Problems found with existing distfile for eagle:
distfiles/bicom101.zip
distfiles/szip-2.1nb3/szip-2.1.tar.gz
distfiles/xmill-0.9.1.tar.gz
No changes made to these distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.
New in 1.5
* cabextract replaces bad Unicode characters in filenames with the
standard Unicode replacement character
* wince_rename now puts files under the correct installation path
* Several crashes and hangs were found by Debian project members
using the afl (American fuzzy lop) tool to generate corrupt
cabinet files. These crashes and hangs have been fixed.
* A bug in the LZX decompressor was fixed.
* cabextract is now more tolerant when processing cabinet sets.
* cabextract is now compatible with even more compilers, and
now supports 64-bit file I/O on platforms where it's completely
native, like Mac OS X 10.6 and Fedora x86_64.
* cabextract will no longer print "library not compiled to support
large files" while reading small files.
* The Windows CE installation format document was improved.
New in 1.3:
* Bugs in the MS-ZIP and Quantum decompressors have been fixed.
* MS-ZIP recovery has been improved.
* cabextract should now compile with MinGW
* The "-t" archive integrity checking option has been added. This was
requested by several users. cabextract can unpack cabinet files and give
you MD5 checksums of the files inside, without writing the unpacked
files to disk.
* Large files (more than 2 gigabytes) are now correctly searched for
cabinet files.
* A security vulnerability has been fixed. Files compressed with the
Quantum method, using a window size less than 32768 bytes, could cause
cabextract to write beyond the end of the window and cause a
segmentation fault. This fix also permits cabextract to unpack this type
of cabinet file (of which only one has been found in the wild) correctly.
* The unnecessary GNU source mempcpy.c, which caused compilation
failures on several systems, was removed.
* An off-by-one error introduced in 1.1's UTF-8 decoder was fixed. Files
with UTF-8 filenames can now be extracted. The UTF-8 decoder was also
upgraded to support the latest Unicode characer maps.
anywhere, yet configure.ac declared an AC_REPLACE_FUNCS() for it. Rip out
the offending code from configure until it is rebuilt at the source.
(Patch to remove the AC_REPLACE_FUNCS submitted to author.)
* A security vulnerability has been fixed. If the files within a
cabinet file include "../" in their filenames, this will be
changed to "xx/", so cabinets cannot access the parent directory
of where you want to extract them.
* cabextract should now compile cleanly on AIX and Cygwin.
changes since 0.5:
* pkgsrc fixes for 0.5 integrated
* support for the Quantum compression method reverse-engineered by
Matthew Russotto
* cabextract now exhaustively searches your files for cabinets.
If there's more than one cabinet in the same file, cabextract will
find those too.
* Spanning cabinets sets contain both a 'next' and 'previous' cabinet
name. cabextract now searches backwards through the cabinet chain
to find the start of a cabinet set, before searching in the forwards
direction as usual.
- Do not compute a pointer outside of an array.
The original code did this and if the executable is mapped at the
low address in virtual space, the "runsrc" value becomes ``negative''
address and caused crash.
Package maintainers should use a.out to detect this sort of botches. :D
- Fix usage of mktime(3).
- Fix usage of tolower(3).
Changes:
- Honor umask for file mode.
- Add a hack to handle self-extracting cabinet (*.exe).
cabextract is a program that un-archives files in the Microsoft
cabinet file format (.cab) or any binary file which contains an
embedded cabinet file (frequently found in .exe files).
cabextract will extract all files from all cabinet files specified on
the command line
To extract a multi-part cabinet consisting of several files, only give
the first file as an argument to cabextract as it will automatically
look for the remaining files.
Provided in PR 14259 by Ben Collver (collver@linuxfreemail.com), the
description fleshed out slightly by myself, taken from the man page.