Hello community, here is the log from the commit of package libmspack for openSUSE:Factory checked in at 2018-01-19 11:47:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libmspack (Old) and /work/SRC/openSUSE:Factory/.libmspack.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libmspack" Fri Jan 19 11:47:31 2018 rev:25 rq:566588 version:0.6 Changes: -------- --- /work/SRC/openSUSE:Factory/libmspack/libmspack.changes 2015-03-05 18:15:51.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libmspack.new/libmspack.changes 2018-01-19 11:47:34.079605585 +0100 @@ -1,0 +2,34 @@ +Tue Jan 16 21:40:41 UTC 2018 - jeng...@inai.de + +- Correct SRPM group. + +------------------------------------------------------------------- +Tue Jan 16 19:07:45 UTC 2018 - mar...@gmx.de + +- Fix typo + +------------------------------------------------------------------- +Mon Jan 15 14:27:41 UTC 2018 - mar...@gmx.de + +- Update to version 0.6 + * read_spaninfo(): a CHM file can have no ResetTable and have a + negative length in SpanInfo, which then feeds a negative output + length to lzxd_init(), which then sets frame_size to a value of + your choosing, the lower 32 bits of output length, larger than + LZX_FRAME_SIZE. If the first LZX block is uncompressed, this + writes data beyond the end of the window. + This issue was raised by ClamAV as CVE-2017-6419. + + * lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the + issue mentioned above, these functions now reject negative lengths + + * cabd_read_string(): add missing error check on result of read(). + If an mspack_system implementation returns an error, it's + interpreted as a huge positive integer, which leads to reading + past the end of the stack-based buffer. + This issue was raised by ClamAV as CVE-2017-11423 + +- Add subpackage for helper tools +- Run spec-cleaner + +------------------------------------------------------------------- Old: ---- libmspack-0.5alpha.tar.gz New: ---- libmspack-0.6alpha.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libmspack.spec ++++++ --- /var/tmp/diff_new_pack.ELCx5l/_old 2018-01-19 11:47:35.219551834 +0100 +++ /var/tmp/diff_new_pack.ELCx5l/_new 2018-01-19 11:47:35.219551834 +0100 @@ -1,7 +1,7 @@ # # spec file for package libmspack # -# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,21 +16,18 @@ # -Name: libmspack -Version: 0.5 -Release: 0 # "alpha" in the version string just says that it is an alpha version. %define _version %{version}alpha +Name: libmspack +Version: 0.6 +Release: 0 Summary: Library That Implements Different Microsoft Compressions License: LGPL-2.1 -Group: System/Libraries +Group: Development/Libraries/C and C++ Url: http://www.cabextract.org.uk/libmspack/ -# Warning, OBS download service does not work at http://www.cabextract.org.uk/ -#Source: http://www.cabextract.org.uk/libmspack/%{name}-%{_version}.tar.gz -Source: %{name}-%{_version}.tar.gz +Source: http://www.cabextract.org.uk/libmspack/%{name}-%{_version}.tar.gz Source2: baselibs.conf -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: pkg-config +BuildRequires: pkgconfig %description The purpose of libmspack is to provide both compression and @@ -39,8 +36,8 @@ %package -n libmspack0 Summary: Library That Implements Different Microsoft Compressions -Group: System/Libraries # OpenSUSE <= 10.3, SLES <= 10: +Group: System/Libraries Provides: libmspack = %{version}-%{release} Obsoletes: libmspack < %{version}-%{release} @@ -58,6 +55,22 @@ The libmspack-devel package contains the header files and static libraries necessary for developing programs using libmspack. +%package -n mspack-tools +Summary: Library That Implements Different Microsoft Compressions +Group: System/Libraries + +%description -n mspack-tools +The purpose of libmspack is to provide both compression and +decompression of some loosely related file formats used by Microsoft. +Currently the most common formats are implemented. + +This subpacke provides useful programs that make use of libmspack. + * cabrip - Extracts any CAB files embedded in another file. + * chmextract - Extracts all files in a CHM file to disk. + * msexpand - Expands an SZDD or KWAJ file. + * oabextract - Extracts an Exchange Offline Address Book (.LZX) file. + + %prep %setup -q -n %{name}-%{_version} @@ -67,20 +80,23 @@ make %{?_smp_mflags} %install -%makeinstall -rm $RPM_BUILD_ROOT%{_libdir}/*.*a +%make_install +rm %{buildroot}%{_libdir}/*.*a %post -n libmspack0 -p /sbin/ldconfig - %postun -n libmspack0 -p /sbin/ldconfig +%files -n mspack-tools +%{_bindir}/cabrip +%{_bindir}/chmextract +%{_bindir}/msexpand +%{_bindir}/oabextract + %files -n libmspack0 -%defattr(-,root,root) -%{_libdir}/*.so.* %doc AUTHORS COPYING.LIB ChangeLog README TODO +%{_libdir}/*.so.* %files devel -%defattr(-,root,root) %{_libdir}/*.so %{_libdir}/pkgconfig/*.pc %{_includedir}/* ++++++ libmspack-0.5alpha.tar.gz -> libmspack-0.6alpha.tar.gz ++++++ ++++ 42779 lines of diff (skipped)