Add patches from Debian to fix some instances of possibly unsafe

format string usage. Bump PKGREVISION.
author: tnn <tnn> 2015-04-12 16:09:27 +0000
committer: tnn <tnn> 2015-04-12 16:09:27 +0000
commit: 76dbd56bd18279952c243f9aed85e11410bbc48c (patch)
tree: 0f6a1d4144624367ea61ae14163cacb6e42e029d /archivers/arj
parent: 645799a4c70d0166e2c54d6dafef243c9ba0c375 (diff)
download: pkgsrc-76dbd56bd18279952c243f9aed85e11410bbc48c.tar.gz
7 files changed, 231 insertions, 6 deletions
diff --git a/archivers/arj/Makefile b/archivers/arj/Makefile
index 16bcc43fc03..ead213c5ff7 100644
--- a/archivers/arj/Makefile
+++ b/archivers/arj/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.29 2015/02/26 16:05:11 tnn Exp $
+# $NetBSD: Makefile,v 1.30 2015/04/12 16:09:27 tnn Exp $
 
 DISTNAME=	arj-3.10.22
-PKGREVISION=	1
+PKGREVISION=	2
 CATEGORIES=	archivers
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:=arj/}
 
diff --git a/archivers/arj/distinfo b/archivers/arj/distinfo
index ac5d137a936..f61362b25ad 100644
--- a/archivers/arj/distinfo
+++ b/archivers/arj/distinfo
@@ -1,15 +1,19 @@
-$NetBSD: distinfo,v 1.19 2015/04/12 15:56:08 tnn Exp $
+$NetBSD: distinfo,v 1.20 2015/04/12 16:09:27 tnn Exp $
 
 SHA1 (arj-3.10.22.tar.gz) = e8470f480e9eee14906e5485a8898e5c24738c8b
 RMD160 (arj-3.10.22.tar.gz) = 80f8a1a8cd203f73def8e957d96563a4dba80153
 Size (arj-3.10.22.tar.gz) = 431467 bytes
+SHA1 (patch-arj__user.c) = 011e5deaa24c696b212beadad7d386ccb3c7112d
 SHA1 (patch-arjdata.c) = 4e4c142b97feee0673b14ea6f454f3d9de45f584
+SHA1 (patch-arjdisp.c) = d843d4dd1006ea30e8bb3a2acddbc2f0ac221abd
+SHA1 (patch-arjsfx.c) = c9e2314d0933cdc12f8e01ca16bc9222ac4e10b9
 SHA1 (patch-decode.c) = 15c31c3bf1303370691b701a98bad88ae1b0967b
 SHA1 (patch-environ.c) = e306005a88825b2bfd5b3bb35b18710d26a4c885
 SHA1 (patch-exe__sear.c) = 6d8db5a2cdb8f2452b96cf4d09687ae9d45d3e17
-SHA1 (patch-fardata.c) = 341a8d10ec1927b9cb980c90400e323cd53f979d
+SHA1 (patch-fardata.c) = b76ac5a168b9a8e288a610dce093280d31520af6
 SHA1 (patch-gnu_config.h.in) = 2cf609a6c7cb4e32441a433db3dc9cc04c23ae2a
 SHA1 (patch-gnu_configure.in) = 062f3dc1eee6f009dfdfa432bb3c138a9c28a829
 SHA1 (patch-gnu_makefile.in) = db8a0afa61f49242e9fd601d5fc3167cf75f748b
 SHA1 (patch-integr.c) = fade32219b21ac3382028bf23ee4171d8d095b5f
+SHA1 (patch-register.c) = 8d81e663b499a45f7faa52b16a6cee47394cd09c
 SHA1 (patch-uxspec.c) = 24a22fa2822704e620b38df12b76ef88fe908863
diff --git a/archivers/arj/patches/patch-arj__user.c b/archivers/arj/patches/patch-arj__user.c
new file mode 100644
index 00000000000..95e3a38bf6c
--- /dev/null
+++ b/archivers/arj/patches/patch-arj__user.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-arj__user.c,v 1.1 2015/04/12 16:09:27 tnn Exp $
+
+Add patch from Debian (security_format.patch) to fix unsafe format string usage.
+
+--- arj_user.c.orig	2004-06-18 16:19:36.000000000 +0000
++++ arj_user.c
+@@ -2303,7 +2303,7 @@ void process_archive()
+   timestamp_to_str(timetext, &ftime_stamp);
+   msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
+   if(show_ansi_comments)
+-   printf(cmt_ptr);
++   fputs(cmt_ptr, stdout);
+   else
+    display_comment(cmt_ptr);
+   /* The sfx_setup() occurs here */
diff --git a/archivers/arj/patches/patch-arjdisp.c b/archivers/arj/patches/patch-arjdisp.c
new file mode 100644
index 00000000000..3f0b2c12f68
--- /dev/null
+++ b/archivers/arj/patches/patch-arjdisp.c
@@ -0,0 +1,137 @@
+$NetBSD: patch-arjdisp.c,v 1.1 2015/04/12 16:09:27 tnn Exp $
+
+Add patch from Debian (security_format.patch) to fix unsafe format string usage.
+
+--- arjdisp.c.orig	2003-06-22 11:12:28.000000000 +0000
++++ arjdisp.c
+@@ -20,8 +20,6 @@ static long bytes;
+ static long compsize;
+ static char cmd_verb;
+ static char msg_lf[]="\n";
+-char strform[]="%s";                    /* Export it for scrnio.c, too
+-                                           (a byte saved is a byte gained) */
+ 
+ /* Pseudographical controls */
+ 
+@@ -54,19 +52,19 @@ static void show_init_scrn()
+  textcolor(7);
+  clrscr();
+  gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+  for(i=3; i<24; i++)
+  {
+-  gotoxy(2, i); scrprintf(win_border);
+-  gotoxy(79, i); scrprintf(win_border);
++  gotoxy(2, i); fputs(win_border, stdout);
++  gotoxy(79, i); fputs(win_border, stdout);
+  }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+  gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+  gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+  gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+  gotoxy(16, 10);
+  scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+  t=strtok(M_ARJDISP_INFO, msg_lf);
+@@ -74,11 +72,11 @@ static void show_init_scrn()
+  while(t!=NULL&&i<=23)
+  {
+   gotoxy(10, i++);
+-  scrprintf(strform, t);
++  scrprintf("%s", t);
+   t=strtok(NULL, msg_lf);
+  }
+  gotoxy(16, 20);
+- scrprintf(M_PRESS_ANY_KEY);
++ fputs(M_PRESS_ANY_KEY, stdout);
+  uni_getch();
+  gotoxy(1, 24);
+ }
+@@ -96,19 +94,19 @@ static void show_proc_scrn()
+  {
+   clrscr();
+   gotoxy(2, 2);
+-  scrprintf(win_top);
++  fputs(win_top, stdout);
+   for(i=3; i<24; i++)
+   {
+-   gotoxy(2, i); scrprintf(win_border);
+-   gotoxy(79, i); scrprintf(win_border);
++   gotoxy(2, i); fputs(win_border, stdout);
++   gotoxy(79, i); fputs(win_border, stdout);
+   }
+-  gotoxy(2, 24); scrprintf(win_bottom);
++  gotoxy(2, 24); fputs(win_bottom, stdout);
+   gotoxy(10, 5);
+-  scrprintf(M_ARJDISP_COPYRIGHT);
++  fputs(M_ARJDISP_COPYRIGHT, stdout);
+   gotoxy(10, 6);
+-  scrprintf(M_ARJDISP_DISTRIBUTION);
++  fputs(M_ARJDISP_DISTRIBUTION, stdout);
+   gotoxy(10, 7);
+-  scrprintf(M_ARJDISP_LICENSE);
++  fputs(M_ARJDISP_LICENSE, stdout);
+   gotoxy(16, 10);
+   scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+   gotoxy(16, 12);
+@@ -132,13 +130,13 @@ static void show_proc_scrn()
+     break;
+   }
+   gotoxy(15, 14);
+-  scrprintf(ind_top);
++  fputs(ind_top, stdout);
+   gotoxy(15, 15);
+-  scrprintf(ind_middle);
++  fputs(ind_middle, stdout);
+   gotoxy(15, 16);
+-  scrprintf(ind_bottom);
++  fputs(ind_bottom, stdout);
+   gotoxy(16, 18);
+-  scrprintf(M_ARJDISP_CTR_START);
++  fputs(M_ARJDISP_CTR_START, stdout);
+  }
+  else
+  {
+@@ -146,7 +144,7 @@ static void show_proc_scrn()
+   gotoxy(16, 15);
+   memset(progress, indo, i);
+   progress[i]='\0';
+-  scrprintf(progress);
++  fputs(progress, stdout);
+   gotoxy(16, 18);
+   scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
+  }
+@@ -165,19 +163,19 @@ static void show_ending_scrn()
+  textcolor(7);
+  clrscr();
+  gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+  for(i=3; i<24; i++)
+  {
+-  gotoxy(2, i); scrprintf(win_border);
+-  gotoxy(79, i); scrprintf(win_border);
++  gotoxy(2, i); fputs(win_border, stdout);
++  gotoxy(79, i); fputs(win_border, stdout);
+  }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+  gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+  gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+  gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+  gotoxy(16, 10);
+  scrprintf(M_FINISHED_PROCESSING, archive_name);
+  gotoxy(1, 24);
diff --git a/archivers/arj/patches/patch-arjsfx.c b/archivers/arj/patches/patch-arjsfx.c
new file mode 100644
index 00000000000..d65e3fbab34
--- /dev/null
+++ b/archivers/arj/patches/patch-arjsfx.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-arjsfx.c,v 1.1 2015/04/12 16:09:27 tnn Exp $
+
+Add patch from Debian (security_format.patch) to fix unsafe format string usage.
+
+--- arjsfx.c.orig	2005-06-21 19:53:14.000000000 +0000
++++ arjsfx.c
+@@ -214,7 +214,7 @@ static void final_cleanup(void)
+   freopen(dev_con, m_w, stdout);
+  #if SFX_LEVEL>=ARJSFXV
+   if(ferror(stdout))
+-   msg_fprintf(stderr, M_DISK_FULL);
++   msg_fprintf(stderr, "Can't write file. Disk full?");
+   if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
+   {
+    ticks=get_ticks()-ticks;
diff --git a/archivers/arj/patches/patch-fardata.c b/archivers/arj/patches/patch-fardata.c
index a17dbf4e65b..7e16d7acd66 100644
--- a/archivers/arj/patches/patch-fardata.c
+++ b/archivers/arj/patches/patch-fardata.c
@@ -1,9 +1,19 @@
-$NetBSD: patch-fardata.c,v 1.1 2015/04/12 15:45:00 tnn Exp $
+$NetBSD: patch-fardata.c,v 1.2 2015/04/12 16:09:27 tnn Exp $
 
 Rename strnlen -> _strnlen to avoid conflict in systems having strnlen.
+Add patch from Debian (security_format.patch) to fix unsafe format string usage.
 
---- fardata.c.orig	2004-04-17 11:39:42.000000000 +0000
+--- fardata.c.orig	2015-04-12 15:57:39.000000000 +0000
 +++ fardata.c
+@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
+   /* Check if the message could have a standard error code */
+   if(errno!=0&&is_std_error(errmsg))
+   {
+-   msg_cprintf(0, lf);
++   msg_cprintf(0, "\n");
+    error_report();
+   }
+  #endif
 @@ -190,7 +190,7 @@ int msg_sprintf(char *str, FMSG *fmt, ..
  
  /* Length-limited strlen() */
@@ -13,6 +23,35 @@ Rename strnlen -> _strnlen to avoid conflict in systems having strnlen.
  {
   const char FAR *sc;
  
+@@ -377,10 +377,10 @@ static void flush_cbuf(int ccode, char *
+     {
+      #if SFX_LEVEL>=ARJSFXV
+       fprintf(new_stdout, strform, n_text);
+-      fprintf(new_stdout, lf);
++      fprintf(new_stdout, "\n");
+      #else
+       printf(strform, n_text);
+-      printf(lf);
++      printf("\n");
+      #endif
+     }
+     else
+@@ -391,13 +391,13 @@ static void flush_cbuf(int ccode, char *
+      #ifdef NEED_CRLF
+       scr_out("\r");
+      #endif
+-     scr_out(lf);
++     scr_out("\n");
+     }
+     if(!no_colors)
+      textcolor(color_table[ccode&H_COLORMASK].color);
+    #else
+     printf(strform, n_text);
+-    printf(lf);
++    printf("\n");
+    #endif
+    n_text=t_text+1;
+    #if SFX_LEVEL>=ARJ
 @@ -569,7 +569,7 @@ int vcprintf(int ccode, FMSG *fmt, va_li
      if(!s)
       s="(null)";
diff --git a/archivers/arj/patches/patch-register.c b/archivers/arj/patches/patch-register.c
new file mode 100644
index 00000000000..16f02fb6970
--- /dev/null
+++ b/archivers/arj/patches/patch-register.c
@@ -0,0 +1,15 @@
+$NetBSD: patch-register.c,v 1.1 2015/04/12 16:09:27 tnn Exp $
+
+Add patch from Debian (security_format.patch) to fix unsafe format string usage.
+
+--- register.c.orig	2004-04-21 07:04:10.000000000 +0000
++++ register.c
+@@ -205,7 +205,7 @@ int main(int argc, char **argv)
+  char reg_source[200];
+  int i;
+ 
+- printf(M_REGISTER_BANNER);
++ fputs(M_REGISTER_BANNER, stdout);
+  integrity_pattern[0]--;
+  build_crc32_table();
+  if(argc!=2)
author	tnn <tnn>	2015-04-12 16:09:27 +0000
committer	tnn <tnn>	2015-04-12 16:09:27 +0000
commit	76dbd56bd18279952c243f9aed85e11410bbc48c (patch)
tree	0f6a1d4144624367ea61ae14163cacb6e42e029d /archivers/arj
parent	645799a4c70d0166e2c54d6dafef243c9ba0c375 (diff)
download	pkgsrc-76dbd56bd18279952c243f9aed85e11410bbc48c.tar.gz