non port: archivers/cabextract/distinfo |
Number of commits found: 21 |
Tuesday, 21 Mar 2023
|
19:19 Po-Chuan Hsieh (sunpoet)
archivers/cabextract: Update to 1.11
- Update WWW
- Reformat pkg-descr
Changes: https://github.com/kyz/libmspack/blob/master/cabextract/NEWS
d4898f6 |
Saturday, 6 Apr 2019
|
14:42 sunpoet
Update to 1.9.1
- Add my LOCAL to MASTER_SITES
- Simplify PORTDOCS installation
Changes: https://www.cabextract.org.uk/#changes
|
Tuesday, 6 Nov 2018
|
15:00 sunpoet
Update distinfo
- Bump PORTREVISION for package change
Upstream rerolled the tarball.
Around 5,000 lines of differences are tab/space changes.
The original tarball is available at
https://people.freebsd.org/~sunpoet/cabextract/cabextract-1.9.tar.gz
The diff -bru result is available at
https://people.freebsd.org/~sunpoet/cabextract/cabextract.diff
|
Monday, 5 Nov 2018
|
21:43 sunpoet
Update to 1.9
- Convert to options target helper
Changes: https://www.cabextract.org.uk/#changes
|
Monday, 22 Oct 2018
|
19:08 sunpoet
Update to 1.8
Changes: https://www.cabextract.org.uk/#changes
|
Sunday, 29 Jul 2018
|
19:09 sunpoet
Update to 1.7
- Update MASTER_SITES
Changes: https://www.cabextract.org.uk/#changes
|
Monday, 1 Jun 2015
|
06:04 delphij
Security update to 1.6
PR: 198955
Security: cc7548ef-06e1-11e5-8fda-002590263bf5
Security: CVE-2014-9556
Security: cfb12f02-06e1-11e5-8fda-002590263bf5
Security: CVE-2015-2060
Submitted by: Jason Unovitch <jason unovitch gmail com>
Reported by: Sevan Janiyan <venture37 geeklan co uk>
Approved by: maintainer timeout
MFH: 2015Q2
|
Saturday, 11 Jun 2011
|
21:04 gabor
- Update to 1.4
|
Friday, 18 Mar 2011
|
17:59 miwi
- Get Rid MD5 support
With hat: portmgr (myself)
|
Thursday, 29 Jul 2010
|
22:45 gabor
Update to 1.3, which fixes two security bugs. Detailed description
from the author follows.
Bug 1: Infinite loop in MS-ZIP decoder [1]
The MS-ZIP and Quantum decoders read bits in roughly the same way as the LZX
decoder, however they don't have "inject two fake bytes" code.
In the situation where read() provides zero bytes, e.g. at the end of file or
end of a CAB block, the LZX decoder handles this by injecting two fake bytes,
then returns an error on subsequent calls. MS-ZIP and Quantum instead return
zero bytes without error. However, all three decoders are written to presume
they will get at least one byte. So this could lead to an infinite loop in
MS-ZIP and Quantum. An infinite loop has definitely been seen in MS-ZIP -
there is a while loop in inflate() of an uncompressed block (block type 0)
which won't end until enough input is provided.
Partial solution: change "if (read < 0)" to "if (read <= 0)" in mszipd.c and
qtmd.c.
-
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90
However, this breaks compatibility with a number of MS-ZIP/Quantum encoded
files. A full solution would be to implement the same bit-reading system as
LZX. I've done this now, merging all the bit-reading and huffman-reading
code into two new files; readbits.h and readhuff.h
-
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
There are several further changes made to integrate readbits.h and readhuff.h,
I recommend you look at the latest version in the source repository.
- http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/
Bug 2: Segmentation fault in "cabextract -t"
This bug may not affect you, depending on your implementation of
mspack_system->write(). It does cause a segfault in cabextract's
cabx_write() in "-t" (test archive) mode.
In the Quantum decoder, when the window wrap is reached, all currently
unwritten data is flushed to disk. Sometimes, less data is needed than
is flushed, which makes the variable out_bytes negative.
When the main decoding loop finishes, a final call to write() is made if
out_bytes is not zero. In that situation, it calls mspack_system->write() with
a negative byte count, e.g. -129 bytes. You should reject this. In
cabextract's "-t" mode, this is not caught, but instead converted to an
unsigned integer and passed to md5_process_bytes(), which tries to
read e.g. 4294967167 bytes, causing it to read beyond the end of
valid process space and thus segfault.
Solution:
- Break out to the end of the decoding loop immediately if the flush would be
more than needed.
http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
- Add checking of the "bytes" argument in mspack_system read() / write()
implementations, just to be sure.
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118
Security: SA40719 [1]
|
Tuesday, 2 Jan 2007
|
21:12 gabor
- Update to 1.2
- Remove unnecessary patch
- Style
Approved by: erwin (mentor)
|
Wednesday, 23 Nov 2005
|
23:37 pav
- Add SHA256
|
Saturday, 23 Oct 2004
|
08:35 okazaki
Update to version 1.1.
PR: 72817
Submitted by: KATO Tsuguru
|
Tuesday, 16 Mar 2004
|
13:14 krion
- Update to version 1.0
PR: ports/64328
Submitted by: Ports Fury
|
Tuesday, 27 Jan 2004
|
20:51 trevor
Add SIZE.
|
Friday, 30 Aug 2002
|
12:08 sobomax
Update to 0.6.
PR: 41729
Submitted by: Ports Fury
|
Monday, 27 Aug 2001
|
09:35 sobomax
Update to 0.5.
|
Monday, 20 Aug 2001
|
09:13 sobomax
Update to 0.4.
|
Tuesday, 7 Aug 2001
|
12:57 sobomax
Update to 0.3.
|
Tuesday, 6 Mar 2001
|
13:29 sobomax
Update to 0.2.
|
Thursday, 30 Nov 2000
|
14:21 sobomax
Add cabextract - a program to extract Microsoft cabinet (.CAB) files.
|
Number of commits found: 21 |