[arch-commits] Commit in arj/repos/community-x86_64 (20 files)
Antonio Rojas
arojas at archlinux.org
Mon Jun 4 18:41:26 UTC 2018
Date: Monday, June 4, 2018 @ 18:41:26
Author: arojas
Revision: 340419
archrelease: copy trunk to community-x86_64
Added:
arj/repos/community-x86_64/64_bit_clean.patch
(from rev 340418, arj/trunk/64_bit_clean.patch)
arj/repos/community-x86_64/CVE-2015-0556-symlink-traversal.patch
(from rev 340418, arj/trunk/CVE-2015-0556-symlink-traversal.patch)
arj/repos/community-x86_64/CVE-2015-0557-dir-traversal.patch
(from rev 340418, arj/trunk/CVE-2015-0557-dir-traversal.patch)
arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch
(from rev 340418, arj/trunk/CVE-2015-2782-buffer-overflow.patch)
arj/repos/community-x86_64/PKGBUILD
(from rev 340418, arj/trunk/PKGBUILD)
arj/repos/community-x86_64/arches_align.patch
(from rev 340418, arj/trunk/arches_align.patch)
arj/repos/community-x86_64/custom-printf.patch
(from rev 340418, arj/trunk/custom-printf.patch)
arj/repos/community-x86_64/no_remove_static_const.patch
(from rev 340418, arj/trunk/no_remove_static_const.patch)
arj/repos/community-x86_64/security_format.patch
(from rev 340418, arj/trunk/security_format.patch)
arj/repos/community-x86_64/use_safe_strcpy.patch
(from rev 340418, arj/trunk/use_safe_strcpy.patch)
Deleted:
arj/repos/community-x86_64/64_bit_clean.patch
arj/repos/community-x86_64/CVE-2015-0556-symlink-traversal.patch
arj/repos/community-x86_64/CVE-2015-0557-dir-traversal.patch
arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch
arj/repos/community-x86_64/PKGBUILD
arj/repos/community-x86_64/arches_align.patch
arj/repos/community-x86_64/custom-printf.patch
arj/repos/community-x86_64/no_remove_static_const.patch
arj/repos/community-x86_64/security_format.patch
arj/repos/community-x86_64/use_safe_strcpy.patch
---------------------------------------+
64_bit_clean.patch | 388 ++++++++++----------
CVE-2015-0556-symlink-traversal.patch | 170 ++++----
CVE-2015-0557-dir-traversal.patch | 66 +--
CVE-2015-2782-buffer-overflow.patch | 70 +--
PKGBUILD | 141 +++----
arches_align.patch | 68 +--
custom-printf.patch | 30 -
no_remove_static_const.patch | 40 +-
security_format.patch | 610 ++++++++++++++++----------------
use_safe_strcpy.patch | 194 +++++-----
10 files changed, 889 insertions(+), 888 deletions(-)
Deleted: 64_bit_clean.patch
===================================================================
--- 64_bit_clean.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ 64_bit_clean.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,194 +0,0 @@
-#DPATCHLEVEL=1
-diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_arcv.c arj-3.10.22/arj_arcv.c
---- arj-3.10.22.orig/arj_arcv.c 2005-06-21 22:53:12.000000000 +0300
-+++ arj-3.10.22/arj_arcv.c 2005-11-24 02:50:31.000000000 +0200
-@@ -59,27 +59,27 @@
- #define setup_hput(ptr) (tmp_hptr=(ptr))
-
- #define hget_byte() (*(tmp_hptr++)&0xFF)
--#define hput_byte(c) (*(tmp_hptr++)=(char) (c))
-+#define hput_byte(c) (*(tmp_hptr++)=(uint8_t) (c))
-
- /* Reads two bytes from the header, incrementing the pointer */
-
--static unsigned int hget_word()
-+static uint16_t hget_word()
- {
-- unsigned int result;
-+ uint16_t result;
-
- result=mget_word(tmp_hptr);
-- tmp_hptr+=sizeof(short);
-+ tmp_hptr+=sizeof(uint16_t);
- return result;
- }
-
- /* Reads four bytes from the header, incrementing the pointer */
-
--static unsigned long hget_longword()
-+static uint32_t hget_longword()
- {
-- unsigned long result;
-+ uint32_t result;
-
- result=mget_dword(tmp_hptr);
-- tmp_hptr+=sizeof(unsigned long);
-+ tmp_hptr+=sizeof(uint32_t);
- return result;
- }
-
-@@ -87,18 +87,18 @@
-
- /* Writes two bytes to the header, incrementing the pointer */
-
--static void hput_word(unsigned int w)
-+static void hput_word(uint16_t w)
- {
- mput_word(w,tmp_hptr);
-- tmp_hptr+=sizeof(unsigned short);
-+ tmp_hptr+=sizeof(uint16_t);
- }
-
- /* Writes four bytes to the header, incrementing the pointer */
-
--static void hput_longword(unsigned long l)
-+static void hput_longword(uint32_t l)
- {
- mput_dword(l,tmp_hptr);
-- tmp_hptr+=sizeof(unsigned long);
-+ tmp_hptr+=sizeof(uint32_t);
- }
-
- /* Calculates and stores the basic header size */
-diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.c arj-3.10.22/arj_proc.c
---- arj-3.10.22.orig/arj_proc.c 2005-11-24 02:50:19.000000000 +0200
-+++ arj-3.10.22/arj_proc.c 2005-11-24 02:50:31.000000000 +0200
-@@ -585,7 +585,7 @@
- /* Returns the exact amount of data that could be safely written to the
- destination volume */
-
--unsigned long get_volfree(unsigned int increment)
-+unsigned long get_volfree(unsigned long increment)
- {
- unsigned long pvol;
- unsigned int arjsec_overhead;
-@@ -605,7 +605,7 @@
- remain=volume_limit-ftell(aostream)-pvol-(long)arjsec_overhead-
- (long)out_bytes-(long)cpos-(long)ext_voldata-
- MULTIVOLUME_RESERVE-t_volume_offset;
-- return((unsigned long)min(remain, (unsigned long)increment));
-+ return((unsigned long)min(remain, increment));
- }
-
- /* Performs various checks when multivolume data is packed to predict an
-@@ -2466,14 +2466,14 @@
- *tsptr='\0';
- endptr=tsptr;
- tsptr=sptr;
-- while((unsigned int)tsptr<(unsigned int)endptr&&patterns<SEARCH_STR_MAX)
-+ while((intptr_t)tsptr<(intptr_t)endptr&&patterns<SEARCH_STR_MAX)
- {
- while(*tsptr=='\0')
- tsptr++;
-- if((unsigned int)tsptr<(unsigned int)endptr)
-+ if((intptr_t)tsptr<(intptr_t)endptr)
- {
- search_str[patterns++]=tsptr;
-- while(*tsptr!='\0'&&(unsigned int)tsptr<(unsigned int)endptr)
-+ while(*tsptr!='\0'&&(intptr_t)tsptr<(intptr_t)endptr)
- tsptr++;
- }
- }
-@@ -2901,9 +2901,9 @@
- #if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
- /* Model-independent routine to get 2 bytes from far RAM */
-
--unsigned int mget_word(char FAR *p)
-+uint16_t mget_word(char FAR *p)
- {
-- unsigned int b0, b1;
-+ uint16_t b0, b1;
-
- b0=mget_byte(p);
- b1=mget_byte(p+1);
-@@ -2912,9 +2912,9 @@
-
- /* Model-independent routine to get 4 bytes from far RAM */
-
--unsigned long mget_dword(char FAR *p)
-+uint32_t mget_dword(char FAR *p)
- {
-- unsigned long w0, w1;
-+ uint32_t w0, w1;
-
- w0=mget_word(p);
- w1=mget_word(p+2);
-@@ -2923,7 +2923,7 @@
-
- /* Model-independent routine to store 2 bytes in far RAM */
-
--void mput_word(unsigned int w, char FAR *p)
-+void mput_word(uint16_t w, char FAR *p)
- {
- mput_byte(w&0xFF, p);
- mput_byte(w>>8 , p+1);
-@@ -2931,7 +2931,7 @@
-
- /* Model-independent routine to store 4 bytes in far RAM */
-
--void mput_dword(unsigned long d, char FAR *p)
-+void mput_dword(uint32_t d, char FAR *p)
- {
- mput_word(d&0xFFFF, p);
- mput_word(d>>16 , p+2);
-diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.h arj-3.10.22/arj_proc.h
---- arj-3.10.22.orig/arj_proc.h 2005-11-24 02:50:19.000000000 +0200
-+++ arj-3.10.22/arj_proc.h 2005-11-24 03:17:25.000000000 +0200
-@@ -8,15 +8,17 @@
- #ifndef ARJ_PROC_INCLUDED
- #define ARJ_PROC_INCLUDED
-
-+#include <stdint.h>
-+
- /* Helper macros */
-
--#define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
--#define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
-+#define mget_byte(p) (*(uint8_t FAR *)(p)&0xFF)
-+#define mput_byte(c, p) *(uint8_t FAR *)(p)=(uint8_t)(c)
- #if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
--#define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
--#define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
--#define mget_dword(p) (*(unsigned long *)(p))
--#define mput_dword(w,p) (*(unsigned long *)(p)=(unsigned long)(w))
-+#define mget_word(p) (*(uint16_t *)(p)&0xFFFF)
-+#define mput_word(w,p) (*(uint16_t *)(p)=(uint16_t)(w))
-+#define mget_dword(p) (*(uint32_t *)(p))
-+#define mput_dword(w,p) (*(uint32_t *)(p)=(uint32_t)(w))
- #endif
-
- /* Prototypes */
-@@ -31,7 +33,7 @@
- int translate_path(char *name);
- void restart_proc(char *dest);
- int search_for_extension(char *name, char *ext_list);
--unsigned long get_volfree(unsigned int increment);
-+unsigned long get_volfree(unsigned long increment);
- unsigned int check_multivolume(unsigned int increment);
- void store();
- void hollow_encode();
-@@ -61,10 +63,10 @@
- void strip_lf(char *str);
- char *ltrim(char *str);
- #if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
--unsigned int mget_word(char FAR *p);
--unsigned long mget_dword(char FAR *p);
--void mput_word(unsigned int w, char FAR *p);
--void mput_dword(unsigned long d, char FAR *p);
-+uint16_t mget_word(char FAR *p);
-+uint32_t mget_dword(char FAR *p);
-+void mput_word(uint16_t w, char FAR *p);
-+void mput_dword(uint32_t d, char FAR *p);
- #endif
-
- #endif
Copied: arj/repos/community-x86_64/64_bit_clean.patch (from rev 340418, arj/trunk/64_bit_clean.patch)
===================================================================
--- 64_bit_clean.patch (rev 0)
+++ 64_bit_clean.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,194 @@
+#DPATCHLEVEL=1
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_arcv.c arj-3.10.22/arj_arcv.c
+--- arj-3.10.22.orig/arj_arcv.c 2005-06-21 22:53:12.000000000 +0300
++++ arj-3.10.22/arj_arcv.c 2005-11-24 02:50:31.000000000 +0200
+@@ -59,27 +59,27 @@
+ #define setup_hput(ptr) (tmp_hptr=(ptr))
+
+ #define hget_byte() (*(tmp_hptr++)&0xFF)
+-#define hput_byte(c) (*(tmp_hptr++)=(char) (c))
++#define hput_byte(c) (*(tmp_hptr++)=(uint8_t) (c))
+
+ /* Reads two bytes from the header, incrementing the pointer */
+
+-static unsigned int hget_word()
++static uint16_t hget_word()
+ {
+- unsigned int result;
++ uint16_t result;
+
+ result=mget_word(tmp_hptr);
+- tmp_hptr+=sizeof(short);
++ tmp_hptr+=sizeof(uint16_t);
+ return result;
+ }
+
+ /* Reads four bytes from the header, incrementing the pointer */
+
+-static unsigned long hget_longword()
++static uint32_t hget_longword()
+ {
+- unsigned long result;
++ uint32_t result;
+
+ result=mget_dword(tmp_hptr);
+- tmp_hptr+=sizeof(unsigned long);
++ tmp_hptr+=sizeof(uint32_t);
+ return result;
+ }
+
+@@ -87,18 +87,18 @@
+
+ /* Writes two bytes to the header, incrementing the pointer */
+
+-static void hput_word(unsigned int w)
++static void hput_word(uint16_t w)
+ {
+ mput_word(w,tmp_hptr);
+- tmp_hptr+=sizeof(unsigned short);
++ tmp_hptr+=sizeof(uint16_t);
+ }
+
+ /* Writes four bytes to the header, incrementing the pointer */
+
+-static void hput_longword(unsigned long l)
++static void hput_longword(uint32_t l)
+ {
+ mput_dword(l,tmp_hptr);
+- tmp_hptr+=sizeof(unsigned long);
++ tmp_hptr+=sizeof(uint32_t);
+ }
+
+ /* Calculates and stores the basic header size */
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.c arj-3.10.22/arj_proc.c
+--- arj-3.10.22.orig/arj_proc.c 2005-11-24 02:50:19.000000000 +0200
++++ arj-3.10.22/arj_proc.c 2005-11-24 02:50:31.000000000 +0200
+@@ -585,7 +585,7 @@
+ /* Returns the exact amount of data that could be safely written to the
+ destination volume */
+
+-unsigned long get_volfree(unsigned int increment)
++unsigned long get_volfree(unsigned long increment)
+ {
+ unsigned long pvol;
+ unsigned int arjsec_overhead;
+@@ -605,7 +605,7 @@
+ remain=volume_limit-ftell(aostream)-pvol-(long)arjsec_overhead-
+ (long)out_bytes-(long)cpos-(long)ext_voldata-
+ MULTIVOLUME_RESERVE-t_volume_offset;
+- return((unsigned long)min(remain, (unsigned long)increment));
++ return((unsigned long)min(remain, increment));
+ }
+
+ /* Performs various checks when multivolume data is packed to predict an
+@@ -2466,14 +2466,14 @@
+ *tsptr='\0';
+ endptr=tsptr;
+ tsptr=sptr;
+- while((unsigned int)tsptr<(unsigned int)endptr&&patterns<SEARCH_STR_MAX)
++ while((intptr_t)tsptr<(intptr_t)endptr&&patterns<SEARCH_STR_MAX)
+ {
+ while(*tsptr=='\0')
+ tsptr++;
+- if((unsigned int)tsptr<(unsigned int)endptr)
++ if((intptr_t)tsptr<(intptr_t)endptr)
+ {
+ search_str[patterns++]=tsptr;
+- while(*tsptr!='\0'&&(unsigned int)tsptr<(unsigned int)endptr)
++ while(*tsptr!='\0'&&(intptr_t)tsptr<(intptr_t)endptr)
+ tsptr++;
+ }
+ }
+@@ -2901,9 +2901,9 @@
+ #if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
+ /* Model-independent routine to get 2 bytes from far RAM */
+
+-unsigned int mget_word(char FAR *p)
++uint16_t mget_word(char FAR *p)
+ {
+- unsigned int b0, b1;
++ uint16_t b0, b1;
+
+ b0=mget_byte(p);
+ b1=mget_byte(p+1);
+@@ -2912,9 +2912,9 @@
+
+ /* Model-independent routine to get 4 bytes from far RAM */
+
+-unsigned long mget_dword(char FAR *p)
++uint32_t mget_dword(char FAR *p)
+ {
+- unsigned long w0, w1;
++ uint32_t w0, w1;
+
+ w0=mget_word(p);
+ w1=mget_word(p+2);
+@@ -2923,7 +2923,7 @@
+
+ /* Model-independent routine to store 2 bytes in far RAM */
+
+-void mput_word(unsigned int w, char FAR *p)
++void mput_word(uint16_t w, char FAR *p)
+ {
+ mput_byte(w&0xFF, p);
+ mput_byte(w>>8 , p+1);
+@@ -2931,7 +2931,7 @@
+
+ /* Model-independent routine to store 4 bytes in far RAM */
+
+-void mput_dword(unsigned long d, char FAR *p)
++void mput_dword(uint32_t d, char FAR *p)
+ {
+ mput_word(d&0xFFFF, p);
+ mput_word(d>>16 , p+2);
+diff -Naur -x .svn -x CVS arj-3.10.22.orig/arj_proc.h arj-3.10.22/arj_proc.h
+--- arj-3.10.22.orig/arj_proc.h 2005-11-24 02:50:19.000000000 +0200
++++ arj-3.10.22/arj_proc.h 2005-11-24 03:17:25.000000000 +0200
+@@ -8,15 +8,17 @@
+ #ifndef ARJ_PROC_INCLUDED
+ #define ARJ_PROC_INCLUDED
+
++#include <stdint.h>
++
+ /* Helper macros */
+
+-#define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
+-#define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
++#define mget_byte(p) (*(uint8_t FAR *)(p)&0xFF)
++#define mput_byte(c, p) *(uint8_t FAR *)(p)=(uint8_t)(c)
+ #if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
+-#define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
+-#define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
+-#define mget_dword(p) (*(unsigned long *)(p))
+-#define mput_dword(w,p) (*(unsigned long *)(p)=(unsigned long)(w))
++#define mget_word(p) (*(uint16_t *)(p)&0xFFFF)
++#define mput_word(w,p) (*(uint16_t *)(p)=(uint16_t)(w))
++#define mget_dword(p) (*(uint32_t *)(p))
++#define mput_dword(w,p) (*(uint32_t *)(p)=(uint32_t)(w))
+ #endif
+
+ /* Prototypes */
+@@ -31,7 +33,7 @@
+ int translate_path(char *name);
+ void restart_proc(char *dest);
+ int search_for_extension(char *name, char *ext_list);
+-unsigned long get_volfree(unsigned int increment);
++unsigned long get_volfree(unsigned long increment);
+ unsigned int check_multivolume(unsigned int increment);
+ void store();
+ void hollow_encode();
+@@ -61,10 +63,10 @@
+ void strip_lf(char *str);
+ char *ltrim(char *str);
+ #if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
+-unsigned int mget_word(char FAR *p);
+-unsigned long mget_dword(char FAR *p);
+-void mput_word(unsigned int w, char FAR *p);
+-void mput_dword(unsigned long d, char FAR *p);
++uint16_t mget_word(char FAR *p);
++uint32_t mget_dword(char FAR *p);
++void mput_word(uint16_t w, char FAR *p);
++void mput_dword(uint32_t d, char FAR *p);
+ #endif
+
+ #endif
Deleted: CVE-2015-0556-symlink-traversal.patch
===================================================================
--- CVE-2015-0556-symlink-traversal.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ CVE-2015-0556-symlink-traversal.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,85 +0,0 @@
-Description: Fix symlink directory traversal.
- Do not allow symlinks that traverse the current directoru, nor absolute
- symlinks.
- .
- Fixes CVE-2015-0556.
-Author: Guillem Jover <guillem at debian.org>
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/774434
-Forwarded: no
-Last-Update: 2015-03-28
-
----
- uxspec.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 54 insertions(+)
-
---- a/uxspec.c
-+++ b/uxspec.c
-@@ -120,6 +120,58 @@ int query_uxspecial(char FAR **dest, cha
- }
- #endif
-
-+#if TARGET==UNIX
-+static int is_link_traversal(const char *name)
-+{
-+ enum {
-+ STATE_NONE,
-+ STATE_DOTS,
-+ STATE_NAME,
-+ } state = STATE_NONE;
-+ int ndir = 0;
-+ int dots = 0;
-+
-+ while(*name) {
-+ int c = *name++;
-+
-+ if (c == '/')
-+ {
-+ if ((state == STATE_DOTS) && (dots == 2))
-+ ndir--;
-+ if (ndir < 0)
-+ return 1;
-+ if ((state == STATE_DOTS && dots == 1) && ndir == 0)
-+ return 1;
-+ if (state == STATE_NONE && ndir == 0)
-+ return 1;
-+ if ((state == STATE_DOTS) && (dots > 2))
-+ ndir++;
-+ state = STATE_NONE;
-+ dots = 0;
-+ }
-+ else if (c == '.')
-+ {
-+ if (state == STATE_NONE)
-+ state = STATE_DOTS;
-+ dots++;
-+ }
-+ else
-+ {
-+ if (state == STATE_NONE)
-+ ndir++;
-+ state = STATE_NAME;
-+ }
-+ }
-+
-+ if ((state == STATE_DOTS) && (dots == 2))
-+ ndir--;
-+ if ((state == STATE_DOTS) && (dots > 2))
-+ ndir++;
-+
-+ return ndir < 0;
-+}
-+#endif
-+
- /* Restores the UNIX special file data */
-
- int set_uxspecial(char FAR *storage, char *name)
-@@ -156,6 +208,8 @@ int set_uxspecial(char FAR *storage, cha
- l=sizeof(tmp_name)-1;
- far_memmove((char FAR *)tmp_name, dptr, l);
- tmp_name[l]='\0';
-+ if (is_link_traversal(tmp_name))
-+ return(UXSPEC_RC_ERROR);
- rc=(id==UXSB_HLNK)?link(tmp_name, name):symlink(tmp_name, name);
- if(!rc)
- return(0);
Copied: arj/repos/community-x86_64/CVE-2015-0556-symlink-traversal.patch (from rev 340418, arj/trunk/CVE-2015-0556-symlink-traversal.patch)
===================================================================
--- CVE-2015-0556-symlink-traversal.patch (rev 0)
+++ CVE-2015-0556-symlink-traversal.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,85 @@
+Description: Fix symlink directory traversal.
+ Do not allow symlinks that traverse the current directoru, nor absolute
+ symlinks.
+ .
+ Fixes CVE-2015-0556.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774434
+Forwarded: no
+Last-Update: 2015-03-28
+
+---
+ uxspec.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 54 insertions(+)
+
+--- a/uxspec.c
++++ b/uxspec.c
+@@ -120,6 +120,58 @@ int query_uxspecial(char FAR **dest, cha
+ }
+ #endif
+
++#if TARGET==UNIX
++static int is_link_traversal(const char *name)
++{
++ enum {
++ STATE_NONE,
++ STATE_DOTS,
++ STATE_NAME,
++ } state = STATE_NONE;
++ int ndir = 0;
++ int dots = 0;
++
++ while(*name) {
++ int c = *name++;
++
++ if (c == '/')
++ {
++ if ((state == STATE_DOTS) && (dots == 2))
++ ndir--;
++ if (ndir < 0)
++ return 1;
++ if ((state == STATE_DOTS && dots == 1) && ndir == 0)
++ return 1;
++ if (state == STATE_NONE && ndir == 0)
++ return 1;
++ if ((state == STATE_DOTS) && (dots > 2))
++ ndir++;
++ state = STATE_NONE;
++ dots = 0;
++ }
++ else if (c == '.')
++ {
++ if (state == STATE_NONE)
++ state = STATE_DOTS;
++ dots++;
++ }
++ else
++ {
++ if (state == STATE_NONE)
++ ndir++;
++ state = STATE_NAME;
++ }
++ }
++
++ if ((state == STATE_DOTS) && (dots == 2))
++ ndir--;
++ if ((state == STATE_DOTS) && (dots > 2))
++ ndir++;
++
++ return ndir < 0;
++}
++#endif
++
+ /* Restores the UNIX special file data */
+
+ int set_uxspecial(char FAR *storage, char *name)
+@@ -156,6 +208,8 @@ int set_uxspecial(char FAR *storage, cha
+ l=sizeof(tmp_name)-1;
+ far_memmove((char FAR *)tmp_name, dptr, l);
+ tmp_name[l]='\0';
++ if (is_link_traversal(tmp_name))
++ return(UXSPEC_RC_ERROR);
+ rc=(id==UXSB_HLNK)?link(tmp_name, name):symlink(tmp_name, name);
+ if(!rc)
+ return(0);
Deleted: CVE-2015-0557-dir-traversal.patch
===================================================================
--- CVE-2015-0557-dir-traversal.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ CVE-2015-0557-dir-traversal.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,33 +0,0 @@
-Description: Fix absolute path traversals.
- Catch multiple leading slashes when checking for absolute path traversals.
- .
- Fixes CVE-2015-0557.
-Author: Guillem Jover <guillem at debian.org>
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/774435
-Forwarded: no
-Last-Update: 2015-02-26
-
----
- environ.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/environ.c
-+++ b/environ.c
-@@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
- if(action!=VALIDATE_DRIVESPEC)
- {
- #endif
-+ while (name[0]!='\0'&&
-+ (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
- if(name[0]=='.')
- {
- if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
-@@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
- }
- if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
- name++; /* "\\" - revert to root */
-+ }
- #if SFX_LEVEL>=ARJSFXV
- }
- }
Copied: arj/repos/community-x86_64/CVE-2015-0557-dir-traversal.patch (from rev 340418, arj/trunk/CVE-2015-0557-dir-traversal.patch)
===================================================================
--- CVE-2015-0557-dir-traversal.patch (rev 0)
+++ CVE-2015-0557-dir-traversal.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,33 @@
+Description: Fix absolute path traversals.
+ Catch multiple leading slashes when checking for absolute path traversals.
+ .
+ Fixes CVE-2015-0557.
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774435
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ environ.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+--- a/environ.c
++++ b/environ.c
+@@ -1087,6 +1087,8 @@ static char *validate_path(char *name)
+ if(action!=VALIDATE_DRIVESPEC)
+ {
+ #endif
++ while (name[0]!='\0'&&
++ (name[0]=='.'||name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)) {
+ if(name[0]=='.')
+ {
+ if(name[1]=='.'&&(name[2]==PATHSEP_DEFAULT||name[2]==PATHSEP_UNIX))
+@@ -1096,6 +1098,7 @@ static char *validate_path(char *name)
+ }
+ if(name[0]==PATHSEP_DEFAULT||name[0]==PATHSEP_UNIX)
+ name++; /* "\\" - revert to root */
++ }
+ #if SFX_LEVEL>=ARJSFXV
+ }
+ }
Deleted: CVE-2015-2782-buffer-overflow.patch
===================================================================
--- CVE-2015-2782-buffer-overflow.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ CVE-2015-2782-buffer-overflow.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,35 +0,0 @@
-Description: Fix buffer overflow causing an invalid pointer free().
-Author: Guillem Jover <guillem at debian.org>
-Origin: vendor
-Bug-Debian: https://bugs.debian.org/774015
-Forwarded: no
-Last-Update: 2015-02-26
-
----
- decode.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
---- a/decode.c
-+++ b/decode.c
-@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
- if(i==i_special)
- {
- c=getbits(2);
-- while(--c>=0)
-+ while(--c>=0&&i<nn)
- pt_len[i++]=0;
- }
- }
-@@ -314,10 +314,10 @@ void read_c_len()
- c=getbits(CBIT);
- c+=20;
- }
-- while(--c>=0)
-+ while(--c>=0&&i<NC)
- c_len[i++]=0;
- }
-- else
-+ else if (i<NC)
- c_len[i++]=(unsigned char)(c-2);
- }
- while(i<NC)
Copied: arj/repos/community-x86_64/CVE-2015-2782-buffer-overflow.patch (from rev 340418, arj/trunk/CVE-2015-2782-buffer-overflow.patch)
===================================================================
--- CVE-2015-2782-buffer-overflow.patch (rev 0)
+++ CVE-2015-2782-buffer-overflow.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,35 @@
+Description: Fix buffer overflow causing an invalid pointer free().
+Author: Guillem Jover <guillem at debian.org>
+Origin: vendor
+Bug-Debian: https://bugs.debian.org/774015
+Forwarded: no
+Last-Update: 2015-02-26
+
+---
+ decode.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/decode.c
++++ b/decode.c
+@@ -255,7 +255,7 @@ void read_pt_len(int nn, int nbit, int i
+ if(i==i_special)
+ {
+ c=getbits(2);
+- while(--c>=0)
++ while(--c>=0&&i<nn)
+ pt_len[i++]=0;
+ }
+ }
+@@ -314,10 +314,10 @@ void read_c_len()
+ c=getbits(CBIT);
+ c+=20;
+ }
+- while(--c>=0)
++ while(--c>=0&&i<NC)
+ c_len[i++]=0;
+ }
+- else
++ else if (i<NC)
+ c_len[i++]=(unsigned char)(c-2);
+ }
+ while(i<NC)
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2018-06-04 18:40:55 UTC (rev 340418)
+++ PKGBUILD 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,70 +0,0 @@
-# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
-# Contributor: Alexander F Rødseth <xyproto at archlinux.org>
-# Contributor: Travis Willard <travisw at wmpub.ca>
-# Contributor: Gergely Tamas <dice at mfa.kfki.hu>
-
-pkgname=arj
-pkgver=3.10.22
-pkgrel=11
-pkgdesc='Free and portable clone of the ARJ archiver'
-url='http://arj.sourceforge.net/'
-arch=('x86_64' 'i686')
-license=('GPL')
-depends=('glibc')
-options=('!makeflags')
-source=(${pkgname}-${pkgver}.tar.gz::http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
- arches_align.patch
- no_remove_static_const.patch
- 64_bit_clean.patch
- custom-printf.patch
- security_format.patch
- use_safe_strcpy.patch
- CVE-2015-0556-symlink-traversal.patch
- CVE-2015-0557-dir-traversal.patch
- CVE-2015-2782-buffer-overflow.patch)
-sha512sums=('4730dfdbab4f8095396c337578ed69bdaae52955ad468db50b52af8ad2846ecd6cfc05eb3ac0d03838c1c32ea60126f14a22b93e8181c06b9546456f3937ff76'
- '166b027adc6b0ffab02d96cd6ede70dc7d2f1f33ef21177c97dd43fdf1ca235a0a8f70e963d749dfb04c5c55ffe42a8601d8df97d84824118b408d00ca6eeb7c'
- '580e9bd4b37f9bf76784331f4e55abc30349cdd1735fd05897226137e78f0e420c6dcb287fcb111ac667b9f41c16e53b70cde50bce913eb85567afa05957c29a'
- 'c6600b74af7e3ba982fa8471a19c9ca7d4652d5de871809edb4124e405a33b623eb10abc4fff00e578dc0144e955b9aaaaecac06c66f9923b005635cf00f9a06'
- 'b1739a5cf75bb4036e41dd071fd4452e8d58805c539147d61594c14f959370a523939bd73de29473ea79f023ef759cec2feff497d5ded777919dd289dae8f769'
- '82611c25aadb4dc73284a6ad5c47fdfc708ebb4f92271bfcc8a6ca5855bc3582ac77b32ac0e94294f1158e41a7292637feabee043dfb2c0000193136fb288e56'
- 'f72101f5fb9828afcf1851980ec1fa71d91942b2617b9182bbb92ca3d82069bee898436be9105b4a0445a6a0707c311b569f59397bc9ea29c9a98b7c088dd50c'
- 'c74003d2a4631adcd4b9bdb38830ed373e63da021c29f682e3e6faf032100f8963c544e0aeaa277220c02f24f72ceecc4b0ef96b03de2f113ccf7ff4471a4ca4'
- 'd7c23ebacf19df5b49a18ec259aa12cf7671105c609098fe344400639cb851fe5df769c3cf64922d86998d717b7ab9b42f831aeedd1dc0763080cf8d34c523c5'
- '1acabf5fdbdc48c88ef4ecfdacd116f0d64315fb51fa08f36ba8a02c0e05bb79f82b82ac09039e8027d651d115275ff4f0d72302657730fa91eb0cbaecf15e08')
-
-prepare() {
- cd ${pkgname}-${pkgver}
-
- patch -p1 < "${srcdir}/arches_align.patch"
- patch -p1 < "${srcdir}/no_remove_static_const.patch"
- patch -p1 < "${srcdir}/64_bit_clean.patch"
- patch -p1 < "${srcdir}/custom-printf.patch"
- patch -p1 < "${srcdir}/CVE-2015-0556-symlink-traversal.patch"
- patch -p1 < "${srcdir}/CVE-2015-0557-dir-traversal.patch"
- patch -p1 < "${srcdir}/CVE-2015-2782-buffer-overflow.patch"
- patch -p1 < "${srcdir}/security_format.patch"
- patch -p1 < "${srcdir}/use_safe_strcpy.patch"
-
- cd gnu
- aclocal
- autoconf
- rm -f config.{guess,sub}
- cp /usr/share/automake-"$(automake --version|head -n1|sed -r 's/.*\) (.*)/\1/')"/config.{guess,sub} .
-}
-
-build() {
- cd ${pkgname}-${pkgver}
- (cd gnu
- ./configure --prefix=/usr
- )
- make prepare
- make
-}
-
-package() {
- cd ${pkgname}-${pkgver}
- make DESTDIR="${pkgdir}" install
-}
-
-# vim: ts=2 sw=2 et:
Copied: arj/repos/community-x86_64/PKGBUILD (from rev 340418, arj/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,71 @@
+# Maintainer: Levente Polyak <anthraxx[at]archlinux[dot]org>
+# Contributor: Alexander F Rødseth <xyproto at archlinux.org>
+# Contributor: Travis Willard <travisw at wmpub.ca>
+# Contributor: Gergely Tamas <dice at mfa.kfki.hu>
+
+pkgname=arj
+pkgver=3.10.22
+pkgrel=12
+pkgdesc='Free and portable clone of the ARJ archiver'
+url='http://arj.sourceforge.net/'
+arch=('x86_64')
+license=('GPL')
+depends=('glibc')
+options=('!makeflags')
+source=(${pkgname}-${pkgver}.tar.gz::http://downloads.sourceforge.net/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ arches_align.patch
+ no_remove_static_const.patch
+ 64_bit_clean.patch
+ custom-printf.patch
+ security_format.patch
+ use_safe_strcpy.patch
+ CVE-2015-0556-symlink-traversal.patch
+ CVE-2015-0557-dir-traversal.patch
+ CVE-2015-2782-buffer-overflow.patch)
+sha512sums=('4730dfdbab4f8095396c337578ed69bdaae52955ad468db50b52af8ad2846ecd6cfc05eb3ac0d03838c1c32ea60126f14a22b93e8181c06b9546456f3937ff76'
+ '166b027adc6b0ffab02d96cd6ede70dc7d2f1f33ef21177c97dd43fdf1ca235a0a8f70e963d749dfb04c5c55ffe42a8601d8df97d84824118b408d00ca6eeb7c'
+ '580e9bd4b37f9bf76784331f4e55abc30349cdd1735fd05897226137e78f0e420c6dcb287fcb111ac667b9f41c16e53b70cde50bce913eb85567afa05957c29a'
+ 'c6600b74af7e3ba982fa8471a19c9ca7d4652d5de871809edb4124e405a33b623eb10abc4fff00e578dc0144e955b9aaaaecac06c66f9923b005635cf00f9a06'
+ 'b1739a5cf75bb4036e41dd071fd4452e8d58805c539147d61594c14f959370a523939bd73de29473ea79f023ef759cec2feff497d5ded777919dd289dae8f769'
+ '82611c25aadb4dc73284a6ad5c47fdfc708ebb4f92271bfcc8a6ca5855bc3582ac77b32ac0e94294f1158e41a7292637feabee043dfb2c0000193136fb288e56'
+ 'f72101f5fb9828afcf1851980ec1fa71d91942b2617b9182bbb92ca3d82069bee898436be9105b4a0445a6a0707c311b569f59397bc9ea29c9a98b7c088dd50c'
+ 'c74003d2a4631adcd4b9bdb38830ed373e63da021c29f682e3e6faf032100f8963c544e0aeaa277220c02f24f72ceecc4b0ef96b03de2f113ccf7ff4471a4ca4'
+ 'd7c23ebacf19df5b49a18ec259aa12cf7671105c609098fe344400639cb851fe5df769c3cf64922d86998d717b7ab9b42f831aeedd1dc0763080cf8d34c523c5'
+ '1acabf5fdbdc48c88ef4ecfdacd116f0d64315fb51fa08f36ba8a02c0e05bb79f82b82ac09039e8027d651d115275ff4f0d72302657730fa91eb0cbaecf15e08')
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+
+ patch -p1 < "${srcdir}/arches_align.patch"
+ patch -p1 < "${srcdir}/no_remove_static_const.patch"
+ patch -p1 < "${srcdir}/64_bit_clean.patch"
+ patch -p1 < "${srcdir}/custom-printf.patch"
+ patch -p1 < "${srcdir}/CVE-2015-0556-symlink-traversal.patch"
+ patch -p1 < "${srcdir}/CVE-2015-0557-dir-traversal.patch"
+ patch -p1 < "${srcdir}/CVE-2015-2782-buffer-overflow.patch"
+ patch -p1 < "${srcdir}/security_format.patch"
+ patch -p1 < "${srcdir}/use_safe_strcpy.patch"
+
+ cd gnu
+ aclocal
+ autoconf
+ rm -f config.{guess,sub}
+# cp /usr/share/automake-"$(automake --version|head -n1|sed -r 's/.*\) (.*)/\1/')"/config.{guess,sub} .
+ cp /usr/share/automake-*/config.{guess,sub} .
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ (cd gnu
+ ./configure --prefix=/usr
+ )
+ make prepare
+ make
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+}
+
+# vim: ts=2 sw=2 et:
Deleted: arches_align.patch
===================================================================
--- arches_align.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ arches_align.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,34 +0,0 @@
-#DPATCHLEVEL=1
-diff -Naur arj-3.10.19.orig/arj_proc.c arj-3.10.19/arj_proc.c
---- arj-3.10.19.orig/arj_proc.c 2004-02-20 14:18:52.000000000 +0100
-+++ arj-3.10.22/arj_proc.c 2004-04-08 14:06:58.000000000 +0200
-@@ -2898,7 +2898,7 @@
- }
- #endif
-
--#if defined(WORDS_BIGENDIAN)&&!defined(ARJDISP)&&!defined(REGISTER)
-+#if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
- /* Model-independent routine to get 2 bytes from far RAM */
-
- unsigned int mget_word(char FAR *p)
-diff -Naur arj-3.10.19.orig/arj_proc.h arj-3.10.19/arj_proc.h
---- arj-3.10.19.orig/arj_proc.h 2004-01-25 01:40:00.000000000 +0100
-+++ arj-3.10.22/arj_proc.h 2004-04-08 14:07:18.000000000 +0200
-@@ -12,7 +12,7 @@
-
- #define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
- #define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
--#ifndef WORDS_BIGENDIAN
-+#if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
- #define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
- #define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
- #define mget_dword(p) (*(unsigned long *)(p))
-@@ -60,7 +60,7 @@
- void unpack_mem(struct mempack *mempack);
- void strip_lf(char *str);
- char *ltrim(char *str);
--#ifdef WORDS_BIGENDIAN
-+#if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
- unsigned int mget_word(char FAR *p);
- unsigned long mget_dword(char FAR *p);
- void mput_word(unsigned int w, char FAR *p);
Copied: arj/repos/community-x86_64/arches_align.patch (from rev 340418, arj/trunk/arches_align.patch)
===================================================================
--- arches_align.patch (rev 0)
+++ arches_align.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,34 @@
+#DPATCHLEVEL=1
+diff -Naur arj-3.10.19.orig/arj_proc.c arj-3.10.19/arj_proc.c
+--- arj-3.10.19.orig/arj_proc.c 2004-02-20 14:18:52.000000000 +0100
++++ arj-3.10.22/arj_proc.c 2004-04-08 14:06:58.000000000 +0200
+@@ -2898,7 +2898,7 @@
+ }
+ #endif
+
+-#if defined(WORDS_BIGENDIAN)&&!defined(ARJDISP)&&!defined(REGISTER)
++#if (defined(WORDS_BIGENDIAN) || defined(ALIGN_POINTERS)) && !defined(ARJDISP) && !defined(REGISTER)
+ /* Model-independent routine to get 2 bytes from far RAM */
+
+ unsigned int mget_word(char FAR *p)
+diff -Naur arj-3.10.19.orig/arj_proc.h arj-3.10.19/arj_proc.h
+--- arj-3.10.19.orig/arj_proc.h 2004-01-25 01:40:00.000000000 +0100
++++ arj-3.10.22/arj_proc.h 2004-04-08 14:07:18.000000000 +0200
+@@ -12,7 +12,7 @@
+
+ #define mget_byte(p) (*(unsigned char FAR *)(p)&0xFF)
+ #define mput_byte(c, p) *(unsigned char FAR *)(p)=(unsigned char)(c)
+-#ifndef WORDS_BIGENDIAN
++#if !defined(ALIGN_POINTERS) && !defined(WORDS_BIGENDIAN)
+ #define mget_word(p) (*(unsigned short *)(p)&0xFFFF)
+ #define mput_word(w,p) (*(unsigned short *)(p)=(unsigned short)(w))
+ #define mget_dword(p) (*(unsigned long *)(p))
+@@ -60,7 +60,7 @@
+ void unpack_mem(struct mempack *mempack);
+ void strip_lf(char *str);
+ char *ltrim(char *str);
+-#ifdef WORDS_BIGENDIAN
++#if defined(ALIGN_POINTERS) || defined(WORDS_BIGENDIAN)
+ unsigned int mget_word(char FAR *p);
+ unsigned long mget_dword(char FAR *p);
+ void mput_word(unsigned int w, char FAR *p);
Deleted: custom-printf.patch
===================================================================
--- custom-printf.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ custom-printf.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,15 +0,0 @@
-Patch by Lubomir Rintel <lkundrak at v3.sk> for arj >= 3.10.22, which disables
-the custom printf to avoid conflicting strnlen definition with the glibc
-headers. By using custom printf (as in the past), we're completely loosing
-all the _FORTIFY_SOURCE printf protections.
-
---- arj-3.10.22/fardata.c 2004-04-17 13:39:42.000000000 +0200
-+++ arj-3.10.22/fardata.c.printf 2009-04-18 16:23:52.000000000 +0200
-@@ -13,7 +13,6 @@
- /* ASR fix 02/05/2003: need that regardless of COLOR_OUTPUT to support -jp
- correctly */
- #if SFX_LEVEL>=ARJ
-- #define CUSTOM_PRINTF
- #define CHUNK_SIZE 512 /* Size of the output block */
- #define CHUNK_THRESHOLD (CHUNK_SIZE-256) /* Safety bound */
- #endif
Copied: arj/repos/community-x86_64/custom-printf.patch (from rev 340418, arj/trunk/custom-printf.patch)
===================================================================
--- custom-printf.patch (rev 0)
+++ custom-printf.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,15 @@
+Patch by Lubomir Rintel <lkundrak at v3.sk> for arj >= 3.10.22, which disables
+the custom printf to avoid conflicting strnlen definition with the glibc
+headers. By using custom printf (as in the past), we're completely loosing
+all the _FORTIFY_SOURCE printf protections.
+
+--- arj-3.10.22/fardata.c 2004-04-17 13:39:42.000000000 +0200
++++ arj-3.10.22/fardata.c.printf 2009-04-18 16:23:52.000000000 +0200
+@@ -13,7 +13,6 @@
+ /* ASR fix 02/05/2003: need that regardless of COLOR_OUTPUT to support -jp
+ correctly */
+ #if SFX_LEVEL>=ARJ
+- #define CUSTOM_PRINTF
+ #define CHUNK_SIZE 512 /* Size of the output block */
+ #define CHUNK_THRESHOLD (CHUNK_SIZE-256) /* Safety bound */
+ #endif
Deleted: no_remove_static_const.patch
===================================================================
--- no_remove_static_const.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ no_remove_static_const.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,20 +0,0 @@
-#DPATCHLEVEL=1
-diff -Naur arj-3.10.22.orig/gnu/makefile.in arj-3.10.22/gnu/makefile.in
---- arj-3.10.22.orig/gnu/makefile.in 2004-04-17 14:28:06.000000000 +0300
-+++ arj-3.10.22/gnu/makefile.in 2005-08-04 21:50:24.000000000 +0300
-@@ -192,6 +192,15 @@
- dispose:
-
- #
-+# XXX: Do not use -O2, it removes the static const variable with gcc 4.x
-+#
-+
-+INTEGR_DIRS = $(ARJ_DIR) $(REARJ_DIR) $(ARJCRYPT_DIR) $(REGISTER_DIR)
-+
-+$(patsubst %,%/integr.o, $(INTEGR_DIRS)): $(SRC_DIR)/integr.c
-+ $(CC) -Wall -g -c -o$@ $<
-+
-+#
- # The tools
- #
-
Copied: arj/repos/community-x86_64/no_remove_static_const.patch (from rev 340418, arj/trunk/no_remove_static_const.patch)
===================================================================
--- no_remove_static_const.patch (rev 0)
+++ no_remove_static_const.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,20 @@
+#DPATCHLEVEL=1
+diff -Naur arj-3.10.22.orig/gnu/makefile.in arj-3.10.22/gnu/makefile.in
+--- arj-3.10.22.orig/gnu/makefile.in 2004-04-17 14:28:06.000000000 +0300
++++ arj-3.10.22/gnu/makefile.in 2005-08-04 21:50:24.000000000 +0300
+@@ -192,6 +192,15 @@
+ dispose:
+
+ #
++# XXX: Do not use -O2, it removes the static const variable with gcc 4.x
++#
++
++INTEGR_DIRS = $(ARJ_DIR) $(REARJ_DIR) $(ARJCRYPT_DIR) $(REGISTER_DIR)
++
++$(patsubst %,%/integr.o, $(INTEGR_DIRS)): $(SRC_DIR)/integr.c
++ $(CC) -Wall -g -c -o$@ $<
++
++#
+ # The tools
+ #
+
Deleted: security_format.patch
===================================================================
--- security_format.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ security_format.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,305 +0,0 @@
-Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, which
-fixes format security errors.
-
----
- arj_arcv.c | 12 ++++++------
- arj_user.c | 8 ++++----
- arjdisp.c | 58 ++++++++++++++++++++++++++++------------------------------
- arjsfx.c | 2 +-
- fardata.c | 10 +++++-----
- rearj.c | 2 +-
- register.c | 2 +-
- 7 files changed, 46 insertions(+), 48 deletions(-)
-
---- a/fardata.c
-+++ b/fardata.c
-@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
- /* Check if the message could have a standard error code */
- if(errno!=0&&is_std_error(errmsg))
- {
-- msg_cprintf(0, lf);
-+ msg_cprintf(0, "\n");
- error_report();
- }
- #endif
-@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
- {
- #if SFX_LEVEL>=ARJSFXV
- fprintf(new_stdout, strform, n_text);
-- fprintf(new_stdout, lf);
-+ fprintf(new_stdout, "\n");
- #else
- printf(strform, n_text);
-- printf(lf);
-+ printf("\n");
- #endif
- }
- else
-@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
- #ifdef NEED_CRLF
- scr_out("\r");
- #endif
-- scr_out(lf);
-+ scr_out("\n");
- }
- if(!no_colors)
- textcolor(color_table[ccode&H_COLORMASK].color);
- #else
- printf(strform, n_text);
-- printf(lf);
-+ printf("\n");
- #endif
- n_text=t_text+1;
- #if SFX_LEVEL>=ARJ
---- a/arj_user.c
-+++ b/arj_user.c
-@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
- if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
- {
- msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
-- printf(lf);
-+ printf("\n");
- }
- else
- {
-@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
- if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
- {
- msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
-- printf(lf);
-+ printf("\n");
- }
- else
- {
-@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
- msg_cprintf(0, M_CHAPTERS_ON);
- else if(chapter_mode==CHAP_REMOVE)
- msg_cprintf(0, M_CHAPTERS_OFF);
-- msg_cprintf(0, strform, lf);
-+ msg_cprintf(0, strform, "\n");
- }
- if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
- msg_cprintf(0, M_ARJPROT_DISABLED);
-@@ -2303,7 +2303,7 @@ void process_archive()
- timestamp_to_str(timetext, &ftime_stamp);
- msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
- if(show_ansi_comments)
-- printf(cmt_ptr);
-+ fputs(cmt_ptr, stdout);
- else
- display_comment(cmt_ptr);
- /* The sfx_setup() occurs here */
---- a/arj_arcv.c
-+++ b/arj_arcv.c
-@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
- else
- {
- strcat(tmp_comment, tmp_cmtline);
-- strcat(tmp_comment, lf);
-+ strcat(tmp_comment, "\n");
- }
- }
- else
- {
- strcat(tmp_comment, tmp_cmtline);
-- strcat(tmp_comment, lf);
-+ strcat(tmp_comment, "\n");
- }
- }
- }
-@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
- raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
- uxspecial_stats(raw_eh, UXSTATS_SHORT);
- }
-- msg_cprintf(0, lf);
-+ msg_cprintf(0, "\n");
- }
- if(err_id==0&&user_wants_fail)
- {
-@@ -2523,9 +2523,9 @@ int unpack_validation()
- {
- msg_cprintf(0, (FMSG *)strform, misc_buf);
- if(search_mode==SEARCH_DEFAULT)
-- msg_cprintf(0, (FMSG *)lf);
-+ msg_cprintf(0, "\n");
- if(search_mode==SEARCH_BRIEF)
-- msg_cprintf(0, (FMSG *)cr);
-+ msg_cprintf(0, "\r");
- }
- for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
- reserve_size=0;
-@@ -3652,7 +3652,7 @@ void archive_cleanup()
- {
- if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
- error(M_DISK_FULL);
-- if(fprintf(idxstream, lf)<0)
-+ if(fprintf(idxstream, "\n")<0)
- error(M_DISK_FULL);
- }
- cmd_verb=ARJ_CMD_TEST;
---- a/arjsfx.c
-+++ b/arjsfx.c
-@@ -214,7 +214,7 @@ static void final_cleanup(void)
- freopen(dev_con, m_w, stdout);
- #if SFX_LEVEL>=ARJSFXV
- if(ferror(stdout))
-- msg_fprintf(stderr, M_DISK_FULL);
-+ msg_fprintf(stderr, "Can't write file. Disk full?");
- if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
- {
- ticks=get_ticks()-ticks;
---- a/rearj.c
-+++ b/rearj.c
-@@ -935,7 +935,7 @@ static int convert_archive(char *name)
- msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
- msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
- msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
-- printf(lf);
-+ printf("\n");
- total_old_fsize+=old_fsize;
- total_new_fsize+=new_fsize;
- total_files++;
---- a/register.c
-+++ b/register.c
-@@ -205,7 +205,7 @@ int main(int argc, char **argv)
- char reg_source[200];
- int i;
-
-- printf(M_REGISTER_BANNER);
-+ fputs(M_REGISTER_BANNER, stdout);
- integrity_pattern[0]--;
- build_crc32_table();
- if(argc!=2)
---- a/arjdisp.c
-+++ b/arjdisp.c
-@@ -20,8 +20,6 @@ static long bytes;
- static long compsize;
- static char cmd_verb;
- static char msg_lf[]="\n";
--char strform[]="%s"; /* Export it for scrnio.c, too
-- (a byte saved is a byte gained) */
-
- /* Pseudographical controls */
-
-@@ -54,19 +52,19 @@ static void show_init_scrn()
- textcolor(7);
- clrscr();
- gotoxy(2, 2);
-- scrprintf(win_top);
-+ fputs(win_top, stdout);
- for(i=3; i<24; i++)
- {
-- gotoxy(2, i); scrprintf(win_border);
-- gotoxy(79, i); scrprintf(win_border);
-+ gotoxy(2, i); fputs(win_border, stdout);
-+ gotoxy(79, i); fputs(win_border, stdout);
- }
-- gotoxy(2, 24); scrprintf(win_bottom);
-+ gotoxy(2, 24); fputs(win_bottom, stdout);
- gotoxy(10, 5);
-- scrprintf(M_ARJDISP_COPYRIGHT);
-+ fputs(M_ARJDISP_COPYRIGHT, stdout);
- gotoxy(10, 6);
-- scrprintf(M_ARJDISP_DISTRIBUTION);
-+ fputs(M_ARJDISP_DISTRIBUTION, stdout);
- gotoxy(10, 7);
-- scrprintf(M_ARJDISP_LICENSE);
-+ fputs(M_ARJDISP_LICENSE, stdout);
- gotoxy(16, 10);
- scrprintf(M_PROCESSING_ARCHIVE, archive_name);
- t=strtok(M_ARJDISP_INFO, msg_lf);
-@@ -74,11 +72,11 @@ static void show_init_scrn()
- while(t!=NULL&&i<=23)
- {
- gotoxy(10, i++);
-- scrprintf(strform, t);
-+ scrprintf("%s", t);
- t=strtok(NULL, msg_lf);
- }
- gotoxy(16, 20);
-- scrprintf(M_PRESS_ANY_KEY);
-+ fputs(M_PRESS_ANY_KEY, stdout);
- uni_getch();
- gotoxy(1, 24);
- }
-@@ -96,19 +94,19 @@ static void show_proc_scrn()
- {
- clrscr();
- gotoxy(2, 2);
-- scrprintf(win_top);
-+ fputs(win_top, stdout);
- for(i=3; i<24; i++)
- {
-- gotoxy(2, i); scrprintf(win_border);
-- gotoxy(79, i); scrprintf(win_border);
-+ gotoxy(2, i); fputs(win_border, stdout);
-+ gotoxy(79, i); fputs(win_border, stdout);
- }
-- gotoxy(2, 24); scrprintf(win_bottom);
-+ gotoxy(2, 24); fputs(win_bottom, stdout);
- gotoxy(10, 5);
-- scrprintf(M_ARJDISP_COPYRIGHT);
-+ fputs(M_ARJDISP_COPYRIGHT, stdout);
- gotoxy(10, 6);
-- scrprintf(M_ARJDISP_DISTRIBUTION);
-+ fputs(M_ARJDISP_DISTRIBUTION, stdout);
- gotoxy(10, 7);
-- scrprintf(M_ARJDISP_LICENSE);
-+ fputs(M_ARJDISP_LICENSE, stdout);
- gotoxy(16, 10);
- scrprintf(M_PROCESSING_ARCHIVE, archive_name);
- gotoxy(16, 12);
-@@ -132,13 +130,13 @@ static void show_proc_scrn()
- break;
- }
- gotoxy(15, 14);
-- scrprintf(ind_top);
-+ fputs(ind_top, stdout);
- gotoxy(15, 15);
-- scrprintf(ind_middle);
-+ fputs(ind_middle, stdout);
- gotoxy(15, 16);
-- scrprintf(ind_bottom);
-+ fputs(ind_bottom, stdout);
- gotoxy(16, 18);
-- scrprintf(M_ARJDISP_CTR_START);
-+ fputs(M_ARJDISP_CTR_START, stdout);
- }
- else
- {
-@@ -146,7 +144,7 @@ static void show_proc_scrn()
- gotoxy(16, 15);
- memset(progress, indo, i);
- progress[i]='\0';
-- scrprintf(progress);
-+ fputs(progress, stdout);
- gotoxy(16, 18);
- scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
- }
-@@ -165,19 +163,19 @@ static void show_ending_scrn()
- textcolor(7);
- clrscr();
- gotoxy(2, 2);
-- scrprintf(win_top);
-+ fputs(win_top, stdout);
- for(i=3; i<24; i++)
- {
-- gotoxy(2, i); scrprintf(win_border);
-- gotoxy(79, i); scrprintf(win_border);
-+ gotoxy(2, i); fputs(win_border, stdout);
-+ gotoxy(79, i); fputs(win_border, stdout);
- }
-- gotoxy(2, 24); scrprintf(win_bottom);
-+ gotoxy(2, 24); fputs(win_bottom, stdout);
- gotoxy(10, 5);
-- scrprintf(M_ARJDISP_COPYRIGHT);
-+ fputs(M_ARJDISP_COPYRIGHT, stdout);
- gotoxy(10, 6);
-- scrprintf(M_ARJDISP_DISTRIBUTION);
-+ fputs(M_ARJDISP_DISTRIBUTION, stdout);
- gotoxy(10, 7);
-- scrprintf(M_ARJDISP_LICENSE);
-+ fputs(M_ARJDISP_LICENSE, stdout);
- gotoxy(16, 10);
- scrprintf(M_FINISHED_PROCESSING, archive_name);
- gotoxy(1, 24);
Copied: arj/repos/community-x86_64/security_format.patch (from rev 340418, arj/trunk/security_format.patch)
===================================================================
--- security_format.patch (rev 0)
+++ security_format.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,305 @@
+Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, which
+fixes format security errors.
+
+---
+ arj_arcv.c | 12 ++++++------
+ arj_user.c | 8 ++++----
+ arjdisp.c | 58 ++++++++++++++++++++++++++++------------------------------
+ arjsfx.c | 2 +-
+ fardata.c | 10 +++++-----
+ rearj.c | 2 +-
+ register.c | 2 +-
+ 7 files changed, 46 insertions(+), 48 deletions(-)
+
+--- a/fardata.c
++++ b/fardata.c
+@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
+ /* Check if the message could have a standard error code */
+ if(errno!=0&&is_std_error(errmsg))
+ {
+- msg_cprintf(0, lf);
++ msg_cprintf(0, "\n");
+ error_report();
+ }
+ #endif
+@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
+ {
+ #if SFX_LEVEL>=ARJSFXV
+ fprintf(new_stdout, strform, n_text);
+- fprintf(new_stdout, lf);
++ fprintf(new_stdout, "\n");
+ #else
+ printf(strform, n_text);
+- printf(lf);
++ printf("\n");
+ #endif
+ }
+ else
+@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
+ #ifdef NEED_CRLF
+ scr_out("\r");
+ #endif
+- scr_out(lf);
++ scr_out("\n");
+ }
+ if(!no_colors)
+ textcolor(color_table[ccode&H_COLORMASK].color);
+ #else
+ printf(strform, n_text);
+- printf(lf);
++ printf("\n");
+ #endif
+ n_text=t_text+1;
+ #if SFX_LEVEL>=ARJ
+--- a/arj_user.c
++++ b/arj_user.c
+@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
+ if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
+ {
+ msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+- printf(lf);
++ printf("\n");
+ }
+ else
+ {
+@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
+ if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
+ {
+ msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
+- printf(lf);
++ printf("\n");
+ }
+ else
+ {
+@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
+ msg_cprintf(0, M_CHAPTERS_ON);
+ else if(chapter_mode==CHAP_REMOVE)
+ msg_cprintf(0, M_CHAPTERS_OFF);
+- msg_cprintf(0, strform, lf);
++ msg_cprintf(0, strform, "\n");
+ }
+ if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
+ msg_cprintf(0, M_ARJPROT_DISABLED);
+@@ -2303,7 +2303,7 @@ void process_archive()
+ timestamp_to_str(timetext, &ftime_stamp);
+ msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
+ if(show_ansi_comments)
+- printf(cmt_ptr);
++ fputs(cmt_ptr, stdout);
+ else
+ display_comment(cmt_ptr);
+ /* The sfx_setup() occurs here */
+--- a/arj_arcv.c
++++ b/arj_arcv.c
+@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
+ else
+ {
+ strcat(tmp_comment, tmp_cmtline);
+- strcat(tmp_comment, lf);
++ strcat(tmp_comment, "\n");
+ }
+ }
+ else
+ {
+ strcat(tmp_comment, tmp_cmtline);
+- strcat(tmp_comment, lf);
++ strcat(tmp_comment, "\n");
+ }
+ }
+ }
+@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
+ raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
+ uxspecial_stats(raw_eh, UXSTATS_SHORT);
+ }
+- msg_cprintf(0, lf);
++ msg_cprintf(0, "\n");
+ }
+ if(err_id==0&&user_wants_fail)
+ {
+@@ -2523,9 +2523,9 @@ int unpack_validation()
+ {
+ msg_cprintf(0, (FMSG *)strform, misc_buf);
+ if(search_mode==SEARCH_DEFAULT)
+- msg_cprintf(0, (FMSG *)lf);
++ msg_cprintf(0, "\n");
+ if(search_mode==SEARCH_BRIEF)
+- msg_cprintf(0, (FMSG *)cr);
++ msg_cprintf(0, "\r");
+ }
+ for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
+ reserve_size=0;
+@@ -3652,7 +3652,7 @@ void archive_cleanup()
+ {
+ if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
+ error(M_DISK_FULL);
+- if(fprintf(idxstream, lf)<0)
++ if(fprintf(idxstream, "\n")<0)
+ error(M_DISK_FULL);
+ }
+ cmd_verb=ARJ_CMD_TEST;
+--- a/arjsfx.c
++++ b/arjsfx.c
+@@ -214,7 +214,7 @@ static void final_cleanup(void)
+ freopen(dev_con, m_w, stdout);
+ #if SFX_LEVEL>=ARJSFXV
+ if(ferror(stdout))
+- msg_fprintf(stderr, M_DISK_FULL);
++ msg_fprintf(stderr, "Can't write file. Disk full?");
+ if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
+ {
+ ticks=get_ticks()-ticks;
+--- a/rearj.c
++++ b/rearj.c
+@@ -935,7 +935,7 @@ static int convert_archive(char *name)
+ msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
+ msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
+ msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
+- printf(lf);
++ printf("\n");
+ total_old_fsize+=old_fsize;
+ total_new_fsize+=new_fsize;
+ total_files++;
+--- a/register.c
++++ b/register.c
+@@ -205,7 +205,7 @@ int main(int argc, char **argv)
+ char reg_source[200];
+ int i;
+
+- printf(M_REGISTER_BANNER);
++ fputs(M_REGISTER_BANNER, stdout);
+ integrity_pattern[0]--;
+ build_crc32_table();
+ if(argc!=2)
+--- a/arjdisp.c
++++ b/arjdisp.c
+@@ -20,8 +20,6 @@ static long bytes;
+ static long compsize;
+ static char cmd_verb;
+ static char msg_lf[]="\n";
+-char strform[]="%s"; /* Export it for scrnio.c, too
+- (a byte saved is a byte gained) */
+
+ /* Pseudographical controls */
+
+@@ -54,19 +52,19 @@ static void show_init_scrn()
+ textcolor(7);
+ clrscr();
+ gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+ for(i=3; i<24; i++)
+ {
+- gotoxy(2, i); scrprintf(win_border);
+- gotoxy(79, i); scrprintf(win_border);
++ gotoxy(2, i); fputs(win_border, stdout);
++ gotoxy(79, i); fputs(win_border, stdout);
+ }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+ gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+ gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+ gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+ gotoxy(16, 10);
+ scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+ t=strtok(M_ARJDISP_INFO, msg_lf);
+@@ -74,11 +72,11 @@ static void show_init_scrn()
+ while(t!=NULL&&i<=23)
+ {
+ gotoxy(10, i++);
+- scrprintf(strform, t);
++ scrprintf("%s", t);
+ t=strtok(NULL, msg_lf);
+ }
+ gotoxy(16, 20);
+- scrprintf(M_PRESS_ANY_KEY);
++ fputs(M_PRESS_ANY_KEY, stdout);
+ uni_getch();
+ gotoxy(1, 24);
+ }
+@@ -96,19 +94,19 @@ static void show_proc_scrn()
+ {
+ clrscr();
+ gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+ for(i=3; i<24; i++)
+ {
+- gotoxy(2, i); scrprintf(win_border);
+- gotoxy(79, i); scrprintf(win_border);
++ gotoxy(2, i); fputs(win_border, stdout);
++ gotoxy(79, i); fputs(win_border, stdout);
+ }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+ gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+ gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+ gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+ gotoxy(16, 10);
+ scrprintf(M_PROCESSING_ARCHIVE, archive_name);
+ gotoxy(16, 12);
+@@ -132,13 +130,13 @@ static void show_proc_scrn()
+ break;
+ }
+ gotoxy(15, 14);
+- scrprintf(ind_top);
++ fputs(ind_top, stdout);
+ gotoxy(15, 15);
+- scrprintf(ind_middle);
++ fputs(ind_middle, stdout);
+ gotoxy(15, 16);
+- scrprintf(ind_bottom);
++ fputs(ind_bottom, stdout);
+ gotoxy(16, 18);
+- scrprintf(M_ARJDISP_CTR_START);
++ fputs(M_ARJDISP_CTR_START, stdout);
+ }
+ else
+ {
+@@ -146,7 +144,7 @@ static void show_proc_scrn()
+ gotoxy(16, 15);
+ memset(progress, indo, i);
+ progress[i]='\0';
+- scrprintf(progress);
++ fputs(progress, stdout);
+ gotoxy(16, 18);
+ scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
+ }
+@@ -165,19 +163,19 @@ static void show_ending_scrn()
+ textcolor(7);
+ clrscr();
+ gotoxy(2, 2);
+- scrprintf(win_top);
++ fputs(win_top, stdout);
+ for(i=3; i<24; i++)
+ {
+- gotoxy(2, i); scrprintf(win_border);
+- gotoxy(79, i); scrprintf(win_border);
++ gotoxy(2, i); fputs(win_border, stdout);
++ gotoxy(79, i); fputs(win_border, stdout);
+ }
+- gotoxy(2, 24); scrprintf(win_bottom);
++ gotoxy(2, 24); fputs(win_bottom, stdout);
+ gotoxy(10, 5);
+- scrprintf(M_ARJDISP_COPYRIGHT);
++ fputs(M_ARJDISP_COPYRIGHT, stdout);
+ gotoxy(10, 6);
+- scrprintf(M_ARJDISP_DISTRIBUTION);
++ fputs(M_ARJDISP_DISTRIBUTION, stdout);
+ gotoxy(10, 7);
+- scrprintf(M_ARJDISP_LICENSE);
++ fputs(M_ARJDISP_LICENSE, stdout);
+ gotoxy(16, 10);
+ scrprintf(M_FINISHED_PROCESSING, archive_name);
+ gotoxy(1, 24);
Deleted: use_safe_strcpy.patch
===================================================================
--- use_safe_strcpy.patch 2018-06-04 18:40:55 UTC (rev 340418)
+++ use_safe_strcpy.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -1,97 +0,0 @@
-Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, to
-use a safe strcpy for overlapping strings, among others fixes a build
-problem with a mangled generated .c file by msgbind (thus FTBFS), and
-CRC errors at run-time. For further information, please have a look
-to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590354
-
----
- arj.c | 2 +-
- arjdata.c | 9 +--------
- ea_mgr.c | 2 +-
- misc.h | 4 ++++
- msgbind.c | 2 +-
- packager.c | 2 +-
- 6 files changed, 9 insertions(+), 12 deletions(-)
-
---- a/arjdata.c
-+++ b/arjdata.c
-@@ -204,13 +204,6 @@ void date_fmt(char *dest)
- #endif
- }
-
--/* A safe strcpy() */
--
--static void safe_strcpy(char *dest, char *src)
--{
-- memmove(dest, src, strlen(src)+1);
--}
--
- /* Context substitution routine */
-
- char *expand_tags(char *str, int limit)
-@@ -232,7 +225,7 @@ char *expand_tags(char *str, int limit)
- {
- if(*(p+1)==TAG_CHAR)
- {
-- strcpy(p, p+1);
-+ safe_strcpy(p, p+1);
- p++;
- }
- else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
---- a/arj.c
-+++ b/arj.c
-@@ -1169,7 +1169,7 @@ int main(int argc, char *argv[])
- if(strlen(tmp_ptr)<=121)
- tmp_ptr[0]='\0';
- else if(tmp_ptr[120]==' ')
-- strcpy(tmp_ptr, tmp_ptr+121);
-+ safe_strcpy(tmp_ptr, tmp_ptr+121);
- }
- if(cmd==ARJ_CMD_ORDER&&strpbrk(tmp_ptr, wildcard_pattern)!=NULL)
- error(M_ORDER_WILDCARD);
---- a/ea_mgr.c
-+++ b/ea_mgr.c
-@@ -696,7 +696,7 @@ int resolve_longname(char *dest, char *n
- tmp_name[st_len]='\0';
- if(tmp_name[0]==0xFD&&tmp_name[1]==0xFF)
- {
-- strcpy(tmp_name, (char *)tmp_name+4);
-+ safe_strcpy(tmp_name, (char *)tmp_name+4);
- st_len-=4;
- }
- if(st_len==0||st_len+entry>=FILENAME_MAX)
---- a/msgbind.c
-+++ b/msgbind.c
-@@ -578,7 +578,7 @@ int main(int argc, char **argv)
- }
- strcat(pool[tpool].data, msgname);
- strcat(pool[tpool].data, ", ");
-- strcpy(msg_buffer, msg_buffer+1);
-+ safe_strcpy(msg_buffer, msg_buffer+1);
- buf_len=strlen(msg_buffer);
- msg_buffer[--buf_len]='\0';
- patch_string(msg_buffer);
---- a/packager.c
-+++ b/packager.c
-@@ -347,7 +347,7 @@ int main(int argc, char **argv)
- expand_tags(buf, sizeof(buf)-1);
- if((p=strchr(buf, '.'))!=NULL)
- {
-- strcpy(p, p+1);
-+ safe_strcpy(p, p+1);
- if((p=strchr(buf, '.'))!=NULL)
- *p='\0';
- }
---- a/misc.h
-+++ b/misc.h
-@@ -11,6 +11,10 @@
- #include "arjtypes.h"
- #include "filelist.h"
-
-+/* A safe strcpy() */
-+
-+#define safe_strcpy(dest, src) memmove(dest, src, strlen(src)+1);
-+
- /* ASCIIZ string copy macro */
-
- #define strcpyn(dest, src, n) \
Copied: arj/repos/community-x86_64/use_safe_strcpy.patch (from rev 340418, arj/trunk/use_safe_strcpy.patch)
===================================================================
--- use_safe_strcpy.patch (rev 0)
+++ use_safe_strcpy.patch 2018-06-04 18:41:26 UTC (rev 340419)
@@ -0,0 +1,97 @@
+Patch by Guillem Jover <guillem at debian.org> for arj <= 3.10.22, to
+use a safe strcpy for overlapping strings, among others fixes a build
+problem with a mangled generated .c file by msgbind (thus FTBFS), and
+CRC errors at run-time. For further information, please have a look
+to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590354
+
+---
+ arj.c | 2 +-
+ arjdata.c | 9 +--------
+ ea_mgr.c | 2 +-
+ misc.h | 4 ++++
+ msgbind.c | 2 +-
+ packager.c | 2 +-
+ 6 files changed, 9 insertions(+), 12 deletions(-)
+
+--- a/arjdata.c
++++ b/arjdata.c
+@@ -204,13 +204,6 @@ void date_fmt(char *dest)
+ #endif
+ }
+
+-/* A safe strcpy() */
+-
+-static void safe_strcpy(char *dest, char *src)
+-{
+- memmove(dest, src, strlen(src)+1);
+-}
+-
+ /* Context substitution routine */
+
+ char *expand_tags(char *str, int limit)
+@@ -232,7 +225,7 @@ char *expand_tags(char *str, int limit)
+ {
+ if(*(p+1)==TAG_CHAR)
+ {
+- strcpy(p, p+1);
++ safe_strcpy(p, p+1);
+ p++;
+ }
+ else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
+--- a/arj.c
++++ b/arj.c
+@@ -1169,7 +1169,7 @@ int main(int argc, char *argv[])
+ if(strlen(tmp_ptr)<=121)
+ tmp_ptr[0]='\0';
+ else if(tmp_ptr[120]==' ')
+- strcpy(tmp_ptr, tmp_ptr+121);
++ safe_strcpy(tmp_ptr, tmp_ptr+121);
+ }
+ if(cmd==ARJ_CMD_ORDER&&strpbrk(tmp_ptr, wildcard_pattern)!=NULL)
+ error(M_ORDER_WILDCARD);
+--- a/ea_mgr.c
++++ b/ea_mgr.c
+@@ -696,7 +696,7 @@ int resolve_longname(char *dest, char *n
+ tmp_name[st_len]='\0';
+ if(tmp_name[0]==0xFD&&tmp_name[1]==0xFF)
+ {
+- strcpy(tmp_name, (char *)tmp_name+4);
++ safe_strcpy(tmp_name, (char *)tmp_name+4);
+ st_len-=4;
+ }
+ if(st_len==0||st_len+entry>=FILENAME_MAX)
+--- a/msgbind.c
++++ b/msgbind.c
+@@ -578,7 +578,7 @@ int main(int argc, char **argv)
+ }
+ strcat(pool[tpool].data, msgname);
+ strcat(pool[tpool].data, ", ");
+- strcpy(msg_buffer, msg_buffer+1);
++ safe_strcpy(msg_buffer, msg_buffer+1);
+ buf_len=strlen(msg_buffer);
+ msg_buffer[--buf_len]='\0';
+ patch_string(msg_buffer);
+--- a/packager.c
++++ b/packager.c
+@@ -347,7 +347,7 @@ int main(int argc, char **argv)
+ expand_tags(buf, sizeof(buf)-1);
+ if((p=strchr(buf, '.'))!=NULL)
+ {
+- strcpy(p, p+1);
++ safe_strcpy(p, p+1);
+ if((p=strchr(buf, '.'))!=NULL)
+ *p='\0';
+ }
+--- a/misc.h
++++ b/misc.h
+@@ -11,6 +11,10 @@
+ #include "arjtypes.h"
+ #include "filelist.h"
+
++/* A safe strcpy() */
++
++#define safe_strcpy(dest, src) memmove(dest, src, strlen(src)+1);
++
+ /* ASCIIZ string copy macro */
+
+ #define strcpyn(dest, src, n) \
More information about the arch-commits
mailing list