| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: libmspack0 | Distribution: openSUSE Leap 15.2 |
| Version: 0.6 | Vendor: openSUSE |
| Release: lp152.5.1 | Build date: Mon Jun 1 12:12:00 2020 |
| Group: System/Libraries | Build host: build82 |
| Size: 131496 | Source RPM: libmspack-0.6-lp152.5.1.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: http://www.cabextract.org.uk/libmspack/ | |
| Summary: Library That Implements Different Microsoft Compressions | |
The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. Currently the most common formats are implemented.
LGPL-2.1
* Mon Nov 04 2019 Kristyna Streitova <kstreitova@suse.com>
- add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
overflow in chmd_read_headers(): a CHM file name beginning "::"
but shorter than 33 bytes will lead to reading past the
freshly-allocated name buffer - checks for specific control
filenames didn't take length into account [bsc#1141680]
[CVE-2019-1010305]
* Fri Mar 29 2019 Marketa Calabkova <mcalabkova@suse.com>
- Enable build-time tests (bsc#1130489)
* Added patch libmspack-failing-tests.patch
* Fri Oct 26 2018 Marketa Calabkova <mcalabkova@suse.com>
- Added patches:
* libmspack-resize-buffer.patch -- CAB block input buffer is one
byte too small for maximal Quantum block.
* libmspack-fix-bounds-checking.patch -- Fix off-by-one bounds
check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
* libmspack-reject-blank-filenames.patch -- Avoid returning CHM
file entries that are "blank" because they have embedded null
bytes.
* (the last two patches were modified by removing unneeded part
in order to make them more independent)
- Fixed bugs:
* CVE-2018-18584 (bsc#1113038)
* CVE-2018-18585 (bsc#1113039)
* Fri Jan 19 2018 adam.majer@suse.de
- Correct mspack-tools group to Productivity/File utilities
* Tue Jan 16 2018 jengelh@inai.de
- Correct SRPM group.
* Tue Jan 16 2018 mardnh@gmx.de
- Fix typo
* Mon Jan 15 2018 mardnh@gmx.de
- Update to version 0.6
* read_spaninfo(): a CHM file can have no ResetTable and have a
negative length in SpanInfo, which then feeds a negative output
length to lzxd_init(), which then sets frame_size to a value of
your choosing, the lower 32 bits of output length, larger than
LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
writes data beyond the end of the window.
This issue was raised by ClamAV as CVE-2017-6419.
* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
issue mentioned above, these functions now reject negative lengths
* cabd_read_string(): add missing error check on result of read().
If an mspack_system implementation returns an error, it's
interpreted as a huge positive integer, which leads to reading
past the end of the stack-based buffer.
This issue was raised by ClamAV as CVE-2017-11423
- Add subpackage for helper tools
- Run spec-cleaner
* Fri Feb 27 2015 sbrabec@suse.cz
- Remove problematic libmspack-qtmd_decompress-loop.patch
(bnc#912214#c10).
Version 0.5 has a correct fix dated 2015-01-05.
* Wed Feb 11 2015 p.drouand@gmail.com
- Update to version 0.5
* Please read the changelog; too many things to list
* Tue Jan 20 2015 sbrabec@suse.cz
- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,
libmspack-qtmd_decompress-loop.patch).
/usr/lib64/libmspack.so.0 /usr/lib64/libmspack.so.0.1.0 /usr/share/doc/packages/libmspack0 /usr/share/doc/packages/libmspack0/AUTHORS /usr/share/doc/packages/libmspack0/COPYING.LIB /usr/share/doc/packages/libmspack0/ChangeLog /usr/share/doc/packages/libmspack0/README /usr/share/doc/packages/libmspack0/TODO
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Jul 9 11:31:35 2024