130 lines
5.6 KiB
Text
130 lines
5.6 KiB
Text
* Wed Jan 5 2022 danilo.spinella@suse.com
|
|
- chmextract.c add anti "../" and leading slash protection to chmextract
|
|
(CVE-2018-18586.patch, bsc#1113040)
|
|
* cve-2018-18586.patch
|
|
* Wed Jul 14 2021 danilo.spinella@suse.com
|
|
- There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
|
|
checks, which could lead to denial of service
|
|
(CVE-2018-14679, bsc#1103032)
|
|
* libmspack-CVE-2018-14679.patch
|
|
- Bad KWAJ file header extensions could cause a one or two byte overwrite
|
|
(CVE-2018-14681, bsc#1103032).
|
|
* libmspack-CVE-2018-14681.patch
|
|
- There is an off-by-one error in the TOLOWER() macro for CHM decompression
|
|
(CVE-2018-14682, bsc#1103032).
|
|
* libmspack-CVE-2018-14682.patch
|
|
* Mon Nov 4 2019 kstreitova@suse.com
|
|
- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
|
|
overflow in chmd_read_headers(): a CHM file name beginning "::"
|
|
but shorter than 33 bytes will lead to reading past the
|
|
freshly-allocated name buffer - checks for specific control
|
|
filenames didn't take length into account [bsc#1141680]
|
|
[CVE-2019-1010305]
|
|
* Fri Mar 29 2019 mcalabkova@suse.com
|
|
- Enable build-time tests (bsc#1130489)
|
|
* Added patch libmspack-failing-tests.patch
|
|
* Fri Oct 26 2018 mcalabkova@suse.com
|
|
- Added patches:
|
|
* libmspack-resize-buffer.patch -- CAB block input buffer is one
|
|
byte too small for maximal Quantum block.
|
|
* libmspack-fix-bounds-checking.patch -- Fix off-by-one bounds
|
|
check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
|
|
* libmspack-reject-blank-filenames.patch -- Avoid returning CHM
|
|
file entries that are "blank" because they have embedded null
|
|
bytes.
|
|
* (the last two patches were modified by removing unneeded part
|
|
in order to make them more independent)
|
|
- Fixed bugs:
|
|
* CVE-2018-18584 (bsc#1113038)
|
|
* CVE-2018-18585 (bsc#1113039)
|
|
* Fri Jan 19 2018 adam.majer@suse.de
|
|
- Correct mspack-tools group to Productivity/File utilities
|
|
* Tue Jan 16 2018 jengelh@inai.de
|
|
- Correct SRPM group.
|
|
* Tue Jan 16 2018 mardnh@gmx.de
|
|
- Fix typo
|
|
* Mon Jan 15 2018 mardnh@gmx.de
|
|
- Update to version 0.6
|
|
* read_spaninfo(): a CHM file can have no ResetTable and have a
|
|
negative length in SpanInfo, which then feeds a negative output
|
|
length to lzxd_init(), which then sets frame_size to a value of
|
|
your choosing, the lower 32 bits of output length, larger than
|
|
LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
|
|
writes data beyond the end of the window.
|
|
This issue was raised by ClamAV as CVE-2017-6419.
|
|
* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
|
|
issue mentioned above, these functions now reject negative lengths
|
|
* cabd_read_string(): add missing error check on result of read().
|
|
If an mspack_system implementation returns an error, it's
|
|
interpreted as a huge positive integer, which leads to reading
|
|
past the end of the stack-based buffer.
|
|
This issue was raised by ClamAV as CVE-2017-11423
|
|
- Add subpackage for helper tools
|
|
- Run spec-cleaner
|
|
* Fri Feb 27 2015 sbrabec@suse.cz
|
|
- Remove problematic libmspack-qtmd_decompress-loop.patch
|
|
(bnc#912214#c10).
|
|
Version 0.5 has a correct fix dated 2015-01-05.
|
|
* Wed Feb 11 2015 p.drouand@gmail.com
|
|
- Update to version 0.5
|
|
* Please read the changelog; too many things to list
|
|
* Tue Jan 20 2015 sbrabec@suse.cz
|
|
- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,
|
|
libmspack-qtmd_decompress-loop.patch).
|
|
* Fri Apr 4 2014 jengelh@inai.de
|
|
- Add baselibs.conf: wxWidgets-32bit depends on libmspack0-32bit
|
|
* Mon Jun 24 2013 werner@suse.de
|
|
- Avoid Source URL for http://www.cabextract.org.uk/ as this does
|
|
not work
|
|
* Sat Jun 22 2013 dimstar@opensuse.org
|
|
- Update to version 0.4alpha:
|
|
+ This release adds support for the Microsoft Exchange Offline
|
|
Address Book (OAB) format, both compressed and incremental
|
|
variants.
|
|
* Wed Jul 18 2012 aj@suse.de
|
|
- Remove autoreconf call and libtool buildrequires, they are not
|
|
needed anymore.
|
|
* Wed Jul 18 2012 sbrabec@suse.cz
|
|
- Update to version 0.3alpha:
|
|
* code cleanup and build system update
|
|
* handle corrupted cabinet files better
|
|
* handle special cases of cabinet files
|
|
- License update: LGPL-2.1 only.
|
|
* Mon Feb 27 2012 cfarrell@suse.com
|
|
- license update: LGPL-2.1+
|
|
No indication of GPL-2.0+ code in the package
|
|
* Mon Feb 13 2012 coolo@suse.com
|
|
- patch license to follow spdx.org standard
|
|
* Sun Nov 20 2011 jengelh@medozas.de
|
|
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
|
|
- Use %%_smp_mflags for parallel building
|
|
* Sat Nov 19 2011 coolo@suse.com
|
|
- add libtool as buildrequire to avoid implicit dependency
|
|
* Wed Dec 22 2010 andreas.hanke@gmx-topmail.de
|
|
- update to version 0.2alpha (#660942):
|
|
* matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801
|
|
* adds pkg-config support
|
|
* obsoletes half of libmspack-warnings.patch
|
|
- remove self-obsoletion
|
|
- drop -D_POSIX_SOURCE as it breaks the build with this version
|
|
- drop empty NEWS file
|
|
* Tue Jan 15 2008 sbrabec@suse.cz
|
|
- Applied shared library packaging policy.
|
|
- Removed unneeded static library and .la file.
|
|
* Fri Oct 20 2006 sbrabec@suse.cz
|
|
- Updated to version 0.0.20060920alpha:
|
|
* Bug fixes.
|
|
* Write an mspack_system implementation that can handle normal
|
|
disk files, open file handles, open file descriptors and raw
|
|
memory all at the same time.
|
|
* Added a program for dumping useful data from CHM files.
|
|
* Added a new test example which shows an mspack_system
|
|
implementation that reads and writes from memory only.
|
|
* Wed Jan 25 2006 mls@suse.de
|
|
- converted neededforbuild to BuildRequires
|
|
* Mon Nov 22 2004 ro@suse.de
|
|
- "sed -i" does not work on older distributions
|
|
* Wed Apr 14 2004 mcihar@suse.cz
|
|
- include some documentation
|
|
* Wed Apr 14 2004 mcihar@suse.cz
|
|
- initial packaging
|