diff options
author | tnn <tnn@pkgsrc.org> | 2015-04-12 16:09:27 +0000 |
---|---|---|
committer | tnn <tnn@pkgsrc.org> | 2015-04-12 16:09:27 +0000 |
commit | 4c769d7f30fe7a6417a1ed0eeab1ad41cbfd0b22 (patch) | |
tree | 0f6a1d4144624367ea61ae14163cacb6e42e029d /archivers | |
parent | 7e561118b1a2394de330caab51ce1027bd87677a (diff) | |
download | pkgsrc-4c769d7f30fe7a6417a1ed0eeab1ad41cbfd0b22.tar.gz |
Add patches from Debian to fix some instances of possibly unsafe
format string usage. Bump PKGREVISION.
Diffstat (limited to 'archivers')
-rw-r--r-- | archivers/arj/Makefile | 4 | ||||
-rw-r--r-- | archivers/arj/distinfo | 8 | ||||
-rw-r--r-- | archivers/arj/patches/patch-arj__user.c | 15 | ||||
-rw-r--r-- | archivers/arj/patches/patch-arjdisp.c | 137 | ||||
-rw-r--r-- | archivers/arj/patches/patch-arjsfx.c | 15 | ||||
-rw-r--r-- | archivers/arj/patches/patch-fardata.c | 43 | ||||
-rw-r--r-- | archivers/arj/patches/patch-register.c | 15 |
7 files changed, 231 insertions, 6 deletions
diff --git a/archivers/arj/Makefile b/archivers/arj/Makefile index 16bcc43fc03..ead213c5ff7 100644 --- a/archivers/arj/Makefile +++ b/archivers/arj/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.29 2015/02/26 16:05:11 tnn Exp $ +# $NetBSD: Makefile,v 1.30 2015/04/12 16:09:27 tnn Exp $ DISTNAME= arj-3.10.22 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= archivers MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=arj/} diff --git a/archivers/arj/distinfo b/archivers/arj/distinfo index ac5d137a936..f61362b25ad 100644 --- a/archivers/arj/distinfo +++ b/archivers/arj/distinfo @@ -1,15 +1,19 @@ -$NetBSD: distinfo,v 1.19 2015/04/12 15:56:08 tnn Exp $ +$NetBSD: distinfo,v 1.20 2015/04/12 16:09:27 tnn Exp $ SHA1 (arj-3.10.22.tar.gz) = e8470f480e9eee14906e5485a8898e5c24738c8b RMD160 (arj-3.10.22.tar.gz) = 80f8a1a8cd203f73def8e957d96563a4dba80153 Size (arj-3.10.22.tar.gz) = 431467 bytes +SHA1 (patch-arj__user.c) = 011e5deaa24c696b212beadad7d386ccb3c7112d SHA1 (patch-arjdata.c) = 4e4c142b97feee0673b14ea6f454f3d9de45f584 +SHA1 (patch-arjdisp.c) = d843d4dd1006ea30e8bb3a2acddbc2f0ac221abd +SHA1 (patch-arjsfx.c) = c9e2314d0933cdc12f8e01ca16bc9222ac4e10b9 SHA1 (patch-decode.c) = 15c31c3bf1303370691b701a98bad88ae1b0967b SHA1 (patch-environ.c) = e306005a88825b2bfd5b3bb35b18710d26a4c885 SHA1 (patch-exe__sear.c) = 6d8db5a2cdb8f2452b96cf4d09687ae9d45d3e17 -SHA1 (patch-fardata.c) = 341a8d10ec1927b9cb980c90400e323cd53f979d +SHA1 (patch-fardata.c) = b76ac5a168b9a8e288a610dce093280d31520af6 SHA1 (patch-gnu_config.h.in) = 2cf609a6c7cb4e32441a433db3dc9cc04c23ae2a SHA1 (patch-gnu_configure.in) = 062f3dc1eee6f009dfdfa432bb3c138a9c28a829 SHA1 (patch-gnu_makefile.in) = db8a0afa61f49242e9fd601d5fc3167cf75f748b SHA1 (patch-integr.c) = fade32219b21ac3382028bf23ee4171d8d095b5f +SHA1 (patch-register.c) = 8d81e663b499a45f7faa52b16a6cee47394cd09c SHA1 (patch-uxspec.c) = 24a22fa2822704e620b38df12b76ef88fe908863 diff --git a/archivers/arj/patches/patch-arj__user.c b/archivers/arj/patches/patch-arj__user.c new file mode 100644 index 00000000000..95e3a38bf6c --- /dev/null +++ b/archivers/arj/patches/patch-arj__user.c @@ -0,0 +1,15 @@ +$NetBSD: patch-arj__user.c,v 1.1 2015/04/12 16:09:27 tnn Exp $ + +Add patch from Debian (security_format.patch) to fix unsafe format string usage. + +--- arj_user.c.orig 2004-06-18 16:19:36.000000000 +0000 ++++ arj_user.c +@@ -2303,7 +2303,7 @@ void process_archive() + timestamp_to_str(timetext, &ftime_stamp); + msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext); + if(show_ansi_comments) +- printf(cmt_ptr); ++ fputs(cmt_ptr, stdout); + else + display_comment(cmt_ptr); + /* The sfx_setup() occurs here */ diff --git a/archivers/arj/patches/patch-arjdisp.c b/archivers/arj/patches/patch-arjdisp.c new file mode 100644 index 00000000000..3f0b2c12f68 --- /dev/null +++ b/archivers/arj/patches/patch-arjdisp.c @@ -0,0 +1,137 @@ +$NetBSD: patch-arjdisp.c,v 1.1 2015/04/12 16:09:27 tnn Exp $ + +Add patch from Debian (security_format.patch) to fix unsafe format string usage. + +--- arjdisp.c.orig 2003-06-22 11:12:28.000000000 +0000 ++++ arjdisp.c +@@ -20,8 +20,6 @@ static long bytes; + static long compsize; + static char cmd_verb; + static char msg_lf[]="\n"; +-char strform[]="%s"; /* Export it for scrnio.c, too +- (a byte saved is a byte gained) */ + + /* Pseudographical controls */ + +@@ -54,19 +52,19 @@ static void show_init_scrn() + textcolor(7); + clrscr(); + gotoxy(2, 2); +- scrprintf(win_top); ++ fputs(win_top, stdout); + for(i=3; i<24; i++) + { +- gotoxy(2, i); scrprintf(win_border); +- gotoxy(79, i); scrprintf(win_border); ++ gotoxy(2, i); fputs(win_border, stdout); ++ gotoxy(79, i); fputs(win_border, stdout); + } +- gotoxy(2, 24); scrprintf(win_bottom); ++ gotoxy(2, 24); fputs(win_bottom, stdout); + gotoxy(10, 5); +- scrprintf(M_ARJDISP_COPYRIGHT); ++ fputs(M_ARJDISP_COPYRIGHT, stdout); + gotoxy(10, 6); +- scrprintf(M_ARJDISP_DISTRIBUTION); ++ fputs(M_ARJDISP_DISTRIBUTION, stdout); + gotoxy(10, 7); +- scrprintf(M_ARJDISP_LICENSE); ++ fputs(M_ARJDISP_LICENSE, stdout); + gotoxy(16, 10); + scrprintf(M_PROCESSING_ARCHIVE, archive_name); + t=strtok(M_ARJDISP_INFO, msg_lf); +@@ -74,11 +72,11 @@ static void show_init_scrn() + while(t!=NULL&&i<=23) + { + gotoxy(10, i++); +- scrprintf(strform, t); ++ scrprintf("%s", t); + t=strtok(NULL, msg_lf); + } + gotoxy(16, 20); +- scrprintf(M_PRESS_ANY_KEY); ++ fputs(M_PRESS_ANY_KEY, stdout); + uni_getch(); + gotoxy(1, 24); + } +@@ -96,19 +94,19 @@ static void show_proc_scrn() + { + clrscr(); + gotoxy(2, 2); +- scrprintf(win_top); ++ fputs(win_top, stdout); + for(i=3; i<24; i++) + { +- gotoxy(2, i); scrprintf(win_border); +- gotoxy(79, i); scrprintf(win_border); ++ gotoxy(2, i); fputs(win_border, stdout); ++ gotoxy(79, i); fputs(win_border, stdout); + } +- gotoxy(2, 24); scrprintf(win_bottom); ++ gotoxy(2, 24); fputs(win_bottom, stdout); + gotoxy(10, 5); +- scrprintf(M_ARJDISP_COPYRIGHT); ++ fputs(M_ARJDISP_COPYRIGHT, stdout); + gotoxy(10, 6); +- scrprintf(M_ARJDISP_DISTRIBUTION); ++ fputs(M_ARJDISP_DISTRIBUTION, stdout); + gotoxy(10, 7); +- scrprintf(M_ARJDISP_LICENSE); ++ fputs(M_ARJDISP_LICENSE, stdout); + gotoxy(16, 10); + scrprintf(M_PROCESSING_ARCHIVE, archive_name); + gotoxy(16, 12); +@@ -132,13 +130,13 @@ static void show_proc_scrn() + break; + } + gotoxy(15, 14); +- scrprintf(ind_top); ++ fputs(ind_top, stdout); + gotoxy(15, 15); +- scrprintf(ind_middle); ++ fputs(ind_middle, stdout); + gotoxy(15, 16); +- scrprintf(ind_bottom); ++ fputs(ind_bottom, stdout); + gotoxy(16, 18); +- scrprintf(M_ARJDISP_CTR_START); ++ fputs(M_ARJDISP_CTR_START, stdout); + } + else + { +@@ -146,7 +144,7 @@ static void show_proc_scrn() + gotoxy(16, 15); + memset(progress, indo, i); + progress[i]='\0'; +- scrprintf(progress); ++ fputs(progress, stdout); + gotoxy(16, 18); + scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10); + } +@@ -165,19 +163,19 @@ static void show_ending_scrn() + textcolor(7); + clrscr(); + gotoxy(2, 2); +- scrprintf(win_top); ++ fputs(win_top, stdout); + for(i=3; i<24; i++) + { +- gotoxy(2, i); scrprintf(win_border); +- gotoxy(79, i); scrprintf(win_border); ++ gotoxy(2, i); fputs(win_border, stdout); ++ gotoxy(79, i); fputs(win_border, stdout); + } +- gotoxy(2, 24); scrprintf(win_bottom); ++ gotoxy(2, 24); fputs(win_bottom, stdout); + gotoxy(10, 5); +- scrprintf(M_ARJDISP_COPYRIGHT); ++ fputs(M_ARJDISP_COPYRIGHT, stdout); + gotoxy(10, 6); +- scrprintf(M_ARJDISP_DISTRIBUTION); ++ fputs(M_ARJDISP_DISTRIBUTION, stdout); + gotoxy(10, 7); +- scrprintf(M_ARJDISP_LICENSE); ++ fputs(M_ARJDISP_LICENSE, stdout); + gotoxy(16, 10); + scrprintf(M_FINISHED_PROCESSING, archive_name); + gotoxy(1, 24); diff --git a/archivers/arj/patches/patch-arjsfx.c b/archivers/arj/patches/patch-arjsfx.c new file mode 100644 index 00000000000..d65e3fbab34 --- /dev/null +++ b/archivers/arj/patches/patch-arjsfx.c @@ -0,0 +1,15 @@ +$NetBSD: patch-arjsfx.c,v 1.1 2015/04/12 16:09:27 tnn Exp $ + +Add patch from Debian (security_format.patch) to fix unsafe format string usage. + +--- arjsfx.c.orig 2005-06-21 19:53:14.000000000 +0000 ++++ arjsfx.c +@@ -214,7 +214,7 @@ static void final_cleanup(void) + freopen(dev_con, m_w, stdout); + #if SFX_LEVEL>=ARJSFXV + if(ferror(stdout)) +- msg_fprintf(stderr, M_DISK_FULL); ++ msg_fprintf(stderr, "Can't write file. Disk full?"); + if(debug_enabled&&strchr(debug_opt, 't')!=NULL) + { + ticks=get_ticks()-ticks; diff --git a/archivers/arj/patches/patch-fardata.c b/archivers/arj/patches/patch-fardata.c index a17dbf4e65b..7e16d7acd66 100644 --- a/archivers/arj/patches/patch-fardata.c +++ b/archivers/arj/patches/patch-fardata.c @@ -1,9 +1,19 @@ -$NetBSD: patch-fardata.c,v 1.1 2015/04/12 15:45:00 tnn Exp $ +$NetBSD: patch-fardata.c,v 1.2 2015/04/12 16:09:27 tnn Exp $ Rename strnlen -> _strnlen to avoid conflict in systems having strnlen. +Add patch from Debian (security_format.patch) to fix unsafe format string usage. ---- fardata.c.orig 2004-04-17 11:39:42.000000000 +0000 +--- fardata.c.orig 2015-04-12 15:57:39.000000000 +0000 +++ fardata.c +@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...) + /* Check if the message could have a standard error code */ + if(errno!=0&&is_std_error(errmsg)) + { +- msg_cprintf(0, lf); ++ msg_cprintf(0, "\n"); + error_report(); + } + #endif @@ -190,7 +190,7 @@ int msg_sprintf(char *str, FMSG *fmt, .. /* Length-limited strlen() */ @@ -13,6 +23,35 @@ Rename strnlen -> _strnlen to avoid conflict in systems having strnlen. { const char FAR *sc; +@@ -377,10 +377,10 @@ static void flush_cbuf(int ccode, char * + { + #if SFX_LEVEL>=ARJSFXV + fprintf(new_stdout, strform, n_text); +- fprintf(new_stdout, lf); ++ fprintf(new_stdout, "\n"); + #else + printf(strform, n_text); +- printf(lf); ++ printf("\n"); + #endif + } + else +@@ -391,13 +391,13 @@ static void flush_cbuf(int ccode, char * + #ifdef NEED_CRLF + scr_out("\r"); + #endif +- scr_out(lf); ++ scr_out("\n"); + } + if(!no_colors) + textcolor(color_table[ccode&H_COLORMASK].color); + #else + printf(strform, n_text); +- printf(lf); ++ printf("\n"); + #endif + n_text=t_text+1; + #if SFX_LEVEL>=ARJ @@ -569,7 +569,7 @@ int vcprintf(int ccode, FMSG *fmt, va_li if(!s) s="(null)"; diff --git a/archivers/arj/patches/patch-register.c b/archivers/arj/patches/patch-register.c new file mode 100644 index 00000000000..16f02fb6970 --- /dev/null +++ b/archivers/arj/patches/patch-register.c @@ -0,0 +1,15 @@ +$NetBSD: patch-register.c,v 1.1 2015/04/12 16:09:27 tnn Exp $ + +Add patch from Debian (security_format.patch) to fix unsafe format string usage. + +--- register.c.orig 2004-04-21 07:04:10.000000000 +0000 ++++ register.c +@@ -205,7 +205,7 @@ int main(int argc, char **argv) + char reg_source[200]; + int i; + +- printf(M_REGISTER_BANNER); ++ fputs(M_REGISTER_BANNER, stdout); + integrity_pattern[0]--; + build_crc32_table(); + if(argc!=2) |