Hello community, here is the log from the commit of package libmspack for openSUSE:Factory checked in at 2018-11-06 14:03:38 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libmspack (Old) and /work/SRC/openSUSE:Factory/.libmspack.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libmspack" Tue Nov 6 14:03:38 2018 rev:27 rq:644177 version:0.8 Changes: -------- --- /work/SRC/openSUSE:Factory/libmspack/libmspack.changes 2018-01-21 15:47:15.622732361 +0100 +++ /work/SRC/openSUSE:Factory/.libmspack.new/libmspack.changes 2018-11-06 14:03:41.515507416 +0100 @@ -1,0 +2,24 @@ +Tue Oct 23 17:51:23 UTC 2018 - sbrabec@suse.com + +- Update to version 0.8: + * New parameter MSCABD_PARAM_SALVAGE which permits salvaging + badly damaged files rather than rejecting them outright. + * Fix the above 38912-byte Quantum CAB block bug. + * Reject blank CHM filenames that are blank because they have + embedded null bytes. + * chmextract: Protect from absolute/relative pathnames in CHM + files. + +------------------------------------------------------------------- +Mon Jul 30 16:59:22 CEST 2018 - sbrabec@suse.com + +- Update to version 0.7 (bsc#1103032): + * Fix 1 or 2 byte overwrite by bad KWAJ file header extensions + (CVE-2018-14681). + * Fix 1 byte overread by character U+0100 in a CHM filename + (CVE-2018-14682). + * Reject blank CHM filenames (CVE-2018-14680). + * Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks, + which could cause a crash (CVE-2018-14679). + +------------------------------------------------------------------- Old: ---- libmspack-0.6alpha.tar.gz New: ---- libmspack-0.8alpha.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libmspack.spec ++++++ --- /var/tmp/diff_new_pack.j5Nzib/_old 2018-11-06 14:03:42.063506701 +0100 +++ /var/tmp/diff_new_pack.j5Nzib/_new 2018-11-06 14:03:42.063506701 +0100 @@ -19,13 +19,13 @@ # "alpha" in the version string just says that it is an alpha version. %define _version %{version}alpha Name: libmspack -Version: 0.6 +Version: 0.8 Release: 0 Summary: Library That Implements Different Microsoft Compressions -License: LGPL-2.1 +License: LGPL-2.1-only Group: Development/Libraries/C and C++ -Url: http://www.cabextract.org.uk/libmspack/ -Source: http://www.cabextract.org.uk/libmspack/%{name}-%{_version}.tar.gz +URL: https://www.cabextract.org.uk/libmspack/ +Source: https://www.cabextract.org.uk/libmspack/%{name}-%{_version}.tar.gz Source2: baselibs.conf BuildRequires: pkgconfig @@ -36,10 +36,7 @@ %package -n libmspack0 Summary: Library That Implements Different Microsoft Compressions -# OpenSUSE <= 10.3, SLES <= 10: Group: System/Libraries -Provides: libmspack = %{version}-%{release} -Obsoletes: libmspack < %{version}-%{release} %description -n libmspack0 The purpose of libmspack is to provide both compression and @@ -70,7 +67,6 @@ * msexpand - Expands an SZDD or KWAJ file. * oabextract - Extracts an Exchange Offline Address Book (.LZX) file. - %prep %setup -q -n %{name}-%{_version} @@ -93,7 +89,9 @@ %{_bindir}/oabextract %files -n libmspack0 -%doc AUTHORS COPYING.LIB ChangeLog README TODO +%license COPYING.LIB +# NEWS is empty +%doc AUTHORS ChangeLog README TODO %{_libdir}/*.so.* %files devel ++++++ libmspack-0.6alpha.tar.gz -> libmspack-0.8alpha.tar.gz ++++++ ++++ 5329 lines of diff (skipped)