aboutsummaryrefslogtreecommitdiffstats
path: root/archivers/cabextract
Commit message (Collapse)AuthorAgeFilesLines
* Security update to 1.6delphij2015-06-012-3/+3
| | | | | | | | | | | | PR: 198955 Security: cc7548ef-06e1-11e5-8fda-002590263bf5 Security: CVE-2014-9556 Security: cfb12f02-06e1-11e5-8fda-002590263bf5 Security: CVE-2015-2060 Submitted by: Jason Unovitch <jason unovitch gmail com> Reported by: Sevan Janiyan <venture37 geeklan co uk> Approved by: maintainer timeout MFH: 2015Q2
* - Add CPE infoamdmi32015-04-171-0/+2
| | | | | | - Add LICENSE_FILE Approved by: portmgr blanket
* Support stagebapt2013-12-271-15/+9
|
* Add NO_STAGE all over the place in preparation for the staging support (cat: ↵bapt2013-09-201-0/+1
| | | | archivers)
* - Trim Makefile header per new bylawsdanfe2012-12-211-11/+13
| | | | | | | | | - Drop indefinite article from COMMENT - Define LICENSE (and remove COPYING from portdocs) - Unmute installation commands - Convert NOPORTDOCS -> PORT_OPTIONS:MDOCS Approved by: maintainer (gabor)
* - Update to 1.4gabor2011-06-122-3/+3
|
* - Get Rid MD5 supportmiwi2011-03-191-1/+0
| | | | With hat: portmgr (myself)
* Update to 1.3, which fixes two security bugs. Detailed descriptiongabor2010-07-302-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the author follows. Bug 1: Infinite loop in MS-ZIP decoder [1] The MS-ZIP and Quantum decoders read bits in roughly the same way as the LZX decoder, however they don't have "inject two fake bytes" code. In the situation where read() provides zero bytes, e.g. at the end of file or end of a CAB block, the LZX decoder handles this by injecting two fake bytes, then returns an error on subsequent calls. MS-ZIP and Quantum instead return zero bytes without error. However, all three decoders are written to presume they will get at least one byte. So this could lead to an infinite loop in MS-ZIP and Quantum. An infinite loop has definitely been seen in MS-ZIP - there is a while loop in inflate() of an uncompressed block (block type 0) which won't end until enough input is provided. Partial solution: change "if (read < 0)" to "if (read <= 0)" in mszipd.c and qtmd.c. - http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90 However, this breaks compatibility with a number of MS-ZIP/Quantum encoded files. A full solution would be to implement the same bit-reading system as LZX. I've done this now, merging all the bit-reading and huffman-reading code into two new files; readbits.h and readhuff.h - http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95 There are several further changes made to integrate readbits.h and readhuff.h, I recommend you look at the latest version in the source repository. - http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/ Bug 2: Segmentation fault in "cabextract -t" This bug may not affect you, depending on your implementation of mspack_system->write(). It does cause a segfault in cabextract's cabx_write() in "-t" (test archive) mode. In the Quantum decoder, when the window wrap is reached, all currently unwritten data is flushed to disk. Sometimes, less data is needed than is flushed, which makes the variable out_bytes negative. When the main decoding loop finishes, a final call to write() is made if out_bytes is not zero. In that situation, it calls mspack_system->write() with a negative byte count, e.g. -129 bytes. You should reject this. In cabextract's "-t" mode, this is not caught, but instead converted to an unsigned integer and passed to md5_process_bytes(), which tries to read e.g. 4294967167 bytes, causing it to read beyond the end of valid process space and thus segfault. Solution: - Break out to the end of the decoding loop immediately if the flush would be more than needed. http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113 - Add checking of the "bytes" argument in mspack_system read() / write() implementations, just to be sure. http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118 Security: SA40719 [1]
* - Remove USE_GETOPT_LONG which is a no-op since March 2007pav2008-03-201-1/+0
|
* Update MASTER_SITE and description to point to the new home page.sobomax2007-08-082-3/+7
| | | | Submitted by: Stuart Caie (author)
* - Update to 1.2gabor2007-01-033-133/+17
| | | | | | | - Remove unnecessary patch - Style Approved by: erwin (mentor)
* Change my e-mail address.gabor2006-12-081-1/+1
| | | | Approved by: erwin (mentor)
* - Don't override CONFIGURE_TARGET, it compiles without thaterwin2006-09-111-4/+8
| | | | | | | | | | - Add some more PORTDOCS - Respect MAN1PREFIX - Bump PORTREVISION - Take maintainership PR: 103103 Submitted by: Gabor Kovesdan <gabor@FreeBSD.org>
* - Add SHA256pav2005-11-241-0/+1
|
* At Kris's request, back out the MACHINE_ARCH spelling correction untilobrien2005-04-121-1/+1
| | | | after 5.4-RELEASE.
* Assist getting more ports working on AMD64 by obeying theobrien2005-04-111-1/+1
| | | | Ports Collection documentation and use 'ARCH' rather than 'MACHINE_ARCH'.
* Update to version 1.1.okazaki2004-10-234-4/+124
| | | | | PR: 72817 Submitted by: KATO Tsuguru
* - Update to version 1.0krion2004-03-162-6/+18
| | | | | PR: ports/64328 Submitted by: Ports Fury
* Use PLIST_FILES.trevor2004-02-062-1/+1
| | | | Reviewed by: marcus
* Add SIZE.trevor2004-01-281-0/+1
|
* Let be hohest: I really don't have a time now to properly maintain allsobomax2003-07-291-1/+1
| | | | | these great pieces of software, so that let others with more free time to take over them.
* get rid of libgnugetopt dependency for -CURRENT,sf2003-07-141-4/+2
| | | | use USE_GETOPT_LONG instead.
* Clear moonlight beckons.ade2003-03-072-1/+1
| | | | | | | Requiem mors pacem pkg-comment, And be calm ports tree. E Nomini Patri, E Fili, E Spiritu Sancti.
* Update to 0.6.sobomax2002-08-303-18/+4
| | | | | PR: 41729 Submitted by: Ports Fury
* Update to 0.5.sobomax2001-08-273-13/+13
| | | | Submitted by: petef
* Update to 0.4.sobomax2001-08-203-17/+6
|
* Update to 0.3.sobomax2001-08-073-2/+31
|
* Update to 0.2.sobomax2001-03-062-16/+4
|
* Add cabextract - a program to extract Microsoft cabinet (.CAB) files.sobomax2000-11-305-0/+37