Miroirs/slackbuilds_ponce
1
0
Fork 0
mirror of https://github.com/Ponce/slackbuilds synced 2024-11-25 10:03:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

network/uudeview: Fix 32-bit build.

Browse source 
Signed-off-by: B. Watson <yalhcru@gmail.com>

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
B. Watson 2022-03-19 12:57:49 -04:00 committed by Willy Sudiarto Raharjo
parent b7733ec8ba
commit 31b4a7eef6
No known key found for this signature in database
GPG key ID: 3F617144D7238786
6 changed files with 308 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
network/uudeview/patches/025_CAN-2004-2265.diff Normal file
View file

@ -0,0 +1,42 @@
Description: CAN-2004-2265
Fix possible (but highly unlikely) race in temporary file generation
(CAN-2004-2265), by passing the "x" (O_EXCL) flag to fopen when opening
such files. (Closes: #320541)
0.5.20-2.1
Author: Steinar H. Gunderson <sesse@debian.org>
Bug-Debian: http://bugs.debian.org/320541
--- a/unix/uudeview.c
+++ b/unix/uudeview.c
@@ -454,7 +454,7 @@ proc_stdin (void)
return 0;
}
- if ((target = fopen (stdfile, "wb")) == NULL) {
+ if ((target = fopen (stdfile, "wbx")) == NULL) {
fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
stdfile, strerror (errno));
_FP_free (stdfile);
--- a/uulib/uunconc.c
+++ b/uulib/uunconc.c
@@ -1325,9 +1325,9 @@ UUDecode (uulist *data)
return UURET_NODATA;
if (data->uudet == PT_ENCODED)
- mode = "wt"; /* open text files in text mode */
+ mode = "wtx"; /* open text files in text mode */
else
- mode = "wb"; /* otherwise in binary */
+ mode = "wbx"; /* otherwise in binary */
if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
@@ -1502,7 +1502,7 @@ UUDecode (uulist *data)
progress.action = 0;
return UURET_NOMEM;
}
- if ((datain = fopen (data->binfile, "rb")) == NULL) {
+ if ((datain = fopen (data->binfile, "rbx")) == NULL) {
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NOT_OPEN_FILE),
data->binfile, strerror (uu_errno = errno));

22
network/uudeview/patches/034_do_not_ignore_special_chars.diff Normal file
View file

@ -0,0 +1,22 @@
Description: Don't ignore special chars when parsing MIME.
0.5.20-3
Author: Chris Hanson
Bug-Debian: https://bugs.debian.org/341440
--- a/uulib/uuscan.c
+++ b/uulib/uuscan.c
@@ -387,10 +387,10 @@ ParseValue (char *attribute)
*attribute != '(' && *attribute != ')' &&
*attribute != '<' && *attribute != '>' &&
*attribute != '@' && *attribute != ',' &&
- /* *attribute != ';' && */ *attribute != ':' &&
- *attribute != '\\' &&*attribute != '"' &&
- *attribute != '/' && /* *attribute != '[' &&
- *attribute != ']' && */ *attribute != '?' &&
+ *attribute != ';' && *attribute != ':' &&
+ *attribute != '\\' && *attribute != '"' &&
+ *attribute != '/' && *attribute != '[' &&
+ *attribute != ']' && *attribute != '?' &&
*attribute != '=' && length < 255) {
*ptr++ = *attribute++;
length++;

182
network/uudeview/patches/037_CVE-2008-2266_symlink.diff Normal file
View file

@ -0,0 +1,182 @@
Description: Fixed a classical tempfile symlink attack vulnerability in libuu.
See Version: 0.5.20-3.1.
Author: Nico Golde <nion@debian.org>
Bug-Debian: http://bugs.debian.org/480972
--- a/uulib/uunconc.c
+++ b/uulib/uunconc.c
@@ -1311,6 +1311,11 @@ UUDecode (uulist *data)
char *mode, *ntmp;
uufile *iter;
size_t bytes;
+#ifdef HAVE_MKSTEMP
+ int tmpfd;
+ const char *tmpprefix = "uuXXXXXX";
+ char *tmpdir = NULL;
+#endif /* HAVE_MKSTEMP */
if (data == NULL || data->thisfile == NULL)
return UURET_ILLVAL;
@@ -1329,13 +1334,35 @@ UUDecode (uulist *data)
else
mode = "wbx"; /* otherwise in binary */
+#ifdef HAVE_MKSTEMP
+ if ((getuid()==geteuid()) && (getgid()==getegid())) {
+ tmpdir=getenv("TMPDIR");
+ }
+
+ if (!tmpdir) {
+ tmpdir = "/tmp";
+ }
+ data->binfile = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
+
+ if (!data->binfile) {
+#else
if ((data->binfile = tempnam (NULL, "uu")) == NULL) {
+#endif /* HAVE_MKSTEMP */
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NO_TEMP_NAME));
return UURET_NOMEM;
}
+#ifdef HAVE_MKSTEMP
+ strcpy(data->binfile, tmpdir);
+ strcat(data->binfile, "/");
+ strcat(data->binfile, tmpprefix);
+
+ if ((tmpfd = mkstemp(data->binfile)) == -1 ||
+ (dataout = fdopen(tmpfd, mode)) == NULL) {
+#else
if ((dataout = fopen (data->binfile, mode)) == NULL) {
+#endif /* HAVE_MKSTEMP */
/*
* we couldn't create a temporary file. Usually this means that TMP
* and TEMP aren't set
@@ -1343,6 +1370,12 @@ UUDecode (uulist *data)
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_WR_ERR_TARGET),
data->binfile, strerror (uu_errno = errno));
+#ifdef HAVE_MKSTEMP
+ if (tmpfd != -1) {
+ unlink(data->binfile);
+ close(tmpfd);
+ }
+#endif /* HAVE_MKSTEMP */
_FP_free (data->binfile);
data->binfile = NULL;
uu_errno = errno;
@@ -1499,7 +1532,13 @@ UUDecode (uulist *data)
*/
if (data->uudet == BH_ENCODED && data->binfile) {
+#ifdef HAVE_MKSTEMP
+ ntmp = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
+
+ if (ntmp == NULL) {
+#else
if ((ntmp = tempnam (NULL, "uu")) == NULL) {
+#endif /* HAVE_MKSTEMP */
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NO_TEMP_NAME));
progress.action = 0;
@@ -1513,15 +1552,31 @@ UUDecode (uulist *data)
free (ntmp);
return UURET_IOERR;
}
+
+#ifdef HAVE_MKSTEMP
+ strcpy(ntmp, tmpdir);
+ strcat(ntmp, "/");
+ strcat(ntmp, tmpprefix);
+ if ((tmpfd = mkstemp(ntmp)) == -1 ||
+ (dataout = fdopen(tmpfd, "wb")) == NULL) {
+#else
if ((dataout = fopen (ntmp, "wb")) == NULL) {
+#endif /* HAVE_MKSTEMP */
UUMessage (uunconc_id, __LINE__, UUMSG_ERROR,
uustring (S_NOT_OPEN_TARGET),
ntmp, strerror (uu_errno = errno));
progress.action = 0;
fclose (datain);
+#ifdef HAVE_MKSTEMP
+ if (tmpfd != -1) {
+ unlink(ntmp);
+ close(tmpfd);
+ }
+#endif /* HAVE_MKSTEMP */
free (ntmp);
return UURET_IOERR;
}
+
/*
* read fork lengths. remember they're in Motorola format
*/
--- a/uulib/configure.in
+++ b/uulib/configure.in
@@ -41,6 +41,7 @@ AC_CHECK_HEADERS(io.h sys/time.h)
AC_CHECK_FUNCS(gettimeofday)
AC_CHECK_FUNC(tempnam,,AC_DEFINE(tempnam,_FP_tempnam))
+AC_CHECK_FUNCS([mkstemp])
#
# strerror might be internally defined. this would cause a
--- a/unix/uudeview.c
+++ b/unix/uudeview.c
@@ -443,18 +443,45 @@ proc_stdin (void)
FILE *target;
size_t bytes;
int res;
+#ifdef HAVE_MKSTEMP
+ int tmpfd;
+ const char *tmpprefix = "uuXXXXXX";
+ char *tmpdir = NULL;
+#endif /* HAVE_MKSTEMP */
if (stdinput) {
fprintf (stderr, "proc_stdin: cannot process stdin twice\n");
return 0;
}
+#ifdef HAVE_MKSTEMP
+ if ((getuid()==geteuid()) && (getgid()==getegid())) {
+ tmpdir=getenv("TMPDIR");
+ }
+
+ if (!tmpdir) {
+ tmpdir = "/tmp";
+ }
+ stdfile = malloc(strlen(tmpdir)+strlen(tmpprefix)+2);
+
+ if (!stdfile) {
+#else
if ((stdfile = tempnam (NULL, "uu")) == NULL) {
+#endif
fprintf (stderr, "proc_stdin: cannot get temporary file\n");
return 0;
}
+#ifdef HAVE_MKSTEMP
+ strcpy(stdfile, tmpdir);
+ strcat(stdfile, "/");
+ strcat(stdfile, tmpprefix);
+
+ if ((tmpfd = mkstemp(stdfile)) == -1 ||
+ (target = fdopen(tmpfd, "wbx")) == NULL) {
+#else
if ((target = fopen (stdfile, "wbx")) == NULL) {
+#endif
fprintf (stderr, "proc_stdin: cannot open temp file %s for writing: %s\n",
stdfile, strerror (errno));
_FP_free (stdfile);
--- a/configure.in
+++ b/configure.in
@@ -510,6 +510,7 @@ AC_CHECK_HEADERS(io.h sys/time.h)
AC_CHECK_FUNCS(getcwd popen gettimeofday isatty)
AC_CHECK_FUNC(tempnam,,AC_DEFINE(tempnam,_FP_tempnam))
+AC_CHECK_FUNCS([mkstemp])
#
# strerror might be internally defined. this would cause a

24
network/uudeview/patches/043_string_format_issue.diff Normal file
View file

@ -0,0 +1,24 @@
Description: Fix potential security issue (arbitrary string being passed
as a format string to fprintf).
Author: Andrew Shadura <andrewsh@debian.org>
--- a/unix/uuenview.c
+++ b/unix/uuenview.c
@@ -310,7 +310,7 @@ SendMkCommand (char **rcptlist, char *to
}
if ((*rcptlist = (char *) malloc (strlen (towhom) + 16)) == NULL) {
- fprintf (stderr, "error: Out of memory allocating %d bytes\n",
+ fprintf (stderr, "error: Out of memory allocating %zd bytes\n",
strlen (towhom)+16);
_FP_free (command);
return NULL;
@@ -483,7 +483,7 @@ AttachFiles (char *towhom, char *subject
if (_FP_stristr (input, "multipart") != NULL) {
/* it is already a multipart posting. grab the boundary */
if ((ptr = _FP_stristr (input, "boundary=")) != NULL) {
- fprintf(thepipe, input);
+ fprintf(thepipe, "%s", input);
strcpy (boundary, ParseValue (ptr));
hadmulti = 1;
}

20
network/uudeview/patches/049_glibc_2.27.diff Normal file
View file

@ -0,0 +1,20 @@
Description: Remove a hack for Sun that causes FTBFS with glibc >= 2.27
Author: Adrian Bunk <bunk@debian.org>
--- uudeview-0.5.20.orig/tcl/uutcl.c
+++ uudeview-0.5.20/tcl/uutcl.c
@@ -48,14 +48,6 @@
#include <tcl.h>
#endif
-/*
- * The following variable is a special hack that is needed in order for
- * Sun shared libraries to be used for Tcl.
- */
-
-extern int matherr();
-int *tclDummyMathPtr = (int *) matherr;
-
#include <uudeview.h>
#include <uuint.h>
#include <fptools.h>

27
network/uudeview/uudeview.SlackBuild
View file

@ -7,25 +7,27 @@
# Released into the public domain # Released into the public domain
# V1 - Slackware 13.37 - November 13, 2011 # V1 - Slackware 13.37 - November 13, 2011
# 20220319 bkw: Modified by SlackBuilds.org, BUILD=2:
# - fix build on 32-bit.
# - fix Tcl/Tk autodetection on 64-bit.
# - add some security patches from Debian.
cd $(dirname $0) ; CWD=$(pwd) cd $(dirname $0) ; CWD=$(pwd)
PRGNAM=uudeview PRGNAM=uudeview
VERSION=${VERSION:-0.5.20} VERSION=${VERSION:-0.5.20}
BUILD=${BUILD:-1} BUILD=${BUILD:-2}
TAG=${TAG:-_SBo} TAG=${TAG:-_SBo}
PKGTYPE=${PKGTYPE:-tgz} PKGTYPE=${PKGTYPE:-tgz}
if [ -z "$ARCH" ]; then if [ -z "$ARCH" ]; then
case "$( uname -m )" in case "$( uname -m )" in
i?86) ARCH=i486 ;; i?86) ARCH=i586 ;;
arm*) ARCH=arm ;; arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;; *) ARCH=$( uname -m ) ;;
esac esac
fi fi
# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
# the name of the created package would be, and then exit. This information
# could be useful to other scripts.
if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
exit 0 exit 0
@ -35,8 +37,8 @@ TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp} OUTPUT=${OUTPUT:-/tmp}
if [ "$ARCH" = "i486" ]; then if [ "$ARCH" = "i586" ]; then
SLKCFLAGS="-O2 -march=i486 -mtune=i686" SLKCFLAGS="-O2 -march=i586 -mtune=i686"
LIBDIRSUFFIX="" LIBDIRSUFFIX=""
elif [ "$ARCH" = "i686" ]; then elif [ "$ARCH" = "i686" ]; then
SLKCFLAGS="-O2 -march=i686 -mtune=i686" SLKCFLAGS="-O2 -march=i686 -mtune=i686"
@ -60,9 +62,14 @@ cd $PRGNAM-$VERSION
chown -R root:root . chown -R root:root .
find -L . \ find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 -o -perm 511 \) \
-exec chmod 755 {} \; -o \ -exec chmod 755 {} \+ -o \
\( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
-exec chmod 644 {} \; -exec chmod 644 {} \+
# 20220319 bkw: These patches came from: https://packages.debian.org/sid/uudeview
for i in $CWD/patches/*.diff; do
patch -p1 < $i
done
# NOTE - uudeview does not honor the DESTDIR variable, which is why the $PKG # NOTE - uudeview does not honor the DESTDIR variable, which is why the $PKG
# location is prefixed below when running configure # location is prefixed below when running configure
@ -72,6 +79,8 @@ CXXFLAGS="$SLKCFLAGS" \
./configure \ ./configure \
--prefix=$PKG/usr \ --prefix=$PKG/usr \
--mandir=$PKG/usr/man \ --mandir=$PKG/usr/man \
--enable-tcl=/usr/lib$LIBDIRSUFFIX \
--enable-tk=/usr/lib$LIBDIRSUFFIX \
--build=$ARCH-slackware-linux --build=$ARCH-slackware-linux
make make