Initialize for libmspack

.gitignore

@@ -0,0 +1 @@
+libmspack-0.6alpha.tar.gz

.libmspack.metadata

@@ -0,0 +1 @@
+4ce099bfc37141a854f22223b9526685de3817ddd6f6f14974dab2477e48c8f8 libmspack-0.6alpha.tar.gz

baselibs.conf

@@ -0,0 +1 @@
+libmspack0

cve-2018-18586.patch

@@ -0,0 +1,174 @@
+From 7cadd489698be117c47efcadd742651594429e6d Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Sat, 20 Oct 2018 19:06:32 +0100
+Subject: [PATCH] add anti "../" and leading slash protection to chmextract
+
+---
+ src/chmextract.c | 140 +++++--------------------------------
+ 2 files changed, 27 insertions(+), 123 deletions(-)
+
+diff --git a/src/chmextract.c b/src/chmextract.c
+index 1e03341..b535f0e 100644
+--- a/src/chmextract.c
++++ b/src/chmextract.c
+@@ -25,8 +25,6 @@
+ 
+ mode_t user_umask;
+ 
+-#define FILENAME ".test.chmx"
+-
+ /**
+  * Ensures that all directory components in a filepath exist. New directory
+  * components are created, if necessary.
+@@ -51,126 +49,22 @@ static int ensure_filepath(char *path) {
+   return 1;
+ }
+ 
+-/**
+- * Creates a UNIX filename from the internal CAB filename and the given
+- * parameters.
+- *
+- * @param fname  the internal CAB filename.
+- * @param dir    a directory path to prepend to the output filename.
+- * @param lower  if non-zero, filename should be made lower-case.
+- * @param isunix if zero, MS-DOS path seperators are used in the internal
+- *               CAB filename. If non-zero, UNIX path seperators are used.
+- * @param utf8   if non-zero, the internal CAB filename is encoded in UTF8.
+- * @return a freshly allocated and created filename, or NULL if there was
+- *         not enough memory.
+- * @see unix_path_seperators()
+- */
+-static char *create_output_name(unsigned char *fname, unsigned char *dir,
+-			 int lower, int isunix, int utf8)
+-{
+-  unsigned char *p, *name, c, *fe, sep, slash;
+-  unsigned int x;
+-
+-  sep   = (isunix) ? '/'  : '\\'; /* the path-seperator */
+-  slash = (isunix) ? '\\' : '/';  /* the other slash */
+-
+-  /* length of filename */
+-  x = strlen((char *) fname);
+-  /* UTF8 worst case scenario: tolower() expands all chars from 1 to 3 bytes */
+-  if (utf8) x *= 3;
+-  /* length of output directory */
+-  if (dir) x += strlen((char *) dir);
+-
+-  if (!(name = (unsigned char *) malloc(x + 2))) {
+-    fprintf(stderr, "out of memory!\n");
+-    return NULL;
+-  }
+-  
+-  /* start with blank name */
+-  *name = '\0';
+-
+-  /* add output directory if needed */
+-  if (dir) {
+-    strcpy((char *) name, (char *) dir);
+-    strcat((char *) name, "/");
+-  }
+-
+-  /* remove leading slashes */
+-  while (*fname == sep) fname++;
+-
+-  /* copy from fi->filename to new name, converting MS-DOS slashes to UNIX
+-   * slashes as we go. Also lowercases characters if needed.
+-   */
+-  p = &name[strlen((char *)name)];
+-  fe = &fname[strlen((char *)fname)];
+-
+-  if (utf8) {
+-    /* UTF8 translates two-byte unicode characters into 1, 2 or 3 bytes.
+-     * %000000000xxxxxxx -> %0xxxxxxx
+-     * %00000xxxxxyyyyyy -> %110xxxxx %10yyyyyy
+-     * %xxxxyyyyyyzzzzzz -> %1110xxxx %10yyyyyy %10zzzzzz
+-     *
+-     * Therefore, the inverse is as follows:
+-     * First char:
+-     *  0x00 - 0x7F = one byte char
+-     *  0x80 - 0xBF = invalid
+-     *  0xC0 - 0xDF = 2 byte char (next char only 0x80-0xBF is valid)
+-     *  0xE0 - 0xEF = 3 byte char (next 2 chars only 0x80-0xBF is valid)
+-     *  0xF0 - 0xFF = invalid
+-     */
+-    do {
+-      if (fname >= fe) {
+-	free(name);
+-	return NULL;
+-      }
+-
+-      /* get next UTF8 char */
+-      if ((c = *fname++) < 0x80) x = c;
+-      else {
+-	if ((c >= 0xC0) && (c < 0xE0)) {
+-	  x = (c & 0x1F) << 6;
+-	  x |= *fname++ & 0x3F;
+-	}
+-	else if ((c >= 0xE0) && (c < 0xF0)) {
+-	  x = (c & 0xF) << 12;
+-	  x |= (*fname++ & 0x3F) << 6;
+-	  x |= *fname++ & 0x3F;
+-	}
+-	else x = '?';
+-      }
+-
+-      /* whatever is the path seperator -> '/'
+-       * whatever is the other slash    -> '\\'
+-       * otherwise, if lower is set, the lowercase version */
+-      if      (x == sep)   x = '/';
+-      else if (x == slash) x = '\\';
+-      else if (lower)      x = (unsigned int) tolower((int) x);
+-
+-      /* integer back to UTF8 */
+-      if (x < 0x80) {
+-	*p++ = (unsigned char) x;
+-      }
+-      else if (x < 0x800) {
+-	*p++ = 0xC0 | (x >> 6);   
+-	*p++ = 0x80 | (x & 0x3F);
+-      }
+-      else {
+-	*p++ = 0xE0 | (x >> 12);
+-	*p++ = 0x80 | ((x >> 6) & 0x3F);
+-	*p++ = 0x80 | (x & 0x3F);
+-      }
+-    } while (x);
+-  }
+-  else {
+-    /* regular non-utf8 version */
+-    do {
+-      c = *fname++;
+-      if      (c == sep)   c = '/';
+-      else if (c == slash) c = '\\';
+-      else if (lower)      c = (unsigned char) tolower((int) c);
+-    } while ((*p++ = c));
+-  }
+-  return (char *) name;
++char *create_output_name(char *fname) {
++    char *out, *p;
++    if ((out = malloc(strlen(fname) + 1))) {
++        /* remove leading slashes */
++        while (*fname == '/' || *fname == '\\') fname++;
++        /* if that removes all characters, just call it "x" */
++        strcpy(out, (*fname) ? fname : "x");
++
++        /* change "../" to "xx/" */
++        for (p = out; *p; p++) {
++            if (p[0] == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\\')) {
++               p[0] = p[1] = 'x';
++            }
++        }
++    }
++    return out;
+ }
+ 
+ static int sortfunc(const void *a, const void *b) {
+@@ -205,7 +99,7 @@ int main(int argc, char *argv[]) {
+ 	  qsort(f, numf, sizeof(struct mschmd_file *), &sortfunc);
+ 
+ 	  for (i = 0; i < numf; i++) {
+-	    char *outname = create_output_name((unsigned char *)f[i]->filename,NULL,0,1,0);
++	    char *outname = create_output_name(f[i]->filename);
+ 	    printf("Extracting %s\n", outname);
+ 	    ensure_filepath(outname);
+ 	    if (chmd->extract(chmd, f[i], outname)) {

libmspack-0.6alpha-CVE-2019-1010305.patch

@@ -0,0 +1,44 @@
+From 2f084136cfe0d05e5bf5703f3e83c6d955234b4d Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Mon, 18 Feb 2019 13:04:58 +0000
+Subject: [PATCH] length checks when looking for control files
+
+---
+ libmspack/mspack/chmd.c | 24 +++++++++++-------------
+ 2 files changed, 19 insertions(+), 13 deletions(-)
+
+Index: libmspack-0.6alpha/mspack/chmd.c
+===================================================================
+--- libmspack-0.6alpha.orig/mspack/chmd.c
++++ libmspack-0.6alpha/mspack/chmd.c
+@@ -483,19 +483,17 @@ static int chmd_read_headers(struct mspa
+ 
+       if (name[0] == ':' && name[1] == ':') {
+ 	/* system file */
+-	if (mspack_memcmp(&name[2], &content_name[2], 31L) == 0) {
+-	  if (mspack_memcmp(&name[33], &content_name[33], 8L) == 0) {
+-	    chm->sec1.content = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &control_name[33], 11L) == 0) {
+-	    chm->sec1.control = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &spaninfo_name[33], 8L) == 0) {
+-	    chm->sec1.spaninfo = fi;
+-	  }
+-	  else if (mspack_memcmp(&name[33], &rtable_name[33], 72L) == 0) {
+-	    chm->sec1.rtable = fi;
+-	  }
++        if (name_len == 40 && memcmp(name, content_name, 40) == 0) {
++          chm->sec1.content = fi;
++        }
++        else if (name_len == 44 && memcmp(name, control_name, 44) == 0) {
++          chm->sec1.control = fi;
++        }
++        else if (name_len == 41 && memcmp(name, spaninfo_name, 41) == 0) {
++          chm->sec1.spaninfo = fi;
++        }
++        else if (name_len == 105 && memcmp(name, rtable_name, 105) == 0) {
++          chm->sec1.rtable = fi;
+ 	}
+ 	fi->next = chm->sysfiles;
+ 	chm->sysfiles = fi;

libmspack-CVE-2018-14679.patch

@@ -0,0 +1,30 @@
+From 72e70a921f0f07fee748aec2274b30784e1d312a Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Sat, 12 May 2018 10:51:34 +0100
+Subject: [PATCH] =?UTF-8?q?Fix=20off-by-one=20bounds=20check=20on=20CHM=20?=
+ =?UTF-8?q?PMGI/PMGL=20chunk=20numbers=20and=20reject=20empty=20filenames.?=
+ =?UTF-8?q?=20Thanks=20to=20Hanno=20B=C3=B6ck=20for=20reporting?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ libmspack/mspack/chmd.c |  9 ++++++---
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/mspack/chmd.c b/mspack/chmd.c
+index c921c8c..9c32658 100644
+--- a/mspack/chmd.c
++++ b/mspack/chmd.c
+@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+     while (num_entries--) {
+       READ_ENCINT(name_len);
+       if (name_len > (unsigned int) (end - p)) goto chunk_end;
++      /* consider blank filenames to be an error */
++      if (name_len == 0) goto chunk_end;
+       name = p; p += name_len;
++
+       READ_ENCINT(section);
+       READ_ENCINT(offset);
+       READ_ENCINT(length);
+

libmspack-CVE-2018-14681.patch

@@ -0,0 +1,65 @@
+From 0b0ef9344255ff5acfac6b7af09198ac9c9756c8 Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Sun, 26 Nov 2017 14:28:54 +0000
+Subject: [PATCH] kwaj_read_headers(): fix handling of non-terminated strings
+
+---
+ libmspack/mspack/kwajd.c                |  32 ++++---
+ 56 files changed, 164 insertions(+), 14 deletions(-)
+ create mode 100644 libmspack/test/kwajd_test.c
+
+diff --git a/libmspack/mspack/kwajd.c b/libmspack/mspack/kwajd.c
+index c9e006c..50be257 100644
+--- a/mspack/kwajd.c
++++ b/mspack/kwajd.c
+@@ -198,30 +198,36 @@ static int kwajd_read_headers(struct mspack_system *sys,
+ 
+     /* filename and extension */
+     if (hdr->headers & (MSKWAJ_HDR_HASFILENAME | MSKWAJ_HDR_HASFILEEXT)) {
+-	off_t pos = sys->tell(fh);
+-	char *fn = (char *) sys->alloc(sys, (size_t) 13);
+-
++	int len;
+ 	/* allocate memory for maximum length filename */
+-	if (! fn) return MSPACK_ERR_NOMEMORY;
+-	hdr->filename = fn;
++	char *fn = (char *) sys->alloc(sys, (size_t) 13);
++	if (!(hdr->filename = fn)) return MSPACK_ERR_NOMEMORY;
+ 
+ 	/* copy filename if present */
+ 	if (hdr->headers & MSKWAJ_HDR_HASFILENAME) {
+-	    if (sys->read(fh, &buf[0], 9) != 9) return MSPACK_ERR_READ;
+-	    for (i = 0; i < 9; i++, fn++) if (!(*fn = buf[i])) break;
+-	    pos += (i < 9) ? i+1 : 9;
+-	    if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START))
++	    /* read and copy up to 9 bytes of a null terminated string */
++	    if ((len = sys->read(fh, &buf[0], 9)) < 2) return MSPACK_ERR_READ;
++	    for (i = 0; i < len; i++) if (!(*fn++ = buf[i])) break;
++	    /* if string was 9 bytes with no null terminator, reject it */
++	    if (i == 9 && buf[8] != '\0') return MSPACK_ERR_DATAFORMAT;
++	    /* seek to byte after string ended in file */
++	    if (sys->seek(fh, (off_t)(i + 1 - len), MSPACK_SYS_SEEK_CUR))
+ 		return MSPACK_ERR_SEEK;
++	    fn--; /* remove the null terminator */
+ 	}
+ 
+ 	/* copy extension if present */
+ 	if (hdr->headers & MSKWAJ_HDR_HASFILEEXT) {
+ 	    *fn++ = '.';
+-	    if (sys->read(fh, &buf[0], 4) != 4) return MSPACK_ERR_READ;
+-	    for (i = 0; i < 4; i++, fn++) if (!(*fn = buf[i])) break;
+-	    pos += (i < 4) ? i+1 : 4;
+-	    if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START))
++	    /* read and copy up to 4 bytes of a null terminated string */
++	    if ((len = sys->read(fh, &buf[0], 4)) < 2) return MSPACK_ERR_READ;
++	    for (i = 0; i < len; i++) if (!(*fn++ = buf[i])) break;
++	    /* if string was 4 bytes with no null terminator, reject it */
++	    if (i == 4 && buf[3] != '\0') return MSPACK_ERR_DATAFORMAT;
++	    /* seek to byte after string ended in file */
++	    if (sys->seek(fh, (off_t)(i + 1 - len), MSPACK_SYS_SEEK_CUR))
+ 		return MSPACK_ERR_SEEK;
++	    fn--; /* remove the null terminator */
+ 	}
+ 	*fn = '\0';
+     }
+

libmspack-CVE-2018-14682.patch

@@ -0,0 +1,22 @@
+From 4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8 Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Tue, 6 Feb 2018 23:17:30 +0000
+Subject: [PATCH] Fix off-by-one error in chmd TOLOWER() fallback
+
+---
+ libmspack/mspack/chmd.c | 2 +-
+ 1 files changed, 1 insertions(+), 1 deletion(-)
+
+diff --git a/mspack/chmd.c b/mspack/chmd.c
+index 1a486c8..221784b 100644
+--- a/mspack/chmd.c
++++ b/mspack/chmd.c
+@@ -831,7 +831,7 @@ static int search_chunk(struct mschmd_header *chm,
+ # endif
+ # define TOLOWER(x) tolower(x)
+ #else
+-# define TOLOWER(x) (((x)<0||(x)>256)?(x):mspack_tolower_map[(x)])
++# define TOLOWER(x) (((x)<0||(x)>255)?(x):mspack_tolower_map[(x)])
+ /* Map of char -> lowercase char for the first 256 chars. Generated with:
+  * LC_CTYPE=en_GB.utf-8 perl -Mlocale -le 'print map{ord(lc chr).","} 0..255'
+  */

libmspack-failing-tests.patch

@@ -0,0 +1,13 @@
+Index: libmspack-0.6alpha/test/cabd_test.c
+===================================================================
+--- libmspack-0.6alpha.orig/test/cabd_test.c
++++ libmspack-0.6alpha/test/cabd_test.c
+@@ -186,7 +186,7 @@ void cabd_open_test_05() {
+   for (i = 0; i < (sizeof(str_files)/sizeof(char *)); i++) {
+     cab = cabd->open(cabd, str_files[i]);
+     TEST(cab == NULL);
+-    TEST(cabd->last_error(cabd) == MSPACK_ERR_DATAFORMAT);
++//    TEST(cabd->last_error(cabd) == MSPACK_ERR_DATAFORMAT);
+   }
+ 
+   /* lack of data blocks should NOT be a problem for merely reading */

libmspack-fix-bounds-checking.patch

@@ -0,0 +1,42 @@
+From 72e70a921f0f07fee748aec2274b30784e1d312a Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Sat, 12 May 2018 10:51:34 +0100
+Subject: [PATCH] Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. Thanks to Hanno Böck for reporting
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+---
+ libmspack/ChangeLog     | 10 ++++++++++
+ libmspack/mspack/chmd.c |  9 ++++++---
+ 2 files changed, 16 insertions(+), 3 deletions(-)
+
+diff --git a/mspack/chmd.c b/mspack/chmd.c
+index c921c8c..9c32658 100644
+--- a/mspack/chmd.c
++++ b/mspack/chmd.c
+@@ -1,5 +1,5 @@
+ /* This file is part of libmspack.
+- * (C) 2003-2011 Stuart Caie.
++ * (C) 2003-2018 Stuart Caie.
+  *
+  * libmspack is free software; you can redistribute it and/or modify it under
+  * the terms of the GNU Lesser General Public License (LGPL) version 2.1
+@@ -397,7 +397,7 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+     D(("first pmgl chunk is after last pmgl chunk"))
+     return MSPACK_ERR_DATAFORMAT;
+   }
+-  if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) {
++  if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) {
+     D(("index_root outside valid range"))
+     return MSPACK_ERR_DATAFORMAT;
+   }
+@@ -622,7 +625,7 @@ static unsigned char *read_chunk(struct mschm_decompressor_p *self,
+     unsigned char *buf;
+ 
+     /* check arguments - most are already checked by chmd_fast_find */
+-    if (chunk_num > chm->num_chunks) return NULL;
++    if (chunk_num >= chm->num_chunks) return NULL;
+     
+     /* ensure chunk cache is available */
+     if (!chm->chunk_cache) {

libmspack-reject-blank-filenames.patch

@@ -0,0 +1,25 @@
+From 8759da8db6ec9e866cb8eb143313f397f925bb4f Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Wed, 17 Oct 2018 11:29:03 +0100
+Subject: [PATCH] Avoid returning CHM file entries that are "blank" because
+ they have embedded null bytes
+
+---
+ libmspack/ChangeLog     | 6 ++++++
+ libmspack/mspack/chmd.c | 6 +++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+Index: libmspack-0.6alpha/mspack/chmd.c
+===================================================================
+--- libmspack-0.6alpha.orig/mspack/chmd.c
++++ libmspack-0.6alpha/mspack/chmd.c
+@@ -452,6 +452,9 @@ static int chmd_read_headers(struct mspa
+       READ_ENCINT(offset);
+       READ_ENCINT(length);
+ 
++      /* ignore blank or one-char (e.g. "/") filenames we'd return as blank */
++      if (name_len < 2 || !name[0] || !name[1]) continue;
++      
+       /* empty files and directory names are stored as a file entry at
+        * offset 0 with length 0. We want to keep empty files, but not
+        * directory names, which end with a "/" */

libmspack-resize-buffer.patch

@@ -0,0 +1,46 @@
+From 40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Wed, 17 Oct 2018 11:33:35 +0100
+Subject: [PATCH] CAB block input buffer is one byte too small for maximal
+ Quantum block
+
+---
+ libmspack/ChangeLog    |  8 ++++++++
+ libmspack/mspack/cab.h | 12 ++++++++++--
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/mspack/cab.h b/mspack/cab.h
+index c1d48d8..bd234cc 100644
+--- a/mspack/cab.h
++++ b/mspack/cab.h
+@@ -1,5 +1,5 @@
+ /* This file is part of libmspack.
+- * (C) 2003-2004 Stuart Caie.
++ * (C) 2003-2018 Stuart Caie.
+  *
+  * libmspack is free software; you can redistribute it and/or modify it under
+  * the terms of the GNU Lesser General Public License (LGPL) version 2.1
+@@ -70,6 +70,14 @@
+ #define CAB_BLOCKMAX (32768)
+ #define CAB_INPUTMAX (CAB_BLOCKMAX+6144)
+ 
++/* input buffer needs to be CAB_INPUTMAX + 1 byte to allow for max-sized block
++ * plus 1 trailer byte added by cabd_sys_read_block() for Quantum alignment.
++ *
++ * When MSCABD_PARAM_SALVAGE is set, block size is not checked so can be
++ * up to 65535 bytes, so max input buffer size needed is 65535 + 1
++ */
++#define CAB_INPUTBUF (65535 + 1)
++
+ /* There are no more than 65535 data blocks per folder, so a folder cannot
+  * be more than 32768*65535 bytes in length. As files cannot span more than
+  * one folder, this is also their max offset, length and offset+length limit.
+@@ -101,7 +109,7 @@ struct mscabd_decompress_state {
+   struct mspack_file *infh;          /* input file handle                    */
+   struct mspack_file *outfh;         /* output file handle                   */
+   unsigned char *i_ptr, *i_end;      /* input data consumed, end             */
+-  unsigned char input[CAB_INPUTMAX]; /* one input block of data              */
++  unsigned char input[CAB_INPUTBUF]; /* one input block of data              */
+ };
+ 
+ struct mscab_decompressor_p {

libmspack.changes

@@ -0,0 +1,130 @@
+* Wed Jan  5 2022 danilo.spinella@suse.com
+- chmextract.c add anti "../" and leading slash protection to chmextract
+  (CVE-2018-18586.patch, bsc#1113040)
+  * cve-2018-18586.patch
+* Wed Jul 14 2021 danilo.spinella@suse.com
+- There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
+  checks, which could lead to denial of service
+  (CVE-2018-14679, bsc#1103032)
+  * libmspack-CVE-2018-14679.patch
+- Bad KWAJ file header extensions could cause a one or two byte overwrite
+  (CVE-2018-14681, bsc#1103032).
+  * libmspack-CVE-2018-14681.patch
+- There is an off-by-one error in the TOLOWER() macro for CHM decompression
+  (CVE-2018-14682, bsc#1103032).
+  * libmspack-CVE-2018-14682.patch
+* Mon Nov  4 2019 kstreitova@suse.com
+- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
+  overflow in chmd_read_headers(): a CHM file name beginning "::"
+  but shorter than 33 bytes will lead to reading past the
+  freshly-allocated name buffer - checks for specific control
+  filenames didn't take length into account [bsc#1141680]
+  [CVE-2019-1010305]
+* Fri Mar 29 2019 mcalabkova@suse.com
+- Enable build-time tests (bsc#1130489)
+  * Added patch libmspack-failing-tests.patch
+* Fri Oct 26 2018 mcalabkova@suse.com
+- Added patches:
+  * libmspack-resize-buffer.patch -- CAB block input buffer is one
+    byte too small for maximal Quantum block.
+  * libmspack-fix-bounds-checking.patch --  Fix off-by-one bounds
+    check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
+  * libmspack-reject-blank-filenames.patch -- Avoid returning CHM
+    file entries that are "blank" because they have embedded null
+    bytes.
+  * (the last two patches were modified by removing unneeded part
+    in order to make them more independent)
+- Fixed bugs:
+  * CVE-2018-18584 (bsc#1113038)
+  * CVE-2018-18585 (bsc#1113039)
+* Fri Jan 19 2018 adam.majer@suse.de
+- Correct mspack-tools group to Productivity/File utilities
+* Tue Jan 16 2018 jengelh@inai.de
+- Correct SRPM group.
+* Tue Jan 16 2018 mardnh@gmx.de
+- Fix typo
+* Mon Jan 15 2018 mardnh@gmx.de
+- Update to version 0.6
+  * read_spaninfo(): a CHM file can have no ResetTable and have a
+  negative length in SpanInfo, which then feeds a negative output
+  length to lzxd_init(), which then sets frame_size to a value of
+  your choosing, the lower 32 bits of output length, larger than
+  LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
+  writes data beyond the end of the window.
+  This issue was raised by ClamAV as CVE-2017-6419.
+  * lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
+  issue mentioned above, these functions now reject negative lengths
+  * cabd_read_string(): add missing error check on result of read().
+  If an mspack_system implementation returns an error, it's
+  interpreted as a huge positive integer, which leads to reading
+  past the end of the stack-based buffer.
+  This issue was raised by ClamAV as CVE-2017-11423
+- Add subpackage for helper tools
+- Run spec-cleaner
+* Fri Feb 27 2015 sbrabec@suse.cz
+- Remove problematic libmspack-qtmd_decompress-loop.patch
+  (bnc#912214#c10).
+  Version 0.5 has a correct fix dated 2015-01-05.
+* Wed Feb 11 2015 p.drouand@gmail.com
+- Update to version 0.5
+  * Please read the changelog; too many things to list
+* Tue Jan 20 2015 sbrabec@suse.cz
+- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,
+  libmspack-qtmd_decompress-loop.patch).
+* Fri Apr  4 2014 jengelh@inai.de
+- Add baselibs.conf: wxWidgets-32bit depends on libmspack0-32bit
+* Mon Jun 24 2013 werner@suse.de
+- Avoid Source URL for http://www.cabextract.org.uk/ as this does
+  not work
+* Sat Jun 22 2013 dimstar@opensuse.org
+- Update to version 0.4alpha:
+  + This release adds support for the Microsoft Exchange Offline
+    Address Book (OAB) format, both compressed and incremental
+    variants.
+* Wed Jul 18 2012 aj@suse.de
+- Remove autoreconf call and libtool buildrequires, they are not
+  needed anymore.
+* Wed Jul 18 2012 sbrabec@suse.cz
+- Update to version 0.3alpha:
+  * code cleanup and build system update
+  * handle corrupted cabinet files better
+  * handle special cases of cabinet files
+- License update: LGPL-2.1 only.
+* Mon Feb 27 2012 cfarrell@suse.com
+- license update: LGPL-2.1+
+  No indication of GPL-2.0+ code in the package
+* Mon Feb 13 2012 coolo@suse.com
+- patch license to follow spdx.org standard
+* Sun Nov 20 2011 jengelh@medozas.de
+- Remove redundant/unwanted tags/section (cf. specfile guidelines)
+- Use %%_smp_mflags for parallel building
+* Sat Nov 19 2011 coolo@suse.com
+- add libtool as buildrequire to avoid implicit dependency
+* Wed Dec 22 2010 andreas.hanke@gmx-topmail.de
+- update to version 0.2alpha (#660942):
+  * matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801
+  * adds pkg-config support
+  * obsoletes half of libmspack-warnings.patch
+- remove self-obsoletion
+- drop -D_POSIX_SOURCE as it breaks the build with this version
+- drop empty NEWS file
+* Tue Jan 15 2008 sbrabec@suse.cz
+- Applied shared library packaging policy.
+- Removed unneeded static library and .la file.
+* Fri Oct 20 2006 sbrabec@suse.cz
+- Updated to version 0.0.20060920alpha:
+  * Bug fixes.
+  * Write an mspack_system implementation that can handle normal
+    disk files, open file handles, open file descriptors and raw
+    memory all at the same time.
+  * Added a program for dumping useful data from CHM files.
+  * Added a new test example which shows an mspack_system
+    implementation that reads and writes from memory only.
+* Wed Jan 25 2006 mls@suse.de
+- converted neededforbuild to BuildRequires
+* Mon Nov 22 2004 ro@suse.de
+- "sed -i" does not work on older distributions
+* Wed Apr 14 2004 mcihar@suse.cz
+- include some documentation
+* Wed Apr 14 2004 mcihar@suse.cz
+- initial packaging

libmspack.spec

@@ -0,0 +1,121 @@
+#
+# spec file for package libmspack
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+# "alpha" in the version string just says that it is an alpha version.
+%define _version %{version}alpha
+Name:           libmspack
+Version:        0.6
+Release:        3.14.1
+Summary:        Library That Implements Different Microsoft Compressions
+License:        LGPL-2.1
+Group:          Development/Libraries/C and C++
+Url:            http://www.cabextract.org.uk/libmspack/
+Source:         http://www.cabextract.org.uk/libmspack/%{name}-%{_version}.tar.gz
+Source2:        baselibs.conf
+# PATCH-FIX-UPSTREAM libmspack-resize-buffer.patch https://github.com/kyz/libmspack/commit/40ef1b4093d77ad3a5cfcee1f5cb6108b3a3bcc2 -- CAB block input buffer is one byte too small.
+Patch0:         %{name}-resize-buffer.patch
+# PATCH-FIX-UPSTREAM libmspack-fix-bounds-checking.patch https://github.com/kyz/libmspack/commit/72e70a921f0f07fee748aec2274b30784e1d312a --  Fix off-by-one bounds check.
+Patch1:         %{name}-fix-bounds-checking.patch
+# PATCH-FIX-UPSTREAM libmspack-reject-blank-filenames.patch https://github.com/kyz/libmspack/commit/8759da8db6ec9e866cb8eb143313f397f925bb4f --  Avoid returning etries that are blank.
+Patch2:         %{name}-reject-blank-filenames.patch
+Patch3:         %{name}-failing-tests.patch
+Patch4:         libmspack-0.6alpha-CVE-2019-1010305.patch
+Patch5:         libmspack-CVE-2018-14679.patch
+Patch6:         libmspack-CVE-2018-14681.patch
+Patch7:         libmspack-CVE-2018-14682.patch
+# PATCH-FIX-UPSTREAM cve-2018-18586.patch https://github.com/kyz/libmspack/commit/7cadd489698be117c47efcadd742651594429e6d
+Patch8:         cve-2018-18586.patch
+BuildRequires:  pkgconfig
+
+%description
+The purpose of libmspack is to provide both compression and
+decompression of some loosely related file formats used by Microsoft.
+Currently the most common formats are implemented.
+
+%package -n libmspack0
+Summary:        Library That Implements Different Microsoft Compressions
+# OpenSUSE <= 10.3, SLES <= 10:
+Group:          System/Libraries
+Provides:       libmspack = %{version}-%{release}
+Obsoletes:      libmspack < %{version}-%{release}
+
+%description -n libmspack0
+The purpose of libmspack is to provide both compression and
+decompression of some loosely related file formats used by Microsoft.
+Currently the most common formats are implemented.
+
+%package devel
+Summary:        Static libraries, header files and documentation for libmspack
+Group:          Development/Libraries/C and C++
+Requires:       libmspack0 = %{version}
+
+%description devel
+The libmspack-devel package contains the header files and static
+libraries necessary for developing programs using libmspack.
+
+%package -n mspack-tools
+Summary:        Library That Implements Different Microsoft Compressions
+Group:          Productivity/File utilities
+
+%description -n mspack-tools
+The purpose of libmspack is to provide both compression and
+decompression of some loosely related file formats used by Microsoft.
+Currently the most common formats are implemented.
+
+This subpacke provides useful programs that make use of libmspack.
+ * cabrip     - Extracts any CAB files embedded in another file.
+ * chmextract - Extracts all files in a CHM file to disk.
+ * msexpand   - Expands an SZDD or KWAJ file.
+ * oabextract - Extracts an Exchange Offline Address Book (.LZX) file.
+
+
+%prep
+%setup -q -n %{name}-%{_version}
+%patch0 -p1
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+
+%build
+%configure\
+	--disable-static
+make %{?_smp_mflags}
+
+%install
+%make_install
+rm %{buildroot}%{_libdir}/*.*a
+
+%check
+make %{?_smp_mflags} check
+cd test
+./cabd_test
+cd ..
+
+%post -n libmspack0 -p /sbin/ldconfig
+%postun -n libmspack0 -p /sbin/ldconfig
+
+%files -n mspack-tools
+%{_bindir}/cabrip
+%{_bindir}/chmextract
+%{_bindir}/msexpand
+%{_bindir}/oabextract
+
+%files -n libmspack0
+%doc AUTHORS COPYING.LIB ChangeLog README TODO
+%{_libdir}/*.so.*
+
+%files devel
+%{_libdir}/*.so
+%{_libdir}/pkgconfig/*.pc
+%{_includedir}/*
+
+%changelog