head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.32 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.30 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.28 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.26 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.24 pkgsrc-2009Q4-base:1.6 pkgsrc-2008Q4:1.6.0.22 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.20 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.18 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.16 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.14 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.12 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.10 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.8 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.6 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.6.0.4 pkgsrc-2006Q4-base:1.6 pkgsrc-2006Q3:1.6.0.2 pkgsrc-2006Q3-base:1.6 pkgsrc-2006Q2:1.5.0.14 pkgsrc-2006Q2-base:1.5 pkgsrc-2006Q1:1.5.0.12 pkgsrc-2006Q1-base:1.5 pkgsrc-2005Q4:1.5.0.10 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.5.0.8 pkgsrc-2005Q3-base:1.5 pkgsrc-2005Q2:1.5.0.6 pkgsrc-2005Q2-base:1.5 pkgsrc-2005Q1:1.5.0.4 pkgsrc-2005Q1-base:1.5 pkgsrc-2004Q4:1.5.0.2 pkgsrc-2004Q4-base:1.5 pkgsrc-2004Q3:1.4.0.6 pkgsrc-2004Q3-base:1.4 pkgsrc-2004Q2:1.4.0.4 pkgsrc-2004Q2-base:1.4 pkgsrc-2004Q1:1.4.0.2 pkgsrc-2004Q1-base:1.4 pkgsrc-2003Q4:1.3.0.4 pkgsrc-2003Q4-base:1.3 netbsd-1-6-1:1.3.0.2 netbsd-1-6-1-base:1.3 netbsd-1-6:1.1.0.8 netbsd-1-6-RELEASE-base:1.1 pkgviews:1.1.0.4 pkgviews-base:1.1 buildlink2-base:1.2 buildlink2:1.1.0.2; locks; strict; comment @# @; 1.6 date 2006.09.23.13.02.17; author ben; state dead; branches; next 1.5; 1.5 date 2004.10.28.10.35.56; author wiz; state Exp; branches 1.5.14.1; next 1.4; 1.4 date 2004.03.10.23.08.46; author ben; state dead; branches 1.4.6.1; next 1.3; 1.3 date 2002.08.25.21.49.02; author jlam; state Exp; branches; next 1.2; 1.2 date 2002.08.21.16.18.52; author dillo; state Exp; branches; next 1.1; 1.1 date 2002.05.10.10.01.10; author itohy; state Exp; branches 1.1.2.1; next ; 1.5.14.1 date 2006.09.23.14.47.46; author salo; state dead; branches; next ; 1.4.6.1 date 2004.11.02.10.33.50; author agc; state Exp; branches; next ; 1.1.2.1 date 2002.05.10.10.01.10; author jlam; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2002.06.23.18.37.21; author jlam; state Exp; branches; next 1.1.2.3; 1.1.2.3 date 2002.08.21.22.42.02; author jlam; state Exp; branches; next ; desc @@ 1.6 log @Update cabextract to version 1.2. Notable changes include: * The "-t" archive integrity checking option has been added. This was requested by several users. cabextract can unpack cabinet files and give you MD5 checksums of the files inside, without writing the unpacked files to disk. * Large files (more than 2 gigabytes) are now correctly searched for cabinet files. * A security vulnerability has been fixed. Files compressed with the Quantum method, using a window size less than 32768 bytes, could cause cabextract to write beyond the end of the window and cause a segmentation fault. This fix also permits cabextract to unpack this type of cabinet file (of which only one has been found in the wild) correctly. * The unnecessary GNU source mempcpy.c, which caused compilation failures on several systems, was removed. * An off-by-one error introduced in 1.1's UTF-8 decoder was fixed. Files with UTF-8 filenames can now be extracted. The UTF-8 decoder was also upgraded to support the latest Unicode characer maps. @ text @$NetBSD: patch-aa,v 1.5 2004/10/28 10:35:56 wiz Exp $ --- mempcpy.c.orig 2004-07-16 16:07:01.000000000 +0200 +++ mempcpy.c @@@@ -29,7 +29,13 @@@@ Copies @@var{length} bytes from memory re */ -#include +#include +#ifndef PTR +#define PTR void* +#endif +#ifndef PARAMS +#define PARAMS(x) x +#endif #ifdef ANSI_PROTOTYPES #include #else @ 1.5 log @Update to 1.1: * A security vulnerability has been fixed. If the files within a cabinet file include "../" in their filenames, this will be changed to "xx/", so cabinets cannot access the parent directory of where you want to extract them. * cabextract should now compile cleanly on AIX and Cygwin. @ text @d1 1 a1 1 $NetBSD$ @ 1.5.14.1 log @Pullup ticket 1832 - requested by ben security update for cabextract Revisions pulled up: - pkgsrc/archivers/cabextract/Makefile 1.17 - pkgsrc/archivers/cabextract/distinfo 1.9 - pkgsrc/archivers/cabextract/patches/patch-aa removed - pkgsrc/archivers/cabextract/patches/patch-ab removed Module Name: pkgsrc Committed By: ben Date: Sat Sep 23 13:02:17 UTC 2006 Modified Files: pkgsrc/archivers/cabextract: Makefile distinfo Removed Files: pkgsrc/archivers/cabextract/patches: patch-aa patch-ab Log Message: Update cabextract to version 1.2. Notable changes include: * The "-t" archive integrity checking option has been added. This was requested by several users. cabextract can unpack cabinet files and give you MD5 checksums of the files inside, without writing the unpacked files to disk. * Large files (more than 2 gigabytes) are now correctly searched for cabinet files. * A security vulnerability has been fixed. Files compressed with the Quantum method, using a window size less than 32768 bytes, could cause cabextract to write beyond the end of the window and cause a segmentation fault. This fix also permits cabextract to unpack this type of cabinet file (of which only one has been found in the wild) correctly. * The unnecessary GNU source mempcpy.c, which caused compilation failures on several systems, was removed. * An off-by-one error introduced in 1.1's UTF-8 decoder was fixed. Files with UTF-8 filenames can now be extracted. The UTF-8 decoder was also upgraded to support the latest Unicode characer maps. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.5 2004/10/28 10:35:56 wiz Exp $ @ 1.4 log @This patch is not needed by cabextract 1.0, remove it. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.3 2002/08/25 21:49:02 jlam Exp $ d3 3 a5 5 --- cabextract.c.orig Mon Aug 12 03:39:05 2002 +++ cabextract.c @@@@ -51,6 +51,7 @@@@ #ifdef HAVE_CONFIG_H #include d7 1 a7 2 +#include #include /* everyone has this! */ d9 11 a19 1 #ifdef HAVE_SYS_TYPES_H @ 1.4.6.1 log @Security Pullup - requested by Grant Beattie and Havard Eidnes security fix for cabextract Module Name: pkgsrc Committed By: wiz Date: Thu Oct 28 10:35:56 UTC 2004 Modified Files: pkgsrc/archivers/cabextract: Makefile distinfo Added Files: pkgsrc/archivers/cabextract/patches: patch-aa Log Message: Update to 1.1: * A security vulnerability has been fixed. If the files within a cabinet file include "../" in their filenames, this will be changed to "xx/", so cabinets cannot access the parent directory of where you want to extract them. * cabextract should now compile cleanly on AIX and Cygwin. ---- Module Name: pkgsrc Committed By: tv Date: Fri Oct 29 14:31:27 UTC 2004 Modified Files: pkgsrc/archivers/cabextract: distinfo Added Files: pkgsrc/archivers/cabextract/patches: patch-ab Log Message: Make build on Interix (and possibly AIX). mempcpy() is not actually used anywhere, yet configure.ac declared an AC_REPLACE_FUNCS() for it. Rip out the offending code from configure until it is rebuilt at the source. (Patch to remove the AC_REPLACE_FUNCS submitted to author.) @ text @d1 1 a1 1 $NetBSD$ d3 5 a7 3 --- mempcpy.c.orig 2004-07-16 16:07:01.000000000 +0200 +++ mempcpy.c @@@@ -29,7 +29,13 @@@@ Copies @@var{length} bytes from memory re d9 2 a10 1 */ d12 1 a12 11 -#include +#include +#ifndef PTR +#define PTR void* +#endif +#ifndef PARAMS +#define PARAMS(x) x +#endif #ifdef ANSI_PROTOTYPES #include #else @ 1.3 log @Merge packages from the buildlink2 branch back into the main trunk that have been converted to USE_BUILDLINK2. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1.2.2 2002/08/21 22:42:02 jlam Exp $ @ 1.2 log @upgrade to 0.6 changes since 0.5: * pkgsrc fixes for 0.5 integrated * support for the Quantum compression method reverse-engineered by Matthew Russotto * cabextract now exhaustively searches your files for cabinets. If there's more than one cabinet in the same file, cabextract will find those too. * Spanning cabinets sets contain both a 'next' and 'previous' cabinet name. cabextract now searches backwards through the cabinet chain to find the start of a cabinet set, before searching in the forwards direction as usual. @ text @d1 1 a1 1 $NetBSD$ @ 1.1 log @Fixes: - Do not compute a pointer outside of an array. The original code did this and if the executable is mapped at the low address in virtual space, the "runsrc" value becomes ``negative'' address and caused crash. Package maintainers should use a.out to detect this sort of botches. :D - Fix usage of mktime(3). - Fix usage of tolower(3). Changes: - Honor umask for file mode. - Add a hack to handle self-extracting cabinet (*.exe). @ text @d3 3 a5 3 --- cabextract.c.orig Mon Aug 20 17:06:11 2001 +++ cabextract.c Fri May 10 10:19:42 2002 @@@@ -50,6 +50,7 @@@@ a12 119 @@@@ -1434,14 +1435,25 @@@@ } rundest = window + window_posn; - runsrc = rundest - match_offset; - window_posn += match_length; this_run -= match_length; /* copy any wrapped around source data */ - while ((runsrc < window) && (match_length-- > 0)) { - *rundest++ = *(runsrc + window_size); runsrc++; + if (window_posn >= match_offset) { + /* no wrap */ + runsrc = rundest - match_offset; + } else { + int copy_length; + runsrc = rundest + (window_size - match_offset); + copy_length = match_offset - window_posn; + if (copy_length < match_length) { + match_length -= copy_length; + window_posn += copy_length; + while (copy_length-- > 0) *rundest++ = *runsrc++; + runsrc = window; + } } + window_posn += match_length; + /* copy match data - no worries about destination wraps */ while (match_length-- > 0) *rundest++ = *runsrc++; @@@@ -1514,14 +1526,25 @@@@ } rundest = window + window_posn; - runsrc = rundest - match_offset; - window_posn += match_length; this_run -= match_length; /* copy any wrapped around source data */ - while ((runsrc < window) && (match_length-- > 0)) { - *rundest++ = *(runsrc + window_size); runsrc++; + if (window_posn >= match_offset) { + /* no wrap */ + runsrc = rundest - match_offset; + } else { + int copy_length; + runsrc = rundest + (window_size - match_offset); + copy_length = match_offset - window_posn; + if (copy_length < match_length) { + match_length -= copy_length; + window_posn += copy_length; + while (copy_length-- > 0) *rundest++ = *runsrc++; + runsrc = window; + } } + window_posn += match_length; + /* copy match data - no worries about destination wraps */ while (match_length-- > 0) *rundest++ = *runsrc++; @@@@ -1635,7 +1658,7 @@@@ d = &name[strlen(name)]; do { c = *s++; - *d++ = (c=='/') ? '\\' : ((c=='\\') ? '/' : (lower ? tolower(c) : c)); + *d++ = (c=='/') ? '\\' : ((c=='\\') ? '/' : (lower ? tolower((unsigned char) c) : c)); } while (c); /* create directories if needed, attempt to write file */ @@@@ -1655,14 +1678,17 @@@@ void file_close(struct file *fi) { struct utimbuf utb; struct tm time; + mode_t m; if (fi->fh) fclose(fi->fh); fi->fh = NULL; + m = umask(0); + (void) umask(m); chmod(fi->filename, - (mode_t) 0444 + ((mode_t) 0444 | (fi->attribs & cffile_A_EXEC ? 0111 : 0) - | (fi->attribs & cffile_A_RDONLY ? 0 : 0222) + | (fi->attribs & cffile_A_RDONLY ? 0 : 0222)) & ~m ); @@@@ -1670,8 +1696,9 @@@@ time.tm_min = (fi->time >> 5) & 0x3f; time.tm_hour = (fi->time >> 11); time.tm_mday = fi->date & 0x1f; - time.tm_mon = (fi->date >> 5) & 0xf; + time.tm_mon = ((fi->date >> 5) & 0xf) - 1; time.tm_year = (fi->date >> 9) + 80; + time.tm_isdst = -1; #ifdef HAVE_UTIME utb.actime = utb.modtime = mktime(&time); utime(fi->filename, &utb); @@@@ -1726,7 +1753,7 @@@@ char *p, c; p = strrchr(name, '/'); /* only modify the filename, not the path */ if (!p) p = name; - while ((c = *p)) *p++ = (char) tolower((int) c); + while ((c = *p)) *p++ = (char) tolower((unsigned char) c); fh = fopen(name, "rb"); if (!fh) { perror(name); return 0; } } @@@@ -1818,7 +1845,8 @@@@ * file, and the 'file offset' header isn't beyond the cabinet * length, this is a reasonable cabinet header. */ - if ((len+offset+i) < cab->filelen && foff < len) { + /* XXX 20 for self-extracting cabinet */ + if ((len+offset+i) <= cab->filelen+20 && foff < len) { cabinet_seek(cab, offset+i-20); return 1; } } @ 1.1.2.1 log @file patch-aa was added on branch buildlink2 on 2002-06-23 18:37:21 +0000 @ text @d1 131 @ 1.1.2.2 log @Merge from pkgsrc-current to buildlink2 branch. @ text @a0 131 $NetBSD: patch-aa,v 1.1.2.1 2002/06/23 18:37:21 jlam Exp $ --- cabextract.c.orig Mon Aug 20 17:06:11 2001 +++ cabextract.c Fri May 10 10:19:42 2002 @@@@ -50,6 +50,7 @@@@ #ifdef HAVE_CONFIG_H #include +#include #include /* everyone has this! */ #ifdef HAVE_SYS_TYPES_H @@@@ -1434,14 +1435,25 @@@@ } rundest = window + window_posn; - runsrc = rundest - match_offset; - window_posn += match_length; this_run -= match_length; /* copy any wrapped around source data */ - while ((runsrc < window) && (match_length-- > 0)) { - *rundest++ = *(runsrc + window_size); runsrc++; + if (window_posn >= match_offset) { + /* no wrap */ + runsrc = rundest - match_offset; + } else { + int copy_length; + runsrc = rundest + (window_size - match_offset); + copy_length = match_offset - window_posn; + if (copy_length < match_length) { + match_length -= copy_length; + window_posn += copy_length; + while (copy_length-- > 0) *rundest++ = *runsrc++; + runsrc = window; + } } + window_posn += match_length; + /* copy match data - no worries about destination wraps */ while (match_length-- > 0) *rundest++ = *runsrc++; @@@@ -1514,14 +1526,25 @@@@ } rundest = window + window_posn; - runsrc = rundest - match_offset; - window_posn += match_length; this_run -= match_length; /* copy any wrapped around source data */ - while ((runsrc < window) && (match_length-- > 0)) { - *rundest++ = *(runsrc + window_size); runsrc++; + if (window_posn >= match_offset) { + /* no wrap */ + runsrc = rundest - match_offset; + } else { + int copy_length; + runsrc = rundest + (window_size - match_offset); + copy_length = match_offset - window_posn; + if (copy_length < match_length) { + match_length -= copy_length; + window_posn += copy_length; + while (copy_length-- > 0) *rundest++ = *runsrc++; + runsrc = window; + } } + window_posn += match_length; + /* copy match data - no worries about destination wraps */ while (match_length-- > 0) *rundest++ = *runsrc++; @@@@ -1635,7 +1658,7 @@@@ d = &name[strlen(name)]; do { c = *s++; - *d++ = (c=='/') ? '\\' : ((c=='\\') ? '/' : (lower ? tolower(c) : c)); + *d++ = (c=='/') ? '\\' : ((c=='\\') ? '/' : (lower ? tolower((unsigned char) c) : c)); } while (c); /* create directories if needed, attempt to write file */ @@@@ -1655,14 +1678,17 @@@@ void file_close(struct file *fi) { struct utimbuf utb; struct tm time; + mode_t m; if (fi->fh) fclose(fi->fh); fi->fh = NULL; + m = umask(0); + (void) umask(m); chmod(fi->filename, - (mode_t) 0444 + ((mode_t) 0444 | (fi->attribs & cffile_A_EXEC ? 0111 : 0) - | (fi->attribs & cffile_A_RDONLY ? 0 : 0222) + | (fi->attribs & cffile_A_RDONLY ? 0 : 0222)) & ~m ); @@@@ -1670,8 +1696,9 @@@@ time.tm_min = (fi->time >> 5) & 0x3f; time.tm_hour = (fi->time >> 11); time.tm_mday = fi->date & 0x1f; - time.tm_mon = (fi->date >> 5) & 0xf; + time.tm_mon = ((fi->date >> 5) & 0xf) - 1; time.tm_year = (fi->date >> 9) + 80; + time.tm_isdst = -1; #ifdef HAVE_UTIME utb.actime = utb.modtime = mktime(&time); utime(fi->filename, &utb); @@@@ -1726,7 +1753,7 @@@@ char *p, c; p = strrchr(name, '/'); /* only modify the filename, not the path */ if (!p) p = name; - while ((c = *p)) *p++ = (char) tolower((int) c); + while ((c = *p)) *p++ = (char) tolower((unsigned char) c); fh = fopen(name, "rb"); if (!fh) { perror(name); return 0; } } @@@@ -1818,7 +1845,8 @@@@ * file, and the 'file offset' header isn't beyond the cabinet * length, this is a reasonable cabinet header. */ - if ((len+offset+i) < cab->filelen && foff < len) { + /* XXX 20 for self-extracting cabinet */ + if ((len+offset+i) <= cab->filelen+20 && foff < len) { cabinet_seek(cab, offset+i-20); return 1; } } @ 1.1.2.3 log @Merge from pkgsrc-current in pkgsrc/archivers. @ text @d1 1 a1 1 $NetBSD: patch-aa,v 1.1.2.2 2002/08/21 22:42:02 jlam Exp $ d3 3 a5 3 --- cabextract.c.orig Mon Aug 12 03:39:05 2002 +++ cabextract.c @@@@ -51,6 +51,7 @@@@ d13 119 @