org - Updated to 1.21 * When reading a specially crafted 7Z archive, the construction of the list of codecs that decompress an entry can result in an infinite loop. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35515, bsc#1188463) * When reading a specially crafted 7Z archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464) * When reading a specially crafted TAR archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' tar package. (CVE-2021-35517, bsc#1188465) * When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an out of memory error even for very small inputs. This could be used to mount a denial of service attack against services that use Compress' zip package. (CVE-2021-36090, bsc#1188466) - New dependency on asm3 for Pack200 compressor - Rebased patch fix_java_8_compatibility.patch to a new context and added some new ocurrences * Wed Aug 28 2019 email@example.com - Updated to 1.19 [bsc#1148475, CVE-2019-12402] * ZipFile could get stuck in an infinite loop when parsing ZIP archives with certain strong encryption headers (CVE-2019-12402). * ZipArchiveInputStream and ZipFile will no longer throw an exception if an extra field generally understood by Commons Compress is malformed but rather turn them into UnrecognizedExtraField instances. You can influence the way extra fields are parsed in more detail by using the new getExtraFields(ExtraFieldParsingBehavior) method of ZipArchiveEntry now. * Some of the ZIP extra fields related to strong encryption will now throw ZipExceptions rather than ArrayIndexOutOfBoundsExceptions in certain cases when used directly. There is no practical difference when they are read via ZipArchiveInputStream or ZipFile. * ParallelScatterZipCreator now writes entries in the same order they have been added to the archive. * ZipArchiveInputStream and ZipFile are more forgiving when parsing extra fields by default now. * TarArchiveInputStream has a new lenient mode that may allow it to read certain broken archives. - Rebased patch fix_java_8_compatibility.patch * Mon Mar 25 2019 firstname.lastname@example.org - Remove pom parent, since we don't use it when not building with maven * Sun Jan 27 2019 email@example.com - Add missing RPM group for %name-javadoc. * Fri Jan 25 2019 firstname.lastname@example.org - Rename package to apache-commons-compress * Upgrade to version 1.18 * Use build.xml file generated ba mvn ant:ant and simplified manually after + Allows building with ant and considerably shortens build cycle - Added patches * 0001-Remove-Brotli-compressor.patch + do not build Brotli compressor, since we don't have its dependencies * 0002-Remove-ZSTD-compressor.patch + do not build ZSTD compressor, since we don't have its dependencies * fix_java_8_compatibility.patch + restore Java 8 compatibility in java.nio.ByteBuffer use * Mon Sep 18 2017 email@example.com - Fix build with jdk9: specify java source and target 1.6 - Build also the javadoc package * Fri May 19 2017 firstname.lastname@example.org - Fix build under new javapackage-tools * Thu Nov 29 2012 email@example.com - use saxon and saxon-scripts only when using maven * Thu May 14 2009 firstname.lastname@example.org - 'Initial SUSE packaging from jpackage.org 5.0'
/usr/share/doc/packages/apache-commons-compress /usr/share/doc/packages/apache-commons-compress/NOTICE.txt /usr/share/java/apache-commons-compress.jar /usr/share/java/commons-compress.jar /usr/share/licenses/apache-commons-compress /usr/share/licenses/apache-commons-compress/LICENSE.txt /usr/share/maven-metadata/apache-commons-compress.xml /usr/share/maven-poms/commons-compress.pom
Generated by rpm2html 1.8.1
Fabrice Bellet, Wed Nov 9 22:25:56 2022