cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
103,551 Commits 1 Branch 0 Tags
Commit Graph

1129 Commits

Author SHA1 Message Date
juanfra
dc0d0a5b1f Update to lzip 1.17. 2015-08-11 20:57:15 +00:00
juanfra
0fd4fe0214 Update to plzip 1.4. 2015-07-22 22:23:52 +00:00
juanfra
a483dec4a3 Update to lzlib 1.7. 2015-07-21 00:41:08 +00:00
sthen
45cf31de01 update to LZ4 r131 2015-07-18 21:25:12 +00:00
jasper
0cfe5a2805 use sed -i 2015-07-17 21:13:14 +00:00
juanfra
a0912f7a1e Update to clzip 1.7. 2015-07-17 18:06:05 +00:00
ajacoutot
2889a1d16f Remove the perl bullshit. 2015-07-16 23:57:18 +00:00
naddy
e2f2775dbd remove some obsolete/useless/crufty schilyware 
ok sthen@ ajacoutot@ dcoppa@ ian@
 2015-06-25 21:45:59 +00:00
sebastia
1a53146871 Use my openbsd.org e-mail address as in all the other ports 2015-06-25 06:40:04 +00:00
sthen
6f278e1d15 update to lz4 r130 2015-06-22 20:46:24 +00:00
sthen
7e4a372ae9 update to pecl-lzf, from maintainer Johan Huldtgren 2015-06-19 16:46:34 +00:00
sebastia
84c55e4695 bye bye ruby-archive-tar-minitar 2015-06-19 06:17:33 +00:00
sebastia
bd97a0853b replace ruby-archive-tar-minitar with ruby-minitar 2015-06-19 06:15:31 +00:00
sebastia
f0f493d50f Archive::Tar::Minitar is a pure-Ruby library and command-line utility 
that provides the ability to deal with POSIX tar(1) archive files. The 
implementation is based heavily on Mauricio Fernandez's implementation 
in rpa-base, but has been reorganised to promote reuse in other
projects.

This is going to replace archivers/ruby-archive-tar-minitar and to be
used by sysutils/ruby-r10k update.

OK jasper@
 2015-06-19 06:14:07 +00:00
naddy
7fcbb927b2 Update to 1.6. 
This release fixes the extraction to absolute file names with invalid
UTF-8 characters (CVE-2015-2060), which had already been fixed in
the port.

The security patch in the port for CVE-2014-9556 was already obsoleted
by extended input validation in 1.5.

ok jca@
 2015-06-13 20:31:32 +00:00
juanfra
2a990c0463 Update to lziprecover 1.17. 2015-06-09 11:40:51 +00:00
juanfra
f11c01ccde Update to lunzip 1.7. 2015-06-06 21:34:01 +00:00
juanfra
c798abe9c5 Update to pdlzip 1.6. 2015-06-05 11:42:55 +00:00
robert
9c1017ae2d bump revision due to the change of the default php version to 5.6 
ok aja@
 2015-06-05 06:00:20 +00:00
ajacoutot
1ba1807e46 +gcab 2015-05-27 06:49:24 +00:00
ajacoutot
096d3b814d Import gcab-0.6. 
GObject library to create cabinet files.

ok robert@
 2015-05-27 06:47:59 +00:00
ajacoutot
a183b75553 "/usr/local/lib/pkgconfig/" is part of mtree(8). 
Packages should not own this dir to prevent its deletion or a warning that it
cannot be removed because it's not empty at pkg_delete(1) time.
 2015-05-22 11:31:10 +00:00
jasper
7e7ecc3b15 remove another bunch of @rm -f, some of which were hiding the arguments no 
longer existed
 2015-05-18 11:29:37 +00:00
sthen
fe84f97f78 update to lz4-r129 2015-05-15 15:32:00 +00:00
ajacoutot
fe9bf95b16 +unzip,iconv 2015-05-11 23:07:21 +00:00
jasper
89d6207e73 update to libzip-1.0.1 2015-05-11 21:22:19 +00:00
czarkoff
c0c449206d consistent spacing 
OK sthen@
 2015-05-11 21:22:06 +00:00
czarkoff
87e407f2c6 add "iconv" flavor 
OK sthen@, stsp@
 2015-05-11 21:19:23 +00:00
jasper
00c8abbfa6 update to deco-1.6.3/deco-archive-1.6 2015-05-11 20:31:13 +00:00
sthen
764d4a86fe add some missing pthread to WANTLIB 
(using modified portbump, thanks zhuk@)

"exciting" one in databases/py-sqlalchemy; port had a bad PKG_ARCH=* line
and also contained .so modules.
 2015-04-21 18:40:20 +00:00
jca
b9a00f3919 Fold long line. 2015-04-19 17:53:59 +00:00
jca
5500f89cc2 Fix incorrect logic leading to a fatal assert when using the -q flag. 
Ports patch from Mikolaj Kucharski, source patch from Debian
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=299658),
upstream issue: http://sourceforge.net/p/parchive/bugs/37/
 2015-04-19 17:52:47 +00:00
naddy
d8f86af3c9 update to upstream tarball 5.2.7, still labeled version 5.21 2015-04-10 20:32:12 +00:00
naddy
074951595a update to 3.1.2; with jasper@ 2015-04-04 11:05:19 +00:00
sthen
9500439bfe Patch libzip for CVE-2015-2331; int overflow leading to a heap overflow. 
Upstream's patch depends on other changes; for us, we can simplify things
and just use reallocarray.
 2015-04-03 18:20:49 +00:00
naddy
4946712c9c update to 5.21 2015-04-03 11:58:51 +00:00
naddy
81691e03a5 Security fix for 
CVE-2015-2063: buffer overflow when reading bogus file headers

The header parser was not checking if it had read enough data when
trying to parse the header from memory, causing it to accept files
with headers smaller than expected.

From Debian
 2015-04-03 11:26:26 +00:00
naddy
b522e1f179 maintenance update to 5.2.1 and enable multi-threading; mostly from brad@ 2015-03-31 18:00:23 +00:00
naddy
c1d595ad3d CVE-2014-9112: Heap-based buffer overflow in the process_copy_in 
function allows remote attackers to cause a denial of service via
a large block value in a cpio archive.
Fix from a series of upstream commits by Sergey Poznyakoff, via Debian.

CVE-2015-1197: cpio, when using the --no-absolute-filenames option,
allows local users to write to arbitrary files via a symlink attack
on a file in an archive.
Fix from Vitezslav Cizek after 3.5 years of gestation in the SUSE
bug tracker, via Debian.

Also apply an upstream fix for some regression tests while here.
 2015-03-31 15:36:52 +00:00
benoit
a5bcb4ccdc Update to p5-PerlIO-gzip-0.19. 2015-03-29 09:23:49 +00:00
juanfra
d7718fd83f Update to p7zip 9.38.1. From Josh Grosse (MAINTAINER). 2015-03-16 17:20:40 +00:00
juanfra
916d6eef26 Update to pigz 2.3.3. From Thomas Pfaff (MAINTAINER). 2015-03-16 16:26:15 +00:00
sthen
63f1718ad8 update to lzo2-2.09 and take MAINTAINER 2015-03-16 09:40:10 +00:00
benoit
8995b4a1a1 Update to p5-Compress-Bzip2-2.22. 2015-03-15 17:45:11 +00:00
naddy
2235cd4981 switch from "-static" to "${STATIC}, i.e., build static PIE executables 
on most archs
 2015-03-14 20:52:46 +00:00
sthen
864bbedd53 Fix directory-traversal vulnerability involving long UTF-8 encodings. 
Nice write-up at http://www.openwall.com/lists/oss-security/2015/02/18/3
 2015-02-18 13:04:09 +00:00
naddy
eae40dae37 Security fixes: 
CVE-2014-8139: CRC32 verification heap-based overflow
CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
CVE-2014-8141: out-of-bounds read issues in getZip64Data()
CVE-2014-9636: out-of-bounds read/write in test_compr_eb()

Via Debian; ok sthen@
 2015-02-06 21:37:04 +00:00
sthen
3ad6c95bf2 Force a WANTLIB on libc for ports linked statically, to ensure they get updated 
following major updates in base. kurt is ok with this approach. ok naddy
 2015-02-04 21:16:11 +00:00
sthen
4e81609896 update to cabextract 1.5, embedded copy of libmspack is updated for 
security fixes (see recent commit to archivers/libmspack), additionally
cabextract now replaces bad Unicode characters in filenames with the
standard Unicode replacement character.
 2015-02-04 09:51:53 +00:00
sthen
34c7f77418 update to libmspack 0.5alpha (part 2: cvs didn't see the patches/ dir) 
null pointer dereference on a crafted CAB:
- https://bugs.debian.org/774665

CHM decompression: division by zero
- https://bugs.debian.org/774725

CHM decompression: pointer arithmetic overflow
- https://bugs.debian.org/774726

off-by-one buffer over-read in mspack/mszipd.c
- https://bugs.debian.org/775498

off-by-one buffer under-read in mspack/lzxd.c
- https://bugs.debian.org/775499

CHM decompression: another pointer arithmetic overflow
- https://bugs.debian.org/775687
 2015-02-04 09:46:37 +00:00