diff --git a/.gitignore b/.gitignore
index 52c1979..d9c3de3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+SOURCES/kwajd.tar.gz
 SOURCES/libmspack-0.5alpha.tar.gz
diff --git a/.libmspack.metadata b/.libmspack.metadata
index 24d926b..be3157c 100644
--- a/.libmspack.metadata
+++ b/.libmspack.metadata
@@ -1 +1,2 @@
+8389c8ee5d6933a7b02b665b4d70e3d53fcfb407 SOURCES/kwajd.tar.gz
 226f19b1fc58e820671a1749983b06896e108cc4 SOURCES/libmspack-0.5alpha.tar.gz
diff --git a/SOURCES/0001-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch b/SOURCES/0001-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
new file mode 100644
index 0000000..52a4f9a
--- /dev/null
+++ b/SOURCES/0001-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
@@ -0,0 +1,58 @@
+From 7daeac0b9ad98c9cd5ea5f05d3028fe171ba403a Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Sat, 12 May 2018 10:51:34 +0100
+Subject: [PATCH 1/3] =?UTF-8?q?Fix=20off-by-one=20bounds=20check=20on=20CH?=
+ =?UTF-8?q?M=20PMGI/PMGL=20chunk=20numbers=20and=20reject=20empty=20filena?=
+ =?UTF-8?q?mes.=20Thanks=20to=20Hanno=20B=C3=B6ck=20for=20reporting?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+(cherry picked from commit 72e70a921f0f07fee748aec2274b30784e1d312a)
+---
+ libmspack/trunk/mspack/chmd.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/libmspack/trunk/mspack/chmd.c b/libmspack/trunk/mspack/chmd.c
+index 5a6ef54..b799154 100644
+--- a/libmspack/trunk/mspack/chmd.c
++++ b/libmspack/trunk/mspack/chmd.c
+@@ -1,5 +1,5 @@
+ /* This file is part of libmspack.
+- * (C) 2003-2011 Stuart Caie.
++ * (C) 2003-2018 Stuart Caie.
+  *
+  * libmspack is free software; you can redistribute it and/or modify it under
+  * the terms of the GNU Lesser General Public License (LGPL) version 2.1
+@@ -397,7 +397,7 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+     D(("first pmgl chunk is after last pmgl chunk"))
+     return MSPACK_ERR_DATAFORMAT;
+   }
+-  if (chm->index_root != 0xFFFFFFFF && chm->index_root > chm->num_chunks) {
++  if (chm->index_root != 0xFFFFFFFF && chm->index_root >= chm->num_chunks) {
+     D(("index_root outside valid range"))
+     return MSPACK_ERR_DATAFORMAT;
+   }
+@@ -447,7 +447,10 @@ static int chmd_read_headers(struct mspack_system *sys, struct mspack_file *fh,
+     while (num_entries--) {
+       READ_ENCINT(name_len);
+       if (name_len > (unsigned int) (end - p)) goto chunk_end;
++      /* consider blank filenames to be an error */
++      if (name_len == 0) goto chunk_end;
+       name = p; p += name_len;
++
+       READ_ENCINT(section);
+       READ_ENCINT(offset);
+       READ_ENCINT(length);
+@@ -622,7 +625,7 @@ static unsigned char *read_chunk(struct mschm_decompressor_p *self,
+     unsigned char *buf;
+ 
+     /* check arguments - most are already checked by chmd_fast_find */
+-    if (chunk_num > chm->num_chunks) return NULL;
++    if (chunk_num >= chm->num_chunks) return NULL;
+     
+     /* ensure chunk cache is available */
+     if (!chm->chunk_cache) {
+-- 
+2.18.0
+
diff --git a/SOURCES/0002-kwaj_read_headers-fix-handling-of-non-terminated-str.patch b/SOURCES/0002-kwaj_read_headers-fix-handling-of-non-terminated-str.patch
new file mode 100644
index 0000000..77a0eea
--- /dev/null
+++ b/SOURCES/0002-kwaj_read_headers-fix-handling-of-non-terminated-str.patch
@@ -0,0 +1,537 @@
+From 727255122e4e574525275b9c8047462b25e5ccc5 Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Sun, 26 Nov 2017 14:28:54 +0000
+Subject: [PATCH 2/3] kwaj_read_headers(): fix handling of non-terminated
+ strings
+
+(cherry picked from commit 0b0ef9344255ff5acfac6b7af09198ac9c9756c8)
+---
+ libmspack/trunk/Makefile.am                   |   4 +-
+ libmspack/trunk/mspack/kwajd.c                |  32 +++--
+ libmspack/trunk/test/kwajd_test.c             | 116 ++++++++++++++++++
+ libmspack/trunk/test/test_files/kwajd/f00.kwj | Bin 0 -> 15 bytes
+ libmspack/trunk/test/test_files/kwajd/f01.kwj | Bin 0 -> 17 bytes
+ libmspack/trunk/test/test_files/kwajd/f02.kwj | Bin 0 -> 18 bytes
+ libmspack/trunk/test/test_files/kwajd/f03.kwj | Bin 0 -> 19 bytes
+ libmspack/trunk/test/test_files/kwajd/f04.kwj | Bin 0 -> 19 bytes
+ libmspack/trunk/test/test_files/kwajd/f10.kwj | Bin 0 -> 17 bytes
+ libmspack/trunk/test/test_files/kwajd/f11.kwj | Bin 0 -> 19 bytes
+ libmspack/trunk/test/test_files/kwajd/f12.kwj | Bin 0 -> 20 bytes
+ libmspack/trunk/test/test_files/kwajd/f13.kwj | Bin 0 -> 21 bytes
+ libmspack/trunk/test/test_files/kwajd/f14.kwj | Bin 0 -> 21 bytes
+ libmspack/trunk/test/test_files/kwajd/f20.kwj | Bin 0 -> 18 bytes
+ libmspack/trunk/test/test_files/kwajd/f21.kwj | Bin 0 -> 20 bytes
+ libmspack/trunk/test/test_files/kwajd/f22.kwj | Bin 0 -> 21 bytes
+ libmspack/trunk/test/test_files/kwajd/f23.kwj | Bin 0 -> 22 bytes
+ libmspack/trunk/test/test_files/kwajd/f24.kwj | Bin 0 -> 22 bytes
+ libmspack/trunk/test/test_files/kwajd/f30.kwj | Bin 0 -> 19 bytes
+ libmspack/trunk/test/test_files/kwajd/f31.kwj | Bin 0 -> 21 bytes
+ libmspack/trunk/test/test_files/kwajd/f32.kwj | Bin 0 -> 22 bytes
+ libmspack/trunk/test/test_files/kwajd/f33.kwj | Bin 0 -> 23 bytes
+ libmspack/trunk/test/test_files/kwajd/f34.kwj | Bin 0 -> 23 bytes
+ libmspack/trunk/test/test_files/kwajd/f40.kwj | Bin 0 -> 20 bytes
+ libmspack/trunk/test/test_files/kwajd/f41.kwj | Bin 0 -> 22 bytes
+ libmspack/trunk/test/test_files/kwajd/f42.kwj | Bin 0 -> 23 bytes
+ libmspack/trunk/test/test_files/kwajd/f43.kwj | Bin 0 -> 24 bytes
+ libmspack/trunk/test/test_files/kwajd/f44.kwj | Bin 0 -> 24 bytes
+ libmspack/trunk/test/test_files/kwajd/f50.kwj | Bin 0 -> 21 bytes
+ libmspack/trunk/test/test_files/kwajd/f51.kwj | Bin 0 -> 23 bytes
+ libmspack/trunk/test/test_files/kwajd/f52.kwj | Bin 0 -> 24 bytes
+ libmspack/trunk/test/test_files/kwajd/f53.kwj | Bin 0 -> 25 bytes
+ libmspack/trunk/test/test_files/kwajd/f54.kwj | Bin 0 -> 25 bytes
+ libmspack/trunk/test/test_files/kwajd/f60.kwj | Bin 0 -> 22 bytes
+ libmspack/trunk/test/test_files/kwajd/f61.kwj | Bin 0 -> 24 bytes
+ libmspack/trunk/test/test_files/kwajd/f62.kwj | Bin 0 -> 25 bytes
+ libmspack/trunk/test/test_files/kwajd/f63.kwj | Bin 0 -> 26 bytes
+ libmspack/trunk/test/test_files/kwajd/f64.kwj | Bin 0 -> 26 bytes
+ libmspack/trunk/test/test_files/kwajd/f70.kwj | Bin 0 -> 23 bytes
+ libmspack/trunk/test/test_files/kwajd/f71.kwj | Bin 0 -> 25 bytes
+ libmspack/trunk/test/test_files/kwajd/f72.kwj | Bin 0 -> 26 bytes
+ libmspack/trunk/test/test_files/kwajd/f73.kwj | Bin 0 -> 27 bytes
+ libmspack/trunk/test/test_files/kwajd/f74.kwj | Bin 0 -> 27 bytes
+ libmspack/trunk/test/test_files/kwajd/f80.kwj | Bin 0 -> 24 bytes
+ libmspack/trunk/test/test_files/kwajd/f81.kwj | Bin 0 -> 26 bytes
+ libmspack/trunk/test/test_files/kwajd/f82.kwj | Bin 0 -> 27 bytes
+ libmspack/trunk/test/test_files/kwajd/f83.kwj | Bin 0 -> 28 bytes
+ libmspack/trunk/test/test_files/kwajd/f84.kwj | Bin 0 -> 28 bytes
+ libmspack/trunk/test/test_files/kwajd/f90.kwj | Bin 0 -> 24 bytes
+ libmspack/trunk/test/test_files/kwajd/f91.kwj | Bin 0 -> 26 bytes
+ libmspack/trunk/test/test_files/kwajd/f92.kwj | Bin 0 -> 27 bytes
+ libmspack/trunk/test/test_files/kwajd/f93.kwj | Bin 0 -> 28 bytes
+ libmspack/trunk/test/test_files/kwajd/f94.kwj | Bin 0 -> 28 bytes
+ libmspack/trunk/test/test_files/kwajd/make.pl |  17 +++
+ 54 files changed, 155 insertions(+), 14 deletions(-)
+ create mode 100644 libmspack/trunk/test/kwajd_test.c
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f00.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f01.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f02.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f03.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f04.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f10.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f11.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f12.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f13.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f14.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f20.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f21.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f22.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f23.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f24.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f30.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f31.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f32.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f33.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f34.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f40.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f41.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f42.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f43.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f44.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f50.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f51.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f52.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f53.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f54.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f60.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f61.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f62.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f63.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f64.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f70.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f71.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f72.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f73.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f74.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f80.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f81.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f82.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f83.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f84.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f90.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f91.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f92.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f93.kwj
+ create mode 100644 libmspack/trunk/test/test_files/kwajd/f94.kwj
+ create mode 100755 libmspack/trunk/test/test_files/kwajd/make.pl
+
+diff --git a/libmspack/trunk/Makefile.am b/libmspack/trunk/Makefile.am
+index 4c295a5..ea48f03 100644
+--- a/libmspack/trunk/Makefile.am
++++ b/libmspack/trunk/Makefile.am
+@@ -23,7 +23,7 @@ noinst_LTLIBRARIES =	libmscabd.la libmschmd.la
+ noinst_PROGRAMS =	test/cabd_md5 test/cabd_memory test/cabd_test \
+ 			test/cabrip test/chmd_md5 test/chmx test/chminfo \
+ 			test/multifh test/expand test/chmd_find \
+-			test/chmd_order test/oabx
++			test/chmd_order test/oabx test/kwajd_test
+ 
+ libmspack_la_SOURCES =	mspack/mspack.h \
+ 			mspack/system.h mspack/system.c \
+@@ -98,3 +98,5 @@ test_chmd_order_LDADD = libmschmd.la
+ test_oabx_SOURCES =	test/oabx.c test/md5.c test/md5.h test/md5_fh.h \
+ 			test/error.h libmspack.la
+ test_oabx_LDADD =	libmspack.la
++test_kwajd_test_SOURCES =	test/kwajd_test.c libmspack.la
++test_kwajd_test_LDADD = 	libmspack.la
+diff --git a/libmspack/trunk/mspack/kwajd.c b/libmspack/trunk/mspack/kwajd.c
+index c9e006c..50be257 100644
+--- a/libmspack/trunk/mspack/kwajd.c
++++ b/libmspack/trunk/mspack/kwajd.c
+@@ -198,30 +198,36 @@ static int kwajd_read_headers(struct mspack_system *sys,
+ 
+     /* filename and extension */
+     if (hdr->headers & (MSKWAJ_HDR_HASFILENAME | MSKWAJ_HDR_HASFILEEXT)) {
+-	off_t pos = sys->tell(fh);
+-	char *fn = (char *) sys->alloc(sys, (size_t) 13);
+-
++	int len;
+ 	/* allocate memory for maximum length filename */
+-	if (! fn) return MSPACK_ERR_NOMEMORY;
+-	hdr->filename = fn;
++	char *fn = (char *) sys->alloc(sys, (size_t) 13);
++	if (!(hdr->filename = fn)) return MSPACK_ERR_NOMEMORY;
+ 
+ 	/* copy filename if present */
+ 	if (hdr->headers & MSKWAJ_HDR_HASFILENAME) {
+-	    if (sys->read(fh, &buf[0], 9) != 9) return MSPACK_ERR_READ;
+-	    for (i = 0; i < 9; i++, fn++) if (!(*fn = buf[i])) break;
+-	    pos += (i < 9) ? i+1 : 9;
+-	    if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START))
++	    /* read and copy up to 9 bytes of a null terminated string */
++	    if ((len = sys->read(fh, &buf[0], 9)) < 2) return MSPACK_ERR_READ;
++	    for (i = 0; i < len; i++) if (!(*fn++ = buf[i])) break;
++	    /* if string was 9 bytes with no null terminator, reject it */
++	    if (i == 9 && buf[8] != '\0') return MSPACK_ERR_DATAFORMAT;
++	    /* seek to byte after string ended in file */
++	    if (sys->seek(fh, (off_t)(i + 1 - len), MSPACK_SYS_SEEK_CUR))
+ 		return MSPACK_ERR_SEEK;
++	    fn--; /* remove the null terminator */
+ 	}
+ 
+ 	/* copy extension if present */
+ 	if (hdr->headers & MSKWAJ_HDR_HASFILEEXT) {
+ 	    *fn++ = '.';
+-	    if (sys->read(fh, &buf[0], 4) != 4) return MSPACK_ERR_READ;
+-	    for (i = 0; i < 4; i++, fn++) if (!(*fn = buf[i])) break;
+-	    pos += (i < 4) ? i+1 : 4;
+-	    if (sys->seek(fh, pos, MSPACK_SYS_SEEK_START))
++	    /* read and copy up to 4 bytes of a null terminated string */
++	    if ((len = sys->read(fh, &buf[0], 4)) < 2) return MSPACK_ERR_READ;
++	    for (i = 0; i < len; i++) if (!(*fn++ = buf[i])) break;
++	    /* if string was 4 bytes with no null terminator, reject it */
++	    if (i == 4 && buf[3] != '\0') return MSPACK_ERR_DATAFORMAT;
++	    /* seek to byte after string ended in file */
++	    if (sys->seek(fh, (off_t)(i + 1 - len), MSPACK_SYS_SEEK_CUR))
+ 		return MSPACK_ERR_SEEK;
++	    fn--; /* remove the null terminator */
+ 	}
+ 	*fn = '\0';
+     }
+diff --git a/libmspack/trunk/test/kwajd_test.c b/libmspack/trunk/test/kwajd_test.c
+new file mode 100644
+index 0000000..4ee10f9
+--- /dev/null
++++ b/libmspack/trunk/test/kwajd_test.c
+@@ -0,0 +1,116 @@
++/* KWAJ regression test suite */
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <mspack.h>
++
++unsigned int test_count = 0;
++#define TEST(x) do {\
++    test_count++; \
++    if (!(x)) {printf("%s:%d FAILED %s\n",__FUNCTION__,__LINE__,#x);exit(1);} \
++} while (0)
++
++/* test parsing of KWAJ filename/extension headers */
++void kwajd_open_test_01() {
++    struct mskwaj_decompressor *kwajd;
++    struct mskwajd_header *hdr;
++
++    kwajd = mspack_create_kwaj_decompressor(NULL);
++    TEST(kwajd != NULL);
++
++    hdr = kwajd->open(kwajd, "test_files/kwajd/f00.kwj");
++    TEST(hdr != NULL);
++    TEST(hdr->filename == NULL);
++    kwajd->close(kwajd, hdr);
++
++#define TEST_FNAME(testfile, fname)      \
++    hdr = kwajd->open(kwajd, testfile);  \
++    TEST(hdr != NULL);                   \
++    TEST(hdr->filename != NULL);         \
++    TEST(!strcmp(fname, hdr->filename)); \
++    kwajd->close(kwajd, hdr)
++#define TEST_FNAME_BAD(testfile)         \
++    hdr = kwajd->open(kwajd, testfile);  \
++    TEST(hdr == NULL);                   \
++    TEST(kwajd->last_error(kwajd) == MSPACK_ERR_DATAFORMAT)
++
++    TEST_FNAME("test_files/kwajd/f01.kwj", ".1");
++    TEST_FNAME("test_files/kwajd/f02.kwj", ".12");
++    TEST_FNAME("test_files/kwajd/f03.kwj", ".123");
++
++    TEST_FNAME("test_files/kwajd/f10.kwj", "1");
++    TEST_FNAME("test_files/kwajd/f11.kwj", "1.1");
++    TEST_FNAME("test_files/kwajd/f12.kwj", "1.12");
++    TEST_FNAME("test_files/kwajd/f13.kwj", "1.123");
++
++    TEST_FNAME("test_files/kwajd/f20.kwj", "12");
++    TEST_FNAME("test_files/kwajd/f21.kwj", "12.1");
++    TEST_FNAME("test_files/kwajd/f22.kwj", "12.12");
++    TEST_FNAME("test_files/kwajd/f23.kwj", "12.123");
++
++    TEST_FNAME("test_files/kwajd/f30.kwj", "123");
++    TEST_FNAME("test_files/kwajd/f31.kwj", "123.1");
++    TEST_FNAME("test_files/kwajd/f32.kwj", "123.12");
++    TEST_FNAME("test_files/kwajd/f33.kwj", "123.123");
++
++    TEST_FNAME("test_files/kwajd/f40.kwj", "1234");
++    TEST_FNAME("test_files/kwajd/f41.kwj", "1234.1");
++    TEST_FNAME("test_files/kwajd/f42.kwj", "1234.12");
++    TEST_FNAME("test_files/kwajd/f43.kwj", "1234.123");
++
++    TEST_FNAME("test_files/kwajd/f50.kwj", "12345");
++    TEST_FNAME("test_files/kwajd/f51.kwj", "12345.1");
++    TEST_FNAME("test_files/kwajd/f52.kwj", "12345.12");
++    TEST_FNAME("test_files/kwajd/f53.kwj", "12345.123");
++
++    TEST_FNAME("test_files/kwajd/f60.kwj", "123456");
++    TEST_FNAME("test_files/kwajd/f61.kwj", "123456.1");
++    TEST_FNAME("test_files/kwajd/f62.kwj", "123456.12");
++    TEST_FNAME("test_files/kwajd/f63.kwj", "123456.123");
++
++    TEST_FNAME("test_files/kwajd/f70.kwj", "1234567");
++    TEST_FNAME("test_files/kwajd/f71.kwj", "1234567.1");
++    TEST_FNAME("test_files/kwajd/f72.kwj", "1234567.12");
++    TEST_FNAME("test_files/kwajd/f73.kwj", "1234567.123");
++
++    TEST_FNAME("test_files/kwajd/f80.kwj", "12345678");
++    TEST_FNAME("test_files/kwajd/f81.kwj", "12345678.1");
++    TEST_FNAME("test_files/kwajd/f82.kwj", "12345678.12");
++    TEST_FNAME("test_files/kwajd/f83.kwj", "12345678.123");
++
++    TEST_FNAME_BAD("test_files/kwajd/f04.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f14.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f24.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f34.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f44.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f54.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f64.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f74.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f84.kwj");
++
++    TEST_FNAME_BAD("test_files/kwajd/f90.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f91.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f92.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f93.kwj");
++    TEST_FNAME_BAD("test_files/kwajd/f94.kwj");
++
++
++    mspack_destroy_kwaj_decompressor(kwajd);
++}
++
++int main() {
++  int selftest;
++
++  MSPACK_SYS_SELFTEST(selftest);
++  TEST(selftest == MSPACK_ERR_OK);
++
++  kwajd_open_test_01();
++
++  printf("ALL %d TESTS PASSED.\n", test_count);
++  return 0;
++}
+diff --git a/libmspack/trunk/test/test_files/kwajd/f00.kwj b/libmspack/trunk/test/test_files/kwajd/f00.kwj
+new file mode 100644
+index 0000000..1aa817e
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f00.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f01.kwj b/libmspack/trunk/test/test_files/kwajd/f01.kwj
+new file mode 100644
+index 0000000..9fbedda
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f01.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f02.kwj b/libmspack/trunk/test/test_files/kwajd/f02.kwj
+new file mode 100644
+index 0000000..a81a863
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f02.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f03.kwj b/libmspack/trunk/test/test_files/kwajd/f03.kwj
+new file mode 100644
+index 0000000..52bfb1e
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f03.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f04.kwj b/libmspack/trunk/test/test_files/kwajd/f04.kwj
+new file mode 100644
+index 0000000..1775433
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f04.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f10.kwj b/libmspack/trunk/test/test_files/kwajd/f10.kwj
+new file mode 100644
+index 0000000..40f944b
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f10.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f11.kwj b/libmspack/trunk/test/test_files/kwajd/f11.kwj
+new file mode 100644
+index 0000000..eca53c9
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f11.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f12.kwj b/libmspack/trunk/test/test_files/kwajd/f12.kwj
+new file mode 100644
+index 0000000..767c355
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f12.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f13.kwj b/libmspack/trunk/test/test_files/kwajd/f13.kwj
+new file mode 100644
+index 0000000..f8d7fb6
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f13.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f14.kwj b/libmspack/trunk/test/test_files/kwajd/f14.kwj
+new file mode 100644
+index 0000000..486e580
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f14.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f20.kwj b/libmspack/trunk/test/test_files/kwajd/f20.kwj
+new file mode 100644
+index 0000000..89de0ef
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f20.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f21.kwj b/libmspack/trunk/test/test_files/kwajd/f21.kwj
+new file mode 100644
+index 0000000..a4c3a8c
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f21.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f22.kwj b/libmspack/trunk/test/test_files/kwajd/f22.kwj
+new file mode 100644
+index 0000000..fa9c35d
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f22.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f23.kwj b/libmspack/trunk/test/test_files/kwajd/f23.kwj
+new file mode 100644
+index 0000000..c10cc71
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f23.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f24.kwj b/libmspack/trunk/test/test_files/kwajd/f24.kwj
+new file mode 100644
+index 0000000..75858e7
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f24.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f30.kwj b/libmspack/trunk/test/test_files/kwajd/f30.kwj
+new file mode 100644
+index 0000000..e2b452e
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f30.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f31.kwj b/libmspack/trunk/test/test_files/kwajd/f31.kwj
+new file mode 100644
+index 0000000..05e0ce1
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f31.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f32.kwj b/libmspack/trunk/test/test_files/kwajd/f32.kwj
+new file mode 100644
+index 0000000..96a5739
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f32.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f33.kwj b/libmspack/trunk/test/test_files/kwajd/f33.kwj
+new file mode 100644
+index 0000000..935d6df
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f33.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f34.kwj b/libmspack/trunk/test/test_files/kwajd/f34.kwj
+new file mode 100644
+index 0000000..d7084c5
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f34.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f40.kwj b/libmspack/trunk/test/test_files/kwajd/f40.kwj
+new file mode 100644
+index 0000000..64cfc84
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f40.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f41.kwj b/libmspack/trunk/test/test_files/kwajd/f41.kwj
+new file mode 100644
+index 0000000..657177a
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f41.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f42.kwj b/libmspack/trunk/test/test_files/kwajd/f42.kwj
+new file mode 100644
+index 0000000..6ff2b22
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f42.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f43.kwj b/libmspack/trunk/test/test_files/kwajd/f43.kwj
+new file mode 100644
+index 0000000..52c6c10
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f43.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f44.kwj b/libmspack/trunk/test/test_files/kwajd/f44.kwj
+new file mode 100644
+index 0000000..bc4d510
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f44.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f50.kwj b/libmspack/trunk/test/test_files/kwajd/f50.kwj
+new file mode 100644
+index 0000000..31bf367
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f50.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f51.kwj b/libmspack/trunk/test/test_files/kwajd/f51.kwj
+new file mode 100644
+index 0000000..c63c061
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f51.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f52.kwj b/libmspack/trunk/test/test_files/kwajd/f52.kwj
+new file mode 100644
+index 0000000..9ab9716
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f52.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f53.kwj b/libmspack/trunk/test/test_files/kwajd/f53.kwj
+new file mode 100644
+index 0000000..e973626
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f53.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f54.kwj b/libmspack/trunk/test/test_files/kwajd/f54.kwj
+new file mode 100644
+index 0000000..f3b2887
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f54.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f60.kwj b/libmspack/trunk/test/test_files/kwajd/f60.kwj
+new file mode 100644
+index 0000000..af39e58
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f60.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f61.kwj b/libmspack/trunk/test/test_files/kwajd/f61.kwj
+new file mode 100644
+index 0000000..a8d6278
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f61.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f62.kwj b/libmspack/trunk/test/test_files/kwajd/f62.kwj
+new file mode 100644
+index 0000000..225f8df
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f62.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f63.kwj b/libmspack/trunk/test/test_files/kwajd/f63.kwj
+new file mode 100644
+index 0000000..50f7980
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f63.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f64.kwj b/libmspack/trunk/test/test_files/kwajd/f64.kwj
+new file mode 100644
+index 0000000..84c2679
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f64.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f70.kwj b/libmspack/trunk/test/test_files/kwajd/f70.kwj
+new file mode 100644
+index 0000000..3507550
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f70.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f71.kwj b/libmspack/trunk/test/test_files/kwajd/f71.kwj
+new file mode 100644
+index 0000000..92c2141
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f71.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f72.kwj b/libmspack/trunk/test/test_files/kwajd/f72.kwj
+new file mode 100644
+index 0000000..a2e57ab
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f72.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f73.kwj b/libmspack/trunk/test/test_files/kwajd/f73.kwj
+new file mode 100644
+index 0000000..77b1cad
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f73.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f74.kwj b/libmspack/trunk/test/test_files/kwajd/f74.kwj
+new file mode 100644
+index 0000000..a760b8e
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f74.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f80.kwj b/libmspack/trunk/test/test_files/kwajd/f80.kwj
+new file mode 100644
+index 0000000..b2e106f
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f80.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f81.kwj b/libmspack/trunk/test/test_files/kwajd/f81.kwj
+new file mode 100644
+index 0000000..6f5bddd
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f81.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f82.kwj b/libmspack/trunk/test/test_files/kwajd/f82.kwj
+new file mode 100644
+index 0000000..eea7493
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f82.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f83.kwj b/libmspack/trunk/test/test_files/kwajd/f83.kwj
+new file mode 100644
+index 0000000..161a940
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f83.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f84.kwj b/libmspack/trunk/test/test_files/kwajd/f84.kwj
+new file mode 100644
+index 0000000..d0e0233
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f84.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f90.kwj b/libmspack/trunk/test/test_files/kwajd/f90.kwj
+new file mode 100644
+index 0000000..8605aca
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f90.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f91.kwj b/libmspack/trunk/test/test_files/kwajd/f91.kwj
+new file mode 100644
+index 0000000..2fadfc7
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f91.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f92.kwj b/libmspack/trunk/test/test_files/kwajd/f92.kwj
+new file mode 100644
+index 0000000..c8a99ae
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f92.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f93.kwj b/libmspack/trunk/test/test_files/kwajd/f93.kwj
+new file mode 100644
+index 0000000..559faa9
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f93.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/f94.kwj b/libmspack/trunk/test/test_files/kwajd/f94.kwj
+new file mode 100644
+index 0000000..c52dfeb
+Binary files /dev/null and b/libmspack/trunk/test/test_files/kwajd/f94.kwj differ
+diff --git a/libmspack/trunk/test/test_files/kwajd/make.pl b/libmspack/trunk/test/test_files/kwajd/make.pl
+new file mode 100755
+index 0000000..ae73038
+--- /dev/null
++++ b/libmspack/trunk/test/test_files/kwajd/make.pl
+@@ -0,0 +1,17 @@
++#!/usr/bin/perl -w
++use strict;
++my $name = '123456789';
++for my $file (0 .. 9) {
++    for my $ext (0 .. 4) {
++	open my $fh, '>', "f$file$ext.kwj";
++        my $offset = 14  + $file + $ext;
++	my $flags  = ($file > 0 ? 8 : 0) | ($ext > 0 ? 16 : 0);
++	print $fh pack 'A4Vvvv', 'KWAJ', 0xD127F088, 0, $offset, $flags;
++	print $fh substr $name, 0, $file if $file > 0;
++	print $fh "\0" if $file > 0 && $file < 9;
++	print $fh substr $name, 0, $ext if $ext > 0;
++	print $fh "\0" if $ext > 0 && $ext < 4;
++        print $fh "\xFF";
++	close $fh;
++    }
++}
+-- 
+2.18.0
+
diff --git a/SOURCES/0003-Fix-off-by-one-error-in-chmd-TOLOWER-fallback.patch b/SOURCES/0003-Fix-off-by-one-error-in-chmd-TOLOWER-fallback.patch
new file mode 100644
index 0000000..931b6af
--- /dev/null
+++ b/SOURCES/0003-Fix-off-by-one-error-in-chmd-TOLOWER-fallback.patch
@@ -0,0 +1,26 @@
+From 8d40fbabead00847199af114fdc91f3f9a1ab397 Mon Sep 17 00:00:00 2001
+From: Stuart Caie <kyzer@cabextract.org.uk>
+Date: Tue, 6 Feb 2018 23:17:30 +0000
+Subject: [PATCH 3/3] Fix off-by-one error in chmd TOLOWER() fallback
+
+(cherry picked from commit 4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8)
+---
+ libmspack/trunk/mspack/chmd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libmspack/trunk/mspack/chmd.c b/libmspack/trunk/mspack/chmd.c
+index b799154..cea9fc2 100644
+--- a/libmspack/trunk/mspack/chmd.c
++++ b/libmspack/trunk/mspack/chmd.c
+@@ -834,7 +834,7 @@ static int search_chunk(struct mschmd_header *chm,
+ # endif
+ # define TOLOWER(x) tolower(x)
+ #else
+-# define TOLOWER(x) (((x)<0||(x)>256)?(x):mspack_tolower_map[(x)])
++# define TOLOWER(x) (((x)<0||(x)>255)?(x):mspack_tolower_map[(x)])
+ /* Map of char -> lowercase char for the first 256 chars. Generated with:
+  * LC_CTYPE=en_GB.utf-8 perl -Mlocale -le 'print map{ord(lc chr).","} 0..255'
+  */
+-- 
+2.18.0
+
diff --git a/SPECS/libmspack.spec b/SPECS/libmspack.spec
index 46709b2..deae7ac 100644
--- a/SPECS/libmspack.spec
+++ b/SPECS/libmspack.spec
@@ -1,6 +1,6 @@
 Name:           libmspack
 Version:        0.5
-Release:        0.5.alpha%{?dist}
+Release:        0.6.alpha%{?dist}
 Summary:        Library for CAB and related files compression and decompression
 
 Group:          System Environment/Libraries
@@ -10,6 +10,18 @@ Source0:        http://www.cabextract.org.uk/libmspack/%{name}-%{version}alpha.t
 Patch0:         %{name}-0.4alpha-doc.patch
 BuildRequires:  doxygen
 
+# Fixes for CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682
+Patch1:         0001-Fix-off-by-one-bounds-check-on-CHM-PMGI-PMGL-chunk-n.patch
+Patch2:         0002-kwaj_read_headers-fix-handling-of-non-terminated-str.patch
+Patch3:         0003-Fix-off-by-one-error-in-chmd-TOLOWER-fallback.patch
+
+# Patch 2 has a bunch of binary files that cannot be applied using
+# plain patch.  So I removed them and packaged them separately in this
+# source tarball.
+Source2:        kwajd.tar.gz
+
+# We need to rerun autotools after applying the patches above.
+BuildRequires:  autoconf, automake, libtool
 
 %description
 The purpose of libmspack is to provide both compression and decompression of
@@ -29,9 +41,17 @@ for developing applications that use %{name}.
 %prep
 %setup -q -n %{name}-%{version}alpha
 %patch0 -p1
+%patch1 -p3
+%patch2 -p3
+%patch3 -p3
+pushd test
+zcat %{SOURCE2} | tar xvf -
+popd
 
 chmod a-x mspack/mspack.h
 
+autoreconf -i
+
 
 %build
 CFLAGS="%{optflags} -fno-strict-aliasing" \
@@ -71,6 +91,10 @@ popd
 
 
 %changelog
+* Thu Aug  2 2018 Richard W.M. Jones <rjones@redhat.com> - 0.5-0.6.alpha
+- Fixes for CVE-2018-14679 CVE-2018-14680 CVE-2018-14681 CVE-2018-14682
+- resolves: rhbz#1611550 rhbz#1611551 rhbz#1611552 rhbz#1611553
+
 * Thu Mar 16 2017 Richard W.M. Jones <rjones@redhat.com> - 0.5-0.5.alpha
 - Remove ExclusiveArch
   resolves: rhbz#1422266