- Fix whitespace in Makefile header
- Refactor port to ease maintenance (adopted from mail/postfix)
- Remove unnecessary patches
- Add option to install into base
PR: ports/147732
Submitted by: olli hauer <ohauer@gmx.de>
Approved by: maintainer timeout (> 14 days)
from the author follows.
Bug 1: Infinite loop in MS-ZIP decoder [1]
The MS-ZIP and Quantum decoders read bits in roughly the same way as the LZX
decoder, however they don't have "inject two fake bytes" code.
In the situation where read() provides zero bytes, e.g. at the end of file or
end of a CAB block, the LZX decoder handles this by injecting two fake bytes,
then returns an error on subsequent calls. MS-ZIP and Quantum instead return
zero bytes without error. However, all three decoders are written to presume
they will get at least one byte. So this could lead to an infinite loop in
MS-ZIP and Quantum. An infinite loop has definitely been seen in MS-ZIP -
there is a while loop in inflate() of an uncompressed block (block type 0)
which won't end until enough input is provided.
Partial solution: change "if (read < 0)" to "if (read <= 0)" in mszipd.c and
qtmd.c.
- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90
However, this breaks compatibility with a number of MS-ZIP/Quantum encoded
files. A full solution would be to implement the same bit-reading system as
LZX. I've done this now, merging all the bit-reading and huffman-reading
code into two new files; readbits.h and readhuff.h
- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95
There are several further changes made to integrate readbits.h and readhuff.h,
I recommend you look at the latest version in the source repository.
- http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/
Bug 2: Segmentation fault in "cabextract -t"
This bug may not affect you, depending on your implementation of
mspack_system->write(). It does cause a segfault in cabextract's
cabx_write() in "-t" (test archive) mode.
In the Quantum decoder, when the window wrap is reached, all currently
unwritten data is flushed to disk. Sometimes, less data is needed than
is flushed, which makes the variable out_bytes negative.
When the main decoding loop finishes, a final call to write() is made if
out_bytes is not zero. In that situation, it calls mspack_system->write() with
a negative byte count, e.g. -129 bytes. You should reject this. In
cabextract's "-t" mode, this is not caught, but instead converted to an
unsigned integer and passed to md5_process_bytes(), which tries to
read e.g. 4294967167 bytes, causing it to read beyond the end of
valid process space and thus segfault.
Solution:
- Break out to the end of the decoding loop immediately if the flush would be more than needed.
http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
- Add checking of the "bytes" argument in mspack_system read() / write() implementations, just to be sure.
http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118
Security: SA40719 [1]
* Complete overhaul of ppf_mime. Determine the MIME message boundary
using more reliable (albeit more complex) means, and special case
a lot of client behavior to allow verification of a wider variety
of messages. For display, de-code more of the MIME en-coding so that
the messages are much more readable. Use the same tricks to display
decrypted messages in ppf_mime_decrypt.
These changes have several major benefits:
a. Support for PGP/MIME messages generated by well over a dozen MUAs.
b. Support for verifying signatures on attachments, and a clear
indication that attachments are signed (or not).
c. Greatly improved readability. With the exception of text coloring
(URLs, signatures, etc.), 8-bit characters, and some types of
messages sent with format=flowed, messages displayed by the filter
are identical to the display in Alpine.
* For ppf_{decrypt|encrypt|sign|verify} add 'clear' commands so that
nothing is left behind in the "user interface" area between scripts.
For _verify, add a message indicating that we are verifying, along
with a helpful hint about delays caused by auto-key-retrieve.
- Remove stale patch
- Depend on textproc/rubygem-htmlentities as required in INSTALL - w/o it
alexandria uses just 3 book info providers instead of 10.
- Conditionally depend on ruby-image_size as specified in INSTALL
- Install alexandria.scheme via Rakefile, not manually
- Fix manpage installation path
PR: ports/148168
Submitted by: Ruslan Mahmatkhanov <cvs-src at yandex dot ru>
Approved by: mitsuru@riken.jp (maintainer, timeout - 33 days)
