xref: /dports/security/clamav/clamav-0.104.2/libclammspack/ChangeLog

2019-02-18  Stuart Caie <kyzer@cabextract.org.uk>

	* chmd_read_headers(): a CHM file name beginning "::" but shorter
	than 33 bytes will lead to reading past the freshly-allocated name
	buffer - checks for specific control filenames didn't take length
	into account. Thanks to ADLab of Venustech for the report and
	proof of concept.

2019-02-18  Stuart Caie <kyzer@cabextract.org.uk>

	* chmd_read_headers(): CHM files can declare their chunks are any
	size up to 4GB, and libmspack will attempt to allocate that to
	read the file.

	This is not a security issue; libmspack doesn't promise how much
	memory it'll use to unpack files. You can set your own limits by
	returning NULL in a custom mspack_system.alloc() implementation.

	However, it would be good to validate chunk size further. With no
	offical specification, only empirical data is available. All files
	created by hhc.exe have a chunk size of 4096 bytes, and this is
	matched by all the files I've found in the wild, except for one
	which has a chunk size of 8192 bytes, which was created by someone
	developing a CHM file creator 15 years ago, and they appear to
	have abandoned it, so it seems 4096 is a de-facto standard.

	I've changed the "chunk size is not a power of two" warning to
	"chunk size is not 4096", and now only allow chunk sizes between
	22 and 8192 bytes. If you have CHM files with a larger chunk size,
	please send them to me and I'll increase this upper limit.

	Thanks to ADLab of Venustech for the report.

2019-02-18  Stuart Caie <kyzer@cabextract.org.uk>

	* oabd.c: replaced one-shot copying of uncompressed blocks (which
	requires allocating a buffer of the size declared in the header,
	which can be 4GB) with a fixed-size buffer. The buffer size is
	user-controllable with the new msoab_decompressor::set_param()
	method (check you have version 2 of the OAB decompressor), and
	also controls the input buffer used for OAB's LZX decompression.

	Reminder: compression formats can dictate how much memory is
	needed to decompress them. If memory usage is a security concern
	to you, write a custom mspack_system.alloc() that returns NULL
	if "too much" memory is requested. Do not rely on libmspack adding
	special heuristics to know not to request "too much".

	Thanks to ADLab of Venustech for the report.

2018-11-03  Stuart Caie <kyzer@cabextract.org.uk>

	* configure.ac, doc/Makefile.in, doc/Doxyfile.in: remove these
	template files and replace with static files. You can still build
	the documentation with make -C doc

2018-11-03  Stuart Caie <kyzer@cabextract.org.uk>

	* Makefile.am, src: move the "useful" programs in src/ to examples/
	and don't auto-install them. Even though they're useful, they are
	intended as examples and aren't productised (no commmand-line
	options, no man pages, etc.) -- if you disagree, feel free to
	send in a patch

2018-11-01  Stuart Caie <kyzer@cabextract.org.uk>

	* cabd_extract(): would not do decompression for random-access
	offsets if the folder type was LZX. This is a fairly major bug,
	and affects any decompression where you skip directly to a file,
	or decompress data out-of-order. Thanks to austin987 for alerting
	me to this.

	This bug was introduced by the recent 'salvage mode' patch. Even
	though I'd reviewed all the differences in clamav's copy of
	libmspack and said "wtf" to this particular change, I didn't
	notice it was still in the resulting patch I merged. Mea culpa :)

	* test/cabd_test.c: now has a regression test to cover this

2018-10-31  Stuart Caie <kyzer@cabextract.org.uk>

	* Makefile.am, test/*_test.c: use the automake test-suite system
	with the test-suite programs (cabd_test, chmd_test, kwajd_test).
	This also fixes a longstanding bugbear that these programs don't
	access their test files using an absolute path. Now this is passed
	to them and you can run them from any directory. Thanks to Richard
	Jones for requesting this.

2018-10-31  Stuart Caie <kyzer@cabextract.org.uk>

	* configure.ac: require at least automake 1.11, use AM_SILENT_RULES
	unconditionally

2018-10-30  Stuart Caie <kyzer@cabextract.org.uk>

	* configure.ac: remove obsolescent C library tests. AC_HEADER_STDC is
	removed, and so are most checks for standard C headers. libmspack now
	makes these assumptions:
	- <ctype.h> <limits.h> <stdlib.h> <string.h> exist
	- <ctype.h> defines tolower()
	- <string.h> defines memset(), memcmp(), strlen()
	- if towlower() exists, it's defined in <wctype.h>

2018-10-22  Stuart Caie <kyzer@cabextract.org.uk>

	* cabd.c: remove the only use of assert()

2018-10-20  Stuart Caie <kyzer@cabextract.org.uk>

	* src/chmextract.c: add anti "../" and leading slash protection to
	chmextract. I'm not pleased about this. All the sample code provided
	with libmspack is meant to be simple examples of library use, not
	"productised" binaries. Making the "useful" code samples install
	as binaries was a mistake. They were never intended to protect you
	from unpacking archive files with relative/absolute paths, and I
	would prefer that they never will be.

2018-10-17  Stuart Caie <kyzer@cabextract.org.uk>

	* cab.h: Make the CAB block input buffer one byte larger, to allow
	a maximum-allowed-size input block and the special extra byte added
	after the block by cabd_sys_read_block to help Quantum alignment.
	Thanks to Henri Salo for reporting this.

2018-10-17  Stuart Caie <kyzer@cabextract.org.uk>

	* chmd_read_headers(): again reject files with blank filenames, this
	time because their 1st or 2nd byte is null, not because their length
	is zero.  Thanks again to Hanno Böck for finding the issue.

2018-10-16  Stuart Caie <kyzer@cabextract.org.uk>

	* Makefile.am: using automake _DEPENDENCIES for chmd_test appears to
	override the default dependencies (e.g. sources), so libchmd.la was no
	longer considered a dependency of chmd_test. This breaks parallel
	builds like "make -j4". Added libchmd.la explicitly to dependencies.
	Thanks to Thomas Deutschmann for reporting this.

2018-10-16  Stuart Caie <kyzer@cabextract.org.uk>

	* cabd.c: add new parameter, MSCABD_PARAM_SALVAGE, which makes CAB file
	reading and extraction more lenient, to allow damaged or mangled CABs
	to be extracted. When enabled:
	- cabd->open() won't reject cabinets with files that have invalid
	  folder indices or filenames. These files will simply be skipped
	- cabd->extract() won't reject files with invalid lengths, but will
	  limit them to the maximum possible
	- block output sizes over 32768 bytes won't be rejected
	- invalid data block checksums won't be rejected

	It's still possible for corrupted files to fail extraction, but more
	data can be extracted before they do.

	This new parameter doesn't affect the existing MSCABD_PARAM_FIXMSZIP
	parameter, which ignores MSZIP decompression failures. You can enable
	both at once.

	Thanks to Micah Snyder from ClamAV for working with me to get this
	feature into libmspack. This also helps ClamAV move towards using a
	vanilla copy of libmspack without needing their own patchset.

2018-08-13  Stuart Caie <kyzer@cabextract.org.uk>

	* mspack.h: clarify that mspack_system.free() should allow NULL. If your
	mspack_system implementation doesn't, it would already have crashed, as
	there are several places where libmspack calls sys->free(NULL). This
	change makes it official, and amends a few "if (x) sys->free(x)" cases
	to the simpler "sys->free(x)" to make it clearer.

2018-08-09  Stuart Caie <kyzer@cabextract.org.uk>

	* Makefile.am: the test file cve-2015-4467-reset-interval-zero.chm is
	detected by ClamAV as BC.Legacy.Exploit.CVE_2012_1458-1 "infected".
	My hosting deletes anything that ClamAV calls "infected", so has been
	continually deleting the official libmspack 0.7alpha release.

	CVE-2012-1458 is the same issue as CVE-2015-4467: both libmspack, and
	ClamAV using libmspack, could get a division-by-zero crash when the LZX
	reset interval was zero. This was fixed years ago, but ClamAV still has
	it as a signature, which today prevents me from releasing libmspack.

	BC.Legacy.Exploit.CVE_2012_1458-1 is a bytecode signature, so I can't
	see the exact trigger conditions, but I can see that it looks for the
	"LZXC" signature of the LZX control file, so I've changed this to
	"lzxc" and added a step in the Makefile to change it back to LZXC, so
	I can release libmspack whether or not ClamAV keeps the signature.

2018-04-26  Stuart Caie <kyzer@cabextract.org.uk>

	* read_chunk(): the test that chunk numbers are in bounds was off
	by one, so read_chunk() returned a pointer taken from outside
	allocated memory that usually crashes libmspack when accessed.
	Thanks to Hanno Böck for finding the issue and providing a sample.

	* chmd_read_headers(): reject files with blank filenames. Thanks
	again to Hanno Böck for finding the issue and providing a sample file.

2018-02-06  Stuart Caie <kyzer@cabextract.org.uk>

	* chmd.c: fixed an off-by-one error in the TOLOWER() macro, reported
	by Dmitry Glavatskikh. Thanks Dmitry!

2017-11-26  Stuart Caie <kyzer@cabextract.org.uk>

	* kwajd_read_headers(): fix up the logic of reading the filename and
	extension headers to avoid a one or two byte overwrite. Thanks to
	Jakub Wilk for finding the issue.

	* test/kwajd_test.c: add tests for KWAJ filename.ext handling

2017-10-16  Stuart Caie <kyzer@cabextract.org.uk>

	* test/cabd_test.c: update the short string tests to expect not only
	MSPACK_ERR_DATAFORMAT but also MSPACK_ERR_READ, because of the recent
	change to cabd_read_string(). Thanks to maitreyee43 for spotting this.

	* test/msdecompile_md5: update the setup instructions for this script,
	and also change the script so it works with current Wine. Again, thanks
	to maitreyee43 for trying to use it and finding it not working.

2017-08-13  Stuart Caie <kyzer@cabextract.org.uk>

	* src/chmextract.c: support MinGW one-arg mkdir(). Thanks to AntumDeluge
	for reporting this.

2017-08-13  Stuart Caie <kyzer@cabextract.org.uk>

	* read_spaninfo(): a CHM file can have no ResetTable and have a
	negative length in SpanInfo, which then feeds a negative output length
	to lzxd_init(), which then sets frame_size to a value of your choosing,
	the lower 32 bits of output length, larger than LZX_FRAME_SIZE. If the
	first LZX block is uncompressed, this writes data beyond the end of the
	window. This issue was raised by ClamAV as CVE-2017-6419.  Thanks to
	Sebastian Andrzej Siewior for finding this by chance!

	* lzxd_init(), lzxd_set_output_length(), mszipd_init(): due to the issue
	mentioned above, these functions now reject negative lengths

2017-08-05  Stuart Caie <kyzer@cabextract.org.uk>

	* cabd_read_string(): add missing error check on result of read().
	If an mspack_system implementation returns an error, it's interpreted
	as a huge positive integer, which leads to reading past the end of the
	stack-based buffer. Thanks to Sebastian Andrzej Siewior for explaining
	the problem. This issue was raised by ClamAV as CVE-2017-11423

2016-04-20  Stuart Caie <kyzer@cabextract.org.uk>

	* configure.ac: change my email address to kyzer@cabextract.org.uk

2015-05-10  Stuart Caie <kyzer@4u.net>

	* cabd_read_string(): correct rejection of empty strings. Thanks to
	Hanno Böck for finding the issue and providing a sample file.

2015-05-10  Stuart Caie <kyzer@4u.net>

	* Makefile.am: Add subdir-objects option as suggested by autoreconf.

	* configure.ac: Add AM_PROG_AR as suggested by autoreconf.

2015-01-29  Stuart Caie <kyzer@4u.net>

	* system.h: if C99 inttypes.h exists, use its PRI{d,u}{32,64} macros.
	Thanks to Johnathan Kollasch for the suggestion.

2015-01-18  Stuart Caie <kyzer@4u.net>

	* lzxd_decompress(): the byte-alignment code for reading uncompressed
	block headers presumed it could wind i_ptr back 2 bytes, but this
	hasn't been true since READ_BYTES was allowed to read bytes straddling
	two blocks, leaving just 1 byte in the read buffer. Thanks to Jakub
	Wilk for finding the issue and providing a sample file.

	* inflate(): off-by-one error. Distance codes are 0-29, not 0-30.
	Thanks to Jakub Wilk again.

	* chmd_read_headers(), search_chunk(): another fix for checking pointer
	is within a chunk, thanks again to Jakub Wilk.

2015-01-17  Stuart Caie <kyzer@4u.net>

	* GET_UTF8_CHAR(): Remove 5/6-byte encoding support and check decoded
	chars are no more than U+10FFFF.

	* chmd_init_decomp(): A reset interval of 0 is invalid. Thanks to
	Jakub Wilk for finding the issue and providing a sample and patch.

2015-01-15  Stuart Caie <kyzer@4u.net>

	* chmd_read_headers(): add a bounds check to prevent over-reading data,
	which caused a segfault on 32-bit architectures. Thanks to Jakub Wilk.

	* search_chunk(): change the order of pointer arithmetic operations to
	avoid overflow during bounds checks, which lead to segfaults on 32-bit
	architectures. Again, thanks to Jakub Wilk for finding this issue,
	providing sample files and a patch.

2015-01-08  Stuart Caie <kyzer@4u.net>

	* cabd_extract(): No longer uses broken state data if extracting from
	folder 1, 2, 1 and setting up folder 2 fails. This prevents a jump to
	null and thus segfault. Thanks to Jakub Wilk again.

	* cabd_read_string: reject empty strings. They are not found in any
	valid CAB files. Thanks to Hanno Böck for sending me an example.

2015-01-05  Stuart Caie <kyzer@4u.net>

	* cabd_can_merge_folders(): disallow folder merging if the combined
	folder would have more than 65535 data blocks.

	* cabd_decompress(): disallow files if their offset, length or
	offset+length is more than 65535*32768, the maximum size of any
	folder. Thanks to Jakub Wilk for identifying the problem and providing
	a sample file.

2014-04-20  Stuart Caie <kyzer@4u.net>

	* readhuff.h: fixed the table overflow check, which allowed one more
	code after capacity had been reached, resulting in a read of
	uninitialized data inside the decoding table. Thanks to Denis Kroshin
	for identifying the problem and providing a sample file.

2013-05-27  Stuart Caie <kyzer@4u.net>

	* test/oabx.c: added new example command for unpacking OAB files.

2013-05-17  Stuart Caie <kyzer@4u.net>

	* mspack.h: Support for decompressing a new file format, the Exchange
	Offline Address Book (OAB). Thanks to David Woodhouse for writing
	the implementation. I've bumped the version to 0.4alpha in celebration.

2012-04-15  Stuart Caie <kyzer@4u.net>

	* chmd_read_headers(): More thorough validation of CHM header values.
	Thanks to Sergei Trofimovich for finding sample files.

	* read_reset_table(): Better test for overflow. Thanks again to
	Sergei Trofimovich for generating a good example.

	* test/chminfo.c: this test program reads the reset table by itself
	and was also susceptible to the same overflow problems.

2012-03-16  Stuart Caie <kyzer@4u.net>

	* Makefile.am, configure.ac: make the GCC warning flags conditional
	on using the GCC compiler. Thanks to Dagobert Michelsen for letting
	me know.

2011-11-25  Stuart Caie <kyzer@4u.net>

	* lzxd_decompress(): Prevent matches that go beyond the start
	of the LZX stream. Thanks to Sergei Trofimovich for testing
	with valgrind and finding a corrupt sample file that exercises
	this scenario.

2011-11-23  Stuart Caie <kyzer@4u.net>

	* chmd_fast_find(): add a simple check against infinite PMGL
	loops. Thanks to Sergei Trofimovich for finding sample files.
	Multi-step PMGL/PMGI infinite loops remain possible.

2011-06-17  Stuart Caie <kyzer@4u.net>

	* read_reset_table(): wasn't reading the right offset for getting
	the LZX uncompressed length. Thanks to Sergei Trofimovich for
	finding the bug.

2011-05-31  Stuart Caie <kyzer@4u.net>

	* kwajd.c, mszipd.c: KWAJ type 4 files (MSZIP) are now supported.
	Thanks to Clive Turvey for sending me the format details.

	* doc/szdd_kwaj_format.html: Updated documentation to cover
	KWAJ's MSZIP compression.

2011-05-11  Stuart Caie <kyzer@4u.net>

	* cabd_find(): rethought how large vs small file support is
	handled, as users were getting "library not compiled to support
	large files" message on some small files. Now checks for actual
	off_t overflow, rather than trying to preempt it.

2011-05-10:  Stuart Caie <kyzer@4u.net>

	* chmd.c: implemented fast_find()

	* test/chmx.c: removed the multiple extraction orders, now it just
	extracts in the fastest order

	* test/chmd_order.c: new program added to test that different
	extraction orders don't affect the results of extraction

	* test/chmd_find.c: new program to test that fast_find() works.
	Either supply your own filename to find, or it will try finding
	every file in the CHM.

	* configure.ac: because CHM fast find requires case-insensitive
	comparisons, tolower() or towlower() are used where possible.
	These functions and their headers are checked for.

	* mspack.h: exposed struct mschmd_sec_mscompressed's spaninfo
	and struct mschmd_header's first_pmgl, last_pmgl and chunk_cache
	to the world. Check that the CHM decoder version is v2 or higher
	before using them.

	* system.c: set CHM decoder version to v2

2011-04-27:  Stuart Caie <kyzer@4u.net>

	* many files: Made C++ compilers much happier with libmspack.
	Changed char * to const char * where possible.

	* mspack.h: Changed user-supplied char * to const char *.
	Unless you've written your own mspack_system implementation,
	you will likely be unaffected.
	If you have written your own mspack_system implementation:
	1: change open()    so it takes a const char *filename
	2: change message() so it takes a const char *format
	If you cast your function into the mspack_system struct,
	you can change the cast instead of the function.

2011-04-27:  Stuart Caie <kyzer@4u.net>

	* Makefile.am: changed CFLAGS from "-Wsign-compare -Wconversion
	-pedantic" to "-W -Wno-unused". This enables more warnings, and
	disables these specific warnings which are now a hinderance.

2011-04-27:  Stuart Caie <kyzer@4u.net>

	* test/cabrip.c, test/chminfo.c: used macros from system.h for
	printing offsets and reading 64-bit values, rather than
	reinvent the wheel.

	* cabd_can_merge_folders(): declare variables at the start of
	a block so older C compilers won't choke.

	* cabd_find(): avoid compiler complaints about non-initialised
	variables. We know they'll get initialised before use, but the
	compiler can't reverse a state machine to draw the same conclusion.

2011-04-26:  Stuart Caie <kyzer@4u.net>

	* configure.ac, mspack/system.h: Added a configure test to get
	the size of off_t. If off_t is 8 bytes or more, we presume this
	system has large file support. This fixes LFS detection for Fedora
	x86_64 and Darwin/Mac OS X, neither of which declare FILESIZEBITS in
	<limits.h>. It's not against the POSIX standard to do this: "A
	definition of [FILESIZEBITS] shall be omitted from the <limits.h>
	header on specific implementations where the corresponding value is
	equal to or greater than the stated minimum, but where the value can
	vary depending on the file to which it is applied."
	(http://pubs.opengroup.org/onlinepubs/009695399/basedefs/limits.h.html)
	Thanks to Edward Sheldrake for the patch.

2011-04-26:  Stuart Caie <kyzer@4u.net>

	* chmd.c: all 64-bit integer reads are now consolidated into
	the read_off64() function

	* chmd_read_headers(): this function has been made resilient
	against accessing memory past the end of a chunk. Thanks to
	Sergei Trofimovich for sending me examples and analysis.

	* chmd_init_decomp(): this function now reads the SpanInfo file
	if the ResetTable file isn't available, it also checks that each
	system file it needs is large enough before accessing it, and
	some of its code has been split into several new functions:
	find_sys_file(), read_reset_table() and read_spaninfo()

2011-04-26:  Stuart Caie <kyzer@4u.net>

	* mspack.h, chmd.c: now reads the SpanInfo system file if the
	ResetTable file isn't available. This adds a new spaninfo pointer
	into struct mschmd_sec_mscompressed

2011-04-26:  Stuart Caie <kyzer@4u.net>

	* test/chminfo.c: more sanity checks for corrupted CHM files where
	entries go past the end of a PMGL/PMGI chunk, thanks to
	Sergei Trofimovich for sending me examples and analysis.

2011-04-25:  Stuart Caie <kyzer@4u.net>

	* cabd_merge():  Drew D'Addesio showed me spanning cabinets which
	don't have all the CFFILE entries they should, but otherwise have
	all necessary data for extraction. Changed the merging folders
	test to be less strict; if folders don't exactly match, warn which
	files are missing, but allow merging if at least one necessary
	file is present.

2010-09-24:  Stuart Caie <kyzer@4u.net>

	* readhuff.h: Don't let build_decode_table() allow empty trees.
	It's meant to be special case just for the LZX length tree, so
	move that logic out to the LZX code. Thanks to Danny Kroshin for
	discovering the bug.

	* lzxd.c: Allow empty length trees, but not other trees. If
	the length tree is empty, fail if asked to decode a length symbol.
	Again, thanks to Danny Kroshin for discovering the bug.

2010-09-20:  Stuart Caie <kyzer@4u.net>

	* Makefile.am: Set EXTRA_DIST so it doesn't include .svn
	directories in the distribution, but does include docs.

2010-09-20:  Stuart Caie <kyzer@4u.net>

	* Makefile.am, configure.ac: Use modern auto* practises; turn on
	automake silent rules where possible, use "m4" directory for libtool
	macros, use LT_INIT instead of AC_PROG_LIBTOOL and use AM_CPPFLAGS
	instead of INCLUDES. Thanks to Sergei Trofimovich for the patch.

2010-09-15:  Stuart Caie <kyzer@4u.net>

	* many files: Made the code compile with C++
	- Renamed all 'this' variables/parameters to 'self'
	- Added casts to all memory allocations.
	- Added extern "C" to header files with extern declarations.
	- Made system.c include system.h.
	- Changed the K&R-style headers to ANSI-style headers in md5.c

2010-08-04:  Stuart Caie <kyzer@4u.net>

	* many files: removed unnecessary <unistd.h> include

2010-07-19:  Stuart Caie <kyzer@4u.net>

	* cabd_md5.c, chmd_md5.c: Replace writing files to disk then
	MD5summing them, with an MD5summer built into mspack_system.
	Much, much faster results.

	* qtmd_decompress(): Robert Riebisch pointed out a Quantum
	data integrity check that could never be tripped, because
	frame_todo is unsigned, so it will never be decremented
	below zero. Replaced the check with one that assumes that
	decrementing past zero wraps frame_todo round to a number
	more than its maximum value (QTM_FRAME_SIZE).

2010-07-18:  Stuart Caie <kyzer@4u.net>

	* cabd.c: Special logic to pass cabd_sys_read() errors back
	to cabd_extract() wasn't compatible with the decompressor
	logic of returning the same error repeatedly once unpacking
	fails. This meant that if decompressing failed because of
	a read error, then the next file in the same folder would
	come back as "no error", but the decompressed wouldn't have
	even attempted to decompress the file. Added a new state
	variable, read_error, with the same lifespan as a decompressor,
	to pass the underlying reason for MSPACK_ERR_READ errors back.

	* mszipd.c: improve MS-ZIP recovery by saving all the bytes
	decoded prior to a block failing. This requires remembering
	how far we got through the block, so the code has been made
	slightly slower (about 0.003 seconds slower per gigabyte
	unpacked) by removing the local variable window_posn
	and keeping it in the state structure instead.

2010-07-16:  Stuart Caie <kyzer@4u.net>

	* Makefile.am: strange interactions. When -std=c99 is used,
	my Ubuntu's <stdio.h> (libc6-dev 2.11.1-0ubuntu7.2) does NOT
	define fseeko() unless _LARGEFILE_SOURCE is also defined. But
	configure always uses -std=gnu99, not -std=c99, so its test
	determines _LARGEFILE_SOURCE isn't needed but HAVE_FSEEKO is
	true. The implicit fseeko definition has a 32-bit rather than
	64-bit offset, which means the mode parameter is interpreted
	as part of the offset, and the mode is taken from the stack,
	which is generally 0 (SEEK_SET). This breaks all SEEK_CURs.
	The code works fine when -std=c99 is not set, so just remove
	it for the time being.

2010-07-12:  Stuart Caie <kyzer@4u.net>

	* system.c: Reject reading/writing a negative number of bytes.

	* chmd.c: allow zero-length files to be seen. Previously they were
	skipped because they were mistaken for directory entries.

2010-07-08:  Stuart Caie <kyzer@4u.net>

	* qtmd.c: Larry Frieson found an important bug in the Quantum
	decoder. Window wraps flush all unwritten data to disk.
	However, sometimes less data is needed, which makes
	out_bytes negative, which is then passed to write(). Some
	write() implementations treat negative sizes it as a large
	positive integer and segfault trying to write the buffer.

	* Makefile.am, test/*.c: fixed automake file so that the
	package passes a "make distcheck".

2010-07-07:  Stuart Caie <kyzer@4u.net>

	* doc/szdd_kwaj_format.html: explain SZDD/KWAJ file format.

	* lzssd.c: fixed SZDD decompression bugs.

	* test/chmd_compare: Add scripts for comparing chmd_md5 against
	Microsoft's own code.

	* test/chmd_md5.c: remove the need to decompress everything
	twice, as this is already in chmx.c if needed.

2010-07-06:  Stuart Caie <kyzer@4u.net>

	* many files: added SZDD and KWAJ decompression support.

2010-06-18:  Stuart Caie  <kyzer@4u.net>

	* system.h: expanded the test for 64-bit largefile support so
	it also works on 64-bit native operating systems where you
	don't have to define _FILE_OFFSET_BITS.

2010-06-17:  Stuart Caie <kyzer@4u.net>

	* libmspack.pc.in: Added pkg-config support. Thanks to
	Patrice Dumas for the patch.

2010-06-14:  Stuart Caie <kyzer@4u.net>

	* qtmd.c, lzxd.c, mszipd.c: created new headers, readbits.h and
	readhuff.h, which bundle up the bit-reading and huffman-reading
	code found in the MSZIP, LZX and Quantum decoders.

2010-06-11:  Stuart Caie <kyzer@4u.net>

	* qtmd_static_init(): Removed function in favour of static const
	tables, same rationale as for lzxd_static_init().

	* qtmd_read_input(), zipd_read_input(): After testing against my
	set of CABs from the wild, I've found both these functions _need_
	an extra EOF flag, like lzxd_read_input() has. So I've added
	it. This means CABs get decoded properly AND there's no reading
	fictional bytes.

2010-06-03:  Stuart Caie  <kyzer@4u.net>

	* test/cabd_md5.c: updated this so it has better output and
	doesn't need to be in the same directory as the files for multi-
	part sets.

2010-05-20:  Stuart Caie  <kyzer@4u.net>

	* qtmd_read_input(), zipd_read_input(): Both these functions are
	essentially copies of lzxd_read_input(), but that has a feature
	they don't have - an extra EOF flag. So if EOF is
	encountered (sys->read() returns 0 bytes), these don't pass on the
	error. Their respective bit-reading functions that called them
	then go on to access at least one byte of the input buffer, which
	doesn't exist as sys->read() returned 0. Thanks to Michael
	Vidrevich for spotting this and providing a test case.

2010-05-20:  Stuart Caie  <kyzer@4u.net>

	* system.h: It turns out no configure.ac tests are needed to
	decide between __func__ and __FUNCTION__, so I put the standard
	one (__func__) back into the D() macro, along with some
	special-case ifdefs for old versions of GCC.

	* lzxd_static_init(): Removed function in favour of static const
	tables.  Jorge Lodos thinks it causes multithreading problems, I
	disagree. However, there are speed benefits to declaring the
	tables as static const.

	* cabd_init_decomp(): Fixed code which never runs but would write
	to a null pointer if it could. Changed it to an assert() as it
	will only trip if someone rewrites the internals of cabd.c. Thanks
	to Jorge Lodos for finding it.

	* inflate(): Fixed an off-by-one error: if the LITERAL table
	emitted code 286, this would read one byte past the end of
	lit_extrabits[]. Thanks to Jorge Lodos for finding it.

2010-05-06:  Stuart Caie  <kyzer@4u.net>

	* test/cabrip.c, test/chminfo.c: add fseeko() support

2009-06-01:  Stuart Caie   <kyzer@4u.net>

	* README: clarify the extended license terms

	* doc, Makefile.am: make the doxygen makefile work when using
	an alternate build directory

2006-09-20:  Stuart Caie   <kyzer@4u.net>

	* system.h: I had a choice of adding more to configure.ac to
	test for __func__ and __FUNCTION__, or just removing __FUNCTION__
	from the D() macro. I chose the latter.

	* Makefile.am: Now the --enable-debug in configure will actually
	apply -DDEBUG to the sources.

2006-09-20:  Stuart Caie   <kyzer@4u.net>

	* qtmd_decompress(): Fixed a major bug in the QTM decoder, as
	reported by Tomasz Kojm last year. Removed the restriction on
	window sizes as a result. Correctly decodes the XLVIEW cabinets.

2006-08-31:  Stuart Caie   <kyzer@4u.net>

	* lzxd_decompress(): Two major bugs fixed. Firstly, the R0/R1/R2
	local variables weren't set to 1 after lzxd_reset_state().
	Secondly, the LZX decompression stream can sometimes become
	odd-aligned (after an uncompressed block) and the next 16 bit
	fetch needs to be split across two input buffers, ENSURE_BITS()
	didn't cover this case. Many thanks to Igor Glucksmann for
	discovering both these bugs.

2005-06-30:  Stuart Caie   <kyzer@4u.net>

	* cabd_search(): fixed problems with searching files > 4GB for
	cabinets.

2005-06-23:  Stuart Caie   <kyzer@4u.net>

	* qtmd_init(): The QTM decoder is broken for QTM streams with a
	window size less than the frame size. Until this is fixed, fail
	to initialise QTM window sizes less than 15. Thanks to Tomasz Kojm
	for finding the bug.

2005-03-22:  Stuart Caie   <kyzer@4u.net>

	* system.h: now undefs "read", as the latest glibc defines read()
	as a macro which messes everything up. Thanks to Ville Skyttä for
	the update.

2005-03-14:  Stuart Caie   <kyzer@4u.net>

	* test/multifh.c: write an mspack_system implementation that can
	handle normal disk files, open file handles, open file descriptors
	and raw memory all at the same time.

2005-02-24:  Stuart Caie   <kyzer@4u.net>

	* chmd_read_headers(): avoid infinite loop when chmhs1_ChunkSize is
	zero. Thanks to Serge Semashko for the research and discovery.

2005-02-18:  Stuart Caie   <kyzer@4u.net>

	* mspack.h: renamed the "interface" parameter of mspack_version() to
	"entity", as interface is a reserved word in C++. Thanks to Yuriy Z
	for the discovery.

2004-12-09:  Stuart Caie   <kyzer@4u.net>

	* lzss.h, szdd.h, szddd.h: more work on the SZDD/LZSS design.

2004-06-12:  Stuart Caie   <kyzer@4u.net>

	* lzxd_static_init(): removed write to lzxd_extra_bits[52], thanks
	to Nigel Horne from the ClamAV project.

2004-04-23:  Stuart Caie   <kyzer@4u.net>

	* mspack.h: changed 'this' parameters to 'self' to allow compiling in
	C++ compilers, thanks to Michal Cihar for the suggestion.

	* mspack.h, system.h, mspack.def, winbuild.sh: integrated some changes
	from Petr Blahos to let libmspack build as a Win32 DLL.

	* chmd_fast_find(): added the first part of this code, and comments
	sufficient to finish it :)

2004-04-08  Stuart Caie   <kyzer@4u.net>

	* test/chminfo.c: added a program for dumping useful data from CHM
	files, e.g. index entries and reset tables. I wrote this a while ago
	for investigating a corrupt cabinet, but I never committed it.

2004-03-26  Stuart Caie   <kyzer@4u.net>

	* test/cabd_memory.c: added a new test example which shows an
	mspack_system implementation that reads and writes from memory only,
	no file I/O. Even the source code has a little cab file embedded in it.

2004-03-10  Stuart Caie   <kyzer@4u.net>

	* cabd.c: updated the location of the CAB SDK.

	* cabd.c: changed a couple of MSPACK_ERR_READ errors not based on
	read() failures into MSPACK_ERR_DATAFORMAT errors.

	* mszipd_decompress(): repair mode now aborts after writing a
	repaired block if the error was a hard error (e.g. read error, out
	of blocks, etc)

2004-03-08  Stuart Caie   <kyzer@4u.net>

	* Makefile.am: now builds and installs a versioned library.

	* mszipd.c: completed a new MS-ZIP and inflate implementation.

	* system.c: added mspack_version() and committed to a versioned
	ABI for the library.

	* cabd.c: made mszip repair functionality work correctly.

	* cabd.c: now identifies invalid block headers

	* doc/: API documentation is now included with the library, not
	just on the web.

	* chmd.c: fixed error messages and 64-bit debug output.

	* chmd.c: now also catches NULL files in section 1.

	* test/chmx.c: now acts more like cabextract.

2003-08-29  Stuart Caie   <kyzer@4u.net>

	* ChangeLog: started keeping a ChangeLog :)