Hi ports@,
Here is a diff to update dpic to 2019.08.30. This fixes CVE-2019-13989.
The codebase is now fully in C, here is the relevant entry from CHANGES:
2019 06 20 This is a major clone of the previous distribution, which
contained compilable C code together with the original pascal
source. The pascal was translated to C code using p2c,
which was included, and parsing was automated by a custom
compiler-compiler which was also provided. The current
package includes C source only with parsing automated using
GNU bison. The original lexical analyser has been kept. To
avoid introducing bugs, the C code has been changed only to
accommodate bison; some p2c idiosyncrasies remain. The result
is functionally identical to the previous version for correct
input.
We can remove previous patches, they are not needed anymore as p2c is
gone, and upstream now has the sprintf -> snprintf changes in wfloat.
The remaining sprintf -> snprintf changes have been moved to a new patch,
as those functions are now in their own file (pdf.c).
Comments? OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/graphics/dpic/Makefile,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile
--- Makefile 12 Jul 2019 20:46:57 -0000 1.7
+++ Makefile 4 Oct 2019 10:08:33 -0000
@@ -2,7 +2,7 @@
COMMENT = pic-like interpreter for producing line graphics
-DISTNAME = dpic-2017.08.01
+DISTNAME = dpic-2019.08.30
CATEGORIES = graphics
Index: distinfo
===================================================================
RCS file: /cvs/ports/graphics/dpic/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- distinfo 9 Sep 2017 22:56:49 -0000 1.5
+++ distinfo 4 Oct 2019 10:08:33 -0000
@@ -1,2 +1,2 @@
-SHA256 (dpic-2017.08.01.tar.gz) = 0GbWBx4BNqqJpYiiWAuMcFdKg29a7PbOFfRBbV923j0=
-SIZE (dpic-2017.08.01.tar.gz) = 1246842
+SHA256 (dpic-2019.08.30.tar.gz) = gkf0eZyjr79Dhw2vYXqjyq6uIhuAnvo8h8fwe9koNRU=
+SIZE (dpic-2019.08.30.tar.gz) = 877767
Index: patches/patch-Makefile_in
===================================================================
RCS file: patches/patch-Makefile_in
diff -N patches/patch-Makefile_in
--- patches/patch-Makefile_in 9 Sep 2017 22:56:49 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,27 +0,0 @@
-$OpenBSD: patch-Makefile_in,v 1.1 2017/09/09 22:56:49 nigel Exp $
-Index: Makefile.in
---- Makefile.in.orig
-+++ Makefile.in
-@@ -1,10 +1,9 @@
- # For Linux (expects "make DESTDIR=xxx PREFIX=yyy install"):
- DESTDIR = /usr
--PREFIX = .
--DEST = ${DESTDIR}/${PREFIX}/bin
-+DEST = ${PREFIX}/bin
-
--MANDIR = $(DESTDIR)/$(PREFIX)/share/man/man1
--DOCDIR = $(DESTDIR)/$(PREFIX)/share/doc/dpic
-+MANDIR = $(PREFIX)/share/man/man1
-+DOCDIR = $(PREFIX)/share/doc/dpic
-
- #-----------------------------------------------------------------------
-
-@@ -47,7 +46,7 @@ installdocs: doc/dpicdoc.pdf
- install -m 644 doc/dpicdoc.pdf $(DOCDIR)
- install -m 644 doc/dpictools.pic $(DOCDIR)
- # install -m 644 doc/dpic.1 $(SPECMANDIR)
-- cat doc/dpic.1 | gzip > $(MANDIR)/dpic.1.gz
-+ install -m 644 doc/dpic.1 $(MANDIR)
- #Ubuntu files:
- #/usr/bin/dpic
- #/usr/share/doc/dpic/CHANGES.gz
Index: patches/patch-dpic_c
===================================================================
RCS file: patches/patch-dpic_c
diff -N patches/patch-dpic_c
--- patches/patch-dpic_c 9 Sep 2017 22:56:49 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,244 +0,0 @@
-$OpenBSD: patch-dpic_c,v 1.1 2017/09/09 22:56:49 nigel Exp $
-Index: dpic.c
---- dpic.c.orig
-+++ dpic.c
-@@ -1241,11 +1241,11 @@ void wfloat(FILE **iou, double y)
- { char buf[25];
- int i;
- if (fabs(y)==distmax)
-- sprintf(buf,"%24.6e", y);
-+ snprintf(buf,sizeof(buf), "%24.6e", y);
- else if (y >= 0.0)
-- sprintf(buf,"%24.6f", floor( 1000000*y+0.5)/1000000.0 );
-+ snprintf(buf,sizeof(buf), "%24.6f", floor( 1000000*y+0.5)/1000000.0 );
- else
-- sprintf(buf,"%24.6f",-floor(-1000000*y+0.5)/1000000.0 );
-+ snprintf(buf,sizeof(buf), "%24.6f",-floor(-1000000*y+0.5)/1000000.0 );
- for (i=23; buf[i]=='0'; ) i-- ;
- if (buf[i]=='.') buf[i] = (char)0;
- else buf[i+1] = (char)0;
-@@ -1897,7 +1897,7 @@ boolean drawn(primitive *node, int linesp, double fill
- return true;
- }
- else if (linesp == XLdotted || linesp == XLdashed || linesp == XLsolid ||
-- fill >= 0.0 && fill <= 1.0) {
-+ (fill >= 0.0 && fill <= 1.0)) {
- return true;
- }
- else {
-@@ -4793,7 +4793,7 @@ void mfpdraw(primitive *node)
- initnesw();
- nesw(node);
- if (node->ptype == XLbox) {
-- if (node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0 ||
-+ if ((node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0) ||
- node->shadedp != NULL) {
- mfpsetshade(node->Upr.Ubox.boxfill, node->shadedp);
- mfpbox(node->aat.xpos, node->aat.ypos, north, south, east, west,
-@@ -4812,7 +4812,7 @@ void mfpdraw(primitive *node)
- break;
-
- case XLellipse:
-- if (node->Upr.Uellipse.efill >= 0.0 && node->Upr.Uellipse.efill <= 1.0 ||
-+ if ((node->Upr.Uellipse.efill >= 0.0 && node->Upr.Uellipse.efill <= 1.0) ||
- node->shadedp != NULL) {
- mfpsetshade(node->Upr.Uellipse.efill, node->shadedp);
- mfpellipse(node->aat, node->Upr.Uellipse.elwidth, node->Upr.Uellipse.elheight);
-@@ -4828,7 +4828,7 @@ void mfpdraw(primitive *node)
- break;
-
- case XLcircle:
-- if (node->Upr.Ucircle.cfill >= 0.0 && node->Upr.Ucircle.cfill <= 1.0 ||
-+ if ((node->Upr.Ucircle.cfill >= 0.0 && node->Upr.Ucircle.cfill <= 1.0) ||
- node->shadedp != NULL) {
- mfpsetshade(node->Upr.Ucircle.cfill, node->shadedp);
- mfpcircle(node->aat, node->Upr.Ucircle.radius);
-@@ -5423,7 +5423,7 @@ void mpodraw(primitive *node)
- case XBLOCK:
- if (node->ptype == XLbox) {
- if (node->shadedp != NULL ||
-- node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0) {
-+ (node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0)) {
- mpobox("fill ", node->aat, node->Upr.Ubox.boxwidth / 2,
- node->Upr.Ubox.boxheight / 2, node->Upr.Ubox.boxradius);
- addcolor(node->shadedp, node->Upr.Ubox.boxfill);
-@@ -5442,7 +5442,7 @@ void mpodraw(primitive *node)
-
- case XLellipse:
- if (node->shadedp != NULL ||
-- node->Upr.Uellipse.efill >= 0.0 && node->Upr.Uellipse.efill <= 1.0) {
-+ (node->Upr.Uellipse.efill >= 0.0 && node->Upr.Uellipse.efill <= 1.0)) {
- mpoellipse("fill ", node->aat, node->Upr.Uellipse.elwidth / 2,
- node->Upr.Uellipse.elheight / 2);
- addcolor(node->shadedp, node->Upr.Uellipse.efill);
-@@ -5460,7 +5460,7 @@ void mpodraw(primitive *node)
-
- case XLcircle:
- if (node->shadedp != NULL ||
-- node->Upr.Ucircle.cfill >= 0.0 && node->Upr.Ucircle.cfill <= 1.0) {
-+ (node->Upr.Ucircle.cfill >= 0.0 && node->Upr.Ucircle.cfill <= 1.0)) {
- printf("fill fullcircle scaled ");
- wfloat(&output, node->Upr.Ucircle.radius * 2 / fsc);
- printf(" shifted ");
-@@ -6974,7 +6974,7 @@ void psdraw(primitive *node)
- switch (node->ptype) {
-
- case XLbox:
-- if (node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0 ||
-+ if ((node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0) ||
- node->shadedp != NULL) {
- psbox(node->aat, node->Upr.Ubox.boxwidth / 2,
- node->Upr.Ubox.boxheight / 2, node->Upr.Ubox.boxradius);
-@@ -7027,7 +7027,7 @@ void psdraw(primitive *node)
- else {
- fill = node->Upr.Ucircle.cfill;
- }
-- if (fill >= 0.0 && fill <= 1.0 || node->shadedp != NULL) {
-+ if ((fill >= 0.0 && fill <= 1.0) || node->shadedp != NULL) {
- pssetthick(lth);
- printf(" gsave ");
- pswpos(node->aat);
-@@ -7416,7 +7416,7 @@ void pdfwfloat(double y)
- ix = ixd;
- } while (ix != 0 || j <= 6);
- for (j = 1; j <= ln; j++) {
-- sprintf(STR1, "%c", ts[ln - j]);
-+ snprintf(STR1, sizeof(STR1), "%c", ts[ln - j]);
- pdfstream(STR1, 1, &cx);
- }
- }
-@@ -7580,10 +7580,10 @@ void pdfwstring(nametype *p)
- iswhite = (c == etxch || c == nlch || c == tabch || c == ' ');
- if (!iswhite || !waswhite) {
- if (c == bslch || c == ')' || c == '(') {
-- sprintf(STR1, "%c", bslch);
-+ snprintf(STR1, sizeof(STR1), "%c", bslch);
- pdfstream(STR1, 1, &cx);
- }
-- sprintf(STR1, "%c", c);
-+ snprintf(STR1, sizeof(STR1), "%c", c);
- pdfstream(STR1, 1, &cx);
- }
- waswhite = iswhite;
-@@ -8020,7 +8020,7 @@ void pdfdraw(primitive *node)
-
- case XLbox:
- if (drawn(node, lsp, node->Upr.Ubox.boxfill)) {
-- fll = (node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0 ||
-+ fll = ((node->Upr.Ubox.boxfill >= 0.0 && node->Upr.Ubox.boxfill <= 1.0) ||
- node->shadedp != NULL);
- pdflinearfill(node->Upr.Ubox.boxfill, node->shadedp);
- pdflineopts(lsp, node->lparam, lth, node->outlinep);
-@@ -8052,7 +8052,7 @@ void pdfdraw(primitive *node)
- fill = node->Upr.Ucircle.cfill;
- }
- if (drawn(node, lsp, fill)) {
-- fll = (fill >= 0.0 && fill <= 1.0 || node->shadedp != NULL);
-+ fll = ((fill >= 0.0 && fill <= 1.0) || node->shadedp != NULL);
- pdflinearfill(fill, node->shadedp);
- pdflineopts(lsp, node->lparam, lth, node->outlinep);
- pdfellipse(node->aat, x, y);
-@@ -8160,7 +8160,7 @@ void pdfdraw(primitive *node)
- pdfwpos(node->Upr.Uline.endpos);
- pdfstream(" l", 2, &cx);
- if (node->son != NULL) {
-- sprintf(STR1, "%c", nlch);
-+ snprintf(STR1, sizeof(STR1), "%c", nlch);
- pdfstream(STR1, 1, &cx);
- }
- else {
-@@ -8241,7 +8241,7 @@ void pdfdraw(primitive *node)
- case XLaTeX:
- if (node->textp != NULL) {
- pdfwstring(node->textp);
-- sprintf(STR1, "%c", nlch);
-+ snprintf(STR1, sizeof(STR1), "%c", nlch);
- pdfstream(STR1, 1, &cx);
- }
- break;
-@@ -8448,7 +8448,7 @@ void texdraw(primitive *node)
- lgth = linlen(node->Upr.Uline.endpos.xpos - node->aat.xpos,
- node->Upr.Uline.endpos.ypos - node->aat.ypos);
- if (drawmode == Pict2e ||
-- lsp == XLsolid && (lgth > 0.18 || drawmode == tTeX)) {
-+ (lsp == XLsolid && (lgth > 0.18 || drawmode == tTeX))) {
- if (lgth > 0) {
- printf("\\put");
- wpos(node->aat);
-@@ -8759,16 +8759,16 @@ void texdraw(primitive *node)
- node->direction = p->direction;
- }
- }
-- if (node->direction == XLleft && node->Upr.Uline.endpos.ypos < 0.0 ||
-- node->direction == XLdown && node->Upr.Uline.endpos.ypos > 0.0) {
-+ if ((node->direction == XLleft && node->Upr.Uline.endpos.ypos < 0.0) ||
-+ (node->direction == XLdown && node->Upr.Uline.endpos.ypos > 0.0)) {
- printf("[bl]}\n");
- }
-- else if (node->direction == XLleft && node->Upr.Uline.endpos.ypos > 0.0 ||
-- node->direction == XLup && node->Upr.Uline.endpos.ypos < 0.0) {
-+ else if ((node->direction == XLleft && node->Upr.Uline.endpos.ypos > 0.0) ||
-+ (node->direction == XLup && node->Upr.Uline.endpos.ypos < 0.0)) {
- printf("[tl]}\n");
- }
-- else if (node->direction == XLright && node->Upr.Uline.endpos.ypos < 0.0 ||
-- node->direction == XLup && node->Upr.Uline.endpos.ypos > 0.0) {
-+ else if ((node->direction == XLright && node->Upr.Uline.endpos.ypos < 0.0) ||
-+ (node->direction == XLup && node->Upr.Uline.endpos.ypos > 0.0)) {
- printf("[tr]}\n");
- }
- else {
-@@ -12552,8 +12552,8 @@ void produce(stackinx newp, int p)
- }
- else {
- With1->xval += With1->yval;
-- if (With1->yval > 0 && With1->xval > With1->endchop ||
-- With1->yval < 0 && With1->xval < With1->endchop) {
-+ if ((With1->yval > 0 && With1->xval > With1->endchop) ||
-+ (With1->yval < 0 && With1->xval < With1->endchop)) {
- bswitch = true;
- }
- }
-@@ -13464,16 +13464,16 @@ void produce(stackinx newp, int p)
- s = sin(With2->Upr.Uline.endpos.xpos);
- With2->aat.xpos += With2->Upr.Uline.aradius * r;
- With2->aat.ypos += With2->Upr.Uline.aradius * s;
-- if (With2->direction == XLup && i == XLleft ||
-- With2->direction == XLdown && i == XLright ||
-- With2->direction == XLright && i == XLup ||
-- With2->direction == XLleft && i == XLdown) {
-+ if ((With2->direction == XLup && i == XLleft) ||
-+ (With2->direction == XLdown && i == XLright) ||
-+ (With2->direction == XLright && i == XLup) ||
-+ (With2->direction == XLleft && i == XLdown)) {
- With2->Upr.Uline.endpos.ypos = pi * 0.5;
- }
-- else if (With2->direction == XLup && i == XLright ||
-- With2->direction == XLdown && i == XLleft ||
-- With2->direction == XLright && i == XLdown ||
-- With2->direction == XLleft && i == XLup) {
-+ else if ((With2->direction == XLup && i == XLright) ||
-+ (With2->direction == XLdown && i == XLleft) ||
-+ (With2->direction == XLright && i == XLdown) ||
-+ (With2->direction == XLleft && i == XLup)) {
- With2->Upr.Uline.endpos.ypos = -pi * 0.5;
- }
- if (attstack[newp+2].lexval != XEMPTY) {
-@@ -17640,7 +17640,7 @@ void defineargbody(int *parenlevel, fbuffer **p2)
- }
- }
- /*D if debuglevel=2 then write(log,' instring=',instring,' '); D*/
-- if (!instring && (*parenlevel < 0 || *parenlevel == 0 && ch == ',')) {
-+ if (!instring && (*parenlevel < 0 || (*parenlevel == 0 && ch == ','))) {
- j = With->savedlen;
- inarg = false;
- }
-@@ -18743,7 +18743,7 @@ void getoptions(void)
- } /* getoptions */
-
-
--void main(int argc, Char *argv[])
-+int main(int argc, Char *argv[])
- { P_argc = argc; P_argv = argv; __top_jb = NULL;
- redirect = NULL;
- copyin = NULL;
Index: patches/patch-p2c_h
===================================================================
RCS file: patches/patch-p2c_h
diff -N patches/patch-p2c_h
--- patches/patch-p2c_h 9 Sep 2017 22:56:49 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,18 +0,0 @@
-$OpenBSD: patch-p2c_h,v 1.1 2017/09/09 22:56:49 nigel Exp $
-Index: p2c.h
---- p2c.h.orig
-+++ p2c.h
-@@ -435,12 +435,7 @@ typedef struct {
- } _TEXT;
-
- /* Memory allocation */
--#ifdef __GCC__
--# define Malloc(n) (malloc(n) ?: (Anyptr)_OutMem())
--#else
--extern Anyptr __MallocTemp__;
--# define Malloc(n) ((__MallocTemp__ = malloc(n)) ? __MallocTemp__ : (Anyptr)_OutMem())
--
No comments:
Post a Comment