libmspack: update to 0.7alpha.

2018-04-26  Stuart Caie <kyzer@cabextract.org.uk>

	* read_chunk(): the test that chunk numbers are in bounds was off
	by one, so read_chunk() returned a pointer taken from outside
	allocated memory that usually crashes libmspack when accessed.
	Thanks to Hanno B旦ck for finding the issue and providing a sample.

	* chmd_read_headers(): reject files with blank filenames. Thanks
	again to Hanno B旦ck for finding the issue and providing a sample file.

2018-02-06  Stuart Caie <kyzer@cabextract.org.uk>

	* chmd.c: fixed an off-by-one error in the TOLOWER() macro, reported
	by Dmitry Glavatskikh. Thanks Dmitry!

2017-11-26  Stuart Caie <kyzer@cabextract.org.uk>

	* kwajd_read_headers(): fix up the logic of reading the filename and
	extension headers to avoid a one or two byte overwrite. Thanks to
	Jakub Wilk for finding the issue.

	* test/kwajd_test.c: add tests for KWAJ filename.ext handling

2017-10-16  Stuart Caie <kyzer@cabextract.org.uk>

	* test/cabd_test.c: update the short string tests to expect not only
	MSPACK_ERR_DATAFORMAT but also MSPACK_ERR_READ, because of the recent
	change to cabd_read_string(). Thanks to maitreyee43 for spotting this.

	* test/msdecompile_md5: update the setup instructions for this script,
	and also change the script so it works with current Wine. Again, thanks
	to maitreyee43 for trying to use it and finding it not working.

2017-08-13  Stuart Caie <kyzer@cabextract.org.uk>

	* src/chmextract.c: support MinGW one-arg mkdir(). Thanks to AntumDeluge
	for reporting this.

2017-08-13  Stuart Caie <kyzer@cabextract.org.uk>

	* read_spaninfo(): a CHM file can have no ResetTable and have a
	negative length in SpanInfo, which then feeds a negative output length
	to lzxd_init(), which then sets frame_size to a value of your choosing,
	the lower 32 bits of output length, larger than LZX_FRAME_SIZE. If the
	first LZX block is uncompressed, this writes data beyond the end of the
	window. This issue was raised by ClamAV as CVE-2017-6419.  Thanks to
	Sebastian Andrzej Siewior for finding this by chance!

	* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the issue
	mentioned above, these functions now reject negative lengths

2017-08-05  Stuart Caie <kyzer@cabextract.org.uk>

	* cabd_read_string(): add missing error check on result of read().
	If an mspack_system implementation returns an error, it's interpreted
	as a huge positive integer, which leads to reading past the end of the
	stack-based buffer. Thanks to Sebastian Andrzej Siewior for explaining
	the problem. This issue was raised by ClamAV as CVE-2017-11423

2016-04-20  Stuart Caie <kyzer@cabextract.org.uk>

	* configure.ac: change my email address to kyzer@cabextract.org.uk

2015-05-10  Stuart Caie <kyzer@4u.net>

	* cabd_read_string(): correct rejection of empty strings. Thanks to
	Hanno B旦ck for finding the issue and providing a sample file.

2015-05-10  Stuart Caie <kyzer@4u.net>

	* Makefile.am: Add subdir-objects option as suggested by autoreconf.

	* configure.ac: Add AM_PROG_AR as suggested by autoreconf.

2015-01-29  Stuart Caie <kyzer@4u.net>

	* system.h: if C99 inttypes.h exists, use its PRI{d,u}{32,64} macros.
	Thanks to Johnathan Kollasch for the suggestion.


(wiz)