SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libmspack-devel-0.6-lp150.2.3.1.x86_64.rpm :

* Fri Oct 26 2018 Marketa Calabkova - Added patches:
* libmspack-resize-buffer.patch -- CAB block input buffer is one byte too small for maximal Quantum block.
* libmspack-fix-bounds-checking.patch -- Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
* libmspack-reject-blank-filenames.patch -- Avoid returning CHM file entries that are \"blank\" because they have embedded null bytes.
* (the last two patches were modified by removing unneeded part in order to make them more independent)- Fixed bugs:
* CVE-2018-18584 (bsc#1113038)
* CVE-2018-18585 (bsc#1113039)
* Fri Jan 19 2018 adam.majerAATTsuse.de- Correct mspack-tools group to Productivity/File utilities
* Tue Jan 16 2018 jengelhAATTinai.de- Correct SRPM group.
* Tue Jan 16 2018 mardnhAATTgmx.de- Fix typo
* Mon Jan 15 2018 mardnhAATTgmx.de- Update to version 0.6
* read_spaninfo(): a CHM file can have no ResetTable and have a negative length in SpanInfo, which then feeds a negative output length to lzxd_init(), which then sets frame_size to a value of your choosing, the lower 32 bits of output length, larger than LZX_FRAME_SIZE. If the first LZX block is uncompressed, this writes data beyond the end of the window. This issue was raised by ClamAV as CVE-2017-6419.
* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the issue mentioned above, these functions now reject negative lengths
* cabd_read_string(): add missing error check on result of read(). If an mspack_system implementation returns an error, it\'s interpreted as a huge positive integer, which leads to reading past the end of the stack-based buffer. This issue was raised by ClamAV as CVE-2017-11423- Add subpackage for helper tools- Run spec-cleaner
* Fri Feb 27 2015 sbrabecAATTsuse.cz- Remove problematic libmspack-qtmd_decompress-loop.patch (bnc#912214#c10). Version 0.5 has a correct fix dated 2015-01-05.
* Wed Feb 11 2015 p.drouandAATTgmail.com- Update to version 0.5
* Please read the changelog; too many things to list
* Tue Jan 20 2015 sbrabecAATTsuse.cz- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556, libmspack-qtmd_decompress-loop.patch).
* Fri Apr 04 2014 jengelhAATTinai.de- Add baselibs.conf: wxWidgets-32bit depends on libmspack0-32bit
* Mon Jun 24 2013 wernerAATTsuse.de- Avoid Source URL for http://www.cabextract.org.uk/ as this does not work
* Sat Jun 22 2013 dimstarAATTopensuse.org- Update to version 0.4alpha: + This release adds support for the Microsoft Exchange Offline Address Book (OAB) format, both compressed and incremental variants.
* Wed Jul 18 2012 ajAATTsuse.de- Remove autoreconf call and libtool buildrequires, they are not needed anymore.
* Wed Jul 18 2012 sbrabecAATTsuse.cz- Update to version 0.3alpha:
* code cleanup and build system update
* handle corrupted cabinet files better
* handle special cases of cabinet files- License update: LGPL-2.1 only.
* Mon Feb 27 2012 cfarrellAATTsuse.com- license update: LGPL-2.1+ No indication of GPL-2.0+ code in the package
* Mon Feb 13 2012 cooloAATTsuse.com- patch license to follow spdx.org standard
* Sun Nov 20 2011 jengelhAATTmedozas.de- Remove redundant/unwanted tags/section (cf. specfile guidelines)- Use %_smp_mflags for parallel building
* Sat Nov 19 2011 cooloAATTsuse.com- add libtool as buildrequire to avoid implicit dependency
* Wed Dec 22 2010 andreas.hankeAATTgmx-topmail.de- update to version 0.2alpha (#660942):
* matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801
* adds pkg-config support
* obsoletes half of libmspack-warnings.patch- remove self-obsoletion- drop -D_POSIX_SOURCE as it breaks the build with this version- drop empty NEWS file
  
ICM