File libmspack.changes of Package libmspack.20476

-------------------------------------------------------------------
Wed Jul 14 14:16:42 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com>

- There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
  checks, which could lead to denial of service
  (CVE-2018-14679, bsc#1103032)
  * libmspack-CVE-2018-14679.patch
- Bad KWAJ file header extensions could cause a one or two byte overwrite
  (CVE-2018-14681, bsc#1103032).
  * libmspack-CVE-2018-14681.patch
- There is an off-by-one error in the TOLOWER() macro for CHM decompression
  (CVE-2018-14682, bsc#1103032).
  * libmspack-CVE-2018-14682.patch

-------------------------------------------------------------------
Mon Nov  4 14:03:34 UTC 2019 - Kristyna Streitova <kstreitova@suse.com>

- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
  overflow in chmd_read_headers(): a CHM file name beginning "::"
  but shorter than 33 bytes will lead to reading past the
  freshly-allocated name buffer - checks for specific control
  filenames didn't take length into account [bsc#1141680]
  [CVE-2019-1010305]

-------------------------------------------------------------------
Fri Mar 29 09:28:09 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>

- Enable build-time tests (bsc#1130489)
  * Added patch libmspack-failing-tests.patch

-------------------------------------------------------------------
Fri Oct 26 11:15:24 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com>

- Added patches:
  * libmspack-resize-buffer.patch -- CAB block input buffer is one 
    byte too small for maximal Quantum block.
  * libmspack-fix-bounds-checking.patch --  Fix off-by-one bounds 
    check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
  * libmspack-reject-blank-filenames.patch -- Avoid returning CHM 
    file entries that are "blank" because they have embedded null 
    bytes.
  * (the last two patches were modified by removing unneeded part
    in order to make them more independent)
- Fixed bugs:
  * CVE-2018-18584 (bsc#1113038)
  * CVE-2018-18585 (bsc#1113039)

-------------------------------------------------------------------
Fri Jan 19 07:06:44 UTC 2018 - adam.majer@suse.de

- Correct mspack-tools group to Productivity/File utilities

-------------------------------------------------------------------
Tue Jan 16 21:40:41 UTC 2018 - jengelh@inai.de

- Correct SRPM group.

-------------------------------------------------------------------
Tue Jan 16 19:07:45 UTC 2018 - mardnh@gmx.de

- Fix typo

-------------------------------------------------------------------
Mon Jan 15 14:27:41 UTC 2018 - mardnh@gmx.de

- Update to version 0.6
   * read_spaninfo(): a CHM file can have no ResetTable and have a
   negative length in SpanInfo, which then feeds a negative output 
   length to lzxd_init(), which then sets frame_size to a value of
   your choosing, the lower 32 bits of output length, larger than 
   LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
   writes data beyond the end of the window.
   This issue was raised by ClamAV as CVE-2017-6419.

   * lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the 
   issue mentioned above, these functions now reject negative lengths

   * cabd_read_string(): add missing error check on result of read().
   If an mspack_system implementation returns an error, it's
   interpreted as a huge positive integer, which leads to reading
   past the end of the stack-based buffer.
   This issue was raised by ClamAV as CVE-2017-11423

- Add subpackage for helper tools
- Run spec-cleaner

-------------------------------------------------------------------
Fri Feb 27 18:02:21 CET 2015 - sbrabec@suse.cz

- Remove problematic libmspack-qtmd_decompress-loop.patch
  (bnc#912214#c10).
  Version 0.5 has a correct fix dated 2015-01-05.

-------------------------------------------------------------------
Wed Feb 11 22:50:46 UTC 2015 - p.drouand@gmail.com

- Update to version 0.5
  * Please read the changelog; too many things to list

-------------------------------------------------------------------
Tue Jan 20 18:12:19 CET 2015 - sbrabec@suse.cz

- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,
  libmspack-qtmd_decompress-loop.patch).

-------------------------------------------------------------------
Fri Apr  4 08:58:51 UTC 2014 - jengelh@inai.de

- Add baselibs.conf: wxWidgets-32bit depends on libmspack0-32bit

-------------------------------------------------------------------
Mon Jun 24 10:13:52 UTC 2013 - werner@suse.de

- Avoid Source URL for http://www.cabextract.org.uk/ as this does
  not work 

-------------------------------------------------------------------
Sat Jun 22 17:08:46 UTC 2013 - dimstar@opensuse.org

- Update to version 0.4alpha:
  + This release adds support for the Microsoft Exchange Offline
    Address Book (OAB) format, both compressed and incremental
    variants.

-------------------------------------------------------------------
Wed Jul 18 18:35:42 UTC 2012 - aj@suse.de

- Remove autoreconf call and libtool buildrequires, they are not
  needed anymore.

-------------------------------------------------------------------
Wed Jul 18 19:12:53 CEST 2012 - sbrabec@suse.cz

- Update to version 0.3alpha:
  * code cleanup and build system update
  * handle corrupted cabinet files better
  * handle special cases of cabinet files
- License update: LGPL-2.1 only.

-------------------------------------------------------------------
Mon Feb 27 15:14:56 UTC 2012 - cfarrell@suse.com

- license update: LGPL-2.1+
  No indication of GPL-2.0+ code in the package

-------------------------------------------------------------------
Mon Feb 13 10:48:55 UTC 2012 - coolo@suse.com

- patch license to follow spdx.org standard

-------------------------------------------------------------------
Sun Nov 20 20:44:56 UTC 2011 - jengelh@medozas.de

- Remove redundant/unwanted tags/section (cf. specfile guidelines)
- Use %_smp_mflags for parallel building

-------------------------------------------------------------------
Sat Nov 19 20:42:31 UTC 2011 - coolo@suse.com

- add libtool as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Wed Dec 22 05:21:45 CET 2010 - andreas.hanke@gmx-topmail.de

- update to version 0.2alpha (#660942):
  * matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801
  * adds pkg-config support
  * obsoletes half of libmspack-warnings.patch
- remove self-obsoletion
- drop -D_POSIX_SOURCE as it breaks the build with this version
- drop empty NEWS file

-------------------------------------------------------------------
Tue Jan 15 17:30:34 CET 2008 - sbrabec@suse.cz

- Applied shared library packaging policy.
- Removed unneeded static library and .la file.

-------------------------------------------------------------------
Fri Oct 20 15:41:06 CEST 2006 - sbrabec@suse.cz

- Updated to version 0.0.20060920alpha:
  * Bug fixes.
  * Write an mspack_system implementation that can handle normal
    disk files, open file handles, open file descriptors and raw
    memory all at the same time.
  * Added a program for dumping useful data from CHM files.
  * Added a new test example which shows an mspack_system
    implementation that reads and writes from memory only.

-------------------------------------------------------------------
Wed Jan 25 21:37:34 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Mon Nov 22 11:59:08 CET 2004 - ro@suse.de

- "sed -i" does not work on older distributions

-------------------------------------------------------------------
Wed Apr 14 15:39:48 CEST 2004 - mcihar@suse.cz

- include some documentation

-------------------------------------------------------------------
Wed Apr 14 11:06:06 CEST 2004 - mcihar@suse.cz

- initial packaging