[packages/zoo] - fix format string errors - fix incorrect usage of time and signal functions

baggins baggins at pld-linux.org
Thu Jan 1 12:44:37 CET 2015 

commit 667750d42275b7eaac58bfe5989f70f2ed0436c3
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Thu Jan 1 11:44:14 2015 +0000

    - fix format string errors
    - fix incorrect usage of time and signal functions

 format-security.patch | 101 ++++++++++++++++++++++++++++++++++++++++++++++++++
 types.patch           |  72 +++++++++++++++++++++++++++++++++++
 zoo.spec              |   4 ++
 3 files changed, 177 insertions(+)
---
diff --git a/zoo.spec b/zoo.spec
index cf00684..8f982a1 100644
--- a/zoo.spec
+++ b/zoo.spec
@@ -19,6 +19,8 @@ Patch1:		%{name}-morelinux.patch
 Patch2:		%{name}-CAN-2005-2349.patch
 Patch3:		%{name}-febz-183426.patch
 Patch4:		%{name}-security_pathsize.patch
+Patch5:		types.patch
+Patch6:		format-security.patch
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
@@ -49,6 +51,8 @@ Linux для добування файлів з архівів ZOO.
 %patch2 -p0
 %patch3 -p1
 %patch4 -p0
+%patch5 -p1
+%patch6 -p1
 
 %build
 %{__make} linux \
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..a8b9c9f
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,101 @@
+--- zoo-2.10/zoo.c.orig	2015-01-01 11:39:28.198346847 +0000
++++ zoo-2.10/zoo.c	2015-01-01 11:41:05.491676748 +0000
+@@ -166,7 +166,7 @@
+                   cmd == UPDATE || cmd == DELETE) && argc < 4) ||
+             ((cmd == EXTRACT || cmd == TEST || cmd == LIST ||
+                      cmd == PRINT || cmd == COMMENT) && argc < 3)) {
+-         fprintf (stderr, incorrect_args);
++         fputs (incorrect_args, stderr);
+          goto show_usage;
+       }
+    } else {
+@@ -190,7 +190,7 @@
+ 					)
+ 				 )
+ 			) {
+-         fprintf (stderr, incorrect_args);
++         fputs (incorrect_args, stderr);
+          goto show_usage;
+       }
+    }
+@@ -281,7 +281,7 @@
+ 
+ /* brief usage list */
+ give_list:
+-	fprintf (stderr, usage); zooexit (1);
++	fputs (usage, stderr); zooexit (1);
+ 
+ /* help screen */
+ bigusage:
+@@ -289,18 +289,18 @@
+ printf ("Zoo archiver, %s\n", version);
+ printf("(C) Copyright 1991 Rahul Dhesi -- Noncommercial use permitted\n");
+ 
+-printf (usage);
++printf ("%s", usage);
+ printf ("\nChoose a command from within {} and zero or more modifiers from within [].\n");
+ 
+ printf ("E.g.:  `zoo a save /bin/*' will archive all files in /bin into save.zoo.\n");
+ printf ("(Please see the user manual for a complete description of commands.)\n\n");
+-printf (nov_usage);
+-printf (nov_cmds);
++printf ("%s", nov_usage);
++printf ("%s", nov_cmds);
+ printf ("\n\n\n\n");
+ wait_return();	/* print msg & wait for RETURN */
+ 
+ printf ("\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n");
+-printf (usage);
++printf ("%s", usage);
+ 
+ printf (" Commands in {} mean:         |Modifiers in [] mean:\n");
+ 
+--- zoo-2.10/zooadd.c~	2015-01-01 11:39:00.000000000 +0000
++++ zoo-2.10/zooadd.c	2015-01-01 11:41:45.565008667 +0000
+@@ -539,7 +539,7 @@
+          status = getfile (this_file, zoo_file, -1L, 1);
+          if (status != 0) {  /* if III */
+             success = 0;
+-            printf (disk_full);
++            puts (disk_full);
+             exit_status++;
+          } else {
+             success = 1;
+--- zoo-2.10/zoolist.c.orig	2015-01-01 11:42:14.038340996 +0000
++++ zoo-2.10/zoolist.c	2015-01-01 11:43:02.441672622 +0000
+@@ -368,7 +368,7 @@
+          } else {
+             if (talking && first_time && !show_name) {/*print archive header */
+                printf ("Length    CF  Size Now  Date      Time\n");
+-               printf (tot_line);
++               printf ("%s", tot_line);
+             }
+             printf ("%8lu %3u%% %8lu  %2d %-.3s %02d %02d:%02d:%02d",  
+                      direntry.org_size, 
+@@ -466,7 +466,7 @@
+    if (talking && !show_name) {
+       if (!fast && file_count) {
+          tot_sf = cfactor (tot_org_siz, tot_siz_now);
+-         printf (tot_line);
++         printf ("%s", tot_line);
+       
+          printf (tot_fmt, tot_org_siz, tot_sf, tot_siz_now, file_count);
+ 			if (file_count > 1)
+@@ -476,7 +476,7 @@
+          
+          if (del_count || expl_ver || expl_deleted || expl_comment ||
+ 					expl_star || (show_gen && (zoo_header.type > 0)))
+-            printf (dashes);
++            printf ("%s", dashes);
+       }
+    
+       if (!fast) {
+@@ -518,7 +518,7 @@
+ if (talking && show_name) {
+    if (file_count) {
+       tot_sf = cfactor (tot_org_siz, tot_siz_now);
+-      printf (tot_line);
++      printf ("%s", tot_line);
+       printf (tot_fmt, tot_org_siz, tot_sf, tot_siz_now, file_count);
+ 		if (file_count > 1)
+ 			printf ("s\n");
diff --git a/types.patch b/types.patch
new file mode 100644
index 0000000..1aabd54
--- /dev/null
+++ b/types.patch
@@ -0,0 +1,72 @@
+--- zoo-2.10/sysv.c.orig	2015-01-01 11:29:55.000000000 +0000
++++ zoo-2.10/sysv.c	2015-01-01 11:32:08.355029029 +0000
+@@ -64,7 +64,7 @@
+ }
+ 
+ extern long timezone;   /* defined by library routine */
+-long time ();
++//long time ();
+ struct tm *localtime ();
+ 
+ /* Function gettz(), returns the offset from GMT in seconds of the
+@@ -77,10 +77,10 @@
+ #define INV_VALUE		(SEC_IN_DAY + 1L)
+ 	static long retval = INV_VALUE;	     /* cache, init to impossible value */
+ 	struct tm *tm;
+-	long clock;
++	time_t clock;
+ 	if (retval != INV_VALUE)				 /* if have cached value, return it */
+ 		return retval;
+-	clock = time ((long *) 0);
++	clock = time ((time_t *) 0);
+ 	tm = localtime (&clock);
+ 	retval = timezone - tm->tm_isdst*3600;
+ 	return retval;
+--- zoo-2.10/zooext.c.orig	2015-01-01 11:32:41.435027863 +0000
++++ zoo-2.10/zooext.c	2015-01-01 11:35:45.998354685 +0000
+@@ -62,7 +62,7 @@
+ char *whichname;                          /* which name to extract */
+ char matchname[PATHSIZE];                 /* for pattern matching only */
+ #ifndef NOSIGNAL
+-T_SIGNAL (*oldsignal)();        /* to save previous SIGINT handler */
++T_SIGNAL (*oldsignal)(int);        /* to save previous SIGINT handler */
+ #endif
+ ZOOFILE zoo_file;                         /* open archive */
+ long next_ptr;                            /* pointer to within archive */
+@@ -626,7 +626,7 @@
+ 
+ /* Ctrl_c() is called if ^C is hit while a file is being extracted.
+    It closes the files, deletes it, and exits. */
+-T_SIGNAL ctrl_c()
++T_SIGNAL ctrl_c(int __sig)
+ {
+ #ifndef NOSIGNAL
+    signal (SIGINT, SIG_IGN);     /* ignore any more */
+--- zoo-2.10/zoofns.h.orig	2015-01-01 11:36:21.808353422 +0000
++++ zoo-2.10/zoofns.h	2015-01-01 11:36:32.718353036 +0000
+@@ -42,12 +42,12 @@
+ int cfactor PARMS ((long, long));
+ int chname PARMS ((char *, char *));
+ int cmpnum PARMS ((unsigned int, unsigned int, unsigned int, unsigned int));
+-T_SIGNAL ctrl_c PARMS ((void));
++T_SIGNAL ctrl_c PARMS ((int));
+ int exists PARMS ((char *));
+ int getfile PARMS ((ZOOFILE, ZOOFILE, long, int));
+ int getutime PARMS ((char *, unsigned *, unsigned *));
+ int gettime PARMS ((ZOOFILE, unsigned *, unsigned *));
+-T_SIGNAL handle_break PARMS ((void));
++T_SIGNAL handle_break PARMS ((int));
+ 
+ #ifdef USE_ASCII
+ int isupper PARMS ((int));
+--- zoo-2.10/zoopack.c.orig	2015-01-01 11:37:13.198351608 +0000
++++ zoo-2.10/zoopack.c	2015-01-01 11:37:24.641684538 +0000
+@@ -388,7 +388,7 @@
+ 
+ /* handle_break() */
+ /* Sets break_hit to 1 when called */
+-T_SIGNAL handle_break()
++T_SIGNAL handle_break(int signum)
+ {
+ #ifndef NOSIGNAL
+    signal (SIGINT, SIG_IGN);     /* ignore future control ^Cs for now */
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/zoo.git/commitdiff/667750d42275b7eaac58bfe5989f70f2ed0436c3

More information about the pld-cvs-commit mailing list