foomatic4-db-engine: Avoid possible strcpy(3) undefined behaviour

When *dst and *src overlaps in strcpy(3) according to POSIX the behaviour is
undefined and at least on NetBSD this lead to SIGABRT (due buffer overflow
detection of fortify) in foomatic-combo-xml.

PKGREVISION++

3 files changed, 37 insertions, 3 deletions

diff --git a/print/foomatic4-db-engine/Makefile b/print/foomatic4-db-engine/Makefile
index 949e4a3409f..9aface16209 100644
--- a/print/foomatic4-db-engine/Makefile
+++ b/print/foomatic4-db-engine/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.28 2018/04/29 21:32:01 adam Exp $
+# $NetBSD: Makefile,v 1.29 2018/07/20 19:14:00 leot Exp $
 #
 
 DISTNAME=	foomatic-db-engine-4.0.12
-PKGREVISION=	8
+PKGREVISION=	9
 CATEGORIES=	print
 MASTER_SITES=	http://www.openprinting.org/download/foomatic/
 
diff --git a/print/foomatic4-db-engine/distinfo b/print/foomatic4-db-engine/distinfo
index d4d26ab3fdf..25cab7ced2a 100644
--- a/print/foomatic4-db-engine/distinfo
+++ b/print/foomatic4-db-engine/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.7 2015/11/04 01:01:33 agc Exp $
+$NetBSD: distinfo,v 1.8 2018/07/20 19:14:00 leot Exp $
 
 SHA1 (foomatic-db-engine-4.0.12.tar.gz) = c3b747113b6a64b998000774e7c2d03ce48654c1
 RMD160 (foomatic-db-engine-4.0.12.tar.gz) = 163ad52e616928aa723cb3d263f1686e6a187500
 SHA512 (foomatic-db-engine-4.0.12.tar.gz) = b7e99ace6a632e9b0213183bd2c6c2d11ca072ea0414e8ca569082b7ec183dd81c80594ad63fdee82d761ae36d4fce9d3c881569a95a6085ec326ef7fd21154f
 Size (foomatic-db-engine-4.0.12.tar.gz) = 360499 bytes
 SHA1 (patch-aa) = 3f81a888afc0f0ee6c913f09f2ea896058f015dd
+SHA1 (patch-foomatic-combo-xml.c) = 63693ff90b03ab8f460b0dd83ece4d2e5bdabaf1
 SHA1 (patch-makeMan.in) = 1beb5dbd5e288660a374e035e52b51fb80b9cc61
diff --git a/print/foomatic4-db-engine/patches/patch-foomatic-combo-xml.c b/print/foomatic4-db-engine/patches/patch-foomatic-combo-xml.c
new file mode 100644
index 00000000000..340d8f1b6fc
--- /dev/null
+++ b/print/foomatic4-db-engine/patches/patch-foomatic-combo-xml.c
@@ -0,0 +1,33 @@
+$NetBSD: patch-foomatic-combo-xml.c,v 1.1 2018/07/20 19:14:00 leot Exp $
+
+Avoid strcpy(3) undefined behaviour when *dst and *src overlaps.
+
+--- foomatic-combo-xml.c.orig	2018-03-02 19:15:50.000000000 +0000
++++ foomatic-combo-xml.c
+@@ -316,6 +316,7 @@ parse(char **data, /* I/O - Data to proc
+   double        minnumvalue = 0;
+   int           csense = 0;
+   char          cprinter[256];
++  char          ctid[256];
+   char          cmake[256];
+   char          cmodel[256];
+   char          cdriver[256];
+@@ -1483,7 +1484,7 @@ parse(char **data, /* I/O - Data to proc
+ 		  inid = 0;
+ 		  /* Get the short printer ID (w/o "printer/") */
+ 		  strcpy(cprinter, currtagbody + 8);
+-		  strcpy(cprinter, translateid(cprinter, idlist));
++		  strcpy(cprinter, translateid(currtagbody + 8, idlist));
+ 		  if (debug)
+ 		    fprintf(stderr,
+ 			    "    Overview: Printer: %s Driver: %s\n",
+@@ -1970,7 +1971,8 @@ parse(char **data, /* I/O - Data to proc
+ 	    cprinter, cmake, cmodel, cfunctionality, cdriver,cautodetectentry);
+     if ((cprinter[0]) && (cmake[0]) && (cmodel[0]) && (cfunctionality[0])) 
+     /* ?PRINTER_ENTRY Y */ {
+-      strcpy(cprinter, translateid(cprinter, idlist));
++      strcpy(ctid, translateid(cprinter, idlist));
++      strcpy(cprinter, ctid);
+       strcat((char *)(*data), "  <printer>\n    <id>");
+       strcat((char *)(*data), cprinter);
+       strcat((char *)(*data), "</id>\n    <make>");