-
Notifications
You must be signed in to change notification settings - Fork 534
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update libzip to v1.3.0 #863
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
grendello
force-pushed
the
update-libzip
branch
from
September 15, 2017 13:52
2b3b65d
to
815d9af
Compare
I wonder if this PR should -- can? -- update I can't easily tell if that will work as desired. I'm seeing conflicting answers in stackoverflow. |
The new version fixes CVE-2017-12858 and CVE-2017-14107
grendello
force-pushed
the
update-libzip
branch
from
September 15, 2017 15:33
815d9af
to
286fe2f
Compare
The emulator hung in macOS+xbuild PR Build 1618. I've restarted it. |
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
Sep 18, 2017
The new version fixes CVE-2017-12858 and CVE-2017-14107.
Closed
jonpryor
added a commit
that referenced
this pull request
Sep 18, 2017
This reverts commit fa9f62a. Commit fa9f62a [broke the master build][b630]: [b630]: https://jenkins.mono-project.com/view/Xamarin.Android/job/xamarin-android/630/ Linking C executable hole.exe CMakeFiles/hole.dir/objects.a(hole.c.obj):hole.c:(.text+0x77): undefined reference to `__imp_zip_error_init' ... Revert commit fa9f62a until we figure out how to properly fix it.
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
Sep 19, 2017
The new version fixes CVE-2017-12858 and CVE-2017-14107.
jonathanpeppers
added a commit
to jonathanpeppers/xamarin-android
that referenced
this pull request
Sep 19, 2017
When bumping libzip in dotnet#874 or dotnet#863 libzip is no longer building under mxe. We can switch to using the NuGet packages instead. Also switched to using `<Content />` to link in the files, which works better if `<ProjectReference />` is used with `libzip-windows.mdproj`.
jonathanpeppers
added a commit
to jonathanpeppers/xamarin-android
that referenced
this pull request
Sep 19, 2017
When bumping libzip in dotnet#874 or dotnet#863 libzip is no longer building under mxe. We can switch to using the NuGet packages instead.
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 23, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes.
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 23, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally, make it possible to build Windows version of libzip on Linux with mingw (no mxe required)
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 23, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally, make it possible to build Windows version of libzip on Linux with mingw (no mxe required)
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 23, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally, make it possible to build Windows version of libzip on Linux with mingw (no mxe required)
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 24, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally: * make it possible to build Windows version of libzip on Linux with mingw (no mxe required) * build on macOS for Windows with system/brew cmake
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 24, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally: * make it possible to build Windows version of libzip on Linux with mingw (no mxe required) * build on macOS for Windows with system/brew cmake
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 24, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally: * make it possible to build Windows version of libzip on Linux with mingw (no mxe required) * build on macOS for Windows with system/brew cmake
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 25, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally: * make it possible to build Windows version of libzip on Linux with mingw (no mxe required) * build on macOS for Windows with system/brew cmake * export MACOSX_DEPLOYMENT_TARGET=10.11 in the top-level makefile to specify the minimum version of macOS we support. Without this it is possible that code built on 10.11 with Xcode targeting a newer version of the system will not work on macOS older than the version targetted by Xcode being used. For instance, if we build on macOS 10.11 with Xcode 8.2 (which targets macOS 10.12) then the code which just built on 10.11 may not work on this very system - because it may use APIs available only starting from 10.12
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 26, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally: * make it possible to build Windows version of libzip on Linux with mingw (no mxe required) * build on macOS for Windows with system/brew cmake * export MACOSX_DEPLOYMENT_TARGET=10.11 in the top-level makefile to specify the minimum version of macOS we support. Without this it is possible that code built on 10.11 with Xcode targeting a newer version of the system will not work on macOS older than the version targetted by Xcode being used. For instance, if we build on macOS 10.11 with Xcode 8.2 (which targets macOS 10.12) then the code which just built on 10.11 may not work on this very system - because it may use APIs available only starting from 10.12
grendello
added a commit
to grendello/xamarin-android
that referenced
this pull request
May 28, 2018
…tnet#863) Main reason is to include fixes for a couple CVEs. Changes: * 1.3.0 * Support bzip2 compressed zip archives * Improve file progress callback code * Fix zip_fdopen() * CVE-2017-12858: Fix double free(). * CVE-2017-14107: Improve EOCD64 parsing. * 1.3.1 * Install zipconf.h into ${PREFIX}/include * Add zip_libzip_version() * Fix AES tests on Linux * 1.3.2 * Fix bug introduced in last: zip_t was erroneously freed if zip_close() failed. * 1.4.0 * Improve build with cmake * Retire autoconf/automake build system * Add zip_source_buffer_fragment(). * Add support to clone unchanged beginning of archive (instead of rewriting it). Supported for buffer sources and on Apple File System. * Add support for Microsoft Universal Windows Platform. * 1.5.0 * Use standard cryptographic library instead of custom AES implementation. This also simplifies the license. * Use clang-format to format the source code. * More Windows improvements. * 1.5.1 * Choose format of installed documentation based on available tools. * Fix visibility of symbols. * Fix zipcmp directory support. * Don’t set RPATH on Linux. * Use Libs.private for link dependencies in pkg-config file. * Fix build with LibreSSL. * Various bugfixes. Additionally: * make it possible to build Windows version of libzip on Linux with mingw (no mxe required) * build on macOS for Windows with system/brew cmake * export MACOSX_DEPLOYMENT_TARGET=10.11 in the top-level makefile to specify the minimum version of macOS we support. Without this it is possible that code built on 10.11 with Xcode targeting a newer version of the system will not work on macOS older than the version targetted by Xcode being used. For instance, if we build on macOS 10.11 with Xcode 8.2 (which targets macOS 10.12) then the code which just built on 10.11 may not work on this very system - because it may use APIs available only starting from 10.12
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The new version fixes CVE-2017-12858 and CVE-2017-14107