Listing or checking the integrity may call readpassphrase(3)
and thus requires a "tty" promise.
Report and fix by provided by Andre S, thanks!
ok czarkoff@, Josh Grosse (MAINTAINER)
MESSAGE/UNMESSAGE. Add @extra lines in place of UNMESSAGE. Docs about
activating these have been rolled into the general PHP pkg-readmes file.
OK/feedback aja@ jasper@
- CVE-2013-0211: denial of service via unspecified vectors
- CVE-2015-2304: directory traveral via absolute paths
- crash/infinite loop on malformed CPIO archives
From upstream git (commits 2253154, 5935715, 3865cf2, e6c9668, 24f5de6)
via FreeBSD.
Minor bump for the new ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS option.
The solution isn't very nice but is the least intrusive right now; and
you can only find portability bugs in programs that do build. As
suggested by naddy@, something based on endian.h would probably be
nicer.
ok sthen@, Josh Grosse (maintainer)
Removal proposed by Andre Smagin for the following reasons:
* cannot extract ACE archives from version 2.0 or newer of WinAce;
* very dated code (1998), has issues as shown by the compilers;
* dumps core on armv7/BeagleBone Black (at the least);
* unclear / non-existing license - no package;
* obsolete proprietary format, dead piece of software.
ok sthen@ giovanni@ naddy@
This is possible now that pledge(2) treats TIOCGWINSZ like TIOCGETA, allowing
it to return ENOTTY rather than killing the process for a non-terminal device.
or if it's used in a pipeline, then it can further pledge to only use
stdio-related system calls while doing the actual de/compression.
Since ports uses 'bzip2 -dc [file] | tar xf -', it can benefit from
this added protection during file extraction.
it's easy to drop to only allowing stdio and file operations. There's scope to
push this further (e.g. when used in a simple pipeline, no more than stdio
should be necessary). ok naddy@ (maintainer).
(__BYTE_ORDER not being defined) causing 'repair' to fail on files from other
par2 implementations or from pre-5.6 OpenBSD. ok jca@
From Mikolaj Kucharski, taking maintainer.
