[packages/nc] Rel 24

Mon Mar 9 18:28:27 CET 2026

commit aa1ffdaa83c1cc0462fea95c361360f8cb0e00fa
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Mon Mar 9 18:28:14 2026 +0100

    Rel 24

 nc-format-security.patch          | 11 ++++++++
 nc-implicit-int.patch             | 58 +++++++++++++++++++++++++++++++++++++++
 nc-missing-includes.patch         | 18 ++++++++++++
 nc-read-overflow.patch            | 12 ++++++++
 nc-signal-handler-signature.patch | 20 ++++++++++++++
 nc.spec                           | 20 ++++++++++++--
 6 files changed, 137 insertions(+), 2 deletions(-)
---

diff --git a/nc.spec b/nc.spec
index 726a2bc..d1d773e 100644
--- a/nc.spec
+++ b/nc.spec
@@ -4,7 +4,7 @@ Summary(pl.UTF-8):	Proste narzędzie do testowania sieci
 Summary(pt_BR.UTF-8):	Ferramenta de teste e depuração para serviços de rede
 Name:		nc
 Version:	1.10
-Release:	23
+Release:	24
 License:	Public Domain
 Group:		Networking/Utilities
 Source0:	http://dl.sourceforge.net/nc110/%{name}110.tgz
@@ -16,6 +16,16 @@ Patch1:		%{name}-v6-20000918.patch.gz
 Patch2:		%{name}-proto.patch
 Patch3:		%{name}-halfclose.patch
 Patch4:		%{name}-timeout.patch
+# from Debian netcat-traditional, fix missing includes for modern C
+Patch5:		%{name}-missing-includes.patch
+# from Gentoo, fix signal handler signatures for modern C
+Patch6:		%{name}-signal-handler-signature.patch
+# from Debian netcat-traditional, fix implicit int return types and forward declarations
+Patch7:		%{name}-implicit-int.patch
+# from Debian netcat-traditional, fix -Wformat-security
+Patch8:		%{name}-format-security.patch
+# from Debian netcat-traditional, fix buffer read overflow
+Patch9:		%{name}-read-overflow.patch
 URL:		http://nc110.sourceforge.net/
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
@@ -59,12 +69,18 @@ UDP. Também pode receber conexões.
 %patch -P2 -p1
 %patch -P3 -p1
 %patch -P4 -p1
+%patch -P5 -p1
+%patch -P6 -p1
+%patch -P7 -p1
+%patch -P8 -p1
+%patch -P9 -p1
 
 %build
 # 'make linux' works too, but builds a static binary.
 %{__make} generic \
 	DFLAGS="-DINET6 -DTELNET -DGAPING_SECURITY_HOLE" \
-	CC="%{__cc} %{rpmcppflags} %{rpmcflags}"
+	CC="%{__cc} %{rpmcppflags} %{rpmcflags}" \
+	LD="%{__cc} %{rpmcppflags} %{rpmcflags} %{rpmldflags}"
 
 %install
 rm -rf $RPM_BUILD_ROOT
diff --git a/nc-format-security.patch b/nc-format-security.patch
new file mode 100644
index 0000000..396b718
--- /dev/null
+++ b/nc-format-security.patch
@@ -0,0 +1,11 @@
+--- nc/netcat.c.orig	2026-03-09 00:00:00.000000000 +0100
++++ nc/netcat.c	2026-03-09 00:00:01.000000000 +0100
+@@ -226,7 +226,7 @@
+       if (h_errno > 4)		/* oh no you don't, either */
+ 	fprintf (stderr, "preposterous h_errno: %d", h_errno);
+       else
+-	fprintf (stderr, h_errs[h_errno]);	/* handle it here */
++	fprintf (stderr, "%s", h_errs[h_errno]);	/* handle it here */
+       h_errno = 0;				/* and reset for next call */
+     }
+ #endif
diff --git a/nc-implicit-int.patch b/nc-implicit-int.patch
new file mode 100644
index 0000000..de9eb44
--- /dev/null
+++ b/nc-implicit-int.patch
@@ -0,0 +1,58 @@
+--- nc/netcat.c.orig	2026-03-09 00:00:00.000000000 +0100
++++ nc/netcat.c	2026-03-09 00:00:01.000000000 +0100
+@@ -89,6 +89,10 @@
+ #include <unistd.h>		/* close, sleep, alarm, dup2, execl, read, write, getopt */
+
+ /* handy stuff: */
++#ifdef HAVE_HELP
++void helpme (void);
++#endif
++
+ #define SA struct sockaddr	/* socket overgeneralization braindeath */
+ #define SAI struct sockaddr_in	/* ... whoever came up with this model */
+ #define IA struct in_addr	/* ... should be taken out and shot, */
+@@ -727,7 +731,7 @@
+    that would be security-critical, which is why it's ifdefed out by default.
+    Use at your own hairy risk; if you leave shells lying around behind open
+    listening ports you deserve to lose!! */
+-doexec (fd)
++int doexec (fd)
+   int fd;
+ {
+   register char * p;
+@@ -1143,7 +1147,7 @@
+    Use the time delay between writes if given, otherwise use the "tcp ping"
+    trick for getting the RTT.  [I got that idea from pluvius, and warped it.]
+    Return either the original fd, or clean up and return -1. */
+-udptest (fd, where)
++int udptest (fd, where)
+   int fd;
+   IA * where;
+ {
+@@ -1455,7 +1459,7 @@
+    Use the time delay between writes if given, otherwise use the "tcp ping"
+    trick for getting the RTT.  [I got that idea from pluvius, and warped it.]
+    Return either the original fd, or clean up and return -1. */
+-udptest6(fd, where)
++int udptest6(fd, where)
+ int fd;
+ IA6 *where;
+ {
+@@ -1800,7 +1804,7 @@
+
+ /* main :
+    now we pull it all together... */
+-main (argc, argv)
++int main (argc, argv)
+   int argc;
+   char ** argv;
+ {
+@@ -2208,7 +2212,7 @@
+ #ifdef HAVE_HELP		/* unless we wanna be *really* cryptic */
+ /* helpme :
+    the obvious */
+-helpme()
++void helpme (void)
+ {
+   o_verbose = 1;
+   holler ("[v1.10]\n\
diff --git a/nc-missing-includes.patch b/nc-missing-includes.patch
new file mode 100644
index 0000000..019bfa7
--- /dev/null
+++ b/nc-missing-includes.patch
@@ -0,0 +1,18 @@
+--- nc/netcat.c.orig	2026-03-09 00:00:00.000000000 +0100
++++ nc/netcat.c	2026-03-09 00:00:01.000000000 +0100
+@@ -73,6 +73,7 @@
+
+ /* includes: */
+ #include <sys/time.h>		/* timeval, time_t */
++#include <time.h>		/* time */
+ #include <setjmp.h>		/* jmp_buf et al */
+ #include <sys/socket.h>		/* basics, SO_ and AF_ defs, sockaddr, ... */
+ #include <netinet/in.h>		/* sockaddr_in, htons, in_addr */
+@@ -86,6 +87,7 @@
+ #include <signal.h>
+ #include <fcntl.h>		/* O_WRONLY et al */
+ #include <resolv.h>		/* res_init */
++#include <unistd.h>		/* close, sleep, alarm, dup2, execl, read, write, getopt */
+
+ /* handy stuff: */
+ #define SA struct sockaddr	/* socket overgeneralization braindeath */
diff --git a/nc-read-overflow.patch b/nc-read-overflow.patch
new file mode 100644
index 0000000..8b9cd2c
--- /dev/null
+++ b/nc-read-overflow.patch
@@ -0,0 +1,12 @@
+--- nc/netcat.c.orig	2026-03-09 00:00:00.000000000 +0100
++++ nc/netcat.c	2026-03-09 00:00:01.000000000 +0100
+@@ -1874,7 +1874,8 @@
+     argv[1] = cp;			/* head of new arg block */
+     fprintf (stderr, "Cmd line: ");
+     fflush (stderr);		/* I dont care if it's unbuffered or not! */
+-    insaved = read (0, cp, BIGSIZ);	/* we're gonna fake fgets() here */
++    insaved = read (0, cp, BIGSIZ - 1);	/* we're gonna fake fgets() here */
++    cp[insaved >= 0 ? insaved : 0] = '\0';	/* null-terminate */
+     if (insaved <= 0)
+       bail ("wrong");
+     x = findline (cp, insaved);
diff --git a/nc-signal-handler-signature.patch b/nc-signal-handler-signature.patch
new file mode 100644
index 0000000..dcf1e21
--- /dev/null
+++ b/nc-signal-handler-signature.patch
@@ -0,0 +1,20 @@
+--- nc/netcat.c.orig	2026-03-09 00:00:00.000000000 +0100
++++ nc/netcat.c	2026-03-09 00:00:01.000000000 +0100
+@@ -253,7 +253,7 @@
+
+ /* catch :
+    no-brainer interrupt handler */
+-void catch ()
++void catch (int unused __attribute__((unused)))
+ {
+   errno = 0;
+   if (o_verbose > 1)		/* normally we don't care */
+@@ -262,7 +262,7 @@
+ }
+
+ /* timeout and other signal handling cruft */
+-void tmtravel ()
++void tmtravel (int unused __attribute__((unused)))
+ {
+   signal (SIGALRM, SIG_IGN);
+   alarm (0);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/nc.git/commitdiff/aa1ffdaa83c1cc0462fea95c361360f8cb0e00fa

