diff options
| author | tron <tron@pkgsrc.org> | 2006-05-29 13:48:53 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2006-05-29 13:48:53 +0000 |
| commit | 5bfa3f9c363bed4fd3bb2e42e4d2f294032f2ef6 (patch) | |
| tree | 056610fedcde32cfc08bc419026ccfe873de414d /devel | |
| parent | 5d28f9d2244aca48cd90a74d59d64ae64d8f04e1 (diff) | |
| download | pkgsrc-5bfa3f9c363bed4fd3bb2e42e4d2f294032f2ef6.tar.gz | |
Integrate Debian's fix for security whole reported in CVE-2004-2541.
Bump package revision.
Diffstat (limited to 'devel')
| -rw-r--r-- | devel/cscope/Makefile | 3 | ||||
| -rw-r--r-- | devel/cscope/distinfo | 14 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-ae | 20 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-af | 84 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-ag | 11 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-ah | 64 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-ai | 62 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-aj | 23 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-ak | 11 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-al | 11 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-am | 11 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-an | 11 | ||||
| -rw-r--r-- | devel/cscope/patches/patch-ao | 11 |
13 files changed, 302 insertions, 34 deletions
diff --git a/devel/cscope/Makefile b/devel/cscope/Makefile index 7b3201b9dc8..f32918d8e3d 100644 --- a/devel/cscope/Makefile +++ b/devel/cscope/Makefile @@ -1,6 +1,7 @@ -# $NetBSD: Makefile,v 1.43 2006/03/04 21:29:13 jlam Exp $ +# $NetBSD: Makefile,v 1.44 2006/05/29 13:48:53 tron Exp $ DISTNAME= cscope-15.5 +PKGREVISION= 1 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=cscope/} diff --git a/devel/cscope/distinfo b/devel/cscope/distinfo index d9bbda39273..8fcf55e99c6 100644 --- a/devel/cscope/distinfo +++ b/devel/cscope/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2006/03/23 16:09:32 yyamano Exp $ +$NetBSD: distinfo,v 1.13 2006/05/29 13:48:53 tron Exp $ SHA1 (cscope-15.5.tar.gz) = 2e8e66735254328399dc50757b270bcc3e9002d3 RMD160 (cscope-15.5.tar.gz) = 30623f07043abc90d76b384c407abe5813a8a716 @@ -7,4 +7,14 @@ SHA1 (patch-aa) = 8350f5bd050fac10c5b5b5dcd7c04e7f3a883324 SHA1 (patch-ab) = 646512ad53b3f3e7dab607df4c6c3d775587a03c SHA1 (patch-ac) = 40a69af0eb5419de827b490c960803a736040f2c SHA1 (patch-ad) = 7e0f25b67f3476ac90b7541595649d6a6bf65aa9 -SHA1 (patch-af) = fbccbdcbf195a5852ff35be36446c471daf36cd5 +SHA1 (patch-ae) = eefe4052767901c27eefb17c182f8bd56997d3b7 +SHA1 (patch-af) = 310a02a1f1e8b780fb6bf1ce86da628bab0f21a4 +SHA1 (patch-ag) = e231fad53976305b1025b62b241e295acc73664b +SHA1 (patch-ah) = 9caa10d9cd4332c1172fc7ae9682d057bbf7ddaa +SHA1 (patch-ai) = a0fdf5d665399c7f7e9e0b37de5f0531d5b4b28f +SHA1 (patch-aj) = 7920535ee918dd02d55222f5327cfd86b8cf583d +SHA1 (patch-ak) = 9773b0eb449be43e28a47e36a6aa178c8d5fbedc +SHA1 (patch-al) = d64855929ac556c03e0ddc07b4869b8d159d3249 +SHA1 (patch-am) = aee755e5ac8e15e685eb7b755be9c967d79c71f8 +SHA1 (patch-an) = 924c2883fbea0b66ecdd6085f07a1a3bf3cd2752 +SHA1 (patch-ao) = d8fd8aadf22b582e8ca2e90a1da8d64490293155 diff --git a/devel/cscope/patches/patch-ae b/devel/cscope/patches/patch-ae new file mode 100644 index 00000000000..80ecdd65bdd --- /dev/null +++ b/devel/cscope/patches/patch-ae @@ -0,0 +1,20 @@ +--- src/build.c.orig 2003-03-05 10:43:59.000000000 +0000 ++++ src/build.c 2006-05-29 14:34:26.000000000 +0100 +@@ -215,7 +215,7 @@ + (void) strcpy(newdir, "$HOME"); + } + else if (strncmp(currentdir, home, strlen(home)) == 0) { +- (void) sprintf(newdir, "$HOME%s", currentdir + strlen(home)); ++ (void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); + } + /* sort the source file names (needed for rebuilding) */ + qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare); +@@ -443,7 +443,7 @@ + } + (void) fstat(fileno(postings), &statstruct); + (void) fclose(postings); +- (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); ++ (void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + if ((postings = mypopen(sortcommand, "r")) == NULL) { + (void) fprintf(stderr, "cscope: cannot open pipe to sort command\n"); + cannotindex(); diff --git a/devel/cscope/patches/patch-af b/devel/cscope/patches/patch-af index fe0977af537..beab1397868 100644 --- a/devel/cscope/patches/patch-af +++ b/devel/cscope/patches/patch-af @@ -1,40 +1,62 @@ -$NetBSD: patch-af,v 1.5 2005/10/03 15:00:12 wiz Exp $ - ---- src/main.c.orig 2003-08-14 16:36:18.000000000 +0200 -+++ src/main.c -@@ -330,9 +330,32 @@ lastarg: +--- src/main.c.orig 2003-08-14 15:36:18.000000000 +0100 ++++ src/main.c 2006-05-29 14:34:26.000000000 +0100 +@@ -330,9 +330,31 @@ } /* create the temporary file names */ - pid = getpid(); - (void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid); - (void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid); -+ do { -+ char *tempfile = tempnam(tmpdir, "cscope1"); -+ if (!tempfile) { -+ fprintf (stderr, "Can't create tempfile\n"); -+ exit(1); -+ } -+ if (strlen(tempfile) >= sizeof(temp1)) { -+ fprintf (stderr, "TMPDIR path is too long\n"); -+ exit(1); -+ } -+ strncpy (temp1, tempfile, sizeof (temp1)); -+ free (tempfile); -+ } while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0); -+ do { -+ char *tempfile = tempnam(tmpdir, "cscope2"); -+ if (!tempfile) { -+ fprintf (stderr, "Can't create tempfile\n"); -+ exit(1); -+ } -+ if (strlen(tempfile) >= sizeof(temp2)) { -+ fprintf (stderr, "TMPDIR path is too long\n"); -+ exit(1); -+ } -+ strncpy (temp2, tempfile, sizeof (temp2)); -+ free (tempfile); -+ } while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, S_IREAD|S_IWRITE) < 0); ++ do { ++ char *tempfile = tempnam(tmpdir, "cscope1"); ++ if (!tempfile) { ++ fputs ("Can't create tempfile\n", stderr); ++ exit (1); ++ } ++ if (strlen(tempfile) >= sizeof(temp1)) { ++ fputs ("TMPDIR path is too long\n", stderr); ++ exit(1); ++ } ++ strncpy (temp1, tempfile, sizeof (temp1)); ++ } while (open (temp1, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0); ++ do { ++ char *tempfile = tempnam(tmpdir, "cscope2"); ++ if (!tempfile) { ++ fputs ("Can't create tempfile\n", stderr); ++ exit (1); ++ } ++ if (strlen(tempfile) >= sizeof(temp2)) { ++ fputs ("TMPDIR path is too long\n", stderr); ++ exit(1); ++ } ++ strncpy (temp2, tempfile, sizeof (temp2)); ++ } while (open (temp2, O_CREAT|O_EXCL|O_WRONLY, 0600) < 0); ++ /* if running in the foreground */ if (signal(SIGINT, SIG_IGN) != SIG_IGN) { +@@ -352,12 +374,12 @@ + * used instead of failing to open a non-existant database in + * the home directory + */ +- (void) sprintf(path, "%s/%s", home, reffile); ++ (void) snprintf(path, sizeof(path), "%s/%s", home, reffile); + if (isuptodate == NO || access(path, READ) == 0) { + reffile = stralloc(path); +- (void) sprintf(path, "%s/%s", home, invname); ++ (void) snprintf(path, sizeof(path), "%s/%s", home, invname); + invname = stralloc(path); +- (void) sprintf(path, "%s/%s", home, invpost); ++ (void) snprintf(path, sizeof(path), "%s/%s", home, invpost); + invpost = stralloc(path); + } + } +@@ -692,7 +714,7 @@ + #else + char *msg = mymalloc(50+strlen(file)); + +- (void) sprintf(msg, "Removed file %s because write failed", file); ++ (void) snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); + #endif + + myperror(msg); /* display the reason */ diff --git a/devel/cscope/patches/patch-ag b/devel/cscope/patches/patch-ag new file mode 100644 index 00000000000..9cb46310181 --- /dev/null +++ b/devel/cscope/patches/patch-ag @@ -0,0 +1,11 @@ +--- src/command.c.orig 2002-07-29 13:37:49.000000000 +0100 ++++ src/command.c 2006-05-29 14:34:26.000000000 +0100 +@@ -718,7 +718,7 @@ + + /* make sure it can be changed */ + if (access(newfile, WRITE) != 0) { +- (void) sprintf(msg, "Cannot write to file %s", newfile); ++ (void) snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); + postmsg(msg); + anymarked = NO; + break; diff --git a/devel/cscope/patches/patch-ah b/devel/cscope/patches/patch-ah new file mode 100644 index 00000000000..dc26e3fc27e --- /dev/null +++ b/devel/cscope/patches/patch-ah @@ -0,0 +1,64 @@ +--- src/dir.c.orig 2003-06-02 11:43:00.000000000 +0100 ++++ src/dir.c 2006-05-29 14:34:26.000000000 +0100 +@@ -138,7 +138,7 @@ + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addsrcdir(path); +@@ -206,7 +206,7 @@ + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addincdir(dir, path); +@@ -474,8 +474,6 @@ + DIR *dirfile; + int adir_len = strlen(adir); + +- /* FIXME: no guards against adir_len > PATHLEN, yet */ +- + if ((dirfile = opendir(adir)) != NULL) { + struct dirent *entry; + char path[PATHLEN + 1]; +@@ -486,7 +484,7 @@ + && (strcmp("..",entry->d_name) != 0)) { + struct stat buf; + +- sprintf(path,"%s/%.*s", adir, ++ snprintf(path, sizeof(path), "%s/%.*s", adir, + PATHLEN - 2 - adir_len, + entry->d_name); + +@@ -603,14 +601,14 @@ + for (i = 0; i < nincdirs; ++i) { + + /* don't include the file from two directories */ +- (void) sprintf(name, "%.*s/%s", ++ (void) snprintf(name, sizeof(name), "%.*s/%s", + PATHLEN - 2 - file_len, incnames[i], + file); + if (infilelist(name) == YES) { + break; + } + /* make sure it exists and is readable */ +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, incdirs[i], + file); + if (access(compath(path), READ) == 0) { +@@ -654,7 +652,7 @@ + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, srcdirs[i], + file); + if (access(compath(path), READ) == 0) { diff --git a/devel/cscope/patches/patch-ai b/devel/cscope/patches/patch-ai new file mode 100644 index 00000000000..8c7bb5b17cf --- /dev/null +++ b/devel/cscope/patches/patch-ai @@ -0,0 +1,62 @@ +--- src/display.c.orig 2003-09-04 16:54:02.000000000 +0100 ++++ src/display.c 2006-05-29 14:34:26.000000000 +0100 +@@ -473,24 +473,24 @@ + /* see if it is empty */ + if ((c = getc(refsfound)) == EOF) { + if (findresult != NULL) { +- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", + findresult, pattern); + } + else if (rc == NOTSYMBOL) { +- (void) sprintf(lastmsg, "This is not a C symbol: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", + pattern); + } + else if (rc == REGCMPERROR) { +- (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", + pattern); + + } + else if (funcexist == NO) { +- (void) sprintf(lastmsg, "Function definition does not exist: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", + pattern); + } + else { +- (void) sprintf(lastmsg, "Could not find the %s: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", + fields[field].text2, pattern); + } + return(NO); +@@ -555,17 +555,17 @@ + move(MSGLINE, 0); + clrtoeol(); + addstr(what); +- sprintf(msg, "%ld", current); ++ snprintf(msg, sizeof(msg), "%ld", current); + move(MSGLINE, (COLS / 2) - (strlen(msg) / 2)); + addstr(msg); +- sprintf(msg, "%ld", max); ++ snprintf(msg, sizeof(msg), "%ld", max); + move(MSGLINE, COLS - strlen(msg)); + addstr(msg); + refresh(); + } + else if (verbosemode == YES) + { +- sprintf(msg, "> %s %ld of %ld", what, current, max); ++ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max); + } + + start = now; +@@ -603,7 +603,7 @@ + s = sys_errlist[errno]; + } + #endif +- (void) sprintf(msg, "%s: %s", text, s); ++ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s); + postmsg(msg); + } + diff --git a/devel/cscope/patches/patch-aj b/devel/cscope/patches/patch-aj new file mode 100644 index 00000000000..70d2ece9d15 --- /dev/null +++ b/devel/cscope/patches/patch-aj @@ -0,0 +1,23 @@ +--- src/edit.c.orig 2001-07-18 14:49:01.000000000 +0100 ++++ src/edit.c 2006-05-29 14:34:26.000000000 +0100 +@@ -105,9 +105,9 @@ + char *s; + + file = filepath(file); +- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file); ++ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file); + postmsg(msg); +- (void) sprintf(plusnum, lineflag, linenum); ++ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum); + /* if this is the more or page commands */ + if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) { + +@@ -132,7 +132,7 @@ + static char path[PATHLEN + 1]; + + if (prependpath != NULL && *file != '/') { +- (void) sprintf(path, "%s/%s", prependpath, file); ++ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file); + file = path; + } + return(file); diff --git a/devel/cscope/patches/patch-ak b/devel/cscope/patches/patch-ak new file mode 100644 index 00000000000..584f1758537 --- /dev/null +++ b/devel/cscope/patches/patch-ak @@ -0,0 +1,11 @@ +--- src/exec.c.orig 2002-07-29 13:37:49.000000000 +0100 ++++ src/exec.c 2006-05-29 14:34:26.000000000 +0100 +@@ -124,7 +124,7 @@ + + /* execute the program or shell script */ + (void) execvp(a, args); /* returns only on failure */ +- (void) sprintf(msg, "\nCannot exec %s", a); ++ (void) snprintf(msg, sizeof(msg), "\nCannot exec %s", a); + perror(msg); /* display the reason */ + askforreturn(); /* wait until the user sees the message */ + myexit(1); /* exit the child */ diff --git a/devel/cscope/patches/patch-al b/devel/cscope/patches/patch-al new file mode 100644 index 00000000000..5ed5fdebbee --- /dev/null +++ b/devel/cscope/patches/patch-al @@ -0,0 +1,11 @@ +--- src/find.c.orig 2003-09-04 16:58:52.000000000 +0100 ++++ src/find.c 2006-05-29 14:34:26.000000000 +0100 +@@ -666,7 +666,7 @@ + /* must be an exact match */ + /* note: regcomp doesn't recognize ^*keypad$ as a syntax error + unless it is given as a single arg */ +- (void) sprintf(buf, "^%s$", s); ++ (void) snprintf(buf, sizeof(buf), "^%s$", s); + if (regcomp (®exp, buf, REG_EXTENDED | REG_NOSUB) != 0) { + return(REGCMPERROR); + } diff --git a/devel/cscope/patches/patch-am b/devel/cscope/patches/patch-am new file mode 100644 index 00000000000..c5e050aa0d1 --- /dev/null +++ b/devel/cscope/patches/patch-am @@ -0,0 +1,11 @@ +--- src/vpaccess.c.orig 2001-07-18 14:49:02.000000000 +0100 ++++ src/vpaccess.c 2006-05-29 14:34:26.000000000 +0100 +@@ -49,7 +49,7 @@ + if ((returncode = access(path, amode)) == -1 && path[0] != '/') { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], path); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); + if ((returncode = access(buf, amode)) != -1) { + break; + } diff --git a/devel/cscope/patches/patch-an b/devel/cscope/patches/patch-an new file mode 100644 index 00000000000..c4b49b2f498 --- /dev/null +++ b/devel/cscope/patches/patch-an @@ -0,0 +1,11 @@ +--- src/vpfopen.c.orig 2001-07-18 14:49:02.000000000 +0100 ++++ src/vpfopen.c 2006-05-29 14:34:26.000000000 +0100 +@@ -53,7 +53,7 @@ + ) { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], filename); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename); + if ((returncode = myfopen(buf, type)) != NULL) { + break; + } diff --git a/devel/cscope/patches/patch-ao b/devel/cscope/patches/patch-ao new file mode 100644 index 00000000000..28e9eadfb26 --- /dev/null +++ b/devel/cscope/patches/patch-ao @@ -0,0 +1,11 @@ +--- src/vpopen.c.orig 2002-07-29 13:37:50.000000000 +0100 ++++ src/vpopen.c 2006-05-29 14:34:26.000000000 +0100 +@@ -52,7 +52,7 @@ + oflag == OPENFLAG_READ) { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], path); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); + if ((returncode = myopen(buf, oflag, 0666)) != -1) { + break; + } |