176c8cf312
- update to 2.08 (bnc#883947) CVE-2014-4607
- Updated the Autoconf scripts to fix some reported build
problems.
- Added CMake build support.
- Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
* Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
Fortunately this issue only affects 32-bit systems and also can
only happen if you use uncommonly huge buffer sizes where you
have to decompress more than 16 MiB (> 2^24 bytes) untrusted
compressed bytes within a single function call, so the
practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge"
pointers - LZO now requires a flat 32-bit or 64-bit memory
model.
* Assorted cleanups. (forwarded request 239294 from darix)
OBS-URL: https://build.opensuse.org/request/show/239295
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/lzo?expand=0&rev=29