[pkgsrc/trunk]: pkgsrc/archivers/cabextract SECURITY: Update cabextract to 1.6.

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/ff9253942e0f
branches:  trunk
changeset: 649004:ff9253942e0f
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Fri Mar 27 16:49:55 2015 +0000

description:
SECURITY: Update cabextract to 1.6.

It fixes CVE-2015-2060, a directory traversal vulnerability.
A CAB file with overlong UTF-8 encodings for "/" can get its files extracted to
an absolute path instead of the current directory. [Debian bug #778753]
Under Cygwin, a CAB file using both "/" and "\" can evade checks for absolute
files and "../" directory traversals and can get its files extracted to any
path.

diffstat:

 archivers/cabextract/Makefile                      |   4 +-
 archivers/cabextract/distinfo                      |   9 ++---
 archivers/cabextract/patches/patch-mspack_system.h |  35 ----------------------
 3 files changed, 6 insertions(+), 42 deletions(-)

diffs (65 lines):

diff -r 0c1c20650e9c -r ff9253942e0f archivers/cabextract/Makefile
--- a/archivers/cabextract/Makefile     Fri Mar 27 16:12:22 2015 +0000
+++ b/archivers/cabextract/Makefile     Fri Mar 27 16:49:55 2015 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.26 2015/01/29 13:28:28 wiz Exp $
+# $NetBSD: Makefile,v 1.27 2015/03/27 16:49:55 bsiegert Exp $
 
-DISTNAME=      cabextract-1.5
+DISTNAME=      cabextract-1.6
 CATEGORIES=    archivers
 MASTER_SITES=  http://www.cabextract.org.uk/
 
diff -r 0c1c20650e9c -r ff9253942e0f archivers/cabextract/distinfo
--- a/archivers/cabextract/distinfo     Fri Mar 27 16:12:22 2015 +0000
+++ b/archivers/cabextract/distinfo     Fri Mar 27 16:49:55 2015 +0000
@@ -1,6 +1,5 @@
-$NetBSD: distinfo,v 1.14 2015/01/29 13:28:28 wiz Exp $
+$NetBSD: distinfo,v 1.15 2015/03/27 16:49:55 bsiegert Exp $
 
-SHA1 (cabextract-1.5.tar.gz) = 7ddb31072590a807bef09234f46f940e1ba51067
-RMD160 (cabextract-1.5.tar.gz) = a1f673aee26b13911eba14fca3b892f8f9cad501
-Size (cabextract-1.5.tar.gz) = 241010 bytes
-SHA1 (patch-mspack_system.h) = e997f6ea664e8fbf7b03ff9fb10fb8adc06d8779
+SHA1 (cabextract-1.6.tar.gz) = 64f6d5056d3e417a943648c23cb22218b7079ced
+RMD160 (cabextract-1.6.tar.gz) = 6b693c30aa4d6821b5e83b63a8dc9d58968268b7
+Size (cabextract-1.6.tar.gz) = 241731 bytes
diff -r 0c1c20650e9c -r ff9253942e0f archivers/cabextract/patches/patch-mspack_system.h
--- a/archivers/cabextract/patches/patch-mspack_system.h        Fri Mar 27 16:12:22 2015 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,35 +0,0 @@
-$NetBSD: patch-mspack_system.h,v 1.2 2011/05/13 04:10:47 adam Exp $
-
-Autoconf has already assured us of a 64-bit off_t.
-
---- mspack/system.h.orig       2011-04-26 17:15:21.000000000 +0000
-+++ mspack/system.h
-@@ -19,6 +19,7 @@ extern "C" {
- # include <config.h>
- #endif
- 
-+#include <inttypes.h>
- #include <mspack.h>
- 
- /* fix for problem with GCC 4 and glibc (thanks to Ville Skytta)
-@@ -57,18 +58,8 @@ extern "C" {
- # include <limits.h>
- #endif
- 
--#if ((defined(_FILE_OFFSET_BITS) && _FILE_OFFSET_BITS >= 64) || \
--     (defined(FILESIZEBITS)      && FILESIZEBITS      >= 64) || \
--     (defined(SIZEOF_OFF_T)      && SIZEOF_OFF_T      >= 8)  || \
--     defined(_LARGEFILE_SOURCE) || defined(_LARGEFILE64_SOURCE))
--# define LARGEFILE_SUPPORT
--# define LD "lld"
--# define LU "llu"
--#else
--extern const char *largefile_msg;
--# define LD "ld"
--# define LU "lu"
--#endif
-+#define LARGEFILE_SUPPORT
-+#define LD PRId64
- 
- /* endian-neutral reading of little-endian data */
- #define __egi32(a,n) ( ((((unsigned char *) a)[n+3]) << 24) | \