From 29dd244ddd53b8acf4a2b9abe3fd62bf44575bbd Mon Sep 17 00:00:00 2001 From: Tobias Klauser Date: Sat, 23 May 2009 16:00:01 +0200 Subject: Security fix for cscope 15.6-2 in etch (CVE 2009-0148) --- config.guess | 107 +++++++--- config.sub | 116 ++++++++--- debian/changelog | 7 + debian/patches/00list | 1 + debian/patches/04-cve-2009-0148.dpatch | 344 +++++++++++++++++++++++++++++++++ 5 files changed, 529 insertions(+), 46 deletions(-) create mode 100755 debian/patches/04-cve-2009-0148.dpatch diff --git a/config.guess b/config.guess index 396482d..da83314 100755 --- a/config.guess +++ b/config.guess @@ -1,10 +1,10 @@ #! /bin/sh # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2006-07-02' +timestamp='2009-04-27' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -56,8 +56,8 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -161,6 +161,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched @@ -323,14 +324,30 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in case `/usr/bin/uname -p` in sparc) echo sparc-icl-nx7; exit ;; esac ;; + s390x:SunOS:*:*) + echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; - i86pc:SunOS:5.*:*) - echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval $set_cc_for_build + SUN_ARCH="i386" + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH="x86_64" + fi + fi + echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize @@ -531,7 +548,7 @@ EOF echo rs6000-ibm-aix3.2 fi exit ;; - *:AIX:*:[45]) + *:AIX:*:[456]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then IBM_ARCH=rs6000 @@ -780,7 +797,7 @@ EOF i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin exit ;; - i*:MINGW*:*) + *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; i*:windows32*:*) @@ -790,12 +807,18 @@ EOF i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 exit ;; - x86:Interix*:[3456]*) - echo i586-pc-interix${UNAME_RELEASE} - exit ;; - EM64T:Interix*:[3456]*) - echo x86_64-unknown-interix${UNAME_RELEASE} - exit ;; + *:Interix*:[3456]*) + case ${UNAME_MACHINE} in + x86) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T | authenticamd | genuineintel) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; + IA64) + echo ia64-unknown-interix${UNAME_RELEASE} + exit ;; + esac ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks exit ;; @@ -829,7 +852,14 @@ EOF echo ${UNAME_MACHINE}-pc-minix exit ;; arm*:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-gnu + eval $set_cc_for_build + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo ${UNAME_MACHINE}-unknown-linux-gnu + else + echo ${UNAME_MACHINE}-unknown-linux-gnueabi + fi exit ;; avr32*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu @@ -921,6 +951,9 @@ EOF if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-gnu + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -950,6 +983,9 @@ EOF x86_64:Linux:*:*) echo x86_64-unknown-linux-gnu exit ;; + xtensa*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -968,9 +1004,6 @@ EOF a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" exit ;; - coff-i386) - echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. @@ -1085,8 +1118,11 @@ EOF pc:*:*:*) # Left here for compatibility: # uname -m prints for DJGPP always 'pc', but it prints nothing about - # the processor, so we play safe by assuming i386. - echo i386-pc-msdosdjgpp + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configury will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp exit ;; Intel:Mach:3*:*) echo i386-pc-mach3 @@ -1124,6 +1160,16 @@ EOF 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} exit ;; @@ -1199,6 +1245,9 @@ EOF BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} exit ;; @@ -1208,6 +1257,15 @@ EOF SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux${UNAME_RELEASE} + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux${UNAME_RELEASE} + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux${UNAME_RELEASE} + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} exit ;; @@ -1298,6 +1356,9 @@ EOF i*86:rdos:*:*) echo ${UNAME_MACHINE}-pc-rdos exit ;; + i*86:AROS:*:*) + echo ${UNAME_MACHINE}-pc-aros + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1458,9 +1519,9 @@ This script, last modified $timestamp, has failed to recognize the operating system you are using. It is advised that you download the most up to date version of the config scripts from - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD and - http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub + http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD If the version you run ($0) is already up to date, please send the following data and any information you think might be diff --git a/config.sub b/config.sub index fab0aa3..a39437d 100755 --- a/config.sub +++ b/config.sub @@ -1,10 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, -# Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008 +# Free Software Foundation, Inc. -timestamp='2006-09-20' +timestamp='2009-04-17' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -72,8 +72,8 @@ Report bugs and patches to ." version="\ GNU config.sub ($timestamp) -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 -Free Software Foundation, Inc. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, +2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -122,6 +122,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` case $maybe_os in nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \ uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \ + kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` @@ -245,17 +246,20 @@ case $basic_machine in | bfin \ | c4x | clipper \ | d10v | d30v | dlx | dsp16xx \ - | fr30 | frv \ + | fido | fr30 | frv \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ - | maxq | mb | microblaze | mcore \ + | maxq | mb | microblaze | mcore | mep | metag \ | mips | mipsbe | mipseb | mipsel | mipsle \ | mips16 \ | mips64 | mips64el \ - | mips64vr | mips64vrel \ + | mips64octeon | mips64octeonel \ | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ | mips64vr4100 | mips64vr4100el \ | mips64vr4300 | mips64vr4300el \ | mips64vr5000 | mips64vr5000el \ @@ -268,6 +272,7 @@ case $basic_machine in | mipsisa64sr71k | mipsisa64sr71kel \ | mipstx39 | mipstx39el \ | mn10200 | mn10300 \ + | moxie \ | mt \ | msp430 \ | nios | nios2 \ @@ -277,7 +282,7 @@ case $basic_machine in | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ | pyramid \ | score \ - | sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -286,7 +291,7 @@ case $basic_machine in | v850 | v850e \ | we32k \ | x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \ - | z8k) + | z8k | z80) basic_machine=$basic_machine-unknown ;; m6811 | m68hc11 | m6812 | m68hc12) @@ -324,19 +329,22 @@ case $basic_machine in | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ | elxsi-* \ - | f30[01]-* | f700-* | fr30-* | frv-* | fx80-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | lm32-* \ | m32c-* | m32r-* | m32rle-* \ | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ - | m88110-* | m88k-* | maxq-* | mcore-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ | mips16-* \ | mips64-* | mips64el-* \ - | mips64vr-* | mips64vrel-* \ + | mips64octeon-* | mips64octeonel-* \ | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ | mips64vr4100-* | mips64vr4100el-* \ | mips64vr4300-* | mips64vr4300el-* \ | mips64vr5000-* | mips64vr5000el-* \ @@ -358,20 +366,24 @@ case $basic_machine in | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ | pyramid-* \ | romp-* | rs6000-* \ - | sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \ | tahoe-* | thumb-* \ - | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \ | tron-* \ | v850-* | v850e-* | vax-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \ - | xstormy16-* | xtensa-* \ + | xstormy16-* | xtensa*-* \ | ymp-* \ - | z8k-*) + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown ;; # Recognize the various machine names and aliases which stand # for a CPU type and a company and sometimes even an OS. @@ -435,6 +447,10 @@ case $basic_machine in basic_machine=m68k-apollo os=-bsd ;; + aros) + basic_machine=i386-pc + os=-aros + ;; aux) basic_machine=m68k-apple os=-aux @@ -443,10 +459,22 @@ case $basic_machine in basic_machine=ns32k-sequent os=-dynix ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; c90) basic_machine=c90-cray os=-unicos ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; convex-c1) basic_machine=c1-convex os=-bsd @@ -475,8 +503,8 @@ case $basic_machine in basic_machine=craynv-cray os=-unicosmp ;; - cr16c) - basic_machine=cr16c-unknown + cr16) + basic_machine=cr16-unknown os=-elf ;; crds | unos) @@ -514,6 +542,10 @@ case $basic_machine in basic_machine=m88k-motorola os=-sysv3 ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; djgpp) basic_machine=i586-pc os=-msdosdjgpp @@ -668,6 +700,14 @@ case $basic_machine in basic_machine=m68k-isi os=-sysv ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; m88k-omron*) basic_machine=m88k-omron ;; @@ -683,6 +723,10 @@ case $basic_machine in basic_machine=i386-pc os=-mingw32 ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; miniframe) basic_machine=m68000-convergent ;; @@ -809,6 +853,14 @@ case $basic_machine in basic_machine=i860-intel os=-osf ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'` + os=-linux + ;; pbd) basic_machine=sparc-tti ;; @@ -925,6 +977,9 @@ case $basic_machine in basic_machine=sh-hitachi os=-hms ;; + sh5el) + basic_machine=sh5le-unknown + ;; sh64) basic_machine=sh64-unknown ;; @@ -1014,6 +1069,10 @@ case $basic_machine in basic_machine=tic6x-unknown os=-coff ;; + tile*) + basic_machine=tile-unknown + os=-linux-gnu + ;; tx39) basic_machine=mipstx39-unknown ;; @@ -1089,6 +1148,10 @@ case $basic_machine in basic_machine=z8k-unknown os=-sim ;; + z80-*-coff) + basic_machine=z80-unknown + os=-sim + ;; none) basic_machine=none-none os=-none @@ -1127,7 +1190,7 @@ case $basic_machine in we32k) basic_machine=we32k-att ;; - sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele) + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) basic_machine=sh-unknown ;; sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v) @@ -1199,8 +1262,9 @@ case $os in -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -kopensolaris* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* \ + | -aos* | -aros* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1209,7 +1273,7 @@ case $os in | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ - | -chorusos* | -chorusrdb* \ + | -chorusos* | -chorusrdb* | -cegcc* \ | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \ | -uxpv* | -beos* | -mpeix* | -udk* \ @@ -1219,7 +1283,7 @@ case $os in | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1349,6 +1413,9 @@ case $os in -zvmoe) os=-zvmoe ;; + -dicos*) + os=-dicos + ;; -none) ;; *) @@ -1414,6 +1481,9 @@ case $basic_machine in m68*-cisco) os=-aout ;; + mep-*) + os=-elf + ;; mips*-cisco) os=-elf ;; diff --git a/debian/changelog b/debian/changelog index db2961e..7ca8819 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +cscope (15.6-2+etch1) oldstable-security; urgency=high + + * Security update to fix multiple buffer overflows (CVE-2009-0148). Patch by + Moritz Muehlenhoff and Matthew Murphy. + + -- Tobias Klauser Sat, 23 May 2009 15:54:31 +0200 + cscope (15.6-2) unstable; urgency=low * Fix crash on resize when used inside vim. Patch taken from upstream BTS diff --git a/debian/patches/00list b/debian/patches/00list index 759b17a..0eaa22f 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -1 +1,2 @@ 01-fix-resize-crash-inside-vim +04-cve-2009-0148 diff --git a/debian/patches/04-cve-2009-0148.dpatch b/debian/patches/04-cve-2009-0148.dpatch new file mode 100755 index 0000000..8f2125e --- /dev/null +++ b/debian/patches/04-cve-2009-0148.dpatch @@ -0,0 +1,344 @@ +#!/bin/sh /usr/share/dpatch/dpatch-run +## 04-cve-2009-0148.dpatch +## +## DP: Fix for CVE-2009-0148 by Moritz Muehlenhoff and Matthew Murphy +## DP: Closes: 528510 + +diff --git a/src/build.c b/src/build.c +index ada2ea1..717d618 100644 +--- a/src/build.c ++++ b/src/build.c +@@ -223,7 +223,7 @@ build(void) + if (strcmp(currentdir, home) == 0) { + strcpy(newdir, "$HOME"); + } else if (strncmp(currentdir, home, strlen(home)) == 0) { +- sprintf(newdir, "$HOME%s", currentdir + strlen(home)); ++ snprintf(newdir, sizeof(newdir), "$HOME%s", currentdir + strlen(home)); + } + /* sort the source file names (needed for rebuilding) */ + qsort(srcfiles, nsrcfiles, sizeof(char *), compare); +@@ -454,7 +454,7 @@ cscope: converting to new symbol database file format\n"); + } + fstat(fileno(postings), &statstruct); + fclose(postings); +- sprintf(sortcommand, "env LC_ALL=C sort -T %s %s", tmpdir, temp1); ++ snprintf(sortcommand, sizeof(sortcommand), "env LC_ALL=C sort -T %s %s", tmpdir, temp1); + if ((postings = mypopen(sortcommand, "r")) == NULL) { + fprintf(stderr, "cscope: cannot open pipe to sort command\n"); + cannotindex(); +diff --git a/src/command.c b/src/command.c +index 0974352..8c9f277 100644 +--- a/src/command.c ++++ b/src/command.c +@@ -739,7 +739,7 @@ changestring(void) + + /* make sure it can be changed */ + if (access(newfile, WRITE) != 0) { +- sprintf(msg, "Cannot write to file %s", newfile); ++ snprintf(msg, sizeof(msg), "Cannot write to file %s", newfile); + postmsg(msg); + anymarked = NO; + break; +diff --git a/src/dir.c b/src/dir.c +index 5773231..33fd7d1 100644 +--- a/src/dir.c ++++ b/src/dir.c +@@ -139,7 +139,7 @@ sourcedir(char *dirlist) + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addsrcdir(path); +@@ -207,7 +207,7 @@ includedir(char *dirlist) + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - dir_len, + srcdirs[i], dir); + addincdir(dir, path); +@@ -482,8 +482,6 @@ scan_dir(const char *adir, BOOL recurse_dir) + DIR *dirfile; + int adir_len = strlen(adir); + +- /* FIXME: no guards against adir_len > PATHLEN, yet */ +- + if ((dirfile = opendir(adir)) != NULL) { + struct dirent *entry; + char path[PATHLEN + 1]; +@@ -494,7 +492,7 @@ scan_dir(const char *adir, BOOL recurse_dir) + && (strcmp("..",entry->d_name) != 0)) { + struct stat buf; + +- sprintf(path,"%s/%.*s", adir, ++ snprintf(path, sizeof(path), "%s/%.*s", adir, + PATHLEN - 2 - adir_len, + entry->d_name); + +@@ -604,14 +602,14 @@ incfile(char *file, char *type) + /* search for the file in the #include directory list */ + for (i = 0; i < nincdirs; ++i) { + /* don't include the file from two directories */ +- sprintf(name, "%.*s/%s", ++ snprintf(name, sizeof(name), "%.*s/%s", + PATHLEN - 2 - file_len, incnames[i], + file); + if (infilelist(name) == YES) { + break; + } + /* make sure it exists and is readable */ +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, incdirs[i], + file); + if (access(compath(path), READ) == 0) { +@@ -659,7 +657,7 @@ inviewpath(char *file) + + /* compute its path from higher view path source dirs */ + for (i = 1; i < nvpsrcdirs; ++i) { +- sprintf(path, "%.*s/%s", ++ snprintf(path, sizeof(path), "%.*s/%s", + PATHLEN - 2 - file_len, srcdirs[i], + file); + if (access(compath(path), READ) == 0) { +diff --git a/src/display.c b/src/display.c +index 7ef03cb..dc81226 100644 +--- a/src/display.c ++++ b/src/display.c +@@ -478,20 +478,20 @@ search(void) + /* see if it is empty */ + if ((c = getc(refsfound)) == EOF) { + if (findresult != NULL) { +- (void) sprintf(lastmsg, "Egrep %s in this pattern: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Egrep %s in this pattern: %s", + findresult, Pattern); + } else if (rc == NOTSYMBOL) { +- (void) sprintf(lastmsg, "This is not a C symbol: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "This is not a C symbol: %s", + Pattern); + } else if (rc == REGCMPERROR) { +- (void) sprintf(lastmsg, "Error in this regcomp(3) regular expression: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Error in this regcomp(3) regular expression: %s", + Pattern); + + } else if (funcexist == NO) { +- (void) sprintf(lastmsg, "Function definition does not exist: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Function definition does not exist: %s", + Pattern); + } else { +- (void) sprintf(lastmsg, "Could not find the %s: %s", ++ (void) snprintf(lastmsg, sizeof(lastmsg), "Could not find the %s: %s", + fields[field].text2, Pattern); + } + return(NO); +@@ -527,17 +527,17 @@ progress(char *what, long current, long max) + move(MSGLINE, 0); + clrtoeol(); + addstr(what); +- sprintf(msg, "%ld", current); ++ snprintf(msg, sizeof(msg), "%ld", current); + move(MSGLINE, (COLS / 2) - (strlen(msg) / 2)); + addstr(msg); +- sprintf(msg, "%ld", max); ++ snprintf(msg, sizeof(msg), "%ld", max); + move(MSGLINE, COLS - strlen(msg)); + addstr(msg); + refresh(); + } + else if (verbosemode == YES) + { +- sprintf(msg, "> %s %ld of %ld", what, current, max); ++ snprintf(msg, sizeof(msg), "> %s %ld of %ld", what, current, max); + } + + start = now; +@@ -575,7 +575,7 @@ myperror(char *text) + s = sys_errlist[errno]; + } + #endif +- (void) sprintf(msg, "%s: %s", text, s); ++ (void) snprintf(msg, sizeof(msg), "%s: %s", text, s); + postmsg(msg); + } + +@@ -647,11 +647,7 @@ posterr(char *msg, ...) + (void) vfprintf(stderr, msg, ap); + (void) fputc('\n', stderr); + } else { +-#if HAVE_VSNPRINTF + vsnprintf(errbuf, sizeof(errbuf), msg, ap); +-#else +- vsprintf(errbuf, msg, ap); +-#endif + postmsg2(errbuf); + } + } +@@ -664,11 +660,7 @@ postfatal(const char *msg, ...) + char errbuf[MSGLEN]; + + va_start(ap, msg); +-#if HAVE_VSNPRINTF + vsnprintf(errbuf, sizeof(errbuf), msg, ap); +-#else +- vsprintf(errbuf, msg, ap); +-#endif + /* restore the terminal to its original mode */ + if (incurses == YES) { + exitcurses(); +diff --git a/src/edit.c b/src/edit.c +index 5d97949..89a4296 100644 +--- a/src/edit.c ++++ b/src/edit.c +@@ -105,9 +105,9 @@ edit(char *file, char *linenum) + char *s; + + file = filepath(file); +- (void) sprintf(msg, "%s +%s %s", mybasename(editor), linenum, file); ++ (void) snprintf(msg, sizeof(msg), "%s +%s %s", mybasename(editor), linenum, file); + postmsg(msg); +- (void) sprintf(plusnum, lineflag, linenum); ++ (void) snprintf(plusnum, sizeof(plusnum), lineflag, linenum); + /* if this is the more or page commands */ + if (strcmp(s = mybasename(editor), "more") == 0 || strcmp(s, "page") == 0) { + +@@ -132,7 +132,7 @@ filepath(char *file) + static char path[PATHLEN + 1]; + + if (prependpath != NULL && *file != '/') { +- (void) sprintf(path, "%s/%s", prependpath, file); ++ (void) snprintf(path, sizeof(path), "%s/%s", prependpath, file); + file = path; + } + return(file); +diff --git a/src/exec.c b/src/exec.c +index 7e4899d..467634e 100644 +--- a/src/exec.c ++++ b/src/exec.c +@@ -123,7 +123,7 @@ myexecvp(char *a, char **args) + + /* execute the program or shell script */ + execvp(a, args); /* returns only on failure */ +- sprintf(msg, "\nCannot exec %s", a); ++ snprintf(msg, sizeof(msg), "\nCannot exec %s", a); + perror(msg); /* display the reason */ + askforreturn(); /* wait until the user sees the message */ + myexit(1); /* exit the child */ +diff --git a/src/find.c b/src/find.c +index f6a6387..1d0a503 100644 +--- a/src/find.c ++++ b/src/find.c +@@ -673,7 +673,7 @@ findinit(char *pattern) + /* must be an exact match */ + /* note: regcomp doesn't recognize ^*keypad$ as a syntax error + unless it is given as a single arg */ +- (void) sprintf(buf, "^%s$", s); ++ (void) snprintf(buf, sizeof(buf), "^%s$", s); + if (regcomp (®exp, buf, REG_EXTENDED | REG_NOSUB) != 0) { + return(REGCMPERROR); + } +diff --git a/src/main.c b/src/main.c +index ca90ea9..5bca752 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -359,7 +359,7 @@ cscope: TMPDIR to a valid directory\n"); + /* create the temporary file names */ + orig_umask = umask(S_IRWXG|S_IRWXO); + pid = getpid(); +- sprintf(tempdirpv, "%s/cscope.%d", tmpdir, pid); ++ snprintf(tempdirpv, sizeof(tempdirpv), "%s/cscope.%d", tmpdir, pid); + if(mkdir(tempdirpv,S_IRWXU)) { + fprintf(stderr, "\ + cscope: Could not create private temp dir %s\n", +@@ -368,8 +368,8 @@ cscope: Could not create private temp dir %s\n", + } + umask(orig_umask); + +- sprintf(temp1, "%s/cscope.1", tempdirpv); +- sprintf(temp2, "%s/cscope.2", tempdirpv); ++ snprintf(temp1, sizeof(temp1), "%s/cscope.1", tempdirpv); ++ snprintf(temp2, sizeof(temp2), "%s/cscope.2", tempdirpv); + + /* if running in the foreground */ + if (signal(SIGINT, SIG_IGN) != SIG_IGN) { +@@ -389,12 +389,12 @@ cscope: Could not create private temp dir %s\n", + * used instead of failing to open a non-existant database in + * the home directory + */ +- sprintf(path, "%s/%s", home, reffile); ++ snprintf(path, sizeof(path), "%s/%s", home, reffile); + if (isuptodate == NO || access(path, READ) == 0) { + reffile = my_strdup(path); +- sprintf(path, "%s/%s", home, invname); ++ snprintf(path, sizeof(path), "%s/%s", home, invname); + invname = my_strdup(path); +- sprintf(path, "%s/%s", home, invpost); ++ snprintf(path, sizeof(path), "%s/%s", home, invpost); + invpost = my_strdup(path); + } + } +@@ -728,22 +728,12 @@ cannotopen(char *file) + void + cannotwrite(char *file) + { +-#if HAVE_SNPRINTF + char msg[MSGLEN + 1]; + + snprintf(msg, sizeof(msg), "Removed file %s because write failed", file); +-#else +- char *msg = mymalloc(50 + strlen(file)); +- +- sprintf(msg, "Removed file %s because write failed", file); +-#endif + + myperror(msg); /* display the reason */ + +-#if !HAVE_SNPRINTF +- free(msg); +-#endif +- + unlink(file); + myexit(1); /* calls exit(2), which closes files */ + } +diff --git a/src/vpaccess.c b/src/vpaccess.c +index cb56730..a3a7ad9 100644 +--- a/src/vpaccess.c ++++ b/src/vpaccess.c +@@ -49,7 +49,7 @@ vpaccess(char *path, mode_t amode) + if ((returncode = access(path, amode)) == -1 && path[0] != '/') { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], path); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); + if ((returncode = access(buf, amode)) != -1) { + break; + } +diff --git a/src/vpfopen.c b/src/vpfopen.c +index bffbc20..b5f592c 100644 +--- a/src/vpfopen.c ++++ b/src/vpfopen.c +@@ -53,7 +53,7 @@ vpfopen(char *filename, char *type) + ) { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], filename); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], filename); + if ((returncode = myfopen(buf, type)) != NULL) { + break; + } +diff --git a/src/vpopen.c b/src/vpopen.c +index 777f168..de7cc53 100644 +--- a/src/vpopen.c ++++ b/src/vpopen.c +@@ -52,7 +52,7 @@ vpopen(char *path, int oflag) + oflag == OPENFLAG_READ) { + vpinit(NULL); + for (i = 1; i < vpndirs; i++) { +- (void) sprintf(buf, "%s/%s", vpdirs[i], path); ++ (void) snprintf(buf, sizeof(buf), "%s/%s", vpdirs[i], path); + if ((returncode = myopen(buf, oflag, 0666)) != -1) { + break; + } -- cgit v1.2.3-54-g00ecf