From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A3A651396D0 for ; Sun, 13 Aug 2017 07:44:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E60AEE0CBF; Sun, 13 Aug 2017 07:44:03 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AC779E0CBF for ; Sun, 13 Aug 2017 07:44:03 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 760AF3417E3; Sun, 13 Aug 2017 07:44:01 +0000 (UTC) Message-ID: <1502610236.1707.2.camel@gentoo.org> Subject: Re: [gentoo-proxy-maint] [PATCH] app-crypt/outguess: resurrect version 0.2 From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: Chris Rorvick , gentoo-proxy-maint@lists.gentoo.org Date: Sun, 13 Aug 2017 09:43:56 +0200 In-Reply-To: <20170811031451.26277-1-chris@rorvick.com> References: <20170811031451.26277-1-chris@rorvick.com> Organization: Gentoo Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-I9Q90tSgq9ZJ5cKVFuN5" X-Mailer: Evolution 3.22.6 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Proxy Maintainers X-BeenThere: gentoo-proxy-maint@gentoo.org X-BeenThere: gentoo-proxy-maint@lists.gentoo.org Mime-Version: 1.0 X-Archives-Salt: 7cfd9e73-5721-4b3b-ac69-15f9e2e04a8e X-Archives-Hash: 6a8eb67952dc7e9b5af1063067e8e237 --=-I9Q90tSgq9ZJ5cKVFuN5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Chris. Thanks for exploring the new possibility of review via mailing list. I'm sorry that this take this long but we're a bit overburdened around here. On czw, 2017-08-10 at 22:14 -0500, Chris Rorvick wrote: > Gentoo-Bug: 143897 > Package-Manager: Portage-2.3.5, Repoman-2.3.1 > --- > app-crypt/outguess/Manifest | 1 + > ...utguess-0.2-avoid-implicit-function-usage.patch | 53 ++++++++++++++++= ++++++ > .../outguess-0.2-fix-printf-argument-types.patch | 34 ++++++++++++++ > ...0.2-fix-segfault-when-encoding-PNM-images.patch | 29 ++++++++++++ > .../outguess-0.2-pass-struct-size-to-memset.patch | 25 ++++++++++ > app-crypt/outguess/metadata.xml | 19 ++++++++ > app-crypt/outguess/outguess-0.2-r1.ebuild | 27 +++++++++++ > 7 files changed, 188 insertions(+) > create mode 100644 app-crypt/outguess/Manifest > create mode 100644 app-crypt/outguess/files/outguess-0.2-avoid-implicit-= function-usage.patch > create mode 100644 app-crypt/outguess/files/outguess-0.2-fix-printf-argu= ment-types.patch > create mode 100644 app-crypt/outguess/files/outguess-0.2-fix-segfault-wh= en-encoding-PNM-images.patch > create mode 100644 app-crypt/outguess/files/outguess-0.2-pass-struct-siz= e-to-memset.patch > create mode 100644 app-crypt/outguess/metadata.xml > create mode 100644 app-crypt/outguess/outguess-0.2-r1.ebuild >=20 > diff --git a/app-crypt/outguess/Manifest b/app-crypt/outguess/Manifest > new file mode 100644 > index 00000000000..82f73b4f8d1 > --- /dev/null > +++ b/app-crypt/outguess/Manifest > @@ -0,0 +1 @@ > +DIST outguess-0.2.tar.gz 470638 SHA256 2f951ed7b9b9373fae8fe95616d49c83a= e246cf53a2b60a82814228515bfa7d6 SHA512 2901e2e8f6495f1483897bfde2a84b658335= aa733f3ad16959e6b906dec8675c72f5468a0f60b14d231ff64b7768be2cf06be6bbd833286= f07a632a9ca45a1e6 WHIRLPOOL e7dca23e1074aeeba817b0ac57f835ca46bfce423735de4= b41badafc95313d28c610b84728c91606f03f87f3c8785e714a2f233fda8a980c19bf0e8ca1= 7ca10d > diff --git a/app-crypt/outguess/files/outguess-0.2-avoid-implicit-functio= n-usage.patch b/app-crypt/outguess/files/outguess-0.2-avoid-implicit-functi= on-usage.patch > new file mode 100644 > index 00000000000..dccf3e90338 > --- /dev/null > +++ b/app-crypt/outguess/files/outguess-0.2-avoid-implicit-function-usage= .patch > @@ -0,0 +1,53 @@ > +From 425982db66dc038ffeb025e0f87f98b9b95e68f3 Mon Sep 17 00:00:00 2001 > +From: Chris Rorvick > +Date: Wed, 31 Aug 2016 23:27:17 -0500 > +Subject: [PATCH] avoid implicit function usage > + > +Ensure functions are declared before they are used. > +--- > + jpeg-6b-steg/jcdctmgr.c | 2 ++ > + jpeg-6b-steg/jdcoefct.c | 2 ++ > + missing/md5.c | 1 + > + 3 files changed, 5 insertions(+) > + > +diff --git a/jpeg-6b-steg/jcdctmgr.c b/jpeg-6b-steg/jcdctmgr.c > +index 292648d..b68a7ba 100644 > +--- a/jpeg-6b-steg/jcdctmgr.c > ++++ b/jpeg-6b-steg/jcdctmgr.c > +@@ -40,6 +40,8 @@ typedef struct { > +=20 > + typedef my_fdct_controller * my_fdct_ptr; > +=20 > ++short steg_use_bit (unsigned short temp); > ++ > +=20 > + /* > + * Initialize for a processing pass. > +diff --git a/jpeg-6b-steg/jdcoefct.c b/jpeg-6b-steg/jdcoefct.c > +index 6ffe53f..f38f4d5 100644 > +--- a/jpeg-6b-steg/jdcoefct.c > ++++ b/jpeg-6b-steg/jdcoefct.c > +@@ -74,6 +74,8 @@ METHODDEF(int) decompress_smooth_data > + JPP((j_decompress_ptr cinfo, JSAMPIMAGE output_buf)); > + #endif > +=20 > ++short steg_use_bit (unsigned short temp); > ++ > +=20 > + LOCAL(void) > + start_iMCU_row (j_decompress_ptr cinfo) > +diff --git a/missing/md5.c b/missing/md5.c > +index 7cb1d4d..314548a 100644 > +--- a/missing/md5.c > ++++ b/missing/md5.c > +@@ -28,6 +28,7 @@ > + #endif > +=20 > + #include "md5.h" > ++#include > +=20 > + /* Little-endian byte-swapping routines. Note that these do not > + depend on the size of datatypes such as uint32, nor do they require > +--=20 > +2.9.3 > + > diff --git a/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-ty= pes.patch b/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types= .patch > new file mode 100644 > index 00000000000..3142f590025 > --- /dev/null > +++ b/app-crypt/outguess/files/outguess-0.2-fix-printf-argument-types.pat= ch > @@ -0,0 +1,34 @@ > +From fab9e5815766d5ed0434b0ab82f17d2a11c9ad6d Mon Sep 17 00:00:00 2001 > +From: Chris Rorvick > +Date: Wed, 31 Aug 2016 23:55:21 -0500 > +Subject: [PATCH] fix printf argument types > + > +--- > + outguess.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/outguess.c b/outguess.c > +index 557be9e..c0448b6 100644 > +--- a/outguess.c > ++++ b/outguess.c > +@@ -693,7 +693,7 @@ do_embed(bitmap *bitmap, u_char *filename, u_char *k= ey, u_int klen, > + if (bitmap->maxcorrect && correctlen > bitmap->maxcorrect) { > + fprintf(stderr, "steg_embed: " > + "message larger than correctable size %d > %d\n", > +- correctlen, bitmap->maxcorrect); > ++ (int)correctlen, (int)bitmap->maxcorrect); Are you sure this is the correct solution here? I think it'd be better to change the printf format from %d to e.g. %ld? Or one of the inttypes.h consts if int*_t/uint*_t types are used. > + exit(1); > + } > +=20 > +@@ -975,7 +975,7 @@ main(int argc, char **argv) > + if (bitmap.maxcorrect) > + fprintf(stderr, > + "Correctable message size: %d bits, %0.2f%%\n", > +- bitmap.maxcorrect, > ++ (int)bitmap.maxcorrect, > + (float)100*bitmap.maxcorrect/bitmap.bits); > + } > +=20 > +--=20 > +2.9.3 > + > diff --git a/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-enco= ding-PNM-images.patch b/app-crypt/outguess/files/outguess-0.2-fix-segfault-= when-encoding-PNM-images.patch > new file mode 100644 > index 00000000000..40c44a21bd6 > --- /dev/null > +++ b/app-crypt/outguess/files/outguess-0.2-fix-segfault-when-encoding-PN= M-images.patch > @@ -0,0 +1,29 @@ > +From 78096e8fb29f7b639b913472f089f90f9bf21ed2 Mon Sep 17 00:00:00 2001 > +From: Chris Rorvick > +Date: Thu, 1 Sep 2016 00:43:06 -0500 > +Subject: [PATCH] fix segfault when encoding PNM images > + > +OutGuess 0.2 added the ability to preserve frequency counts in JPEG > +images to foil statistical tests. This was stubbed out in the PNM > +driver but forgot to do some necessary setup. Assign `bitmap.preserve' > +accordingly to avoid calling a null pointer. > +--- > + pnm.c | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/pnm.c b/pnm.c > +index 3bfc330..f1aa65d 100644 > +--- a/pnm.c > ++++ b/pnm.c > +@@ -63,6 +63,8 @@ init_pnm(char *parameter) > + int > + preserve_pnm(bitmap *bitmap, int off) > + { > ++ if (off =3D=3D -1) > ++ bitmap->preserve =3D preserve_pnm; > +=20 > + return (-1); Is it really supposed to return -1 in this case? The whole function looks quite weird to me. > + } > +--=20 > +2.9.3 > + > diff --git a/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-me= mset.patch b/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-mems= et.patch > new file mode 100644 > index 00000000000..f1b1458d428 > --- /dev/null > +++ b/app-crypt/outguess/files/outguess-0.2-pass-struct-size-to-memset.pa= tch > @@ -0,0 +1,25 @@ > +From 37a4bf9523f18e5e1b064becf50112d47fae2acd Mon Sep 17 00:00:00 2001 > +From: Chris Rorvick > +Date: Thu, 1 Sep 2016 01:49:14 -0500 > +Subject: [PATCH] pass struct size to memset(), not pointer size > + > +--- > + missing/md5.c | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/missing/md5.c b/missing/md5.c > +index 314548a..2da3835 100644 > +--- a/missing/md5.c > ++++ b/missing/md5.c > +@@ -168,7 +168,7 @@ MD5Final(digest, ctx) > + putu32(ctx->buf[1], digest + 4); > + putu32(ctx->buf[2], digest + 8); > + putu32(ctx->buf[3], digest + 12); > +- memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ > ++ memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */ > + } > +=20 > + #ifndef ASM_MD5 > +--=20 > +2.9.3 > + > diff --git a/app-crypt/outguess/metadata.xml b/app-crypt/outguess/metadat= a.xml > new file mode 100644 > index 00000000000..c47298e10ff > --- /dev/null > +++ b/app-crypt/outguess/metadata.xml > @@ -0,0 +1,19 @@ > + > +; > + > + > + chris@rorvick.com It seems that there is no Gentoo Bugzilla address registered with this e-mail address. This field is used to assign bugs, so please either register one or adjust the e-mails to match your account. > + Chris Rorvick > + You need to include proxy-maint team here to commit for you. > + > + OutGuess is a universal steganographic tool that allows the > + insertion of hidden information into the redundant bits of data > + sources. The nature of the data source is irrelevant to the core of > + OutGuess. The program relies on data specific handlers that will > + extract redundant bits and write them back after modification. In > + this version the PNM and JPEG image formats are supported. In the > + next paragraphs, images will be used as concrete example of data > + objects, though OutGuess can use any kind of data, as long as a > + handler is provided. > + > + > diff --git a/app-crypt/outguess/outguess-0.2-r1.ebuild b/app-crypt/outgue= ss/outguess-0.2-r1.ebuild > new file mode 100644 > index 00000000000..69d882b2ad3 > --- /dev/null > +++ b/app-crypt/outguess/outguess-0.2-r1.ebuild > @@ -0,0 +1,27 @@ > +# Copyright 1999-2017 Gentoo Foundation > +# Distributed under the terms of the GNU General Public License v2 > + > +EAPI=3D6 > + > +DESCRIPTION=3D"A universal tool for inserting steganographic information= into other data" > +HOMEPAGE=3D"http://www.outguess.org/" This homepage doesn't seem to work. > +SRC_URI=3D"https://dl.packetstormsecurity.net/crypt/stego/outguess-0.2.t= ar.gz" Please use ${P}.tar.gz to avoid having to update the URL every time version changes. Even if you don't predict it ever happening. > + > +LICENSE=3D"BSD" > +SLOT=3D"0" > +KEYWORDS=3D"~amd64 ~x86" > +IUSE=3D"" > + > +PATCHES=3D( > + "${FILESDIR}"/${P}-fix-segfault-when-encoding-PNM-images.patch > + "${FILESDIR}"/${P}-pass-struct-size-to-memset.patch > + "${FILESDIR}"/${P}-avoid-implicit-function-usage.patch > + "${FILESDIR}"/${P}-fix-printf-argument-types.patch > +) > + > +S=3D${WORKDIR}/${PN} > + > +src_install() { > + dobin outguess > + doman outguess.1 > +} To be honest, I have mixed feelings about this package. It seems to be completely dead and requires a lot of patches. I see you have a GitHub fork of it though. If you're really interested in it, then I think it'd be reasonable if you just packaged your own fork/continuation, i.e. made a new fixed release instead of including all the patches inline. Of course, this also assumes you're willing to fix any bugs there might arise in the future. Otherwise, I don't really see us including a package that's been abandoned in 2001 and has a lot of known issues. --=20 Best regards, Micha=C5=82 G=C3=B3rny --=-I9Q90tSgq9ZJ5cKVFuN5 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQKmBAABCgCQFiEEbbsHzE8NrQbqCv5BsHoa6u+0Rk4FAlmQAz1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDZE QkIwN0NDNEYwREFEMDZFQTBBRkU0MUIwN0ExQUVBRUZCNDQ2NEUSHG1nb3JueUBn ZW50b28ub3JnAAoJELB6GurvtEZOrw8QAMOYnwdBExldKCFVYFdERIBzHf2CJC8T zLz+QQMCSD0I0SrHz+JbWebK5LQbrP4zJ89k4ihIQZM4Qyktmm1e6X48CBPRBShK h54V3m50cCOy7bG7SY8UpdSpcuPicOHrT/4TCHiWF+mxhSI7A6qV4AECdr5QtwXe dRVXgKlFYfbOflLvS0HiAEc4oPe9JFXgGqBi078GKqwVcjI+kfW/n7hg9eGPMupa xqSHtDtCc6evkOrbEK+JvZFNz5AH974QGxWNtqDd0uTALiQjZCjK2xna9REqhaTW tmRiwkwSdNpdm6R2ONlke3u3RwJydL2jQdEBJSqtIWuQqY2l37M87u0bEMZvWm8L yZYuG7V/fpFX8fTmw57YieHgOPZ6F3PgstekzFwMNGQeaaJa5CpmlbHNvFJFaYzh h0i0pj9We59zt24SX1+49w2ITZYGM3DSuzxr1kLz8RBiHwAKh85bNriqgbEKcriK tnf3seJrMVe6BD9p/32eHCb5k3a02gZQ527frC4wrPX3velJ7qMZi+elLlFnXRJW 9vtK56TgHFwalRRZt5Mvhp1wKnBtaqxIdexel4BVHdwC5XAXLIVSi7Lbddveh1D5 fjOyBKkibusByJ1S/cZs3gEjUFD5Si6m5ez/Rhhb8dcblO4eBBXIHF91PgkMkTpz vlnceutBfQaJ =4B+U -----END PGP SIGNATURE----- --=-I9Q90tSgq9ZJ5cKVFuN5--