summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTobias Klauser <tklauser@distanz.ch>2009-05-23 16:00:01 +0200
committerTobias Klauser <tklauser@distanz.ch>2009-05-24 12:05:26 +0200
commit29dd244ddd53b8acf4a2b9abe3fd62bf44575bbd (patch)
treee43f66bafe897a2882209865b52b4edbdeff8c77
parentb37e0da0b7dc72ddfa513e319ca71b5f5b8aeb7d (diff)
Security fix for cscope 15.6-2 in etch (CVE 2009-0148)15.6-2+etch1oldstable-security
-rwxr-xr-xconfig.guess107
-rwxr-xr-xconfig.sub116
-rw-r--r--debian/changelog7
-rw-r--r--debian/patches/00list1
-rwxr-xr-xdebian/patches/04-cve-2009-0148.dpatch344
5 files changed, 529 insertions, 46 deletions
diff --git a/config.guess b/config.guess
index 396482d..da83314 100755
--- a/config.guess
+++ b/config.guess
@@ -1,10 +1,10 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
-# Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+# Free Software Foundation, Inc.
-timestamp='2006-07-02'
+timestamp='2009-04-27'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -56,8 +56,8 @@ version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -161,6 +161,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
+ sh5el) machine=sh5le-unknown ;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
@@ -323,14 +324,30 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
+ s390x:SunOS:*:*)
+ echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
- i86pc:SunOS:5.*:*)
- echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+ i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+ eval $set_cc_for_build
+ SUN_ARCH="i386"
+ # If there is a compiler, see if it is configured for 64-bit objects.
+ # Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+ # This test works for both compilers.
+ if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+ if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+ (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+ grep IS_64BIT_ARCH >/dev/null
+ then
+ SUN_ARCH="x86_64"
+ fi
+ fi
+ echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
@@ -531,7 +548,7 @@ EOF
echo rs6000-ibm-aix3.2
fi
exit ;;
- *:AIX:*:[45])
+ *:AIX:*:[456])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
@@ -780,7 +797,7 @@ EOF
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit ;;
- i*:MINGW*:*)
+ *:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
i*:windows32*:*)
@@ -790,12 +807,18 @@ EOF
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit ;;
- x86:Interix*:[3456]*)
- echo i586-pc-interix${UNAME_RELEASE}
- exit ;;
- EM64T:Interix*:[3456]*)
- echo x86_64-unknown-interix${UNAME_RELEASE}
- exit ;;
+ *:Interix*:[3456]*)
+ case ${UNAME_MACHINE} in
+ x86)
+ echo i586-pc-interix${UNAME_RELEASE}
+ exit ;;
+ EM64T | authenticamd | genuineintel)
+ echo x86_64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ IA64)
+ echo ia64-unknown-interix${UNAME_RELEASE}
+ exit ;;
+ esac ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit ;;
@@ -829,7 +852,14 @@ EOF
echo ${UNAME_MACHINE}-pc-minix
exit ;;
arm*:Linux:*:*)
- echo ${UNAME_MACHINE}-unknown-linux-gnu
+ eval $set_cc_for_build
+ if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+ | grep -q __ARM_EABI__
+ then
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ else
+ echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+ fi
exit ;;
avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-gnu
@@ -921,6 +951,9 @@ EOF
if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
exit ;;
+ padre:Linux:*:*)
+ echo sparc-unknown-linux-gnu
+ exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
@@ -950,6 +983,9 @@ EOF
x86_64:Linux:*:*)
echo x86_64-unknown-linux-gnu
exit ;;
+ xtensa*:Linux:*:*)
+ echo ${UNAME_MACHINE}-unknown-linux-gnu
+ exit ;;
i*86:Linux:*:*)
# The BFD linker knows what the default object file format is, so
# first see if it will tell us. cd to the root directory to prevent
@@ -968,9 +1004,6 @@ EOF
a.out-i386-linux)
echo "${UNAME_MACHINE}-pc-linux-gnuaout"
exit ;;
- coff-i386)
- echo "${UNAME_MACHINE}-pc-linux-gnucoff"
- exit ;;
"")
# Either a pre-BFD a.out linker (linux-gnuoldld) or
# one that does not give us useful --help.
@@ -1085,8 +1118,11 @@ EOF
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
- # the processor, so we play safe by assuming i386.
- echo i386-pc-msdosdjgpp
+ # the processor, so we play safe by assuming i586.
+ # Note: whatever this is, it MUST be the same as what config.sub
+ # prints for the "djgpp" host, or else GDB configury will decide that
+ # this is a cross-build.
+ echo i586-pc-msdosdjgpp
exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
@@ -1124,6 +1160,16 @@ EOF
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4; exit; } ;;
+ NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+ OS_REL='.3'
+ test -r /etc/.relid \
+ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+ /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+ && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+ /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+ && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit ;;
@@ -1199,6 +1245,9 @@ EOF
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit ;;
+ BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
+ echo i586-pc-haiku
+ exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
@@ -1208,6 +1257,15 @@ EOF
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
exit ;;
+ SX-7:SUPER-UX:*:*)
+ echo sx7-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8:SUPER-UX:*:*)
+ echo sx8-nec-superux${UNAME_RELEASE}
+ exit ;;
+ SX-8R:SUPER-UX:*:*)
+ echo sx8r-nec-superux${UNAME_RELEASE}
+ exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
@@ -1298,6 +1356,9 @@ EOF
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
exit ;;
+ i*86:AROS:*:*)
+ echo ${UNAME_MACHINE}-pc-aros
+ exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2
@@ -1458,9 +1519,9 @@ This script, last modified $timestamp, has failed to recognize
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
- http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
and
- http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
+ http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
diff --git a/config.sub b/config.sub
index fab0aa3..a39437d 100755
--- a/config.sub
+++ b/config.sub
@@ -1,10 +1,10 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation,
-# Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
+# Free Software Foundation, Inc.
-timestamp='2006-09-20'
+timestamp='2009-04-17'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -72,8 +72,8 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005
-Free Software Foundation, Inc.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@@ -122,6 +122,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+ kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@@ -245,17 +246,20 @@ case $basic_machine in
| bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
- | fr30 | frv \
+ | fido | fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
+ | lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
- | maxq | mb | microblaze | mcore \
+ | maxq | mb | microblaze | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
- | mips64vr | mips64vrel \
+ | mips64octeon | mips64octeonel \
| mips64orion | mips64orionel \
+ | mips64r5900 | mips64r5900el \
+ | mips64vr | mips64vrel \
| mips64vr4100 | mips64vr4100el \
| mips64vr4300 | mips64vr4300el \
| mips64vr5000 | mips64vr5000el \
@@ -268,6 +272,7 @@ case $basic_machine in
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
+ | moxie \
| mt \
| msp430 \
| nios | nios2 \
@@ -277,7 +282,7 @@ case $basic_machine in
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
| score \
- | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+ | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@@ -286,7 +291,7 @@ case $basic_machine in
| v850 | v850e \
| we32k \
| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
- | z8k)
+ | z8k | z80)
basic_machine=$basic_machine-unknown
;;
m6811 | m68hc11 | m6812 | m68hc12)
@@ -324,19 +329,22 @@ case $basic_machine in
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
- | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \
+ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
+ | lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | maxq-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
- | mips64vr-* | mips64vrel-* \
+ | mips64octeon-* | mips64octeonel-* \
| mips64orion-* | mips64orionel-* \
+ | mips64r5900-* | mips64r5900el-* \
+ | mips64vr-* | mips64vrel-* \
| mips64vr4100-* | mips64vr4100el-* \
| mips64vr4300-* | mips64vr4300el-* \
| mips64vr5000-* | mips64vr5000el-* \
@@ -358,20 +366,24 @@ case $basic_machine in
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
- | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
- | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
+ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
| tron-* \
| v850-* | v850e-* | vax-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
- | xstormy16-* | xtensa-* \
+ | xstormy16-* | xtensa*-* \
| ymp-* \
- | z8k-*)
+ | z8k-* | z80-*)
+ ;;
+ # Recognize the basic CPU types without company name, with glob match.
+ xtensa*)
+ basic_machine=$basic_machine-unknown
;;
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
@@ -435,6 +447,10 @@ case $basic_machine in
basic_machine=m68k-apollo
os=-bsd
;;
+ aros)
+ basic_machine=i386-pc
+ os=-aros
+ ;;
aux)
basic_machine=m68k-apple
os=-aux
@@ -443,10 +459,22 @@ case $basic_machine in
basic_machine=ns32k-sequent
os=-dynix
;;
+ blackfin)
+ basic_machine=bfin-unknown
+ os=-linux
+ ;;
+ blackfin-*)
+ basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
c90)
basic_machine=c90-cray
os=-unicos
;;
+ cegcc)
+ basic_machine=arm-unknown
+ os=-cegcc
+ ;;
convex-c1)
basic_machine=c1-convex
os=-bsd
@@ -475,8 +503,8 @@ case $basic_machine in
basic_machine=craynv-cray
os=-unicosmp
;;
- cr16c)
- basic_machine=cr16c-unknown
+ cr16)
+ basic_machine=cr16-unknown
os=-elf
;;
crds | unos)
@@ -514,6 +542,10 @@ case $basic_machine in
basic_machine=m88k-motorola
os=-sysv3
;;
+ dicos)
+ basic_machine=i686-pc
+ os=-dicos
+ ;;
djgpp)
basic_machine=i586-pc
os=-msdosdjgpp
@@ -668,6 +700,14 @@ case $basic_machine in
basic_machine=m68k-isi
os=-sysv
;;
+ m68knommu)
+ basic_machine=m68k-unknown
+ os=-linux
+ ;;
+ m68knommu-*)
+ basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
m88k-omron*)
basic_machine=m88k-omron
;;
@@ -683,6 +723,10 @@ case $basic_machine in
basic_machine=i386-pc
os=-mingw32
;;
+ mingw32ce)
+ basic_machine=arm-unknown
+ os=-mingw32ce
+ ;;
miniframe)
basic_machine=m68000-convergent
;;
@@ -809,6 +853,14 @@ case $basic_machine in
basic_machine=i860-intel
os=-osf
;;
+ parisc)
+ basic_machine=hppa-unknown
+ os=-linux
+ ;;
+ parisc-*)
+ basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+ os=-linux
+ ;;
pbd)
basic_machine=sparc-tti
;;
@@ -925,6 +977,9 @@ case $basic_machine in
basic_machine=sh-hitachi
os=-hms
;;
+ sh5el)
+ basic_machine=sh5le-unknown
+ ;;
sh64)
basic_machine=sh64-unknown
;;
@@ -1014,6 +1069,10 @@ case $basic_machine in
basic_machine=tic6x-unknown
os=-coff
;;
+ tile*)
+ basic_machine=tile-unknown
+ os=-linux-gnu
+ ;;
tx39)
basic_machine=mipstx39-unknown
;;
@@ -1089,6 +1148,10 @@ case $basic_machine in
basic_machine=z8k-unknown
os=-sim
;;
+ z80-*-coff)
+ basic_machine=z80-unknown
+ os=-sim
+ ;;
none)
basic_machine=none-none
os=-none
@@ -1127,7 +1190,7 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
- sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
+ sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
@@ -1199,8 +1262,9 @@ case $os in
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
+ | -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
- | -aos* \
+ | -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
@@ -1209,7 +1273,7 @@ case $os in
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
- | -chorusos* | -chorusrdb* \
+ | -chorusos* | -chorusrdb* | -cegcc* \
| -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* \
@@ -1219,7 +1283,7 @@ case $os in
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
- | -skyos* | -haiku* | -rdos* | -toppers*)
+ | -skyos* | -haiku* | -rdos* | -toppers* | -drops*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@@ -1349,6 +1413,9 @@ case $os in
-zvmoe)
os=-zvmoe
;;
+ -dicos*)
+ os=-dicos
+ ;;
-none)
;;
*)
@@ -1414,6 +1481,9 @@ case $basic_machine in
m68*-cisco)
os=-aout
;;
+ mep-*)
+ os=-elf
+ ;;
mips*-cisco)
os=-elf
;;
diff --git a/debian/changelog b/debian/changelog
index db2961e..7ca8819 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+cscope (15.6-2+etch1) oldstable-security; urgency=high
+
+ * Security update to fix multiple buffer overflows (CVE-2009-0148). Patch by
+ Moritz Muehlenhoff and Matthew Murphy.
+
+ -- Tobias Klauser <tklauser@distanz.ch> Sat, 23 May 2009 15:54:31 +0200
+
cscope (15.6-2) unstable; urgency=low
* Fix crash on resize when used inside vim. Patch taken from upstream BTS
diff --git a/debian/patches/00list b/debian/patches/00list
index 759b17a..0eaa22f 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -1 +1,2 @@
01-fix-resize-crash-inside-vim
+04-cve-2009-0148
diff --git a/debian/patches/04-cve-2009-0148.dpatch b/debian/patches/04-cve-2009-0148.dpatch
new file mode 100755
index 0000000..8f2125e
--- /dev/null
+++ b/debian/patches/04-cve-2009-0148.dpatch
@@ -0,0 +1,344 @@
+#!/bin/sh /usr/share/dpatch/dpatch-run
+## 04-cve-2009-0148.dpatch
+##
+## DP: Fix for CVE-2009-0148 by Moritz Muehlenhoff and Matthew Murphy
+## DP: Closes: 528510
+
+diff --git a/src/build.c b/src/build.c
+index ada2ea1..717d618 100644
+--- a/src/build.c
++++ b/src/build.c
+@@ -223,7 +223,7 @@ build(void)
+ if (strcmp(currentdir, home) == 0) {
+ strcpy(newdir, "$HOME");
+ } else if (strncmp(currentdir, home, strlen(home)) == 0) {
+- sprintf(newdir, "$HOME%s", currentdir + strlen(home));
++ snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home));
+ }
+ /* sort the source file names (needed for rebuilding) */
+ qsort(srcfiles, nsrcfiles, sizeof(char *), compare);
+@@ -454,7 +454,7 @@ cscope: converting to new symbol database file format\n");
+ }
+ fstat(fileno(postings), &statstruct);
+ fclose(postings);
+- sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
++ snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1);
+ if ((postings = mypopen(sortcommand, "r")) == NULL) {
+ fprintf(stderr, "cscope: cannot open pipe to sort command\n");
+ cannotindex();
+diff --git a/src/command.c b/src/command.c
+index 0974352..8c9f277 100644
+--- a/src/command.c
++++ b/src/command.c
+@@ -739,7 +739,7 @@ changestring(void)
+
+ /* make sure it can be changed */
+ if (access(newfile, WRITE) != 0) {
+- sprintf(msg, "Cannot write to file %s", newfile);
++ snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile);
+ postmsg(msg);
+ anymarked = NO;
+ break;
+diff --git a/src/dir.c b/src/dir.c
+index 5773231..33fd7d1 100644
+--- a/src/dir.c
++++ b/src/dir.c
+@@ -139,7 +139,7 @@ sourcedir(char *dirlist)
+
+ /* compute its path from higher view path source dirs */
+ for (i = 1; i < nvpsrcdirs; ++i) {
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - dir_len,
+ srcdirs[i], dir);
+ addsrcdir(path);
+@@ -207,7 +207,7 @@ includedir(char *dirlist)
+
+ /* compute its path from higher view path source dirs */
+ for (i = 1; i < nvpsrcdirs; ++i) {
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - dir_len,
+ srcdirs[i], dir);
+ addincdir(dir, path);
+@@ -482,8 +482,6 @@ scan_dir(const char *adir, BOOL recurse_dir)
+ DIR *dirfile;
+ int adir_len = strlen(adir);
+
+- /* FIXME: no guards against adir_len > PATHLEN, yet */
+-
+ if ((dirfile = opendir(adir)) != NULL) {
+ struct dirent *entry;
+ char path[PATHLEN + 1];
+@@ -494,7 +492,7 @@ scan_dir(const char *adir, BOOL recurse_dir)
+ && (strcmp("..",entry->d_name) != 0)) {
+ struct stat buf;
+
+- sprintf(path,"%s/%.*s", adir,
++ snprintf(path, sizeof(path), "%s/%.*s", adir,
+ PATHLEN - 2 - adir_len,
+ entry->d_name);
+
+@@ -604,14 +602,14 @@ incfile(char *file, char *type)
+ /* search for the file in the #include directory list */
+ for (i = 0; i < nincdirs; ++i) {
+ /* don't include the file from two directories */
+- sprintf(name, "%.*s/%s",
++ snprintf(name, sizeof(name), "%.*s/%s",
+ PATHLEN - 2 - file_len, incnames[i],
+ file);
+ if (infilelist(name) == YES) {
+ break;
+ }
+ /* make sure it exists and is readable */
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - file_len, incdirs[i],
+ file);
+ if (access(compath(path), READ) == 0) {
+@@ -659,7 +657,7 @@ inviewpath(char *file)
+
+ /* compute its path from higher view path source dirs */
+ for (i = 1; i < nvpsrcdirs; ++i) {
+- sprintf(path, "%.*s/%s",
++ snprintf(path, sizeof(path), "%.*s/%s",
+ PATHLEN - 2 - file_len, srcdirs[i],
+ file);
+ if (access(compath(path), READ) == 0) {
+diff --git a/src/display.c b/src/display.c
+index 7ef03cb..dc81226 100644
+--- a/src/display.c
++++ b/src/display.c
+@@ -478,20 +478,20 @@ search(void)
+ /* see if it is empty */
+ if ((c = getc(refsfound)) == EOF) {
+ if (findresult != NULL) {
+- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s",
+ findresult, Pattern);
+ } else if (rc == NOTSYMBOL) {
+- (void) sprintf(lastmsg, "This is not a C symbol: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s",
+ Pattern);
+ } else if (rc == REGCMPERROR) {
+- (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s",
+ Pattern);
+
+ } else if (funcexist == NO) {
+- (void) sprintf(lastmsg, "Function definition does not exist: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s",
+ Pattern);
+ } else {
+- (void) sprintf(lastmsg, "Could not find the %s: %s",
++ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s",
+ fields[field].text2, Pattern);
+ }
+ return(NO);
+@@ -527,17 +527,17 @@ progress(char *what, long current, long max)
+ move(MSGLINE, 0);
+ clrtoeol();
+ addstr(what);
+- sprintf(msg, "%ld", current);
++ snprintf(msg, sizeof(msg), "%ld", current);
+ move(MSGLINE, (COLS / 2) - (strlen(msg) / 2));
+ addstr(msg);
+- sprintf(msg, "%ld", max);
++ snprintf(msg, sizeof(msg), "%ld", max);
+ move(MSGLINE, COLS - strlen(msg));
+ addstr(msg);
+ refresh();
+ }
+ else if (verbosemode == YES)
+ {
+- sprintf(msg, "> %s %ld of %ld", what, current, max);
++ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max);
+ }
+
+ start = now;
+@@ -575,7 +575,7 @@ myperror(char *text)
+ s = sys_errlist[errno];
+ }
+ #endif
+- (void) sprintf(msg, "%s: %s", text, s);
++ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s);
+ postmsg(msg);
+ }
+
+@@ -647,11 +647,7 @@ posterr(char *msg, ...)
+ (void) vfprintf(stderr, msg, ap);
+ (void) fputc('\n', stderr);
+ } else {
+-#if HAVE_VSNPRINTF
+ vsnprintf(errbuf, sizeof(errbuf), msg, ap);
+-#else
+- vsprintf(errbuf, msg, ap);
+-#endif
+ postmsg2(errbuf);
+ }
+ }
+@@ -664,11 +660,7 @@ postfatal(const char *msg, ...)
+ char errbuf[MSGLEN];
+
+ va_start(ap, msg);
+-#if HAVE_VSNPRINTF
+ vsnprintf(errbuf, sizeof(errbuf), msg, ap);
+-#else
+- vsprintf(errbuf, msg, ap);
+-#endif
+ /* restore the terminal to its original mode */
+ if (incurses == YES) {
+ exitcurses();
+diff --git a/src/edit.c b/src/edit.c
+index 5d97949..89a4296 100644
+--- a/src/edit.c
++++ b/src/edit.c
+@@ -105,9 +105,9 @@ edit(char *file, char *linenum)
+ char *s;
+
+ file = filepath(file);
+- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file);
++ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file);
+ postmsg(msg);
+- (void) sprintf(plusnum, lineflag, linenum);
++ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum);
+ /* if this is the more or page commands */
+ if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) {
+
+@@ -132,7 +132,7 @@ filepath(char *file)
+ static char path[PATHLEN + 1];
+
+ if (prependpath != NULL && *file != '/') {
+- (void) sprintf(path, "%s/%s", prependpath, file);
++ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file);
+ file = path;
+ }
+ return(file);
+diff --git a/src/exec.c b/src/exec.c
+index 7e4899d..467634e 100644
+--- a/src/exec.c
++++ b/src/exec.c
+@@ -123,7 +123,7 @@ myexecvp(char *a, char **args)
+
+ /* execute the program or shell script */
+ execvp(a, args); /* returns only on failure */
+- sprintf(msg, "\nCannot exec %s", a);
++ snprintf(msg, sizeof(msg), "\nCannot exec %s", a);
+ perror(msg); /* display the reason */
+ askforreturn(); /* wait until the user sees the message */
+ myexit(1); /* exit the child */
+diff --git a/src/find.c b/src/find.c
+index f6a6387..1d0a503 100644
+--- a/src/find.c
++++ b/src/find.c
+@@ -673,7 +673,7 @@ findinit(char *pattern)
+ /* must be an exact match */
+ /* note: regcomp doesn't recognize ^*keypad$ as a syntax error
+ unless it is given as a single arg */
+- (void) sprintf(buf, "^%s$", s);
++ (void) snprintf(buf, sizeof(buf), "^%s$", s);
+ if (regcomp (&regexp, buf, REG_EXTENDED | REG_NOSUB) != 0) {
+ return(REGCMPERROR);
+ }
+diff --git a/src/main.c b/src/main.c
+index ca90ea9..5bca752 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -359,7 +359,7 @@ cscope: TMPDIR to a valid directory\n");
+ /* create the temporary file names */
+ orig_umask = umask(S_IRWXG|S_IRWXO);
+ pid = getpid();
+- sprintf(tempdirpv, "%s/cscope.%d", tmpdir, pid);
++ snprintf(tempdirpv, sizeof(tempdirpv), "%s/cscope.%d", tmpdir, pid);
+ if(mkdir(tempdirpv,S_IRWXU)) {
+ fprintf(stderr, "\
+ cscope: Could not create private temp dir %s\n",
+@@ -368,8 +368,8 @@ cscope: Could not create private temp dir %s\n",
+ }
+ umask(orig_umask);
+
+- sprintf(temp1, "%s/cscope.1", tempdirpv);
+- sprintf(temp2, "%s/cscope.2", tempdirpv);
++ snprintf(temp1, sizeof(temp1), "%s/cscope.1", tempdirpv);
++ snprintf(temp2, sizeof(temp2), "%s/cscope.2", tempdirpv);
+
+ /* if running in the foreground */
+ if (signal(SIGINT, SIG_IGN) != SIG_IGN) {
+@@ -389,12 +389,12 @@ cscope: Could not create private temp dir %s\n",
+ * used instead of failing to open a non-existant database in
+ * the home directory
+ */
+- sprintf(path, "%s/%s", home, reffile);
++ snprintf(path, sizeof(path), "%s/%s", home, reffile);
+ if (isuptodate == NO || access(path, READ) == 0) {
+ reffile = my_strdup(path);
+- sprintf(path, "%s/%s", home, invname);
++ snprintf(path, sizeof(path), "%s/%s", home, invname);
+ invname = my_strdup(path);
+- sprintf(path, "%s/%s", home, invpost);
++ snprintf(path, sizeof(path), "%s/%s", home, invpost);
+ invpost = my_strdup(path);
+ }
+ }
+@@ -728,22 +728,12 @@ cannotopen(char *file)
+ void
+ cannotwrite(char *file)
+ {
+-#if HAVE_SNPRINTF
+ char msg[MSGLEN + 1];
+
+ snprintf(msg, sizeof(msg), "Removed file %s because write failed", file);
+-#else
+- char *msg = mymalloc(50 + strlen(file));
+-
+- sprintf(msg, "Removed file %s because write failed", file);
+-#endif
+
+ myperror(msg); /* display the reason */
+
+-#if !HAVE_SNPRINTF
+- free(msg);
+-#endif
+-
+ unlink(file);
+ myexit(1); /* calls exit(2), which closes files */
+ }
+diff --git a/src/vpaccess.c b/src/vpaccess.c
+index cb56730..a3a7ad9 100644
+--- a/src/vpaccess.c
++++ b/src/vpaccess.c
+@@ -49,7 +49,7 @@ vpaccess(char *path, mode_t amode)
+ if ((returncode = access(path, amode)) == -1 && path[0] != '/') {
+ vpinit(NULL);
+ for (i = 1; i < vpndirs; i++) {
+- (void) sprintf(buf, "%s/%s", vpdirs[i], path);
++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
+ if ((returncode = access(buf, amode)) != -1) {
+ break;
+ }
+diff --git a/src/vpfopen.c b/src/vpfopen.c
+index bffbc20..b5f592c 100644
+--- a/src/vpfopen.c
++++ b/src/vpfopen.c
+@@ -53,7 +53,7 @@ vpfopen(char *filename, char *type)
+ ) {
+ vpinit(NULL);
+ for (i = 1; i < vpndirs; i++) {
+- (void) sprintf(buf, "%s/%s", vpdirs[i], filename);
++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename);
+ if ((returncode = myfopen(buf, type)) != NULL) {
+ break;
+ }
+diff --git a/src/vpopen.c b/src/vpopen.c
+index 777f168..de7cc53 100644
+--- a/src/vpopen.c
++++ b/src/vpopen.c
+@@ -52,7 +52,7 @@ vpopen(char *path, int oflag)
+ oflag == OPENFLAG_READ) {
+ vpinit(NULL);
+ for (i = 1; i < vpndirs; i++) {
+- (void) sprintf(buf, "%s/%s", vpdirs[i], path);
++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path);
+ if ((returncode = myopen(buf, oflag, 0666)) != -1) {
+ break;
+ }