File libmspack.changes of Package libmspack
-------------------------------------------------------------------
Mon Jan 22 17:09:16 UTC 2024 - Danilo Spinella <danilo.spinella@suse.com>
- The following bugs and CVEs are not affecting TW:
* CVE-2018-18584
* CVE-2018-18585
* CVE-2018-18586
* CVE-2019-1010305
* bsc#1113038
* bsc#1113039
* bsc#1113040
* bsc#1130489
* bsc#1141680
-------------------------------------------------------------------
Mon Feb 6 10:46:11 UTC 2023 - Paolo Stivanin <info@paolostivanin.com>
- Update to version 0.11:
* see https://github.com/kyz/libmspack/blob/master/libmspack/ChangeLog
for a full changelog
-------------------------------------------------------------------
Wed Mar 6 17:06:03 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 0.10.1
* Bugfix release, no functional changes
-------------------------------------------------------------------
Mon Mar 4 14:40:31 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- Update to version 0.10:
* Fix Heap buffer overflow in chmd_read_headers()
* Fix memory exhausted in chmd_read_headers()
* Fix memory exhausted in oabd_decompress()
-------------------------------------------------------------------
Wed Nov 7 23:00:02 CET 2018 - sbrabec@suse.com
- Update to version 0.9.1:
* Fix bug in decompressing data to get to the correct folder
offset when the folder is LZX compressed (0.8 regression).
* Build system cleanup
* Testsuite available
* Does not install testing tools and examples by default.
- Rename mspack-tools to mspack-examples to follow upstream change.
-------------------------------------------------------------------
Tue Oct 23 17:51:23 UTC 2018 - sbrabec@suse.com
- Update to version 0.8:
* New parameter MSCABD_PARAM_SALVAGE which permits salvaging
badly damaged files rather than rejecting them outright.
* Fix the above 38912-byte Quantum CAB block bug.
* Reject blank CHM filenames that are blank because they have
embedded null bytes.
* chmextract: Protect from absolute/relative pathnames in CHM
files.
-------------------------------------------------------------------
Mon Jul 30 16:59:22 CEST 2018 - sbrabec@suse.com
- Update to version 0.7 (bsc#1103032):
* Fix 1 or 2 byte overwrite by bad KWAJ file header extensions
(CVE-2018-14681).
* Fix 1 byte overread by character U+0100 in a CHM filename
(CVE-2018-14682).
* Reject blank CHM filenames (CVE-2018-14680).
* Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
which could cause a crash (CVE-2018-14679).
-------------------------------------------------------------------
Fri Jan 19 07:06:44 UTC 2018 - adam.majer@suse.de
- Correct mspack-tools group to Productivity/File utilities
-------------------------------------------------------------------
Tue Jan 16 21:40:41 UTC 2018 - jengelh@inai.de
- Correct SRPM group.
-------------------------------------------------------------------
Tue Jan 16 19:07:45 UTC 2018 - mardnh@gmx.de
- Fix typo
-------------------------------------------------------------------
Mon Jan 15 14:27:41 UTC 2018 - mardnh@gmx.de
- Update to version 0.6
* read_spaninfo(): a CHM file can have no ResetTable and have a
negative length in SpanInfo, which then feeds a negative output
length to lzxd_init(), which then sets frame_size to a value of
your choosing, the lower 32 bits of output length, larger than
LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
writes data beyond the end of the window.
This issue was raised by ClamAV as CVE-2017-6419.
* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
issue mentioned above, these functions now reject negative lengths
* cabd_read_string(): add missing error check on result of read().
If an mspack_system implementation returns an error, it's
interpreted as a huge positive integer, which leads to reading
past the end of the stack-based buffer.
This issue was raised by ClamAV as CVE-2017-11423
- Add subpackage for helper tools
- Run spec-cleaner
-------------------------------------------------------------------
Fri Feb 27 18:02:21 CET 2015 - sbrabec@suse.cz
- Remove problematic libmspack-qtmd_decompress-loop.patch
(bnc#912214#c10).
Version 0.5 has a correct fix dated 2015-01-05.
-------------------------------------------------------------------
Wed Feb 11 22:50:46 UTC 2015 - p.drouand@gmail.com
- Update to version 0.5
* Please read the changelog; too many things to list
-------------------------------------------------------------------
Tue Jan 20 18:12:19 CET 2015 - sbrabec@suse.cz
- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,
libmspack-qtmd_decompress-loop.patch).
-------------------------------------------------------------------
Fri Apr 4 08:58:51 UTC 2014 - jengelh@inai.de
- Add baselibs.conf: wxWidgets-32bit depends on libmspack0-32bit
-------------------------------------------------------------------
Mon Jun 24 10:13:52 UTC 2013 - werner@suse.de
- Avoid Source URL for http://www.cabextract.org.uk/ as this does
not work
-------------------------------------------------------------------
Sat Jun 22 17:08:46 UTC 2013 - dimstar@opensuse.org
- Update to version 0.4alpha:
+ This release adds support for the Microsoft Exchange Offline
Address Book (OAB) format, both compressed and incremental
variants.
-------------------------------------------------------------------
Wed Jul 18 18:35:42 UTC 2012 - aj@suse.de
- Remove autoreconf call and libtool buildrequires, they are not
needed anymore.
-------------------------------------------------------------------
Wed Jul 18 19:12:53 CEST 2012 - sbrabec@suse.cz
- Update to version 0.3alpha:
* code cleanup and build system update
* handle corrupted cabinet files better
* handle special cases of cabinet files
- License update: LGPL-2.1 only.
-------------------------------------------------------------------
Mon Feb 27 15:14:56 UTC 2012 - cfarrell@suse.com
- license update: LGPL-2.1+
No indication of GPL-2.0+ code in the package
-------------------------------------------------------------------
Mon Feb 13 10:48:55 UTC 2012 - coolo@suse.com
- patch license to follow spdx.org standard
-------------------------------------------------------------------
Sun Nov 20 20:44:56 UTC 2011 - jengelh@medozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
- Use %_smp_mflags for parallel building
-------------------------------------------------------------------
Sat Nov 19 20:42:31 UTC 2011 - coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
-------------------------------------------------------------------
Wed Dec 22 05:21:45 CET 2010 - andreas.hanke@gmx-topmail.de
- update to version 0.2alpha (#660942):
* matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801
* adds pkg-config support
* obsoletes half of libmspack-warnings.patch
- remove self-obsoletion
- drop -D_POSIX_SOURCE as it breaks the build with this version
- drop empty NEWS file
-------------------------------------------------------------------
Tue Jan 15 17:30:34 CET 2008 - sbrabec@suse.cz
- Applied shared library packaging policy.
- Removed unneeded static library and .la file.
-------------------------------------------------------------------
Fri Oct 20 15:41:06 CEST 2006 - sbrabec@suse.cz
- Updated to version 0.0.20060920alpha:
* Bug fixes.
* Write an mspack_system implementation that can handle normal
disk files, open file handles, open file descriptors and raw
memory all at the same time.
* Added a program for dumping useful data from CHM files.
* Added a new test example which shows an mspack_system
implementation that reads and writes from memory only.
-------------------------------------------------------------------
Wed Jan 25 21:37:34 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Mon Nov 22 11:59:08 CET 2004 - ro@suse.de
- "sed -i" does not work on older distributions
-------------------------------------------------------------------
Wed Apr 14 15:39:48 CEST 2004 - mcihar@suse.cz
- include some documentation
-------------------------------------------------------------------
Wed Apr 14 11:06:06 CEST 2004 - mcihar@suse.cz
- initial packaging