arj/repos/community-x86_64/security_format.patch

   1 Patch by Guillem Jover <guillem@debian.org> for arj <= 3.10.22, which
   2 fixes format security errors.
   3
   4 ---
   5  arj_arcv.c |   12 ++++++------
   6  arj_user.c |    8 ++++----
   7  arjdisp.c  |   58 ++++++++++++++++++++++++++++------------------------------
   8  arjsfx.c   |    2 +-
   9  fardata.c  |   10 +++++-----
  10  rearj.c    |    2 +-
  11  register.c |    2 +-
  12  7 files changed, 46 insertions(+), 48 deletions(-)
  13
  14 --- a/fardata.c
  15 +++ b/fardata.c
  16 @@ -52,7 +52,7 @@ int error_proc(FMSG *errmsg, ...)
  17    /* Check if the message could have a standard error code */
  18    if(errno!=0&&is_std_error(errmsg))
  19    {
  20 -   msg_cprintf(0, lf);
  21 +   msg_cprintf(0, "\n");
  22     error_report();
  23    }
  24   #endif
  25 @@ -379,10 +379,10 @@ static void flush_cbuf(int ccode, char *
  26      {
  27       #if SFX_LEVEL>=ARJSFXV
  28        fprintf(new_stdout, strform, n_text);
  29 -      fprintf(new_stdout, lf);
  30 +      fprintf(new_stdout, "\n");
  31       #else
  32        printf(strform, n_text);
  33 -      printf(lf);
  34 +      printf("\n");
  35       #endif
  36      }
  37      else
  38 @@ -393,13 +393,13 @@ static void flush_cbuf(int ccode, char *
  39       #ifdef NEED_CRLF
  40        scr_out("\r");
  41       #endif
  42 -     scr_out(lf);
  43 +     scr_out("\n");
  44      }
  45      if(!no_colors)
  46       textcolor(color_table[ccode&H_COLORMASK].color);
  47     #else
  48      printf(strform, n_text);
  49 -    printf(lf);
  50 +    printf("\n");
  51     #endif
  52     n_text=t_text+1;
  53     #if SFX_LEVEL>=ARJ
  54 --- a/arj_user.c
  55 +++ b/arj_user.c
  56 @@ -1059,7 +1059,7 @@ static void finish_processing(int cmd)
  57       if(recover_file(tmp_archive_name, nullstr, tmp_tmp_filename, protected, eof_pos))
  58       {
  59        msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
  60 -      printf(lf);
  61 +      printf("\n");
  62       }
  63       else
  64       {
  65 @@ -1294,7 +1294,7 @@ static void finish_processing(int cmd)
  66     if(recover_file(archive_name, nullstr, nullstr, protected, eof_pos))
  67     {
  68      msg_cprintf(H_HL, M_CANT_FIND_DAMAGE, archive_name);
  69 -    printf(lf);
  70 +    printf("\n");
  71     }
  72     else
  73     {
  74 @@ -1327,7 +1327,7 @@ static void finish_processing(int cmd)
  75      msg_cprintf(0, M_CHAPTERS_ON);
  76     else if(chapter_mode==CHAP_REMOVE)
  77      msg_cprintf(0, M_CHAPTERS_OFF);
  78 -   msg_cprintf(0, strform, lf);
  79 +   msg_cprintf(0, strform, "\n");
  80    }
  81    if(cmd==ARJ_CMD_COPY&&protfile_option&&!arjprot_tail)
  82     msg_cprintf(0, M_ARJPROT_DISABLED);
  83 @@ -2303,7 +2303,7 @@ void process_archive()
  84    timestamp_to_str(timetext, &ftime_stamp);
  85    msg_cprintf(H_HL|H_NFMT, M_ARCHIVE_CREATED, timetext);
  86    if(show_ansi_comments)
  87 -   printf(cmt_ptr);
  88 +   fputs(cmt_ptr, stdout);
  89    else
  90     display_comment(cmt_ptr);
  91    /* The sfx_setup() occurs here */
  92 --- a/arj_arcv.c
  93 +++ b/arj_arcv.c
  94 @@ -913,13 +913,13 @@ int supply_comment(char *cmtname, char *
  95      else
  96      {
  97       strcat(tmp_comment, tmp_cmtline);
  98 -     strcat(tmp_comment, lf);
  99 +     strcat(tmp_comment, "\n");
 100      }
 101     }
 102     else
 103     {
 104      strcat(tmp_comment, tmp_cmtline);
 105 -    strcat(tmp_comment, lf);
 106 +    strcat(tmp_comment, "\n");
 107     }
 108    }
 109   }
 110 @@ -1846,7 +1846,7 @@ int pack_file(int is_update, int is_repl
 111     raw_eh=eh_lookup(eh, UXSPECIAL_ID)->raw;
 112     uxspecial_stats(raw_eh, UXSTATS_SHORT);
 113    }
 114 -  msg_cprintf(0, lf);
 115 +  msg_cprintf(0, "\n");
 116   }
 117   if(err_id==0&&user_wants_fail)
 118   {
 119 @@ -2523,9 +2523,9 @@ int unpack_validation()
 120     {
 121      msg_cprintf(0, (FMSG *)strform, misc_buf);
 122      if(search_mode==SEARCH_DEFAULT)
 123 -     msg_cprintf(0, (FMSG *)lf);
 124 +     msg_cprintf(0, "\n");
 125      if(search_mode==SEARCH_BRIEF)
 126 -     msg_cprintf(0, (FMSG *)cr);
 127 +     msg_cprintf(0, "\r");
 128     }
 129     for(pattern=0; pattern<SEARCH_STR_MAX; search_occurences[pattern++]=0);
 130     reserve_size=0;
 131 @@ -3652,7 +3652,7 @@ void archive_cleanup()
 132   {
 133    if(msg_fprintf(idxstream, M_TESTING, archive_name)<0)
 134     error(M_DISK_FULL);
 135 -  if(fprintf(idxstream, lf)<0)
 136 +  if(fprintf(idxstream, "\n")<0)
 137     error(M_DISK_FULL);
 138   }
 139   cmd_verb=ARJ_CMD_TEST;
 140 --- a/arjsfx.c
 141 +++ b/arjsfx.c
 142 @@ -214,7 +214,7 @@ static void final_cleanup(void)
 143    freopen(dev_con, m_w, stdout);
 144   #if SFX_LEVEL>=ARJSFXV
 145    if(ferror(stdout))
 146 -   msg_fprintf(stderr, M_DISK_FULL);
 147 +   msg_fprintf(stderr, "Can't write file. Disk full?");
 148    if(debug_enabled&&strchr(debug_opt, 't')!=NULL)
 149    {
 150     ticks=get_ticks()-ticks;
 151 --- a/rearj.c
 152 +++ b/rearj.c
 153 @@ -935,7 +935,7 @@ static int convert_archive(char *name)
 154   msg_cprintf(H_HL|H_NFMT, M_OLD_SIZE, old_fsize);
 155   msg_cprintf(H_HL|H_NFMT, M_NEW_SIZE, new_fsize);
 156   msg_cprintf(H_HL|H_NFMT, M_SAVINGS_SIZE, gain);
 157 - printf(lf);
 158 + printf("\n");
 159   total_old_fsize+=old_fsize;
 160   total_new_fsize+=new_fsize;
 161   total_files++;
 162 --- a/register.c
 163 +++ b/register.c
 164 @@ -205,7 +205,7 @@ int main(int argc, char **argv)
 165   char reg_source[200];
 166   int i;
 167
 168 - printf(M_REGISTER_BANNER);
 169 + fputs(M_REGISTER_BANNER, stdout);
 170   integrity_pattern[0]--;
 171   build_crc32_table();
 172   if(argc!=2)
 173 --- a/arjdisp.c
 174 +++ b/arjdisp.c
 175 @@ -20,8 +20,6 @@ static long bytes;
 176  static long compsize;
 177  static char cmd_verb;
 178  static char msg_lf[]="\n";
 179 -char strform[]="%s";                    /* Export it for scrnio.c, too
 180 -                                           (a byte saved is a byte gained) */
 181
 182  /* Pseudographical controls */
 183
 184 @@ -54,19 +52,19 @@ static void show_init_scrn()
 185   textcolor(7);
 186   clrscr();
 187   gotoxy(2, 2);
 188 - scrprintf(win_top);
 189 + fputs(win_top, stdout);
 190   for(i=3; i<24; i++)
 191   {
 192 -  gotoxy(2, i); scrprintf(win_border);
 193 -  gotoxy(79, i); scrprintf(win_border);
 194 +  gotoxy(2, i); fputs(win_border, stdout);
 195 +  gotoxy(79, i); fputs(win_border, stdout);
 196   }
 197 - gotoxy(2, 24); scrprintf(win_bottom);
 198 + gotoxy(2, 24); fputs(win_bottom, stdout);
 199   gotoxy(10, 5);
 200 - scrprintf(M_ARJDISP_COPYRIGHT);
 201 + fputs(M_ARJDISP_COPYRIGHT, stdout);
 202   gotoxy(10, 6);
 203 - scrprintf(M_ARJDISP_DISTRIBUTION);
 204 + fputs(M_ARJDISP_DISTRIBUTION, stdout);
 205   gotoxy(10, 7);
 206 - scrprintf(M_ARJDISP_LICENSE);
 207 + fputs(M_ARJDISP_LICENSE, stdout);
 208   gotoxy(16, 10);
 209   scrprintf(M_PROCESSING_ARCHIVE, archive_name);
 210   t=strtok(M_ARJDISP_INFO, msg_lf);
 211 @@ -74,11 +72,11 @@ static void show_init_scrn()
 212   while(t!=NULL&&i<=23)
 213   {
 214    gotoxy(10, i++);
 215 -  scrprintf(strform, t);
 216 +  scrprintf("%s", t);
 217    t=strtok(NULL, msg_lf);
 218   }
 219   gotoxy(16, 20);
 220 - scrprintf(M_PRESS_ANY_KEY);
 221 + fputs(M_PRESS_ANY_KEY, stdout);
 222   uni_getch();
 223   gotoxy(1, 24);
 224  }
 225 @@ -96,19 +94,19 @@ static void show_proc_scrn()
 226   {
 227    clrscr();
 228    gotoxy(2, 2);
 229 -  scrprintf(win_top);
 230 +  fputs(win_top, stdout);
 231    for(i=3; i<24; i++)
 232    {
 233 -   gotoxy(2, i); scrprintf(win_border);
 234 -   gotoxy(79, i); scrprintf(win_border);
 235 +   gotoxy(2, i); fputs(win_border, stdout);
 236 +   gotoxy(79, i); fputs(win_border, stdout);
 237    }
 238 -  gotoxy(2, 24); scrprintf(win_bottom);
 239 +  gotoxy(2, 24); fputs(win_bottom, stdout);
 240    gotoxy(10, 5);
 241 -  scrprintf(M_ARJDISP_COPYRIGHT);
 242 +  fputs(M_ARJDISP_COPYRIGHT, stdout);
 243    gotoxy(10, 6);
 244 -  scrprintf(M_ARJDISP_DISTRIBUTION);
 245 +  fputs(M_ARJDISP_DISTRIBUTION, stdout);
 246    gotoxy(10, 7);
 247 -  scrprintf(M_ARJDISP_LICENSE);
 248 +  fputs(M_ARJDISP_LICENSE, stdout);
 249    gotoxy(16, 10);
 250    scrprintf(M_PROCESSING_ARCHIVE, archive_name);
 251    gotoxy(16, 12);
 252 @@ -132,13 +130,13 @@ static void show_proc_scrn()
 253      break;
 254    }
 255    gotoxy(15, 14);
 256 -  scrprintf(ind_top);
 257 +  fputs(ind_top, stdout);
 258    gotoxy(15, 15);
 259 -  scrprintf(ind_middle);
 260 +  fputs(ind_middle, stdout);
 261    gotoxy(15, 16);
 262 -  scrprintf(ind_bottom);
 263 +  fputs(ind_bottom, stdout);
 264    gotoxy(16, 18);
 265 -  scrprintf(M_ARJDISP_CTR_START);
 266 +  fputs(M_ARJDISP_CTR_START, stdout);
 267   }
 268   else
 269   {
 270 @@ -146,7 +144,7 @@ static void show_proc_scrn()
 271    gotoxy(16, 15);
 272    memset(progress, indo, i);
 273    progress[i]='\0';
 274 -  scrprintf(progress);
 275 +  fputs(progress, stdout);
 276    gotoxy(16, 18);
 277    scrprintf(M_ARJDISP_CTR, calc_percentage(bytes, uncompsize)/10);
 278   }
 279 @@ -165,19 +163,19 @@ static void show_ending_scrn()
 280   textcolor(7);
 281   clrscr();
 282   gotoxy(2, 2);
 283 - scrprintf(win_top);
 284 + fputs(win_top, stdout);
 285   for(i=3; i<24; i++)
 286   {
 287 -  gotoxy(2, i); scrprintf(win_border);
 288 -  gotoxy(79, i); scrprintf(win_border);
 289 +  gotoxy(2, i); fputs(win_border, stdout);
 290 +  gotoxy(79, i); fputs(win_border, stdout);
 291   }
 292 - gotoxy(2, 24); scrprintf(win_bottom);
 293 + gotoxy(2, 24); fputs(win_bottom, stdout);
 294   gotoxy(10, 5);
 295 - scrprintf(M_ARJDISP_COPYRIGHT);
 296 + fputs(M_ARJDISP_COPYRIGHT, stdout);
 297   gotoxy(10, 6);
 298 - scrprintf(M_ARJDISP_DISTRIBUTION);
 299 + fputs(M_ARJDISP_DISTRIBUTION, stdout);
 300   gotoxy(10, 7);
 301 - scrprintf(M_ARJDISP_LICENSE);
 302 + fputs(M_ARJDISP_LICENSE, stdout);
 303   gotoxy(16, 10);
 304   scrprintf(M_FINISHED_PROCESSING, archive_name);
 305   gotoxy(1, 24);