diff options
author | mnag <mnag@FreeBSD.org> | 2006-05-23 15:00:54 +0000 |
---|---|---|
committer | mnag <mnag@FreeBSD.org> | 2006-05-23 15:00:54 +0000 |
commit | 8707b8e56aebcf62041231676a4d32519a371a60 (patch) | |
tree | fbbf35b665202caf6b417663bc2458e4a9b00ece /devel/cscope | |
parent | 4f2cae33ec27aacd7aa036e3e208b0be6a1f812f (diff) | |
download | FreeBSD-ports-8707b8e56aebcf62041231676a4d32519a371a60.zip FreeBSD-ports-8707b8e56aebcf62041231676a4d32519a371a60.tar.gz |
- Add security fix patches
- Bump PORTREVISION
Security: CVE-2004-2541
Obtained from: Debian (partially)
Diffstat (limited to 'devel/cscope')
-rw-r--r-- | devel/cscope/Makefile | 4 | ||||
-rw-r--r-- | devel/cscope/files/patch-CVE-2004-2541 | 262 | ||||
-rw-r--r-- | devel/cscope/files/patch-src::main.c | 24 |
3 files changed, 276 insertions, 14 deletions
diff --git a/devel/cscope/Makefile b/devel/cscope/Makefile index c42b6fe..8cb1310 100644 --- a/devel/cscope/Makefile +++ b/devel/cscope/Makefile @@ -8,7 +8,7 @@ PORTNAME= cscope PORTVERSION= 15.5 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= devel MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= ${PORTNAME} @@ -17,7 +17,7 @@ MAINTAINER= ports@FreeBSD.org COMMENT= An interactive C program browser GNU_CONFIGURE= yes -CONFIGURE_ARGS+= --with-yacc +CONFIGURE_ARGS= --with-yacc MAN1= cscope.1 diff --git a/devel/cscope/files/patch-CVE-2004-2541 b/devel/cscope/files/patch-CVE-2004-2541 new file mode 100644 index 0000000..76adf30 --- /dev/null +++ b/devel/cscope/files/patch-CVE-2004-2541 @@ -0,0 +1,262 @@ +--- src/build.c ++++ src/build.c +@@ -215,7 +215,7 @@ + (void) strcpy(newdir, "$HOME"); + } + else if (strncmp(currentdir, home, strlen(home)) == 0) { +- (void) sprintf(newdir, "$HOME%s", currentdir + strlen(home)); ++ (void) snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); + } + /* sort the source file names (needed for rebuilding) */ + qsort(srcfiles, (unsigned) nsrcfiles, sizeof(char *), compare); +@@ -443,7 +443,7 @@ + } + (void) fstat(fileno(postings), &statstruct); + (void) fclose(postings); +- (void) sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); ++ (void) snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + if ((postings = mypopen(sortcommand, "r")) == NULL) { + (void) fprintf(stderr, "cscope: cannot open pipe to sort command\n"); + cannotindex(); +--- src/command.c ++++ src/command.c +@@ -718,7 +718,7 @@ + + /* make sure it can be changed */ + if (access(newfile, WRITE) != 0) { +- (void) sprintf(msg, "Cannot write to file %s", newfile); ++ (void) snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); + postmsg(msg); + anymarked = NO; + break; +--- src/dir.c ++++ src/dir.c +@@ -138,7 +138,7 @@ + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addsrcdir(path); +@@ -206,7 +206,7 @@ + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addincdir(dir, path); +@@ -474,8 +474,6 @@ + DIR *dirfile; + int adir_len = strlen(adir); + +- /* FIXME: no guards against adir_len > PATHLEN, yet */ +- + if ((dirfile = opendir(adir)) != NULL) { + struct dirent *entry; + char path[PATHLEN + 1]; +@@ -486,7 +484,7 @@ + && (strcmp("..",entry->d_name) != 0)) { + struct stat buf; + +- sprintf(path,"%s/%.*s", adir, ++ snprintf(path, sizeof(path), "%s/%.*s", adir, + PATHLEN - 2 - adir_len, + entry->d_name); + +@@ -603,14 +601,14 @@ + for (i = 0; i < nincdirs; ++i) { + + /* don't include the file from two directories */ +- (void) sprintf(name, "%.*s/%s", ++ (void) snprintf(name, sizeof(name), "%.*s/%s", + PATHLEN - 2 - file_len, incnames[i], + file); + if (infilelist(name) == YES) { + break; + } + /* make sure it exists and is readable */ +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, incdirs[i], + file); + if (access(compath(path), READ) == 0) { +@@ -654,7 +652,7 @@ + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- (void) sprintf(path, "%.*s/%s", ++ (void) snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, srcdirs[i], + file); + if (access(compath(path), READ) == 0) { +--- src/display.c ++++ src/display.c +@@ -473,24 +473,24 @@ + /* see if it is empty */ + if ((c = getc(refsfound)) == EOF) { + if (findresult != NULL) { +- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", + findresult, pattern); + } + else if (rc == NOTSYMBOL) { +- (void) sprintf(lastmsg, "This is not a C symbol: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", + pattern); + } + else if (rc == REGCMPERROR) { +- (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", + pattern); + + } + else if (funcexist == NO) { +- (void) sprintf(lastmsg, "Function definition does not exist: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", + pattern); + } + else { +- (void) sprintf(lastmsg, "Could not find the %s: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", + fields[field].text2, pattern); + } + return(NO); +@@ -555,17 +555,17 @@ + move(MSGLINE, 0); + clrtoeol(); + addstr(what); +- sprintf(msg, "%ld", current); ++ snprintf(msg, sizeof(msg), "%ld", current); + move(MSGLINE, (COLS / 2) - (strlen(msg) / 2)); + addstr(msg); +- sprintf(msg, "%ld", max); ++ snprintf(msg, sizeof(msg), "%ld", max); + move(MSGLINE, COLS - strlen(msg)); + addstr(msg); + refresh(); + } + else if (verbosemode == YES) + { +- sprintf(msg, "> %s %ld of %ld", what, current, max); ++ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max); + } + + start = now; +@@ -603,7 +603,7 @@ + s = sys_errlist[errno]; + } + #endif +- (void) sprintf(msg, "%s: %s", text, s); ++ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s); + postmsg(msg); + } + +--- src/edit.c ++++ src/edit.c +@@ -105,9 +105,9 @@ + char *s; + + file = filepath(file); +- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file); ++ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file); + postmsg(msg); +- (void) sprintf(plusnum, lineflag, linenum); ++ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum); + /* if this is the more or page commands */ + if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) { + +@@ -132,7 +132,7 @@ + static char path[PATHLEN + 1]; + + if (prependpath != NULL && *file != '/') { +- (void) sprintf(path, "%s/%s", prependpath, file); ++ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file); + file = path; + } + return(file); +--- src/exec.c ++++ src/exec.c +@@ -124,7 +124,7 @@ + + /* execute the program or shell script */ + (void) execvp(a, args); /* returns only on failure */ +- (void) sprintf(msg, "\nCannot exec %s", a); ++ (void) snprintf(msg, sizeof(msg), "\nCannot exec %s", a); + perror(msg); /* display the reason */ + askforreturn(); /* wait until the user sees the message */ + myexit(1); /* exit the child */ +--- src/find.c ++++ src/find.c +@@ -666,7 +666,7 @@ + /* must be an exact match */ + /* note: regcomp doesn't recognize ^*keypad$ as a syntax error + unless it is given as a single arg */ +- (void) sprintf(buf, "^%s$", s); ++ (void) snprintf(buf, sizeof(buf), "^%s$", s); + if (regcomp (®exp, buf, REG_EXTENDED | REG_NOSUB) != 0) { + return(REGCMPERROR); + } +--- src/main.c ++++ src/main.c +@@ -352,12 +374,12 @@ + * used instead of failing to open a non-existant database in + * the home directory + */ +- (void) sprintf(path, "%s/%s", home, reffile); ++ (void) snprintf(path, sizeof(path), "%s/%s", home, reffile); + if (isuptodate == NO || access(path, READ) == 0) { + reffile = stralloc(path); +- (void) sprintf(path, "%s/%s", home, invname); ++ (void) snprintf(path, sizeof(path), "%s/%s", home, invname); + invname = stralloc(path); +- (void) sprintf(path, "%s/%s", home, invpost); ++ (void) snprintf(path, sizeof(path), "%s/%s", home, invpost); + invpost = stralloc(path); + } + } +@@ -692,7 +714,7 @@ + #else + char *msg = mymalloc(50+strlen(file)); + +- (void) sprintf(msg, "Removed file %s because write failed", file); ++ (void) snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); + #endif + + myperror(msg); /* display the reason */ +--- src/vpaccess.c ++++ src/vpaccess.c +@@ -49,7 +49,7 @@ + if ((returncode = access(path, amode)) == -1 && path[0] != '/') { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], path); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); + if ((returncode = access(buf, amode)) != -1) { + break; + } +--- src/vpfopen.c ++++ src/vpfopen.c +@@ -53,7 +53,7 @@ + ) { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], filename); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename); + if ((returncode = myfopen(buf, type)) != NULL) { + break; + } +--- src/vpopen.c ++++ src/vpopen.c +@@ -52,7 +52,7 @@ + oflag == OPENFLAG_READ) { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], path); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); + if ((returncode = myopen(buf, oflag, 0666)) != -1) { + break; + } diff --git a/devel/cscope/files/patch-src::main.c b/devel/cscope/files/patch-src::main.c index fedddf1..169d81e 100644 --- a/devel/cscope/files/patch-src::main.c +++ b/devel/cscope/files/patch-src::main.c @@ -1,10 +1,5 @@ -=================================================================== -RCS file: /cvsroot/cscope/cscope/src/main.c,v -retrieving revision 1.33 -retrieving revision 1.34 -diff -u -r1.33 -r1.34 ---- src/main.c 2004/04/30 15:31:43 1.33 -+++ src/main.c 2004/12/06 14:56:43 1.34 +--- src/main.c.orig Thu Aug 14 11:36:18 2003 ++++ src/main.c Tue May 23 11:56:09 2006 @@ -101,6 +101,7 @@ #endif char temp1[PATHLEN + 1]; /* temporary file name */ @@ -21,7 +16,7 @@ diff -u -r1.33 -r1.34 yyin = stdin; yyout = stdout; -@@ -330,9 +332,18 @@ +@@ -330,9 +332,23 @@ } /* create the temporary file names */ @@ -29,7 +24,7 @@ diff -u -r1.33 -r1.34 pid = getpid(); - (void) sprintf(temp1, "%s/cscope%d.1", tmpdir, pid); - (void) sprintf(temp2, "%s/cscope%d.2", tmpdir, pid); -+ (void) sprintf(tempdirpv, "%s/cscope.%d", tmpdir, pid); ++ (void) snprintf(tempdirpv, sizeof(tempdirpv), "%s/cscope.%d", tmpdir, pid); + if(mkdir(tempdirpv,S_IRWXU)) + { + fprintf(stderr, "cscope: Could not create private temp dir %s\n",tempdirpv); @@ -37,12 +32,17 @@ diff -u -r1.33 -r1.34 + } + umask(orig_umask); + -+ (void) sprintf(temp1, "%s/cscope.1", tempdirpv, pid); -+ (void) sprintf(temp2, "%s/cscope.2", tempdirpv, pid); ++ if ((strlen(tempdirpv) + strlen("/cscope.X")) > PATHLEN) { ++ fprintf(stderr, "cscope: Could not create private temp files\n"); ++ myexit(1); ++ } ++ ++ (void) snprintf(temp1, sizeof(temp1), "%s/cscope.1", tempdirpv); ++ (void) snprintf(temp2, sizeof(temp2), "%s/cscope.2", tempdirpv); /* if running in the foreground */ if (signal(SIGINT, SIG_IGN) != SIG_IGN) { -@@ -834,6 +845,7 @@ +@@ -834,6 +850,7 @@ if (temp1[0] != '\0') { (void) unlink(temp1); (void) unlink(temp2); |