* Mon Feb 06 2023 info@paolostivanin.com
- Update to version 0.11:
* see https://github.com/kyz/libmspack/blob/master/libmspack/ChangeLog
for a full changelog
* Wed Mar 06 2019 mardnh@gmx.de
- Update to version 0.10.1
* Bugfix release, no functional changes
* Mon Mar 04 2019 mardnh@gmx.de
- Update to version 0.10:
* Fix Heap buffer overflow in chmd_read_headers()
* Fix memory exhausted in chmd_read_headers()
* Fix memory exhausted in oabd_decompress()
* Wed Nov 07 2018 sbrabec@suse.com
- Update to version 0.9.1:
* Fix bug in decompressing data to get to the correct folder
offset when the folder is LZX compressed (0.8 regression).
* Build system cleanup
* Testsuite available
* Does not install testing tools and examples by default.
- Rename mspack-tools to mspack-examples to follow upstream change.
* Tue Oct 23 2018 sbrabec@suse.com
- Update to version 0.8:
* New parameter MSCABD_PARAM_SALVAGE which permits salvaging
badly damaged files rather than rejecting them outright.
* Fix the above 38912-byte Quantum CAB block bug.
* Reject blank CHM filenames that are blank because they have
embedded null bytes.
* chmextract: Protect from absolute/relative pathnames in CHM
files.
* Mon Jul 30 2018 sbrabec@suse.com
- Update to version 0.7 (bsc#1103032):
* Fix 1 or 2 byte overwrite by bad KWAJ file header extensions
(CVE-2018-14681).
* Fix 1 byte overread by character U+0100 in a CHM filename
(CVE-2018-14682).
* Reject blank CHM filenames (CVE-2018-14680).
* Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
which could cause a crash (CVE-2018-14679).
* Fri Jan 19 2018 adam.majer@suse.de
- Correct mspack-tools group to Productivity/File utilities
* Tue Jan 16 2018 jengelh@inai.de
- Correct SRPM group.
* Tue Jan 16 2018 mardnh@gmx.de
- Fix typo
* Mon Jan 15 2018 mardnh@gmx.de
- Update to version 0.6
* read_spaninfo(): a CHM file can have no ResetTable and have a
negative length in SpanInfo, which then feeds a negative output
length to lzxd_init(), which then sets frame_size to a value of
your choosing, the lower 32 bits of output length, larger than
LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
writes data beyond the end of the window.
This issue was raised by ClamAV as CVE-2017-6419.
* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
issue mentioned above, these functions now reject negative lengths
* cabd_read_string(): add missing error check on result of read().
If an mspack_system implementation returns an error, it's
interpreted as a huge positive integer, which leads to reading
past the end of the stack-based buffer.
This issue was raised by ClamAV as CVE-2017-11423
- Add subpackage for helper tools
- Run spec-cleaner