[arch-commits] Commit in unrtf/trunk (CVE-2016-10091.patch PKGBUILD unrtf.changelog)

Jaroslav Lichtblau jlichtblau at archlinux.org
Sat Nov 24 22:35:02 UTC 2018


    Date: Saturday, November 24, 2018 @ 22:34:59
  Author: jlichtblau
Revision: 409653

upgpkg: unrtf 0.21.10-1 - new upstream release

Modified:
  unrtf/trunk/PKGBUILD
  unrtf/trunk/unrtf.changelog
Deleted:
  unrtf/trunk/CVE-2016-10091.patch

----------------------+
 CVE-2016-10091.patch |  179 -------------------------------------------------
 PKGBUILD             |   19 +----
 unrtf.changelog      |    3 
 3 files changed, 8 insertions(+), 193 deletions(-)

Deleted: CVE-2016-10091.patch
===================================================================
--- CVE-2016-10091.patch	2018-11-24 20:04:56 UTC (rev 409652)
+++ CVE-2016-10091.patch	2018-11-24 22:34:59 UTC (rev 409653)
@@ -1,179 +0,0 @@
-From: Jean-Francois Dockes <jf at dockes.org>
-Date: Sat, 31 Dec 2016 20:25:19 +0100
-Subject: Replace all instances of sprintf with snprintf and adjust size of
- integer field in some cases
-
-This fixes CVE-2016-10091
-
-Bug-Debian: https://bugs.debian.org/849705
----
- src/attr.c    |  4 ++--
- src/convert.c | 28 ++++++++++++++--------------
- src/output.c  |  4 ++--
- 3 files changed, 18 insertions(+), 18 deletions(-)
-
-diff --git a/src/attr.c b/src/attr.c
-index 02b5c81..e2951ea 100644
---- a/src/attr.c
-+++ b/src/attr.c
-@@ -746,7 +746,7 @@ char *
- assemble_string(char *string, int nr)
- {
- 
--	char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */
-+	char *s, tmp[20];
- 	int i = 0, j = 0;
- 
- 	if (string == NULL)
-@@ -762,7 +762,7 @@ assemble_string(char *string, int nr)
- 		}
- 
- 		if (string[i] != '\0') {
--			sprintf(tmp, "%d", nr);
-+			snprintf(tmp, 20, "%d", nr);
- 			strcpy(&s[j], tmp);
- 			j = j + strlen(tmp);
- 		}
-diff --git a/src/convert.c b/src/convert.c
-index c76d7d6..8eacdcb 100644
---- a/src/convert.c
-+++ b/src/convert.c
-@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm)
- }
- 
- // Translate code page to encoding name hopefully suitable as iconv input
--static char *cptoencoding(parm)
-+static char *cptoencoding(int parm)
- {
-     // Note that CP0 is supposed to mean current system default, which does
-     // not make any sense as a stored value, we don't handle it.
-@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num)
- 	}
- 	else
- 	{
--		sprintf(str,"#%02x%02x%02x",
-+		snprintf(str, 40, "#%02x%02x%02x",
- 			color_table[num].r,
- 			color_table[num].g,
- 			color_table[num].b);
-@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num)
- 	}
- 	else
- 	{
--		sprintf(str,"#%02x%02x%02x",
-+		snprintf(str, 40, "#%02x%02x%02x",
- 			color_table[num].r,
- 			color_table[num].g,
- 			color_table[num].b);
-@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) {
- 	/* Note, fs20 means 10pt */
- 	points /= 2;
- 
--	sprintf(str,"%d",points);
-+	snprintf(str, 20, "%d", points);
- 	attr_push(ATTR_FONTSIZE,str);
- 
- 	return FALSE;
-@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num)
-         {
-             // TOBEDONE: WHAT'S THIS ???
-             name = my_malloc(12);
--            sprintf(name, "%d", num);
-+			snprintf(name, 12, "%d", num);
-         }
- 
-         /* we are going to output entities, so should not output font */
-@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num)
- 	}
- 	else
- 	{
--		sprintf(str,"#%02x%02x%02x",
-+		snprintf(str, 40, "#%02x%02x%02x",
- 			color_table[num].r,
- 			color_table[num].g,
- 			color_table[num].b);
-@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) {
- 
- static int 
- cmd_expand (Word *w, int align, char has_param, int param) {
--	char str[10];
-+	char str[20];
- 	if (has_param) {
--		sprintf(str, "%d", param/4);
-+		snprintf(str, 20, "%d", param / 4);
- 		if (!param) 
- 			attr_pop(ATTR_EXPAND);
- 		else 
-@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) {
- 
- static int 
- cmd_emboss (Word *w, int align, char has_param, int param) {
--	char str[10];
-+	char str[20];
- 	if (has_param && !param)
- #ifdef SUPPORT_UNNESTED
- 		attr_find_pop(ATTR_EMBOSS);
-@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) {
- #endif
- 	else
- 	{
--		sprintf(str, "%d", param);
-+		snprintf(str, 20, "%d", param);
- 		attr_push(ATTR_EMBOSS, str);
- 	}
- 	return FALSE;
-@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) {
- 
- static int 
- cmd_engrave (Word *w, int align, char has_param, int param) {
--	char str[10];
-+	char str[20];
- 	if (has_param && !param) 
- 		attr_pop(ATTR_ENGRAVE);
- 	else
- 	{
--		sprintf(str, "%d", param);
-+		snprintf(str, 20, "%d", param);
- 		attr_push(ATTR_ENGRAVE, str);
- 	}
- 	return FALSE;
-@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) {
- 
- 	short	done=0;
- 	long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */
--	char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */
-+	char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */
- 	const char *alias;
- #define DEBUG 0
- #if DEBUG
-@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) {
-                             /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */
- 				unicode_number += 65536;
- 			}
--			sprintf(tmp, "%ld", unicode_number);
-+			snprintf(tmp, 20, "%ld", unicode_number);
- 
- 			if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print");
- 			done++;
-diff --git a/src/output.c b/src/output.c
-index 86d8b5c..4cdbfa6 100644
---- a/src/output.c
-+++ b/src/output.c
-@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size)
- 	if (!found_std_expr) {
- 		if (op->fontsize_begin) {
- 			char expr[16];
--			sprintf (expr, "%d", size);
-+			snprintf(expr, 16, "%d", size);
- 			if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin");
- 		} else {
- 			/* If we cannot write out a change for the exact
-@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size)
- 	if (!found_std_expr) {
- 		if (op->fontsize_end) {
- 			char expr[16];
--			sprintf (expr, "%d", size);
-+			snprintf(expr, 16, "%d", size);
- 			if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end");
- 		} else {
- 			/* If we cannot write out a change for the exact

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2018-11-24 20:04:56 UTC (rev 409652)
+++ PKGBUILD	2018-11-24 22:34:59 UTC (rev 409653)
@@ -3,8 +3,8 @@
 # Contributor: froggie <sullivanva at gmail.com>
 
 pkgname=unrtf
-pkgver=0.21.9
-pkgrel=3
+pkgver=0.21.10
+pkgrel=1
 pkgdesc="Command-line program which converts RTF documents to other formats"
 arch=('x86_64')
 url="https://www.gnu.org/software/unrtf/unrtf.html"
@@ -11,20 +11,11 @@
 license=('GPL3')
 depends=('glibc')
 changelog=$pkgname.changelog
-source=(https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz{,.sig}
-        CVE-2016-10091.patch)
-sha256sums=('22a37826f96d754e335fb69f8036c068c00dd01ee9edd9461a36df0085fb8ddd'
-            'SKIP'
-            '7a535e96764c7d5291060b4e0548b155e1f44357bf78463ad2ed3678c14f749d')
+source=(https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz{,.sig})
+sha256sums=('b49f20211fa69fff97d42d6e782a62d7e2da670b064951f14bbff968c93734ae'
+            'SKIP')
 validpgpkeys=('46EA854F5FC5F5A0A9D2BFE89175BF0B3EC83090') # Dave Davey (lgf) <daved at windclimber.id.au>
 
-prepare() {
-  cd "${srcdir}"/$pkgname-$pkgver
-
-  patch -Np1 -i "${srcdir}"/CVE-2016-10091.patch
-  autoreconf -fi
-}
-
 build() {
   cd "${srcdir}"/$pkgname-$pkgver
 

Modified: unrtf.changelog
===================================================================
--- unrtf.changelog	2018-11-24 20:04:56 UTC (rev 409652)
+++ unrtf.changelog	2018-11-24 22:34:59 UTC (rev 409653)
@@ -1,3 +1,6 @@
+2018-11-24 Jaroslav Lichtblau <svetlemodry at archlinux.org>
+	* unrtf 0.21.10-1
+
 2017-01-05 Jaroslav Lichtblau <svetlemodry at archlinux.org>
 	* unrtf 0.21.9-2 FS#52362 fix
 


More information about the arch-commits mailing list