Pullup ticket 1675 - requested by tron

security fix for cscope

Revisions pulled up:
- pkgsrc/devel/cscope/Makefile		1.44
- pkgsrc/devel/cscope/distinfo		1.13
- pkgsrc/devel/cscope/patches/patch-ae	1.7
- pkgsrc/devel/cscope/patches/patch-af	1.6
- pkgsrc/devel/cscope/patches/patch-ag	1.3
- pkgsrc/devel/cscope/patches/patch-ah	1.3
- pkgsrc/devel/cscope/patches/patch-ai	1.3
- pkgsrc/devel/cscope/patches/patch-aj	1.1
- pkgsrc/devel/cscope/patches/patch-ak	1.1
- pkgsrc/devel/cscope/patches/patch-al	1.1
- pkgsrc/devel/cscope/patches/patch-am	1.1
- pkgsrc/devel/cscope/patches/patch-an	1.1
- pkgsrc/devel/cscope/patches/patch-ao	1.1

   Module Name:    pkgsrc
   Committed By:   tron
   Date:           Mon May 29 13:48:53 UTC 2006

   Modified Files:
           pkgsrc/devel/cscope: Makefile distinfo
           pkgsrc/devel/cscope/patches: patch-af
   Added Files:
           pkgsrc/devel/cscope/patches: patch-ae patch-ag patch-ah patch-ai
               patch-aj patch-ak patch-al patch-am patch-an patch-ao

   Log Message:
   Integrate Debian's fix for security whole reported in CVE-2004-2541.
   Bump package revision.

13 files changed, 302 insertions, 34 deletions

diff --git a/devel/cscope/Makefile b/devel/cscope/Makefile
index 7b3201b9dc8..e6ea38dec4f 100644
--- a/devel/cscope/Makefile
+++ b/devel/cscope/Makefile
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.43 2006/03/04 21:29:13 jlam Exp $
+# $NetBSD: Makefile,v 1.43.2.1 2006/05/30 20:18:31 ghen Exp $
 
 DISTNAME=	cscope-15.5
+PKGREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=cscope/}
 
diff --git a/devel/cscope/distinfo b/devel/cscope/distinfo
index d9bbda39273..ed2586c3aca 100644
--- a/devel/cscope/distinfo
+++ b/devel/cscope/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.12 2006/03/23 16:09:32 yyamano Exp $
+$NetBSD: distinfo,v 1.12.2.1 2006/05/30 20:18:31 ghen Exp $
 
 SHA1 (cscope-15.5.tar.gz) = 2e8e66735254328399dc50757b270bcc3e9002d3
 RMD160 (cscope-15.5.tar.gz) = 30623f07043abc90d76b384c407abe5813a8a716
@@ -7,4 +7,14 @@ SHA1 (patch-aa) = 8350f5bd050fac10c5b5b5dcd7c04e7f3a883324
 SHA1 (patch-ab) = 646512ad53b3f3e7dab607df4c6c3d775587a03c
 SHA1 (patch-ac) = 40a69af0eb5419de827b490c960803a736040f2c
 SHA1 (patch-ad) = 7e0f25b67f3476ac90b7541595649d6a6bf65aa9
-SHA1 (patch-af) = fbccbdcbf195a5852ff35be36446c471daf36cd5
+SHA1 (patch-ae) = eefe4052767901c27eefb17c182f8bd56997d3b7
+SHA1 (patch-af) = 310a02a1f1e8b780fb6bf1ce86da628bab0f21a4
+SHA1 (patch-ag) = e231fad53976305b1025b62b241e295acc73664b
+SHA1 (patch-ah) = 9caa10d9cd4332c1172fc7ae9682d057bbf7ddaa
+SHA1 (patch-ai) = a0fdf5d665399c7f7e9e0b37de5f0531d5b4b28f
+SHA1 (patch-aj) = 7920535ee918dd02d55222f5327cfd86b8cf583d
+SHA1 (patch-ak) = 9773b0eb449be43e28a47e36a6aa178c8d5fbedc
+SHA1 (patch-al) = d64855929ac556c03e0ddc07b4869b8d159d3249
+SHA1 (patch-am) = aee755e5ac8e15e685eb7b755be9c967d79c71f8
+SHA1 (patch-an) = 924c2883fbea0b66ecdd6085f07a1a3bf3cd2752
+SHA1 (patch-ao) = d8fd8aadf22b582e8ca2e90a1da8d64490293155
diff --git a/devel/cscope/patches/patch-ae b/devel/cscope/patches/patch-ae
new file mode 100644
index 00000000000..80ecdd65bdd
--- /dev/null
+++ b/devel/cscope/patches/patch-ae
@@ -0,0 +1,20 @@
+--- src/build.c.orig	2003-03-05 10:43:59.000000000 +0000
++++ src/build.c	2006-05-29 14:34:26.000000000 +0100
+@@ -215,7 +215,7 @@
+ 		(void) strcpy(newdir, "$HOME");
+ 	}
+ 	else if (strncmp(currentdir, home, strlen(home)) == 0) {
+-		(void) sprintf(newdir, "$HOME%s", currentdir + strlen(home));
++		(void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home));
+ 	}
+ 	/* sort the source file names (needed for rebuilding) */
+ 	qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare);
+@@ -443,7 +443,7 @@
+ 		}
+ 		(void) fstat(fileno(postings), &statstruct);
+ 		(void) fclose(postings);
+-		(void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
++		(void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
+ 		if ((postings = mypopen(sortcommand, "r")) == NULL) {
+ 			(void) fprintf(stderr, "cscope: cannot open pipe to sort command\n");
+ 			cannotindex();
diff --git a/devel/cscope/patches/patch-af b/devel/cscope/patches/patch-af
index fe0977af537..beab1397868 100644
--- a/devel/cscope/patches/patch-af
+++ b/devel/cscope/patches/patch-af
@@ -1,40 +1,62 @@
-$NetBSD: patch-af,v 1.5 2005/10/03 15:00:12 wiz Exp $
-
---- src/main.c.orig	2003-08-14 16:36:18.000000000 +0200
-+++ src/main.c
-@@ -330,9 +330,32 @@ lastarg:
+--- src/main.c.orig	2003-08-14 15:36:18.000000000 +0100
++++ src/main.c	2006-05-29 14:34:26.000000000 +0100
+@@ -330,9 +330,31 @@
  	}
  
  	/* create the temporary file names */
 -	pid = getpid();
 -	(void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid);
 -	(void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid);
-+	do {
-+		char *tempfile = tempnam(tmpdir, "cscope1");
-+		if (!tempfile) {
-+			fprintf (stderr, "Can't create tempfile\n");
-+			exit(1);
-+		}
-+		if (strlen(tempfile) >= sizeof(temp1)) {
-+			fprintf (stderr, "TMPDIR path is too long\n");
-+			exit(1);
-+		}
-+		strncpy (temp1, tempfile, sizeof (temp1));
-+		free (tempfile);
-+	} while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0);
-+	do {
-+		char *tempfile = tempnam(tmpdir, "cscope2");
-+		if (!tempfile) {
-+			fprintf (stderr, "Can't create tempfile\n");
-+			exit(1);
-+		}
-+		if (strlen(tempfile) >= sizeof(temp2)) {
-+			fprintf (stderr, "TMPDIR path is too long\n");
-+			exit(1);
-+		}
-+		strncpy (temp2, tempfile, sizeof (temp2));
-+		free (tempfile);
-+	} while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0);
++        do {
++                char *tempfile = tempnam(tmpdir, "cscope1");
++                if (!tempfile) {
++                        fputs ("Can't create tempfile\n", stderr);
++                        exit (1);
++                }
++                if (strlen(tempfile) >= sizeof(temp1)) {
++                        fputs ("TMPDIR path is too long\n", stderr);
++                        exit(1);
++                }
++                strncpy (temp1, tempfile, sizeof (temp1));
++        } while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0);
++        do {
++                char *tempfile = tempnam(tmpdir, "cscope2");
++                if (!tempfile) {
++                        fputs ("Can't create tempfile\n", stderr);
++                        exit (1);
++                }
++                if (strlen(tempfile) >= sizeof(temp2)) {
++                        fputs ("TMPDIR path is too long\n", stderr);
++                        exit(1);
++                }
++                strncpy (temp2, tempfile, sizeof (temp2));
++        } while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0);
++
  
  	/* if running in the foreground */
  	if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
+@@ -352,12 +374,12 @@
+ 		 * used instead of failing to open a non-existant database in
+ 		 * the home directory
+ 		 */
+-		(void) sprintf(path, "%s/%s", home, reffile);
++		(void) snprintf(path, sizeof(path), "%s/%s", home, reffile);
+ 		if (isuptodate == NO || access(path, READ) == 0) {
+ 			reffile = stralloc(path);
+-			(void) sprintf(path, "%s/%s", home, invname);
++			(void) snprintf(path, sizeof(path), "%s/%s", home, invname);
+ 			invname = stralloc(path);
+-			(void) sprintf(path, "%s/%s", home, invpost);
++			(void) snprintf(path, sizeof(path), "%s/%s", home, invpost);
+ 			invpost = stralloc(path);
+ 		}
+ 	}
+@@ -692,7 +714,7 @@
+ #else
+ 	char *msg = mymalloc(50+strlen(file));
+ 
+-	(void) sprintf(msg, "Removed file %s because write failed", file);
++	(void) snprintf(msg, sizeof(msg), "Removed file %s because write failed", file);
+ #endif
+ 
+ 	myperror(msg);	/* display the reason */
diff --git a/devel/cscope/patches/patch-ag b/devel/cscope/patches/patch-ag
new file mode 100644
index 00000000000..9cb46310181
--- /dev/null
+++ b/devel/cscope/patches/patch-ag
@@ -0,0 +1,11 @@
+--- src/command.c.orig	2002-07-29 13:37:49.000000000 +0100
++++ src/command.c	2006-05-29 14:34:26.000000000 +0100
+@@ -718,7 +718,7 @@
+ 				
+ 				/* make sure it can be changed */
+ 				if (access(newfile, WRITE) != 0) {
+-					(void) sprintf(msg, "Cannot write to file %s", newfile);
++					(void) snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile);
+ 					postmsg(msg);
+ 					anymarked = NO;
+ 					break;
diff --git a/devel/cscope/patches/patch-ah b/devel/cscope/patches/patch-ah
new file mode 100644
index 00000000000..dc26e3fc27e
--- /dev/null
+++ b/devel/cscope/patches/patch-ah
@@ -0,0 +1,64 @@
+--- src/dir.c.orig	2003-06-02 11:43:00.000000000 +0100
++++ src/dir.c	2006-05-29 14:34:26.000000000 +0100
+@@ -138,7 +138,7 @@
+ 			
+ 			/* compute its path from higher view path source dirs */
+ 			for (i = 1; i < nvpsrcdirs; ++i) {
+-				(void) sprintf(path, "%.*s/%s",
++				(void) snprintf(path, sizeof(path), "%.*s/%s",
+ 					       PATHLEN - 2 - dir_len,
+ 					       srcdirs[i], dir);
+ 				addsrcdir(path);
+@@ -206,7 +206,7 @@
+ 			
+ 			/* compute its path from higher view path source dirs */
+ 			for (i = 1; i < nvpsrcdirs; ++i) {
+-				(void) sprintf(path, "%.*s/%s", 
++				(void) snprintf(path, sizeof(path), "%.*s/%s", 
+ 					       PATHLEN - 2 - dir_len,
+ 					       srcdirs[i], dir);
+ 				addincdir(dir, path);
+@@ -474,8 +474,6 @@
+ 	DIR	*dirfile;
+ 	int adir_len = strlen(adir);
+ 
+-	/* FIXME: no guards against adir_len > PATHLEN, yet */
+-
+ 	if ((dirfile = opendir(adir)) != NULL) {
+ 		struct dirent *entry;
+ 		char	path[PATHLEN + 1];
+@@ -486,7 +484,7 @@
+ 			    && (strcmp("..",entry->d_name) != 0)) {
+ 				struct stat buf;
+ 
+-				sprintf(path,"%s/%.*s", adir,
++				snprintf(path, sizeof(path), "%s/%.*s", adir,
+ 					PATHLEN - 2 - adir_len,
+ 					entry->d_name);
+ 
+@@ -603,14 +601,14 @@
+ 		for (i = 0; i < nincdirs; ++i) {
+ 			
+ 			/* don't include the file from two directories */
+-			(void) sprintf(name, "%.*s/%s",
++			(void) snprintf(name, sizeof(name), "%.*s/%s",
+ 				       PATHLEN - 2 - file_len, incnames[i],
+ 				       file);
+ 			if (infilelist(name) == YES) {
+ 				break;
+ 			}
+ 			/* make sure it exists and is readable */
+-			(void) sprintf(path, "%.*s/%s",
++			(void) snprintf(path, sizeof(path), "%.*s/%s",
+ 				       PATHLEN - 2 - file_len, incdirs[i],
+ 				       file);
+ 			if (access(compath(path), READ) == 0) {
+@@ -654,7 +652,7 @@
+ 
+ 		/* compute its path from higher view path source dirs */
+ 		for (i = 1; i < nvpsrcdirs; ++i) {
+-			(void) sprintf(path, "%.*s/%s",
++			(void) snprintf(path, sizeof(path), "%.*s/%s",
+ 				       PATHLEN - 2 - file_len, srcdirs[i],
+ 				       file);
+ 			if (access(compath(path), READ) == 0) {
diff --git a/devel/cscope/patches/patch-ai b/devel/cscope/patches/patch-ai
new file mode 100644
index 00000000000..8c7bb5b17cf
--- /dev/null
+++ b/devel/cscope/patches/patch-ai
@@ -0,0 +1,62 @@
+--- src/display.c.orig	2003-09-04 16:54:02.000000000 +0100
++++ src/display.c	2006-05-29 14:34:26.000000000 +0100
+@@ -473,24 +473,24 @@
+ 	/* see if it is empty */
+ 	if ((c = getc(refsfound)) == EOF) {
+ 		if (findresult != NULL) {
+-			(void) sprintf(lastmsg, "Egrep %s in this pattern: %s", 
++			(void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", 
+ 				findresult, pattern);
+ 		}
+ 		else if (rc == NOTSYMBOL) {
+-			(void) sprintf(lastmsg, "This is not a C symbol: %s", 
++			(void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", 
+ 				pattern);
+ 		}
+ 		else if (rc == REGCMPERROR) {
+-			(void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", 
++			(void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", 
+ 				pattern);
+ 			
+ 		}
+ 		else if (funcexist == NO) {
+-			(void) sprintf(lastmsg, "Function definition does not exist: %s", 
++			(void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", 
+ 				pattern);
+ 		}
+ 		else {
+-			(void) sprintf(lastmsg, "Could not find the %s: %s", 
++			(void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", 
+ 				fields[field].text2, pattern);
+ 		}
+ 		return(NO);
+@@ -555,17 +555,17 @@
+ 			move(MSGLINE, 0);
+ 			clrtoeol();
+ 			addstr(what);
+-			sprintf(msg, "%ld", current);
++			snprintf(msg, sizeof(msg), "%ld", current);
+ 			move(MSGLINE, (COLS / 2) - (strlen(msg) / 2));
+ 			addstr(msg);
+-			sprintf(msg, "%ld", max);
++			snprintf(msg, sizeof(msg), "%ld", max);
+ 			move(MSGLINE, COLS - strlen(msg));
+ 			addstr(msg);
+ 			refresh();
+ 		}
+ 		else if (verbosemode == YES)
+ 		{
+-			sprintf(msg, "> %s %ld of %ld", what, current, max);
++			snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max);
+ 		}
+ 
+ 		start = now;
+@@ -603,7 +603,7 @@
+ 		s = sys_errlist[errno];
+ 	}
+ #endif
+-	(void) sprintf(msg, "%s: %s", text, s);
++	(void) snprintf(msg, sizeof(msg), "%s: %s", text, s);
+ 	postmsg(msg);
+ }
+ 
diff --git a/devel/cscope/patches/patch-aj b/devel/cscope/patches/patch-aj
new file mode 100644
index 00000000000..70d2ece9d15
--- /dev/null
+++ b/devel/cscope/patches/patch-aj
@@ -0,0 +1,23 @@
+--- src/edit.c.orig	2001-07-18 14:49:01.000000000 +0100
++++ src/edit.c	2006-05-29 14:34:26.000000000 +0100
+@@ -105,9 +105,9 @@
+ 	char	*s;
+ 
+ 	file = filepath(file);
+-	(void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
++	(void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file);
+ 	postmsg(msg);
+-	(void) sprintf(plusnum, lineflag, linenum);
++	(void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
+ 	/* if this is the more or page commands */
+ 	if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) {
+ 		
+@@ -132,7 +132,7 @@
+ 	static	char	path[PATHLEN + 1];
+ 	
+ 	if (prependpath != NULL && *file != '/') {
+-		(void) sprintf(path, "%s/%s", prependpath, file);
++		(void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
+ 		file = path;
+ 	}
+ 	return(file);
diff --git a/devel/cscope/patches/patch-ak b/devel/cscope/patches/patch-ak
new file mode 100644
index 00000000000..584f1758537
--- /dev/null
+++ b/devel/cscope/patches/patch-ak
@@ -0,0 +1,11 @@
+--- src/exec.c.orig	2002-07-29 13:37:49.000000000 +0100
++++ src/exec.c	2006-05-29 14:34:26.000000000 +0100
+@@ -124,7 +124,7 @@
+ 
+ 	/* execute the program or shell script */
+ 	(void) execvp(a, args);	/* returns only on failure */
+-	(void) sprintf(msg, "\nCannot exec %s", a);
++	(void) snprintf(msg, sizeof(msg), "\nCannot exec %s", a);
+ 	perror(msg);		/* display the reason */
+ 	askforreturn();		/* wait until the user sees the message */
+ 	myexit(1);		/* exit the child */
diff --git a/devel/cscope/patches/patch-al b/devel/cscope/patches/patch-al
new file mode 100644
index 00000000000..5ed5fdebbee
--- /dev/null
+++ b/devel/cscope/patches/patch-al
@@ -0,0 +1,11 @@
+--- src/find.c.orig	2003-09-04 16:58:52.000000000 +0100
++++ src/find.c	2006-05-29 14:34:26.000000000 +0100
+@@ -666,7 +666,7 @@
+ 		/* must be an exact match */
+ 		/* note: regcomp doesn't recognize ^*keypad$ as a syntax error
+ 		         unless it is given as a single arg */
+-		(void) sprintf(buf, "^%s$", s);
++		(void) snprintf(buf, sizeof(buf), "^%s$", s);
+ 		if (regcomp (&regexp, buf, REG_EXTENDED | REG_NOSUB) != 0) {
+ 			return(REGCMPERROR);
+ 		}
diff --git a/devel/cscope/patches/patch-am b/devel/cscope/patches/patch-am
new file mode 100644
index 00000000000..c5e050aa0d1
--- /dev/null
+++ b/devel/cscope/patches/patch-am
@@ -0,0 +1,11 @@
+--- src/vpaccess.c.orig	2001-07-18 14:49:02.000000000 +0100
++++ src/vpaccess.c	2006-05-29 14:34:26.000000000 +0100
+@@ -49,7 +49,7 @@
+ 	if ((returncode = access(path, amode)) == -1 && path[0] != '/') {
+ 		vpinit(NULL);
+ 		for (i = 1; i < vpndirs; i++) {
+-			(void) sprintf(buf, "%s/%s", vpdirs[i], path);
++			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
+ 			if ((returncode = access(buf, amode)) != -1) {
+ 				break;
+ 			}
diff --git a/devel/cscope/patches/patch-an b/devel/cscope/patches/patch-an
new file mode 100644
index 00000000000..c4b49b2f498
--- /dev/null
+++ b/devel/cscope/patches/patch-an
@@ -0,0 +1,11 @@
+--- src/vpfopen.c.orig	2001-07-18 14:49:02.000000000 +0100
++++ src/vpfopen.c	2006-05-29 14:34:26.000000000 +0100
+@@ -53,7 +53,7 @@
+ 		) {
+ 		vpinit(NULL);
+ 		for (i = 1; i < vpndirs; i++) {
+-			(void) sprintf(buf, "%s/%s", vpdirs[i], filename);
++			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename);
+ 			if ((returncode = myfopen(buf, type)) != NULL) {
+ 				break;
+ 			}
diff --git a/devel/cscope/patches/patch-ao b/devel/cscope/patches/patch-ao
new file mode 100644
index 00000000000..28e9eadfb26
--- /dev/null
+++ b/devel/cscope/patches/patch-ao
@@ -0,0 +1,11 @@
+--- src/vpopen.c.orig	2002-07-29 13:37:50.000000000 +0100
++++ src/vpopen.c	2006-05-29 14:34:26.000000000 +0100
+@@ -52,7 +52,7 @@
+ 	    oflag == OPENFLAG_READ) {
+ 		vpinit(NULL);
+ 		for (i = 1; i < vpndirs; i++) {
+-			(void) sprintf(buf, "%s/%s", vpdirs[i], path);
++			(void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
+ 			if ((returncode = myopen(buf, oflag, 0666)) != -1) {
+ 				break;
+ 			}