SECURITY:

upgrade to 1.1;
A directory-traversal issue exists in cabextract
that could overwrite any file on the system when extracting
a malicious cab file.

from maintainer; the issue has also been reported by matthieu@

archivers/cabextract/Makefile

@@ -1,11 +1,11 @@
-# $OpenBSD: Makefile,v 1.2 2002/12/08 20:34:41 jcs Exp $
+# $OpenBSD: Makefile,v 1.3 2004/10/23 15:54:42 robert Exp $
 
 COMMENT=		"Extracts files from Microsoft CAB archives"
 
 # 
 # What port/package will be created
 #
-DISTNAME=		cabextract-0.6
+DISTNAME=		cabextract-1.1
 CATEGORIES=		archivers
 
 HOMEPAGE=		http://www.kyz.uklinux.net/cabextract.php3

archivers/cabextract/distinfo

@@ -1,3 +1,3 @@
-MD5 (cabextract-0.6.tar.gz) = 1e6e7d35d4ca4e5bd9cfc86aa315163b
-RMD160 (cabextract-0.6.tar.gz) = bdb7c67baac41b558860a5581af68d582db1eca6
-SHA1 (cabextract-0.6.tar.gz) = e788ad16b93c986f5db792288137bf98de11dd73
+MD5 (cabextract-1.1.tar.gz) = f4b729c0be7d288660f4fc167de199a1
+RMD160 (cabextract-1.1.tar.gz) = f895a466d03c59cd4e99c217f8e9f409bf1b0bfc
+SHA1 (cabextract-1.1.tar.gz) = 359c8f4ec9c62d9dac5d572269b607b2cae4fbf7

archivers/cabextract/patches/patch-mempcpy_c

@@ -0,0 +1,16 @@
+$OpenBSD: patch-mempcpy_c,v 1.1 2004/10/23 15:54:42 robert Exp $
+--- mempcpy.c.orig	Sat Oct 23 09:46:58 2004
++++ mempcpy.c	Sat Oct 23 09:47:11 2004
+@@ -29,7 +29,12 @@ Copies @var{length} bytes from memory re
+ 
+ */
+ 
++#ifndef __OpenBSD__
+ #include <ansidecl.h>
++#else
++#define PARAMS(ARGS)    ARGS
++#define PTR             void *
++#endif
+ #ifdef ANSI_PROTOTYPES
+ #include <stddef.h>
+ #else

archivers/cabextract/pkg/DESCR

@@ -1,2 +1,5 @@
-Cabextract is a program to extract Microsoft cabinet (.CAB) files.
-
+cabextract is Free Software for extracting Microsoft cabinet files, also called
+.CAB files, on UNIX or UNIX-like systems. cabextract is distributed under the
+GPL license. It is based on the portable LGPL libmspack library. cabextract
+supports all special features and all compression formats of Microsoft cabinet
+files.