Fixed the "fix" for CVE-2006-4810, since it introduced these compiler

warnings. ===> GCC texindex.c: In function `readline': texindex.c:848: warning: assignment makes pointer from integer without a cast ===> MIPSpro cc-1515 cc: ERROR File = texindex.c, Line = 848 A value of type "long" cannot be assigned to an entity of type "char *". end = buffer - linebuffer->buffer; Well, if the compilers were more intelligent, they could have seen that (buffer == linebuffer->buffer) was an invariant and that the resulting difference was therefore always zero, and zero can be converted into any pointer type. ;)
author: rillig <rillig@pkgsrc.org> 2007-01-08 08:21:47 +0000
committer: rillig <rillig@pkgsrc.org> 2007-01-08 08:21:47 +0000
commit: 0d68b6ce4510dc7ee31aa89db7dec7864134f0f7 (patch)
tree: 1fa34b0de8227574436e845c7765305e3d5f0855 /devel/gtexinfo
parent: 51f80af16a6626d65a42b075a43a774d437a1c49 (diff)
download: pkgsrc-0d68b6ce4510dc7ee31aa89db7dec7864134f0f7.tar.gz
2 files changed, 32 insertions, 11 deletions
diff --git a/devel/gtexinfo/distinfo b/devel/gtexinfo/distinfo
index 0adb8c7e41e..a6d439501ba 100644
--- a/devel/gtexinfo/distinfo
+++ b/devel/gtexinfo/distinfo
@@ -1,12 +1,13 @@
-$NetBSD: distinfo,v 1.25 2006/11/18 15:49:02 adrianp Exp $
+$NetBSD: distinfo,v 1.26 2007/01/08 08:21:47 rillig Exp $
 
 SHA1 (texinfo-4.8.tar.bz2) = b19e906f7220294c1e8b087d583c50f5c4d7c420
 RMD160 (texinfo-4.8.tar.bz2) = 5cb82cd240d1f22da813c7142df8828b4f6f1ea4
 Size (texinfo-4.8.tar.bz2) = 1521822 bytes
+SHA1 (patch-al.mine) = 8763b5d73088b2fea9da83c45686c27fd4525455
 SHA1 (patch-aa) = 2c6d6a812fcf3b1aa944832601c3415548e763f5
 SHA1 (patch-ab) = 299ae7a5001c6ab42cca7c6278ae1edb3b348511
 SHA1 (patch-ac) = 01baf8634edcecab0b5edaeddf1e38811cab490d
 SHA1 (patch-ad) = c5c3374322eb8a2c8dfc7871971b73194ab1b14c
 SHA1 (patch-aj) = d9071c62c993550d253c9e1889880d4fccf7d278
 SHA1 (patch-ak) = 2cef2ae464ddb5324acae000420017d4faf7b145
-SHA1 (patch-al) = b55ac4b85f23f11248f9cb66b242be7b4daf46ee
+SHA1 (patch-al) = 5cc3cb9b11ffea22be157bf5d653a92df58f198c
diff --git a/devel/gtexinfo/patches/patch-al b/devel/gtexinfo/patches/patch-al
index 56ee3bec5ea..0936e41a04c 100644
--- a/devel/gtexinfo/patches/patch-al
+++ b/devel/gtexinfo/patches/patch-al
@@ -1,9 +1,14 @@
-$NetBSD: patch-al,v 1.3 2006/11/18 15:49:02 adrianp Exp $
+$NetBSD: patch-al,v 1.4 2007/01/08 08:21:48 rillig Exp $
 
 Security fix for CAN-2005-3001 and CVE-2006-4810
 
---- util/texindex.c.orig	2004-04-11 18:56:47.000000000 +0100
-+++ util/texindex.c
+Note: The "official" patch for CVE-2006-4810 is wrong. The "fixed" code
+assigns a "long" to a "char *". Furthermore, the code was completely
+broken anyway. Maybe that's why it has been removed in the current CVS
+version.
+
+--- util/texindex.c.orig	2004-04-11 19:56:47.000000000 +0200
++++ util/texindex.c	2007-01-08 09:02:20.000000000 +0100
 @@ -387,14 +387,15 @@ For more information about these matters
  /* Return a name for temporary file COUNT. */
  
@@ -47,16 +52,31 @@ Security fix for CAN-2005-3001 and CVE-2006-4810
  }
  
  
-@@ -837,7 +845,7 @@ readline (struct linebuffer *linebuffer,
+@@ -827,17 +835,19 @@ long
+ readline (struct linebuffer *linebuffer, FILE *stream)
+ {
+   char *buffer = linebuffer->buffer;
+-  char *p = linebuffer->buffer;
+-  char *end = p + linebuffer->size;
++  char *p = buffer;
++  char *end = buffer + linebuffer->size;
+ 
+   while (1)
+     {
++      /* invariant: buffer <= p && p <= end */
++      /* invariant: buffer + linebuffer->size == end */
++      /* invariant: buffer == linebuffer->buffer */
+       int c = getc (stream);
+       if (p == end)
          {
            buffer = (char *) xrealloc (buffer, linebuffer->size *= 2);
-           p += buffer - linebuffer->buffer;
+-          p += buffer - linebuffer->buffer;
 -          end += buffer - linebuffer->buffer;
-+          end = buffer - linebuffer->buffer;
++          end = buffer + linebuffer->size;
            linebuffer->buffer = buffer;
          }
        if (c < 0 || c == '\n')
-@@ -882,7 +890,7 @@ sort_offline (char *infile, off_t total,
+@@ -882,7 +892,7 @@ sort_offline (char *infile, off_t total,
  
    for (i = 0; i < ntemps; i++)
      {
@@ -65,7 +85,7 @@ Security fix for CAN-2005-3001 and CVE-2006-4810
        FILE *ostream = fopen (outname, "w");
        long tempsize = 0;
  
-@@ -930,7 +938,7 @@ fail:
+@@ -930,7 +940,7 @@ fail:
  
    for (i = 0; i < ntemps; i++)
      {
@@ -74,7 +94,7 @@ Security fix for CAN-2005-3001 and CVE-2006-4810
        sort_in_core (tempfiles[i], MAX_IN_CORE_SORT, newtemp);
        if (!keep_tempfiles)
          unlink (tempfiles[i]);
-@@ -1400,7 +1408,7 @@ merge_files (char **infiles, int nfiles,
+@@ -1400,7 +1410,7 @@ merge_files (char **infiles, int nfiles,
        int nf = MAX_DIRECT_MERGE;
        if (i + 1 == ntemps)
          nf = nfiles - i * MAX_DIRECT_MERGE;
author	rillig <rillig@pkgsrc.org>	2007-01-08 08:21:47 +0000
committer	rillig <rillig@pkgsrc.org>	2007-01-08 08:21:47 +0000
commit	0d68b6ce4510dc7ee31aa89db7dec7864134f0f7 (patch)
tree	1fa34b0de8227574436e845c7765305e3d5f0855 /devel/gtexinfo
parent	51f80af16a6626d65a42b075a43a774d437a1c49 (diff)
download	pkgsrc-0d68b6ce4510dc7ee31aa89db7dec7864134f0f7.tar.gz