cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
114,773 Commits 1 Branch 0 Tags
Commit Graph

1248 Commits

Author SHA1 Message Date
jca
5500f89cc2 Fix incorrect logic leading to a fatal assert when using the -q flag. 
Ports patch from Mikolaj Kucharski, source patch from Debian
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299658),
upstream issue: http://sourceforge.net/p/parchive/bugs/37/
 2015-04-19 17:52:47 +00:00
naddy
d8f86af3c9 update to upstream tarball 5.2.7, still labeled version 5.21 2015-04-10 20:32:12 +00:00
naddy
074951595a update to 3.1.2; with jasper@ 2015-04-04 11:05:19 +00:00
sthen
9500439bfe Patch libzip for CVE-2015-2331; int overflow leading to a heap overflow. 
Upstream's patch depends on other changes; for us, we can simplify things
and just use reallocarray.
 2015-04-03 18:20:49 +00:00
naddy
4946712c9c update to 5.21 2015-04-03 11:58:51 +00:00
naddy
81691e03a5 Security fix for 
CVE-2015-2063: buffer overflow when reading bogus file headers

The header parser was not checking if it had read enough data when
trying to parse the header from memory, causing it to accept files
with headers smaller than expected.

From Debian
 2015-04-03 11:26:26 +00:00
naddy
b522e1f179 maintenance update to 5.2.1 and enable multi-threading; mostly from brad@ 2015-03-31 18:00:23 +00:00
naddy
c1d595ad3d CVE-2014-9112: Heap-based buffer overflow in the process_copy_in 
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff, via Debian.

CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker, via Debian.

Also apply an upstream fix for some regression tests while here.
 2015-03-31 15:36:52 +00:00
benoit
a5bcb4ccdc Update to p5-PerlIO-gzip-0.19. 2015-03-29 09:23:49 +00:00
juanfra
d7718fd83f Update to p7zip 9.38.1. From Josh Grosse (MAINTAINER). 2015-03-16 17:20:40 +00:00
juanfra
916d6eef26 Update to pigz 2.3.3. From Thomas Pfaff (MAINTAINER). 2015-03-16 16:26:15 +00:00
sthen
63f1718ad8 update to lzo2-2.09 and take MAINTAINER 2015-03-16 09:40:10 +00:00
benoit
8995b4a1a1 Update to p5-Compress-Bzip2-2.22. 2015-03-15 17:45:11 +00:00
naddy
2235cd4981 switch from "-static" to "${STATIC}, i.e., build static PIE executables 
on most archs
 2015-03-14 20:52:46 +00:00
sthen
864bbedd53 Fix directory-traversal vulnerability involving long UTF-8 encodings. 
Nice write-up at http://www.openwall.com/lists/oss-security/2015/02/18/3
 2015-02-18 13:04:09 +00:00
naddy
eae40dae37 Security fixes: 
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()

Via Debian; ok sthen@
 2015-02-06 21:37:04 +00:00
sthen
3ad6c95bf2 Force a WANTLIB on libc for ports linked statically, to ensure they get updated 
following major updates in base. kurt is ok with this approach. ok naddy
 2015-02-04 21:16:11 +00:00
sthen
4e81609896 update to cabextract 1.5, embedded copy of libmspack is updated for 
security fixes (see recent commit to archivers/libmspack), additionally
cabextract now replaces bad Unicode characters in filenames with the
standard Unicode replacement character.
 2015-02-04 09:51:53 +00:00
sthen
34c7f77418 update to libmspack 0.5alpha (part 2: cvs didn't see the patches/ dir) 
null pointer dereference on a crafted CAB:
- https://bugs.debian.org/774665

CHM decompression: division by zero
- https://bugs.debian.org/774725

CHM decompression: pointer arithmetic overflow
- https://bugs.debian.org/774726

off-by-one buffer over-read in mspack/mszipd.c
- https://bugs.debian.org/775498

off-by-one buffer under-read in mspack/lzxd.c
- https://bugs.debian.org/775499

CHM decompression: another pointer arithmetic overflow
- https://bugs.debian.org/775687
 2015-02-04 09:46:37 +00:00
sthen
82408b2659 update to libmspack 0.5alpha 
null pointer dereference on a crafted CAB:
 - https://bugs.debian.org/774665

CHM decompression: division by zero
 - https://bugs.debian.org/774725

CHM decompression: pointer arithmetic overflow
 - https://bugs.debian.org/774726

off-by-one buffer over-read in mspack/mszipd.c
 - https://bugs.debian.org/775498

off-by-one buffer under-read in mspack/lzxd.c
 - https://bugs.debian.org/775499

CHM decompression: another pointer arithmetic overflow
 - https://bugs.debian.org/775687
 2015-02-04 09:45:49 +00:00
jasper
c040a5f602 Security fix for CVE-2014-9556 2015-01-30 13:34:40 +00:00
juanfra
01ae7e1736 Update to plzip 1.3. 2015-01-24 20:32:59 +00:00
bentley
87cea09896 Remove Kevin Lo as maintainer, by request. 
While here, fix a couple of license markers.
 2015-01-21 06:13:46 +00:00
benoit
88db489dea Update to p5-Compress-Bzip2-2.20. 2015-01-16 07:53:22 +00:00
brad
757220d9ce Update to xz 5.2.0. 
ok naddy@
 2015-01-12 22:07:17 +00:00
sthen
9b2c4a4676 update to lz4 r127 2015-01-12 15:23:09 +00:00
bcallah
2f30aef1e8 Bugfix update to 0.7.1 - marble (it's only dependent) compiles/runs ok. 2015-01-10 05:00:40 +00:00
rpe
bdf559dc2f Remove mirror.switch.ch from MASTER_SITES. 
OK sthen@
 2014-12-09 22:51:35 +00:00
rpe
c01550032f Update p5-Archive-Extract to 0.74 
OK sthen@
 2014-12-09 22:47:47 +00:00
zhuk
a70b2d603a Make sure Qt4 is picked up, not Qt5. No package change. 
okay bcallah@ (MAINTAINER)
 2014-12-09 18:55:42 +00:00
kili
52db5b1530 Remove dependencies on devel/hs-haskeline and devel/hs-transformers, 
to unbreak ports like databases/sqlports (noticed by naddy).

plist changes and bumps included, but a little bit pointless (the
ports are still unbuildable).
 2014-12-03 21:56:43 +00:00
kili
ad6ebe9b7d Update dependencies and plists and bump. 2014-11-25 22:11:02 +00:00
kili
8c5512f8e3 Update plist. 2014-11-22 20:29:53 +00:00
jca
11147a18ea +innoextract 2014-11-21 19:05:09 +00:00
jca
f3c45ed13c Import innoextract-1.4, from Donovan Watteau. 
Input from landry@, ok sthen@

Inno Setup is a tool to create installers for Microsoft Windows
applications.  innoextract allows to extract such installers under
non-windows systems without running the actual installer using Wine.

innoextract is able to unpack GOG.com installers, Wadjet Eye Games
installers (to play with AGS), Arx Fatalis patches (for use with
Arx Libertatis) as well as various other Inno Setup executables.
 2014-11-21 19:04:14 +00:00
sthen
8d468569b2 +p5-Archive-Extract 2014-11-19 00:34:16 +00:00
sthen
ff03e6bd5e import p5-Archive-Extract, ok/tweak nigel@ 
Archive::Extract is a generic archive extraction mechanism.
It allows you to extract .tgz, .tar, .gz and .zip files, using
either perl modules or commandline tools.
 2014-11-19 00:33:54 +00:00
sthen
6ec074595b fix with perl 5.19+, fix from rt.cpan 2014-11-17 17:13:01 +00:00
benoit
55f07fe397 Update to p5-Compress-Bzip2-2.19. 
Update test, take maintainership, ok ajacoutot@
 2014-11-13 12:26:30 +00:00
benoit
dfa2c3b168 Update libshrink to 0.5.4. 
ok David Hill (maintainer)
 2014-11-10 16:42:52 +00:00
sthen
8520471310 update to lz4 r124 2014-11-08 14:39:21 +00:00
sthen
174f98ce56 bump REVISION for php version switch 2014-11-06 17:13:39 +00:00
sthen
30fa2e744a chown to set permissions to avoid needing root to "make clean" after build 2014-10-30 23:42:19 +00:00
sthen
c9a85e2fed update to pecl-rar 3.0.2 2014-10-29 21:14:22 +00:00
sthen
688f59e63d use a portroach-compatible distname 2014-10-27 13:42:39 +00:00
sthen
3cb4721446 update to lz4 r123 2014-10-26 14:15:07 +00:00
jeremy
a6b8b062f2 Bump gem ports buildable with ruby 1.8 that have binaries 
The binaries now use a 18 suffix on ruby 1.8.
 2014-10-11 19:54:46 +00:00
ajacoutot
a18880215f Trailing whitespace. 2014-10-07 10:13:57 +00:00
naddy
59c5a87682 update to 5.0.7: fix invalid Libs.private value in liblzma.pc 2014-09-21 12:18:29 +00:00
naddy
f7137a89d7 maintenance update to 5.0.6 2014-09-19 20:58:39 +00:00