diff --git a/cscope-15.7-sprintf.patch b/cscope-15.7-sprintf.patch deleted file mode 100644 index 734eff7..0000000 --- a/cscope-15.7-sprintf.patch +++ /dev/null @@ -1,280 +0,0 @@ -Index: src/build.c -=================================================================== ---- src/build.c.orig -+++ src/build.c -@@ -223,7 +223,7 @@ build(void) - if (strcmp(currentdir, home) == 0) { - strcpy(newdir, "$HOME"); - } else if (strncmp(currentdir, home, strlen(home)) == 0) { -- sprintf(newdir, "$HOME%s", currentdir + strlen(home)); -+ snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); - } - /* sort the source file names (needed for rebuilding) */ - qsort(srcfiles, nsrcfiles, sizeof(char *), compare); -@@ -456,7 +456,7 @@ cscope: converting to new symbol databas - } - fstat(fileno(postings), &statstruct); - fclose(postings); -- sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); -+ snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); - if ((postings = mypopen(sortcommand, "r")) == NULL) { - fprintf(stderr, "cscope: cannot open pipe to sort command\n"); - cannotindex(); -Index: src/command.c -=================================================================== ---- src/command.c.orig -+++ src/command.c -@@ -739,7 +739,7 @@ changestring(void) - - /* make sure it can be changed */ - if (access(newfile, WRITE) != 0) { -- sprintf(msg, "Cannot write to file %s", newfile); -+ snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); - postmsg(msg); - anymarked = NO; - break; -Index: src/dir.c -=================================================================== ---- src/dir.c.orig -+++ src/dir.c -@@ -140,7 +140,7 @@ sourcedir(char *dirlist) - - /* compute its path from higher view path source dirs */ - for (i = 1; i < nvpsrcdirs; ++i) { -- sprintf(path, "%.*s/%s", -+ snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - dir_len, - srcdirs[i], dir); - addsrcdir(path); -@@ -208,7 +208,7 @@ includedir(char *dirlist) - - /* compute its path from higher view path source dirs */ - for (i = 1; i < nvpsrcdirs; ++i) { -- sprintf(path, "%.*s/%s", -+ snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - dir_len, - srcdirs[i], dir); - addincdir(dir, path); -@@ -483,8 +483,6 @@ scan_dir(const char *adir, BOOL recurse_ - DIR *dirfile; - int adir_len = strlen(adir); - -- /* FIXME: no guards against adir_len > PATHLEN, yet */ -- - if ((dirfile = opendir(adir)) != NULL) { - struct dirent *entry; - char path[PATHLEN + 1]; -@@ -495,7 +493,7 @@ scan_dir(const char *adir, BOOL recurse_ - && (strcmp("..",entry->d_name) != 0)) { - struct stat buf; - -- sprintf(path,"%s/%.*s", adir, -+ snprintf(path, sizeof(path), "%s/%.*s", adir, - PATHLEN - 2 - adir_len, - entry->d_name); - -@@ -607,14 +605,14 @@ incfile(char *file, char *type) - /* search for the file in the #include directory list */ - for (i = 0; i < nincdirs; ++i) { - /* don't include the file from two directories */ -- sprintf(name, "%.*s/%s", -+ snprintf(name, sizeof(name), "%.*s/%s", - PATHLEN - 2 - file_len, incnames[i], - file); - if (infilelist(name) == YES) { - break; - } - /* make sure it exists and is readable */ -- sprintf(path, "%.*s/%s", -+ snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - file_len, incdirs[i], - file); - if (access(compath(path), READ) == 0) { -@@ -678,7 +676,7 @@ inviewpath(char *file) - - /* compute its path from higher view path source dirs */ - for (i = 1; i < nvpsrcdirs; ++i) { -- sprintf(path, "%.*s/%s", -+ snprintf(path, sizeof(path), "%.*s/%s", - PATHLEN - 2 - file_len, srcdirs[i], - file); - if (accessible_file(path)) { -Index: src/display.c -=================================================================== ---- src/display.c.orig -+++ src/display.c -@@ -478,20 +478,20 @@ search(void) - /* see if it is empty */ - if ((c = getc(refsfound)) == EOF) { - if (findresult != NULL) { -- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", - findresult, Pattern); - } else if (rc == NOTSYMBOL) { -- (void) sprintf(lastmsg, "This is not a C symbol: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", - Pattern); - } else if (rc == REGCMPERROR) { -- (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", - Pattern); - - } else if (funcexist == NO) { -- (void) sprintf(lastmsg, "Function definition does not exist: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", - Pattern); - } else { -- (void) sprintf(lastmsg, "Could not find the %s: %s", -+ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", - fields[field].text2, Pattern); - } - return(NO); -@@ -527,17 +527,17 @@ progress(char *what, long current, long - move(MSGLINE, 0); - clrtoeol(); - addstr(what); -- sprintf(msg, "%ld", current); -+ snprintf(msg, sizeof(msg), "%ld", current); - move(MSGLINE, (COLS / 2) - (strlen(msg) / 2)); - addstr(msg); -- sprintf(msg, "%ld", max); -+ snprintf(msg, sizeof(msg), "%ld", max); - move(MSGLINE, COLS - strlen(msg)); - addstr(msg); - refresh(); - } - else if (verbosemode == YES) - { -- sprintf(msg, "> %s %ld of %ld", what, current, max); -+ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max); - } - - start = now; -@@ -575,7 +575,7 @@ myperror(char *text) - s = sys_errlist[errno]; - } - #endif -- (void) sprintf(msg, "%s: %s", text, s); -+ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s); - postmsg(msg); - } - -Index: src/edit.c -=================================================================== ---- src/edit.c.orig -+++ src/edit.c -@@ -105,9 +105,9 @@ edit(char *file, char *linenum) - char *s; - - file = filepath(file); -- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file); -+ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file); - postmsg(msg); -- (void) sprintf(plusnum, lineflag, linenum); -+ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum); - /* if this is the more or page commands */ - if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) { - -@@ -132,7 +132,7 @@ filepath(char *file) - static char path[PATHLEN + 1]; - - if (prependpath != NULL && *file != '/') { -- (void) sprintf(path, "%s/%s", prependpath, file); -+ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file); - file = path; - } - return(file); -Index: src/exec.c -=================================================================== ---- src/exec.c.orig -+++ src/exec.c -@@ -123,7 +123,7 @@ myexecvp(char *a, char **args) - - /* execute the program or shell script */ - execvp(a, args); /* returns only on failure */ -- sprintf(msg, "\nCannot exec %s", a); -+ snprintf(msg, sizeof(msg), "\nCannot exec %s", a); - perror(msg); /* display the reason */ - askforreturn(); /* wait until the user sees the message */ - myexit(1); /* exit the child */ -Index: src/find.c -=================================================================== ---- src/find.c.orig -+++ src/find.c -@@ -673,7 +673,7 @@ findinit(char *pattern) - /* must be an exact match */ - /* note: regcomp doesn't recognize ^*keypad$ as a syntax error - unless it is given as a single arg */ -- (void) sprintf(buf, "^%s$", s); -+ (void) snprintf(buf, sizeof(buf), "^%s$", s); - if (regcomp (®exp, buf, REG_EXTENDED | REG_NOSUB) != 0) { - return(REGCMPERROR); - } -Index: src/main.c -=================================================================== ---- src/main.c.orig -+++ src/main.c -@@ -388,12 +388,12 @@ cscope: Could not create private temp di - * used instead of failing to open a non-existant database in - * the home directory - */ -- sprintf(path, "%s/%s", home, reffile); -+ snprintf(path, sizeof(path), "%s/%s", home, reffile); - if (isuptodate == NO || access(path, READ) == 0) { - reffile = my_strdup(path); -- sprintf(path, "%s/%s", home, invname); -+ snprintf(path, sizeof(path), "%s/%s", home, invname); - invname = my_strdup(path); -- sprintf(path, "%s/%s", home, invpost); -+ snprintf(path, sizeof(path), "%s/%s", home, invpost); - invpost = my_strdup(path); - } - } -@@ -741,7 +741,7 @@ cannotwrite(char *file) - #else - char *msg = mymalloc(50 + strlen(file)); - -- sprintf(msg, "Removed file %s because write failed", file); -+ snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); - #endif - - myperror(msg); /* display the reason */ -Index: src/vpaccess.c -=================================================================== ---- src/vpaccess.c.orig -+++ src/vpaccess.c -@@ -49,7 +49,7 @@ vpaccess(char *path, mode_t amode) - if ((returncode = access(path, amode)) == -1 && path[0] != '/') { - vpinit(NULL); - for (i = 1; i < vpndirs; i++) { -- (void) sprintf(buf, "%s/%s", vpdirs[i], path); -+ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); - if ((returncode = access(buf, amode)) != -1) { - break; - } -Index: src/vpfopen.c -=================================================================== ---- src/vpfopen.c.orig -+++ src/vpfopen.c -@@ -53,7 +53,7 @@ vpfopen(char *filename, char *type) - ) { - vpinit(NULL); - for (i = 1; i < vpndirs; i++) { -- (void) sprintf(buf, "%s/%s", vpdirs[i], filename); -+ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename); - if ((returncode = myfopen(buf, type)) != NULL) { - break; - } -Index: src/vpopen.c -=================================================================== ---- src/vpopen.c.orig -+++ src/vpopen.c -@@ -52,7 +52,7 @@ vpopen(char *path, int oflag) - oflag == OPENFLAG_READ) { - vpinit(NULL); - for (i = 1; i < vpndirs; i++) { -- (void) sprintf(buf, "%s/%s", vpdirs[i], path); -+ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); - if ((returncode = myopen(buf, oflag, 0666)) != -1) { - break; - } diff --git a/cscope-15.7.tar.bz2 b/cscope-15.7.tar.bz2 deleted file mode 100644 index a457acf..0000000 --- a/cscope-15.7.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6a657a320f6601c28875aed2a487d55fe14b467b18f4631546016bb60e08cf33 -size 243576 diff --git a/cscope-15.7a.tar.bz2 b/cscope-15.7a.tar.bz2 new file mode 100644 index 0000000..f0d1549 --- /dev/null +++ b/cscope-15.7a.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:02638bcba790bc8b0562f28dbe789e61794415079d94a676efc287d18dc96037 +size 361214 diff --git a/cscope.changes b/cscope.changes index 99b3150..b058639 100644 --- a/cscope.changes +++ b/cscope.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon May 4 14:00:34 CEST 2009 - puzel@suse.cz + +- updated to 15.7a + - replace all calls of sprintf by snprintf to avoid + possible buffer overflows +remove cscope-15.7-sprintf.patch (obsolete) + ------------------------------------------------------------------- Sat Feb 14 11:12:26 CEST 2009 - puzel@suse.cz diff --git a/cscope.spec b/cscope.spec index c508086..f1f2ffc 100644 --- a/cscope.spec +++ b/cscope.spec @@ -1,5 +1,5 @@ # -# spec file for package cscope (Version 15.7) +# spec file for package cscope (Version 15.7a) # # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -25,18 +25,16 @@ BuildRequires: bison License: BSD 3-Clause Group: Development/Tools/Navigators AutoReqProv: on -Version: 15.7 +Version: 15.7a Release: 1 Summary: Interactive Tool for Browsing C Source Code Source: %{name}-%{version}.tar.bz2 Patch1: %{name}-null.patch -Patch2: %{name}-%{version}-gcc-warnings.patch -Patch3: %{name}-%{version}-vpath.patch -Patch4: %{name}-%{version}-sprintf.patch +Patch2: %{name}-15.7-gcc-warnings.patch +Patch3: %{name}-15.7-vpath.patch Patch5: %{name}-cleanup_on_sigterm.patch Url: http://cscope.sourceforge.net/ BuildRoot: %{_tmppath}/%{name}-%{version}-build -%define _prefix /usr %description Cscope is an interactive, screen-oriented tool that allows the user to @@ -57,7 +55,6 @@ Authors: %patch1 -p1 %patch2 %patch3 -%patch4 %patch5 %build @@ -85,6 +82,11 @@ rm -rf $RPM_BUILD_ROOT %{_bindir}/ocs %changelog +* Mon May 04 2009 puzel@suse.cz +- updated to 15.7a + - replace all calls of sprintf by snprintf to avoid + possible buffer overflows + remove cscope-15.7-sprintf.patch (obsolete) * Sat Feb 14 2009 puzel@suse.cz - update to 15.7 - bugfix release