head	1.14;
access;
symbols
	RELEASE_8_3_0:1.14
	RELEASE_9_0_0:1.14
	RELEASE_7_4_0:1.12
	RELEASE_8_2_0:1.12
	RELEASE_6_EOL:1.12
	RELEASE_8_1_0:1.11
	RELEASE_7_3_0:1.11
	RELEASE_8_0_0:1.11
	RELEASE_7_2_0:1.11
	RELEASE_7_1_0:1.11
	RELEASE_6_4_0:1.11
	RELEASE_5_EOL:1.11
	RELEASE_7_0_0:1.11
	RELEASE_6_3_0:1.11
	PRE_XORG_7:1.11
	RELEASE_4_EOL:1.11
	RELEASE_6_2_0:1.10
	RELEASE_6_1_0:1.10
	RELEASE_5_5_0:1.10
	RELEASE_6_0_0:1.9
	RELEASE_5_4_0:1.9
	RELEASE_4_11_0:1.9
	RELEASE_5_3_0:1.8
	RELEASE_4_10_0:1.8
	RELEASE_5_2_1:1.6
	RELEASE_5_2_0:1.6
	RELEASE_4_9_0:1.6
	RELEASE_5_1_0:1.6
	RELEASE_4_8_0:1.6
	RELEASE_5_0_0:1.6
	RELEASE_4_7_0:1.6
	RELEASE_4_6_2:1.5
	RELEASE_4_6_1:1.5
	RELEASE_4_6_0:1.5
	RELEASE_5_0_DP1:1.5
	RELEASE_4_5_0:1.5
	RELEASE_4_4_0:1.5
	RELEASE_4_3_0:1.2;
locks; strict;
comment	@# @;


1.14
date	2011.06.11.21.04.59;	author gabor;	state Exp;
branches;
next	1.13;

1.13
date	2011.03.18.17.58.26;	author miwi;	state Exp;
branches;
next	1.12;

1.12
date	2010.07.29.22.45.51;	author gabor;	state Exp;
branches;
next	1.11;

1.11
date	2007.01.02.21.12.04;	author gabor;	state Exp;
branches;
next	1.10;

1.10
date	2005.11.23.23.37.39;	author pav;	state Exp;
branches;
next	1.9;

1.9
date	2004.10.23.08.35.51;	author okazaki;	state Exp;
branches;
next	1.8;

1.8
date	2004.03.16.13.14.57;	author krion;	state Exp;
branches;
next	1.7;

1.7
date	2004.01.27.20.50.37;	author trevor;	state Exp;
branches;
next	1.6;

1.6
date	2002.08.30.12.08.16;	author sobomax;	state Exp;
branches;
next	1.5;

1.5
date	2001.08.27.08.35.40;	author sobomax;	state Exp;
branches;
next	1.4;

1.4
date	2001.08.20.08.13.32;	author sobomax;	state Exp;
branches;
next	1.3;

1.3
date	2001.08.07.11.57.53;	author sobomax;	state Exp;
branches;
next	1.2;

1.2
date	2001.03.06.13.29.20;	author sobomax;	state Exp;
branches;
next	1.1;

1.1
date	2000.11.30.14.21.28;	author sobomax;	state Exp;
branches;
next	;


desc
@@


1.14
log
@- Update to 1.4
@
text
@SHA256 (cabextract-1.4.tar.gz) = f7ba8ba2c2d71912846eaaa2bed9200a7722ef0addeec32db7471c350a48e41e
SIZE (cabextract-1.4.tar.gz) = 222490
@


1.13
log
@- Get Rid MD5 support

With hat:	portmgr (myself)
@
text
@d1 2
a2 2
SHA256 (cabextract-1.3.tar.gz) = d464383a35b48d54a3990c02f89acbfc677e655ef46194eae64fb8f433c3c001
SIZE (cabextract-1.3.tar.gz) = 217633
@


1.12
log
@Update to 1.3, which fixes two security bugs. Detailed description
from the author follows.

Bug 1: Infinite loop in MS-ZIP decoder [1]

The MS-ZIP and Quantum decoders read bits in roughly the same way as the LZX
decoder, however they don't have "inject two fake bytes" code.

In the situation where read() provides zero bytes, e.g. at the end of file or
end of a CAB block, the LZX decoder handles this by injecting two fake bytes,
then returns an error on subsequent calls. MS-ZIP and Quantum instead return
zero bytes without error. However, all three decoders are written to presume
they will get at least one byte. So this could lead to an infinite loop in
MS-ZIP and Quantum. An infinite loop has definitely been seen in MS-ZIP -
there is a while loop in inflate() of an uncompressed block (block type 0)
which won't end until enough input is provided.

Partial solution: change "if (read < 0)" to "if (read <= 0)" in mszipd.c and
qtmd.c.
- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=90

However, this breaks compatibility with a number of MS-ZIP/Quantum encoded
files. A full solution would be to implement the same bit-reading system as
LZX. I've done this now, merging all the bit-reading and huffman-reading
code into two new files; readbits.h and readhuff.h
- http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=95

There are several further changes made to integrate readbits.h and readhuff.h,
I recommend you look at the latest version in the source repository.
- http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/

Bug 2: Segmentation fault in "cabextract -t"

This bug may not affect you, depending on your implementation of
mspack_system->write(). It does cause a segfault in cabextract's
cabx_write() in "-t" (test archive) mode.

In the Quantum decoder, when the window wrap is reached, all currently
unwritten data is flushed to disk. Sometimes, less data is needed than
is flushed, which makes the variable out_bytes negative.

When the main decoding loop finishes, a final call to write() is made if
out_bytes is not zero. In that situation, it calls mspack_system->write() with
a negative byte count, e.g. -129 bytes. You should reject this. In
cabextract's "-t" mode, this is not caught, but instead converted to an
unsigned integer and passed to md5_process_bytes(), which tries to
read e.g. 4294967167 bytes, causing it to read beyond the end of
valid process space and thus segfault.

Solution:
- Break out to the end of the decoding loop immediately if the flush would be more than needed.
   http://libmspack.svn.sourceforge.net/viewvc/libmspack/libmspack/trunk/mspack/qtmd.c?r1=114&r2=113
- Add checking of the "bytes" argument in mspack_system read() / write() implementations, just to be sure.
   http://libmspack.svn.sourceforge.net/viewvc/libmspack?view=revision&revision=118

Security:	SA40719 [1]
@
text
@a0 1
MD5 (cabextract-1.3.tar.gz) = cb9a4a38470d2a71a0275968e7eb64d3
@


1.11
log
@- Update to 1.2
- Remove unnecessary patch
- Style

Approved by:	erwin (mentor)
@
text
@d1 3
a3 3
MD5 (cabextract-1.2.tar.gz) = dc421a690648b503265c82ade84e143e
SHA256 (cabextract-1.2.tar.gz) = ae9c860a74fcea109887b4cf5de8fce575ac14737571520b14b84816f17125eb
SIZE (cabextract-1.2.tar.gz) = 194006
@


1.10
log
@- Add SHA256
@
text
@d1 3
a3 3
MD5 (cabextract-1.1.tar.gz) = f4b729c0be7d288660f4fc167de199a1
SHA256 (cabextract-1.1.tar.gz) = 32cdac1e2099eb7be1c49c267af4f2dc92c3097d8fdbe3dd087cdbe3a2c0cc8e
SIZE (cabextract-1.1.tar.gz) = 187495
@


1.9
log
@Update to version 1.1.

PR:		72817
Submitted by:	KATO Tsuguru
@
text
@d2 1
@


1.8
log
@- Update to version 1.0

PR:		ports/64328
Submitted by:	Ports Fury
@
text
@d1 2
a2 2
MD5 (cabextract-1.0.tar.gz) = 8fde8ad86f7144943b7e4e5a2da7eddb
SIZE (cabextract-1.0.tar.gz) = 189625
@


1.7
log
@Add SIZE.
@
text
@d1 2
a2 2
MD5 (cabextract-0.6.tar.gz) = 1e6e7d35d4ca4e5bd9cfc86aa315163b
SIZE (cabextract-0.6.tar.gz) = 92469
@


1.6
log
@Update to 0.6.

PR:		41729
Submitted by:	Ports Fury
@
text
@d2 1
@


1.5
log
@Update to 0.5.

Submitted by:	petef
@
text
@d1 1
a1 1
MD5 (cabextract-0.5.tar.gz) = 7c48be6b93483409ba94022a08d1ee09
@


1.4
log
@Update to 0.4.
@
text
@d1 1
a1 1
MD5 (cabextract-0.4.tar.gz) = 5099c8e62ca062869736f3c8511b71f3
@


1.3
log
@Update to 0.3.
@
text
@d1 1
a1 1
MD5 (cabextract-0.3.tar.gz) = 72d88348e21d91aa61ec3b9a4b778de6
@


1.2
log
@Update to 0.2.
@
text
@d1 1
a1 1
MD5 (cabextract-0.2.tar.gz) = 8f59514ec67cfb43658c57c67c864b74
@


1.1
log
@Add cabextract - a program to extract Microsoft cabinet (.CAB) files.
@
text
@d1 1
a1 1
MD5 (cabextract-0.1.c.gz) = 3df43a423e67c187361492ace58830c1
@

