Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

apache-commons-compress-1.21-lp152.2.3.1 RPM for noarch

From OpenSuSE Leap 15.2 updates for noarch

Name: apache-commons-compress Distribution: openSUSE Leap 15.2
Version: 1.21 Vendor: openSUSE
Release: lp152.2.3.1 Build date: Thu Aug 5 12:12:11 2021
Group: Development/Libraries/Java Build host: goat17
Size: 1031177 Source RPM: apache-commons-compress-1.21-lp152.2.3.1.src.rpm
Packager: http://bugs.opensuse.org
Url: https://commons.apache.org/proper/commons-compress/
Summary: Java API for working with compressed files and archivers
The Apache Commons Compress library defines an API for working with
ar, cpio, Unix dump, tar, zip, gzip, XZ, Pack200 and bzip2 files.
In version 1.14 read-only support for Brotli decompression has been added,
but it has been removed from this package.

Provides

Requires

License

Apache-2.0

Changelog

* Tue Jul 20 2021 Fridrich Strba <fstrba@suse.com>
  - Updated to 1.21
    * When reading a specially crafted 7Z archive, the construction of
      the list of codecs that decompress an entry can result in an
      infinite loop. This could be used to mount a denial of service
      attack against services that use Compress' sevenz package.
      (CVE-2021-35515, bsc#1188463)
    * When reading a specially crafted 7Z archive, Compress can be
      made to allocate large amounts of memory that finally leads to
      an out of memory error even for very small inputs. This could
      be used to mount a denial of service attack against services
      that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
    * When reading a specially crafted TAR archive, Compress can be
      made to allocate large amounts of memory that finally leads to
      an out of memory error even for very small inputs. This could be
      used to mount a denial of service attack against services that
      use Compress' tar package. (CVE-2021-35517, bsc#1188465)
    * When reading a specially crafted ZIP archive, Compress can be
      made to allocate large amounts of memory that finally leads to
      an out of memory error even for very small inputs. This could
      be used to mount a denial of service attack against services
      that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
  - New dependency on asm3 for Pack200 compressor
  - Rebased patch fix_java_8_compatibility.patch to a new context and
    added some new ocurrences
* Wed Aug 28 2019 Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
  - Updated to 1.19 [bsc#1148475, CVE-2019-12402]
    * ZipFile could get stuck in an infinite loop when parsing ZIP archives
      with certain strong encryption headers (CVE-2019-12402).
    * ZipArchiveInputStream and ZipFile will no longer throw an exception if
      an extra field generally understood by Commons Compress is malformed
      but rather turn them into UnrecognizedExtraField instances.  You can
      influence the way extra fields are parsed in more detail by using the
      new getExtraFields(ExtraFieldParsingBehavior) method of ZipArchiveEntry now.
    * Some of the ZIP extra fields related to strong encryption will now
      throw ZipExceptions rather than ArrayIndexOutOfBoundsExceptions in
      certain cases when used directly. There is no practical difference
      when they are read via ZipArchiveInputStream or ZipFile.
    * ParallelScatterZipCreator now writes entries in the same order they have
      been added to the archive.
    * ZipArchiveInputStream and ZipFile are more forgiving when parsing extra
      fields by default now.
    * TarArchiveInputStream has a new lenient mode that may allow it to read
      certain broken archives.
  - Rebased patch fix_java_8_compatibility.patch
* Mon Mar 25 2019 Fridrich Strba <fstrba@suse.com>
  - Remove pom parent, since we don't use it when not building with
    maven
* Sun Jan 27 2019 Jan Engelhardt <jengelh@inai.de>
  - Add missing RPM group for %name-javadoc.
* Fri Jan 25 2019 Fridrich Strba <fstrba@suse.com>
  - Rename package to apache-commons-compress
    * Upgrade to version 1.18
    * Use build.xml file generated ba mvn ant:ant and simplified
      manually after
      + Allows building with ant and considerably shortens build
      cycle
  - Added patches
    * 0001-Remove-Brotli-compressor.patch
      + do not build Brotli compressor, since we don't have its
      dependencies
    * 0002-Remove-ZSTD-compressor.patch
      + do not build ZSTD compressor, since we don't have its
      dependencies
    * fix_java_8_compatibility.patch
      + restore Java 8 compatibility in java.nio.ByteBuffer use
* Mon Sep 18 2017 fstrba@suse.com
  - Fix build with jdk9: specify java source and target 1.6
  - Build also the javadoc package
* Fri May 19 2017 tchvatal@suse.com
  - Fix build under new javapackage-tools
* Thu Nov 29 2012 mvyskocil@suse.com
  - use saxon and saxon-scripts only when using maven
* Thu May 14 2009 mvyskocil@suse.cz
  - 'Initial SUSE packaging from jpackage.org 5.0'

Files

/usr/share/doc/packages/apache-commons-compress
/usr/share/doc/packages/apache-commons-compress/NOTICE.txt
/usr/share/java/apache-commons-compress.jar
/usr/share/java/commons-compress.jar
/usr/share/licenses/apache-commons-compress
/usr/share/licenses/apache-commons-compress/LICENSE.txt
/usr/share/maven-metadata/apache-commons-compress.xml
/usr/share/maven-poms/commons-compress.pom


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Nov 27 23:25:36 2021