| 1 |
Hi, Chris. |
| 2 |
|
| 3 |
Thanks for exploring the new possibility of review via mailing list. I'm |
| 4 |
sorry that this take this long but we're a bit overburdened around here. |
| 5 |
|
| 6 |
On czw, 2017-08-10 at 22:14 -0500, Chris Rorvick wrote: |
| 7 |
> Gentoo-Bug: 143897 |
| 8 |
> Package-Manager: Portage-2.3.5, Repoman-2.3.1 |
| 9 |
> --- |
| 10 |
> app-crypt/outguess/Manifest | 1 + |
| 11 |
> ...utguess-0.2-avoid-implicit-function-usage.patch | 53 ++++++++++++++++++++++ |
| 12 |
> .../outguess-0.2-fix-printf-argument-types.patch | 34 ++++++++++++++ |
| 13 |
> ...0.2-fix-segfault-when-encoding-PNM-images.patch | 29 ++++++++++++ |
| 14 |
> .../outguess-0.2-pass-struct-size-to-memset.patch | 25 ++++++++++ |
| 15 |
> app-crypt/outguess/metadata.xml | 19 ++++++++ |
| 16 |
> app-crypt/outguess/outguess-0.2-r1.ebuild | 27 +++++++++++ |
| 17 |
> 7 files changed, 188 insertions(+) |
| 18 |
> create mode 100644 app-crypt/outguess/Manifest |
| 19 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch |
| 20 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch |
| 21 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch |
| 22 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch |
| 23 |
> create mode 100644 app-crypt/outguess/metadata.xml |
| 24 |
> create mode 100644 app-crypt/outguess/outguess-0.2-r1.ebuild |
| 25 |
> |
| 26 |
> diff --git a/app-crypt/outguess/Manifest b/app-crypt/outguess/Manifest |
| 27 |
> new file mode 100644 |
| 28 |
> index 00000000000..82f73b4f8d1 |
| 29 |
> --- /dev/null |
| 30 |
> +++ b/app-crypt/outguess/Manifest |
| 31 |
> @@ -0,0 +1 @@ |
| 32 |
> +DIST outguess-0.2.tar.gz 470638 SHA256 2f951ed7b9b9373fae8fe95616d49c83ae246cf53a2b60a82814228515bfa7d6 SHA512 2901e2e8f6495f1483897bfde2a84b658335aa733f3ad16959e6b906dec8675c72f5468a0f60b14d231ff64b7768be2cf06be6bbd833286f07a632a9ca45a1e6 WHIRLPOOL e7dca23e1074aeeba817b0ac57f835ca46bfce423735de4b41badafc95313d28c610b84728c91606f03f87f3c8785e714a2f233fda8a980c19bf0e8ca17ca10d |
| 33 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch b/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch |
| 34 |
> new file mode 100644 |
| 35 |
> index 00000000000..dccf3e90338 |
| 36 |
> --- /dev/null |
| 37 |
> +++ b/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch |
| 38 |
> @@ -0,0 +1,53 @@ |
| 39 |
> +From 425982db66dc038ffeb025e0f87f98b9b95e68f3 Mon Sep 17 00:00:00 2001 |
| 40 |
> +From: Chris Rorvick <chris@×××××××.com> |
| 41 |
> +Date: Wed, 31 Aug 2016 23:27:17 -0500 |
| 42 |
> +Subject: [PATCH] avoid implicit function usage |
| 43 |
> + |
| 44 |
> +Ensure functions are declared before they are used. |
| 45 |
> +--- |
| 46 |
> + jpeg-6b-steg/jcdctmgr.c | 2 ++ |
| 47 |
> + jpeg-6b-steg/jdcoefct.c | 2 ++ |
| 48 |
> + missing/md5.c | 1 + |
| 49 |
> + 3 files changed, 5 insertions(+) |
| 50 |
> + |
| 51 |
> +diff --git a/jpeg-6b-steg/jcdctmgr.c b/jpeg-6b-steg/jcdctmgr.c |
| 52 |
> +index 292648d..b68a7ba 100644 |
| 53 |
> +--- a/jpeg-6b-steg/jcdctmgr.c |
| 54 |
> ++++ b/jpeg-6b-steg/jcdctmgr.c |
| 55 |
> +@@ -40,6 +40,8 @@ typedef struct { |
| 56 |
> + |
| 57 |
> + typedef my_fdct_controller * my_fdct_ptr; |
| 58 |
> + |
| 59 |
> ++short steg_use_bit (unsigned short temp); |
| 60 |
> ++ |
| 61 |
> + |
| 62 |
> + /* |
| 63 |
> + * Initialize for a processing pass. |
| 64 |
> +diff --git a/jpeg-6b-steg/jdcoefct.c b/jpeg-6b-steg/jdcoefct.c |
| 65 |
> +index 6ffe53f..f38f4d5 100644 |
| 66 |
> +--- a/jpeg-6b-steg/jdcoefct.c |
| 67 |
> ++++ b/jpeg-6b-steg/jdcoefct.c |
| 68 |
> +@@ -74,6 +74,8 @@ METHODDEF(int) decompress_smooth_data |
| 69 |
> + JPP((j_decompress_ptr cinfo, JSAMPIMAGE output_buf)); |
| 70 |
> + #endif |
| 71 |
> + |
| 72 |
> ++short steg_use_bit (unsigned short temp); |
| 73 |
> ++ |
| 74 |
> + |
| 75 |
> + LOCAL(void) |
| 76 |
> + start_iMCU_row (j_decompress_ptr cinfo) |
| 77 |
> +diff --git a/missing/md5.c b/missing/md5.c |
| 78 |
> +index 7cb1d4d..314548a 100644 |
| 79 |
> +--- a/missing/md5.c |
| 80 |
> ++++ b/missing/md5.c |
| 81 |
> +@@ -28,6 +28,7 @@ |
| 82 |
> + #endif |
| 83 |
> + |
| 84 |
> + #include "md5.h" |
| 85 |
> ++#include <string.h> |
| 86 |
> + |
| 87 |
> + /* Little-endian byte-swapping routines. Note that these do not |
| 88 |
> + depend on the size of datatypes such as uint32, nor do they require |
| 89 |
> +-- |
| 90 |
> +2.9.3 |
| 91 |
> + |
| 92 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch b/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch |
| 93 |
> new file mode 100644 |
| 94 |
> index 00000000000..3142f590025 |
| 95 |
> --- /dev/null |
| 96 |
> +++ b/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch |
| 97 |
> @@ -0,0 +1,34 @@ |
| 98 |
> +From fab9e5815766d5ed0434b0ab82f17d2a11c9ad6d Mon Sep 17 00:00:00 2001 |
| 99 |
> +From: Chris Rorvick <chris@×××××××.com> |
| 100 |
> +Date: Wed, 31 Aug 2016 23:55:21 -0500 |
| 101 |
> +Subject: [PATCH] fix printf argument types |
| 102 |
> + |
| 103 |
> +--- |
| 104 |
> + outguess.c | 4 ++-- |
| 105 |
> + 1 file changed, 2 insertions(+), 2 deletions(-) |
| 106 |
> + |
| 107 |
> +diff --git a/outguess.c b/outguess.c |
| 108 |
> +index 557be9e..c0448b6 100644 |
| 109 |
> +--- a/outguess.c |
| 110 |
> ++++ b/outguess.c |
| 111 |
> +@@ -693,7 +693,7 @@ do_embed(bitmap *bitmap, u_char *filename, u_char *key, u_int klen, |
| 112 |
> + if (bitmap->maxcorrect && correctlen > bitmap->maxcorrect) { |
| 113 |
> + fprintf(stderr, "steg_embed: " |
| 114 |
> + "message larger than correctable size %d > %d\n", |
| 115 |
> +- correctlen, bitmap->maxcorrect); |
| 116 |
> ++ (int)correctlen, (int)bitmap->maxcorrect); |
| 117 |
|
| 118 |
Are you sure this is the correct solution here? I think it'd be better |
| 119 |
to change the printf format from %d to e.g. %ld? Or one of the |
| 120 |
inttypes.h consts if int*_t/uint*_t types are used. |
| 121 |
|
| 122 |
> + exit(1); |
| 123 |
> + } |
| 124 |
> + |
| 125 |
> +@@ -975,7 +975,7 @@ main(int argc, char **argv) |
| 126 |
> + if (bitmap.maxcorrect) |
| 127 |
> + fprintf(stderr, |
| 128 |
> + "Correctable message size: %d bits, %0.2f%%\n", |
| 129 |
> +- bitmap.maxcorrect, |
| 130 |
> ++ (int)bitmap.maxcorrect, |
| 131 |
> + (float)100*bitmap.maxcorrect/bitmap.bits); |
| 132 |
> + } |
| 133 |
> + |
| 134 |
> +-- |
| 135 |
> +2.9.3 |
| 136 |
> + |
| 137 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch b/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch |
| 138 |
> new file mode 100644 |
| 139 |
> index 00000000000..40c44a21bd6 |
| 140 |
> --- /dev/null |
| 141 |
> +++ b/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch |
| 142 |
> @@ -0,0 +1,29 @@ |
| 143 |
> +From 78096e8fb29f7b639b913472f089f90f9bf21ed2 Mon Sep 17 00:00:00 2001 |
| 144 |
> +From: Chris Rorvick <chris@×××××××.com> |
| 145 |
> +Date: Thu, 1 Sep 2016 00:43:06 -0500 |
| 146 |
> +Subject: [PATCH] fix segfault when encoding PNM images |
| 147 |
> + |
| 148 |
> +OutGuess 0.2 added the ability to preserve frequency counts in JPEG |
| 149 |
> +images to foil statistical tests. This was stubbed out in the PNM |
| 150 |
> +driver but forgot to do some necessary setup. Assign `bitmap.preserve' |
| 151 |
> +accordingly to avoid calling a null pointer. |
| 152 |
> +--- |
| 153 |
> + pnm.c | 2 ++ |
| 154 |
> + 1 file changed, 2 insertions(+) |
| 155 |
> + |
| 156 |
> +diff --git a/pnm.c b/pnm.c |
| 157 |
> +index 3bfc330..f1aa65d 100644 |
| 158 |
> +--- a/pnm.c |
| 159 |
> ++++ b/pnm.c |
| 160 |
> +@@ -63,6 +63,8 @@ init_pnm(char *parameter) |
| 161 |
> + int |
| 162 |
> + preserve_pnm(bitmap *bitmap, int off) |
| 163 |
> + { |
| 164 |
> ++ if (off == -1) |
| 165 |
> ++ bitmap->preserve = preserve_pnm; |
| 166 |
> + |
| 167 |
> + return (-1); |
| 168 |
|
| 169 |
Is it really supposed to return -1 in this case? The whole function |
| 170 |
looks quite weird to me. |
| 171 |
|
| 172 |
> + } |
| 173 |
> +-- |
| 174 |
> +2.9.3 |
| 175 |
> + |
| 176 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch b/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch |
| 177 |
> new file mode 100644 |
| 178 |
> index 00000000000..f1b1458d428 |
| 179 |
> --- /dev/null |
| 180 |
> +++ b/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch |
| 181 |
> @@ -0,0 +1,25 @@ |
| 182 |
> +From 37a4bf9523f18e5e1b064becf50112d47fae2acd Mon Sep 17 00:00:00 2001 |
| 183 |
> +From: Chris Rorvick <chris@×××××××.com> |
| 184 |
> +Date: Thu, 1 Sep 2016 01:49:14 -0500 |
| 185 |
> +Subject: [PATCH] pass struct size to memset(), not pointer size |
| 186 |
> + |
| 187 |
> +--- |
| 188 |
> + missing/md5.c | 2 +- |
| 189 |
> + 1 file changed, 1 insertion(+), 1 deletion(-) |
| 190 |
> + |
| 191 |
> +diff --git a/missing/md5.c b/missing/md5.c |
| 192 |
> +index 314548a..2da3835 100644 |
| 193 |
> +--- a/missing/md5.c |
| 194 |
> ++++ b/missing/md5.c |
| 195 |
> +@@ -168,7 +168,7 @@ MD5Final(digest, ctx) |
| 196 |
> + putu32(ctx->buf[1], digest + 4); |
| 197 |
> + putu32(ctx->buf[2], digest + 8); |
| 198 |
> + putu32(ctx->buf[3], digest + 12); |
| 199 |
> +- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ |
| 200 |
> ++ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ |
| 201 |
> + } |
| 202 |
> + |
| 203 |
> + #ifndef ASM_MD5 |
| 204 |
> +-- |
| 205 |
> +2.9.3 |
| 206 |
> + |
| 207 |
> diff --git a/app-crypt/outguess/metadata.xml b/app-crypt/outguess/metadata.xml |
| 208 |
> new file mode 100644 |
| 209 |
> index 00000000000..c47298e10ff |
| 210 |
> --- /dev/null |
| 211 |
> +++ b/app-crypt/outguess/metadata.xml |
| 212 |
> @@ -0,0 +1,19 @@ |
| 213 |
> +<?xml version="1.0" encoding="UTF-8"?> |
| 214 |
> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">; |
| 215 |
> +<pkgmetadata> |
| 216 |
> + <maintainer type="person"> |
| 217 |
> + <email>chris@×××××××.com |
| 218 |
|
| 219 |
It seems that there is no Gentoo Bugzilla address registered with this |
| 220 |
e-mail address. This field is used to assign bugs, so please either |
| 221 |
register one or adjust the e-mails to match your account. |
| 222 |
|
| 223 |
> + <name>Chris Rorvick</name> |
| 224 |
> + </maintainer> |
| 225 |
|
| 226 |
You need to include proxy-maint team here to commit for you. |
| 227 |
|
| 228 |
> + <longdescription lang="en"> |
| 229 |
> + OutGuess is a universal steganographic tool that allows the |
| 230 |
> + insertion of hidden information into the redundant bits of data |
| 231 |
> + sources. The nature of the data source is irrelevant to the core of |
| 232 |
> + OutGuess. The program relies on data specific handlers that will |
| 233 |
> + extract redundant bits and write them back after modification. In |
| 234 |
> + this version the PNM and JPEG image formats are supported. In the |
| 235 |
> + next paragraphs, images will be used as concrete example of data |
| 236 |
> + objects, though OutGuess can use any kind of data, as long as a |
| 237 |
> + handler is provided. |
| 238 |
> + </longdescription> |
| 239 |
> +</pkgmetadata> |
| 240 |
> diff --git a/app-crypt/outguess/outguess-0.2-r1.ebuild b/app-crypt/outguess/outguess-0.2-r1.ebuild |
| 241 |
> new file mode 100644 |
| 242 |
> index 00000000000..69d882b2ad3 |
| 243 |
> --- /dev/null |
| 244 |
> +++ b/app-crypt/outguess/outguess-0.2-r1.ebuild |
| 245 |
> @@ -0,0 +1,27 @@ |
| 246 |
> +# Copyright 1999-2017 Gentoo Foundation |
| 247 |
> +# Distributed under the terms of the GNU General Public License v2 |
| 248 |
> + |
| 249 |
> +EAPI=6 |
| 250 |
> + |
| 251 |
> +DESCRIPTION="A universal tool for inserting steganographic information into other data" |
| 252 |
> +HOMEPAGE="http://www.outguess.org/" |
| 253 |
|
| 254 |
This homepage doesn't seem to work. |
| 255 |
|
| 256 |
> +SRC_URI="https://dl.packetstormsecurity.net/crypt/stego/outguess-0.2.tar.gz" |
| 257 |
|
| 258 |
Please use ${P}.tar.gz to avoid having to update the URL every time |
| 259 |
version changes. Even if you don't predict it ever happening. |
| 260 |
|
| 261 |
> + |
| 262 |
> +LICENSE="BSD" |
| 263 |
> +SLOT="0" |
| 264 |
> +KEYWORDS="~amd64 ~x86" |
| 265 |
> +IUSE="" |
| 266 |
> + |
| 267 |
> +PATCHES=( |
| 268 |
> + "${FILESDIR}"/${P}-fix-segfault-when-encoding-PNM-images.patch |
| 269 |
> + "${FILESDIR}"/${P}-pass-struct-size-to-memset.patch |
| 270 |
> + "${FILESDIR}"/${P}-avoid-implicit-function-usage.patch |
| 271 |
> + "${FILESDIR}"/${P}-fix-printf-argument-types.patch |
| 272 |
> +) |
| 273 |
> + |
| 274 |
> +S=${WORKDIR}/${PN} |
| 275 |
> + |
| 276 |
> +src_install() { |
| 277 |
> + dobin outguess |
| 278 |
> + doman outguess.1 |
| 279 |
> +} |
| 280 |
|
| 281 |
To be honest, I have mixed feelings about this package. It seems to be |
| 282 |
completely dead and requires a lot of patches. I see you have a GitHub |
| 283 |
fork of it though. |
| 284 |
|
| 285 |
If you're really interested in it, then I think it'd be reasonable if |
| 286 |
you just packaged your own fork/continuation, i.e. made a new fixed |
| 287 |
release instead of including all the patches inline. Of course, this |
| 288 |
also assumes you're willing to fix any bugs there might arise |
| 289 |
in the future. |
| 290 |
|
| 291 |
Otherwise, I don't really see us including a package that's been |
| 292 |
abandoned in 2001 and has a lot of known issues. |
| 293 |
|
| 294 |
-- |
| 295 |
Best regards, |
| 296 |
Michał Górny |
Archives