pkglint --only "https instead of http" -r -F
With manual adjustments afterwards since pkglint 19.4.4 fixed a few
indentations in unrelated lines.
This mainly affects projects hosted at SourceForce, as well as
freedesktop.org, CTAN and GNU.
v0.3.1 (2016-03-29):
* This release fixes an integer underflow vulnerability in the
code for doing LZH level 3 header decodes (TALOS-CAN-0095).
Thanks go to Marcin Noga and Regina Wilson of Cisco TALOS for
reporting this vulnerability.
Problems found with existing distfile for eagle:
distfiles/bicom101.zip
distfiles/szip-2.1nb3/szip-2.1.tar.gz
distfiles/xmill-0.9.1.tar.gz
No changes made to these distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
* PMarc -pm1- archives that contain truncated compressed data (the
decompressed length is longer than what can be read from the
compressed data) now decompress as intended. Certain archives
in the wild make the assumption that this can be done.
* LArc -lz5- archives that make use of the initial history buffer
now decompress correctly.
* Decompression of archives using the -lhx- file format supported by
unlha32.dll is now supported (thanks Multi for the patch).
* The -p (print to stdout) command line option is now supported.
* The test suite should now run correctly on Windows.
Bugs fixed:
* Bug where archives read from pipes (eg. stdin) were not extracted
beyond the first file in the archive.
* Output when using the -w (extract directory) option now correctly
matches the output of Unix lha.
Directory paths containing '..' as a directory name are now sanitized,
to prevent malicious archives being able to overwrite arbitrary files on
the filesystem.
Symbolic links are now extracted in a safer way, being created as dummy
files in O_EXCL mode that are overwritten with proper symbolic links at
the end of extraction.
Processing of archives read from IPC pipes (including stdin) has
been fixed.
v0.0.7 (2012-06-02):
* Extraction and listing of Unix symbolic links is now supported.
* Decompression code for the "old" PMarc archive algorithm (-pm1-) has
been added.
* Support has been added for Unix LHA level 0 header extended areas
(so level 0 archives with Unix metadata are now listed and extracted
correctly).
* The Unix permissions field in the list output for directory entries
has been fixed.
* The library header files have been fixed so that they can be included
in C++ code.
* The LHADecoder interface, for extracting raw compressed data, has been
added to the public header files.
* The Unix LHA test archives have been regenerated and improved.
* A "ghost testing" tool has been added for testing ghost compression
algorithms such as -pm1-.
* The list output tests have been fixed to be repeatable regardless of
the current date.
* Build of the fuzzer tool has been fixed.
v0.0.6 (2012-05-17):
* When the -w option is used during extraction, the path specified
is now first created if it does not already exist.
* The command line tool now exits with a failure return code if an
error occurs during extraction.
* A "catch-all" header file (lhasa.h) has been added.
* The public header files installed with the library can now be
included and used externally.
* A pkgconfig file is now installed as part of the library
(thanks Jan Engelhardt).
* Make targets have been added for building Doxygen documentation
and including them as part of the distribution.
v0.0.5 (2012-05-08):
* Architecture-specific functions for running on Windows have now been
fully implemented, and the command line tool passes all tests in the
test suite on Windows (thanks roytam1 for bug reports).
* Bug fixed where the command line tool would enter an infinite loop
when extracting a truncated archive (thanks Jon Dowland).
* Support added for archives with level 0 headers and Unix path
separators (thanks roytam1).
* The test suite now runs correctly outside of the Europe/London time
zone (thanks Thomas Klausner).
* A .spec file is now included for building rpm packages.
Lhasa is a library for parsing LHA (.lzh) archives and a free
replacement for the Unix LHA tool.
Currently it is only possible to read from (i.e., decompress)
archives; generating (compressing) LHA archives may be an enhancement
for future versions. The aim is to be compatible with as many
different variants of the LHA file format as possible, including
LArc (.lzs) and PMarc (.pma).
The command line tool aims to be interface-compatible with the
non-free Unix LHA tool (command line syntax and output), for
backwards compatibility with tools that expect particular output.
