Permalink
Commits on Mar 30, 2018
  1. Merge pull request #29 from polluks/patch-2

    fragglet committed Mar 30, 2018
    Prettier synopsis
  2. prittier synopsis

    polluks committed Mar 30, 2018
Commits on Mar 15, 2018
  1. Merge pull request #28 from polluks/patch-1

    fragglet committed Mar 15, 2018
    Fixed usage
Commits on Mar 13, 2018
  1. Fixed usage

    polluks committed Mar 13, 2018
Commits on Nov 12, 2017
  1. Merge pull request #24 from jwilk-forks/spelling

    fragglet committed Nov 12, 2017
    Fix typos
  2. Fix typos

    jwilk committed Nov 12, 2017
  3. Merge pull request #22 from jwilk-forks/intoverflow

    fragglet committed Nov 12, 2017
    Fix integer overflow in lha_decode_uint32(), lha_decode_be_uint32()
  4. Add '-p' to man page.

    fragglet committed Nov 12, 2017
    This wasn't updated when the '-p' option was added.
    
    This fixes #23.
Commits on Nov 6, 2017
  1. Fix integer overflow in lha_decode_uint32(), lha_decode_be_uint32()

    jwilk committed Nov 6, 2017
    uint8_t was automatically promoted to int, and then left shift by 24
    could overflow it. Add explicit casts to uint32_t to avoid undefined
    behavior.
Commits on Jul 14, 2016
  1. Merge pull request #19 from waldyrious/patch-1

    fragglet committed Jul 14, 2016
    add license title
  2. add license title

    waldyrious committed Jul 14, 2016
Commits on Mar 30, 2016
  1. Update NEWS, bump version number.

    fragglet committed Mar 30, 2016
    Update to v0.3.1 for security release.
Commits on Mar 17, 2016
  1. Fix integer underflow vulnerability in L3 decode.

    fragglet committed Mar 17, 2016
    Marcin 'Icewall' Noga of Cisco TALOS discovered that the level 3 header
    decoding routines were vulnerable to an integer underflow, if the 32-bit
    header length was less than the base level 3 header length. This could
    lead to an exploitable heap corruption condition.
    
    Thanks go to Marcin Noga and Regina Wilson of Cisco TALOS for reporting
    this vulnerability.
Commits on Apr 20, 2015
  1. Update NEWS, bump version number.

    fragglet committed Apr 20, 2015
    Update to v0.3.0.
Commits on Mar 10, 2015
  1. Tweak Travis build command to be more efficient.

    fragglet committed Mar 10, 2015
    Running autogen.sh also runs configure, so there is no need to run
    configure explicitly.
Commits on Mar 9, 2015
  1. Add Travis continuous integration config file.

    fragglet committed Mar 9, 2015
    Just adding this to test out travis-ci.org.
Commits on Mar 8, 2015
  1. lz5: Fill initial history buffer correctly.

    fragglet committed Mar 8, 2015
    The -lz5- history buffer contains certain pre-filled patterns which are
    useful to copy from. There are archives in the wild (such as lzsfx33.lzs)
    that rely on these initial patterns and will not extract correctly without
    them, so fill the buffer correctly and add a constructed test archive
    that performs copies from the entire history buffer to check that it is
    filled correctly.
    
    This fixes #13. Thanks to roytam1 for the bug report.
  2. Tweak command output to account for sed differences.

    fragglet committed Mar 8, 2015
    BSD sed always includes a newline at the end of files, while GNU sed
    doesn't. Add an extra command to the 'sed' transformation when
    translating command output, so that the output is consistent across
    platforms.
  3. Stop using sed -i, as it doesn't seem portable.

    fragglet committed Mar 8, 2015
    On BSD systems like OS X, sed -i '' disables saving backup files, but
    this doesn't work with GNU sed. GNU sed's way of disabling backup files
    seems to be to just not provide an argument to -i, which doesn't work
    with BSD sed. Instead, just refactor test code so that sed -i isn't
    used.
  4. Fix more tests that fail because of OS X differences.

    fragglet committed Mar 8, 2015
    * OS X's version of sed doesn't seem to support \r in regexps. Change
      to a sed command line that works and is clearer.
    * sed -i option must be given a backup file extension, even if it is
      the empty string to indicate no backup.
  5. Fix mktemp arguments for OS X.

    fragglet committed Mar 8, 2015
    With the OS X version of mktemp, -td behaves differently to -dt
    (generating a temporary directory *and* a file according to a template,
    rather than a temporary directory named according to a template.
    Change the argument ordering to fix this.
Commits on Oct 23, 2014
  1. Merge pull request #17 from jmtd/master

    fragglet committed Oct 23, 2014
    Move temp-directory creation/deletion into common
Commits on Oct 22, 2014
  1. Merge pull request #16 from jmtd/master

    fragglet committed Oct 22, 2014
    test-extract: Use mktemp for working directory
Commits on Oct 21, 2014
  1. Move temp-directory creation/deletion into common

    jmtd committed Oct 21, 2014
    My previous patches added temp directory creation and deletion into each
    individual test script. I'd missed deletion in two cases, meaning your
    $TMPDIR would be left with unnecessary folders on each test run.
    
    This patch fixes that problem but also moves temp directory creation
    into test_common.sh. This results in temp directory sharing across
    different invocations of the same tests, simplifying matters and shaving
    a little bit off the test run execution time.
  2. test-extract: Use mktemp for working directory

    jmtd committed Oct 20, 2014
    Adjust test-extract to use a working directory created using
    mktemp, to avoid predictable filenames and symlink-attacks in
    /tmp.
    
    This completes the work begun in d42ed05.
Commits on Jul 12, 2014
  1. Merge pull request #15 from jmtd/master

    fragglet committed Jul 12, 2014
    Stop using predictable paths under /tmp for tests
Commits on Jul 4, 2014
  1. Stop using predictable paths under /tmp for tests

    jmtd committed Jul 4, 2014
    Most of the tests use predicable paths for intermediate files in /tmp.
    This is a problem on multi-user systems, as it makes the test suite
    vulnerable to symlink attacks. It may also cause problems with things
    like buildds.
    
    All tests except 'test-extract' are fixed in this patch (that's a
    bigger piece of work).
Commits on Sep 13, 2013
  1. Change -pm1- end of file handling.

    fragglet committed Sep 13, 2013
    Fix the special-case handling at the end of -pm1- decompression to
    generate additional input data, rather than EOF characters at the end.
    This fixes some further files that were failing with CRC errors.
Commits on Sep 11, 2013
  1. Add test -pm1- archive.

    fragglet committed Sep 11, 2013
    This is an actual -pm1- archive found in the wild containing a
    compressed file that exhibits the CRC bug if not padded at the end
    with EOF characters.
  2. Pad end of -pm1- streams with EOF.

    fragglet committed Sep 11, 2013
    Some -pm1- archives in the wild fail to extract with CRC errors; the
    files extract correctly if they are padded to their full expected
    length with EOF characters.
Commits on Aug 3, 2013
  1. Remove lha_arch_chdir.

    fragglet committed Aug 3, 2013
    Since refactoring extract.c, lha_arch_chdir is now unused.
  2. Fix output when using the -w option.

    fragglet committed Aug 3, 2013
    Refactor extract.c to be cleaner and correct the output when using the
    -w command line option: the extract path should be included in the
    extracted paths.
Commits on Aug 1, 2013
  1. Add implementation of lha -p.

    fragglet committed Aug 1, 2013
    The -p command allows the contents of archives to be printed to
    stdout. Add support for this along with tests.