gnu: unrtf: Update to 0.21.10.

* gnu/packages/unrtf.scm (unrtf): Update to 0.21.10. [source]: Remove patch, remove snippet. [license]: Update to gpl3+. * gnu/packages/patches/unrtf-CVE-2016-10091.patch: Remove file. * gnu/local.mk (dist_patch_DATA): Remove it.
2019-01-06 14:32:39 +02:00 · 2019-01-06 14:32:39 +02:00 · 30e06c2cee
parent c65bfc658a
commit 30e06c2cee
3 changed files with 4 additions and 216 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1215,7 +1215,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/u-boot-pinebook-dts.patch		\
  %D%/packages/patches/u-boot-pinebook-syscon-node.patch	\
  %D%/packages/patches/u-boot-pinebook-video-bridge.patch	\
-  %D%/packages/patches/unrtf-CVE-2016-10091.patch		\
  %D%/packages/patches/unzip-CVE-2014-8139.patch		\
  %D%/packages/patches/unzip-CVE-2014-8140.patch		\
  %D%/packages/patches/unzip-CVE-2014-8141.patch		\
--- a/gnu/packages/patches/unrtf-CVE-2016-10091.patch
+++ b/gnu/packages/patches/unrtf-CVE-2016-10091.patch
@ -1,189 +0,0 @@
-Fix CVE-2016-10091 (stack-based buffer overflows in cmd_* functions):
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10091
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849705
-http://seclists.org/oss-sec/2016/q4/787
-
-Patch adapted from Debian:
-
-https://anonscm.debian.org/cgit/collab-maint/unrtf.git/commit/?h=jessie&id=7500a48fb0fbad3ab963fb17560b2f90a8a485c8
-
-The Debian patch adapts this upstream commit so that it can be applied
-to the 0.21.9 release tarball:
-
-http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406
-
-From 7dd568ed8a6a5acb6c04f2b40f457d63a00435f3 Mon Sep 17 00:00:00 2001
-From: Willi Mann <willi@debian.org>
-Date: Sat, 31 Dec 2016 20:31:38 +0100
-Subject: [PATCH] Add patch from upstream to fix CVE-2016-10091 (buffer
- overflow in various cmd_ functions)
-
-diff --git a/src/attr.c b/src/attr.c
-index 02b5c81..e2951ea 100644
--- a/src/attr.c
-+++ b/src/attr.c
-@@ -746,7 +746,7 @@ char *
- assemble_string(char *string, int nr)
- {
- 
-	char *s, tmp[12];/* Number of characters that can be in int type (including '\0') - AF */
-+	char *s, tmp[20];
- 	int i = 0, j = 0;
- 
- 	if (string == NULL)
-@@ -762,7 +762,7 @@ assemble_string(char *string, int nr)
- 		}
- 
- 		if (string[i] != '\0') {
-			sprintf(tmp, "%d", nr);
-+			snprintf(tmp, 20, "%d", nr);
- 			strcpy(&s[j], tmp);
- 			j = j + strlen(tmp);
- 		}
-diff --git a/src/convert.c b/src/convert.c
-index c76d7d6..8eacdcb 100644
--- a/src/convert.c
-+++ b/src/convert.c
-@@ -472,7 +472,7 @@ static const int fcharsetparmtocp(int parm)
- }
- 
- // Translate code page to encoding name hopefully suitable as iconv input
-static char *cptoencoding(parm)
-+static char *cptoencoding(int parm)
- {
-     // Note that CP0 is supposed to mean current system default, which does
-     // not make any sense as a stored value, we don't handle it.
-@@ -964,7 +964,7 @@ cmd_cf (Word *w, int align, char has_param, int num)
- 	}
- 	else
- 	{
-		sprintf(str,"#%02x%02x%02x",
-+		snprintf(str, 40, "#%02x%02x%02x",
- 			color_table[num].r,
- 			color_table[num].g,
- 			color_table[num].b);
-@@ -993,7 +993,7 @@ cmd_cb (Word *w, int align, char has_param, int num)
- 	}
- 	else
- 	{
-		sprintf(str,"#%02x%02x%02x",
-+		snprintf(str, 40, "#%02x%02x%02x",
- 			color_table[num].r,
- 			color_table[num].g,
- 			color_table[num].b);
-@@ -1018,7 +1018,7 @@ cmd_fs (Word *w, int align, char has_param, int points) {
- 	/* Note, fs20 means 10pt */
- 	points /= 2;
- 
-	sprintf(str,"%d",points);
-+	snprintf(str, 20, "%d", points);
- 	attr_push(ATTR_FONTSIZE,str);
- 
- 	return FALSE;
-@@ -1166,7 +1166,7 @@ cmd_f (Word *w, int align, char has_param, int num)
-         {
-             // TOBEDONE: WHAT'S THIS ???
-             name = my_malloc(12);
-            sprintf(name, "%d", num);
-+			snprintf(name, 12, "%d", num);
-         }
- 
-         /* we are going to output entities, so should not output font */
-@@ -1218,7 +1218,7 @@ cmd_highlight (Word *w, int align, char has_param, int num)
- 	}
- 	else
- 	{
-		sprintf(str,"#%02x%02x%02x",
-+		snprintf(str, 40, "#%02x%02x%02x",
- 			color_table[num].r,
- 			color_table[num].g,
- 			color_table[num].b);
-@@ -1373,9 +1373,9 @@ cmd_ftech (Word *w, int align, char has_param, int param) {
- 
- static int 
- cmd_expand (Word *w, int align, char has_param, int param) {
-	char str[10];
-+	char str[20];
- 	if (has_param) {
-		sprintf(str, "%d", param/4);
-+		snprintf(str, 20, "%d", param / 4);
- 		if (!param) 
- 			attr_pop(ATTR_EXPAND);
- 		else 
-@@ -1394,7 +1394,7 @@ cmd_expand (Word *w, int align, char has_param, int param) {
- 
- static int 
- cmd_emboss (Word *w, int align, char has_param, int param) {
-	char str[10];
-+	char str[20];
- 	if (has_param && !param)
- #ifdef SUPPORT_UNNESTED
- 		attr_find_pop(ATTR_EMBOSS);
-@@ -1403,7 +1403,7 @@ cmd_emboss (Word *w, int align, char has_param, int param) {
- #endif
- 	else
- 	{
-		sprintf(str, "%d", param);
-+		snprintf(str, 20, "%d", param);
- 		attr_push(ATTR_EMBOSS, str);
- 	}
- 	return FALSE;
-@@ -1419,12 +1419,12 @@ cmd_emboss (Word *w, int align, char has_param, int param) {
- 
- static int 
- cmd_engrave (Word *w, int align, char has_param, int param) {
-	char str[10];
-+	char str[20];
- 	if (has_param && !param) 
- 		attr_pop(ATTR_ENGRAVE);
- 	else
- 	{
-		sprintf(str, "%d", param);
-+		snprintf(str, 20, "%d", param);
- 		attr_push(ATTR_ENGRAVE, str);
- 	}
- 	return FALSE;
-@@ -1976,7 +1976,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) {
- 
- 	short	done=0;
- 	long unicode_number = (long) param; /* On 16bit architectures int is too small to store unicode characters. - AF */
-	char tmp[12]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */
-+	char tmp[20]; /* Number of characters that can be in int type (including '\0'). If int size is greater than 4 bytes change this value. - AF */
- 	const char *alias;
- #define DEBUG 0
- #if DEBUG
-@@ -2006,7 +2006,7 @@ static int cmd_u (Word *w, int align, char has_param, int param) {
-                             /* RTF spec: Unicode values beyond 32767 are represented by negative numbers */
- 				unicode_number += 65536;
- 			}
-			sprintf(tmp, "%ld", unicode_number);
-+			snprintf(tmp, 20, "%ld", unicode_number);
- 
- 			if (safe_printf(1, op->unisymbol_print, tmp)) fprintf(stderr, TOO_MANY_ARGS, "unisymbol_print");
- 			done++;
-diff --git a/src/output.c b/src/output.c
-index 86d8b5c..4cdbfa6 100644
--- a/src/output.c
-+++ b/src/output.c
-@@ -320,7 +320,7 @@ op_begin_std_fontsize (OutputPersonality *op, int size)
- 	if (!found_std_expr) {
- 		if (op->fontsize_begin) {
- 			char expr[16];
-			sprintf (expr, "%d", size);
-+			snprintf(expr, 16, "%d", size);
- 			if (safe_printf (1, op->fontsize_begin, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_begin");
- 		} else {
- 			/* If we cannot write out a change for the exact
-@@ -440,7 +440,7 @@ op_end_std_fontsize (OutputPersonality *op, int size)
- 	if (!found_std_expr) {
- 		if (op->fontsize_end) {
- 			char expr[16];
-			sprintf (expr, "%d", size);
-+			snprintf(expr, 16, "%d", size);
- 			if (safe_printf(1, op->fontsize_end, expr)) fprintf(stderr, TOO_MANY_ARGS, "fontsize_end");
- 		} else {
- 			/* If we cannot write out a change for the exact
- 
-.11.0
-
--- a/gnu/packages/unrtf.scm
+++ b/gnu/packages/unrtf.scm
@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2019 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -31,37 +32,14 @@
 (define-public unrtf
  (package
    (name "unrtf")
-    (version "0.21.9")
+    (version "0.21.10")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnu/unrtf/unrtf-"
                                 version ".tar.gz"))
-             (patches (search-patches "unrtf-CVE-2016-10091.patch"))
             (sha256
              (base32
-               "1pcdzf2h1prn393dkvg93v80vh38q0v817xnbwrlwxbdz4k7i8r2"))
-             (modules '((guix build utils)))
-             (snippet
-              #~(begin
-                  ;; The tarball includes site-specific generated files.
-                  ;; Remove them.
-                  (for-each delete-file '("config.log" "config.h"))
-                  (for-each delete-file
-                            (find-files "." "^Makefile$"))
-
-                  ;; The config/ directory contains dangling symlinks to
-                  ;; /usr/share/automake.
-                  (for-each delete-file (find-files "config"))
-
-                  ;; Regenerate the whole thing.
-                  (setenv "PATH"
-                          (string-append #$autoconf "/bin:"
-                                         #$automake "/bin:"
-                                         #$m4 "/bin:"
-                                         #$grep "/bin:" #$sed "/bin:"
-                                         #$coreutils "/bin:"
-                                         (getenv "PATH")))
-                  (invoke "autoreconf" "-vfi")))))
+               "1bil6z4niydz9gqm2j861dkxmqnpc8m7hvidsjbzz7x63whj17xl"))))
    (build-system gnu-build-system)
    (home-page "https://www.gnu.org/software/unrtf/")
    (synopsis "Convert Rich Text Format documents to other formats")
@ -69,4 +47,4 @@
     "GNU UnRTF converts text documents from RTF to HTML, LaTeX, or troff.
 It supports changes in font characteristics, underlines and strikethroughs,
 superscripts and subscripts, and more.")
-    (license gpl2+)))
+    (license gpl3+)))