[packages/unarj] - fix format string errors - fix various types redefinitions and incorrect usage

baggins baggins at pld-linux.org
Thu Jan 1 13:10:29 CET 2015 

commit d4393df8c208c7859ebfbf02b36d1d64ae430cb9
Author: Jan Rękorajski <baggins at pld-linux.org>
Date:   Thu Jan 1 12:10:04 2015 +0000

    - fix format string errors
    - fix various types redefinitions and incorrect usage

 format-security.patch | 64 +++++++++++++++++++++++++++++++++++++
 types.patch           | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++
 unarj.spec            |  4 +++
 3 files changed, 155 insertions(+)
---
diff --git a/unarj.spec b/unarj.spec
index 6cf8d32..56132bc 100644
--- a/unarj.spec
+++ b/unarj.spec
@@ -17,6 +17,8 @@ Source0:	ftp://sunsite.unc.edu/pub/Linux/utils/compress/%{name}-%{version}.tar.g
 Patch0:		%{name}-opt.patch
 Patch1:		%{name}-overflow.patch
 Patch2:		%{name}-path.patch
+Patch3:		format-security.patch
+Patch4:		types.patch
 BuildRoot:	%{tmpdir}/%{name}-%{version}-root-%(id -u -n)
 
 %description
@@ -60,6 +62,8 @@ tabanlı makinelerde sıkça kullanılan bir sıkıştırma biçimidir.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
+%patch3 -p1
+%patch4 -p1
 
 %build
 %{__make} \
diff --git a/format-security.patch b/format-security.patch
new file mode 100644
index 0000000..851d9fb
--- /dev/null
+++ b/format-security.patch
@@ -0,0 +1,64 @@
+--- unarj-2.63a/unarj.c.orig	2015-01-01 11:59:19.488304823 +0000
++++ unarj-2.63a/unarj.c	2015-01-01 12:00:52.224968219 +0000
+@@ -703,7 +703,7 @@
+     }
+     if ((arj_flags & GARBLE_FLAG) != 0)
+     {
+-        printf(M_ENCRYPT);
++        printf("%s", M_ENCRYPT);
+         printf(M_SKIPPED, filename);
+         skip();
+         return -1;
+@@ -784,7 +784,7 @@
+     }
+     printf(M_EXTRACT, name);
+     if (host_os != OS && file_type == BINARY_TYPE)
+-        printf(M_DIFFHOST);
++        printf("%s", M_DIFFHOST);
+     printf("  ");
+ 
+     crc = CRC_MASK;
+@@ -800,10 +800,10 @@
+     set_ftime_mode(name, time_stamp, file_mode, (uint) host_os);
+ 
+     if ((crc ^ CRC_MASK) == file_crc)
+-        printf(M_CRCOK);
++        printf("%s", M_CRCOK);
+     else
+     {
+-        printf(M_CRCERROR);
++        printf("%s", M_CRCERROR);
+         error_count++;
+     }
+     return 1;
+@@ -829,10 +829,10 @@
+         decode_f();
+ 
+     if ((crc ^ CRC_MASK) == file_crc)
+-        printf(M_CRCOK);
++        printf("%s", M_CRCOK);
+     else
+     {
+-        printf(M_CRCERROR);
++        printf("%s", M_CRCERROR);
+         error_count++;
+     }
+     return 1;
+@@ -979,7 +979,7 @@
+     int i;
+ 
+     for (i = 0; M_USAGE[i] != NULL; i++)
+-        printf(M_USAGE[i]);
++        printf("%s", M_USAGE[i]);
+ }
+ 
+ int
+@@ -994,7 +994,7 @@
+     argc = ccommand(&argv);
+ #endif
+ 
+-    printf(M_VERSION);
++    printf("%s", M_VERSION);
+ 
+     if (argc == 1)
+     {
diff --git a/types.patch b/types.patch
new file mode 100644
index 0000000..d05a80c
--- /dev/null
+++ b/types.patch
@@ -0,0 +1,87 @@
+--- unarj-2.63a/environ.c.orig	2000-10-02 12:33:08.000000000 +0000
++++ unarj-2.63a/environ.c	2015-01-01 12:08:50.374951350 +0000
+@@ -430,16 +430,11 @@
+ 
+ #define SUBS_DEFINED
+ 
++#include <sys/types.h>
+ #include <time.h>
+-
+-#ifndef time_t
+-#define time_t long
+-#endif
+-
+-extern struct tm *localtime();
+-extern time_t time();
+-extern char   *strcpy();
+-extern voidp  *malloc();
++#include <utime.h>
++#include <string.h>
++#include <stdlib.h>
+ 
+ FILE *
+ file_open(name, mode)
+@@ -534,19 +529,19 @@
+         str[3] = 'R';
+ }
+ 
+-long
++time_t
+ gettz()         /* returns the offset from GMT in seconds */
+ {
+ #define NOONOFFSET    43200L
+ #define SEC_IN_DAY    (24L * 60L * 60L)
+ #define INV_VALUE     (SEC_IN_DAY + 1L)
+-    static long retval = INV_VALUE;
+-    long now, noon;
++    static time_t retval = INV_VALUE;
++    time_t now, noon;
+     struct tm *noontm;
+ 
+     if (retval != INV_VALUE)
+         return retval;
+-    now = (long) time((long *) 0);
++    now = time((time_t *) 0);
+     /* Find local time for GMT noon today */
+     noon = now - now % SEC_IN_DAY + NOONOFFSET ;
+     noontm = localtime(&noon);
+@@ -554,13 +549,13 @@
+     return retval;
+ }
+ 
+-long
++time_t
+ mstonix(tstamp)
+ ulong tstamp;
+ {
+     uint date, time;
+     int year, month, day, hour, min, sec, daycount;
+-    long longtime;
++    time_t longtime;
+     /* no. of days to beginning of month for each month */
+     static int dsboy[12] =
+         { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334};
+@@ -599,20 +594,14 @@
+ uint  host;
+ {
+     time_t m_time;
+-    struct utimbuf
+-    {
+-       time_t atime;             /* New access time */
+-       time_t mtime;             /* New modification time */
+-    } tb;
+-
+-    (char *) name;
++    struct utimbuf tb;
+     (uint) attribute;
+     (uint) host;
+ 
+     m_time = mstonix(tstamp) + gettz();
+ 
+-    tb.mtime = m_time;                  /* Set modification time */
+-    tb.atime = m_time;                  /* Set access time */
++    tb.modtime = m_time;                 /* Set modification time */
++    tb.actime = m_time;                  /* Set access time */
+ 
+     /* set the time stamp on the file */
+     return utime(name, &tb);
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/unarj.git/commitdiff/d4393df8c208c7859ebfbf02b36d1d64ae430cb9

More information about the pld-cvs-commit mailing list