Changelog for libmspack0-0.9.1-113.1.x86_64.rpm :
Wed Nov 7 13:00:00 2018
- Update to version 0.9.1:

* Fix bug in decompressing data to get to the correct folder
offset when the folder is LZX compressed (0.8 regression).

* Build system cleanup

* Testsuite available

* Does not install testing tools and examples by default.
- Rename mspack-tools to mspack-examples to follow upstream change.

Tue Oct 23 14:00:00 2018
- Update to version 0.8:

* New parameter MSCABD_PARAM_SALVAGE which permits salvaging
badly damaged files rather than rejecting them outright.

* Fix the above 38912-byte Quantum CAB block bug.

* Reject blank CHM filenames that are blank because they have
embedded null bytes.

* chmextract: Protect from absolute/relative pathnames in CHM

Mon Jul 30 14:00:00 2018
- Update to version 0.7 (bsc#1103032):

* Fix 1 or 2 byte overwrite by bad KWAJ file header extensions

* Fix 1 byte overread by character U+0100 in a CHM filename

* Reject blank CHM filenames (CVE-2018-14680).

* Fix off-by-1 in CHM PMGI/PMGL chunk number validity checks,
which could cause a crash (CVE-2018-14679).

Fri Jan 19 13:00:00 2018
- Correct mspack-tools group to Productivity/File utilities

Tue Jan 16 13:00:00 2018
- Correct SRPM group.

Tue Jan 16 13:00:00 2018
- Fix typo

Mon Jan 15 13:00:00 2018
- Update to version 0.6

* read_spaninfo(): a CHM file can have no ResetTable and have a
negative length in SpanInfo, which then feeds a negative output
length to lzxd_init(), which then sets frame_size to a value of
your choosing, the lower 32 bits of output length, larger than
LZX_FRAME_SIZE. If the first LZX block is uncompressed, this
writes data beyond the end of the window.
This issue was raised by ClamAV as CVE-2017-6419.

* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the
issue mentioned above, these functions now reject negative lengths

* cabd_read_string(): add missing error check on result of read().
If an mspack_system implementation returns an error, it\'s
interpreted as a huge positive integer, which leads to reading
past the end of the stack-based buffer.
This issue was raised by ClamAV as CVE-2017-11423
- Add subpackage for helper tools
- Run spec-cleaner

Fri Feb 27 13:00:00 2015
- Remove problematic libmspack-qtmd_decompress-loop.patch
Version 0.5 has a correct fix dated 2015-01-05.

Wed Feb 11 13:00:00 2015
- Update to version 0.5

* Please read the changelog; too many things to list

Tue Jan 20 13:00:00 2015
- Fix possible infinite loop caused DoS (bnc912214, CVE-2014-9556,

Fri Apr 4 14:00:00 2014
- Add baselibs.conf: wxWidgets-32bit depends on libmspack0-32bit

Mon Jun 24 14:00:00 2013
- Avoid Source URL for as this does
not work

Sat Jun 22 14:00:00 2013
- Update to version 0.4alpha:
+ This release adds support for the Microsoft Exchange Offline
Address Book (OAB) format, both compressed and incremental

Wed Jul 18 14:00:00 2012
- Remove autoreconf call and libtool buildrequires, they are not
needed anymore.

Wed Jul 18 14:00:00 2012
- Update to version 0.3alpha:

* code cleanup and build system update

* handle corrupted cabinet files better

* handle special cases of cabinet files
- License update: LGPL-2.1 only.

Mon Feb 27 13:00:00 2012
- license update: LGPL-2.1+
No indication of GPL-2.0+ code in the package

Mon Feb 13 13:00:00 2012
- patch license to follow standard

Sun Nov 20 13:00:00 2011
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
- Use %_smp_mflags for parallel building

Sat Nov 19 13:00:00 2011
- add libtool as buildrequire to avoid implicit dependency

Wed Dec 22 13:00:00 2010
- update to version 0.2alpha (#660942):

* matches cabextract-1.3, fixing CVE-2010-2800 and CVE-2010-2801

* adds pkg-config support

* obsoletes half of libmspack-warnings.patch
- remove self-obsoletion
- drop -D_POSIX_SOURCE as it breaks the build with this version
- drop empty NEWS file