diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD index bdae432..56444f4 100644 --- a/trunk/PKGBUILD +++ b/trunk/PKGBUILD @@ -10,27 +10,50 @@ url="http://www.fpx.de/fp/Software/UUDeview/" license=('GPL') optdepends=('tk: for GUI') options=('staticlibs') -source=(http://www.fpx.de/fp/Software/UUDeview/download/$pkgname-$pkgver.tar.gz) -md5sums=('0161abaec3658095044601eae82bbc5b') +source=(http://www.fpx.de/fp/Software/UUDeview/download/$pkgname-$pkgver.tar.gz + https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/uudeview/files/uudeview-0.5.20-bugfixes.patch + https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/uudeview/files/uudeview-0.5.20-CVE-2004-2265.patch + https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/uudeview/files/uudeview-0.5.20-CVE-2008-2266.patch + https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/uudeview/files/uudeview-0.5.20-rename.patch + https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/uudeview/files/uudeview-0.5.20-makefile.patch + https://gitweb.gentoo.org/repo/gentoo.git/plain/app-text/uudeview/files/uudeview-0.5.20-fix-append_signature.patch + uudeview-0.5.20-format-security.patch) +md5sums=('0161abaec3658095044601eae82bbc5b' + '999af7f97ca400c8c71ac02c73fc5d61' + 'd94ad287699e24fc3cb97b7b6f9a5e9d' + '5b77dcde3c95ded7b0c727f2198bf815' + '09333cba1e5c880ca077830a64726b3c' + 'f37d4af3a338ca349b9d4ada1a431513' + 'baec9adf1e136182fc2ff830c840c165' + '14d3b9f80dc53359bd041b5af6dabf74') + +prepare() { + cd "$srcdir"/$pkgname-$pkgver + patch -Np1 -i ../uudeview-0.5.20-bugfixes.patch + patch -Np1 -i ../uudeview-0.5.20-CVE-2004-2265.patch + patch -Np1 -i ../uudeview-0.5.20-CVE-2008-2266.patch + patch -Np1 -i ../uudeview-0.5.20-rename.patch + patch -Np1 -i ../uudeview-0.5.20-makefile.patch + patch -Np1 -i ../uudeview-0.5.20-fix-append_signature.patch + patch -Np1 -i ../uudeview-format-security.patch + autoreconf -fi +} build() { - cd "$srcdir"/uudeview-$pkgver/uulib - autoreconf + CFLAGS+=" -ffat-lto-objects" cd "$srcdir"/$pkgname-$pkgver - autoreconf - ./configure --prefix=/usr --mandir=/usr/share/man CFLAGS="-ffat-lto-objects" + ./configure --prefix=/usr --mandir=/usr/share/man make } package() { cd "$srcdir"/$pkgname-$pkgver - make prefix="$pkgdir"/usr MANDIR="$pkgdir"/usr/share/man install + make DESTDIR="$pkgdir" install install -d "$pkgdir"/usr/lib/uudeview install -d "$pkgdir"/usr/include/uudeview cd "$srcdir"/uudeview-$pkgver/uulib - ./configure --prefix=/usr - make + cp -v *.o "$pkgdir"/usr/lib/uudeview cp -v *.a "$pkgdir"/usr/lib/uudeview cp -v *.h "$pkgdir"/usr/include/uudeview diff --git a/trunk/uudeview-0.5.20-format-security.patch b/trunk/uudeview-0.5.20-format-security.patch new file mode 100644 index 0000000..14223b9 --- /dev/null +++ b/trunk/uudeview-0.5.20-format-security.patch @@ -0,0 +1,109 @@ +diff --git a/inews/clientlib.c b/inews/clientlib.c +index cdb9752..38aad28 100644 +--- a/inews/clientlib.c ++++ b/inews/clientlib.c +@@ -275,11 +275,11 @@ char *machine; + /* bcopy(*cp, (char *)&sin.sin_addr, hp->h_length);*/ + + if (x < 0) +- fprintf(stderr, "trying %s\n", inet_ntoa(sin.sin_addr)); ++ fprintf(stderr, "trying %d\n", inet_ntoa(sin.sin_addr)); + x = connect(s, (struct sockaddr *)&sin, sizeof (sin)); + if (x == 0) + break; +- fprintf(stderr, "connection to %s: ", inet_ntoa(sin.sin_addr)); ++ fprintf(stderr, "connection to %d: ", inet_ntoa(sin.sin_addr)); + perror(""); + (void) close(s); + } +diff --git a/inews/inews.c b/inews/inews.c +index 5fa309d..0b0bab4 100644 +--- a/inews/inews.c ++++ b/inews/inews.c +@@ -303,7 +303,7 @@ gen_frompath() + putc(*cp, ser_wr_fp); + else { /* Stupid & hack. God damn it. */ + putc(toupper(passwd->pw_name[0]), ser_wr_fp); +- fprintf(ser_wr_fp, passwd->pw_name+1); ++ fprintf(ser_wr_fp, "%s", passwd->pw_name+1); + } + + fprintf(ser_wr_fp, ")\r\n"); +diff --git a/unix/uuenview.c b/unix/uuenview.c +index 7acfd3b..726a2a6 100644 +--- a/unix/uuenview.c ++++ b/unix/uuenview.c +@@ -310,7 +310,7 @@ SendMkCommand (char **rcptlist, char *towhom, char *subject, int isemail) + } + + if ((*rcptlist = (char *) malloc (strlen (towhom) + 16)) == NULL) { +- fprintf (stderr, "error: Out of memory allocating %d bytes\n", ++ fprintf (stderr, "error: Out of memory allocating %zd bytes\n", + strlen (towhom)+16); + _FP_free (command); + return NULL; +@@ -483,7 +483,7 @@ AttachFiles (char *towhom, char *subject, + if (_FP_stristr (input, "multipart") != NULL) { + /* it is already a multipart posting. grab the boundary */ + if ((ptr = _FP_stristr (input, "boundary=")) != NULL) { +- fprintf(thepipe, input); ++ fprintf(thepipe, "%s", input); + strcpy (boundary, ParseValue (ptr)); + hadmulti = 1; + } +diff --git a/uulib/uuencode.c b/uulib/uuencode.c +index 691879a..4888085 100644 +--- a/uulib/uuencode.c ++++ b/uulib/uuencode.c +@@ -931,7 +931,7 @@ UUEncodePartial (FILE *outfile, FILE *infile, + eolstring); + } + +- fprintf (outfile, "=ypart begin=%d end=%d%s", ++ fprintf (outfile, "=ypart begin=%ld end=%ld%s", + (partno-1)*linperfile*128+1, + (partno*linperfile*128) < progress.totsize ? + (partno*linperfile*128) : progress.totsize, +@@ -997,14 +997,14 @@ UUEncodePartial (FILE *outfile, FILE *infile, + } + else if (encoding == YENC_ENCODED) { + if (numparts != 1) { +- fprintf (outfile, "=yend size=%d part=%d pcrc32=%08lx", ++ fprintf (outfile, "=yend size=%ld part=%d pcrc32=%08lx", + (partno*linperfile*128) < progress.totsize ? + linperfile*128 : (progress.totsize-(partno-1)*linperfile*128), + partno, + pcrc); + } + else { +- fprintf (outfile, "=yend size=%d", ++ fprintf (outfile, "=yend size=%ld", + progress.totsize); + } + if (feof (theifile)) +@@ -1405,7 +1405,7 @@ UUEncodeToFile (FILE *infile, char *infname, int encoding, + eolstring); + } + +- fprintf (outfile, "=ypart begin=%d end=%d%s", ++ fprintf (outfile, "=ypart begin=%ld end=%ld%s", + (part-1)*linperfile*128+1, + (part*linperfile*128) < progress.totsize ? + (part*linperfile*128) : progress.totsize, +@@ -1451,14 +1451,14 @@ UUEncodeToFile (FILE *infile, char *infname, int encoding, + } + else if (encoding == YENC_ENCODED) { + if (numparts != 1) { +- fprintf (outfile, "=yend size=%d part=%d pcrc32=%08lx", ++ fprintf (outfile, "=yend size=%ld part=%d pcrc32=%08lx", + (part*linperfile*128) < progress.totsize ? + linperfile*128 : (progress.totsize-(part-1)*linperfile*128), + part, + pcrc); + } + else { +- fprintf (outfile, "=yend size=%d", ++ fprintf (outfile, "=yend size=%ld", + progress.totsize); + } + if (feof (theifile))