commit arj for openSUSE:Factory
Hello community,
here is the log from the commit of package arj for openSUSE:Factory checked in
at 2020-03-26 23:32:53
Comparing /work/SRC/openSUSE:Factory/arj (Old)
and /work/SRC/openSUSE:Factory/.arj.new.3160 (New)
Package is "arj"
Thu Mar 26 23:32:53 2020 rev:4 rq:788442 version:3.10.22
Changes:
--- /work/SRC/openSUSE:Factory/arj/arj.changes 2019-11-07 23:16:10.164511309
+0100
+++ /work/SRC/openSUSE:Factory/.arj.new.3160/arj.changes2020-03-26
23:33:13.846774101 +0100
@@ -1,0 +2,6 @@
+Wed Mar 25 20:50:54 UTC 2020 - Bernhard Wiedemann
+
+- Add arj-3.10.22-fixstrcpy.patch to fix data corruption
+ and make package builds reproducible (boo#1100677)
+
+---
New:
arj-3.10.22-fixstrcpy.patch
Other differences:
--
++ arj.spec ++
--- /var/tmp/diff_new_pack.uYxSKD/_old 2020-03-26 23:33:14.310774268 +0100
+++ /var/tmp/diff_new_pack.uYxSKD/_new 2020-03-26 23:33:14.314774269 +0100
@@ -33,6 +33,8 @@
Patch3: arj-3.10.22-quotes.patch
# PATCH-FIX-OPENSUSE -- make build reproducible
Patch4: arj-3.10.22-reproducible.patch
+# PATCH-FIX-UPSTREAM https://sourceforge.net/p/arj/git/merge-requests/1/
+Patch5: arj-3.10.22-fixstrcpy.patch
BuildRequires: autoconf
%description
@@ -49,6 +51,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
for i in debian/patches/00*.patch; do
patch -p1 < $i
++ arj-3.10.22-fixstrcpy.patch ++
Author: Bernhard M. Wiedemann
Date: 2020-03-25
reproducible builds showed differences in strings produced from msgbind
depending on CPU-type
valgrind --tool=memcheck
helped to locate two relevant calls to strcpy on overlapping regions
Index: arj-3.10.22/arjdata.c
===
--- arj-3.10.22.orig/arjdata.c
+++ arj-3.10.22/arjdata.c
@@ -232,7 +232,7 @@ char *expand_tags(char *str, int limit)
{
if(*(p+1)==TAG_CHAR)
{
-strcpy(p, p+1);
+safe_strcpy(p, p+1);
p++;
}
else if(*(p+1)==TAG_SPECIAL_BEGIN&&(et=strchr(p+3, TAG_SPECIAL_END))!=NULL)
Index: arj-3.10.22/msgbind.c
===
--- arj-3.10.22.orig/msgbind.c
+++ arj-3.10.22/msgbind.c
@@ -21,6 +21,12 @@
#include
#include
+static void safe_strcpy(char *dest, const char *src)
+{
+ memmove(dest, src, strlen(src) + 1);
+}
+
+
#define MSG_SIZE 32752/* Constant msg buffer size */
#define POOL_SIZE 51200/* Maximum size of variable-len buf */
#define POOL_R_INC 1024/* Realloc incrementation */
@@ -586,7 +586,7 @@ int main(int argc, char **argv)
}
strcat(pool[tpool].data, msgname);
strcat(pool[tpool].data, ", ");
- strcpy(msg_buffer, msg_buffer+1);
+ safe_strcpy(msg_buffer, msg_buffer+1);
buf_len=strlen(msg_buffer);
msg_buffer[--buf_len]='\0';
patch_string(msg_buffer);
commit arj for openSUSE:Factory
Hello community,
here is the log from the commit of package arj for openSUSE:Factory checked in
at 2019-11-07 23:15:50
Comparing /work/SRC/openSUSE:Factory/arj (Old)
and /work/SRC/openSUSE:Factory/.arj.new.2990 (New)
Package is "arj"
Thu Nov 7 23:15:50 2019 rev:3 rq:739633 version:3.10.22
Changes:
--- /work/SRC/openSUSE:Factory/arj/arj.changes 2017-12-18 08:59:28.734882942
+0100
+++ /work/SRC/openSUSE:Factory/.arj.new.2990/arj.changes2019-11-07
23:16:10.164511309 +0100
@@ -1,0 +2,5 @@
+Thu Oct 17 13:33:58 UTC 2019 - Richard Brown
+
+- Remove obsolete Groups tag (fate#326485)
+
+---
Other differences:
--
++ arj.spec ++
--- /var/tmp/diff_new_pack.xZ8Ldi/_old 2019-11-07 23:16:12.536513906 +0100
+++ /var/tmp/diff_new_pack.xZ8Ldi/_new 2019-11-07 23:16:12.552513924 +0100
@@ -1,7 +1,7 @@
#
# spec file for package arj
#
-# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
@@ -20,8 +20,7 @@
Version:3.10.22
Release:0
Summary:Archiver for .arj files
-License:GPL-2.0+
-Group: Productivity/Archiving/Compression
+License:GPL-2.0-or-later
URL:http://arj.sourceforge.net/
Source0:
http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# unarj.* from Debian
@@ -55,7 +54,6 @@
patch -p1 < $i
done
-
%build
pushd gnu
autoconf
commit arj for openSUSE:Factory
Hello community, here is the log from the commit of package arj for openSUSE:Factory checked in at 2017-12-18 08:59:24 Comparing /work/SRC/openSUSE:Factory/arj (Old) and /work/SRC/openSUSE:Factory/.arj.new (New) Package is "arj" Mon Dec 18 08:59:24 2017 rev:2 rq:557601 version:3.10.22 Changes: --- /work/SRC/openSUSE:Factory/arj/arj.changes 2017-11-29 10:53:13.867406890 +0100 +++ /work/SRC/openSUSE:Factory/.arj.new/arj.changes 2017-12-18 08:59:28.734882942 +0100 @@ -1,0 +2,5 @@ +Sat Dec 16 05:45:48 UTC 2017 - bwiedem...@suse.com + +- Add arj-3.10.22-reproducible.patch to not include build date (boo#1047218) + +--- New: arj-3.10.22-reproducible.patch Other differences: -- ++ arj.spec ++ --- /var/tmp/diff_new_pack.EPXBKt/_old 2017-12-18 08:59:29.346853400 +0100 +++ /var/tmp/diff_new_pack.EPXBKt/_new 2017-12-18 08:59:29.350853206 +0100 @@ -32,6 +32,8 @@ Patch2: arj-3.10.22-custom-printf.patch # Filed into upstream bugtracker as https://sourceforge.net/tracker/?func=detail=2853421_id=49820=457566 Patch3: arj-3.10.22-quotes.patch +# PATCH-FIX-OPENSUSE -- make build reproducible +Patch4: arj-3.10.22-reproducible.patch BuildRequires: autoconf %description @@ -47,6 +49,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 for i in debian/patches/00*.patch; do patch -p1 < $i ++ arj-3.10.22-reproducible.patch ++ Author: Bernhard M. Wiedemann Date: 2017-12-15 Index: arj-3.10.22/today.c === --- arj-3.10.22.orig/today.c +++ arj-3.10.22/today.c @@ -44,8 +44,8 @@ int main(int argc, char **argv) out_name[++l]='\0'; } strcat(out_name, "date_sig.c"); - cur_unixtime=time(NULL); - stm=localtime(_unixtime); + cur_unixtime=1119484800; + stm=gmtime(_unixtime); if(!stricmp(argv[1], "en")) sprintf(date_sig, "[%02d %s %04d]", stm->tm_mday, months_en[stm->tm_mon], stm->tm_year+1900); else if(!stricmp(argv[1], "fr"))
