File gnats-4.1.0.diff of Package gnats
--- gnats/Makefile.in
+++ gnats/Makefile.in
@@ -391,7 +391,7 @@
$(INSTALL_SCRIPT) edit-pr $(DESTDIR)$(bindir)/edit-pr
$(INSTALL_SCRIPT) diff-prs $(DESTDIR)$(libexecdir)/gnats/diff-prs
$(INSTALL_SCRIPT) mail-agent $(DESTDIR)$(libexecdir)/gnats/mail-agent
- $(INSTALL_PROGRAM) file-pr $(DESTDIR)$(libexecdir)/gnats/file-pr
+ $(INSTALL_SCRIPT) file-pr $(DESTDIR)$(libexecdir)/gnats/file-pr
$(INSTALL_PROGRAM) pr-age $(DESTDIR)$(libexecdir)/gnats/pr-age
$(INSTALL_PROGRAM) pr-edit $(DESTDIR)$(libexecdir)/gnats/pr-edit
@if [ `whoami` = root -o `whoami` = $(GNATS_USER) ] ; then \
--- gnats/client.c
+++ gnats/client.c
@@ -145,7 +145,7 @@
size_t linelen = strlen (recvline);
int i;
- if (linelen > 0)
+ if (linelen > 1)
{
if (recvline[linelen - 2] == '\r')
{
@@ -194,7 +194,7 @@
size_t linelen = strlen (recvline);
int i;
- if (linelen > 0)
+ if (linelen > 1)
{
if (recvline[linelen - 2] == '\r')
{
@@ -221,6 +221,7 @@
prList = &((*prList)->next);
}
}
+ free (recvline);
}
}
@@ -244,7 +245,7 @@
else
{
int i;
- if (recvline[1])
+ if (recvline[0] && recvline[1])
{
size_t linelen = strlen (recvline) - 2;
if (recvline[linelen] == '\r')
@@ -614,7 +616,8 @@
authenticator, but a constant should be nearly as secure. */
#define CKSUM 0x10291966
- strcpy (hname, host->h_name);
+ strncpy (hname, host->h_name, sizeof (hname));
+ hname[sizeof (hname) - 1] = 0;
realm = krb_realmofhost (hname);
--- gnats/edit-pr.sh
+++ gnats/edit-pr.sh
@@ -113,14 +113,6 @@
PR_ADDR="$QUERY_PR --responsible-address"
PR_EDIT="$LIBEXECDIR/gnats/pr-edit $GNATS_HOST $GNATS_PORT $EDIT_USER $EDIT_PASSWD $GNATS_DB"
-# These traps take care of deleting all the /tmp files
-trap 'rm -f $new.old $change_msg $fixfil' 0
-# Don't delete $new on error signals
-trap 'if [ "$locked" != "" ]; then \
- $PR_EDIT --unlock $pr_id ; \
- locked= ; \
- fi' 1 2 3 13 15
-
# find a user name
if [ "$USER" != "" ]; then
me=$USER
@@ -138,15 +130,30 @@
full_me="$me"
fi
+# These traps take care of deleting all the /tmp files
+trap 'rm -rf $newdir' 0
+# Don't delete $new on error signals
+trap 'if [ "$locked" != "" ]; then \
+ $PR_EDIT --unlock $pr_id ; \
+ locked= ; \
+ fi; exit 1' 1 2 3 13 15
+
# new = temp file to use for editing
-new="/tmp/ep$$"
-newtmp="/tmp/ep$$.tp"
-change_msg="/tmp/ep$$.ch"
-fixfil="/tmp/ep$$.fx"
+if type -p mktemp >/dev/null 2>&1; then
+ newdir=`mktemp -d /tmp/epXXXXXX` || exit 1
+else
+ newdir="/tmp/ep$$"
+ rm -rf $newdir
+ mkdir -m 700 $newdir || exit 1
+fi
+new=$newdir/edit-pr
+newtmp=$newdir/edit-pr.tp
+change_msg=$newdir/edit-pr.ch
+fixfil=$newdir/edit-pr.fx
# lock the pr
$debug_print "Locking $pr_id."
-lock=`$PR_EDIT --lock=$full_me --process=$$ $pr_id 2>&1 > $new`
+lock=`$PR_EDIT --lock="$full_me" --process=$$ $pr_id 2>&1 > $new`
locked=t
if [ "$lock" != "" ] ; then
--- gnats/edit.c
+++ gnats/edit.c
@@ -924,7 +924,8 @@
}
/* read the contents of the lock file */
- fgets (buf, sizeof (buf) - 1, fp);
+ if (fgets (buf, sizeof (buf) - 1, fp) == NULL)
+ buf[0] = 0;
s = strchr (buf, '\n');
if (s != NULL)
{
--- gnats/gen-closed-date.c
+++ gnats/gen-closed-date.c
@@ -123,8 +123,12 @@
final1++;
}
to_len = final1 - to_start;
+ if (from_len >= sizeof (from))
+ from_len = sizeof (from) - 1;
strncpy (from, from_start, from_len);
from[from_len] = '\0';
+ if (to_len >= sizeof (from))
+ to_len = sizeof (from) - 1;
strncpy (to, to_start, to_len);
to[to_len] = '\0';
final2 = final1;
@@ -163,6 +167,8 @@
}
c++;
len = c - when_start;
+ if (len >= sizeof (when))
+ len = sizeof (when) - 1;
(void) strncpy (when, when_start, len);
when[len] = '\0';
set_field (pr, CLOSED_DATE (pr->database), when, err);
@@ -246,6 +252,12 @@
{
PR *pr;
+ if (strlen (next->d_name) > 20)
+ {
+ fprintf (stderr, "%s%s: name too long\n", path, next->d_name);
+ continue;
+ }
+
p = path + len - 1;
strcat (p, next->d_name);
--- gnats/gen-index.c
+++ gnats/gen-index.c
@@ -161,6 +161,12 @@
PR *pr;
char *p = path + len - 1;
+ if (strlen (next->d_name) > 20)
+ {
+ fprintf (stderr, "%s%s: name too long\n", path, next->d_name);
+ continue;
+ }
+
strcat (p, next->d_name);
fp = fopen (path, "r");
--- gnats/mail-query.sh
+++ gnats/mail-query.sh
@@ -47,7 +47,15 @@
[ "$header" = "Subject" ] && args="$contents"
done
-mail=/tmp/query$$
+if type -p mktemp >/dev/null; then
+ mail=`mktemp /tmp/queryXXXXXX` || exit 1
+else
+ mail=/tmp/query$$
+ rm -f $mail
+ set -C
+ > $mail || exit 1
+ set +C
+fi
exec 3>&1 4>&2 > $mail 2>&1
--- send-pr/Makefile.in
+++ send-pr/Makefile.in
@@ -115,6 +115,7 @@
install-norm-arch-indep:
install-norm-arch-dep: all
+ $(SHELL) $(srcdir)/../mkinstalldirs $(DESTDIR)$(bindir)/
$(INSTALL_SCRIPT) send-pr $(DESTDIR)$(bindir)/send-pr
$(INSTALL_SCRIPT) install-sid $(DESTDIR)$(bindir)/install-sid
$(SHELL) $(srcdir)/../mkinstalldirs $(DESTDIR)$(man1dir)/
--- send-pr/send-pr.sh
+++ send-pr/send-pr.sh
@@ -125,6 +125,11 @@
fi
REMOVE_TEMP="rm -f $TEMP $BAD $REF"
+# Catch some signals. ($xs kludge needed by Sun /bin/sh)
+xs=0
+trap 'rm -f $REF $TEMP $FIXFIL; exit $xs' 0
+trap 'echo "$COMMAND: Aborting ..."; rm -f $REF $TEMP $FIXFIL; xs=1; exit' 1 3 13 15
+
# find a user name
if [ "$LOGNAME" = "" ]; then
if [ "$USER" != "" ]; then
@@ -277,11 +282,6 @@
# So the template generation code finds it.
DEFAULT_SUBMITTERID=${SUBMITTER}
-# Catch some signals. ($xs kludge needed by Sun /bin/sh)
-xs=0
-trap 'rm -f $REF $TEMP $FIXFIL; exit $xs' 0
-trap 'echo "$COMMAND: Aborting ..."; rm -f $REF $TEMP $FIXFIL; xs=1; exit' 1 3 13 15
-
if [ "x$PRINT" = "xtrue" ]; then
FROM="<FROM>"
REPLYTO="<REPLYTO>"
