Changes:
- Security fix for extract_chmLib. Pathnames containing a ".." element
will not be extracted. There doesn't seem to be a legitimate reason
to use ".." as a path element in a chm file.
http://secunia.com/advisories/20734/
- Fix for reading some chm files. Running over a large directory of chm
files, about 1% of them turned out to be unreadable. This resulted
from an incomplete understanding of one of the header fields
(index_root). Apparently, this can take negative values other than -1.
Another stack overflow has been fixed, this one reported by Sven Tantau.
The stack overflow is trivially exploitable to run arbitrary code.
Additionally, the Makefile.in was fixed so that "make install" does the
right thing. Previously, it was not working properly, and the examples
would subsequently fail to build.
Changes:
- Major security fix (iDEFENSE Security Advisory IDEF1099 - Stack Overflow
Vulnerability)
- Major security fix from Palasik Sandor (LZX decompression buffer overrun)
- Bugfix/enhancement from David Huseby to make the "what" flags to
chm_enumerate work correctly, and to pass the flags along to the callback
function (via the chmUnitInfo structure) so that the callback doesn't
need to re-parse the filename.
- Compilation fixes for x86-64 from Vitaly V. Bursov.
- Miscellaneous fixes to the configure script, including some significant
cleanup by Vadim Zeitlin. The changes from Vadim should also allow the
configure script to correctly configure the build on OS X, where it was
previously failing to note that pread64 doesn't work.
- Minor update to the Makefile.in to do a mkdir before the install, in case
the specified INSTALLPREFIX directory is non-existent
Changes:
- UTF-8 filenames, while still not handled correctly, are handled a little
more gracefully. That is to say, the library doesn't fail to open files
with filenames using characters outside the ASCII subset. I'm very
interested in any information as to the "right" way to handle filenames
of this sort.
- Files not containing a compressed section are handled properly, such as
.chw files. These files seem to contain information about compression,
but the information is invalid or empty. The library deals gracefully
with this now.
- Files compressed with different options were not being decompressed
properly. In particular, if the "reset interval" for the compressed
section was other than 2 block sizes, it could fail to read some of the
files.
- The caching system was improved slightly, in conjunction with this
previous bugfix.
from pkgsrc-wip (by xtraeme@).
CHMLIB is a library for dealing with Microsoft ITSS/CHM format
files. Right now, it is a very simple library, but sufficient for
dealing with all of the .chm files I've come across. Due to the
fairly well-designed indexing built into this particular file
format, even a small library is able to gain reasonably good
performance indexing into ITSS archives. Since the last version
there have been major bugfixes, portability improvements, and minor
feature additions.
