Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

mspack-tools-0.6-3.14.1 RPM for ppc64le

From OpenSuSE Leap 15.5 for ppc64le

Name: mspack-tools Distribution: SUSE Linux Enterprise 15
Version: 0.6 Vendor: SUSE LLC <https://www.suse.com/>
Release: 3.14.1 Build date: Fri Jan 7 11:00:47 2022
Group: Productivity/File utilities Build host: mourvedre
Size: 271072 Source RPM: libmspack-0.6-3.14.1.src.rpm
Packager: https://www.suse.com/
Url: http://www.cabextract.org.uk/libmspack/
Summary: Library That Implements Different Microsoft Compressions
 
The purpose of libmspack is to provide both compression and
decompression of some loosely related file formats used by Microsoft.
Currently the most common formats are implemented.

This subpacke provides useful programs that make use of libmspack.
 * cabrip     - Extracts any CAB files embedded in another file.
 * chmextract - Extracts all files in a CHM file to disk.
 * msexpand   - Expands an SZDD or KWAJ file.
 * oabextract - Extracts an Exchange Offline Address Book (.LZX) file.

Provides

Requires

License

LGPL-2.1

Changelog

* Wed Jan 05 2022 danilo.spinella@suse.com
  - chmextract.c add anti "../" and leading slash protection to chmextract
    (CVE-2018-18586.patch, bsc#1113040)
    * cve-2018-18586.patch
* Wed Jul 14 2021 danilo.spinella@suse.com
  - There is an off-by-one error in the CHM PMGI/PMGL chunk number validity
    checks, which could lead to denial of service
    (CVE-2018-14679, bsc#1103032)
    * libmspack-CVE-2018-14679.patch
  - Bad KWAJ file header extensions could cause a one or two byte overwrite
    (CVE-2018-14681, bsc#1103032).
    * libmspack-CVE-2018-14681.patch
  - There is an off-by-one error in the TOLOWER() macro for CHM decompression
    (CVE-2018-14682, bsc#1103032).
    * libmspack-CVE-2018-14682.patch
* Mon Nov 04 2019 kstreitova@suse.com
  - add libmspack-0.6alpha-CVE-2019-1010305.patch to fix a buffer
    overflow in chmd_read_headers(): a CHM file name beginning "::"
    but shorter than 33 bytes will lead to reading past the
    freshly-allocated name buffer - checks for specific control
    filenames didn't take length into account [bsc#1141680]
    [CVE-2019-1010305]
* Fri Mar 29 2019 mcalabkova@suse.com
  - Enable build-time tests (bsc#1130489)
    * Added patch libmspack-failing-tests.patch
* Fri Oct 26 2018 mcalabkova@suse.com
  - Added patches:
    * libmspack-resize-buffer.patch -- CAB block input buffer is one
      byte too small for maximal Quantum block.
    * libmspack-fix-bounds-checking.patch --  Fix off-by-one bounds
      check on CHM PMGI/PMGL chunk numbers and reject empty filenames.
    * libmspack-reject-blank-filenames.patch -- Avoid returning CHM
      file entries that are "blank" because they have embedded null
      bytes.
    * (the last two patches were modified by removing unneeded part
      in order to make them more independent)
  - Fixed bugs:
    * CVE-2018-18584 (bsc#1113038)
    * CVE-2018-18585 (bsc#1113039)
* Fri Jan 19 2018 adam.majer@suse.de
  - Correct mspack-tools group to Productivity/File utilities
* Tue Jan 16 2018 jengelh@inai.de
  - Correct SRPM group.
* Tue Jan 16 2018 mardnh@gmx.de
  - Fix typo
* Mon Jan 15 2018 mardnh@gmx.de
  - Update to version 0.6
    * read_spaninfo(): a CHM file can have no ResetTable and have a
    negative length in SpanInfo, which then feeds a negative output
    length to lzxd_init(), which then sets frame_size to a value of
    your choosing, the lower 32 bits of output length, larger than
    LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
    writes data beyond the end of the window.
    This issue was raised by ClamAV as CVE-2017-6419.
    * lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
    issue mentioned above, these functions now reject negative lengths
    * cabd_read_string(): add missing error check on result of read().
    If an mspack_system implementation returns an error, it's
    interpreted as a huge positive integer, which leads to reading
    past the end of the stack-based buffer.
    This issue was raised by ClamAV as CVE-2017-11423
  - Add subpackage for helper tools
  - Run spec-cleaner
* Fri Feb 27 2015 sbrabec@suse.cz
  - Remove problematic libmspack-qtmd_decompress-loop.patch
    (bnc#912214#c10).
    Version 0.5 has a correct fix dated 2015-01-05.
* Wed Feb 11 2015 p.drouand@gmail.com
  - Update to version 0.5
    * Please read the changelog; too many things to list
* Tue Jan 20 2015 sbrabec@suse.cz
  - Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,
    libmspack-qtmd_decompress-loop.patch).

Files

/usr/bin/cabrip
/usr/bin/chmextract
/usr/bin/msexpand
/usr/bin/oabextract

Generated by rpm2html 1.8.1

Fabrice Bellet, Sun Mar 9 13:15:26 2025