[packages/lrzsz] Rel 3

arekm arekm at pld-linux.org
Sat Mar 14 12:45:10 CET 2026 

commit a0e727af72e87cdb035411deab46f6d857536f92
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date:   Sat Mar 14 12:44:48 2026 +0100

    Rel 3

 lrzsz-CVE-2018-10195.patch  |  20 +++++
 lrzsz-aclocal+DESTDIR.patch |  12 ++-
 lrzsz-c99.patch             | 201 ++++++++++++++++++++++++++++++++++++++++++++
 lrzsz.spec                  |   9 +-
 4 files changed, 233 insertions(+), 9 deletions(-)
---
diff --git a/lrzsz.spec b/lrzsz.spec
index b9f3a44..5eee9e1 100644
--- a/lrzsz.spec
+++ b/lrzsz.spec
@@ -9,7 +9,7 @@ Summary(tr.UTF-8):	Modem protokolleri
 Summary(uk.UTF-8):	lrzsz - програми пересилки файлів по модему lrz та lsz
 Name:		lrzsz
 Version:	0.12.21
-Release:	2
+Release:	3
 License:	GPL v2+
 Group:		Applications/Communications
 Source0:	%{name}-%{version}.tar.bz2
@@ -17,6 +17,8 @@ Source0:	%{name}-%{version}.tar.bz2
 Patch0:		%{name}-glibc21.patch
 Patch1:		%{name}-aclocal+DESTDIR.patch
 Patch2:		%{name}-ac.patch
+Patch3:		%{name}-CVE-2018-10195.patch
+Patch4:		%{name}-c99.patch
 URL:		https://ohse.de/uwe/software/lrzsz.html
 BuildRequires:	autoconf >= 2.12
 BuildRequires:	automake
@@ -80,10 +82,13 @@ zmodem/ymodem/xmodem, побудований з public-domain версії па
 %patch -P0 -p1
 %patch -P1 -p1
 %patch -P2 -p1
+%patch -P3 -p1
+%patch -P4 -p1
 
 %build
 %{__gettextize}
-%{__aclocal}
+echo de > po/LINGUAS
+%{__aclocal} -I m4
 %{__autoconf}
 %{__autoheader}
 %{__automake}
diff --git a/lrzsz-CVE-2018-10195.patch b/lrzsz-CVE-2018-10195.patch
new file mode 100644
index 0000000..9420b7b
--- /dev/null
+++ b/lrzsz-CVE-2018-10195.patch
@@ -0,0 +1,20 @@
+Fix CVE-2018-10195: prevent size_t wraparound in zsdata() when length is 0.
+The do-while loop with --length>0 on an unsigned size_t wraps around when
+length is 0, causing information disclosure. Replace with a for loop that
+correctly handles the zero-length case.
+
+--- lrzsz-0.12.21/src/zm.c	2026-03-14 12:24:45.270547676 +0100
++++ lrzsz-0.12.21-cve/src/zm.c	2026-03-14 12:25:51.710551981 +0100
+@@ -432,10 +432,10 @@ zsdata(const char *buf, size_t length, i
+ 	VPRINTF(3,("zsdata: %lu %s", (unsigned long) length, 
+ 		Zendnames[(frameend-ZCRCE)&3]));
+ 	crc = 0;
+-	do {
++	for (; length; length--) {
+ 		zsendline(*buf); crc = updcrc((0377 & *buf), crc);
+ 		buf++;
+-	} while (--length>0);
++	}
+ 	xsendline(ZDLE); xsendline(frameend);
+ 	crc = updcrc(frameend, crc);
+ 
diff --git a/lrzsz-aclocal+DESTDIR.patch b/lrzsz-aclocal+DESTDIR.patch
index 435f4b6..5d74a1c 100644
--- a/lrzsz-aclocal+DESTDIR.patch
+++ b/lrzsz-aclocal+DESTDIR.patch
@@ -1,6 +1,5 @@
-diff -Naur lrzsz-0.12.20-old/po/Makefile.in.in lrzsz-0.12.20/po/Makefile.in.in
---- lrzsz-0.12.20-old/po/Makefile.in.in	Sun Apr 26 15:22:40 1998
-+++ lrzsz-0.12.20/po/Makefile.in.in	Fri Feb 25 17:08:07 2000
+--- lrzsz-0.12.21-fresh/po/Makefile.in.in	1998-04-26 15:22:40.000000000 +0200
++++ lrzsz-0.12.21-patched/po/Makefile.in.in	2026-03-14 12:25:05.949914622 +0100
 @@ -6,6 +6,8 @@
  # but which still want to provide support for the GNU gettext functionality.
  # Please note that the actual code is *not* freely available.
@@ -30,7 +29,7 @@ diff -Naur lrzsz-0.12.20-old/po/Makefile.in.in lrzsz-0.12.20/po/Makefile.in.in
 +	    *)     destdir=$(DESTDIR)$(localedir);; \
  	  esac; \
  	  lang=`echo $$cat | sed 's/\$(CATOBJEXT)$$//'`; \
- 	  if test -r $(MKINSTALLDIRS); then \
+ 	  dir=$$destdir/$$lang/LC_MESSAGES; \
 @@ -152,12 +154,12 @@
  	done
  	if test "$(PACKAGE)" = "gettext"; then \
@@ -47,9 +46,8 @@ diff -Naur lrzsz-0.12.20-old/po/Makefile.in.in lrzsz-0.12.20/po/Makefile.in.in
  	else \
  	  : ; \
  	fi
-diff -Naur lrzsz-0.12.20-old/src/Makefile.am lrzsz-0.12.20/src/Makefile.am
---- lrzsz-0.12.20-old/src/Makefile.am	Mon Dec 28 09:38:47 1998
-+++ lrzsz-0.12.20/src/Makefile.am	Fri Feb 25 18:29:19 2000
+--- lrzsz-0.12.21-fresh/src/Makefile.am	1998-12-28 09:41:34.000000000 +0100
++++ lrzsz-0.12.21-patched/src/Makefile.am	2026-03-14 12:25:05.950953406 +0100
 @@ -18,13 +18,13 @@
  	rm -f $(DESTDIR)/$(bindir)/`echo lsb | sed -e '$(transform)'`
  	ln $(DESTDIR)/$(bindir)/`echo lsz |sed -e '$(transform)'` \
diff --git a/lrzsz-c99.patch b/lrzsz-c99.patch
new file mode 100644
index 0000000..5b1c1e3
--- /dev/null
+++ b/lrzsz-c99.patch
@@ -0,0 +1,201 @@
+Fix C99/modern compiler compatibility issues.
+Remove K&R function definitions, add missing includes, replace RETSIGTYPE
+with void, remove obsolete STRICT_PROTOTYPES blocks, fix strtol/strerror
+declarations, fix setlocale macro conflict with locale.h, add _GNU_SOURCE
+for vasprintf in lsyslog.c.
+
+--- lrzsz-c99-base/lib/long-options.c	1999-08-22 20:51:21.000000000 +0200
++++ lrzsz-c99-fixed/lib/long-options.c	2026-03-14 12:30:34.059284123 +0100
+@@ -22,6 +22,7 @@
+ #endif
+ 
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <getopt.h>
+ #include "long-options.h"
+ 
+@@ -34,17 +35,9 @@
+ 
+ /* Process long options --help and --version, but only if argc == 2.
+    Be careful not to gobble up `--'.  */
+-#ifdef __cplusplus
+-void parse_long_options (int argc, char **argv,
+-	void (*version)(void), void (*usage)(int))
+-#else
+ void
+-parse_long_options (argc, argv,version, usage)
+-     int argc;
+-     char **argv;
+-     void (*version)();
+-     void (*usage)();
+-#endif
++parse_long_options (int argc, char **argv,
++	void (*version)(void), void (*usage)(int))
+ {
+   int c;
+   int saved_opterr;
+--- lrzsz-c99-base/lib/xstrtol.c	1999-08-22 20:51:21.000000000 +0200
++++ lrzsz-c99-fixed/lib/xstrtol.c	2026-03-14 12:31:32.778485320 +0100
+@@ -65,22 +65,12 @@
+ 	}								\
+       while (0)
+ 
+-__unsigned long int __strtol ();
+ 
+ /* FIXME: comment.  */
+ 
+ strtol_error
+-#ifdef __cplusplus
+ __xstrtol (const char *s, char **ptr, int base, 
+ 		__unsigned long int *val, const char *valid_suffixes)
+-#else
+-__xstrtol (s, ptr, base, val, valid_suffixes)
+-     const char *s;
+-     char **ptr;
+-     int base;
+-     __unsigned long int *val;
+-     const char *valid_suffixes;
+-#endif
+ {
+   char *t_ptr;
+   char **p;
+--- lrzsz-c99-base/lib/error.c	1999-08-22 20:51:21.000000000 +0200
++++ lrzsz-c99-fixed/lib/error.c	2026-03-14 12:31:48.537610111 +0100
+@@ -71,24 +71,7 @@
+    name of the executing program.  */
+ extern char *program_name;
+ 
+-# if HAVE_STRERROR
+-#  ifndef strerror		/* On some systems, strerror is a macro */
+-char *strerror ();
+-#  endif
+-# else
+-static char *
+-private_strerror (errnum)
+-     int errnum;
+-{
+-  extern char *sys_errlist[];
+-  extern int sys_nerr;
+-
+-  if (errnum > 0 && errnum <= sys_nerr)
+-    return sys_errlist[errnum];
+-  return _("Unknown system error");
+-}
+-#  define strerror private_strerror
+-# endif	/* HAVE_STRERROR */
++# include <string.h>
+ #endif	/* _LIBC */
+ 
+ /* Print the program name and error message MESSAGE, which is a printf-style
+--- lrzsz-c99-base/src/lrz.c	2026-03-14 12:30:18.240052059 +0100
++++ lrzsz-c99-fixed/src/lrz.c	2026-03-14 12:30:34.059664984 +0100
+@@ -41,10 +41,6 @@
+ #include "xstrtoul.h"
+ #include "error.h"
+ 
+-#ifndef STRICT_PROTOTYPES
+-extern time_t time();
+-extern char *strerror();
+-#endif
+ 
+ #ifndef HAVE_ERRNO_DECLARATION
+ extern int errno;
+@@ -185,7 +181,7 @@
+ 
+ 
+ /* called by signal interrupt or terminate to clean things up */
+-RETSIGTYPE
++void
+ bibi(int n)
+ {
+ 	if (zmodem_requested)
+--- lrzsz-c99-base/src/lsz.c	2026-03-14 12:30:18.239729378 +0100
++++ lrzsz-c99-fixed/src/lsz.c	2026-03-14 12:30:34.059484268 +0100
+@@ -50,10 +50,6 @@
+ #include "xstrtoul.h"
+ #include "error.h"
+ 
+-#ifndef STRICT_PROTOTYPES
+-extern time_t time();
+-extern char *strerror();
+-#endif
+ 
+ #ifndef HAVE_ERRNO_DECLARATION
+ extern int errno;
+@@ -217,7 +213,7 @@
+ static int play_with_sigint=0;
+ 
+ /* called by signal interrupt or terminate to clean things up */
+-RETSIGTYPE
++void
+ bibi (int n)
+ {
+ 	canit(STDOUT_FILENO);
+@@ -233,7 +229,7 @@
+ }
+ 
+ /* Called when ZMODEM gets an interrupt (^C) */
+-static RETSIGTYPE
++static void
+ onintr(int n)
+ {
+ 	signal(SIGINT, SIG_IGN);
+--- lrzsz-c99-base/src/zreadline.c	1999-08-22 20:51:21.000000000 +0200
++++ lrzsz-c99-fixed/src/zreadline.c	2026-03-14 12:30:34.059773892 +0100
+@@ -43,7 +43,7 @@
+ int readline_left=0;
+ char *readline_ptr;
+ 
+-static RETSIGTYPE
++static void
+ zreadline_alarm_handler(int dummy)
+ {
+ 	dummy++; /* doesn't need to do anything */
+--- lrzsz-c99-base/src/zglobal.h	1998-12-29 13:58:37.000000000 +0100
++++ lrzsz-c99-fixed/src/zglobal.h	2026-03-14 12:33:12.514619913 +0100
+@@ -177,12 +177,7 @@
+ 
+ 
+ /* Take care of NLS matters.  */
+-#if HAVE_LOCALE_H
+-# include <locale.h>
+-#endif
+-#if !HAVE_SETLOCALE
+-# define setlocale(Category, Locale) /* empty */
+-#endif
++#include <locale.h>
+ 
+ #if ENABLE_NLS
+ # include <libintl.h>
+@@ -360,7 +355,7 @@
+ extern int Zctlesc;    /* Encode control characters */
+ extern int under_rsh;
+ 
+-RETSIGTYPE bibi __P ((int n));
++void bibi (int n);
+ 
+ #define sendline(c) putchar((c) & 0377)
+ #define xsendline(c) putchar(c)
+--- lrzsz-c99-base/src/lsyslog.c	1998-12-29 18:27:55.000000000 +0100
++++ lrzsz-c99-fixed/src/lsyslog.c	2026-03-14 12:30:34.059921829 +0100
+@@ -18,7 +18,9 @@
+   02111-1307, USA.
+ 
+ */
++#define _GNU_SOURCE
+ #include "config.h"
++#include <stdio.h>
+ #ifdef ENABLE_SYSLOG
+ #include "zglobal.h"
+ #include <pwd.h>
+--- lrzsz-c99-base/src/tcp.c	1999-08-22 20:51:21.000000000 +0200
++++ lrzsz-c99-fixed/src/tcp.c	2026-03-14 12:30:34.059994435 +0100
+@@ -38,7 +38,7 @@
+ #include <stdlib.h>
+ #include "error.h"
+ 
+-static RETSIGTYPE
++static void
+ tcp_alarm_handler(int dummy)
+ {
+ 	dummy++; /* doesn't need to do anything */
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lrzsz.git/commitdiff/a0e727af72e87cdb035411deab46f6d857536f92

More information about the pld-cvs-commit mailing list