diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD index 97b497b..5d5bea5 100644 --- a/trunk/PKGBUILD +++ b/trunk/PKGBUILD @@ -9,20 +9,28 @@ arch=('x86_64') #url="http://lout.wiki.sourceforge.net/" url="https://savannah.nongnu.org/projects/lout" license=('GPL') -depends=('glibc') +depends=('glibc' 'zlib') +makedepends=('systemd') install=lout.install source=(http://mirrors.ctan.org/support/$pkgname/$pkgname-$pkgver.tar.gz + lout-3.40-cve.patch makefile.arch lout.install https://pkgs.fedoraproject.org/repo/pkgs/lout/slides.pdf/6822c33e49a1dca0b090f297d404d7fa/slides.pdf) md5sums=('fd0fe084cebd07fc209d392a2d380755' - '088a29ca16477a9a30da9fafc9391de8' + '87cbad28581ecbd502dddb1f30c314a5' + '96494a1a425556ad39400fa93ed7379a' '597cd52eb87ef6253cf769bed4db3952' '6822c33e49a1dca0b090f297d404d7fa') -build() { +prepare() { cd "$srcdir/$pkgname-$pkgver" + patch -Np1 -i ../lout-3.40-cve.patch #CVE-2019-19917 CVE-2019-19918 cp ../makefile.arch . +} + +build() { + cd "$srcdir/$pkgname-$pkgver" make -f makefile.arch } diff --git a/trunk/lout-3.40-cve.patch b/trunk/lout-3.40-cve.patch new file mode 100644 index 0000000..cef806e --- /dev/null +++ b/trunk/lout-3.40-cve.patch @@ -0,0 +1,95 @@ +--- lout-3.40-cve/externs.h- 2013-06-25 00:34:24.000000000 +0100 ++++ lout-3.40-cve/externs.h 2020-10-22 22:28:05.613961085 +0100 +@@ -260,6 +260,9 @@ + /* that can appear correctly on one page. Can be */ + /* increased to any small positive integer. */ + /* */ ++/* MAX_FORMAT The maximum number of characters for sscanf formats */ ++/* for splitting strings with tab-delimited fields. */ ++/* */ + /*****************************************************************************/ + + #define MAX_FULL_LENGTH 8388607 /* 2**23 - 1, about 148 metres */ +@@ -275,6 +278,7 @@ + #define MAX_LEX_STACK 20 + #define MAX_CHARS 256 + #define MAX_HCOPIES 3 ++#define MAX_FORMAT 100 + + /*****************************************************************************/ + /* */ +--- lout-3.40-cve/z02.c- 2010-09-09 21:53:20.000000000 +0100 ++++ lout-3.40-cve/z02.c 2020-10-22 23:24:58.827547391 +0100 +@@ -378,7 +378,7 @@ + if( blksize != 0 && chpt < limit ) + { debugcond0(DLA, DD, stack_free <= 1, "srcnext: transferring."); + col = buf; +- while( chtbl[(*--col = *--limit)] != NEWLINE ); ++ while( col > mem_block && chtbl[(*--col = *--limit)] != NEWLINE ); + frst = col + 1; limit++; blksize = 0; + } + +--- lout-3.40-cve/z33.c- 2010-09-09 21:54:53.000000000 +0100 ++++ lout-3.40-cve/z33.c 2020-10-22 22:28:22.929094724 +0100 +@@ -847,6 +847,7 @@ + BOOLEAN DbRetrieveNext(OBJECT db, BOOLEAN *gall, OBJECT *sym, FULL_CHAR *tag, + FULL_CHAR *seq, FILE_NUM *dfnum, long *dfpos, int *dlnum, long *cont) + { FULL_CHAR line[MAX_BUFF], *cline, fname[MAX_BUFF]; int symnum; ++ char format[MAX_FORMAT]; + ifdebug(DPP, D, ProfileOn("DbRetrieveNext")); + debug2(DBS, DD, "DbRetrieveNext( %s, %ld )", string(db), *cont); + assert(reading(db), "DbRetrieveNext: not reading"); +@@ -858,6 +859,8 @@ + return FALSE; + } + ++ sprintf(format, "%%d&%%%d[^\t]\t%%%d[^\t]\t%%*[^\t]\t%%ld\t%%d\t%%%d[^\n\f]", MAX_BUFF-1, MAX_BUFF-1, MAX_BUFF-1); ++ + if( in_memory(db) ) + { + /* get next entry from internal database */ +@@ -868,7 +871,7 @@ + } + cline = (FULL_CHAR *) db_lines(db)[*cont]; + *gall = (cline[0] == '0' ? 1 : 0); +- sscanf((char *)&cline[*gall], "%d&%[^\t]\t%[^\t]\t%*[^\t]\t%ld\t%d\t%[^\n\f]", ++ sscanf((char *)&cline[*gall], format, + &symnum, tag, seq, dfpos, dlnum, fname); + *cont = *cont + 1; + } +@@ -882,7 +885,7 @@ + return FALSE; + } + *gall = (line[0] == '0' ? 1 : 0); +- sscanf((char *)&line[*gall], "%d&%[^\t]\t%[^\t]\t%*[^\t]\t%ld\t%d\t%[^\n\f]", ++ sscanf((char *)&line[*gall], format, + &symnum, tag, seq, dfpos, dlnum, fname); + *cont = ftell(db_filep(db)); + } +--- lout-3.40-cve/z39.c- 2010-09-09 21:55:13.000000000 +0100 ++++ lout-3.40-cve/z39.c 2020-10-22 22:28:28.439137252 +0100 +@@ -79,11 +79,13 @@ + int strcollcmp(char *a, char *b) + { char a1[MAX_BUFF], a2[MAX_BUFF], a3[MAX_BUFF]; + char b1[MAX_BUFF], b2[MAX_BUFF], b3[MAX_BUFF]; ++ char format[MAX_FORMAT]; + int order; ++ sprintf(format, "%%%d[^\t]\t%%%d[^\t]\t%%%d[^\t]", MAX_BUFF-1, MAX_BUFF-1, MAX_BUFF-1); + a1[0] = a2[0] = a3[0] = '\0'; +- sscanf(a, "%[^\t]\t%[^\t]\t%[^\t]", a1, a2, a3); ++ sscanf(a, format, a1, a2, a3); + b1[0] = b2[0] = b3[0] = '\0'; +- sscanf(b, "%[^\t]\t%[^\t]\t%[^\t]", b1, b2, b3); ++ sscanf(b, format, b1, b2, b3); + order = strcoll(a1, b1); + if( order == 0 ) + { +@@ -251,7 +253,7 @@ + *q++ = CH_QUOTE; + for( p = string(x); *p != '\0'; p++ ) + { +- for( r = (FULL_CHAR *) quoted_string[*p]; *r != '\0'; *q++ = *r++ ); ++ for( r = (FULL_CHAR *) quoted_string[*p]; *r != '\0' && q < &buff[MAX_BUFF-2]; *q++ = *r++ ); + } + *q++ = CH_QUOTE; + *q++ = '\0'; diff --git a/trunk/makefile.arch b/trunk/makefile.arch index e0cb633..63c5327 100644 --- a/trunk/makefile.arch +++ b/trunk/makefile.arch @@ -2,13 +2,13 @@ # catwell PKGDIR = / -COPTS = -ansi -pedantic -O3 +CFLAGS ?= -ansi -pedantic -O3 -CFLAGS = -DOS_UNIX=1 -DOS_DOS=0 -DOS_MAC=0 -DDB_FIX=0 -DUSE_STAT=1 \ +CFLAGS += -DOS_UNIX=1 -DOS_DOS=0 -DOS_MAC=0 -DDB_FIX=0 -DUSE_STAT=1 \ -DSAFE_DFT=0 -DCOLLATE=1 -DLIB_DIR=\"/usr/lib/lout\" -DFONT_DIR=\"font\" \ -DMAPS_DIR=\"maps\" -DINCL_DIR=\"include\" -DDATA_DIR=\"data\" -DHYPH_DIR=\"hyph\" \ -DLOCALE_DIR=\"locale\" -DCHAR_IN=1 -DCHAR_OUT=0 -DLOCALE_ON=0 \ - -DASSERT_ON=1 $(COPTS) -DDEBUG_ON=0 -DPDF_COMPRESSION=1 -I/usr/lib/ + -DASSERT_ON=1 -DDEBUG_ON=0 -DPDF_COMPRESSION=1 -I/usr/lib/ OBJS = z01.o z02.o z03.o z04.o z05.o z06.o z07.o z08.o \ z09.o z10.o z11.o z12.o z13.o z14.o z15.o z16.o \ @@ -18,15 +18,18 @@ OBJS = z01.o z02.o z03.o z04.o z05.o z06.o z07.o z08.o \ z41.o z42.o z43.o z44.o z45.o z46.o z47.o z48.o \ z49.o z50.o z51.o z52.o -arch: $(OBJS) - gcc -o lout $(OBJS) /usr/lib/libz.a -lm - gcc -o prg2lout prg2lout.c +all: lout prg2lout + +prg2lout: prg2lout.c + +lout: $(OBJS) + $(CC) $(LDFLAGS) -o $@ $(OBJS) -lm -lz $(OBJS): externs.h externs.h: -install: arch +install: all # lout install -Dm0755 lout $(PKGDIR)/usr/bin/lout set include data hyph font maps; \