Commit graph

2852 commits

Author SHA1 Message Date
taca
1d29246c6c archivers/ruby-archive-tar-minitar: update to 0.8
Update ruby-archive-tar-minitar to 0.8.

Now this package is left for compatibility and it using ruby-minitar and
ruby-minitar-cli.
2019-10-22 07:33:37 +00:00
taca
1d54dd7b88 archivers/ruby-minitar-cli: update to 0.8
Update ruby-minitar-cli to 0.8.

## 0.8 / 2019-01-05

*   Updated for compatibility with minitar 0.8

## 0.7 / 2018-02-19

*   Updated for compatibility with minitar 0.7
2019-10-22 07:30:39 +00:00
taca
7ffd1d5be3 archivers/ruby-minitar: update to 0.9
Update archivers/ruby-minitar to 0.9.

## 0.9 / 2019-09-04

*   jtappa added the ability to skip fsync with a new option to Minitar.unpack
    and Minitar::Input#extract_entry. Provide `:fsync => false` as the last
    parameter to enable. Merged from a modified version of PR [#37][].

## 0.8 / 2019-01-05

*   inkstak resolved an issue introduced in the fix for [#31][] by allowing
    spaces to be considered valid characters in strict octal handling. Octal
    conversion ignores leading spaces. Merged from a slightly modified version
    of PR [#35][].

*   dearblue contributed PR [#32][] providing an explicit call to #bytesize for
    strings that include multibyte characters. The PR has been modified to be
    compatible with older versions of Ruby and extend tests.

*   Akinori MUSHA (knu) contributed PR [#36][] that treats certain badly
    encoded regular files (with names ending in `/`) as if they were
    directories on decode.

## 0.7 / 2018-02-19

*   Fixed issue [#28][] with a modified version of PR [#29][] covering the
    security policy and position for Minitar. Thanks so much to ooooooo\_q for
    the report and an initial patch. Additional information was added as
    [#30][].

*   dearblue contributed PR [#33][] providing a fix for Minitar::Reader when
    the IO-like object does not have a `#pos` method.

*   Kevin McDermott contributed PR [#34][] so that an InvalidTarStream is
    raised if the tar header is not valid, preventing incorrect streaming of
    files from a non-tarfile. This is a minor breaking change, so the version
    has been bumped accordingly.

*   Kazuyoshi Kato contributed PR [#26][] providing support for the GNU tar
    long filename extension.

*   Addressed a potential DOS with negative size fields in tar headers
    ([#31][]). This has been handled in two ways: the size field in a tar
    header is interpreted as a strict octal value and the Minitar reader will
    raise an InvalidTarStream if the size ends up being negative anyway.
2019-10-22 07:29:24 +00:00
bsiegert
cb070cf0eb Revbump all Go packages after lang/go112 update 2019-10-18 14:58:43 +00:00
nia
f05074a515 advancecomp: Avoid compiler warnings due to redefining bswap* on NetBSD. 2019-10-04 18:08:07 +00:00
nia
aaec43fa47 advancecomp: Update to 2.1
ADVANCECOMP VERSION 2.1 2018/02
===============================

* Support ZIPs with data descriptor signature.
* Fixed a crash condition with invalid ZIP data.


ADVANCECOMP VERSION 2.0 2017/06
===============================

* Added support for reading MNG files with depth of 1, 2, and 4 bits.
* Added 64 bits binary for Windows.
* Updated to libdeflate 29-May-2017.
  From https://github.com/ebiggers/libdeflate
  at commit 1726e9e87fb6f98682dfdea2356d5ee58881fe7b.
2019-10-04 18:02:48 +00:00
micha
a2af44f69f star: Update to 1.6.1nb1
Switch to latest distfile.
Update PLIST.
Replaced MESSAGE with share/doc/star/INSTALL.pkgsrc.

Changelog
=========

Release 2019-03-29:
- libschily: the lutimens() emulation no longer returns ENOSYS in case
  that the lstat() call fails, since this error code may e.g. be
  ENAMETOOLONG and used as an important indicator for long path name
  handling.

  This bug caused incorrect behavior when star extracted long pathnames
  on a platform without utimensat().

- star: The code restructuring to openat() from Summer 2018 did not
  only cause a noticeable speed up even when not using -find, it at
  the same time resulted in a wrong error message when a file type
  was seen that is not archivable (e.g. a socket while using the USTAR
  format). The correct message was something like "Unsupported filetype",
  while the bug caused a "file not found " message. This has been fixed
  by adding a new parameter "fd" to the function stat_to_info().

- star: header.c::get_xhtype() we did forgot to initialize:

     finfo.f_devminorbits

  and

     finfo.f_xflags

  This is now done.

- star: The USTAR format now is able to create base-256 values in
  the field "t_devmajor". "t_devminor" did already support base-256.

- star: The GNU tar format now is able to create base-256 values in
  the fields "t_devmajor" and "t_devminor".

- star: The man page star.4 now mentions which fileds may have
  base-256 numbers.

- star: The man page star.4 now longer contains the doubled "field field"
  in the explanation of the added UID/GID number for ACLs.

- star: The man page star.4 now has a better description for the additional
  numeric fields in the ACL entries to prevent GNU tar from continuing
  with it's incompatible ACL implementation.

- star: New ACL reference archives for the ultra compact format, that has
  been defined together with the libachive people, have been added to the
  directory testscripts/:

  acl-nfsv4-compact-test.tar.gz
  acl-nfsv4-compact-test2.tar.gz
  acl-nfsv4-compact-test3.tar.gz
  acl-nfsv4-compact-test4.tar.gz
  acl-nfsv4-compact-test5.tar.gz

- star: Linux now uses the new <linux/fs.h> instead of <ext2/ext2_fs.h>
  to retrieve file flags.

  Thanks to a hint from Martin Matuska <martin@matuska.org> from the
  libarchive team.

- star: Support for the following new BSD Flags:

     compressed hidden offline rdonly reparse sparse system

  has been added.

  Thanks to a hint from Martin Matuska <martin@matuska.org> from the
  libarchive team.

- star: Support for the following new Linux flags:

     dirsync nocow notail projinherit topdir

  has been added.

  Thanks to a hint from Martin Matuska <martin@matuska.org> from the
  libarchive team.

- star: Support for reading non-comliant libarchive tarballs that use.

     "securedeletion" or "journal"

  instead of the documented text has been added. This was used by
  libarchive until March 20, when libarchive has been fixed. We introduce
  the above names for compatibility with old TARs created by libarchive.

- star: When an "old star" archive is read and this archive is from a system
  like FreeBSD with non-continous minor bits, star no longer warns unless
  there is a device file in the archive.

- star: unit tests: the scripts now contain

     LC_ALL=C export LC_ALL

  instead of just LC_ALL=C to make the environment exported.

- star/libstrar: The case where iconv() returns -1 and sets errno to E2BIG
  is now handled correctly.

- star: The testscripts/ directory now contains the tar test archives
  from the portability tests from Michal Gorny. Check

     http://cdrtools.sourceforge.net/private/portability-of-tar-features.html

  for an updated (to match star-1.6) variant of the results from the portability
  tests from Michal Gorny.

- star: older versions of star did not print the messages:

     "WARNING: Archive is 'xxx' compressed, trying to use the -xxx option.\n"

  in case that the option -print-artype was in use. Later versions that
  added support for more than "gzip" and "bzip2" forgot to add the same
  exception for the new compression methods. We now ommit this message
  for all compression types.

- star: Support for the "lzma" compression has been added.

- star: Support for the "freeze2" compression has been added.

- star: The compression method name list did not include the text "zstd".
  We added the missing text.

- star: The hint messages that are printed when a compressed input archive
  is not seekable did forgot to mention "lzip" and "zstd". We added the
  forgotten messages.

- star: New unit tests check whether star is able to auto-detect and auto
  decompress various compression formats.

- star: The unit tests now include the portability tests from Michal Gorny

- A new option cli=name (must be argv[1]) allows to select all
  supported command line interfaces (star, suntar, gnutar,
  pax, cpio) when called as star.

  This is needed to be able to test all command line interfaces from
  out unit tests since star is not installed in this case and a selection
  from argv[0] would not work.

- star: The version date is now "2019/03/20"

Release 2019-04-29:
- libfind/star: the verbose listing code has ben restructured to have
  the file permissions in the same string as the file type.
  This is needed to implement the POSIX pax listformat interpreter
  format %M in future.

- libfind/star: the verbose listing no longer prints "l" for mandatory
  record locking for non-directory type file, but rather only
  for plain files.

- star: The "gnutar" emulation now prints the --help output to stdout as
  GNU tar does.

- star: The gnutar.1 man page now mentions that the GNU tar
  options -g / -G did never work and it thus makes no sense to
  implement them.

- star: very outdated code in list.c has been removed.

- star: Added new unit tests for incremental backups and restores.
  This in special include tests that always fail with GNU tar
  as GNU tar is not usable and never was usable for incremental
  restores in case that the differences are more than trivial.

- star: new version date 2019-04-01

Release 2019-06-13:
- star: fixed a bug in the FIFO code that mainly happened on Linux (with
  a 1000x higher probability than it happens on Solaris). The bug was.
  caused, as a check for a flag has been done twice instead of only once
  where it could change it's value between both locations. As a.
  result, star reported "star: Implementation botch: with FIFO_MEOF"
  as the tar side of the FIFO did sometimes not wait for the FIFO_IWAIT
  state when called as "star -multivolume -tv f=... f=... ...
  For this reason, star incorrectly got a wakeup at the wrong location.

  The bug appeared in case that star -x/-t -multivol f=.. f=.. ....
  has been called with very small tar archives.

  Thanks to Heiko Eissfeldt for reporting.

- star: The FIFO code renamed the "flag" member of the "m_head" structure
  to "gflag" for better readability.

- star: The debugging code in the FIFO has been enhanced to print the
  names of the flag bits in addition to the hex values.

- star: A deadlock situation that happens once every 500000 tries on
  Linux with multi-volume archives has been fixed.

  The problem was caused by a complex condition where the get side
  of the FIFO needs to check the EOF FIFO flag and the amount of data
  available in the FIFO and then decide whether to wait for a wakeup or
  not.

  Since the EOF flag needs to be checked first, a context switch in
  the get side of the FIFO could allow the put side to set the EOF flag
  before the get side did check the fill ratio of the FIFO. This
  caused both the get side and the put side to wait for a wakeup.

  The new code introduced a new variable mp->mayoblock that is set by
  the get side before checking for EOF. This new flags allows the
  put side to know that the get side is just in a critical situation
  and lets the put side wait until mp->mayoblock is no longer set,
  which signals a stable state in the get side. This permits to
  avoid the deadlock.

- star: Note that the FIFO has been initially written as a lock free
  design in the late 1980's. This is to allow high portability to even
  older UNIX versions. The star FIFO works on all UNIX variants that
  support pipes and shared memory, which is e.g. the case for
  SunOS-4.0 from 1988. At the time the FIFO has been designed, the
  target OS did not support multi-CPU systems and problems in the
  FIFO first appeared with massively faster multi-CPU systems around
  y2000. The recently detected problems all have been triggered by a
  different context switch behavior on Linux, even though they could
  have appeared on any OS in case that many million tries are
  attempted.

- star: bumped version to 1.6.1

Release 2019-07-15:
- star: the compress unit test no longer fails on Cygwin because the
  gzip binary is compiled incorrectly and does not support LZW.
  The related test is now skipped.

  Thanks to Heiko Eissfeldt for reporting

- star: some new unit tests failed if the schilytools source tree has
  been installed in a directory with spaces in it's name.

  Thanks to Heiko Eissfeldt for reporting

- star: The unit tests for incremental backups include archives that
  include userid/groupid and username/groupname that may not be
  restorable on a different computer. We now ignore these ID meta.
  data when comparing the results.

  Thanks to Heiko Eissfeldt for reporting

- star: When comparing nanoseconds in time stamps, star now has a mode
  that treats time stamps as equal in case that tv_nsec % 100 == 0
  and the rest of the nano seconds is equal. This is needd on Cygwin
  since NTFS counts in 1/10 microseconds since Januar 1 1601.

  This applies to both star -diff and the "newer" check while extracting
  files.

  Thanks to Heiko Eissfeldt for reporting

- star: a new option diffopts=dnlink has been implemented to support
  filesystems that do not follow the historic UNIX model for hard links
  on directories.

  Since Cygwin usually has a linkcount of 1 on directories, you need
  to use "star -diff diffopts=!dnlink ..." if you like to diff the
  meta data from a historical UNIX filesystem.

  Thanks to Heiko Eissfeldt for reporting

- star: The incremental backup/restore tests now use.
  "star -diff diffopts=!dnlink ..." to make them work on Cygwin.

  Thanks to Heiko Eissfeldt for reporting

- star: star -c -H exustar -acl -xattr-linux .
  did cause file not found messages from the attempt to archive the
  Linux xattrs. This was caused by a change from July 2018 when trying to
  optimize directory access in (non-find) create mode. The call to read
  the Linux xattrs has now been moved to the location where in former
  times the ACL code has already been moved.

  The move is needed because there is no ACL/XATTR related function
  that is similar to openat().

- star: A similar problem with get_xattr() did exist with star -diff

- star: star -diff did not compare ACLs since getinfo() no longer
  includes a call to get_acl(). We now call get_xattr() and get_acl()
  in diff.c

- star: The Solaris ACL interface now implelements lacl() / lacl_get() /
  lacl_set() to support very long pathnames with ACLs.

- star: The Linux ACL interface now implelements lacl_get_file() /
  lacl_set_file() to support very long pathnames with ACLs on platforms
  that implement the withdrawn POSIX ACL draft.

- star: The Linux xattr interface now implelements.
  llgetxattr() / llsetxattr() / lllistxattr() to support very long
  pathnames with Linux xattrs.

- star: New version date

Release 2019-07-22:
- star: "pax -pe" no longer sets the variable "doxattr" as this caused
  an error message:

     "NFSv4 extended attribute files are not yet supported.\n"

  that caused the OpenSolaris-ON "nightly" compilation to abort as a
  result of that error and exit code != 0.

Release 2019-08-13:
- libschily: Various functions and *at() emulation functions call stat()
  even though the caller does not know about that call.

  This could cause a missbehavior in case that a file returns EOVERFLOW
  with a normal stat(). We now compile these functions in unconditional
  large file mode to overcome that problem.

  The affected files are:

  diropen.c lutimens.c findinpath.c linkat.c mkdirs.c searchinpath.c
  resolvepath.c  lchmod.c renameat.c.

  Note that this problem affected star(1) on platforms that do not
  fully implement all *at() interfaces, since star started to support
  really long path names in July 2018.

- star: Star did not compile on platforms without ACLs anymore since
  we did rearrange the code with schilytools 2019-07-15.

  We now have the needed #undef USE_ACL in diff.c as well.

  Thanks to Dennis Clarke for reporting.

- star: Avoid a warning when a star -dump archive is unpacked on FreeBSD
  or Linux with non-contiguous minor bits. The warning is not needed
  since we only use SCHILY.dev in order to detect mount points but
  not to compute the major/minor parts.

Release 2019-08-13:
- star: star -xdev -find typically works to exclude mounted files.
  It still does not always do what is expected, e.g. in case that /proc
  is in the tree of scanned files, where files deep in the new mounted
  tree suddenly have the same FS ID as other filesystems, e.g. the file
  /proc/<pid>/path/a.out.

  In such cases, "star -find -xdev" is still recommended where the
  mounted file exclusion is done inside libfind instead of being
  done inside star.

  Before, files on other filesystems have not been honored at all when
  using "star -xdev -find ...".
2019-10-04 14:27:51 +00:00
nia
2948f462c2 unshield: Use CMAKE_INSTALL_MANDIR.
While here, appease pkglint.

Bump PKGREVISION
2019-10-02 07:02:05 +00:00
bsiegert
866c85b303 Revbump all Go packages after 1.12.10 update.
ok wiz@ for PMC
2019-09-26 20:10:39 +00:00
prlw1
3489ec2b08 Fix PLIST 2019-09-22 19:17:21 +00:00
joerg
282bf6e73b Merge 64333cef68d7bcc67bef6ecf177fbeaa549b9139 from upstream to unbreak
build without zlib.
2019-09-22 10:03:51 +00:00
joerg
e0c95ea01f Update for libarchive-3.4.0:
- improvements for Android APK and JAR archives
- better support for non-recursive list and extract
- tar --exclude-vcs support
- fixes for file attributes and flags handling
- zipx support
- rar 5.0 reader
2019-09-22 09:55:06 +00:00
joerg
98137d7ae9 Import libarchive 3.4.0 2019-09-22 09:51:28 +00:00
joerg
dfa398ef74 Properly merge libarchive-3.3.3 2019-09-22 09:50:54 +00:00
joerg
880a3de761 Import libarchive-3.3.3 as should have done originally. 2019-09-22 09:47:02 +00:00
nia
5104a0ae0e lhasa: Create buildlink3.mk 2019-09-21 11:14:23 +00:00
adam
80d0900a33 py-zstandard: updated to 0.12.0
0.12.0:

Backwards Compatibility Notes
* Support for Python 3.4 has been dropped since Python 3.4 is no longer
  a supported Python version upstream. (But it will likely continue to
  work until Python 2.7 support is dropped and we port to Python 3.5+
  APIs.)

Bug Fixes
* Fix ``ZstdDecompressor.__init__`` on 64-bit big-endian systems.
* Fix memory leak in ``ZstdDecompressionReader.seek()``.

Changes
* CI transitioned to Azure Pipelines (from AppVeyor and Travis CI).
* Switched to ``pytest`` for running tests (from ``nose``).
* Bundled zstandard library upgraded from 1.3.8 to 1.4.3.
2019-09-19 16:50:57 +00:00
adam
9e92903a6b py-rarfile: updated to 3.1
Version 3.1:

This will be last version with support for Python 2.x

New feature:
Accept pathlib objects as filenames.
Accept bytes filenames in Python 3

Fixes:
Use bug-compatible SHA1 for longer passwords (> 28 chars) in RAR3 encrypted headers.
Return true/false from _check_unrar_tool
Include all test files in archive
Include volume number in NeedFirstVolume exception if available (rar5).

Cleanups:
Convert tests to pytest.
2019-09-16 08:56:17 +00:00
adam
7e8a22f553 py-lz4: updated to 2.2.1
v2.2.1:
Update the bundled LZ4 library to version 1.9.1

This release updates the bundled LZ4 library to version 1.9.1.

The 2.2.x releases will be the final release that support Python 2.7. In the near future we'll begin work on the 3.0.x release which will only support Python >= 3.5, and will require LZ4 > 1.9.0.

v2.2.0:
Add more detail to the install section of docs
2019-09-16 08:53:00 +00:00
nia
f0cae78328 Remove archivers/file-roller - successor fork archivers/engrampa 2019-09-14 21:46:15 +00:00
nia
a88019bb92 xfce4-thunar-archive: Depend on xarchiver instead of GNOME 2 file-roller.
Makes more sense since we still consider xarchiver part of Xfce...
2019-09-14 21:40:52 +00:00
gutteridge
0dccde93bb engrampa: update to 1.22.2
Change log:

engrampa 1.22.2

  * Translations update
  * java-utils: Remove blank spaces before reading package name
  * glib-utils: Remove unused function - g_ptr_array_copy
  * caja extension: fix icon name for compress menu item
  * fr-command-unarchiver: ask password if required
2019-09-13 05:42:26 +00:00
adam
f1b9581b62 unrar: updated to 5.8.1
5.8.1:
Unknown changes
2019-09-05 06:44:55 +00:00
adam
435af01a8b Changed PYTHON_VERSIONS_INCOMPATIBLE to PYTHON_VERSIONS_ACCEPTED; needed for future Python 3.8 2019-09-02 13:19:35 +00:00
adam
5c16062db1 py-zipp: updated to 0.6.0
v0.6.0

When adding implicit dirs, ensure that ancestral directories
are added and that duplicates are excluded.

The library now relies on more_itertools
2019-09-02 08:31:17 +00:00
markd
2576a98216 karchive: update to 5.61.0
5.61.0
  KTar::openArchive: Don't assert if file has two root dirs
  KZip::openArchive: Don't assert when opening broken files
5.60.0
  Do not crash if the inner file wants to be bigger than QByteArray max size
5.59.0
  Test reading and seeking in KCompressionDevice
  KCompressionDevice: Remove bIgnoreData
  KAr: fix out-of-bounds read (on invalid input) by porting to QByteArray
  KAr: fix parsing of long filenames with Qt-5.10
  KAr: the permissions are in octal, not decimal
  KAr::openArchive: Also check ar_longnamesIndex is not < 0
  KAr::openArchive: Fix invalid memory access on broken files
  KAr::openArchive: Protect against Heap-buffer-overflow in broken files
  KTar::KTarPrivate::readLonglink: Fix crash in malformed files
5.58.0
  KTar: Protect against negative longlink sizes
  Fix invalid memory write on malformed tar files
  Fix memory leak when reading some tar files
  Fix uninitialized memory use when reading malformed tar files
  Fix stack-buffer-overflow read on malformed files
  Fix null-dereference on malformed tar files
  Install krcc.h header
  Fix double delete on broken files
  Disallow copy of KArchiveDirectoryPrivate and KArchivePrivate
  Fix KArchive::findOrCreate running out of stack on VERY LONG paths
  Introduce and use KArchiveDirectory::addEntryV2
  removeEntry can fail so it's good to know if it did
  KZip: fix Heap-use-after-free in broken files
2019-08-27 20:10:04 +00:00
adam
81aa2e4209 lz4: updated to 1.9.2
LZ4 v1.9.2
fix : out-of-bound read in exceptional circumstances when using decompress_partial()
fix : slim opportunity for out-of-bound write with compress_fast() with a large enough input and when providing an output smaller than recommended (< LZ4_compressBound(inputSize))
fix : rare data corruption bug with LZ4_compress_destSize()
fix : data corruption bug when Streaming with an Attached Dict in HC Mode
perf: enable LZ4_FAST_DEC_LOOP on aarch64/GCC by default
perf: improved lz4frame streaming API speed
perf: speed up lz4hc on slow patterns when using external dictionary
api: better in-place decompression and compression support
cli : --list supports multi-frames files
cli: --version outputs to stdout
cli : add option --best as an alias of -12
misc: Integration into oss-fuzz
2019-08-26 07:09:47 +00:00
ryoon
edacf2bbcb Recursive revbump from boost-1.71.0 2019-08-22 12:22:48 +00:00
adam
88a94c747c zstd: updated to 1.4.3
Zstandard v1.4.3

Dictionary Compression Regression
We discovered an issue in the v1.4.2 release, which can degrade the effectiveness of dictionary compression. This release fixes that issue.

Detailed Changes
* bug: Fix Dictionary Compression Ratio Regression
* bug: Fix Buffer Overflow in v0.3 Decompression
* build: Add support for IAR C/C++ Compiler for Arm
* misc: Add NULL pointer check in util.c by
2019-08-20 13:04:52 +00:00
bsiegert
2b7e432294 Recursive bump of all packages using Go after Go 1.12.8 update. 2019-08-14 15:45:31 +00:00
leot
a09286fb4d upx: Reset MAINTAINER (mail bouncing) 2019-08-12 11:08:36 +00:00
wiz
84e123ddd2 Bump PKGREVISIONs for perl 5.30.0 2019-08-11 13:17:48 +00:00
brook
93e94bec97 Update all R packages to canonical form.
The canonical form [1] of an R package Makefile includes the
following:

- The first stanza includes R_PKGNAME, R_PKGVER, PKGREVISION (as
  needed), and CATEGORIES.

- HOMEPAGE is not present but defined in math/R/Makefile.extension to
  refer to the CRAN web page describing the package.  Other relevant
  web pages are often linked from there via the URL field.

This updates all current R packages to this form, which will make
regular updates _much_ easier, especially using pkgtools/R2pkg.

[1] http://mail-index.netbsd.org/tech-pkg/2019/08/02/msg021711.html
2019-08-08 19:53:36 +00:00
maya
1f61ac7537 hpack: use -std=gnu89 for older GNU inline semantics.
(Code requires expertise in C archaeology to understand...)

Fixes build on newer MacOS.
From Clement Bouvier in PR pkg/54358
2019-08-05 19:21:12 +00:00
prlw1
fa17f017cc Update libmspack to 0.10.1alpha
2019-02-18  Stuart Caie <kyzer@cabextract.org.uk>

       * chmd_read_headers(): a CHM file name beginning "::" but shorter
       than 33 bytes will lead to reading past the freshly-allocated name
       buffer - checks for specific control filenames didn't take length
       into account. Thanks to ADLab of Venustech for the report and
       proof of concept.

2019-02-18  Stuart Caie <kyzer@cabextract.org.uk>

       * chmd_read_headers(): CHM files can declare their chunks are any
       size up to 4GB, and libmspack will attempt to allocate that to
       read the file.

       This is not a security issue; libmspack doesn't promise how much
       memory it'll use to unpack files. You can set your own limits by
       returning NULL in a custom mspack_system.alloc() implementation.

       However, it would be good to validate chunk size further. With no
       offical specification, only empirical data is available. All files
       created by hhc.exe have a chunk size of 4096 bytes, and this is
       matched by all the files I've found in the wild, except for one
       which has a chunk size of 8192 bytes, which was created by someone
       developing a CHM file creator 15 years ago, and they appear to
       have abandoned it, so it seems 4096 is a de-facto standard.

       I've changed the "chunk size is not a power of two" warning to
       "chunk size is not 4096", and now only allow chunk sizes between
       22 and 8192 bytes. If you have CHM files with a larger chunk size,
       please send them to me and I'll increase this upper limit.

       Thanks to ADLab of Venustech for the report.

2019-02-18  Stuart Caie <kyzer@cabextract.org.uk>

       * oabd.c: replaced one-shot copying of uncompressed blocks (which
       requires allocating a buffer of the size declared in the header,
       which can be 4GB) with a fixed-size buffer. The buffer size is
       user-controllable with the new msoab_decompressor::set_param()
       method (check you have version 2 of the OAB decompressor), and
       also controls the input buffer used for OAB's LZX decompression.

       Reminder: compression formats can dictate how much memory is
       needed to decompress them. If memory usage is a security concern
       to you, write a custom mspack_system.alloc() that returns NULL
       if "too much" memory is requested. Do not rely on libmspack adding
       special heuristics to know not to request "too much".

       Thanks to ADLab of Venustech for the report.
2019-08-05 13:39:24 +00:00
adam
56af723721 zstd: updated to 1.4.2
Zstandard v1.4.2

Legacy Decompression Fix

This release is a small one, that corrects an issue discovered in the previous release. Zstandard v1.4.1 included a bug in decompressing v0.5 legacy frames, which is fixed in v1.4.2.

Detailed Changes

bug: Fix bug in zstd-0.5 decoder
bug: Fix seekable decompression in-memory API
bug: Close minor memory leak in CLI
misc: Validate blocks are smaller than size limit
misc: Restructure source files
2019-08-02 04:44:21 +00:00
brook
710246e9a0 Initial commit.
Cross-Platform 'zip' Compression Library. A replacement for the 'zip'
function, that does not require any additional external tools on any
platform.
2019-07-30 22:26:11 +00:00
wiz
1ac2210b6f *: recursive bump for gdk-pixbuf2-2.38.1 2019-07-21 22:23:57 +00:00
nia
6c1f677278 bzip2: Update to 1.0.8. This changes the upstream to sourceware.org.
1.0.8 (13 Jul 19)
~~~~~~~~~~~~~~~~~

* Accept as many selectors as the file format allows.
  This relaxes the fix for CVE-2019-12900 from 1.0.7
  so that bzip2 allows decompression of bz2 files that
  use (too) many selectors again.

* Fix handling of large (> 4GB) files on Windows.

* Cleanup of bzdiff and bzgrep scripts so they don't use
  any bash extensions and handle multiple archives correctly.

* There is now a bz2-files testsuite at
  https://sourceware.org/git/bzip2-tests.git

1.0.7 (27 Jun 19)
~~~~~~~~~~~~~~~~~

* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH

* bzip2: Fix return value when combining --test,-t and -q.

* bzip2recover: Fix buffer overflow for large argv[0]

* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)

* Make sure nSelectors is not out of range (CVE-2019-12900)
2019-07-21 11:51:24 +00:00
wiz
d03d59b66d zstd: update to 1.4.1.
v1.4.1
bug: Fix data corruption in niche use cases by @terrelln (#1659)
bug: Fuzz legacy modes, fix uncovered bugs by @terrelln (#1593, #1594, #1595)
bug: Fix out of bounds read by @terrelln (#1590)
perf: Improve decode speed by ~7% @mgrice (#1668)
perf: Slightly improved compression ratio of level 3 and 4 (ZSTD_dfast) by @cyan4973 (#1681)
perf: Slightly faster compression speed when re-using a context by @cyan4973 (#1658)
perf: Improve compression ratio for small windowLog by @cyan4973 (#1624)
perf: Faster compression speed in high compression mode for repetitive data by @terrelln (#1635)
api: Add parameter to generate smaller dictionaries by @tyler-tran (#1656)
cli: Recognize symlinks when built in C99 mode by @felixhandte (#1640)
cli: Expose cpu load indicator for each file on -vv mode by @ephiepark (#1631)
cli: Restrict read permissions on destination files by @chungy (#1644)
cli: zstdgrep: handle -f flag by @felixhandte (#1618)
cli: zstdcat: follow symlinks by @vejnar (#1604)
doc: Remove extra size limit on compressed blocks by @felixhandte (#1689)
doc: Fix typo by @yk-tanigawa (#1633)
doc: Improve documentation on streaming buffer sizes by @cyan4973 (#1629)
build: CMake: support building with LZ4 @leeyoung624 (#1626)
build: CMake: install zstdless and zstdgrep by @leeyoung624 (#1647)
build: CMake: respect existing uninstall target by @j301scott (#1619)
build: Make: skip multithread tests when built without support by @michaelforney (#1620)
build: Make: Fix examples/ test target by @sjnam (#1603)
build: Meson: rename options out of deprecated namespace by @lzutao (#1665)
build: Meson: fix build by @lzutao (#1602)
build: Visual Studio: don't export symbols in static lib by @scharan (#1650)
build: Visual Studio: fix linking by @absotively (#1639)
build: Fix MinGW-W64 build by @myzhang1029 (#1600)
misc: Expand decodecorpus coverage by @ephiepark (#1664)
2019-07-21 08:37:34 +00:00
wiz
c30c5fbc0b *: recursive bump for nettle 3.5.1 2019-07-20 22:45:58 +00:00
nia
d75e9ee54f p7zip: Apply a patch for CVE-2017-17969 (out-of-bounds-write)
Bump PKGREVISION
2019-07-18 10:03:26 +00:00
nia
002101c67c Use https for xfce.org subdomains. 2019-07-18 08:15:34 +00:00
nia
09b44eb1b4 unzip: Apply a patch from CVE-2018-18384
from infozip's sourceforge / debian.
2019-07-15 14:08:03 +00:00
adam
8c476dea77 py-zipp: updated to 0.5.2
v0.5.2
Parent of a directory now actually returns the parent.
2019-07-13 09:32:04 +00:00
bsiegert
75e6d392bc gcpio: Fix Darwin and Interix builds.
- disable rmt on Darwin
- correctly put in variables to PLIST

Patch from Clement Bouvier in PR pkg/54354.
2019-07-07 08:54:30 +00:00
bsiegert
c41b79be21 Do not build static binaries on macOS.
Reported by Clement Bouvier in PR pkg/54352.
I did not try a build on Darwin as I no longer own a Mac.
2019-07-06 16:29:10 +00:00
nia
314d0da6b3 Follow some remaining search.cpan.org redirects. 2019-07-01 21:35:32 +00:00
ryoon
57d0806c39 Recursive revbump from boost-1.70.0 2019-07-01 04:07:44 +00:00
nia
d5c846b3af Update packages using a search.cpan.org HOMEPAGE to metacpan.org.
The former now redirects to the latter.

This covers the most simple cases where http://search.cpan.org/dist/name
can be changed to https://metacpan.org/release/name.

Reviewed by hand to hopefully make sure no unwanted changes sneak in.
2019-06-30 20:14:13 +00:00