Marcus Meissner
d00ef480b7
- update to 2.08 (bnc#883947) CVE-2014-4607
- Updated the Autoconf scripts to fix some reported build
problems.
- Added CMake build support.
- Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
* Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
Fortunately this issue only affects 32-bit systems and also can
only happen if you use uncommonly huge buffer sizes where you
have to decompress more than 16 MiB (> 2^24 bytes) untrusted
compressed bytes within a single function call, so the
practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge"
pointers - LZO now requires a flat 32-bit or 64-bit memory
model.
* Assorted cleanups.
OBS-URL: https://build.opensuse.org/request/show/239294
OBS-URL: https://build.opensuse.org/package/show/Base:System/lzo?expand=0&rev=24
|
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| baselibs.conf | ||
| lzo-2.08.tar.gz | ||
| lzo.changes | ||
| lzo.spec | ||