network/uudeview: Fix 32-bit build.

Signed-off-by: B. Watson <yalhcru@gmail.com>

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>

network/uudeview/patches/025_CAN-2004-2265.diff

@@ -0,0 +1,42 @@
+Description: CAN-2004-2265
+ Fix possible (but highly unlikely) race in temporary file generation
+ (CAN-2004-2265), by passing the "x" (O_EXCL) flag to fopen when opening
+ such files. (Closes: #320541)
+ 0.5.20-2.1
+Author: Steinar H. Gunderson <sesse@debian.org>
+Bug-Debian: http://bugs.debian.org/320541
+
+--- a/unix/uudeview.c
++++ b/unix/uudeview.c
+@@ -454,7 +454,7 @@ proc_stdin (void)
+     return 0;
+   }
+ 
+-  if ((target = fopen (stdfile, "wb")) == NULL) {
++  if ((target = fopen (stdfile, "wbx")) == NULL) {
+     fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
+ 	     stdfile, strerror (errno));
+     _FP_free (stdfile);
+--- a/uulib/uunconc.c
++++ b/uulib/uunconc.c
+@@ -1325,9 +1325,9 @@ UUDecode (uulist *data)
+     return UURET_NODATA;
+ 
+   if (data->uudet == PT_ENCODED)
+-    mode = "wt";	/* open text files in text mode */
++    mode = "wtx";	/* open text files in text mode */
+   else
+-    mode = "wb";	/* otherwise in binary          */
++    mode = "wbx";	/* otherwise in binary          */
+ 
+   if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
+     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
+@@ -1502,7 +1502,7 @@ UUDecode (uulist *data)
+       progress.action = 0;
+       return UURET_NOMEM;
+     }
+-    if ((datain = fopen (data->binfile, "rb")) == NULL) {
++    if ((datain = fopen (data->binfile, "rbx")) == NULL) {
+       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
+ 		 uustring (S_NOT_OPEN_FILE),
+ 		 data->binfile, strerror (uu_errno = errno));

network/uudeview/patches/034_do_not_ignore_special_chars.diff

@@ -0,0 +1,22 @@
+Description: Don't ignore special chars when parsing MIME.
+ 0.5.20-3
+Author: Chris Hanson
+Bug-Debian: https://bugs.debian.org/341440
+
+--- a/uulib/uuscan.c
++++ b/uulib/uuscan.c
+@@ -387,10 +387,10 @@ ParseValue (char *attribute)
+ 	   *attribute != '(' && *attribute != ')' &&
+ 	   *attribute != '<' && *attribute != '>' &&
+ 	   *attribute != '@' && *attribute != ',' &&
+-	   /* *attribute != ';' && */ *attribute != ':' &&
+-	   *attribute != '\\' &&*attribute != '"' &&
+-	   *attribute != '/' && /* *attribute != '[' &&
+-	   *attribute != ']' && */ *attribute != '?' &&
++	   *attribute != ';' && *attribute != ':' &&
++	   *attribute != '\\' && *attribute != '"' &&
++	   *attribute != '/' && *attribute != '[' &&
++	   *attribute != ']' && *attribute != '?' &&
+ 	   *attribute != '=' && length < 255) {
+       *ptr++ = *attribute++;
+       length++;

network/uudeview/patches/037_CVE-2008-2266_symlink.diff

@@ -0,0 +1,182 @@
+Description: Fixed a classical tempfile symlink attack vulnerability in libuu.
+ See Version: 0.5.20-3.1.
+Author: Nico Golde <nion@debian.org>
+Bug-Debian: http://bugs.debian.org/480972
+
+--- a/uulib/uunconc.c
++++ b/uulib/uunconc.c
+@@ -1311,6 +1311,11 @@ UUDecode (uulist *data)
+   char *mode, *ntmp;
+   uufile *iter;
+   size_t bytes;
++#ifdef HAVE_MKSTEMP
++  int tmpfd;
++  const char *tmpprefix = "uuXXXXXX";
++  char *tmpdir = NULL;
++#endif /* HAVE_MKSTEMP */
+ 
+   if (data == NULL || data->thisfile == NULL)
+     return UURET_ILLVAL;
+@@ -1329,13 +1334,35 @@ UUDecode (uulist *data)
+   else
+     mode = "wbx";	/* otherwise in binary          */
+ 
++#ifdef HAVE_MKSTEMP
++  if ((getuid()==geteuid()) && (getgid()==getegid())) {
++	  tmpdir=getenv("TMPDIR");
++  }
++
++  if (!tmpdir) {
++	  tmpdir = "/tmp";
++  }
++  data->binfile = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
++
++  if (!data->binfile) {
++#else
+   if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
++#endif /* HAVE_MKSTEMP */
+     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
+ 	       uustring (S_NO_TEMP_NAME));
+     return UURET_NOMEM;
+   }
+ 
++#ifdef HAVE_MKSTEMP
++  strcpy(data->binfile, tmpdir);
++  strcat(data->binfile, "/");
++  strcat(data->binfile, tmpprefix);
++
++  if ((tmpfd = mkstemp(data->binfile)) == -1 || 
++	  (dataout = fdopen(tmpfd, mode)) == NULL) {
++#else
+   if ((dataout = fopen (data->binfile, mode)) == NULL) {
++#endif /* HAVE_MKSTEMP */
+     /*
+      * we couldn't create a temporary file. Usually this means that TMP
+      * and TEMP aren't set
+@@ -1343,6 +1370,12 @@ UUDecode (uulist *data)
+     UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
+ 	       uustring (S_WR_ERR_TARGET),
+ 	       data->binfile, strerror (uu_errno = errno));
++#ifdef HAVE_MKSTEMP
++	if (tmpfd != -1) {
++		unlink(data->binfile);
++		close(tmpfd);
++    }
++#endif /* HAVE_MKSTEMP */
+     _FP_free (data->binfile);
+     data->binfile = NULL;
+     uu_errno = errno;
+@@ -1499,7 +1532,13 @@ UUDecode (uulist *data)
+    */
+ 
+   if (data->uudet == BH_ENCODED && data->binfile) {
++#ifdef HAVE_MKSTEMP
++	  ntmp = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
++	  
++	  if (ntmp == NULL) {
++#else
+     if ((ntmp = tempnam (NULL, "uu")) == NULL) {
++#endif /* HAVE_MKSTEMP */
+       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
+ 		 uustring (S_NO_TEMP_NAME));
+       progress.action = 0;
+@@ -1513,15 +1552,31 @@ UUDecode (uulist *data)
+       free (ntmp);
+       return UURET_IOERR;
+     }
++
++#ifdef HAVE_MKSTEMP
++    strcpy(ntmp, tmpdir);
++    strcat(ntmp, "/");
++    strcat(ntmp, tmpprefix); 
++    if ((tmpfd = mkstemp(ntmp)) == -1 ||
++		(dataout = fdopen(tmpfd, "wb")) == NULL) {
++#else
+     if ((dataout = fopen (ntmp, "wb")) == NULL) {
++#endif /* HAVE_MKSTEMP */
+       UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
+ 		 uustring (S_NOT_OPEN_TARGET),
+ 		 ntmp, strerror (uu_errno = errno));
+       progress.action = 0;
+       fclose (datain);
++#ifdef HAVE_MKSTEMP
++	  if (tmpfd != -1) {
++		  unlink(ntmp);
++		  close(tmpfd);
++	  }
++#endif /* HAVE_MKSTEMP */
+       free   (ntmp);
+       return UURET_IOERR;
+     }
++
+     /*
+      * read fork lengths. remember they're in Motorola format
+      */
+--- a/uulib/configure.in
++++ b/uulib/configure.in
+@@ -41,6 +41,7 @@ AC_CHECK_HEADERS(io.h sys/time.h)
+ AC_CHECK_FUNCS(gettimeofday)
+ 
+ AC_CHECK_FUNC(tempnam,,AC_DEFINE(tempnam,_FP_tempnam))
++AC_CHECK_FUNCS([mkstemp])
+ 
+ #
+ # strerror might be internally defined. this would cause a
+--- a/unix/uudeview.c
++++ b/unix/uudeview.c
+@@ -443,18 +443,45 @@ proc_stdin (void)
+   FILE *target;
+   size_t bytes;
+   int res;
++#ifdef HAVE_MKSTEMP
++  int tmpfd;
++  const char *tmpprefix = "uuXXXXXX";
++  char *tmpdir = NULL;
++#endif /* HAVE_MKSTEMP */
+ 
+   if (stdinput) {
+     fprintf (stderr, "proc_stdin: cannot process stdin twice\n");
+     return 0;
+   }
+ 
++#ifdef HAVE_MKSTEMP
++  if ((getuid()==geteuid()) && (getgid()==getegid())) {
++	tmpdir=getenv("TMPDIR");
++  }
++
++  if (!tmpdir) {
++	tmpdir = "/tmp";
++  }
++  stdfile = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
++
++  if (!stdfile) {
++#else
+   if ((stdfile = tempnam (NULL, "uu")) == NULL) {
++#endif
+     fprintf (stderr, "proc_stdin: cannot get temporary file\n");
+     return 0;
+   }
+ 
++#ifdef HAVE_MKSTEMP
++  strcpy(stdfile, tmpdir);
++  strcat(stdfile, "/");
++  strcat(stdfile, tmpprefix);
++
++  if ((tmpfd = mkstemp(stdfile)) == -1 ||
++	  (target = fdopen(tmpfd, "wbx")) == NULL) {
++#else
+   if ((target = fopen (stdfile, "wbx")) == NULL) {
++#endif
+     fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
+ 	     stdfile, strerror (errno));
+     _FP_free (stdfile);
+--- a/configure.in
++++ b/configure.in
+@@ -510,6 +510,7 @@ AC_CHECK_HEADERS(io.h sys/time.h)
+ AC_CHECK_FUNCS(getcwd popen gettimeofday isatty)
+ 
+ AC_CHECK_FUNC(tempnam,,AC_DEFINE(tempnam,_FP_tempnam))
++AC_CHECK_FUNCS([mkstemp])
+ 
+ #
+ # strerror might be internally defined. this would cause a

network/uudeview/patches/043_string_format_issue.diff

@@ -0,0 +1,24 @@
+Description: Fix potential security issue (arbitrary string being passed
+ as a format string to fprintf).
+Author: Andrew Shadura <andrewsh@debian.org>
+
+--- a/unix/uuenview.c
++++ b/unix/uuenview.c
+@@ -310,7 +310,7 @@ SendMkCommand (char **rcptlist, char *to
+   }
+ 
+   if ((*rcptlist = (char *) malloc (strlen (towhom) + 16)) == NULL) {
+-    fprintf (stderr, "error: Out of memory allocating %d bytes\n",
++    fprintf (stderr, "error: Out of memory allocating %zd bytes\n",
+ 	     strlen (towhom)+16);
+     _FP_free (command);
+     return NULL;
+@@ -483,7 +483,7 @@ AttachFiles (char *towhom, char *subject
+       if (_FP_stristr (input, "multipart") != NULL) {
+ 	/* it is already a multipart posting. grab the boundary */
+ 	if ((ptr = _FP_stristr (input, "boundary=")) != NULL) {
+-	  fprintf(thepipe,  input);
++	  fprintf(thepipe,  "%s", input);
+ 	  strcpy (boundary, ParseValue (ptr));
+ 	  hadmulti = 1;
+ 	}

network/uudeview/patches/049_glibc_2.27.diff

@@ -0,0 +1,20 @@
+Description: Remove a hack for Sun that causes FTBFS with glibc >= 2.27
+Author: Adrian Bunk <bunk@debian.org>
+
+--- uudeview-0.5.20.orig/tcl/uutcl.c
++++ uudeview-0.5.20/tcl/uutcl.c
+@@ -48,14 +48,6 @@
+ #include <tcl.h>
+ #endif
+ 
+-/*
+- * The following variable is a special hack that is needed in order for
+- * Sun shared libraries to be used for Tcl.
+- */
+-
+-extern int matherr();
+-int *tclDummyMathPtr = (int *) matherr;
+-
+ #include <uudeview.h>
+ #include <uuint.h>
+ #include <fptools.h>

network/uudeview/uudeview.SlackBuild

@@ -7,25 +7,27 @@
 # Released into the public domain
 # V1 - Slackware 13.37 - November 13, 2011
 
+# 20220319 bkw: Modified by SlackBuilds.org, BUILD=2:
+# - fix build on 32-bit.
+# - fix Tcl/Tk autodetection on 64-bit.
+# - add some security patches from Debian.
+
 cd $(dirname $0) ; CWD=$(pwd)
 
 PRGNAM=uudeview
 VERSION=${VERSION:-0.5.20}
-BUILD=${BUILD:-1}
+BUILD=${BUILD:-2}
 TAG=${TAG:-_SBo}
 PKGTYPE=${PKGTYPE:-tgz}
 
 if [ -z "$ARCH" ]; then
   case "$( uname -m )" in
-    i?86) ARCH=i486 ;;
+    i?86) ARCH=i586 ;;
     arm*) ARCH=arm ;;
        *) ARCH=$( uname -m ) ;;
   esac
 fi
 
-# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
-# the name of the created package would be, and then exit. This information
-# could be useful to other scripts.
 if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
   echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
   exit 0
@@ -35,8 +37,8 @@ TMP=${TMP:-/tmp/SBo}
 PKG=$TMP/package-$PRGNAM
 OUTPUT=${OUTPUT:-/tmp}
 
-if [ "$ARCH" = "i486" ]; then
-  SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
   LIBDIRSUFFIX=""
 elif [ "$ARCH" = "i686" ]; then
   SLKCFLAGS="-O2 -march=i686 -mtune=i686"
@@ -60,9 +62,14 @@ cd $PRGNAM-$VERSION
 chown -R root:root .
 find -L . \
  \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \
- -exec chmod 755 {} \; -o \
+ -exec chmod 755 {} \+ -o \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
- -exec chmod 644 {} \;
+ -exec chmod 644 {} \+
+
+# 20220319 bkw: These patches came from: https://packages.debian.org/sid/uudeview
+for i in $CWD/patches/*.diff; do
+  patch -p1 < $i
+done
 
 # NOTE - uudeview does not honor the DESTDIR variable, which is why the $PKG
 # location is prefixed below when running configure
@@ -72,6 +79,8 @@ CXXFLAGS="$SLKCFLAGS" \
 ./configure \
   --prefix=$PKG/usr \
   --mandir=$PKG/usr/man \
+  --enable-tcl=/usr/lib$LIBDIRSUFFIX \
+  --enable-tk=/usr/lib$LIBDIRSUFFIX \
   --build=$ARCH-slackware-linux
 
 make