wok-next diff arj/stuff/patches/security_format.patch @ rev 21727
created recipe for vbindiff
author | Hans-G?nter Theisgen |
---|---|
date | Sat Nov 21 14:32:44 2020 +0100 (2020-11-21) |
parents | |
children |
line diff
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/arj/stuff/patches/security_format.patch Sat Nov 21 14:32:44 2020 +0100 1.3 @@ -0,0 +1,305 @@ 1.4 +Patch by Guillem Jover <guillem@debian.org> for arj <= 3.10.22, which 1.5 +fixes format security errors. 1.6 + 1.7 +--- 1.8 + arj_arcv.c | 12 ++++++------ 1.9 + arj_user.c | 8 ++++---- 1.10 + arjdisp.c | 58 ++++++++++++++++++++++++++++------------------------------ 1.11 + arjsfx.c | 2 +- 1.12 + fardata.c | 10 +++++----- 1.13 + rearj.c | 2 +- 1.14 + register.c | 2 +- 1.15 + 7 files changed, 46 insertions(+), 48 deletions(-) 1.16 + 1.17 +--- a/fardata.c 1.18 ++++ b/fardata.c 1.19 +@@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...) 1.20 + /* Check if the message could have a standard error code */ 1.21 + if(errno!=0&&is_std_error(errmsg)) 1.22 + { 1.23 +- msg_cprintf(0, lf); 1.24 ++ msg_cprintf(0, "\n"); 1.25 + error_report(); 1.26 + } 1.27 + #endif 1.28 +@@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char * 1.29 + { 1.30 + #if SFX_LEVEL>=ARJSFXV 1.31 + fprintf(new_stdout, strform, n_text); 1.32 +- fprintf(new_stdout, lf); 1.33 ++ fprintf(new_stdout, "\n"); 1.34 + #else 1.35 + printf(strform, n_text); 1.36 +- printf(lf); 1.37 ++ printf("\n"); 1.38 + #endif 1.39 + } 1.40 + else 1.41 +@@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char * 1.42 + #ifdef NEED_CRLF 1.43 + scr_out("\r"); 1.44 + #endif 1.45 +- scr_out(lf); 1.46 ++ scr_out("\n"); 1.47 + } 1.48 + if(!no_colors) 1.49 + textcolor(color_table[ccode&H_COLORMASK].color); 1.50 + #else 1.51 + printf(strform, n_text); 1.52 +- printf(lf); 1.53 ++ printf("\n"); 1.54 + #endif 1.55 + n_text=t_text+1; 1.56 + #if SFX_LEVEL>=ARJ 1.57 +--- a/arj_user.c 1.58 ++++ b/arj_user.c 1.59 +@@ -1059,7 +1059,7 @@ static void finish_processing(int cmd) 1.60 + if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos)) 1.61 + { 1.62 + msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name); 1.63 +- printf(lf); 1.64 ++ printf("\n"); 1.65 + } 1.66 + else 1.67 + { 1.68 +@@ -1294,7 +1294,7 @@ static void finish_processing(int cmd) 1.69 + if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos)) 1.70 + { 1.71 + msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name); 1.72 +- printf(lf); 1.73 ++ printf("\n"); 1.74 + } 1.75 + else 1.76 + { 1.77 +@@ -1327,7 +1327,7 @@ static void finish_processing(int cmd) 1.78 + msg_cprintf(0, M_CHAPTERS_ON); 1.79 + else if(chapter_mode==CHAP_REMOVE) 1.80 + msg_cprintf(0, M_CHAPTERS_OFF); 1.81 +- msg_cprintf(0, strform, lf); 1.82 ++ msg_cprintf(0, strform, "\n"); 1.83 + } 1.84 + if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail) 1.85 + msg_cprintf(0, M_ARJPROT_DISABLED); 1.86 +@@ -2303,7 +2303,7 @@ void process_archive() 1.87 + timestamp_to_str(timetext, &ftime_stamp); 1.88 + msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext); 1.89 + if(show_ansi_comments) 1.90 +- printf(cmt_ptr); 1.91 ++ fputs(cmt_ptr, stdout); 1.92 + else 1.93 + display_comment(cmt_ptr); 1.94 + /* The sfx_setup() occurs here */ 1.95 +--- a/arj_arcv.c 1.96 ++++ b/arj_arcv.c 1.97 +@@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char * 1.98 + else 1.99 + { 1.100 + strcat(tmp_comment, tmp_cmtline); 1.101 +- strcat(tmp_comment, lf); 1.102 ++ strcat(tmp_comment, "\n"); 1.103 + } 1.104 + } 1.105 + else 1.106 + { 1.107 + strcat(tmp_comment, tmp_cmtline); 1.108 +- strcat(tmp_comment, lf); 1.109 ++ strcat(tmp_comment, "\n"); 1.110 + } 1.111 + } 1.112 + } 1.113 +@@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl 1.114 + raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw; 1.115 + uxspecial_stats(raw_eh, UXSTATS_SHORT); 1.116 + } 1.117 +- msg_cprintf(0, lf); 1.118 ++ msg_cprintf(0, "\n"); 1.119 + } 1.120 + if(err_id==0&&user_wants_fail) 1.121 + { 1.122 +@@ -2523,9 +2523,9 @@ int unpack_validation() 1.123 + { 1.124 + msg_cprintf(0, (FMSG *)strform, misc_buf); 1.125 + if(search_mode==SEARCH_DEFAULT) 1.126 +- msg_cprintf(0, (FMSG *)lf); 1.127 ++ msg_cprintf(0, "\n"); 1.128 + if(search_mode==SEARCH_BRIEF) 1.129 +- msg_cprintf(0, (FMSG *)cr); 1.130 ++ msg_cprintf(0, "\r"); 1.131 + } 1.132 + for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0); 1.133 + reserve_size=0; 1.134 +@@ -3652,7 +3652,7 @@ void archive_cleanup() 1.135 + { 1.136 + if(msg_fprintf(idxstream, M_TESTING, archive_name)<0) 1.137 + error(M_DISK_FULL); 1.138 +- if(fprintf(idxstream, lf)<0) 1.139 ++ if(fprintf(idxstream, "\n")<0) 1.140 + error(M_DISK_FULL); 1.141 + } 1.142 + cmd_verb=ARJ_CMD_TEST; 1.143 +--- a/arjsfx.c 1.144 ++++ b/arjsfx.c 1.145 +@@ -214,7 +214,7 @@ static void final_cleanup(void) 1.146 + freopen(dev_con, m_w, stdout); 1.147 + #if SFX_LEVEL>=ARJSFXV 1.148 + if(ferror(stdout)) 1.149 +- msg_fprintf(stderr, M_DISK_FULL); 1.150 ++ msg_fprintf(stderr, "Can't write file. Disk full?"); 1.151 + if(debug_enabled&&strchr(debug_opt, 't')!=NULL) 1.152 + { 1.153 + ticks=get_ticks()-ticks; 1.154 +--- a/rearj.c 1.155 ++++ b/rearj.c 1.156 +@@ -935,7 +935,7 @@ static int convert_archive(char *name) 1.157 + msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize); 1.158 + msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize); 1.159 + msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain); 1.160 +- printf(lf); 1.161 ++ printf("\n"); 1.162 + total_old_fsize+=old_fsize; 1.163 + total_new_fsize+=new_fsize; 1.164 + total_files++; 1.165 +--- a/register.c 1.166 ++++ b/register.c 1.167 +@@ -205,7 +205,7 @@ int main(int argc, char **argv) 1.168 + char reg_source[200]; 1.169 + int i; 1.170 + 1.171 +- printf(M_REGISTER_BANNER); 1.172 ++ fputs(M_REGISTER_BANNER, stdout); 1.173 + integrity_pattern[0]--; 1.174 + build_crc32_table(); 1.175 + if(argc!=2) 1.176 +--- a/arjdisp.c 1.177 ++++ b/arjdisp.c 1.178 +@@ -20,8 +20,6 @@ static long bytes; 1.179 + static long compsize; 1.180 + static char cmd_verb; 1.181 + static char msg_lf[]="\n"; 1.182 +-char strform[]="%s"; /* Export it for scrnio.c, too 1.183 +- (a byte saved is a byte gained) */ 1.184 + 1.185 + /* Pseudographical controls */ 1.186 + 1.187 +@@ -54,19 +52,19 @@ static void show_init_scrn() 1.188 + textcolor(7); 1.189 + clrscr(); 1.190 + gotoxy(2, 2); 1.191 +- scrprintf(win_top); 1.192 ++ fputs(win_top, stdout); 1.193 + for(i=3; i<24; i++) 1.194 + { 1.195 +- gotoxy(2, i); scrprintf(win_border); 1.196 +- gotoxy(79, i); scrprintf(win_border); 1.197 ++ gotoxy(2, i); fputs(win_border, stdout); 1.198 ++ gotoxy(79, i); fputs(win_border, stdout); 1.199 + } 1.200 +- gotoxy(2, 24); scrprintf(win_bottom); 1.201 ++ gotoxy(2, 24); fputs(win_bottom, stdout); 1.202 + gotoxy(10, 5); 1.203 +- scrprintf(M_ARJDISP_COPYRIGHT); 1.204 ++ fputs(M_ARJDISP_COPYRIGHT, stdout); 1.205 + gotoxy(10, 6); 1.206 +- scrprintf(M_ARJDISP_DISTRIBUTION); 1.207 ++ fputs(M_ARJDISP_DISTRIBUTION, stdout); 1.208 + gotoxy(10, 7); 1.209 +- scrprintf(M_ARJDISP_LICENSE); 1.210 ++ fputs(M_ARJDISP_LICENSE, stdout); 1.211 + gotoxy(16, 10); 1.212 + scrprintf(M_PROCESSING_ARCHIVE, archive_name); 1.213 + t=strtok(M_ARJDISP_INFO, msg_lf); 1.214 +@@ -74,11 +72,11 @@ static void show_init_scrn() 1.215 + while(t!=NULL&&i<=23) 1.216 + { 1.217 + gotoxy(10, i++); 1.218 +- scrprintf(strform, t); 1.219 ++ scrprintf("%s", t); 1.220 + t=strtok(NULL, msg_lf); 1.221 + } 1.222 + gotoxy(16, 20); 1.223 +- scrprintf(M_PRESS_ANY_KEY); 1.224 ++ fputs(M_PRESS_ANY_KEY, stdout); 1.225 + uni_getch(); 1.226 + gotoxy(1, 24); 1.227 + } 1.228 +@@ -96,19 +94,19 @@ static void show_proc_scrn() 1.229 + { 1.230 + clrscr(); 1.231 + gotoxy(2, 2); 1.232 +- scrprintf(win_top); 1.233 ++ fputs(win_top, stdout); 1.234 + for(i=3; i<24; i++) 1.235 + { 1.236 +- gotoxy(2, i); scrprintf(win_border); 1.237 +- gotoxy(79, i); scrprintf(win_border); 1.238 ++ gotoxy(2, i); fputs(win_border, stdout); 1.239 ++ gotoxy(79, i); fputs(win_border, stdout); 1.240 + } 1.241 +- gotoxy(2, 24); scrprintf(win_bottom); 1.242 ++ gotoxy(2, 24); fputs(win_bottom, stdout); 1.243 + gotoxy(10, 5); 1.244 +- scrprintf(M_ARJDISP_COPYRIGHT); 1.245 ++ fputs(M_ARJDISP_COPYRIGHT, stdout); 1.246 + gotoxy(10, 6); 1.247 +- scrprintf(M_ARJDISP_DISTRIBUTION); 1.248 ++ fputs(M_ARJDISP_DISTRIBUTION, stdout); 1.249 + gotoxy(10, 7); 1.250 +- scrprintf(M_ARJDISP_LICENSE); 1.251 ++ fputs(M_ARJDISP_LICENSE, stdout); 1.252 + gotoxy(16, 10); 1.253 + scrprintf(M_PROCESSING_ARCHIVE, archive_name); 1.254 + gotoxy(16, 12); 1.255 +@@ -132,13 +130,13 @@ static void show_proc_scrn() 1.256 + break; 1.257 + } 1.258 + gotoxy(15, 14); 1.259 +- scrprintf(ind_top); 1.260 ++ fputs(ind_top, stdout); 1.261 + gotoxy(15, 15); 1.262 +- scrprintf(ind_middle); 1.263 ++ fputs(ind_middle, stdout); 1.264 + gotoxy(15, 16); 1.265 +- scrprintf(ind_bottom); 1.266 ++ fputs(ind_bottom, stdout); 1.267 + gotoxy(16, 18); 1.268 +- scrprintf(M_ARJDISP_CTR_START); 1.269 ++ fputs(M_ARJDISP_CTR_START, stdout); 1.270 + } 1.271 + else 1.272 + { 1.273 +@@ -146,7 +144,7 @@ static void show_proc_scrn() 1.274 + gotoxy(16, 15); 1.275 + memset(progress, indo, i); 1.276 + progress[i]='\0'; 1.277 +- scrprintf(progress); 1.278 ++ fputs(progress, stdout); 1.279 + gotoxy(16, 18); 1.280 + scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10); 1.281 + } 1.282 +@@ -165,19 +163,19 @@ static void show_ending_scrn() 1.283 + textcolor(7); 1.284 + clrscr(); 1.285 + gotoxy(2, 2); 1.286 +- scrprintf(win_top); 1.287 ++ fputs(win_top, stdout); 1.288 + for(i=3; i<24; i++) 1.289 + { 1.290 +- gotoxy(2, i); scrprintf(win_border); 1.291 +- gotoxy(79, i); scrprintf(win_border); 1.292 ++ gotoxy(2, i); fputs(win_border, stdout); 1.293 ++ gotoxy(79, i); fputs(win_border, stdout); 1.294 + } 1.295 +- gotoxy(2, 24); scrprintf(win_bottom); 1.296 ++ gotoxy(2, 24); fputs(win_bottom, stdout); 1.297 + gotoxy(10, 5); 1.298 +- scrprintf(M_ARJDISP_COPYRIGHT); 1.299 ++ fputs(M_ARJDISP_COPYRIGHT, stdout); 1.300 + gotoxy(10, 6); 1.301 +- scrprintf(M_ARJDISP_DISTRIBUTION); 1.302 ++ fputs(M_ARJDISP_DISTRIBUTION, stdout); 1.303 + gotoxy(10, 7); 1.304 +- scrprintf(M_ARJDISP_LICENSE); 1.305 ++ fputs(M_ARJDISP_LICENSE, stdout); 1.306 + gotoxy(16, 10); 1.307 + scrprintf(M_FINISHED_PROCESSING, archive_name); 1.308 + gotoxy(1, 24);