Date: Monday, February 5, 2018 @ 22:24:02
Author: eschwartz
Revision: 289307
archrelease: copy trunk to community-x86_64
Added:
unrtf/repos/community-x86_64/CVE-2016-10091.patch
(from rev 289306, unrtf/trunk/CVE-2016-10091.patch)
unrtf/repos/community-x86_64/PKGBUILD
(from rev 289306, unrtf/trunk/PKGBUILD)
unrtf/repos/community-x86_64/unrtf.changelog
(from rev 289306, unrtf/trunk/unrtf.changelog)
Deleted:
unrtf/repos/community-x86_64/CVE-2016-10091.patch
unrtf/repos/community-x86_64/PKGBUILD
unrtf/repos/community-x86_64/unrtf.changelog
----------------------+
CVE-2016-10091.patch | 358 ++++++++++++++++++++++++-------------------------
PKGBUILD | 77 +++++-----
unrtf.changelog | 52 +++----
3 files changed, 245 insertions(+), 242 deletions(-)
Deleted: CVE-2016-10091.patch
===================================================================
--- CVE-2016-10091.patch 2018-02-05 22:23:42 UTC (rev 289306)
+++ CVE-2016-10091.patch 2018-02-05 22:24:02 UTC (rev 289307)
@@ -1,179 +0,0 @@
-From: Jean-Francois Dockes <[email protected]>
-Date: Sat, 31 Dec 2016 20:25:19 +0100
-Subject: Replace all instances of sprintf with snprintf and adjust size of
- integer field in some cases
-
-This fixes CVE-2016-10091
-
-Bug-Debian: https://bugs.debian.org/849705
----
- src/attr.c | 4 ++--
- src/convert.c | 28 ++++++++++++++--------------
- src/output.c | 4 ++--
- 3 files changed, 18 insertions(+), 18 deletions(-)
-
-diff --git a/src/attr.c b/src/attr.c
-index 02b5c81..e2951ea 100644
---- a/src/attr.c
-+++ b/src/attr.c
-@@ -746,7 +746,7 @@ char *
- assemble_string(char *string, int nr)
- {
-
-- char *s, tmp[12];/* Number of characters that can be in int type
(including '\0') - AF */
-+ char *s, tmp[20];
- int i = 0, j = 0;
-
- if (string == NULL)
-@@ -762,7 +762,7 @@ assemble_string(char *string, int nr)
- }
-
- if (string[i] != '\0') {
-- sprintf(tmp, "%d", nr);
-+ snprintf(tmp, 20, "%d", nr);
- strcpy(&s[j], tmp);
- j = j + strlen(tmp);
- }
-diff --git a/src/convert.c b/src/convert.c
-index c76d7d6..8eacdcb 100644
---- a/src/convert.c
-+++ b/src/convert.c
-@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm)
- }
-
- // Translate code page to encoding name hopefully suitable as iconv input
--static char *cptoencoding(parm)
-+static char *cptoencoding(int parm)
- {
- // Note that CP0 is supposed to mean current system default, which does
- // not make any sense as a stored value, we don't handle it.
-@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num)
- }
- else
- {
-- sprintf(str,"#%02x%02x%02x",
-+ snprintf(str, 40, "#%02x%02x%02x",
- color_table[num].r,
- color_table[num].g,
- color_table[num].b);
-@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num)
- }
- else
- {
-- sprintf(str,"#%02x%02x%02x",
-+ snprintf(str, 40, "#%02x%02x%02x",
- color_table[num].r,
- color_table[num].g,
- color_table[num].b);
-@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) {
- /* Note, fs20 means 10pt */
- points /= 2;
-
-- sprintf(str,"%d",points);
-+ snprintf(str, 20, "%d", points);
- attr_push(ATTR_FONTSIZE,str);
-
- return FALSE;
-@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num)
- {
- // TOBEDONE: WHAT'S THIS ???
- name = my_malloc(12);
-- sprintf(name, "%d", num);
-+ snprintf(name, 12, "%d", num);
- }
-
- /* we are going to output entities, so should not output font */
-@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int
num)
- }
- else
- {
-- sprintf(str,"#%02x%02x%02x",
-+ snprintf(str, 40, "#%02x%02x%02x",
- color_table[num].r,
- color_table[num].g,
- color_table[num].b);
-@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int
param) {
-
- static int
- cmd_expand (Word *w, int align, char has_param, int param) {
-- char str[10];
-+ char str[20];
- if (has_param) {
-- sprintf(str, "%d", param/4);
-+ snprintf(str, 20, "%d", param / 4);
- if (!param)
- attr_pop(ATTR_EXPAND);
- else
-@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int
param) {
-
- static int
- cmd_emboss (Word *w, int align, char has_param, int param) {
-- char str[10];
-+ char str[20];
- if (has_param && !param)
- #ifdef SUPPORT_UNNESTED
- attr_find_pop(ATTR_EMBOSS);
-@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int
param) {
- #endif
- else
- {
-- sprintf(str, "%d", param);
-+ snprintf(str, 20, "%d", param);
- attr_push(ATTR_EMBOSS, str);
- }
- return FALSE;
-@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int
param) {
-
- static int
- cmd_engrave (Word *w, int align, char has_param, int param) {
-- char str[10];
-+ char str[20];
- if (has_param && !param)
- attr_pop(ATTR_ENGRAVE);
- else
- {
-- sprintf(str, "%d", param);
-+ snprintf(str, 20, "%d", param);
- attr_push(ATTR_ENGRAVE, str);
- }
- return FALSE;
-@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param,
int param) {
-
- short done=0;
- long unicode_number = (long) param; /* On 16bit architectures int is
too small to store unicode characters. - AF */
-- char tmp[12]; /* Number of characters that can be in int type
(including '\0'). If int size is greater than 4 bytes change this value. - AF */
-+ char tmp[20]; /* Number of characters that can be in int type
(including '\0'). If int size is greater than 4 bytes change this value. - AF */
- const char *alias;
- #define DEBUG 0
- #if DEBUG
-@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param,
int param) {
- /* RTF spec: Unicode values beyond 32767 are
represented by negative numbers */
- unicode_number += 65536;
- }
-- sprintf(tmp, "%ld", unicode_number);
-+ snprintf(tmp, 20, "%ld", unicode_number);
-
- if (safe_printf(1, op->unisymbol_print, tmp))
fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print");
- done++;
-diff --git a/src/output.c b/src/output.c
-index 86d8b5c..4cdbfa6 100644
---- a/src/output.c
-+++ b/src/output.c
-@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size)
- if (!found_std_expr) {
- if (op->fontsize_begin) {
- char expr[16];
-- sprintf (expr, "%d", size);
-+ snprintf(expr, 16, "%d", size);
- if (safe_printf (1, op->fontsize_begin, expr))
fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin");
- } else {
- /* If we cannot write out a change for the exact
-@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size)
- if (!found_std_expr) {
- if (op->fontsize_end) {
- char expr[16];
-- sprintf (expr, "%d", size);
-+ snprintf(expr, 16, "%d", size);
- if (safe_printf(1, op->fontsize_end, expr))
fprintf(stderr, TOO_MANY_ARGS, "fontsize_end");
- } else {
- /* If we cannot write out a change for the exact
Copied: unrtf/repos/community-x86_64/CVE-2016-10091.patch (from rev 289306,
unrtf/trunk/CVE-2016-10091.patch)
===================================================================
--- CVE-2016-10091.patch (rev 0)
+++ CVE-2016-10091.patch 2018-02-05 22:24:02 UTC (rev 289307)
@@ -0,0 +1,179 @@
+From: Jean-Francois Dockes <[email protected]>
+Date: Sat, 31 Dec 2016 20:25:19 +0100
+Subject: Replace all instances of sprintf with snprintf and adjust size of
+ integer field in some cases
+
+This fixes CVE-2016-10091
+
+Bug-Debian: https://bugs.debian.org/849705
+---
+ src/attr.c | 4 ++--
+ src/convert.c | 28 ++++++++++++++--------------
+ src/output.c | 4 ++--
+ 3 files changed, 18 insertions(+), 18 deletions(-)
+
+diff --git a/src/attr.c b/src/attr.c
+index 02b5c81..e2951ea 100644
+--- a/src/attr.c
++++ b/src/attr.c
+@@ -746,7 +746,7 @@ char *
+ assemble_string(char *string, int nr)
+ {
+
+- char *s, tmp[12];/* Number of characters that can be in int type
(including '\0') - AF */
++ char *s, tmp[20];
+ int i = 0, j = 0;
+
+ if (string == NULL)
+@@ -762,7 +762,7 @@ assemble_string(char *string, int nr)
+ }
+
+ if (string[i] != '\0') {
+- sprintf(tmp, "%d", nr);
++ snprintf(tmp, 20, "%d", nr);
+ strcpy(&s[j], tmp);
+ j = j + strlen(tmp);
+ }
+diff --git a/src/convert.c b/src/convert.c
+index c76d7d6..8eacdcb 100644
+--- a/src/convert.c
++++ b/src/convert.c
+@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm)
+ }
+
+ // Translate code page to encoding name hopefully suitable as iconv input
+-static char *cptoencoding(parm)
++static char *cptoencoding(int parm)
+ {
+ // Note that CP0 is supposed to mean current system default, which does
+ // not make any sense as a stored value, we don't handle it.
+@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num)
+ }
+ else
+ {
+- sprintf(str,"#%02x%02x%02x",
++ snprintf(str, 40, "#%02x%02x%02x",
+ color_table[num].r,
+ color_table[num].g,
+ color_table[num].b);
+@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num)
+ }
+ else
+ {
+- sprintf(str,"#%02x%02x%02x",
++ snprintf(str, 40, "#%02x%02x%02x",
+ color_table[num].r,
+ color_table[num].g,
+ color_table[num].b);
+@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) {
+ /* Note, fs20 means 10pt */
+ points /= 2;
+
+- sprintf(str,"%d",points);
++ snprintf(str, 20, "%d", points);
+ attr_push(ATTR_FONTSIZE,str);
+
+ return FALSE;
+@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num)
+ {
+ // TOBEDONE: WHAT'S THIS ???
+ name = my_malloc(12);
+- sprintf(name, "%d", num);
++ snprintf(name, 12, "%d", num);
+ }
+
+ /* we are going to output entities, so should not output font */
+@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int
num)
+ }
+ else
+ {
+- sprintf(str,"#%02x%02x%02x",
++ snprintf(str, 40, "#%02x%02x%02x",
+ color_table[num].r,
+ color_table[num].g,
+ color_table[num].b);
+@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int
param) {
+
+ static int
+ cmd_expand (Word *w, int align, char has_param, int param) {
+- char str[10];
++ char str[20];
+ if (has_param) {
+- sprintf(str, "%d", param/4);
++ snprintf(str, 20, "%d", param / 4);
+ if (!param)
+ attr_pop(ATTR_EXPAND);
+ else
+@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int
param) {
+
+ static int
+ cmd_emboss (Word *w, int align, char has_param, int param) {
+- char str[10];
++ char str[20];
+ if (has_param && !param)
+ #ifdef SUPPORT_UNNESTED
+ attr_find_pop(ATTR_EMBOSS);
+@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int
param) {
+ #endif
+ else
+ {
+- sprintf(str, "%d", param);
++ snprintf(str, 20, "%d", param);
+ attr_push(ATTR_EMBOSS, str);
+ }
+ return FALSE;
+@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int
param) {
+
+ static int
+ cmd_engrave (Word *w, int align, char has_param, int param) {
+- char str[10];
++ char str[20];
+ if (has_param && !param)
+ attr_pop(ATTR_ENGRAVE);
+ else
+ {
+- sprintf(str, "%d", param);
++ snprintf(str, 20, "%d", param);
+ attr_push(ATTR_ENGRAVE, str);
+ }
+ return FALSE;
+@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param,
int param) {
+
+ short done=0;
+ long unicode_number = (long) param; /* On 16bit architectures int is
too small to store unicode characters. - AF */
+- char tmp[12]; /* Number of characters that can be in int type
(including '\0'). If int size is greater than 4 bytes change this value. - AF */
++ char tmp[20]; /* Number of characters that can be in int type
(including '\0'). If int size is greater than 4 bytes change this value. - AF */
+ const char *alias;
+ #define DEBUG 0
+ #if DEBUG
+@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param,
int param) {
+ /* RTF spec: Unicode values beyond 32767 are
represented by negative numbers */
+ unicode_number += 65536;
+ }
+- sprintf(tmp, "%ld", unicode_number);
++ snprintf(tmp, 20, "%ld", unicode_number);
+
+ if (safe_printf(1, op->unisymbol_print, tmp))
fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print");
+ done++;
+diff --git a/src/output.c b/src/output.c
+index 86d8b5c..4cdbfa6 100644
+--- a/src/output.c
++++ b/src/output.c
+@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size)
+ if (!found_std_expr) {
+ if (op->fontsize_begin) {
+ char expr[16];
+- sprintf (expr, "%d", size);
++ snprintf(expr, 16, "%d", size);
+ if (safe_printf (1, op->fontsize_begin, expr))
fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin");
+ } else {
+ /* If we cannot write out a change for the exact
+@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size)
+ if (!found_std_expr) {
+ if (op->fontsize_end) {
+ char expr[16];
+- sprintf (expr, "%d", size);
++ snprintf(expr, 16, "%d", size);
+ if (safe_printf(1, op->fontsize_end, expr))
fprintf(stderr, TOO_MANY_ARGS, "fontsize_end");
+ } else {
+ /* If we cannot write out a change for the exact
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2018-02-05 22:23:42 UTC (rev 289306)
+++ PKGBUILD 2018-02-05 22:24:02 UTC (rev 289307)
@@ -1,37 +0,0 @@
-# $Id$
-# Maintainer: Jaroslav Lichtblau <[email protected]>
-# Contributor: Alexander Fehr <pizzapunk gmail com>
-# Contributor: froggie <[email protected]>
-
-pkgname=unrtf
-pkgver=0.21.9
-pkgrel=2
-pkgdesc="Command-line program which converts RTF documents to other formats"
-arch=('i686' 'x86_64')
-url="http://www.gnu.org/software/unrtf/unrtf.html";
-license=('GPL3')
-depends=('glibc')
-changelog=$pkgname.changelog
-source=(http://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
- CVE-2016-10091.patch)
-sha256sums=('22a37826f96d754e335fb69f8036c068c00dd01ee9edd9461a36df0085fb8ddd'
- '7a535e96764c7d5291060b4e0548b155e1f44357bf78463ad2ed3678c14f749d')
-
-prepare() {
- cd "${srcdir}"/$pkgname-$pkgver
- patch -Np1 -i "${srcdir}"/CVE-2016-10091.patch
-}
-
-build() {
- cd "${srcdir}"/$pkgname-$pkgver
-
- autoreconf -if
- ./configure --prefix=/usr
- make
-}
-
-package() {
- cd "${srcdir}"/$pkgname-$pkgver
-
- make DESTDIR="${pkgdir}" install
-}
Copied: unrtf/repos/community-x86_64/PKGBUILD (from rev 289306,
unrtf/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2018-02-05 22:24:02 UTC (rev 289307)
@@ -0,0 +1,40 @@
+# $Id$
+# Maintainer: Jaroslav Lichtblau <[email protected]>
+# Contributor: Alexander Fehr <pizzapunk gmail com>
+# Contributor: froggie <[email protected]>
+
+pkgname=unrtf
+pkgver=0.21.9
+pkgrel=3
+pkgdesc="Command-line program which converts RTF documents to other formats"
+arch=('x86_64')
+url="https://www.gnu.org/software/unrtf/unrtf.html";
+license=('GPL3')
+depends=('glibc')
+changelog=$pkgname.changelog
+source=(https://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz{,.sig}
+ CVE-2016-10091.patch)
+sha256sums=('22a37826f96d754e335fb69f8036c068c00dd01ee9edd9461a36df0085fb8ddd'
+ 'SKIP'
+ '7a535e96764c7d5291060b4e0548b155e1f44357bf78463ad2ed3678c14f749d')
+validpgpkeys=('46EA854F5FC5F5A0A9D2BFE89175BF0B3EC83090') # Dave Davey (lgf)
<[email protected]>
+
+prepare() {
+ cd "${srcdir}"/$pkgname-$pkgver
+
+ patch -Np1 -i "${srcdir}"/CVE-2016-10091.patch
+ autoreconf -fi
+}
+
+build() {
+ cd "${srcdir}"/$pkgname-$pkgver
+
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd "${srcdir}"/$pkgname-$pkgver
+
+ make DESTDIR="${pkgdir}" install
+}
Deleted: unrtf.changelog
===================================================================
--- unrtf.changelog 2018-02-05 22:23:42 UTC (rev 289306)
+++ unrtf.changelog 2018-02-05 22:24:02 UTC (rev 289307)
@@ -1,26 +0,0 @@
-2017-01-05 Jaroslav Lichtblau <[email protected]>
- * unrtf 0.21.9-2 FS#52362 fix
-
-2015-03-17 Jaroslav Lichtblau <[email protected]>
- * unrtf 0.21.9-1
-
-2014-12-16 Jaroslav Lichtblau <[email protected]>
- * unrtf 0.21.7-1
-
-2013-08-08 Jaroslav Lichtblau <[email protected]>
- * unrtf 0.21.5-1
-
-2013-04-20 Jaroslav Lichtblau <[email protected]>
- * unrtf 0.21.3-1
-
-2011-12-08 Jaroslav Lichtblau <[email protected]>
- * unrtf 0.21.2
-
-2010-01-18 Jaroslav Lichtblau <[email protected]>
- * Update to major release 0.21.1
-
-2009-05-31 Jaroslav Lichtblau <[email protected]>
- * FS#14043 fixed
-
-2009-03-25 Jaroslav Lichtblau <[email protected]>
- * Update to major release 0.21.0
Copied: unrtf/repos/community-x86_64/unrtf.changelog (from rev 289306,
unrtf/trunk/unrtf.changelog)
===================================================================
--- unrtf.changelog (rev 0)
+++ unrtf.changelog 2018-02-05 22:24:02 UTC (rev 289307)
@@ -0,0 +1,26 @@
+2017-01-05 Jaroslav Lichtblau <[email protected]>
+ * unrtf 0.21.9-2 FS#52362 fix
+
+2015-03-17 Jaroslav Lichtblau <[email protected]>
+ * unrtf 0.21.9-1
+
+2014-12-16 Jaroslav Lichtblau <[email protected]>
+ * unrtf 0.21.7-1
+
+2013-08-08 Jaroslav Lichtblau <[email protected]>
+ * unrtf 0.21.5-1
+
+2013-04-20 Jaroslav Lichtblau <[email protected]>
+ * unrtf 0.21.3-1
+
+2011-12-08 Jaroslav Lichtblau <[email protected]>
+ * unrtf 0.21.2
+
+2010-01-18 Jaroslav Lichtblau <[email protected]>
+ * Update to major release 0.21.1
+
+2009-05-31 Jaroslav Lichtblau <[email protected]>
+ * FS#14043 fixed
+
+2009-03-25 Jaroslav Lichtblau <[email protected]>
+ * Update to major release 0.21.0
