wok-next view arj/stuff/patches/security_format.patch @ rev 20250
jwm, lockdis: update bdeps
author | Pascal Bellard <pascal.bellard@slitaz.org> |
---|---|
date | Tue Nov 07 12:15:09 2017 +0100 (2017-11-07) |
parents | |
children |
line source
1 Patch by Guillem Jover <guillem@debian.org> for arj <= 3.10.22, which
2 fixes format security errors.
4 ---
5 arj_arcv.c | 12 ++++++------
6 arj_user.c | 8 ++++----
7 arjdisp.c | 58 ++++++++++++++++++++++++++++------------------------------
8 arjsfx.c | 2 +-
9 fardata.c | 10 +++++-----
10 rearj.c | 2 +-
11 register.c | 2 +-
12 7 files changed, 46 insertions(+), 48 deletions(-)
14 --- a/fardata.c
15 +++ b/fardata.c
16 @@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
17 /* Check if the message could have a standard error code */
18 if(errno!=0&&is_std_error(errmsg))
19 {
20 - msg_cprintf(0, lf);
21 + msg_cprintf(0, "\n");
22 error_report();
23 }
24 #endif
25 @@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
26 {
27 #if SFX_LEVEL>=ARJSFXV
28 fprintf(new_stdout, strform, n_text);
29 - fprintf(new_stdout, lf);
30 + fprintf(new_stdout, "\n");
31 #else
32 printf(strform, n_text);
33 - printf(lf);
34 + printf("\n");
35 #endif
36 }
37 else
38 @@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
39 #ifdef NEED_CRLF
40 scr_out("\r");
41 #endif
42 - scr_out(lf);
43 + scr_out("\n");
44 }
45 if(!no_colors)
46 textcolor(color_table[ccode&H_COLORMASK].color);
47 #else
48 printf(strform, n_text);
49 - printf(lf);
50 + printf("\n");
51 #endif
52 n_text=t_text+1;
53 #if SFX_LEVEL>=ARJ
54 --- a/arj_user.c
55 +++ b/arj_user.c
56 @@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
57 if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
58 {
59 msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
60 - printf(lf);
61 + printf("\n");
62 }
63 else
64 {
65 @@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
66 if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
67 {
68 msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
69 - printf(lf);
70 + printf("\n");
71 }
72 else
73 {
74 @@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
75 msg_cprintf(0, M_CHAPTERS_ON);
76 else if(chapter_mode==CHAP_REMOVE)
77 msg_cprintf(0, M_CHAPTERS_OFF);
78 - msg_cprintf(0, strform, lf);
79 + msg_cprintf(0, strform, "\n");
80 }
81 if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
82 msg_cprintf(0, M_ARJPROT_DISABLED);
83 @@ -2303,7 +2303,7 @@ void process_archive()
84 timestamp_to_str(timetext, &ftime_stamp);
85 msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
86 if(show_ansi_comments)
87 - printf(cmt_ptr);
88 + fputs(cmt_ptr, stdout);
89 else
90 display_comment(cmt_ptr);
91 /* The sfx_setup() occurs here */
92 --- a/arj_arcv.c
93 +++ b/arj_arcv.c
94 @@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
95 else
96 {
97 strcat(tmp_comment, tmp_cmtline);
98 - strcat(tmp_comment, lf);
99 + strcat(tmp_comment, "\n");
100 }
101 }
102 else
103 {
104 strcat(tmp_comment, tmp_cmtline);
105 - strcat(tmp_comment, lf);
106 + strcat(tmp_comment, "\n");
107 }
108 }
109 }
110 @@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
111 raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
112 uxspecial_stats(raw_eh, UXSTATS_SHORT);
113 }
114 - msg_cprintf(0, lf);
115 + msg_cprintf(0, "\n");
116 }
117 if(err_id==0&&user_wants_fail)
118 {
119 @@ -2523,9 +2523,9 @@ int unpack_validation()
120 {
121 msg_cprintf(0, (FMSG *)strform, misc_buf);
122 if(search_mode==SEARCH_DEFAULT)
123 - msg_cprintf(0, (FMSG *)lf);
124 + msg_cprintf(0, "\n");
125 if(search_mode==SEARCH_BRIEF)
126 - msg_cprintf(0, (FMSG *)cr);
127 + msg_cprintf(0, "\r");
128 }
129 for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
130 reserve_size=0;
131 @@ -3652,7 +3652,7 @@ void archive_cleanup()
132 {
133 if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
134 error(M_DISK_FULL);
135 - if(fprintf(idxstream, lf)<0)
136 + if(fprintf(idxstream, "\n")<0)
137 error(M_DISK_FULL);
138 }
139 cmd_verb=ARJ_CMD_TEST;
140 --- a/arjsfx.c
141 +++ b/arjsfx.c
142 @@ -214,7 +214,7 @@ static void final_cleanup(void)
143 freopen(dev_con, m_w, stdout);
144 #if SFX_LEVEL>=ARJSFXV
145 if(ferror(stdout))
146 - msg_fprintf(stderr, M_DISK_FULL);
147 + msg_fprintf(stderr, "Can't write file. Disk full?");
148 if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
149 {
150 ticks=get_ticks()-ticks;
151 --- a/rearj.c
152 +++ b/rearj.c
153 @@ -935,7 +935,7 @@ static int convert_archive(char *name)
154 msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
155 msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
156 msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
157 - printf(lf);
158 + printf("\n");
159 total_old_fsize+=old_fsize;
160 total_new_fsize+=new_fsize;
161 total_files++;
162 --- a/register.c
163 +++ b/register.c
164 @@ -205,7 +205,7 @@ int main(int argc, char **argv)
165 char reg_source[200];
166 int i;
168 - printf(M_REGISTER_BANNER);
169 + fputs(M_REGISTER_BANNER, stdout);
170 integrity_pattern[0]--;
171 build_crc32_table();
172 if(argc!=2)
173 --- a/arjdisp.c
174 +++ b/arjdisp.c
175 @@ -20,8 +20,6 @@ static long bytes;
176 static long compsize;
177 static char cmd_verb;
178 static char msg_lf[]="\n";
179 -char strform[]="%s"; /* Export it for scrnio.c, too
180 - (a byte saved is a byte gained) */
182 /* Pseudographical controls */
184 @@ -54,19 +52,19 @@ static void show_init_scrn()
185 textcolor(7);
186 clrscr();
187 gotoxy(2, 2);
188 - scrprintf(win_top);
189 + fputs(win_top, stdout);
190 for(i=3; i<24; i++)
191 {
192 - gotoxy(2, i); scrprintf(win_border);
193 - gotoxy(79, i); scrprintf(win_border);
194 + gotoxy(2, i); fputs(win_border, stdout);
195 + gotoxy(79, i); fputs(win_border, stdout);
196 }
197 - gotoxy(2, 24); scrprintf(win_bottom);
198 + gotoxy(2, 24); fputs(win_bottom, stdout);
199 gotoxy(10, 5);
200 - scrprintf(M_ARJDISP_COPYRIGHT);
201 + fputs(M_ARJDISP_COPYRIGHT, stdout);
202 gotoxy(10, 6);
203 - scrprintf(M_ARJDISP_DISTRIBUTION);
204 + fputs(M_ARJDISP_DISTRIBUTION, stdout);
205 gotoxy(10, 7);
206 - scrprintf(M_ARJDISP_LICENSE);
207 + fputs(M_ARJDISP_LICENSE, stdout);
208 gotoxy(16, 10);
209 scrprintf(M_PROCESSING_ARCHIVE, archive_name);
210 t=strtok(M_ARJDISP_INFO, msg_lf);
211 @@ -74,11 +72,11 @@ static void show_init_scrn()
212 while(t!=NULL&&i<=23)
213 {
214 gotoxy(10, i++);
215 - scrprintf(strform, t);
216 + scrprintf("%s", t);
217 t=strtok(NULL, msg_lf);
218 }
219 gotoxy(16, 20);
220 - scrprintf(M_PRESS_ANY_KEY);
221 + fputs(M_PRESS_ANY_KEY, stdout);
222 uni_getch();
223 gotoxy(1, 24);
224 }
225 @@ -96,19 +94,19 @@ static void show_proc_scrn()
226 {
227 clrscr();
228 gotoxy(2, 2);
229 - scrprintf(win_top);
230 + fputs(win_top, stdout);
231 for(i=3; i<24; i++)
232 {
233 - gotoxy(2, i); scrprintf(win_border);
234 - gotoxy(79, i); scrprintf(win_border);
235 + gotoxy(2, i); fputs(win_border, stdout);
236 + gotoxy(79, i); fputs(win_border, stdout);
237 }
238 - gotoxy(2, 24); scrprintf(win_bottom);
239 + gotoxy(2, 24); fputs(win_bottom, stdout);
240 gotoxy(10, 5);
241 - scrprintf(M_ARJDISP_COPYRIGHT);
242 + fputs(M_ARJDISP_COPYRIGHT, stdout);
243 gotoxy(10, 6);
244 - scrprintf(M_ARJDISP_DISTRIBUTION);
245 + fputs(M_ARJDISP_DISTRIBUTION, stdout);
246 gotoxy(10, 7);
247 - scrprintf(M_ARJDISP_LICENSE);
248 + fputs(M_ARJDISP_LICENSE, stdout);
249 gotoxy(16, 10);
250 scrprintf(M_PROCESSING_ARCHIVE, archive_name);
251 gotoxy(16, 12);
252 @@ -132,13 +130,13 @@ static void show_proc_scrn()
253 break;
254 }
255 gotoxy(15, 14);
256 - scrprintf(ind_top);
257 + fputs(ind_top, stdout);
258 gotoxy(15, 15);
259 - scrprintf(ind_middle);
260 + fputs(ind_middle, stdout);
261 gotoxy(15, 16);
262 - scrprintf(ind_bottom);
263 + fputs(ind_bottom, stdout);
264 gotoxy(16, 18);
265 - scrprintf(M_ARJDISP_CTR_START);
266 + fputs(M_ARJDISP_CTR_START, stdout);
267 }
268 else
269 {
270 @@ -146,7 +144,7 @@ static void show_proc_scrn()
271 gotoxy(16, 15);
272 memset(progress, indo, i);
273 progress[i]='\0';
274 - scrprintf(progress);
275 + fputs(progress, stdout);
276 gotoxy(16, 18);
277 scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
278 }
279 @@ -165,19 +163,19 @@ static void show_ending_scrn()
280 textcolor(7);
281 clrscr();
282 gotoxy(2, 2);
283 - scrprintf(win_top);
284 + fputs(win_top, stdout);
285 for(i=3; i<24; i++)
286 {
287 - gotoxy(2, i); scrprintf(win_border);
288 - gotoxy(79, i); scrprintf(win_border);
289 + gotoxy(2, i); fputs(win_border, stdout);
290 + gotoxy(79, i); fputs(win_border, stdout);
291 }
292 - gotoxy(2, 24); scrprintf(win_bottom);
293 + gotoxy(2, 24); fputs(win_bottom, stdout);
294 gotoxy(10, 5);
295 - scrprintf(M_ARJDISP_COPYRIGHT);
296 + fputs(M_ARJDISP_COPYRIGHT, stdout);
297 gotoxy(10, 6);
298 - scrprintf(M_ARJDISP_DISTRIBUTION);
299 + fputs(M_ARJDISP_DISTRIBUTION, stdout);
300 gotoxy(10, 7);
301 - scrprintf(M_ARJDISP_LICENSE);
302 + fputs(M_ARJDISP_LICENSE, stdout);
303 gotoxy(16, 10);
304 scrprintf(M_FINISHED_PROCESSING, archive_name);
305 gotoxy(1, 24);