Hello community, here is the log from the commit of package libmspack.3450 for openSUSE:13.1:Update checked in at 2015-02-02 09:18:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1:Update/libmspack.3450 (Old) and /work/SRC/openSUSE:13.1:Update/.libmspack.3450.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libmspack.3450" Changes: -------- New Changes file: --- /dev/null 2014-12-25 22:38:16.200041506 +0100 +++ /work/SRC/openSUSE:13.1:Update/.libmspack.3450.new/libmspack.changes 2015-02-02 09:18:50.000000000 +0100 @@ -0,0 +1,106 @@ +------------------------------------------------------------------- +Tue Jan 20 18:12:19 CET 2015 - [email protected] + +- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556, + libmspack-qtmd_decompress-loop.patch). + +------------------------------------------------------------------- +Mon Jun 24 10:13:52 UTC 2013 - [email protected] + +- Avoid Source URL for http://www.cabextract.org.uk/ as this does + not work + +------------------------------------------------------------------- +Sat Jun 22 17:08:46 UTC 2013 - [email protected] + +- Update to version 0.4alpha: + + This release adds support for the Microsoft Exchange Offline + Address Book (OAB) format, both compressed and incremental + variants. + +------------------------------------------------------------------- +Wed Jul 18 18:35:42 UTC 2012 - [email protected] + +- Remove autoreconf call and libtool buildrequires, they are not + needed anymore. + +------------------------------------------------------------------- +Wed Jul 18 19:12:53 CEST 2012 - [email protected] + +- Update to version 0.3alpha: + * code cleanup and build system update + * handle corrupted cabinet files better + * handle special cases of cabinet files +- License update: LGPL-2.1 only. + +------------------------------------------------------------------- +Mon Feb 27 15:14:56 UTC 2012 - [email protected] + +- license update: LGPL-2.1+ + No indication of GPL-2.0+ code in the package + +------------------------------------------------------------------- +Mon Feb 13 10:48:55 UTC 2012 - [email protected] + +- patch license to follow spdx.org standard + +------------------------------------------------------------------- +Sun Nov 20 20:44:56 UTC 2011 - [email protected] + +- Remove redundant/unwanted tags/section (cf. specfile guidelines) +- Use %_smp_mflags for parallel building + +------------------------------------------------------------------- +Sat Nov 19 20:42:31 UTC 2011 - [email protected] + +- add libtool as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Wed Dec 22 05:21:45 CET 2010 - [email protected] + +- update to version 0.2alpha (#660942): + * matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801 + * adds pkg-config support + * obsoletes half of libmspack-warnings.patch +- remove self-obsoletion +- drop -D_POSIX_SOURCE as it breaks the build with this version +- drop empty NEWS file + +------------------------------------------------------------------- +Tue Jan 15 17:30:34 CET 2008 - [email protected] + +- Applied shared library packaging policy. +- Removed unneeded static library and .la file. + +------------------------------------------------------------------- +Fri Oct 20 15:41:06 CEST 2006 - [email protected] + +- Updated to version 0.0.20060920alpha: + * Bug fixes. + * Write an mspack_system implementation that can handle normal + disk files, open file handles, open file descriptors and raw + memory all at the same time. + * Added a program for dumping useful data from CHM files. + * Added a new test example which shows an mspack_system + implementation that reads and writes from memory only. + +------------------------------------------------------------------- +Wed Jan 25 21:37:34 CET 2006 - [email protected] + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Nov 22 11:59:08 CET 2004 - [email protected] + +- "sed -i" does not work on older distributions + +------------------------------------------------------------------- +Wed Apr 14 15:39:48 CEST 2004 - [email protected] + +- include some documentation + +------------------------------------------------------------------- +Wed Apr 14 11:06:06 CEST 2004 - [email protected] + +- initial packaging + New: ---- libmspack-0.4alpha.tar.gz libmspack-qtmd_decompress-loop.patch libmspack.changes libmspack.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libmspack.spec ++++++ # # spec file for package libmspack # # Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: libmspack Version: 0.4 Release: 0 # "alpha" in the version string just says that it is an alpha version. %define _version %{version}alpha Summary: Library That Implements Different Microsoft Compressions License: LGPL-2.1 Group: System/Libraries Url: http://www.cabextract.org.uk/libmspack/ # Warning, OBS download service does not work at http://www.cabextract.org.uk/ #Source: http://www.cabextract.org.uk/libmspack/%{name}-%{_version}.tar.gz Source: %{name}-%{_version}.tar.gz # PATCH-FIX-SECURITY libmspack-qtmd_decompress-loop.patch bnc912214 CVE-2014-9556 [email protected] -- Fix possible infinite loop caused DoS. Patch: libmspack-qtmd_decompress-loop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config %description The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. Currently the most common formats are implemented. %package -n libmspack0 Summary: Library That Implements Different Microsoft Compressions Group: System/Libraries # OpenSUSE <= 10.3, SLES <= 10: Provides: libmspack = %{version}-%{release} Obsoletes: libmspack < %{version}-%{release} %description -n libmspack0 The purpose of libmspack is to provide both compression and decompression of some loosely related file formats used by Microsoft. Currently the most common formats are implemented. %package devel Summary: Static libraries, header files and documentation for libmspack Group: Development/Libraries/C and C++ Requires: libmspack0 = %{version} %description devel The libmspack-devel package contains the header files and static libraries necessary for developing programs using libmspack. %prep %setup -q -n %{name}-%{_version} %patch -p3 %build %configure\ --disable-static make %{?_smp_mflags} %install %makeinstall rm $RPM_BUILD_ROOT%{_libdir}/*.*a %post -n libmspack0 -p /sbin/ldconfig %postun -n libmspack0 -p /sbin/ldconfig %files -n libmspack0 %defattr(-,root,root) %{_libdir}/*.so.* %doc AUTHORS COPYING.LIB ChangeLog README TODO %files devel %defattr(-,root,root) %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_includedir}/* %changelog ++++++ libmspack-qtmd_decompress-loop.patch ++++++ >From a0449d2079c4ba5822e6567ad7094c10108f16cd Mon Sep 17 00:00:00 2001 From: Sebastian Andrzej Siewior <[email protected]> Date: Tue, 23 Dec 2014 21:20:43 +0100 Subject: libmspack: qtmd: fix frame_end overflow Debian bts #773041, #772891 contains a report of a .cab file which causes an endless loop. Eric Sharkey diagnosed the problem as frame_end is 32bit and overflows and the result the loop makes no progress. The problem seems that after the overflow, window_posn is larger than frame_end and therefore we never enter the loop to make progress. But we still have out_bytes >0 so we don't leave the outer loop either. Andreas Cadhalpun suggested to instead makeing frame_end 64bit, we could avoid the overflow by reordering the code the following way: original, with just out_bytes (without (qtm->o_end - qtm->o_ptr)) | frame_end = window_posn + out_bytes; | if ((window_posn + frame_todo) < frame_end) { | frame_end = window_posn + frame_todo; | } replace frame_end in "if" with its content (and move the first frame_end into the else path) | if ((window_posn + frame_todo) < (window_posn + out_bytes)) | frame_end = window_posn + frame_todo; | else | frame_end = window_posn + out_bytes; remove window_posn from "if" since it is the same both times. | if (frame_todo < out_bytes) | frame_end = window_posn + frame_todo; | else | frame_end = window_posn + out_bytes; Andreas added: |This works, because frame_todo is at most QTM_FRAME_SIZE = 32768. Suggested-as-patch: Andreas Cadhalpun <[email protected]> [sebastian@breakpoint: added patch description] Signed-off-by: Sebastian Andrzej Siewior <[email protected]> --- libclamav/libmspack-0.4alpha/mspack/qtmd.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libclamav/libmspack-0.4alpha/mspack/qtmd.c b/libclamav/libmspack-0.4alpha/mspack/qtmd.c index 12b27f5..e584aef 100644 --- a/libclamav/libmspack-0.4alpha/mspack/qtmd.c +++ b/libclamav/libmspack-0.4alpha/mspack/qtmd.c @@ -296,9 +296,10 @@ int qtmd_decompress(struct qtmd_stream *qtm, off_t out_bytes) { /* decode more, up to the number of bytes needed, the frame boundary, * or the window boundary, whichever comes first */ - frame_end = window_posn + (out_bytes - (qtm->o_end - qtm->o_ptr)); - if ((window_posn + frame_todo) < frame_end) { + if (frame_todo < (out_bytes - (qtm->o_end - qtm->o_ptr))) { frame_end = window_posn + frame_todo; + } else { + frame_end = window_posn + (out_bytes - (qtm->o_end - qtm->o_ptr)); } if (frame_end > qtm->window_size) { frame_end = qtm->window_size; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
