------------------------------------------------------------------- Mon Nov 4 14:21:19 UTC 2019 - Kristyna Streitova - add libmspack-CVE-2019-1010305.patch to fix a buffer overflow in chmd_read_headers(): a CHM file name beginning "::" but shorter than 33 bytes will lead to reading past the freshly-allocated name buffer - checks for specific control filenames didn't take length into account [bsc#1141680] [CVE-2019-1010305] ------------------------------------------------------------------- Fri Oct 26 12:15:09 UTC 2018 - Marketa Calabkova - Added patches: * libmspack-resize-buffer.patch -- CAB block input buffer is one byte too small for maximal Quantum block. * libmspack-reject-blank-filenames.patch -- Avoid returning CHM file entries that are "blank" because they have embedded null bytes. - Fixed bugs: * CVE-2018-18584 (bsc#1113038) * CVE-2018-18585 (bsc#1113039) ------------------------------------------------------------------- Thu Oct 12 19:30:51 UTC 2017 - mlatimer@suse.com - Add a pkgconfig file for use with libmspack-devel (bsc#1063072, libmspack-add-pkgconfig.patch) ------------------------------------------------------------------- Tue Jun 16 20:33:21 CEST 2015 - sbrabec@suse.com - Fix zero dereference (bsc#934524, CVE-2014-9732, libmspack-cabd_extract-null-deref.patch). - Added security fixes from Debian: * Added (slightly modified/split) patches from Jakub Wilk to fix programmation errors causing segfaults and security issues: - fix-division-by-zero.patch (bsc#934525, Debian#774725, CVE-2015-4467) with updates including later upstream fixes. - fix-name-field-boundaries.patch (bsc#934526, CVE-2015-4469), with updates including later upstream fixes. - Fix off by one (bsc#934527, CVE-2015-4470, libmspack-mszipd-inflate-off-by-one.patch). - Fix buffer underread crash (bsc#934528, CVE-2015-4471, libmspack-lzxd_decompress-underread.patch). - Fix one off (bsc#934529, CVE-2015-4472, libmspack-chmd-READ_ENCINT-one-off.patch). ------------------------------------------------------------------- Fri Feb 27 21:21:28 CET 2015 - sbrabec@suse.cz - Replace problematic libmspack-qtmd_decompress-loop.patch from clamav by the mainline fix (bnc#912214#c10). - Fix License to LGPL-2.1. ------------------------------------------------------------------- Tue Jan 20 18:12:19 CET 2015 - sbrabec@suse.cz - Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556, libmspack-qtmd_decompress-loop.patch). ------------------------------------------------------------------- Tue Jan 15 17:30:34 CET 2008 - sbrabec@suse.cz - Applied shared library packaging policy. - Removed unneeded static library and .la file. ------------------------------------------------------------------- Fri Oct 20 15:41:06 CEST 2006 - sbrabec@suse.cz - Updated to version 0.0.20060920alpha: * Bug fixes. * Write an mspack_system implementation that can handle normal disk files, open file handles, open file descriptors and raw memory all at the same time. * Added a program for dumping useful data from CHM files. * Added a new test example which shows an mspack_system implementation that reads and writes from memory only. ------------------------------------------------------------------- Wed Jan 25 21:37:34 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Mon Nov 22 11:59:08 CET 2004 - ro@suse.de - "sed -i" does not work on older distributions ------------------------------------------------------------------- Wed Apr 14 15:39:48 CEST 2004 - mcihar@suse.cz - include some documentation ------------------------------------------------------------------- Wed Apr 14 11:06:06 CEST 2004 - mcihar@suse.cz - initial packaging