1 |
Hi, Chris. |
2 |
|
3 |
Thanks for exploring the new possibility of review via mailing list. I'm |
4 |
sorry that this take this long but we're a bit overburdened around here. |
5 |
|
6 |
On czw, 2017-08-10 at 22:14 -0500, Chris Rorvick wrote: |
7 |
> Gentoo-Bug: 143897 |
8 |
> Package-Manager: Portage-2.3.5, Repoman-2.3.1 |
9 |
> --- |
10 |
> app-crypt/outguess/Manifest | 1 + |
11 |
> ...utguess-0.2-avoid-implicit-function-usage.patch | 53 ++++++++++++++++++++++ |
12 |
> .../outguess-0.2-fix-printf-argument-types.patch | 34 ++++++++++++++ |
13 |
> ...0.2-fix-segfault-when-encoding-PNM-images.patch | 29 ++++++++++++ |
14 |
> .../outguess-0.2-pass-struct-size-to-memset.patch | 25 ++++++++++ |
15 |
> app-crypt/outguess/metadata.xml | 19 ++++++++ |
16 |
> app-crypt/outguess/outguess-0.2-r1.ebuild | 27 +++++++++++ |
17 |
> 7 files changed, 188 insertions(+) |
18 |
> create mode 100644 app-crypt/outguess/Manifest |
19 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch |
20 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch |
21 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch |
22 |
> create mode 100644 app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch |
23 |
> create mode 100644 app-crypt/outguess/metadata.xml |
24 |
> create mode 100644 app-crypt/outguess/outguess-0.2-r1.ebuild |
25 |
> |
26 |
> diff --git a/app-crypt/outguess/Manifest b/app-crypt/outguess/Manifest |
27 |
> new file mode 100644 |
28 |
> index 00000000000..82f73b4f8d1 |
29 |
> --- /dev/null |
30 |
> +++ b/app-crypt/outguess/Manifest |
31 |
> @@ -0,0 +1 @@ |
32 |
> +DIST outguess-0.2.tar.gz 470638 SHA256 2f951ed7b9b9373fae8fe95616d49c83ae246cf53a2b60a82814228515bfa7d6 SHA512 2901e2e8f6495f1483897bfde2a84b658335aa733f3ad16959e6b906dec8675c72f5468a0f60b14d231ff64b7768be2cf06be6bbd833286f07a632a9ca45a1e6 WHIRLPOOL e7dca23e1074aeeba817b0ac57f835ca46bfce423735de4b41badafc95313d28c610b84728c91606f03f87f3c8785e714a2f233fda8a980c19bf0e8ca17ca10d |
33 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch b/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch |
34 |
> new file mode 100644 |
35 |
> index 00000000000..dccf3e90338 |
36 |
> --- /dev/null |
37 |
> +++ b/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage.patch |
38 |
> @@ -0,0 +1,53 @@ |
39 |
> +From 425982db66dc038ffeb025e0f87f98b9b95e68f3 Mon Sep 17 00:00:00 2001 |
40 |
> +From: Chris Rorvick <chris@×××××××.com> |
41 |
> +Date: Wed, 31 Aug 2016 23:27:17 -0500 |
42 |
> +Subject: [PATCH] avoid implicit function usage |
43 |
> + |
44 |
> +Ensure functions are declared before they are used. |
45 |
> +--- |
46 |
> + jpeg-6b-steg/jcdctmgr.c | 2 ++ |
47 |
> + jpeg-6b-steg/jdcoefct.c | 2 ++ |
48 |
> + missing/md5.c | 1 + |
49 |
> + 3 files changed, 5 insertions(+) |
50 |
> + |
51 |
> +diff --git a/jpeg-6b-steg/jcdctmgr.c b/jpeg-6b-steg/jcdctmgr.c |
52 |
> +index 292648d..b68a7ba 100644 |
53 |
> +--- a/jpeg-6b-steg/jcdctmgr.c |
54 |
> ++++ b/jpeg-6b-steg/jcdctmgr.c |
55 |
> +@@ -40,6 +40,8 @@ typedef struct { |
56 |
> + |
57 |
> + typedef my_fdct_controller * my_fdct_ptr; |
58 |
> + |
59 |
> ++short steg_use_bit (unsigned short temp); |
60 |
> ++ |
61 |
> + |
62 |
> + /* |
63 |
> + * Initialize for a processing pass. |
64 |
> +diff --git a/jpeg-6b-steg/jdcoefct.c b/jpeg-6b-steg/jdcoefct.c |
65 |
> +index 6ffe53f..f38f4d5 100644 |
66 |
> +--- a/jpeg-6b-steg/jdcoefct.c |
67 |
> ++++ b/jpeg-6b-steg/jdcoefct.c |
68 |
> +@@ -74,6 +74,8 @@ METHODDEF(int) decompress_smooth_data |
69 |
> + JPP((j_decompress_ptr cinfo, JSAMPIMAGE output_buf)); |
70 |
> + #endif |
71 |
> + |
72 |
> ++short steg_use_bit (unsigned short temp); |
73 |
> ++ |
74 |
> + |
75 |
> + LOCAL(void) |
76 |
> + start_iMCU_row (j_decompress_ptr cinfo) |
77 |
> +diff --git a/missing/md5.c b/missing/md5.c |
78 |
> +index 7cb1d4d..314548a 100644 |
79 |
> +--- a/missing/md5.c |
80 |
> ++++ b/missing/md5.c |
81 |
> +@@ -28,6 +28,7 @@ |
82 |
> + #endif |
83 |
> + |
84 |
> + #include "md5.h" |
85 |
> ++#include <string.h> |
86 |
> + |
87 |
> + /* Little-endian byte-swapping routines. Note that these do not |
88 |
> + depend on the size of datatypes such as uint32, nor do they require |
89 |
> +-- |
90 |
> +2.9.3 |
91 |
> + |
92 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch b/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch |
93 |
> new file mode 100644 |
94 |
> index 00000000000..3142f590025 |
95 |
> --- /dev/null |
96 |
> +++ b/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.patch |
97 |
> @@ -0,0 +1,34 @@ |
98 |
> +From fab9e5815766d5ed0434b0ab82f17d2a11c9ad6d Mon Sep 17 00:00:00 2001 |
99 |
> +From: Chris Rorvick <chris@×××××××.com> |
100 |
> +Date: Wed, 31 Aug 2016 23:55:21 -0500 |
101 |
> +Subject: [PATCH] fix printf argument types |
102 |
> + |
103 |
> +--- |
104 |
> + outguess.c | 4 ++-- |
105 |
> + 1 file changed, 2 insertions(+), 2 deletions(-) |
106 |
> + |
107 |
> +diff --git a/outguess.c b/outguess.c |
108 |
> +index 557be9e..c0448b6 100644 |
109 |
> +--- a/outguess.c |
110 |
> ++++ b/outguess.c |
111 |
> +@@ -693,7 +693,7 @@ do_embed(bitmap *bitmap, u_char *filename, u_char *key, u_int klen, |
112 |
> + if (bitmap->maxcorrect && correctlen > bitmap->maxcorrect) { |
113 |
> + fprintf(stderr, "steg_embed: " |
114 |
> + "message larger than correctable size %d > %d\n", |
115 |
> +- correctlen, bitmap->maxcorrect); |
116 |
> ++ (int)correctlen, (int)bitmap->maxcorrect); |
117 |
|
118 |
Are you sure this is the correct solution here? I think it'd be better |
119 |
to change the printf format from %d to e.g. %ld? Or one of the |
120 |
inttypes.h consts if int*_t/uint*_t types are used. |
121 |
|
122 |
> + exit(1); |
123 |
> + } |
124 |
> + |
125 |
> +@@ -975,7 +975,7 @@ main(int argc, char **argv) |
126 |
> + if (bitmap.maxcorrect) |
127 |
> + fprintf(stderr, |
128 |
> + "Correctable message size: %d bits, %0.2f%%\n", |
129 |
> +- bitmap.maxcorrect, |
130 |
> ++ (int)bitmap.maxcorrect, |
131 |
> + (float)100*bitmap.maxcorrect/bitmap.bits); |
132 |
> + } |
133 |
> + |
134 |
> +-- |
135 |
> +2.9.3 |
136 |
> + |
137 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch b/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch |
138 |
> new file mode 100644 |
139 |
> index 00000000000..40c44a21bd6 |
140 |
> --- /dev/null |
141 |
> +++ b/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PNM-images.patch |
142 |
> @@ -0,0 +1,29 @@ |
143 |
> +From 78096e8fb29f7b639b913472f089f90f9bf21ed2 Mon Sep 17 00:00:00 2001 |
144 |
> +From: Chris Rorvick <chris@×××××××.com> |
145 |
> +Date: Thu, 1 Sep 2016 00:43:06 -0500 |
146 |
> +Subject: [PATCH] fix segfault when encoding PNM images |
147 |
> + |
148 |
> +OutGuess 0.2 added the ability to preserve frequency counts in JPEG |
149 |
> +images to foil statistical tests. This was stubbed out in the PNM |
150 |
> +driver but forgot to do some necessary setup. Assign `bitmap.preserve' |
151 |
> +accordingly to avoid calling a null pointer. |
152 |
> +--- |
153 |
> + pnm.c | 2 ++ |
154 |
> + 1 file changed, 2 insertions(+) |
155 |
> + |
156 |
> +diff --git a/pnm.c b/pnm.c |
157 |
> +index 3bfc330..f1aa65d 100644 |
158 |
> +--- a/pnm.c |
159 |
> ++++ b/pnm.c |
160 |
> +@@ -63,6 +63,8 @@ init_pnm(char *parameter) |
161 |
> + int |
162 |
> + preserve_pnm(bitmap *bitmap, int off) |
163 |
> + { |
164 |
> ++ if (off == -1) |
165 |
> ++ bitmap->preserve = preserve_pnm; |
166 |
> + |
167 |
> + return (-1); |
168 |
|
169 |
Is it really supposed to return -1 in this case? The whole function |
170 |
looks quite weird to me. |
171 |
|
172 |
> + } |
173 |
> +-- |
174 |
> +2.9.3 |
175 |
> + |
176 |
> diff --git a/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch b/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch |
177 |
> new file mode 100644 |
178 |
> index 00000000000..f1b1458d428 |
179 |
> --- /dev/null |
180 |
> +++ b/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.patch |
181 |
> @@ -0,0 +1,25 @@ |
182 |
> +From 37a4bf9523f18e5e1b064becf50112d47fae2acd Mon Sep 17 00:00:00 2001 |
183 |
> +From: Chris Rorvick <chris@×××××××.com> |
184 |
> +Date: Thu, 1 Sep 2016 01:49:14 -0500 |
185 |
> +Subject: [PATCH] pass struct size to memset(), not pointer size |
186 |
> + |
187 |
> +--- |
188 |
> + missing/md5.c | 2 +- |
189 |
> + 1 file changed, 1 insertion(+), 1 deletion(-) |
190 |
> + |
191 |
> +diff --git a/missing/md5.c b/missing/md5.c |
192 |
> +index 314548a..2da3835 100644 |
193 |
> +--- a/missing/md5.c |
194 |
> ++++ b/missing/md5.c |
195 |
> +@@ -168,7 +168,7 @@ MD5Final(digest, ctx) |
196 |
> + putu32(ctx->buf[1], digest + 4); |
197 |
> + putu32(ctx->buf[2], digest + 8); |
198 |
> + putu32(ctx->buf[3], digest + 12); |
199 |
> +- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ |
200 |
> ++ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ |
201 |
> + } |
202 |
> + |
203 |
> + #ifndef ASM_MD5 |
204 |
> +-- |
205 |
> +2.9.3 |
206 |
> + |
207 |
> diff --git a/app-crypt/outguess/metadata.xml b/app-crypt/outguess/metadata.xml |
208 |
> new file mode 100644 |
209 |
> index 00000000000..c47298e10ff |
210 |
> --- /dev/null |
211 |
> +++ b/app-crypt/outguess/metadata.xml |
212 |
> @@ -0,0 +1,19 @@ |
213 |
> +<?xml version="1.0" encoding="UTF-8"?> |
214 |
> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">; |
215 |
> +<pkgmetadata> |
216 |
> + <maintainer type="person"> |
217 |
> + <email>chris@×××××××.com |
218 |
|
219 |
It seems that there is no Gentoo Bugzilla address registered with this |
220 |
e-mail address. This field is used to assign bugs, so please either |
221 |
register one or adjust the e-mails to match your account. |
222 |
|
223 |
> + <name>Chris Rorvick</name> |
224 |
> + </maintainer> |
225 |
|
226 |
You need to include proxy-maint team here to commit for you. |
227 |
|
228 |
> + <longdescription lang="en"> |
229 |
> + OutGuess is a universal steganographic tool that allows the |
230 |
> + insertion of hidden information into the redundant bits of data |
231 |
> + sources. The nature of the data source is irrelevant to the core of |
232 |
> + OutGuess. The program relies on data specific handlers that will |
233 |
> + extract redundant bits and write them back after modification. In |
234 |
> + this version the PNM and JPEG image formats are supported. In the |
235 |
> + next paragraphs, images will be used as concrete example of data |
236 |
> + objects, though OutGuess can use any kind of data, as long as a |
237 |
> + handler is provided. |
238 |
> + </longdescription> |
239 |
> +</pkgmetadata> |
240 |
> diff --git a/app-crypt/outguess/outguess-0.2-r1.ebuild b/app-crypt/outguess/outguess-0.2-r1.ebuild |
241 |
> new file mode 100644 |
242 |
> index 00000000000..69d882b2ad3 |
243 |
> --- /dev/null |
244 |
> +++ b/app-crypt/outguess/outguess-0.2-r1.ebuild |
245 |
> @@ -0,0 +1,27 @@ |
246 |
> +# Copyright 1999-2017 Gentoo Foundation |
247 |
> +# Distributed under the terms of the GNU General Public License v2 |
248 |
> + |
249 |
> +EAPI=6 |
250 |
> + |
251 |
> +DESCRIPTION="A universal tool for inserting steganographic information into other data" |
252 |
> +HOMEPAGE="http://www.outguess.org/" |
253 |
|
254 |
This homepage doesn't seem to work. |
255 |
|
256 |
> +SRC_URI="https://dl.packetstormsecurity.net/crypt/stego/outguess-0.2.tar.gz" |
257 |
|
258 |
Please use ${P}.tar.gz to avoid having to update the URL every time |
259 |
version changes. Even if you don't predict it ever happening. |
260 |
|
261 |
> + |
262 |
> +LICENSE="BSD" |
263 |
> +SLOT="0" |
264 |
> +KEYWORDS="~amd64 ~x86" |
265 |
> +IUSE="" |
266 |
> + |
267 |
> +PATCHES=( |
268 |
> + "${FILESDIR}"/${P}-fix-segfault-when-encoding-PNM-images.patch |
269 |
> + "${FILESDIR}"/${P}-pass-struct-size-to-memset.patch |
270 |
> + "${FILESDIR}"/${P}-avoid-implicit-function-usage.patch |
271 |
> + "${FILESDIR}"/${P}-fix-printf-argument-types.patch |
272 |
> +) |
273 |
> + |
274 |
> +S=${WORKDIR}/${PN} |
275 |
> + |
276 |
> +src_install() { |
277 |
> + dobin outguess |
278 |
> + doman outguess.1 |
279 |
> +} |
280 |
|
281 |
To be honest, I have mixed feelings about this package. It seems to be |
282 |
completely dead and requires a lot of patches. I see you have a GitHub |
283 |
fork of it though. |
284 |
|
285 |
If you're really interested in it, then I think it'd be reasonable if |
286 |
you just packaged your own fork/continuation, i.e. made a new fixed |
287 |
release instead of including all the patches inline. Of course, this |
288 |
also assumes you're willing to fix any bugs there might arise |
289 |
in the future. |
290 |
|
291 |
Otherwise, I don't really see us including a package that's been |
292 |
abandoned in 2001 and has a lot of known issues. |
293 |
|
294 |
-- |
295 |
Best regards, |
296 |
Michał Górny |