[arch-commits] Commit in arj/repos/community-x86_64 (20 files)

Maxim Baz maximbaz at archlinux.org
Sun Dec 2 22:51:40 UTC 2018


    Date: Sunday, December 2, 2018 @ 22:51:39
  Author: maximbaz
Revision: 410806

archrelease: copy trunk to community-x86_64

Added:
  arj/repos/community-x86_64/64_bit_clean.patch
    (from rev 410805, arj/trunk/64_bit_clean.patch)
  arj/repos/community-x86_64/CVE-2015-0556-symlink-traversal.patch
    (from rev 410805, arj/trunk/CVE-2015-0556-symlink-traversal.patch)
  arj/repos/community-x86_64/CVE-2015-0557-dir-traversal.patch
    (from rev 410805, arj/trunk/CVE-2015-0557-dir-traversal.patch)
  arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch
    (from rev 410805, arj/trunk/CVE-2015-2782-buffer-overflow.patch)
  arj/repos/community-x86_64/PKGBUILD
    (from rev 410805, arj/trunk/PKGBUILD)
  arj/repos/community-x86_64/arches_align.patch
    (from rev 410805, arj/trunk/arches_align.patch)
  arj/repos/community-x86_64/custom-printf.patch
    (from rev 410805, arj/trunk/custom-printf.patch)
  arj/repos/community-x86_64/no_remove_static_const.patch
    (from rev 410805, arj/trunk/no_remove_static_const.patch)
  arj/repos/community-x86_64/security_format.patch
    (from rev 410805, arj/trunk/security_format.patch)
  arj/repos/community-x86_64/use_safe_strcpy.patch
    (from rev 410805, arj/trunk/use_safe_strcpy.patch)
Deleted:
  arj/repos/community-x86_64/64_bit_clean.patch
  arj/repos/community-x86_64/CVE-2015-0556-symlink-traversal.patch
  arj/repos/community-x86_64/CVE-2015-0557-dir-traversal.patch
  arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch
  arj/repos/community-x86_64/PKGBUILD
  arj/repos/community-x86_64/arches_align.patch
  arj/repos/community-x86_64/custom-printf.patch
  arj/repos/community-x86_64/no_remove_static_const.patch
  arj/repos/community-x86_64/security_format.patch
  arj/repos/community-x86_64/use_safe_strcpy.patch

---------------------------------------+
 64_bit_clean.patch                    |  388 ++++++++++----------
 CVE-2015-0556-symlink-traversal.patch |  170 ++++----
 CVE-2015-0557-dir-traversal.patch     |   66 +--
 CVE-2015-2782-buffer-overflow.patch   |   70 +--
 PKGBUILD                              |  142 +++----
 arches_align.patch                    |   68 +--
 custom-printf.patch                   |   30 -
 no_remove_static_const.patch          |   40 +-
 security_format.patch                 |  610 ++++++++++++++++----------------
 use_safe_strcpy.patch                 |  194 +++++-----
 10 files changed, 889 insertions(+), 889 deletions(-)

Deleted: 64_bit_clean.patch
===================================================================
--- 64_bit_clean.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ 64_bit_clean.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,194 +0,0 @@
-#DPATCHLEVEL=1
-diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_arcv.c arj-3.10.22/arj_arcv.c
---- arj-3.10.22.orig/arj_arcv.c	2005-06-21 22:53:12.000000000 +0300
-+++ arj-3.10.22/arj_arcv.c	2005-11-24 02:50:31.000000000 +0200
-@@ -59,27 +59,27 @@
- #define setup_hput(ptr) (tmp_hptr=(ptr))
- 
- #define hget_byte() (*(tmp_hptr++)&0xFF)
--#define hput_byte(c) (*(tmp_hptr++)=(char) (c))
-+#define hput_byte(c) (*(tmp_hptr++)=(uint8_t) (c))
- 
- /* Reads two bytes from the header, incrementing the pointer */
- 
--static unsigned int hget_word()
-+static uint16_t hget_word()
- {
-- unsigned int result;
-+ uint16_t result;
- 
-  result=mget_word(tmp_hptr);
-- tmp_hptr+=sizeof(short);
-+ tmp_hptr+=sizeof(uint16_t);
-  return result;
- }
- 
- /* Reads four bytes from the header, incrementing the pointer */
- 
--static unsigned long hget_longword()
-+static uint32_t hget_longword()
- {
-- unsigned long result;
-+ uint32_t result;
- 
-  result=mget_dword(tmp_hptr);
-- tmp_hptr+=sizeof(unsigned long);
-+ tmp_hptr+=sizeof(uint32_t);
-  return result;
- }
- 
-@@ -87,18 +87,18 @@
- 
- /* Writes two bytes to the header, incrementing the pointer */
- 
--static void hput_word(unsigned int w)
-+static void hput_word(uint16_t w)
- {
-  mput_word(w,tmp_hptr); 
-- tmp_hptr+=sizeof(unsigned short);
-+ tmp_hptr+=sizeof(uint16_t);
- }
- 
- /* Writes four bytes to the header, incrementing the pointer */
- 
--static void hput_longword(unsigned long l)
-+static void hput_longword(uint32_t l)
- {
-  mput_dword(l,tmp_hptr);
-- tmp_hptr+=sizeof(unsigned long);
-+ tmp_hptr+=sizeof(uint32_t);
- }
- 
- /* Calculates and stores the basic header size */
-diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.c arj-3.10.22/arj_proc.c
---- arj-3.10.22.orig/arj_proc.c	2005-11-24 02:50:19.000000000 +0200
-+++ arj-3.10.22/arj_proc.c	2005-11-24 02:50:31.000000000 +0200
-@@ -585,7 +585,7 @@
- /* Returns the exact amount of data that could be safely written to the
-    destination volume */
- 
--unsigned long get_volfree(unsigned int increment)
-+unsigned long get_volfree(unsigned long increment)
- {
-  unsigned long pvol;
-  unsigned int arjsec_overhead;
-@@ -605,7 +605,7 @@
-  remain=volume_limit-ftell(aostream)-pvol-(long)arjsec_overhead-
-         (long)out_bytes-(long)cpos-(long)ext_voldata-
-         MULTIVOLUME_RESERVE-t_volume_offset;
-- return((unsigned long)min(remain, (unsigned long)increment));
-+ return((unsigned long)min(remain, increment));
- }
- 
- /* Performs various checks when multivolume data is packed to predict an
-@@ -2466,14 +2466,14 @@
-     *tsptr='\0';
-   endptr=tsptr;
-   tsptr=sptr;
--  while((unsigned int)tsptr<(unsigned int)endptr&&patterns<SEARCH_STR_MAX)
-+  while((intptr_t)tsptr<(intptr_t)endptr&&patterns<SEARCH_STR_MAX)
-   {
-    while(*tsptr=='\0')
-     tsptr++;
--   if((unsigned int)tsptr<(unsigned int)endptr)
-+   if((intptr_t)tsptr<(intptr_t)endptr)
-    {
-     search_str[patterns++]=tsptr;
--    while(*tsptr!='\0'&&(unsigned int)tsptr<(unsigned int)endptr)
-+    while(*tsptr!='\0'&&(intptr_t)tsptr<(intptr_t)endptr)
-      tsptr++;
-    }
-   }
-@@ -2901,9 +2901,9 @@
- #if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
- /* Model-independent routine to get 2 bytes from far RAM */
- 
--unsigned int mget_word(char FAR *p)
-+uint16_t mget_word(char FAR *p)
- {
-- unsigned int b0, b1;
-+ uint16_t b0, b1;
- 
-  b0=mget_byte(p);
-  b1=mget_byte(p+1);
-@@ -2912,9 +2912,9 @@
- 
- /* Model-independent routine to get 4 bytes from far RAM */
- 
--unsigned long mget_dword(char FAR *p)
-+uint32_t mget_dword(char FAR *p)
- {
-- unsigned long w0, w1;
-+ uint32_t w0, w1;
- 
-  w0=mget_word(p);
-  w1=mget_word(p+2);
-@@ -2923,7 +2923,7 @@
- 
- /* Model-independent routine to store 2 bytes in far RAM */
- 
--void mput_word(unsigned int w, char FAR *p)
-+void mput_word(uint16_t w, char FAR *p)
- {
-  mput_byte(w&0xFF, p);
-  mput_byte(w>>8  , p+1);
-@@ -2931,7 +2931,7 @@
- 
- /* Model-independent routine to store 4 bytes in far RAM */
- 
--void mput_dword(unsigned long d, char FAR *p)
-+void mput_dword(uint32_t d, char FAR *p)
- {
-  mput_word(d&0xFFFF, p);
-  mput_word(d>>16   , p+2);
-diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.h arj-3.10.22/arj_proc.h
---- arj-3.10.22.orig/arj_proc.h	2005-11-24 02:50:19.000000000 +0200
-+++ arj-3.10.22/arj_proc.h	2005-11-24 03:17:25.000000000 +0200
-@@ -8,15 +8,17 @@
- #ifndef ARJ_PROC_INCLUDED
- #define ARJ_PROC_INCLUDED
- 
-+#include <stdint.h>
-+
- /* Helper macros */
- 
--#define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
--#define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
-+#define mget_byte(p) (*(uint8_t FAR *)(p)&0xFF)
-+#define mput_byte(c, p) *(uint8_t FAR *)(p)=(uint8_t)(c)
- #if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
--#define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
--#define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
--#define mget_dword(p) (*(unsigned long *)(p))
--#define mput_dword(w,p) (*(unsigned long *)(p)=(unsigned long)(w))
-+#define mget_word(p) (*(uint16_t *)(p)&0xFFFF)
-+#define mput_word(w,p) (*(uint16_t *)(p)=(uint16_t)(w))
-+#define mget_dword(p) (*(uint32_t *)(p))
-+#define mput_dword(w,p) (*(uint32_t *)(p)=(uint32_t)(w))
- #endif
- 
- /* Prototypes */
-@@ -31,7 +33,7 @@
- int translate_path(char *name);
- void restart_proc(char *dest);
- int search_for_extension(char *name, char *ext_list);
--unsigned long get_volfree(unsigned int increment);
-+unsigned long get_volfree(unsigned long increment);
- unsigned int check_multivolume(unsigned int increment);
- void store();
- void hollow_encode();
-@@ -61,10 +63,10 @@
- void strip_lf(char *str);
- char *ltrim(char *str);
- #if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
--unsigned int mget_word(char FAR *p);
--unsigned long mget_dword(char FAR *p);
--void mput_word(unsigned int w, char FAR *p);
--void mput_dword(unsigned long d, char FAR *p);
-+uint16_t mget_word(char FAR *p);
-+uint32_t mget_dword(char FAR *p);
-+void mput_word(uint16_t w, char FAR *p);
-+void mput_dword(uint32_t d, char FAR *p);
- #endif
- 
- #endif

Copied: arj/repos/community-x86_64/64_bit_clean.patch (from rev 410805, arj/trunk/64_bit_clean.patch)
===================================================================
--- 64_bit_clean.patch	                        (rev 0)
+++ 64_bit_clean.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,194 @@
+#DPATCHLEVEL=1
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_arcv.c arj-3.10.22/arj_arcv.c
+--- arj-3.10.22.orig/arj_arcv.c	2005-06-21 22:53:12.000000000 +0300
++++ arj-3.10.22/arj_arcv.c	2005-11-24 02:50:31.000000000 +0200
+@@ -59,27 +59,27 @@
+ #define setup_hput(ptr) (tmp_hptr=(ptr))
+ 
+ #define hget_byte() (*(tmp_hptr++)&0xFF)
+-#define hput_byte(c) (*(tmp_hptr++)=(char) (c))
++#define hput_byte(c) (*(tmp_hptr++)=(uint8_t) (c))
+ 
+ /* Reads two bytes from the header, incrementing the pointer */
+ 
+-static unsigned int hget_word()
++static uint16_t hget_word()
+ {
+- unsigned int result;
++ uint16_t result;
+ 
+  result=mget_word(tmp_hptr);
+- tmp_hptr+=sizeof(short);
++ tmp_hptr+=sizeof(uint16_t);
+  return result;
+ }
+ 
+ /* Reads four bytes from the header, incrementing the pointer */
+ 
+-static unsigned long hget_longword()
++static uint32_t hget_longword()
+ {
+- unsigned long result;
++ uint32_t result;
+ 
+  result=mget_dword(tmp_hptr);
+- tmp_hptr+=sizeof(unsigned long);
++ tmp_hptr+=sizeof(uint32_t);
+  return result;
+ }
+ 
+@@ -87,18 +87,18 @@
+ 
+ /* Writes two bytes to the header, incrementing the pointer */
+ 
+-static void hput_word(unsigned int w)
++static void hput_word(uint16_t w)
+ {
+  mput_word(w,tmp_hptr); 
+- tmp_hptr+=sizeof(unsigned short);
++ tmp_hptr+=sizeof(uint16_t);
+ }
+ 
+ /* Writes four bytes to the header, incrementing the pointer */
+ 
+-static void hput_longword(unsigned long l)
++static void hput_longword(uint32_t l)
+ {
+  mput_dword(l,tmp_hptr);
+- tmp_hptr+=sizeof(unsigned long);
++ tmp_hptr+=sizeof(uint32_t);
+ }
+ 
+ /* Calculates and stores the basic header size */
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.c arj-3.10.22/arj_proc.c
+--- arj-3.10.22.orig/arj_proc.c	2005-11-24 02:50:19.000000000 +0200
++++ arj-3.10.22/arj_proc.c	2005-11-24 02:50:31.000000000 +0200
+@@ -585,7 +585,7 @@
+ /* Returns the exact amount of data that could be safely written to the
+    destination volume */
+ 
+-unsigned long get_volfree(unsigned int increment)
++unsigned long get_volfree(unsigned long increment)
+ {
+  unsigned long pvol;
+  unsigned int arjsec_overhead;
+@@ -605,7 +605,7 @@
+  remain=volume_limit-ftell(aostream)-pvol-(long)arjsec_overhead-
+         (long)out_bytes-(long)cpos-(long)ext_voldata-
+         MULTIVOLUME_RESERVE-t_volume_offset;
+- return((unsigned long)min(remain, (unsigned long)increment));
++ return((unsigned long)min(remain, increment));
+ }
+ 
+ /* Performs various checks when multivolume data is packed to predict an
+@@ -2466,14 +2466,14 @@
+     *tsptr='\0';
+   endptr=tsptr;
+   tsptr=sptr;
+-  while((unsigned int)tsptr<(unsigned int)endptr&&patterns<SEARCH_STR_MAX)
++  while((intptr_t)tsptr<(intptr_t)endptr&&patterns<SEARCH_STR_MAX)
+   {
+    while(*tsptr=='\0')
+     tsptr++;
+-   if((unsigned int)tsptr<(unsigned int)endptr)
++   if((intptr_t)tsptr<(intptr_t)endptr)
+    {
+     search_str[patterns++]=tsptr;
+-    while(*tsptr!='\0'&&(unsigned int)tsptr<(unsigned int)endptr)
++    while(*tsptr!='\0'&&(intptr_t)tsptr<(intptr_t)endptr)
+      tsptr++;
+    }
+   }
+@@ -2901,9 +2901,9 @@
+ #if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
+ /* Model-independent routine to get 2 bytes from far RAM */
+ 
+-unsigned int mget_word(char FAR *p)
++uint16_t mget_word(char FAR *p)
+ {
+- unsigned int b0, b1;
++ uint16_t b0, b1;
+ 
+  b0=mget_byte(p);
+  b1=mget_byte(p+1);
+@@ -2912,9 +2912,9 @@
+ 
+ /* Model-independent routine to get 4 bytes from far RAM */
+ 
+-unsigned long mget_dword(char FAR *p)
++uint32_t mget_dword(char FAR *p)
+ {
+- unsigned long w0, w1;
++ uint32_t w0, w1;
+ 
+  w0=mget_word(p);
+  w1=mget_word(p+2);
+@@ -2923,7 +2923,7 @@
+ 
+ /* Model-independent routine to store 2 bytes in far RAM */
+ 
+-void mput_word(unsigned int w, char FAR *p)
++void mput_word(uint16_t w, char FAR *p)
+ {
+  mput_byte(w&0xFF, p);
+  mput_byte(w>>8  , p+1);
+@@ -2931,7 +2931,7 @@
+ 
+ /* Model-independent routine to store 4 bytes in far RAM */
+ 
+-void mput_dword(unsigned long d, char FAR *p)
++void mput_dword(uint32_t d, char FAR *p)
+ {
+  mput_word(d&0xFFFF, p);
+  mput_word(d>>16   , p+2);
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.h arj-3.10.22/arj_proc.h
+--- arj-3.10.22.orig/arj_proc.h	2005-11-24 02:50:19.000000000 +0200
++++ arj-3.10.22/arj_proc.h	2005-11-24 03:17:25.000000000 +0200
+@@ -8,15 +8,17 @@
+ #ifndef ARJ_PROC_INCLUDED
+ #define ARJ_PROC_INCLUDED
+ 
++#include <stdint.h>
++
+ /* Helper macros */
+ 
+-#define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
+-#define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
++#define mget_byte(p) (*(uint8_t FAR *)(p)&0xFF)
++#define mput_byte(c, p) *(uint8_t FAR *)(p)=(uint8_t)(c)
+ #if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
+-#define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
+-#define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
+-#define mget_dword(p) (*(unsigned long *)(p))
+-#define mput_dword(w,p) (*(unsigned long *)(p)=(unsigned long)(w))
++#define mget_word(p) (*(uint16_t *)(p)&0xFFFF)
++#define mput_word(w,p) (*(uint16_t *)(p)=(uint16_t)(w))
++#define mget_dword(p) (*(uint32_t *)(p))
++#define mput_dword(w,p) (*(uint32_t *)(p)=(uint32_t)(w))
+ #endif
+ 
+ /* Prototypes */
+@@ -31,7 +33,7 @@
+ int translate_path(char *name);
+ void restart_proc(char *dest);
+ int search_for_extension(char *name, char *ext_list);
+-unsigned long get_volfree(unsigned int increment);
++unsigned long get_volfree(unsigned long increment);
+ unsigned int check_multivolume(unsigned int increment);
+ void store();
+ void hollow_encode();
+@@ -61,10 +63,10 @@
+ void strip_lf(char *str);
+ char *ltrim(char *str);
+ #if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
+-unsigned int mget_word(char FAR *p);
+-unsigned long mget_dword(char FAR *p);
+-void mput_word(unsigned int w, char FAR *p);
+-void mput_dword(unsigned long d, char FAR *p);
++uint16_t mget_word(char FAR *p);
++uint32_t mget_dword(char FAR *p);
++void mput_word(uint16_t w, char FAR *p);
++void mput_dword(uint32_t d, char FAR *p);
+ #endif
+ 
+ #endif

Deleted: CVE-2015-0556-symlink-traversal.patch
===================================================================
--- CVE-2015-0556-symlink-traversal.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ CVE-2015-0556-symlink-traversal.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,85 +0,0 @@
-Description: Fix symlink directory traversal.
- Do not allow symlinks that traverse the current directoru, nor absolute
- symlinks.
- .
- Fixes CVE-2015-0556.
-Author: Guillem Jover <guillem at debian.org>
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/774434
-Forwarded: no
-Last-Update: 2015-03-28
-
----
- uxspec.c |   54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 54 insertions(+)
-
---- a/uxspec.c
-+++ b/uxspec.c
-@@ -120,6 +120,58 @@ int query_uxspecial(char FAR **dest, cha
- }
- #endif
- 
-+#if TARGET==UNIX
-+static int is_link_traversal(const char *name)
-+{
-+  enum {
-+    STATE_NONE,
-+    STATE_DOTS,
-+    STATE_NAME,
-+  } state = STATE_NONE;
-+  int ndir = 0;
-+  int dots = 0;
-+
-+  while(*name) {
-+    int c = *name++;
-+
-+    if (c == '/')
-+    {
-+      if ((state == STATE_DOTS) && (dots == 2))
-+        ndir--;
-+      if (ndir < 0)
-+        return 1;
-+      if ((state == STATE_DOTS && dots == 1) && ndir == 0)
-+        return 1;
-+      if (state == STATE_NONE && ndir == 0)
-+        return 1;
-+      if ((state == STATE_DOTS) && (dots > 2))
-+        ndir++;
-+      state = STATE_NONE;
-+      dots = 0;
-+    }
-+    else if (c == '.')
-+    {
-+      if (state == STATE_NONE)
-+        state = STATE_DOTS;
-+      dots++;
-+    }
-+    else
-+    {
-+      if (state == STATE_NONE)
-+        ndir++;
-+      state = STATE_NAME;
-+    }
-+  }
-+
-+  if ((state == STATE_DOTS) && (dots == 2))
-+    ndir--;
-+  if ((state == STATE_DOTS) && (dots > 2))
-+    ndir++;
-+
-+  return ndir < 0;
-+}
-+#endif
-+
- /* Restores the UNIX special file data */
- 
- int set_uxspecial(char FAR *storage, char *name)
-@@ -156,6 +208,8 @@ int set_uxspecial(char FAR *storage, cha
-      l=sizeof(tmp_name)-1;
-     far_memmove((char FAR *)tmp_name, dptr, l);
-     tmp_name[l]='\0';
-+    if (is_link_traversal(tmp_name))
-+      return(UXSPEC_RC_ERROR);
-     rc=(id==UXSB_HLNK)?link(tmp_name, name):symlink(tmp_name, name);
-     if(!rc)
-      return(0);

Copied: arj/repos/community-x86_64/CVE-2015-0556-symlink-traversal.patch (from rev 410805, arj/trunk/CVE-2015-0556-symlink-traversal.patch)
===================================================================
--- CVE-2015-0556-symlink-traversal.patch	                        (rev 0)
+++ CVE-2015-0556-symlink-traversal.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,85 @@
+Description: Fix symlink directory traversal.
+ Do not allow symlinks that traverse the current directoru, nor absolute
+ symlinks.
+ .
+ Fixes CVE-2015-0556.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774434
+Forwarded: no
+Last-Update: 2015-03-28
+
+---
+ uxspec.c |   54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 54 insertions(+)
+
+--- a/uxspec.c
++++ b/uxspec.c
+@@ -120,6 +120,58 @@ int query_uxspecial(char FAR **dest, cha
+ }
+ #endif
+ 
++#if TARGET==UNIX
++static int is_link_traversal(const char *name)
++{
++  enum {
++    STATE_NONE,
++    STATE_DOTS,
++    STATE_NAME,
++  } state = STATE_NONE;
++  int ndir = 0;
++  int dots = 0;
++
++  while(*name) {
++    int c = *name++;
++
++    if (c == '/')
++    {
++      if ((state == STATE_DOTS) && (dots == 2))
++        ndir--;
++      if (ndir < 0)
++        return 1;
++      if ((state == STATE_DOTS && dots == 1) && ndir == 0)
++        return 1;
++      if (state == STATE_NONE && ndir == 0)
++        return 1;
++      if ((state == STATE_DOTS) && (dots > 2))
++        ndir++;
++      state = STATE_NONE;
++      dots = 0;
++    }
++    else if (c == '.')
++    {
++      if (state == STATE_NONE)
++        state = STATE_DOTS;
++      dots++;
++    }
++    else
++    {
++      if (state == STATE_NONE)
++        ndir++;
++      state = STATE_NAME;
++    }
++  }
++
++  if ((state == STATE_DOTS) && (dots == 2))
++    ndir--;
++  if ((state == STATE_DOTS) && (dots > 2))
++    ndir++;
++
++  return ndir < 0;
++}
++#endif
++
+ /* Restores the UNIX special file data */
+ 
+ int set_uxspecial(char FAR *storage, char *name)
+@@ -156,6 +208,8 @@ int set_uxspecial(char FAR *storage, cha
+      l=sizeof(tmp_name)-1;
+     far_memmove((char FAR *)tmp_name, dptr, l);
+     tmp_name[l]='\0';
++    if (is_link_traversal(tmp_name))
++      return(UXSPEC_RC_ERROR);
+     rc=(id==UXSB_HLNK)?link(tmp_name, name):symlink(tmp_name, name);
+     if(!rc)
+      return(0);

Deleted: CVE-2015-0557-dir-traversal.patch
===================================================================
--- CVE-2015-0557-dir-traversal.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ CVE-2015-0557-dir-traversal.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,33 +0,0 @@
-Description: Fix absolute path traversals.
- Catch multiple leading slashes when checking for absolute path traversals.
- .
- Fixes CVE-2015-0557.
-Author: Guillem Jover <guillem at debian.org>
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/774435
-Forwarded: no
-Last-Update: 2015-02-26
-
----
- environ.c |    3 +++
- 1 file changed, 3 insertions(+)
-
---- a/environ.c
-+++ b/environ.c
-@@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
-   if(action!=VALIDATE_DRIVESPEC)
-   {
- #endif
-+   while (name[0]!='\0'&&
-+          (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
-    if(name[0]=='.')
-    {
-     if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
-@@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
-    }
-    if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
-     name++;                             /* "\\" - revert to root */
-+   }
- #if SFX_LEVEL>=ARJSFXV
-   }
-  }

Copied: arj/repos/community-x86_64/CVE-2015-0557-dir-traversal.patch (from rev 410805, arj/trunk/CVE-2015-0557-dir-traversal.patch)
===================================================================
--- CVE-2015-0557-dir-traversal.patch	                        (rev 0)
+++ CVE-2015-0557-dir-traversal.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,33 @@
+Description: Fix absolute path traversals.
+ Catch multiple leading slashes when checking for absolute path traversals.
+ .
+ Fixes CVE-2015-0557.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774435
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ environ.c |    3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/environ.c
++++ b/environ.c
+@@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
+   if(action!=VALIDATE_DRIVESPEC)
+   {
+ #endif
++   while (name[0]!='\0'&&
++          (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
+    if(name[0]=='.')
+    {
+     if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
+@@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
+    }
+    if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
+     name++;                             /* "\\" - revert to root */
++   }
+ #if SFX_LEVEL>=ARJSFXV
+   }
+  }

Deleted: CVE-2015-2782-buffer-overflow.patch
===================================================================
--- CVE-2015-2782-buffer-overflow.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ CVE-2015-2782-buffer-overflow.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,35 +0,0 @@
-Description: Fix buffer overflow causing an invalid pointer free().
-Author: Guillem Jover <guillem at debian.org>
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/774015
-Forwarded: no
-Last-Update: 2015-02-26
-
----
- decode.c |    6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/decode.c
-+++ b/decode.c
-@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
-    if(i==i_special)
-    {
-     c=getbits(2);
--    while(--c>=0)
-+    while(--c>=0&&i<nn)
-      pt_len[i++]=0;
-    }
-   }
-@@ -314,10 +314,10 @@ void read_c_len()
-      c=getbits(CBIT);
-      c+=20;
-     }
--    while(--c>=0)
-+    while(--c>=0&&i<NC)
-      c_len[i++]=0;
-    }
--   else
-+   else if (i<NC)
-     c_len[i++]=(unsigned char)(c-2);
-   }
-   while(i<NC)

Copied: arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch (from rev 410805, arj/trunk/CVE-2015-2782-buffer-overflow.patch)
===================================================================
--- CVE-2015-2782-buffer-overflow.patch	                        (rev 0)
+++ CVE-2015-2782-buffer-overflow.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,35 @@
+Description: Fix buffer overflow causing an invalid pointer free().
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774015
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ decode.c |    6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/decode.c
++++ b/decode.c
+@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
+    if(i==i_special)
+    {
+     c=getbits(2);
+-    while(--c>=0)
++    while(--c>=0&&i<nn)
+      pt_len[i++]=0;
+    }
+   }
+@@ -314,10 +314,10 @@ void read_c_len()
+      c=getbits(CBIT);
+      c+=20;
+     }
+-    while(--c>=0)
++    while(--c>=0&&i<NC)
+      c_len[i++]=0;
+    }
+-   else
++   else if (i<NC)
+     c_len[i++]=(unsigned char)(c-2);
+   }
+   while(i<NC)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2018-12-02 22:51:23 UTC (rev 410805)
+++ PKGBUILD	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,71 +0,0 @@
-# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
-# Contributor: Alexander F Rødseth <xyproto at archlinux.org>
-# Contributor: Travis Willard <travisw at wmpub.ca>
-# Contributor: Gergely Tamas <dice at mfa.kfki.hu>
-
-pkgname=arj
-pkgver=3.10.22
-pkgrel=12
-pkgdesc='Free and portable clone of the ARJ archiver'
-url='http://arj.sourceforge.net/'
-arch=('x86_64')
-license=('GPL')
-depends=('glibc')
-options=('!makeflags')
-source=(${pkgname}-${pkgver}.tar.gz::http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
-        arches_align.patch
-        no_remove_static_const.patch
-        64_bit_clean.patch
-        custom-printf.patch
-        security_format.patch
-        use_safe_strcpy.patch
-        CVE-2015-0556-symlink-traversal.patch
-        CVE-2015-0557-dir-traversal.patch
-        CVE-2015-2782-buffer-overflow.patch)
-sha512sums=('4730dfdbab4f8095396c337578ed69bdaae52955ad468db50b52af8ad2846ecd6cfc05eb3ac0d03838c1c32ea60126f14a22b93e8181c06b9546456f3937ff76'
-            '166b027adc6b0ffab02d96cd6ede70dc7d2f1f33ef21177c97dd43fdf1ca235a0a8f70e963d749dfb04c5c55ffe42a8601d8df97d84824118b408d00ca6eeb7c'
-            '580e9bd4b37f9bf76784331f4e55abc30349cdd1735fd05897226137e78f0e420c6dcb287fcb111ac667b9f41c16e53b70cde50bce913eb85567afa05957c29a'
-            'c6600b74af7e3ba982fa8471a19c9ca7d4652d5de871809edb4124e405a33b623eb10abc4fff00e578dc0144e955b9aaaaecac06c66f9923b005635cf00f9a06'
-            'b1739a5cf75bb4036e41dd071fd4452e8d58805c539147d61594c14f959370a523939bd73de29473ea79f023ef759cec2feff497d5ded777919dd289dae8f769'
-            '82611c25aadb4dc73284a6ad5c47fdfc708ebb4f92271bfcc8a6ca5855bc3582ac77b32ac0e94294f1158e41a7292637feabee043dfb2c0000193136fb288e56'
-            'f72101f5fb9828afcf1851980ec1fa71d91942b2617b9182bbb92ca3d82069bee898436be9105b4a0445a6a0707c311b569f59397bc9ea29c9a98b7c088dd50c'
-            'c74003d2a4631adcd4b9bdb38830ed373e63da021c29f682e3e6faf032100f8963c544e0aeaa277220c02f24f72ceecc4b0ef96b03de2f113ccf7ff4471a4ca4'
-            'd7c23ebacf19df5b49a18ec259aa12cf7671105c609098fe344400639cb851fe5df769c3cf64922d86998d717b7ab9b42f831aeedd1dc0763080cf8d34c523c5'
-            '1acabf5fdbdc48c88ef4ecfdacd116f0d64315fb51fa08f36ba8a02c0e05bb79f82b82ac09039e8027d651d115275ff4f0d72302657730fa91eb0cbaecf15e08')
-
-prepare() {
-  cd ${pkgname}-${pkgver}
-
-  patch -p1 < "${srcdir}/arches_align.patch"
-  patch -p1 < "${srcdir}/no_remove_static_const.patch"
-  patch -p1 < "${srcdir}/64_bit_clean.patch"
-  patch -p1 < "${srcdir}/custom-printf.patch"
-  patch -p1 < "${srcdir}/CVE-2015-0556-symlink-traversal.patch"
-  patch -p1 < "${srcdir}/CVE-2015-0557-dir-traversal.patch"
-  patch -p1 < "${srcdir}/CVE-2015-2782-buffer-overflow.patch"
-  patch -p1 < "${srcdir}/security_format.patch"
-  patch -p1 < "${srcdir}/use_safe_strcpy.patch"
-
-  cd gnu
-  aclocal
-  autoconf
-  rm -f config.{guess,sub}
-#  cp /usr/share/automake-"$(automake --version|head -n1|sed -r 's/.*\) (.*)/\1/')"/config.{guess,sub} .
-  cp /usr/share/automake-*/config.{guess,sub} .
-}
-
-build() {
-  cd ${pkgname}-${pkgver}
-  (cd gnu
-    ./configure --prefix=/usr
-  )
-  make prepare
-  make
-}
-
-package() {
-  cd ${pkgname}-${pkgver}
-  make DESTDIR="${pkgdir}" install
-}
-
-# vim: ts=2 sw=2 et:

Copied: arj/repos/community-x86_64/PKGBUILD (from rev 410805, arj/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,71 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Alexander F Rødseth <xyproto at archlinux.org>
+# Contributor: Travis Willard <travisw at wmpub.ca>
+# Contributor: Gergely Tamas <dice at mfa.kfki.hu>
+
+pkgname=arj
+pkgver=3.10.22
+pkgrel=12
+pkgdesc='Free and portable clone of the ARJ archiver'
+url='http://arj.sourceforge.net/'
+arch=('x86_64')
+license=('GPL')
+depends=('glibc')
+options=('!makeflags')
+source=(${pkgname}-${pkgver}.tar.gz::https://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
+        arches_align.patch
+        no_remove_static_const.patch
+        64_bit_clean.patch
+        custom-printf.patch
+        security_format.patch
+        use_safe_strcpy.patch
+        CVE-2015-0556-symlink-traversal.patch
+        CVE-2015-0557-dir-traversal.patch
+        CVE-2015-2782-buffer-overflow.patch)
+sha512sums=('4730dfdbab4f8095396c337578ed69bdaae52955ad468db50b52af8ad2846ecd6cfc05eb3ac0d03838c1c32ea60126f14a22b93e8181c06b9546456f3937ff76'
+            '166b027adc6b0ffab02d96cd6ede70dc7d2f1f33ef21177c97dd43fdf1ca235a0a8f70e963d749dfb04c5c55ffe42a8601d8df97d84824118b408d00ca6eeb7c'
+            '580e9bd4b37f9bf76784331f4e55abc30349cdd1735fd05897226137e78f0e420c6dcb287fcb111ac667b9f41c16e53b70cde50bce913eb85567afa05957c29a'
+            'c6600b74af7e3ba982fa8471a19c9ca7d4652d5de871809edb4124e405a33b623eb10abc4fff00e578dc0144e955b9aaaaecac06c66f9923b005635cf00f9a06'
+            'b1739a5cf75bb4036e41dd071fd4452e8d58805c539147d61594c14f959370a523939bd73de29473ea79f023ef759cec2feff497d5ded777919dd289dae8f769'
+            '82611c25aadb4dc73284a6ad5c47fdfc708ebb4f92271bfcc8a6ca5855bc3582ac77b32ac0e94294f1158e41a7292637feabee043dfb2c0000193136fb288e56'
+            'f72101f5fb9828afcf1851980ec1fa71d91942b2617b9182bbb92ca3d82069bee898436be9105b4a0445a6a0707c311b569f59397bc9ea29c9a98b7c088dd50c'
+            'c74003d2a4631adcd4b9bdb38830ed373e63da021c29f682e3e6faf032100f8963c544e0aeaa277220c02f24f72ceecc4b0ef96b03de2f113ccf7ff4471a4ca4'
+            'd7c23ebacf19df5b49a18ec259aa12cf7671105c609098fe344400639cb851fe5df769c3cf64922d86998d717b7ab9b42f831aeedd1dc0763080cf8d34c523c5'
+            '1acabf5fdbdc48c88ef4ecfdacd116f0d64315fb51fa08f36ba8a02c0e05bb79f82b82ac09039e8027d651d115275ff4f0d72302657730fa91eb0cbaecf15e08')
+
+prepare() {
+  cd ${pkgname}-${pkgver}
+
+  patch -p1 < "${srcdir}/arches_align.patch"
+  patch -p1 < "${srcdir}/no_remove_static_const.patch"
+  patch -p1 < "${srcdir}/64_bit_clean.patch"
+  patch -p1 < "${srcdir}/custom-printf.patch"
+  patch -p1 < "${srcdir}/CVE-2015-0556-symlink-traversal.patch"
+  patch -p1 < "${srcdir}/CVE-2015-0557-dir-traversal.patch"
+  patch -p1 < "${srcdir}/CVE-2015-2782-buffer-overflow.patch"
+  patch -p1 < "${srcdir}/security_format.patch"
+  patch -p1 < "${srcdir}/use_safe_strcpy.patch"
+
+  cd gnu
+  aclocal
+  autoconf
+  rm -f config.{guess,sub}
+#  cp /usr/share/automake-"$(automake --version|head -n1|sed -r 's/.*\) (.*)/\1/')"/config.{guess,sub} .
+  cp /usr/share/automake-*/config.{guess,sub} .
+}
+
+build() {
+  cd ${pkgname}-${pkgver}
+  (cd gnu
+    ./configure --prefix=/usr
+  )
+  make prepare
+  make
+}
+
+package() {
+  cd ${pkgname}-${pkgver}
+  make DESTDIR="${pkgdir}" install
+}
+
+# vim: ts=2 sw=2 et:

Deleted: arches_align.patch
===================================================================
--- arches_align.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ arches_align.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,34 +0,0 @@
-#DPATCHLEVEL=1
-diff -Naur arj-3.10.19.orig/arj_proc.c arj-3.10.19/arj_proc.c
---- arj-3.10.19.orig/arj_proc.c	2004-02-20 14:18:52.000000000 +0100
-+++ arj-3.10.22/arj_proc.c	2004-04-08 14:06:58.000000000 +0200
-@@ -2898,7 +2898,7 @@
- }
- #endif
- 
--#if defined(WORDS_BIGENDIAN)&&!defined(ARJDISP)&&!defined(REGISTER)
-+#if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
- /* Model-independent routine to get 2 bytes from far RAM */
- 
- unsigned int mget_word(char FAR *p)
-diff -Naur arj-3.10.19.orig/arj_proc.h arj-3.10.19/arj_proc.h
---- arj-3.10.19.orig/arj_proc.h	2004-01-25 01:40:00.000000000 +0100
-+++ arj-3.10.22/arj_proc.h	2004-04-08 14:07:18.000000000 +0200
-@@ -12,7 +12,7 @@
- 
- #define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
- #define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
--#ifndef WORDS_BIGENDIAN
-+#if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
- #define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
- #define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
- #define mget_dword(p) (*(unsigned long *)(p))
-@@ -60,7 +60,7 @@
- void unpack_mem(struct mempack *mempack);
- void strip_lf(char *str);
- char *ltrim(char *str);
--#ifdef WORDS_BIGENDIAN
-+#if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
- unsigned int mget_word(char FAR *p);
- unsigned long mget_dword(char FAR *p);
- void mput_word(unsigned int w, char FAR *p);

Copied: arj/repos/community-x86_64/arches_align.patch (from rev 410805, arj/trunk/arches_align.patch)
===================================================================
--- arches_align.patch	                        (rev 0)
+++ arches_align.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,34 @@
+#DPATCHLEVEL=1
+diff -Naur arj-3.10.19.orig/arj_proc.c arj-3.10.19/arj_proc.c
+--- arj-3.10.19.orig/arj_proc.c	2004-02-20 14:18:52.000000000 +0100
++++ arj-3.10.22/arj_proc.c	2004-04-08 14:06:58.000000000 +0200
+@@ -2898,7 +2898,7 @@
+ }
+ #endif
+ 
+-#if defined(WORDS_BIGENDIAN)&&!defined(ARJDISP)&&!defined(REGISTER)
++#if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
+ /* Model-independent routine to get 2 bytes from far RAM */
+ 
+ unsigned int mget_word(char FAR *p)
+diff -Naur arj-3.10.19.orig/arj_proc.h arj-3.10.19/arj_proc.h
+--- arj-3.10.19.orig/arj_proc.h	2004-01-25 01:40:00.000000000 +0100
++++ arj-3.10.22/arj_proc.h	2004-04-08 14:07:18.000000000 +0200
+@@ -12,7 +12,7 @@
+ 
+ #define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
+ #define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
+-#ifndef WORDS_BIGENDIAN
++#if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
+ #define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
+ #define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
+ #define mget_dword(p) (*(unsigned long *)(p))
+@@ -60,7 +60,7 @@
+ void unpack_mem(struct mempack *mempack);
+ void strip_lf(char *str);
+ char *ltrim(char *str);
+-#ifdef WORDS_BIGENDIAN
++#if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
+ unsigned int mget_word(char FAR *p);
+ unsigned long mget_dword(char FAR *p);
+ void mput_word(unsigned int w, char FAR *p);

Deleted: custom-printf.patch
===================================================================
--- custom-printf.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ custom-printf.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,15 +0,0 @@
-Patch by Lubomir Rintel <lkundrak at v3.sk> for arj >= 3.10.22, which disables
-the custom printf to avoid conflicting strnlen definition with the glibc
-headers. By using custom printf (as in the past), we're completely loosing
-all the _FORTIFY_SOURCE printf protections.
-
---- arj-3.10.22/fardata.c		2004-04-17 13:39:42.000000000 +0200
-+++ arj-3.10.22/fardata.c.printf	2009-04-18 16:23:52.000000000 +0200
-@@ -13,7 +13,6 @@
- /* ASR fix 02/05/2003: need that regardless of COLOR_OUTPUT to support -jp
-    correctly */
- #if SFX_LEVEL>=ARJ
-- #define CUSTOM_PRINTF
-  #define CHUNK_SIZE               512    /* Size of the output block */
-  #define CHUNK_THRESHOLD (CHUNK_SIZE-256) /* Safety bound */
- #endif

Copied: arj/repos/community-x86_64/custom-printf.patch (from rev 410805, arj/trunk/custom-printf.patch)
===================================================================
--- custom-printf.patch	                        (rev 0)
+++ custom-printf.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,15 @@
+Patch by Lubomir Rintel <lkundrak at v3.sk> for arj >= 3.10.22, which disables
+the custom printf to avoid conflicting strnlen definition with the glibc
+headers. By using custom printf (as in the past), we're completely loosing
+all the _FORTIFY_SOURCE printf protections.
+
+--- arj-3.10.22/fardata.c		2004-04-17 13:39:42.000000000 +0200
++++ arj-3.10.22/fardata.c.printf	2009-04-18 16:23:52.000000000 +0200
+@@ -13,7 +13,6 @@
+ /* ASR fix 02/05/2003: need that regardless of COLOR_OUTPUT to support -jp
+    correctly */
+ #if SFX_LEVEL>=ARJ
+- #define CUSTOM_PRINTF
+  #define CHUNK_SIZE               512    /* Size of the output block */
+  #define CHUNK_THRESHOLD (CHUNK_SIZE-256) /* Safety bound */
+ #endif

Deleted: no_remove_static_const.patch
===================================================================
--- no_remove_static_const.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ no_remove_static_const.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,20 +0,0 @@
-#DPATCHLEVEL=1
-diff -Naur arj-3.10.22.orig/gnu/makefile.in arj-3.10.22/gnu/makefile.in
---- arj-3.10.22.orig/gnu/makefile.in	2004-04-17 14:28:06.000000000 +0300
-+++ arj-3.10.22/gnu/makefile.in	2005-08-04 21:50:24.000000000 +0300
-@@ -192,6 +192,15 @@
- dispose:
- 
- #
-+# XXX: Do not use -O2, it removes the static const variable with gcc 4.x
-+#
-+
-+INTEGR_DIRS = $(ARJ_DIR) $(REARJ_DIR) $(ARJCRYPT_DIR) $(REGISTER_DIR)
-+
-+$(patsubst %,%/integr.o, $(INTEGR_DIRS)): $(SRC_DIR)/integr.c
-+	$(CC) -Wall -g -c -o$@ $<
-+
-+#
- # The tools
- #
- 

Copied: arj/repos/community-x86_64/no_remove_static_const.patch (from rev 410805, arj/trunk/no_remove_static_const.patch)
===================================================================
--- no_remove_static_const.patch	                        (rev 0)
+++ no_remove_static_const.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,20 @@
+#DPATCHLEVEL=1
+diff -Naur arj-3.10.22.orig/gnu/makefile.in arj-3.10.22/gnu/makefile.in
+--- arj-3.10.22.orig/gnu/makefile.in	2004-04-17 14:28:06.000000000 +0300
++++ arj-3.10.22/gnu/makefile.in	2005-08-04 21:50:24.000000000 +0300
+@@ -192,6 +192,15 @@
+ dispose:
+ 
+ #
++# XXX: Do not use -O2, it removes the static const variable with gcc 4.x
++#
++
++INTEGR_DIRS = $(ARJ_DIR) $(REARJ_DIR) $(ARJCRYPT_DIR) $(REGISTER_DIR)
++
++$(patsubst %,%/integr.o, $(INTEGR_DIRS)): $(SRC_DIR)/integr.c
++	$(CC) -Wall -g -c -o$@ $<
++
++#
+ # The tools
+ #
+ 

Deleted: security_format.patch
===================================================================
--- security_format.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ security_format.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,305 +0,0 @@
-Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, which
-fixes format security errors.
-
----
- arj_arcv.c |   12 ++++++------
- arj_user.c |    8 ++++----
- arjdisp.c  |   58 ++++++++++++++++++++++++++++------------------------------
- arjsfx.c   |    2 +-
- fardata.c  |   10 +++++-----
- rearj.c    |    2 +-
- register.c |    2 +-
- 7 files changed, 46 insertions(+), 48 deletions(-)
-
---- a/fardata.c
-+++ b/fardata.c
-@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
-   /* Check if the message could have a standard error code */
-   if(errno!=0&&is_std_error(errmsg))
-   {
--   msg_cprintf(0, lf);
-+   msg_cprintf(0, "\n");
-    error_report();
-   }
-  #endif
-@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
-     {
-      #if SFX_LEVEL>=ARJSFXV
-       fprintf(new_stdout, strform, n_text);
--      fprintf(new_stdout, lf);
-+      fprintf(new_stdout, "\n");
-      #else
-       printf(strform, n_text);
--      printf(lf);
-+      printf("\n");
-      #endif
-     }
-     else
-@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
-      #ifdef NEED_CRLF
-       scr_out("\r");
-      #endif
--     scr_out(lf);
-+     scr_out("\n");
-     }
-     if(!no_colors)
-      textcolor(color_table[ccode&H_COLORMASK].color);
-    #else
-     printf(strform, n_text);
--    printf(lf);
-+    printf("\n");
-    #endif
-    n_text=t_text+1;
-    #if SFX_LEVEL>=ARJ
---- a/arj_user.c
-+++ b/arj_user.c
-@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
-      if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
-      {
-       msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
--      printf(lf);
-+      printf("\n");
-      }
-      else
-      {
-@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
-    if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
-    {
-     msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
--    printf(lf);
-+    printf("\n");
-    }
-    else
-    {
-@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
-     msg_cprintf(0, M_CHAPTERS_ON);
-    else if(chapter_mode==CHAP_REMOVE)
-     msg_cprintf(0, M_CHAPTERS_OFF);
--   msg_cprintf(0, strform, lf);
-+   msg_cprintf(0, strform, "\n");
-   }
-   if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
-    msg_cprintf(0, M_ARJPROT_DISABLED);
-@@ -2303,7 +2303,7 @@ void process_archive()
-   timestamp_to_str(timetext, &ftime_stamp);
-   msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
-   if(show_ansi_comments)
--   printf(cmt_ptr);
-+   fputs(cmt_ptr, stdout);
-   else
-    display_comment(cmt_ptr);
-   /* The sfx_setup() occurs here */
---- a/arj_arcv.c
-+++ b/arj_arcv.c
-@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
-     else
-     {
-      strcat(tmp_comment, tmp_cmtline);
--     strcat(tmp_comment, lf);
-+     strcat(tmp_comment, "\n");
-     }
-    }
-    else
-    {
-     strcat(tmp_comment, tmp_cmtline);
--    strcat(tmp_comment, lf);
-+    strcat(tmp_comment, "\n");
-    }
-   }
-  }
-@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
-    raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
-    uxspecial_stats(raw_eh, UXSTATS_SHORT);
-   }
--  msg_cprintf(0, lf);
-+  msg_cprintf(0, "\n");
-  }
-  if(err_id==0&&user_wants_fail)
-  {
-@@ -2523,9 +2523,9 @@ int unpack_validation()
-    {
-     msg_cprintf(0, (FMSG *)strform, misc_buf);
-     if(search_mode==SEARCH_DEFAULT)
--     msg_cprintf(0, (FMSG *)lf);
-+     msg_cprintf(0, "\n");
-     if(search_mode==SEARCH_BRIEF)
--     msg_cprintf(0, (FMSG *)cr);
-+     msg_cprintf(0, "\r");
-    }
-    for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
-    reserve_size=0;
-@@ -3652,7 +3652,7 @@ void archive_cleanup()
-  {
-   if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
-    error(M_DISK_FULL);
--  if(fprintf(idxstream, lf)<0)
-+  if(fprintf(idxstream, "\n")<0)
-    error(M_DISK_FULL);
-  }
-  cmd_verb=ARJ_CMD_TEST;
---- a/arjsfx.c
-+++ b/arjsfx.c
-@@ -214,7 +214,7 @@ static void final_cleanup(void)
-   freopen(dev_con, m_w, stdout);
-  #if SFX_LEVEL>=ARJSFXV
-   if(ferror(stdout))
--   msg_fprintf(stderr, M_DISK_FULL);
-+   msg_fprintf(stderr, "Can't write file. Disk full?");
-   if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
-   {
-    ticks=get_ticks()-ticks;
---- a/rearj.c
-+++ b/rearj.c
-@@ -935,7 +935,7 @@ static int convert_archive(char *name)
-  msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
-  msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
-  msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
-- printf(lf);
-+ printf("\n");
-  total_old_fsize+=old_fsize;
-  total_new_fsize+=new_fsize;
-  total_files++;
---- a/register.c
-+++ b/register.c
-@@ -205,7 +205,7 @@ int main(int argc, char **argv)
-  char reg_source[200];
-  int i;
- 
-- printf(M_REGISTER_BANNER);
-+ fputs(M_REGISTER_BANNER, stdout);
-  integrity_pattern[0]--;
-  build_crc32_table();
-  if(argc!=2)
---- a/arjdisp.c
-+++ b/arjdisp.c
-@@ -20,8 +20,6 @@ static long bytes;
- static long compsize;
- static char cmd_verb;
- static char msg_lf[]="\n";
--char strform[]="%s";                    /* Export it for scrnio.c, too
--                                           (a byte saved is a byte gained) */
- 
- /* Pseudographical controls */
- 
-@@ -54,19 +52,19 @@ static void show_init_scrn()
-  textcolor(7);
-  clrscr();
-  gotoxy(2, 2);
-- scrprintf(win_top);
-+ fputs(win_top, stdout);
-  for(i=3; i<24; i++)
-  {
--  gotoxy(2, i); scrprintf(win_border);
--  gotoxy(79, i); scrprintf(win_border);
-+  gotoxy(2, i); fputs(win_border, stdout);
-+  gotoxy(79, i); fputs(win_border, stdout);
-  }
-- gotoxy(2, 24); scrprintf(win_bottom);
-+ gotoxy(2, 24); fputs(win_bottom, stdout);
-  gotoxy(10, 5);
-- scrprintf(M_ARJDISP_COPYRIGHT);
-+ fputs(M_ARJDISP_COPYRIGHT, stdout);
-  gotoxy(10, 6);
-- scrprintf(M_ARJDISP_DISTRIBUTION);
-+ fputs(M_ARJDISP_DISTRIBUTION, stdout);
-  gotoxy(10, 7);
-- scrprintf(M_ARJDISP_LICENSE);
-+ fputs(M_ARJDISP_LICENSE, stdout);
-  gotoxy(16, 10);
-  scrprintf(M_PROCESSING_ARCHIVE, archive_name);
-  t=strtok(M_ARJDISP_INFO, msg_lf);
-@@ -74,11 +72,11 @@ static void show_init_scrn()
-  while(t!=NULL&&i<=23)
-  {
-   gotoxy(10, i++);
--  scrprintf(strform, t);
-+  scrprintf("%s", t);
-   t=strtok(NULL, msg_lf);
-  }
-  gotoxy(16, 20);
-- scrprintf(M_PRESS_ANY_KEY);
-+ fputs(M_PRESS_ANY_KEY, stdout);
-  uni_getch();
-  gotoxy(1, 24);
- }
-@@ -96,19 +94,19 @@ static void show_proc_scrn()
-  {
-   clrscr();
-   gotoxy(2, 2);
--  scrprintf(win_top);
-+  fputs(win_top, stdout);
-   for(i=3; i<24; i++)
-   {
--   gotoxy(2, i); scrprintf(win_border);
--   gotoxy(79, i); scrprintf(win_border);
-+   gotoxy(2, i); fputs(win_border, stdout);
-+   gotoxy(79, i); fputs(win_border, stdout);
-   }
--  gotoxy(2, 24); scrprintf(win_bottom);
-+  gotoxy(2, 24); fputs(win_bottom, stdout);
-   gotoxy(10, 5);
--  scrprintf(M_ARJDISP_COPYRIGHT);
-+  fputs(M_ARJDISP_COPYRIGHT, stdout);
-   gotoxy(10, 6);
--  scrprintf(M_ARJDISP_DISTRIBUTION);
-+  fputs(M_ARJDISP_DISTRIBUTION, stdout);
-   gotoxy(10, 7);
--  scrprintf(M_ARJDISP_LICENSE);
-+  fputs(M_ARJDISP_LICENSE, stdout);
-   gotoxy(16, 10);
-   scrprintf(M_PROCESSING_ARCHIVE, archive_name);
-   gotoxy(16, 12);
-@@ -132,13 +130,13 @@ static void show_proc_scrn()
-     break;
-   }
-   gotoxy(15, 14);
--  scrprintf(ind_top);
-+  fputs(ind_top, stdout);
-   gotoxy(15, 15);
--  scrprintf(ind_middle);
-+  fputs(ind_middle, stdout);
-   gotoxy(15, 16);
--  scrprintf(ind_bottom);
-+  fputs(ind_bottom, stdout);
-   gotoxy(16, 18);
--  scrprintf(M_ARJDISP_CTR_START);
-+  fputs(M_ARJDISP_CTR_START, stdout);
-  }
-  else
-  {
-@@ -146,7 +144,7 @@ static void show_proc_scrn()
-   gotoxy(16, 15);
-   memset(progress, indo, i);
-   progress[i]='\0';
--  scrprintf(progress);
-+  fputs(progress, stdout);
-   gotoxy(16, 18);
-   scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
-  }
-@@ -165,19 +163,19 @@ static void show_ending_scrn()
-  textcolor(7);
-  clrscr();
-  gotoxy(2, 2);
-- scrprintf(win_top);
-+ fputs(win_top, stdout);
-  for(i=3; i<24; i++)
-  {
--  gotoxy(2, i); scrprintf(win_border);
--  gotoxy(79, i); scrprintf(win_border);
-+  gotoxy(2, i); fputs(win_border, stdout);
-+  gotoxy(79, i); fputs(win_border, stdout);
-  }
-- gotoxy(2, 24); scrprintf(win_bottom);
-+ gotoxy(2, 24); fputs(win_bottom, stdout);
-  gotoxy(10, 5);
-- scrprintf(M_ARJDISP_COPYRIGHT);
-+ fputs(M_ARJDISP_COPYRIGHT, stdout);
-  gotoxy(10, 6);
-- scrprintf(M_ARJDISP_DISTRIBUTION);
-+ fputs(M_ARJDISP_DISTRIBUTION, stdout);
-  gotoxy(10, 7);
-- scrprintf(M_ARJDISP_LICENSE);
-+ fputs(M_ARJDISP_LICENSE, stdout);
-  gotoxy(16, 10);
-  scrprintf(M_FINISHED_PROCESSING, archive_name);
-  gotoxy(1, 24);

Copied: arj/repos/community-x86_64/security_format.patch (from rev 410805, arj/trunk/security_format.patch)
===================================================================
--- security_format.patch	                        (rev 0)
+++ security_format.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,305 @@
+Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, which
+fixes format security errors.
+
+---
+ arj_arcv.c |   12 ++++++------
+ arj_user.c |    8 ++++----
+ arjdisp.c  |   58 ++++++++++++++++++++++++++++------------------------------
+ arjsfx.c   |    2 +-
+ fardata.c  |   10 +++++-----
+ rearj.c    |    2 +-
+ register.c |    2 +-
+ 7 files changed, 46 insertions(+), 48 deletions(-)
+
+--- a/fardata.c
++++ b/fardata.c
+@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
+   /* Check if the message could have a standard error code */
+   if(errno!=0&&is_std_error(errmsg))
+   {
+-   msg_cprintf(0, lf);
++   msg_cprintf(0, "\n");
+    error_report();
+   }
+  #endif
+@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
+     {
+      #if SFX_LEVEL>=ARJSFXV
+       fprintf(new_stdout, strform, n_text);
+-      fprintf(new_stdout, lf);
++      fprintf(new_stdout, "\n");
+      #else
+       printf(strform, n_text);
+-      printf(lf);
++      printf("\n");
+      #endif
+     }
+     else
+@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
+      #ifdef NEED_CRLF
+       scr_out("\r");
+      #endif
+-     scr_out(lf);
++     scr_out("\n");
+     }
+     if(!no_colors)
+      textcolor(color_table[ccode&H_COLORMASK].color);
+    #else
+     printf(strform, n_text);
+-    printf(lf);
++    printf("\n");
+    #endif
+    n_text=t_text+1;
+    #if SFX_LEVEL>=ARJ
+--- a/arj_user.c
++++ b/arj_user.c
+@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
+      if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
+      {
+       msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+-      printf(lf);
++      printf("\n");
+      }
+      else
+      {
+@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
+    if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
+    {
+     msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+-    printf(lf);
++    printf("\n");
+    }
+    else
+    {
+@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
+     msg_cprintf(0, M_CHAPTERS_ON);
+    else if(chapter_mode==CHAP_REMOVE)
+     msg_cprintf(0, M_CHAPTERS_OFF);
+-   msg_cprintf(0, strform, lf);
++   msg_cprintf(0, strform, "\n");
+   }
+   if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
+    msg_cprintf(0, M_ARJPROT_DISABLED);
+@@ -2303,7 +2303,7 @@ void process_archive()
+   timestamp_to_str(timetext, &ftime_stamp);
+   msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
+   if(show_ansi_comments)
+-   printf(cmt_ptr);
++   fputs(cmt_ptr, stdout);
+   else
+    display_comment(cmt_ptr);
+   /* The sfx_setup() occurs here */
+--- a/arj_arcv.c
++++ b/arj_arcv.c
+@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
+     else
+     {
+      strcat(tmp_comment, tmp_cmtline);
+-     strcat(tmp_comment, lf);
++     strcat(tmp_comment, "\n");
+     }
+    }
+    else
+    {
+     strcat(tmp_comment, tmp_cmtline);
+-    strcat(tmp_comment, lf);
++    strcat(tmp_comment, "\n");
+    }
+   }
+  }
+@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
+    raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
+    uxspecial_stats(raw_eh, UXSTATS_SHORT);
+   }
+-  msg_cprintf(0, lf);
++  msg_cprintf(0, "\n");
+  }
+  if(err_id==0&&user_wants_fail)
+  {
+@@ -2523,9 +2523,9 @@ int unpack_validation()
+    {
+     msg_cprintf(0, (FMSG *)strform, misc_buf);
+     if(search_mode==SEARCH_DEFAULT)
+-     msg_cprintf(0, (FMSG *)lf);
++     msg_cprintf(0, "\n");
+     if(search_mode==SEARCH_BRIEF)
+-     msg_cprintf(0, (FMSG *)cr);
++     msg_cprintf(0, "\r");
+    }
+    for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
+    reserve_size=0;
+@@ -3652,7 +3652,7 @@ void archive_cleanup()
+  {
+   if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
+    error(M_DISK_FULL);
+-  if(fprintf(idxstream, lf)<0)
++  if(fprintf(idxstream, "\n")<0)
+    error(M_DISK_FULL);
+  }
+  cmd_verb=ARJ_CMD_TEST;
+--- a/arjsfx.c
++++ b/arjsfx.c
+@@ -214,7 +214,7 @@ static void final_cleanup(void)
+   freopen(dev_con, m_w, stdout);
+  #if SFX_LEVEL>=ARJSFXV
+   if(ferror(stdout))
+-   msg_fprintf(stderr, M_DISK_FULL);
++   msg_fprintf(stderr, "Can't write file. Disk full?");
+   if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
+   {
+    ticks=get_ticks()-ticks;
+--- a/rearj.c
++++ b/rearj.c
+@@ -935,7 +935,7 @@ static int convert_archive(char *name)
+  msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
+  msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
+  msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
+- printf(lf);
++ printf("\n");
+  total_old_fsize+=old_fsize;
+  total_new_fsize+=new_fsize;
+  total_files++;
+--- a/register.c
++++ b/register.c
+@@ -205,7 +205,7 @@ int main(int argc, char **argv)
+  char reg_source[200];
+  int i;
+ 
+- printf(M_REGISTER_BANNER);
++ fputs(M_REGISTER_BANNER, stdout);
+  integrity_pattern[0]--;
+  build_crc32_table();
+  if(argc!=2)
+--- a/arjdisp.c
++++ b/arjdisp.c
+@@ -20,8 +20,6 @@ static long bytes;
+ static long compsize;
+ static char cmd_verb;
+ static char msg_lf[]="\n";
+-char strform[]="%s";                    /* Export it for scrnio.c, too
+-                                           (a byte saved is a byte gained) */
+ 
+ /* Pseudographical controls */
+ 
+@@ -54,19 +52,19 @@ static void show_init_scrn()
+  textcolor(7);
+  clrscr();
+  gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+  for(i=3; i<24; i++)
+  {
+-  gotoxy(2, i); scrprintf(win_border);
+-  gotoxy(79, i); scrprintf(win_border);
++  gotoxy(2, i); fputs(win_border, stdout);
++  gotoxy(79, i); fputs(win_border, stdout);
+  }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+  gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+  gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+  gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+  gotoxy(16, 10);
+  scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+  t=strtok(M_ARJDISP_INFO, msg_lf);
+@@ -74,11 +72,11 @@ static void show_init_scrn()
+  while(t!=NULL&&i<=23)
+  {
+   gotoxy(10, i++);
+-  scrprintf(strform, t);
++  scrprintf("%s", t);
+   t=strtok(NULL, msg_lf);
+  }
+  gotoxy(16, 20);
+- scrprintf(M_PRESS_ANY_KEY);
++ fputs(M_PRESS_ANY_KEY, stdout);
+  uni_getch();
+  gotoxy(1, 24);
+ }
+@@ -96,19 +94,19 @@ static void show_proc_scrn()
+  {
+   clrscr();
+   gotoxy(2, 2);
+-  scrprintf(win_top);
++  fputs(win_top, stdout);
+   for(i=3; i<24; i++)
+   {
+-   gotoxy(2, i); scrprintf(win_border);
+-   gotoxy(79, i); scrprintf(win_border);
++   gotoxy(2, i); fputs(win_border, stdout);
++   gotoxy(79, i); fputs(win_border, stdout);
+   }
+-  gotoxy(2, 24); scrprintf(win_bottom);
++  gotoxy(2, 24); fputs(win_bottom, stdout);
+   gotoxy(10, 5);
+-  scrprintf(M_ARJDISP_COPYRIGHT);
++  fputs(M_ARJDISP_COPYRIGHT, stdout);
+   gotoxy(10, 6);
+-  scrprintf(M_ARJDISP_DISTRIBUTION);
++  fputs(M_ARJDISP_DISTRIBUTION, stdout);
+   gotoxy(10, 7);
+-  scrprintf(M_ARJDISP_LICENSE);
++  fputs(M_ARJDISP_LICENSE, stdout);
+   gotoxy(16, 10);
+   scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+   gotoxy(16, 12);
+@@ -132,13 +130,13 @@ static void show_proc_scrn()
+     break;
+   }
+   gotoxy(15, 14);
+-  scrprintf(ind_top);
++  fputs(ind_top, stdout);
+   gotoxy(15, 15);
+-  scrprintf(ind_middle);
++  fputs(ind_middle, stdout);
+   gotoxy(15, 16);
+-  scrprintf(ind_bottom);
++  fputs(ind_bottom, stdout);
+   gotoxy(16, 18);
+-  scrprintf(M_ARJDISP_CTR_START);
++  fputs(M_ARJDISP_CTR_START, stdout);
+  }
+  else
+  {
+@@ -146,7 +144,7 @@ static void show_proc_scrn()
+   gotoxy(16, 15);
+   memset(progress, indo, i);
+   progress[i]='\0';
+-  scrprintf(progress);
++  fputs(progress, stdout);
+   gotoxy(16, 18);
+   scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
+  }
+@@ -165,19 +163,19 @@ static void show_ending_scrn()
+  textcolor(7);
+  clrscr();
+  gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+  for(i=3; i<24; i++)
+  {
+-  gotoxy(2, i); scrprintf(win_border);
+-  gotoxy(79, i); scrprintf(win_border);
++  gotoxy(2, i); fputs(win_border, stdout);
++  gotoxy(79, i); fputs(win_border, stdout);
+  }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+  gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+  gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+  gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+  gotoxy(16, 10);
+  scrprintf(M_FINISHED_PROCESSING, archive_name);
+  gotoxy(1, 24);

Deleted: use_safe_strcpy.patch
===================================================================
--- use_safe_strcpy.patch	2018-12-02 22:51:23 UTC (rev 410805)
+++ use_safe_strcpy.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -1,97 +0,0 @@
-Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, to
-use a safe strcpy for overlapping strings, among others fixes a build
-problem with a mangled generated .c file by msgbind (thus FTBFS), and
-CRC errors at run-time. For further information, please have a look
-to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590354
-
----
- arj.c      |    2 +-
- arjdata.c  |    9 +--------
- ea_mgr.c   |    2 +-
- misc.h     |    4 ++++
- msgbind.c  |    2 +-
- packager.c |    2 +-
- 6 files changed, 9 insertions(+), 12 deletions(-)
-
---- a/arjdata.c
-+++ b/arjdata.c
-@@ -204,13 +204,6 @@ void date_fmt(char *dest)
-  #endif
- }
- 
--/* A safe strcpy() */
--
--static void safe_strcpy(char *dest, char *src)
--{
-- memmove(dest, src, strlen(src)+1);
--}
--
- /* Context substitution routine */
- 
- char *expand_tags(char *str, int limit)
-@@ -232,7 +225,7 @@ char *expand_tags(char *str, int limit)
-   {
-    if(*(p+1)==TAG_CHAR)
-    {
--    strcpy(p, p+1);
-+    safe_strcpy(p, p+1);
-     p++;
-    }
-    else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
---- a/arj.c
-+++ b/arj.c
-@@ -1169,7 +1169,7 @@ int main(int argc, char *argv[])
-      if(strlen(tmp_ptr)<=121)
-       tmp_ptr[0]='\0';
-      else if(tmp_ptr[120]==' ')
--      strcpy(tmp_ptr, tmp_ptr+121);
-+      safe_strcpy(tmp_ptr, tmp_ptr+121);
-     }
-     if(cmd==ARJ_CMD_ORDER&&strpbrk(tmp_ptr, wildcard_pattern)!=NULL)
-      error(M_ORDER_WILDCARD);
---- a/ea_mgr.c
-+++ b/ea_mgr.c
-@@ -696,7 +696,7 @@ int resolve_longname(char *dest, char *n
-     tmp_name[st_len]='\0';
-     if(tmp_name[0]==0xFD&&tmp_name[1]==0xFF)
-     {
--     strcpy(tmp_name, (char *)tmp_name+4);
-+     safe_strcpy(tmp_name, (char *)tmp_name+4);
-      st_len-=4;
-     }
-     if(st_len==0||st_len+entry>=FILENAME_MAX)
---- a/msgbind.c
-+++ b/msgbind.c
-@@ -578,7 +578,7 @@ int main(int argc, char **argv)
-    }
-    strcat(pool[tpool].data, msgname);
-    strcat(pool[tpool].data, ", ");
--   strcpy(msg_buffer, msg_buffer+1);
-+   safe_strcpy(msg_buffer, msg_buffer+1);
-    buf_len=strlen(msg_buffer);
-    msg_buffer[--buf_len]='\0';
-    patch_string(msg_buffer);
---- a/packager.c
-+++ b/packager.c
-@@ -347,7 +347,7 @@ int main(int argc, char **argv)
-  expand_tags(buf, sizeof(buf)-1);
-  if((p=strchr(buf, '.'))!=NULL)
-  {
--  strcpy(p, p+1);
-+  safe_strcpy(p, p+1);
-   if((p=strchr(buf, '.'))!=NULL)
-    *p='\0';
-  }
---- a/misc.h
-+++ b/misc.h
-@@ -11,6 +11,10 @@
- #include "arjtypes.h"
- #include "filelist.h"
- 
-+/* A safe strcpy() */
-+
-+#define safe_strcpy(dest, src) memmove(dest, src, strlen(src)+1);
-+
- /* ASCIIZ string copy macro */
- 
- #define strcpyn(dest, src, n)      \

Copied: arj/repos/community-x86_64/use_safe_strcpy.patch (from rev 410805, arj/trunk/use_safe_strcpy.patch)
===================================================================
--- use_safe_strcpy.patch	                        (rev 0)
+++ use_safe_strcpy.patch	2018-12-02 22:51:39 UTC (rev 410806)
@@ -0,0 +1,97 @@
+Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, to
+use a safe strcpy for overlapping strings, among others fixes a build
+problem with a mangled generated .c file by msgbind (thus FTBFS), and
+CRC errors at run-time. For further information, please have a look
+to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590354
+
+---
+ arj.c      |    2 +-
+ arjdata.c  |    9 +--------
+ ea_mgr.c   |    2 +-
+ misc.h     |    4 ++++
+ msgbind.c  |    2 +-
+ packager.c |    2 +-
+ 6 files changed, 9 insertions(+), 12 deletions(-)
+
+--- a/arjdata.c
++++ b/arjdata.c
+@@ -204,13 +204,6 @@ void date_fmt(char *dest)
+  #endif
+ }
+ 
+-/* A safe strcpy() */
+-
+-static void safe_strcpy(char *dest, char *src)
+-{
+- memmove(dest, src, strlen(src)+1);
+-}
+-
+ /* Context substitution routine */
+ 
+ char *expand_tags(char *str, int limit)
+@@ -232,7 +225,7 @@ char *expand_tags(char *str, int limit)
+   {
+    if(*(p+1)==TAG_CHAR)
+    {
+-    strcpy(p, p+1);
++    safe_strcpy(p, p+1);
+     p++;
+    }
+    else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
+--- a/arj.c
++++ b/arj.c
+@@ -1169,7 +1169,7 @@ int main(int argc, char *argv[])
+      if(strlen(tmp_ptr)<=121)
+       tmp_ptr[0]='\0';
+      else if(tmp_ptr[120]==' ')
+-      strcpy(tmp_ptr, tmp_ptr+121);
++      safe_strcpy(tmp_ptr, tmp_ptr+121);
+     }
+     if(cmd==ARJ_CMD_ORDER&&strpbrk(tmp_ptr, wildcard_pattern)!=NULL)
+      error(M_ORDER_WILDCARD);
+--- a/ea_mgr.c
++++ b/ea_mgr.c
+@@ -696,7 +696,7 @@ int resolve_longname(char *dest, char *n
+     tmp_name[st_len]='\0';
+     if(tmp_name[0]==0xFD&&tmp_name[1]==0xFF)
+     {
+-     strcpy(tmp_name, (char *)tmp_name+4);
++     safe_strcpy(tmp_name, (char *)tmp_name+4);
+      st_len-=4;
+     }
+     if(st_len==0||st_len+entry>=FILENAME_MAX)
+--- a/msgbind.c
++++ b/msgbind.c
+@@ -578,7 +578,7 @@ int main(int argc, char **argv)
+    }
+    strcat(pool[tpool].data, msgname);
+    strcat(pool[tpool].data, ", ");
+-   strcpy(msg_buffer, msg_buffer+1);
++   safe_strcpy(msg_buffer, msg_buffer+1);
+    buf_len=strlen(msg_buffer);
+    msg_buffer[--buf_len]='\0';
+    patch_string(msg_buffer);
+--- a/packager.c
++++ b/packager.c
+@@ -347,7 +347,7 @@ int main(int argc, char **argv)
+  expand_tags(buf, sizeof(buf)-1);
+  if((p=strchr(buf, '.'))!=NULL)
+  {
+-  strcpy(p, p+1);
++  safe_strcpy(p, p+1);
+   if((p=strchr(buf, '.'))!=NULL)
+    *p='\0';
+  }
+--- a/misc.h
++++ b/misc.h
+@@ -11,6 +11,10 @@
+ #include "arjtypes.h"
+ #include "filelist.h"
+ 
++/* A safe strcpy() */
++
++#define safe_strcpy(dest, src) memmove(dest, src, strlen(src)+1);
++
+ /* ASCIIZ string copy macro */
+ 
+ #define strcpyn(dest, src, n)      \


More information about the arch-commits mailing list