diff options
author | Tiago Gomes <tiago.gomes@codethink.co.uk> | 2015-02-03 15:38:26 +0000 |
---|---|---|
committer | Tiago Gomes <tiago.gomes@codethink.co.uk> | 2015-02-03 16:11:17 +0000 |
commit | 4a0890daf4c9839711f9013a35b1912ed341e956 (patch) | |
tree | 8ae5c6780a1fcd2124e71f27ad9b4256acd24268 /NEWS | |
parent | 2cdfe9375f1145603d002c12be950062ae54da21 (diff) | |
download | lzo-4a0890daf4c9839711f9013a35b1912ed341e956.tar.gz |
Import 2.08 tarballbaserock/tiagogomes/armv8l64
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 21 |
1 files changed, 21 insertions, 0 deletions
@@ -2,6 +2,27 @@ User visible changes for LZO -- a real-time data compression library ============================================================================ +Changes in 2.08 (29 Jun 2014) + * Updated the Autoconf scripts to fix some reported build problems. + * Added CMake build support. + * Fixed lzo_init() on big-endian architectures like Sparc. + +Changes in 2.07 (25 Jun 2014) + * Fixed a potential integer overflow condition in the "safe" decompressor + variants which could result in a possible buffer overrun when + processing maliciously crafted compressed input data. + + Fortunately this issue only affects 32-bit systems and also can only happen + if you use uncommonly huge buffer sizes where you have to decompress more + than 16 MiB (> 2^24 bytes) untrusted compressed bytes within a single + function call, so the practical implications are limited. + + POTENTIAL SECURITY ISSUE. CVE-2014-4607. + + * Removed support for ancient configurations like 16-bit "huge" pointers - + LZO now requires a flat 32-bit or 64-bit memory model. + * Assorted cleanups. + Changes in 2.06 (12 Aug 2011) * Some minor optimizations for big-endian architectures. * Fixed overly strict malloc() misalignment check in examples. |