Skip to content
Commits on Mar 30, 2016
  1. Update NEWS, bump version number.

    committed Mar 29, 2016
    Update to v0.3.1 for security release.
Commits on Mar 17, 2016
  1. Fix integer underflow vulnerability in L3 decode.

    committed Mar 17, 2016
    Marcin 'Icewall' Noga of Cisco TALOS discovered that the level 3 header
    decoding routines were vulnerable to an integer underflow, if the 32-bit
    header length was less than the base level 3 header length. This could
    lead to an exploitable heap corruption condition.
    
    Thanks go to Marcin Noga and Regina Wilson of Cisco TALOS for reporting
    this vulnerability.
Commits on Apr 20, 2015
  1. Update NEWS, bump version number.

    committed Apr 20, 2015
    Update to v0.3.0.
Commits on Mar 10, 2015
  1. Tweak Travis build command to be more efficient.

    committed Mar 9, 2015
    Running autogen.sh also runs configure, so there is no need to run
    configure explicitly.
Commits on Mar 9, 2015
  1. Add Travis continuous integration config file.

    committed Mar 9, 2015
    Just adding this to test out travis-ci.org.
Commits on Mar 8, 2015
  1. lz5: Fill initial history buffer correctly.

    committed Mar 8, 2015
    The -lz5- history buffer contains certain pre-filled patterns which are
    useful to copy from. There are archives in the wild (such as lzsfx33.lzs)
    that rely on these initial patterns and will not extract correctly without
    them, so fill the buffer correctly and add a constructed test archive
    that performs copies from the entire history buffer to check that it is
    filled correctly.
    
    This fixes #13. Thanks to roytam1 for the bug report.
  2. Tweak command output to account for sed differences.

    committed Mar 8, 2015
    BSD sed always includes a newline at the end of files, while GNU sed
    doesn't. Add an extra command to the 'sed' transformation when
    translating command output, so that the output is consistent across
    platforms.
  3. Stop using sed -i, as it doesn't seem portable.

    committed Mar 8, 2015
    On BSD systems like OS X, sed -i '' disables saving backup files, but
    this doesn't work with GNU sed. GNU sed's way of disabling backup files
    seems to be to just not provide an argument to -i, which doesn't work
    with BSD sed. Instead, just refactor test code so that sed -i isn't
    used.
  4. Fix more tests that fail because of OS X differences.

    committed Mar 8, 2015
    * OS X's version of sed doesn't seem to support \r in regexps. Change
      to a sed command line that works and is clearer.
    * sed -i option must be given a backup file extension, even if it is
      the empty string to indicate no backup.
  5. Fix mktemp arguments for OS X.

    committed Mar 8, 2015
    With the OS X version of mktemp, -td behaves differently to -dt
    (generating a temporary directory *and* a file according to a template,
    rather than a temporary directory named according to a template.
    Change the argument ordering to fix this.
Commits on Oct 23, 2014
  1. Merge pull request #17 from jmtd/master

    committed Oct 22, 2014
    Move temp-directory creation/deletion into common
Commits on Oct 22, 2014
  1. Merge pull request #16 from jmtd/master

    committed Oct 22, 2014
    test-extract: Use mktemp for working directory
Commits on Oct 21, 2014
  1. @jmtd

    Move temp-directory creation/deletion into common

    jmtd committed Oct 21, 2014
    My previous patches added temp directory creation and deletion into each
    individual test script. I'd missed deletion in two cases, meaning your
    $TMPDIR would be left with unnecessary folders on each test run.
    
    This patch fixes that problem but also moves temp directory creation
    into test_common.sh. This results in temp directory sharing across
    different invocations of the same tests, simplifying matters and shaving
    a little bit off the test run execution time.
  2. @jmtd

    test-extract: Use mktemp for working directory

    jmtd committed Oct 21, 2014
    Adjust test-extract to use a working directory created using
    mktemp, to avoid predictable filenames and symlink-attacks in
    /tmp.
    
    This completes the work begun in d42ed05.
Commits on Jul 12, 2014
  1. Merge pull request #15 from jmtd/master

    committed Jul 12, 2014
    Stop using predictable paths under /tmp for tests
Commits on Jul 4, 2014
  1. @jmtd

    Stop using predictable paths under /tmp for tests

    jmtd committed Jul 4, 2014
    Most of the tests use predicable paths for intermediate files in /tmp.
    This is a problem on multi-user systems, as it makes the test suite
    vulnerable to symlink attacks. It may also cause problems with things
    like buildds.
    
    All tests except 'test-extract' are fixed in this patch (that's a
    bigger piece of work).
Commits on Sep 13, 2013
  1. Change -pm1- end of file handling.

    committed Sep 12, 2013
    Fix the special-case handling at the end of -pm1- decompression to
    generate additional input data, rather than EOF characters at the end.
    This fixes some further files that were failing with CRC errors.
Commits on Sep 11, 2013
  1. Add test -pm1- archive.

    committed Sep 10, 2013
    This is an actual -pm1- archive found in the wild containing a
    compressed file that exhibits the CRC bug if not padded at the end
    with EOF characters.
  2. Pad end of -pm1- streams with EOF.

    committed Sep 10, 2013
    Some -pm1- archives in the wild fail to extract with CRC errors; the
    files extract correctly if they are padded to their full expected
    length with EOF characters.
Commits on Aug 3, 2013
  1. Update NEWS, bump to v0.2.0.

    committed Aug 4, 2013
  2. Remove lha_arch_chdir.

    committed Aug 3, 2013
    Since refactoring extract.c, lha_arch_chdir is now unused.
  3. Fix output when using the -w option.

    committed Aug 3, 2013
    Refactor extract.c to be cleaner and correct the output when using the
    -w command line option: the extract path should be included in the
    extracted paths.
Commits on Aug 1, 2013
  1. Add implementation of lha -p.

    committed Aug 1, 2013
    The -p command allows the contents of archives to be printed to
    stdout. Add support for this along with tests.
Commits on Jul 24, 2013
  1. Add decoder for unlha32.dll -lhx- format.

    committed Jul 24, 2013
    Thanks to Multi for providing the patch.
Commits on Mar 30, 2013
  1. Detect unseekable files and don't try to seek.

    committed Mar 30, 2013
    The previous functionality used the fallback behavior when a call
    to fseek() failed, but under Windows the seek can partially succeed
    even if a failure occurs. Use ftell() to detect when the input is
    unseekable and then always use the fallback behavior.
  2. Remove use of .libs for Windows build.

    committed Mar 30, 2013
    Under Windows the package should be configured to disable shared
    library build.
Commits on Mar 18, 2013
  1. Initialize deferred_symlinks pointer correctly.

    committed Mar 18, 2013
    Use calloc() in place of malloc() in several places.
Commits on Mar 16, 2013
  1. Fix skipping in stream inputs.

    committed Mar 16, 2013
    The existing test was piping input from a file, not an IPC pipe,
    so wasn't a proper test. Fix the test and make skipping in pipes
    work.
Commits on Mar 11, 2013
Commits on Mar 10, 2013
  1. Add extract tests for symlink archives.

    committed Mar 10, 2013
    Also refactor how file properties are read from -hdr files.
Commits on Feb 28, 2013
  1. @jengelh

    build: support for automake-1.13

    jengelh committed Mar 1, 2013
    AM_CONFIG_HEADER is long obsolete; replace by the more timely
    AC_CONFIG_HEADERS. Also nuke that ancient AM_INIT_AUTOMAKE syntax.
Something went wrong with that request. Please try again.