[arch-commits] Commit in (13 files)
Levente Polyak
anthraxx at archlinux.org
Thu Jan 7 00:08:53 UTC 2016
Date: Thursday, January 7, 2016 @ 01:08:53
Author: anthraxx
Revision: 155609
upgpkg: arj 3.10.22-11
Added:
arj/
arj/repos/
arj/trunk/
arj/trunk/64_bit_clean.patch
arj/trunk/CVE-2015-0556-symlink-traversal.patch
arj/trunk/CVE-2015-0557-dir-traversal.patch
arj/trunk/CVE-2015-2782-buffer-overflow.patch
arj/trunk/PKGBUILD
arj/trunk/arches_align.patch
arj/trunk/custom-printf.patch
arj/trunk/no_remove_static_const.patch
arj/trunk/security_format.patch
arj/trunk/use_safe_strcpy.patch
---------------------------------------+
64_bit_clean.patch | 194 ++++++++++++++++++++
CVE-2015-0556-symlink-traversal.patch | 85 ++++++++
CVE-2015-0557-dir-traversal.patch | 33 +++
CVE-2015-2782-buffer-overflow.patch | 35 +++
PKGBUILD | 70 +++++++
arches_align.patch | 34 +++
custom-printf.patch | 15 +
no_remove_static_const.patch | 20 ++
security_format.patch | 305 ++++++++++++++++++++++++++++++++
use_safe_strcpy.patch | 97 ++++++++++
10 files changed, 888 insertions(+)
Added: arj/trunk/64_bit_clean.patch
===================================================================
--- arj/trunk/64_bit_clean.patch (rev 0)
+++ arj/trunk/64_bit_clean.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,194 @@
+#DPATCHLEVEL=1
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_arcv.c arj-3.10.22/arj_arcv.c
+--- arj-3.10.22.orig/arj_arcv.c 2005-06-21 22:53:12.000000000 +0300
++++ arj-3.10.22/arj_arcv.c 2005-11-24 02:50:31.000000000 +0200
+@@ -59,27 +59,27 @@
+ #define setup_hput(ptr) (tmp_hptr=(ptr))
+
+ #define hget_byte() (*(tmp_hptr++)&0xFF)
+-#define hput_byte(c) (*(tmp_hptr++)=(char) (c))
++#define hput_byte(c) (*(tmp_hptr++)=(uint8_t) (c))
+
+ /* Reads two bytes from the header, incrementing the pointer */
+
+-static unsigned int hget_word()
++static uint16_t hget_word()
+ {
+- unsigned int result;
++ uint16_t result;
+
+ result=mget_word(tmp_hptr);
+- tmp_hptr+=sizeof(short);
++ tmp_hptr+=sizeof(uint16_t);
+ return result;
+ }
+
+ /* Reads four bytes from the header, incrementing the pointer */
+
+-static unsigned long hget_longword()
++static uint32_t hget_longword()
+ {
+- unsigned long result;
++ uint32_t result;
+
+ result=mget_dword(tmp_hptr);
+- tmp_hptr+=sizeof(unsigned long);
++ tmp_hptr+=sizeof(uint32_t);
+ return result;
+ }
+
+@@ -87,18 +87,18 @@
+
+ /* Writes two bytes to the header, incrementing the pointer */
+
+-static void hput_word(unsigned int w)
++static void hput_word(uint16_t w)
+ {
+ mput_word(w,tmp_hptr);
+- tmp_hptr+=sizeof(unsigned short);
++ tmp_hptr+=sizeof(uint16_t);
+ }
+
+ /* Writes four bytes to the header, incrementing the pointer */
+
+-static void hput_longword(unsigned long l)
++static void hput_longword(uint32_t l)
+ {
+ mput_dword(l,tmp_hptr);
+- tmp_hptr+=sizeof(unsigned long);
++ tmp_hptr+=sizeof(uint32_t);
+ }
+
+ /* Calculates and stores the basic header size */
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.c arj-3.10.22/arj_proc.c
+--- arj-3.10.22.orig/arj_proc.c 2005-11-24 02:50:19.000000000 +0200
++++ arj-3.10.22/arj_proc.c 2005-11-24 02:50:31.000000000 +0200
+@@ -585,7 +585,7 @@
+ /* Returns the exact amount of data that could be safely written to the
+ destination volume */
+
+-unsigned long get_volfree(unsigned int increment)
++unsigned long get_volfree(unsigned long increment)
+ {
+ unsigned long pvol;
+ unsigned int arjsec_overhead;
+@@ -605,7 +605,7 @@
+ remain=volume_limit-ftell(aostream)-pvol-(long)arjsec_overhead-
+ (long)out_bytes-(long)cpos-(long)ext_voldata-
+ MULTIVOLUME_RESERVE-t_volume_offset;
+- return((unsigned long)min(remain, (unsigned long)increment));
++ return((unsigned long)min(remain, increment));
+ }
+
+ /* Performs various checks when multivolume data is packed to predict an
+@@ -2466,14 +2466,14 @@
+ *tsptr='\0';
+ endptr=tsptr;
+ tsptr=sptr;
+- while((unsigned int)tsptr<(unsigned int)endptr&&patterns<SEARCH_STR_MAX)
++ while((intptr_t)tsptr<(intptr_t)endptr&&patterns<SEARCH_STR_MAX)
+ {
+ while(*tsptr=='\0')
+ tsptr++;
+- if((unsigned int)tsptr<(unsigned int)endptr)
++ if((intptr_t)tsptr<(intptr_t)endptr)
+ {
+ search_str[patterns++]=tsptr;
+- while(*tsptr!='\0'&&(unsigned int)tsptr<(unsigned int)endptr)
++ while(*tsptr!='\0'&&(intptr_t)tsptr<(intptr_t)endptr)
+ tsptr++;
+ }
+ }
+@@ -2901,9 +2901,9 @@
+ #if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
+ /* Model-independent routine to get 2 bytes from far RAM */
+
+-unsigned int mget_word(char FAR *p)
++uint16_t mget_word(char FAR *p)
+ {
+- unsigned int b0, b1;
++ uint16_t b0, b1;
+
+ b0=mget_byte(p);
+ b1=mget_byte(p+1);
+@@ -2912,9 +2912,9 @@
+
+ /* Model-independent routine to get 4 bytes from far RAM */
+
+-unsigned long mget_dword(char FAR *p)
++uint32_t mget_dword(char FAR *p)
+ {
+- unsigned long w0, w1;
++ uint32_t w0, w1;
+
+ w0=mget_word(p);
+ w1=mget_word(p+2);
+@@ -2923,7 +2923,7 @@
+
+ /* Model-independent routine to store 2 bytes in far RAM */
+
+-void mput_word(unsigned int w, char FAR *p)
++void mput_word(uint16_t w, char FAR *p)
+ {
+ mput_byte(w&0xFF, p);
+ mput_byte(w>>8 , p+1);
+@@ -2931,7 +2931,7 @@
+
+ /* Model-independent routine to store 4 bytes in far RAM */
+
+-void mput_dword(unsigned long d, char FAR *p)
++void mput_dword(uint32_t d, char FAR *p)
+ {
+ mput_word(d&0xFFFF, p);
+ mput_word(d>>16 , p+2);
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.h arj-3.10.22/arj_proc.h
+--- arj-3.10.22.orig/arj_proc.h 2005-11-24 02:50:19.000000000 +0200
++++ arj-3.10.22/arj_proc.h 2005-11-24 03:17:25.000000000 +0200
+@@ -8,15 +8,17 @@
+ #ifndef ARJ_PROC_INCLUDED
+ #define ARJ_PROC_INCLUDED
+
++#include <stdint.h>
++
+ /* Helper macros */
+
+-#define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
+-#define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
++#define mget_byte(p) (*(uint8_t FAR *)(p)&0xFF)
++#define mput_byte(c, p) *(uint8_t FAR *)(p)=(uint8_t)(c)
+ #if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
+-#define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
+-#define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
+-#define mget_dword(p) (*(unsigned long *)(p))
+-#define mput_dword(w,p) (*(unsigned long *)(p)=(unsigned long)(w))
++#define mget_word(p) (*(uint16_t *)(p)&0xFFFF)
++#define mput_word(w,p) (*(uint16_t *)(p)=(uint16_t)(w))
++#define mget_dword(p) (*(uint32_t *)(p))
++#define mput_dword(w,p) (*(uint32_t *)(p)=(uint32_t)(w))
+ #endif
+
+ /* Prototypes */
+@@ -31,7 +33,7 @@
+ int translate_path(char *name);
+ void restart_proc(char *dest);
+ int search_for_extension(char *name, char *ext_list);
+-unsigned long get_volfree(unsigned int increment);
++unsigned long get_volfree(unsigned long increment);
+ unsigned int check_multivolume(unsigned int increment);
+ void store();
+ void hollow_encode();
+@@ -61,10 +63,10 @@
+ void strip_lf(char *str);
+ char *ltrim(char *str);
+ #if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
+-unsigned int mget_word(char FAR *p);
+-unsigned long mget_dword(char FAR *p);
+-void mput_word(unsigned int w, char FAR *p);
+-void mput_dword(unsigned long d, char FAR *p);
++uint16_t mget_word(char FAR *p);
++uint32_t mget_dword(char FAR *p);
++void mput_word(uint16_t w, char FAR *p);
++void mput_dword(uint32_t d, char FAR *p);
+ #endif
+
+ #endif
Added: arj/trunk/CVE-2015-0556-symlink-traversal.patch
===================================================================
--- arj/trunk/CVE-2015-0556-symlink-traversal.patch (rev 0)
+++ arj/trunk/CVE-2015-0556-symlink-traversal.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,85 @@
+Description: Fix symlink directory traversal.
+ Do not allow symlinks that traverse the current directoru, nor absolute
+ symlinks.
+ .
+ Fixes CVE-2015-0556.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774434
+Forwarded: no
+Last-Update: 2015-03-28
+
+---
+ uxspec.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 54 insertions(+)
+
+--- a/uxspec.c
++++ b/uxspec.c
+@@ -120,6 +120,58 @@ int query_uxspecial(char FAR **dest, cha
+ }
+ #endif
+
++#if TARGET==UNIX
++static int is_link_traversal(const char *name)
++{
++ enum {
++ STATE_NONE,
++ STATE_DOTS,
++ STATE_NAME,
++ } state = STATE_NONE;
++ int ndir = 0;
++ int dots = 0;
++
++ while(*name) {
++ int c = *name++;
++
++ if (c == '/')
++ {
++ if ((state == STATE_DOTS) && (dots == 2))
++ ndir--;
++ if (ndir < 0)
++ return 1;
++ if ((state == STATE_DOTS && dots == 1) && ndir == 0)
++ return 1;
++ if (state == STATE_NONE && ndir == 0)
++ return 1;
++ if ((state == STATE_DOTS) && (dots > 2))
++ ndir++;
++ state = STATE_NONE;
++ dots = 0;
++ }
++ else if (c == '.')
++ {
++ if (state == STATE_NONE)
++ state = STATE_DOTS;
++ dots++;
++ }
++ else
++ {
++ if (state == STATE_NONE)
++ ndir++;
++ state = STATE_NAME;
++ }
++ }
++
++ if ((state == STATE_DOTS) && (dots == 2))
++ ndir--;
++ if ((state == STATE_DOTS) && (dots > 2))
++ ndir++;
++
++ return ndir < 0;
++}
++#endif
++
+ /* Restores the UNIX special file data */
+
+ int set_uxspecial(char FAR *storage, char *name)
+@@ -156,6 +208,8 @@ int set_uxspecial(char FAR *storage, cha
+ l=sizeof(tmp_name)-1;
+ far_memmove((char FAR *)tmp_name, dptr, l);
+ tmp_name[l]='\0';
++ if (is_link_traversal(tmp_name))
++ return(UXSPEC_RC_ERROR);
+ rc=(id==UXSB_HLNK)?link(tmp_name, name):symlink(tmp_name, name);
+ if(!rc)
+ return(0);
Added: arj/trunk/CVE-2015-0557-dir-traversal.patch
===================================================================
--- arj/trunk/CVE-2015-0557-dir-traversal.patch (rev 0)
+++ arj/trunk/CVE-2015-0557-dir-traversal.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,33 @@
+Description: Fix absolute path traversals.
+ Catch multiple leading slashes when checking for absolute path traversals.
+ .
+ Fixes CVE-2015-0557.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774435
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ environ.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/environ.c
++++ b/environ.c
+@@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
+ if(action!=VALIDATE_DRIVESPEC)
+ {
+ #endif
++ while (name[0]!='\0'&&
++ (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
+ if(name[0]=='.')
+ {
+ if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
+@@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
+ }
+ if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
+ name++; /* "\\" - revert to root */
++ }
+ #if SFX_LEVEL>=ARJSFXV
+ }
+ }
Added: arj/trunk/CVE-2015-2782-buffer-overflow.patch
===================================================================
--- arj/trunk/CVE-2015-2782-buffer-overflow.patch (rev 0)
+++ arj/trunk/CVE-2015-2782-buffer-overflow.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,35 @@
+Description: Fix buffer overflow causing an invalid pointer free().
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774015
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ decode.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/decode.c
++++ b/decode.c
+@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
+ if(i==i_special)
+ {
+ c=getbits(2);
+- while(--c>=0)
++ while(--c>=0&&i<nn)
+ pt_len[i++]=0;
+ }
+ }
+@@ -314,10 +314,10 @@ void read_c_len()
+ c=getbits(CBIT);
+ c+=20;
+ }
+- while(--c>=0)
++ while(--c>=0&&i<NC)
+ c_len[i++]=0;
+ }
+- else
++ else if (i<NC)
+ c_len[i++]=(unsigned char)(c-2);
+ }
+ while(i<NC)
Added: arj/trunk/PKGBUILD
===================================================================
--- arj/trunk/PKGBUILD (rev 0)
+++ arj/trunk/PKGBUILD 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,70 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Alexander F Rødseth <xyproto at archlinux.org>
+# Contributor: Travis Willard <travisw at wmpub.ca>
+# Contributor: Gergely Tamas <dice at mfa.kfki.hu>
+
+pkgname=arj
+pkgver=3.10.22
+pkgrel=11
+pkgdesc='Free and portable clone of the ARJ archiver'
+url='http://arj.sourceforge.net/'
+arch=('x86_64' 'i686')
+license=('GPL')
+depends=('glibc')
+options=('!makeflags')
+source=(${pkgname}-${pkgver}.tar.gz::http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ arches_align.patch
+ no_remove_static_const.patch
+ 64_bit_clean.patch
+ custom-printf.patch
+ security_format.patch
+ use_safe_strcpy.patch
+ CVE-2015-0556-symlink-traversal.patch
+ CVE-2015-0557-dir-traversal.patch
+ CVE-2015-2782-buffer-overflow.patch)
+sha512sums=('4730dfdbab4f8095396c337578ed69bdaae52955ad468db50b52af8ad2846ecd6cfc05eb3ac0d03838c1c32ea60126f14a22b93e8181c06b9546456f3937ff76'
+ '166b027adc6b0ffab02d96cd6ede70dc7d2f1f33ef21177c97dd43fdf1ca235a0a8f70e963d749dfb04c5c55ffe42a8601d8df97d84824118b408d00ca6eeb7c'
+ '580e9bd4b37f9bf76784331f4e55abc30349cdd1735fd05897226137e78f0e420c6dcb287fcb111ac667b9f41c16e53b70cde50bce913eb85567afa05957c29a'
+ 'c6600b74af7e3ba982fa8471a19c9ca7d4652d5de871809edb4124e405a33b623eb10abc4fff00e578dc0144e955b9aaaaecac06c66f9923b005635cf00f9a06'
+ 'b1739a5cf75bb4036e41dd071fd4452e8d58805c539147d61594c14f959370a523939bd73de29473ea79f023ef759cec2feff497d5ded777919dd289dae8f769'
+ '82611c25aadb4dc73284a6ad5c47fdfc708ebb4f92271bfcc8a6ca5855bc3582ac77b32ac0e94294f1158e41a7292637feabee043dfb2c0000193136fb288e56'
+ 'f72101f5fb9828afcf1851980ec1fa71d91942b2617b9182bbb92ca3d82069bee898436be9105b4a0445a6a0707c311b569f59397bc9ea29c9a98b7c088dd50c'
+ 'c74003d2a4631adcd4b9bdb38830ed373e63da021c29f682e3e6faf032100f8963c544e0aeaa277220c02f24f72ceecc4b0ef96b03de2f113ccf7ff4471a4ca4'
+ 'd7c23ebacf19df5b49a18ec259aa12cf7671105c609098fe344400639cb851fe5df769c3cf64922d86998d717b7ab9b42f831aeedd1dc0763080cf8d34c523c5'
+ '1acabf5fdbdc48c88ef4ecfdacd116f0d64315fb51fa08f36ba8a02c0e05bb79f82b82ac09039e8027d651d115275ff4f0d72302657730fa91eb0cbaecf15e08')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+
+ patch -p1 < "${srcdir}/arches_align.patch"
+ patch -p1 < "${srcdir}/no_remove_static_const.patch"
+ patch -p1 < "${srcdir}/64_bit_clean.patch"
+ patch -p1 < "${srcdir}/custom-printf.patch"
+ patch -p1 < "${srcdir}/CVE-2015-0556-symlink-traversal.patch"
+ patch -p1 < "${srcdir}/CVE-2015-0557-dir-traversal.patch"
+ patch -p1 < "${srcdir}/CVE-2015-2782-buffer-overflow.patch"
+ patch -p1 < "${srcdir}/security_format.patch"
+ patch -p1 < "${srcdir}/use_safe_strcpy.patch"
+
+ cd gnu
+ aclocal
+ autoconf
+ rm -f config.{guess,sub}
+ cp /usr/share/automake-"$(automake --version|head -n1|sed -r 's/.*\) (.*)/\1/')"/config.{guess,sub} .
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ (cd gnu
+ ./configure --prefix=/usr
+ )
+ make prepare
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+}
+
+# vim: ts=2 sw=2 et:
Added: arj/trunk/arches_align.patch
===================================================================
--- arj/trunk/arches_align.patch (rev 0)
+++ arj/trunk/arches_align.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,34 @@
+#DPATCHLEVEL=1
+diff -Naur arj-3.10.19.orig/arj_proc.c arj-3.10.19/arj_proc.c
+--- arj-3.10.19.orig/arj_proc.c 2004-02-20 14:18:52.000000000 +0100
++++ arj-3.10.22/arj_proc.c 2004-04-08 14:06:58.000000000 +0200
+@@ -2898,7 +2898,7 @@
+ }
+ #endif
+
+-#if defined(WORDS_BIGENDIAN)&&!defined(ARJDISP)&&!defined(REGISTER)
++#if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
+ /* Model-independent routine to get 2 bytes from far RAM */
+
+ unsigned int mget_word(char FAR *p)
+diff -Naur arj-3.10.19.orig/arj_proc.h arj-3.10.19/arj_proc.h
+--- arj-3.10.19.orig/arj_proc.h 2004-01-25 01:40:00.000000000 +0100
++++ arj-3.10.22/arj_proc.h 2004-04-08 14:07:18.000000000 +0200
+@@ -12,7 +12,7 @@
+
+ #define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
+ #define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
+-#ifndef WORDS_BIGENDIAN
++#if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
+ #define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
+ #define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
+ #define mget_dword(p) (*(unsigned long *)(p))
+@@ -60,7 +60,7 @@
+ void unpack_mem(struct mempack *mempack);
+ void strip_lf(char *str);
+ char *ltrim(char *str);
+-#ifdef WORDS_BIGENDIAN
++#if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
+ unsigned int mget_word(char FAR *p);
+ unsigned long mget_dword(char FAR *p);
+ void mput_word(unsigned int w, char FAR *p);
Added: arj/trunk/custom-printf.patch
===================================================================
--- arj/trunk/custom-printf.patch (rev 0)
+++ arj/trunk/custom-printf.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,15 @@
+Patch by Lubomir Rintel <lkundrak at v3.sk> for arj >= 3.10.22, which disables
+the custom printf to avoid conflicting strnlen definition with the glibc
+headers. By using custom printf (as in the past), we're completely loosing
+all the _FORTIFY_SOURCE printf protections.
+
+--- arj-3.10.22/fardata.c 2004-04-17 13:39:42.000000000 +0200
++++ arj-3.10.22/fardata.c.printf 2009-04-18 16:23:52.000000000 +0200
+@@ -13,7 +13,6 @@
+ /* ASR fix 02/05/2003: need that regardless of COLOR_OUTPUT to support -jp
+ correctly */
+ #if SFX_LEVEL>=ARJ
+- #define CUSTOM_PRINTF
+ #define CHUNK_SIZE 512 /* Size of the output block */
+ #define CHUNK_THRESHOLD (CHUNK_SIZE-256) /* Safety bound */
+ #endif
Added: arj/trunk/no_remove_static_const.patch
===================================================================
--- arj/trunk/no_remove_static_const.patch (rev 0)
+++ arj/trunk/no_remove_static_const.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,20 @@
+#DPATCHLEVEL=1
+diff -Naur arj-3.10.22.orig/gnu/makefile.in arj-3.10.22/gnu/makefile.in
+--- arj-3.10.22.orig/gnu/makefile.in 2004-04-17 14:28:06.000000000 +0300
++++ arj-3.10.22/gnu/makefile.in 2005-08-04 21:50:24.000000000 +0300
+@@ -192,6 +192,15 @@
+ dispose:
+
+ #
++# XXX: Do not use -O2, it removes the static const variable with gcc 4.x
++#
++
++INTEGR_DIRS = $(ARJ_DIR) $(REARJ_DIR) $(ARJCRYPT_DIR) $(REGISTER_DIR)
++
++$(patsubst %,%/integr.o, $(INTEGR_DIRS)): $(SRC_DIR)/integr.c
++ $(CC) -Wall -g -c -o$@ $<
++
++#
+ # The tools
+ #
+
Added: arj/trunk/security_format.patch
===================================================================
--- arj/trunk/security_format.patch (rev 0)
+++ arj/trunk/security_format.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,305 @@
+Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, which
+fixes format security errors.
+
+---
+ arj_arcv.c | 12 ++++++------
+ arj_user.c | 8 ++++----
+ arjdisp.c | 58 ++++++++++++++++++++++++++++------------------------------
+ arjsfx.c | 2 +-
+ fardata.c | 10 +++++-----
+ rearj.c | 2 +-
+ register.c | 2 +-
+ 7 files changed, 46 insertions(+), 48 deletions(-)
+
+--- a/fardata.c
++++ b/fardata.c
+@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
+ /* Check if the message could have a standard error code */
+ if(errno!=0&&is_std_error(errmsg))
+ {
+- msg_cprintf(0, lf);
++ msg_cprintf(0, "\n");
+ error_report();
+ }
+ #endif
+@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
+ {
+ #if SFX_LEVEL>=ARJSFXV
+ fprintf(new_stdout, strform, n_text);
+- fprintf(new_stdout, lf);
++ fprintf(new_stdout, "\n");
+ #else
+ printf(strform, n_text);
+- printf(lf);
++ printf("\n");
+ #endif
+ }
+ else
+@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
+ #ifdef NEED_CRLF
+ scr_out("\r");
+ #endif
+- scr_out(lf);
++ scr_out("\n");
+ }
+ if(!no_colors)
+ textcolor(color_table[ccode&H_COLORMASK].color);
+ #else
+ printf(strform, n_text);
+- printf(lf);
++ printf("\n");
+ #endif
+ n_text=t_text+1;
+ #if SFX_LEVEL>=ARJ
+--- a/arj_user.c
++++ b/arj_user.c
+@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
+ if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
+ {
+ msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+- printf(lf);
++ printf("\n");
+ }
+ else
+ {
+@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
+ if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
+ {
+ msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+- printf(lf);
++ printf("\n");
+ }
+ else
+ {
+@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
+ msg_cprintf(0, M_CHAPTERS_ON);
+ else if(chapter_mode==CHAP_REMOVE)
+ msg_cprintf(0, M_CHAPTERS_OFF);
+- msg_cprintf(0, strform, lf);
++ msg_cprintf(0, strform, "\n");
+ }
+ if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
+ msg_cprintf(0, M_ARJPROT_DISABLED);
+@@ -2303,7 +2303,7 @@ void process_archive()
+ timestamp_to_str(timetext, &ftime_stamp);
+ msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
+ if(show_ansi_comments)
+- printf(cmt_ptr);
++ fputs(cmt_ptr, stdout);
+ else
+ display_comment(cmt_ptr);
+ /* The sfx_setup() occurs here */
+--- a/arj_arcv.c
++++ b/arj_arcv.c
+@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
+ else
+ {
+ strcat(tmp_comment, tmp_cmtline);
+- strcat(tmp_comment, lf);
++ strcat(tmp_comment, "\n");
+ }
+ }
+ else
+ {
+ strcat(tmp_comment, tmp_cmtline);
+- strcat(tmp_comment, lf);
++ strcat(tmp_comment, "\n");
+ }
+ }
+ }
+@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
+ raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
+ uxspecial_stats(raw_eh, UXSTATS_SHORT);
+ }
+- msg_cprintf(0, lf);
++ msg_cprintf(0, "\n");
+ }
+ if(err_id==0&&user_wants_fail)
+ {
+@@ -2523,9 +2523,9 @@ int unpack_validation()
+ {
+ msg_cprintf(0, (FMSG *)strform, misc_buf);
+ if(search_mode==SEARCH_DEFAULT)
+- msg_cprintf(0, (FMSG *)lf);
++ msg_cprintf(0, "\n");
+ if(search_mode==SEARCH_BRIEF)
+- msg_cprintf(0, (FMSG *)cr);
++ msg_cprintf(0, "\r");
+ }
+ for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
+ reserve_size=0;
+@@ -3652,7 +3652,7 @@ void archive_cleanup()
+ {
+ if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
+ error(M_DISK_FULL);
+- if(fprintf(idxstream, lf)<0)
++ if(fprintf(idxstream, "\n")<0)
+ error(M_DISK_FULL);
+ }
+ cmd_verb=ARJ_CMD_TEST;
+--- a/arjsfx.c
++++ b/arjsfx.c
+@@ -214,7 +214,7 @@ static void final_cleanup(void)
+ freopen(dev_con, m_w, stdout);
+ #if SFX_LEVEL>=ARJSFXV
+ if(ferror(stdout))
+- msg_fprintf(stderr, M_DISK_FULL);
++ msg_fprintf(stderr, "Can't write file. Disk full?");
+ if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
+ {
+ ticks=get_ticks()-ticks;
+--- a/rearj.c
++++ b/rearj.c
+@@ -935,7 +935,7 @@ static int convert_archive(char *name)
+ msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
+ msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
+ msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
+- printf(lf);
++ printf("\n");
+ total_old_fsize+=old_fsize;
+ total_new_fsize+=new_fsize;
+ total_files++;
+--- a/register.c
++++ b/register.c
+@@ -205,7 +205,7 @@ int main(int argc, char **argv)
+ char reg_source[200];
+ int i;
+
+- printf(M_REGISTER_BANNER);
++ fputs(M_REGISTER_BANNER, stdout);
+ integrity_pattern[0]--;
+ build_crc32_table();
+ if(argc!=2)
+--- a/arjdisp.c
++++ b/arjdisp.c
+@@ -20,8 +20,6 @@ static long bytes;
+ static long compsize;
+ static char cmd_verb;
+ static char msg_lf[]="\n";
+-char strform[]="%s"; /* Export it for scrnio.c, too
+- (a byte saved is a byte gained) */
+
+ /* Pseudographical controls */
+
+@@ -54,19 +52,19 @@ static void show_init_scrn()
+ textcolor(7);
+ clrscr();
+ gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+ for(i=3; i<24; i++)
+ {
+- gotoxy(2, i); scrprintf(win_border);
+- gotoxy(79, i); scrprintf(win_border);
++ gotoxy(2, i); fputs(win_border, stdout);
++ gotoxy(79, i); fputs(win_border, stdout);
+ }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+ gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+ gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+ gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+ gotoxy(16, 10);
+ scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+ t=strtok(M_ARJDISP_INFO, msg_lf);
+@@ -74,11 +72,11 @@ static void show_init_scrn()
+ while(t!=NULL&&i<=23)
+ {
+ gotoxy(10, i++);
+- scrprintf(strform, t);
++ scrprintf("%s", t);
+ t=strtok(NULL, msg_lf);
+ }
+ gotoxy(16, 20);
+- scrprintf(M_PRESS_ANY_KEY);
++ fputs(M_PRESS_ANY_KEY, stdout);
+ uni_getch();
+ gotoxy(1, 24);
+ }
+@@ -96,19 +94,19 @@ static void show_proc_scrn()
+ {
+ clrscr();
+ gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+ for(i=3; i<24; i++)
+ {
+- gotoxy(2, i); scrprintf(win_border);
+- gotoxy(79, i); scrprintf(win_border);
++ gotoxy(2, i); fputs(win_border, stdout);
++ gotoxy(79, i); fputs(win_border, stdout);
+ }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+ gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+ gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+ gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+ gotoxy(16, 10);
+ scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+ gotoxy(16, 12);
+@@ -132,13 +130,13 @@ static void show_proc_scrn()
+ break;
+ }
+ gotoxy(15, 14);
+- scrprintf(ind_top);
++ fputs(ind_top, stdout);
+ gotoxy(15, 15);
+- scrprintf(ind_middle);
++ fputs(ind_middle, stdout);
+ gotoxy(15, 16);
+- scrprintf(ind_bottom);
++ fputs(ind_bottom, stdout);
+ gotoxy(16, 18);
+- scrprintf(M_ARJDISP_CTR_START);
++ fputs(M_ARJDISP_CTR_START, stdout);
+ }
+ else
+ {
+@@ -146,7 +144,7 @@ static void show_proc_scrn()
+ gotoxy(16, 15);
+ memset(progress, indo, i);
+ progress[i]='\0';
+- scrprintf(progress);
++ fputs(progress, stdout);
+ gotoxy(16, 18);
+ scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
+ }
+@@ -165,19 +163,19 @@ static void show_ending_scrn()
+ textcolor(7);
+ clrscr();
+ gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+ for(i=3; i<24; i++)
+ {
+- gotoxy(2, i); scrprintf(win_border);
+- gotoxy(79, i); scrprintf(win_border);
++ gotoxy(2, i); fputs(win_border, stdout);
++ gotoxy(79, i); fputs(win_border, stdout);
+ }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+ gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+ gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+ gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+ gotoxy(16, 10);
+ scrprintf(M_FINISHED_PROCESSING, archive_name);
+ gotoxy(1, 24);
Added: arj/trunk/use_safe_strcpy.patch
===================================================================
--- arj/trunk/use_safe_strcpy.patch (rev 0)
+++ arj/trunk/use_safe_strcpy.patch 2016-01-07 00:08:53 UTC (rev 155609)
@@ -0,0 +1,97 @@
+Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, to
+use a safe strcpy for overlapping strings, among others fixes a build
+problem with a mangled generated .c file by msgbind (thus FTBFS), and
+CRC errors at run-time. For further information, please have a look
+to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590354
+
+---
+ arj.c | 2 +-
+ arjdata.c | 9 +--------
+ ea_mgr.c | 2 +-
+ misc.h | 4 ++++
+ msgbind.c | 2 +-
+ packager.c | 2 +-
+ 6 files changed, 9 insertions(+), 12 deletions(-)
+
+--- a/arjdata.c
++++ b/arjdata.c
+@@ -204,13 +204,6 @@ void date_fmt(char *dest)
+ #endif
+ }
+
+-/* A safe strcpy() */
+-
+-static void safe_strcpy(char *dest, char *src)
+-{
+- memmove(dest, src, strlen(src)+1);
+-}
+-
+ /* Context substitution routine */
+
+ char *expand_tags(char *str, int limit)
+@@ -232,7 +225,7 @@ char *expand_tags(char *str, int limit)
+ {
+ if(*(p+1)==TAG_CHAR)
+ {
+- strcpy(p, p+1);
++ safe_strcpy(p, p+1);
+ p++;
+ }
+ else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
+--- a/arj.c
++++ b/arj.c
+@@ -1169,7 +1169,7 @@ int main(int argc, char *argv[])
+ if(strlen(tmp_ptr)<=121)
+ tmp_ptr[0]='\0';
+ else if(tmp_ptr[120]==' ')
+- strcpy(tmp_ptr, tmp_ptr+121);
++ safe_strcpy(tmp_ptr, tmp_ptr+121);
+ }
+ if(cmd==ARJ_CMD_ORDER&&strpbrk(tmp_ptr, wildcard_pattern)!=NULL)
+ error(M_ORDER_WILDCARD);
+--- a/ea_mgr.c
++++ b/ea_mgr.c
+@@ -696,7 +696,7 @@ int resolve_longname(char *dest, char *n
+ tmp_name[st_len]='\0';
+ if(tmp_name[0]==0xFD&&tmp_name[1]==0xFF)
+ {
+- strcpy(tmp_name, (char *)tmp_name+4);
++ safe_strcpy(tmp_name, (char *)tmp_name+4);
+ st_len-=4;
+ }
+ if(st_len==0||st_len+entry>=FILENAME_MAX)
+--- a/msgbind.c
++++ b/msgbind.c
+@@ -578,7 +578,7 @@ int main(int argc, char **argv)
+ }
+ strcat(pool[tpool].data, msgname);
+ strcat(pool[tpool].data, ", ");
+- strcpy(msg_buffer, msg_buffer+1);
++ safe_strcpy(msg_buffer, msg_buffer+1);
+ buf_len=strlen(msg_buffer);
+ msg_buffer[--buf_len]='\0';
+ patch_string(msg_buffer);
+--- a/packager.c
++++ b/packager.c
+@@ -347,7 +347,7 @@ int main(int argc, char **argv)
+ expand_tags(buf, sizeof(buf)-1);
+ if((p=strchr(buf, '.'))!=NULL)
+ {
+- strcpy(p, p+1);
++ safe_strcpy(p, p+1);
+ if((p=strchr(buf, '.'))!=NULL)
+ *p='\0';
+ }
+--- a/misc.h
++++ b/misc.h
+@@ -11,6 +11,10 @@
+ #include "arjtypes.h"
+ #include "filelist.h"
+
++/* A safe strcpy() */
++
++#define safe_strcpy(dest, src) memmove(dest, src, strlen(src)+1);
++
+ /* ASCIIZ string copy macro */
+
+ #define strcpyn(dest, src, n) \
More information about the arch-commits
mailing list