Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
libmspack
libmspack.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libmspack.changes of Package libmspack
------------------------------------------------------------------- Thu Oct 27 17:02:26 UTC 2022 - David Anes <david.anes@suse.com> - Security fix: * chmx.c add anti "../" and leading slash protection to chmextract (CVE-2018-18586.patch, bsc#1113040) * Added patch libmspack-CVE-2018-18586.patch ------------------------------------------------------------------- Wed Jul 14 14:25:08 UTC 2021 - Danilo Spinella <danilo.spinella@suse.com> - Bad KWAJ file header extensions could cause a one or two byte overwrite (CVE-2018-14681, bsc#1103032). * libmspack-CVE-2018-14681.patch - There is an off-by-one error in the TOLOWER() macro for CHM decompression (CVE-2018-14682, bsc#1103032). * libmspack-CVE-2018-14682.patch ------------------------------------------------------------------- Mon Nov 4 14:03:48 UTC 2019 - Kristyna Streitova <kstreitova@suse.com> - add libmspack-0.4alpha-CVE-2019-1010305.patch to fix a buffer overflow in chmd_read_headers(): a CHM file name beginning "::" but shorter than 33 bytes will lead to reading past the freshly-allocated name buffer - checks for specific control filenames didn't take length into account [bsc#1141680] [CVE-2019-1010305] ------------------------------------------------------------------- Fri Mar 29 09:40:11 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com> - Enable build-time tests (bsc#1130489) ------------------------------------------------------------------- Fri Oct 26 12:27:43 UTC 2018 - Marketa Calabkova <mcalabkova@suse.com> - Added patches: * libmspack-resize-buffer.patch -- CAB block input buffer is one byte too small for maximal Quantum block. * libmspack-fix-bounds-checking.patch -- Fix off-by-one bounds check on CHM PMGI/PMGL chunk numbers and reject empty filenames. * libmspack-reject-blank-filenames.patch -- Avoid returning CHM file entries that are "blank" because they have embedded null bytes. * (the last two patches were modified by removing unneeded part in order to make them more independent) - Fixed bugs: * CVE-2018-18584 (bsc#1113038) * CVE-2018-18585 (bsc#1113039) ------------------------------------------------------------------- Mon Jun 15 21:03:33 CEST 2015 - sbrabec@suse.com - Fix zero dereference (bsc#934524, CVE-2014-9732, libmspack-cabd_extract-null-deref.patch). - Added security fixes from Debian: * Added (slightly modified/split) patches from Jakub Wilk to fix programmation errors causing segfaults and security issues: - fix-division-by-zero.patch (bsc#934525, Debian#774725, CVE-2015-4467) - fix-pointer-arithmetic-overflow.patch (bsc#934526, Debian#774726, CVE-2015-4468), with updates including later upstream fixes. - fix-name-field-boundaries.patch (bsc#934526, CVE-2015-4469), with updates including later upstream fixes. - Fix off by one (bsc#934527, CVE-2015-4470, libmspack-mszipd-inflate-off-by-one.patch). - Fix buffer underread crash (bsc#934528, CVE-2015-4471, libmspack-lzxd_decompress-underread.patch). - Fix one off (bsc#934529, CVE-2015-4472, libmspack-chmd-READ_ENCINT-one-off.patch). ------------------------------------------------------------------- Fri Feb 27 18:08:17 CET 2015 - sbrabec@suse.cz - Replace problematic libmspack-qtmd_decompress-loop.patch from clamav by the mainline fix (bnc#912214#c10). ------------------------------------------------------------------- Tue Jan 20 18:12:19 CET 2015 - sbrabec@suse.cz - Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556, libmspack-qtmd_decompress-loop.patch). ------------------------------------------------------------------- Mon Jun 24 10:13:52 UTC 2013 - werner@suse.de - Avoid Source URL for http://www.cabextract.org.uk/ as this does not work ------------------------------------------------------------------- Sat Jun 22 17:08:46 UTC 2013 - dimstar@opensuse.org - Update to version 0.4alpha: + This release adds support for the Microsoft Exchange Offline Address Book (OAB) format, both compressed and incremental variants. ------------------------------------------------------------------- Wed Jul 18 18:35:42 UTC 2012 - aj@suse.de - Remove autoreconf call and libtool buildrequires, they are not needed anymore. ------------------------------------------------------------------- Wed Jul 18 19:12:53 CEST 2012 - sbrabec@suse.cz - Update to version 0.3alpha: * code cleanup and build system update * handle corrupted cabinet files better * handle special cases of cabinet files - License update: LGPL-2.1 only. ------------------------------------------------------------------- Mon Feb 27 15:14:56 UTC 2012 - cfarrell@suse.com - license update: LGPL-2.1+ No indication of GPL-2.0+ code in the package ------------------------------------------------------------------- Mon Feb 13 10:48:55 UTC 2012 - coolo@suse.com - patch license to follow spdx.org standard ------------------------------------------------------------------- Sun Nov 20 20:44:56 UTC 2011 - jengelh@medozas.de - Remove redundant/unwanted tags/section (cf. specfile guidelines) - Use %_smp_mflags for parallel building ------------------------------------------------------------------- Sat Nov 19 20:42:31 UTC 2011 - coolo@suse.com - add libtool as buildrequire to avoid implicit dependency ------------------------------------------------------------------- Wed Dec 22 05:21:45 CET 2010 - andreas.hanke@gmx-topmail.de - update to version 0.2alpha (#660942): * matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801 * adds pkg-config support * obsoletes half of libmspack-warnings.patch - remove self-obsoletion - drop -D_POSIX_SOURCE as it breaks the build with this version - drop empty NEWS file ------------------------------------------------------------------- Tue Jan 15 17:30:34 CET 2008 - sbrabec@suse.cz - Applied shared library packaging policy. - Removed unneeded static library and .la file. ------------------------------------------------------------------- Fri Oct 20 15:41:06 CEST 2006 - sbrabec@suse.cz - Updated to version 0.0.20060920alpha: * Bug fixes. * Write an mspack_system implementation that can handle normal disk files, open file handles, open file descriptors and raw memory all at the same time. * Added a program for dumping useful data from CHM files. * Added a new test example which shows an mspack_system implementation that reads and writes from memory only. ------------------------------------------------------------------- Wed Jan 25 21:37:34 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Mon Nov 22 11:59:08 CET 2004 - ro@suse.de - "sed -i" does not work on older distributions ------------------------------------------------------------------- Wed Apr 14 15:39:48 CEST 2004 - mcihar@suse.cz - include some documentation ------------------------------------------------------------------- Wed Apr 14 11:06:06 CEST 2004 - mcihar@suse.cz - initial packaging
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor