by yhardy and myself.
Inno Setup is a tool to create installers for Microsoft Windows
applications. innoextract allows to extract such installers under
non-windows systems without running the actual installer using
Wine. innoextract currently supports installers created by Inno
Setup 1.2.10 to 5.5.5.
It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.
r127:
N/A : added a file on SVN
r126:
New : lz4frame API is now integrated into liblz4
Fixed : GCC 4.9 bug on highest performance settings, reported by Greg Slazinski
Fixed : bug within LZ4 HC streaming mode, reported by James Boyle
Fixed : older compiler don't like nameless unions, reported by Cheyi Lin
Changed : lz4 is C90 compatible
Changed : added -pedantic option, fixed a few mminor warnings
r125:
Changed : endian and alignment code
Changed : directory structure : new "lib" directory
Updated : lz4io, now uses lz4frame
Improved: slightly improved decoding speed
Fixed : LZ4_compress_limitedOutput(); Special thanks to Christopher Speller !
Fixed : some alignment warnings under clang
Fixed : deprecated function LZ4_slideInputBufferHC()
----------------
0.0942 2015-01-28 17:07:43 America/Toronto
- Replaces contents of archives in test folder with random noise in order
to avoid any licensing issues. (Philippe Bruhat (BooK))
* Fixed a compression-ratio regression in fast mode of LZMA1 and
LZMA2. The bug is present in 5.1.4beta and 5.2.0 releases.
* Fixed a portability problem in xz that affected at least OpenBSD.
* Fixed xzdiff to be compatible with FreeBSD's mktemp which differs
from most other mktemp implementations.
* Changed CPU core count detection to use cpuset_getaffinity() on
FreeBSD.
0.2.1 (2014-02-08)
* Build the gem properly on Ruby 2.0+ (PR #8 by Nana Sakisaka (saki7))
* Release the GIL when interfacing with liblzma (PR #7 by Lars Christensen
* (larsch))
0.2.0 (2013-06-23)
* Fix#6 (errors on JRuby) by Ben Nagy
* Remove 1.8 compatibility
Changelog:
Version 2.5.1:
(This version folds in all non-debian specific bug fixes and feature
extensions, with respect to 2.5, that were made in the Debian afio
package 2.5-6)
(This version does not incorporate fixes for all bug reports or
feature requests I got since afio 2.5: some of these remain on the
todo list)
Fixed a file descriptor handling bug that caused gzip subprocess to
keep running when afio -oZ is killed or crashes. Based on bug report
and patch by Alain Spineux.
Fixed bug that could cause afio -oZ to hang, and/or write faulty data
without warning, if a large file was modified while being written.
The bug fix prevents hanging, and introduces warnings when faulty data
might be written. Based on bug report and patch by Alain Spineux.
Improved error reporting in -r operation, based on discussions with
Alain Spineux. Note that the error message text is all changed now,
to be more verbose and explanatory, so scripts that grep the message
text have to be rewritten. Verfication reporting via exit code 0/1 is
unchanged, unless the -1 r flag is used.
Added -1 r flag to ignore certain warnings when verifying the backup
of a live filesystem. Based on discussions with Alain Spineux.
Changed 'diff -u0' into 'diff -U 0' in regtest.do script in order to
be compatible with command line argument parsing of newer gnu diff
versions. Also added sort commands to sort find output because when
order changes with respect to order in which files where created, this
gives false fail on the hardlink check part of regression test. Based
on problem reports by Dallas Legan, Shlomi Levi.
Added defines to compile under CYGWIN based on patches by Dirk
Eddelbuettel and Jari Aalto.
Fixed bug in test script, that triggered when find(1) listed files in
a different order than the order in which afio unpacked then into the
directory. This bug cause the test script to report failure even
though there was no failure. Bug reported by Andre Francois, also by
Fred Wright and Bruce Bowler.
Fixed bugs in test script, having to do with 'bash -c' and 'source'
not being ablre to find the dircomp and dircompare commands, that were
reported openSuse 10.3 and 11.4. (I have been unable to reproduce the
bugs in my environment, so I hope the fixes work.) Bugs reported and
fixes proposed by Fred Wright.
Added .ogg as an extensions to the list of those to be excluded from
compression by default. Proposed by Dirk Eddelbuettel.
Fixed logic in in() to correctly report failure with a warning message
when uncompression of a commpressed-archived file fails. Also fixes
that, potentially valid archive data would be skipped after this
error. Based on bug report by Daniel Webb.
In next(), changed msg to variable-length string, to avoid possible
buffer overflow. Part of the patch by Erik Schanze (downstream Debian).
Extended -0 option to influence -t processing and -w and -W file
reading too. The -0 option now toggles when used multiple times.
Added -7 option to disable/enable globbing in processing -yYwW
filename patterns. Based on feature request and patch by Christian
Schrader (via Debian). Note that the semantics of the -7 command line
options is sligtly different than it was in the Debian 2.5-3 to 2.5-6
branches: in those branches, -7 was non-toggling so it was not
necessary to supply the -7 before any -yYwW options it should
affect.
Replaced several 0 by NULL to avoid compiler warnings. Based on patch
by Erik Schanze (downstream Debian).
Replaced sys_errlist usage by strerror(3). This avoids (on some
systems) compiler warnings about sys_errlist being obsolete. Left in
the old code (with #if 0) to ease porting. Based on patch by Erik
Schanze (downstream Debian) and report by Mike Black.
Fixed bug in gpg usage examples in script3/, and removed script5/
which had the same bug. Bug reported, and bug fix found, by Marcus
Williams. Also added info on this to the manpage. In the earlier
scripts, the built-in compression feature of gpg was used, but it
turns out that this cannot be reliably used with afio: it should be
disabled using the -z 0 option to gpg. The reason why gpg built-in
compression cannot be used is as follows. When compression is used,
and gpg is run twice on the same input file, it can generate differing
outputs with different lengths. This is a problem for afio if the
output length is larger than the afio -M option value. If the length
is larger than the -M value, then afio will call the 'compression'
program twice, once to get the 'compressed' file length and once to
get the actual file contents and write them to the archive, and if the
lenght is bigger in the second run then the data in the archive will
be truncated (and therefore corrupted). Afio does emit an error
message when this happens, but it might be overlooked. Some caveats:
in testing it looks like if -z 0 is used with gpg, it will never
produce different-length files for the same input, but I can not find
anything in the documentation of gpg suggesting that this is a
guaranteed feature. pgp (the non-GNU implementation) might has a
similar different-length behavior causing afio to fail occasionally,
but I have found no reports on the web about this. (An alternative
would be to use openssl as the encryption engine??)
Updated legal information for redistributers about the afio license in
afio.c and in the .lsm files. Removed earlier text concluding that by
Linux Software Map standards, the correct afio license label was LGPL.
Added the text file afio_license_issues_v5.txt. All of this was
triggerd by a blog entry writen by Tom Callaway, and informed in part
by further discussion in the blog comment section and on some Debian
mailing lists. Thanks to Mark Brukhartz for going on record to clarify
the intent of the original license text.
Increase default size for -M option from 2 to 250 megabytes.
1.1.7
* Fix UTF-8 support for comments
* Zip.sort_entries working for zip output
* Prevent tempfile path from being unlinked by garbage collection
* NTFS Extra Field (0x000a) support
* Use String#tr instead of String#gsub
* Ability to not show warning about incorrect date
* Be smarter about handling buffer file modes.
* Support for Traditional Encryption (ZipCrypto)
1.1.6
Revert "Return created zip file from Zip::File.open when supplied a block"
1.1.5
Treat empty file as non-exists (@layerssss)
Revert regression commit
Return created zip file from Zip::File.open when supplied a block (@tpickett66)
Zip::Entry::DEFLATED is forced on every file (@mehmetc)
Add InputStream#ungetc (@zacstewart)
Alias for legacy error names (@orien)
New in 1.5
* cabextract replaces bad Unicode characters in filenames with the
standard Unicode replacement character
* wince_rename now puts files under the correct installation path
* Several crashes and hangs were found by Debian project members
using the afl (American fuzzy lop) tool to generate corrupt
cabinet files. These crashes and hangs have been fixed.
Archive::Extract is a generic archive extraction mechanism.
It allows you to extract .tgz, .tar, .gz and .zip files, using
either perl modules or commandline tools
This was first released with perl v5.9.5, deprecated (will be
CPAN-only) in v5.17.9 and removed from v5.19.0
1.44 Fri 23 Jan 2015
- Win32 with ZIP executable cannot create temp file [github.com/revhippie]
1.43 Wed 14 Jan 2015
- Restore 101374 - failing tests were not regressions.
This is a maintenance update to fix issues with the new RAR seeking
feature. This new release also contains fixes for build failures when
building libarchive using Visual Studio 2012 and MinGW.