Package: arj | Debian Sources

Package: arj / 3.10.22-26

Metadata

Package	Version	Patches format
arj	3.10.22-26	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
001_arches_align.patch \| (download)	arj_proc.c \| 2 1 1 - 0 ! arj_proc.h \| 4 2 2 - 0 ! 2 files changed, 3 insertions( ), 3 deletions(-)	correct build failure on ia64 due to unaligned memory access.
002_no_remove_static_const.patch \| (download)	integr.c \| 2 1 1 - 0 ! 1 file changed, 1 insertion( ), 1 deletion(-)	set the static const intergrity_identifier variable as volatile instead of building the file with -O0 to avoid the compiler optimizing it away, so that we can use standard flags everywhere.
003_64_bit_clean.patch \| (download)	arj_arcv.c \| 22 11 11 - 0 ! arj_proc.c \| 22 11 11 - 0 ! arj_proc.h \| 24 13 11 - 0 ! 3 files changed, 35 insertions( ), 33 deletions(-)	make code 64-bit clean.
004_parallel_build.patch \| (download)	gnu/makefile.in \| 74 44 30 - 0 ! 1 file changed, 44 insertions( ), 30 deletions(-)	fix upstream build sysstem to support parallel builds.
005_use_system_strnlen.patch \| (download)	fardata.c \| 2 2 0 - 0 ! gnu/config.h.in \| 1 1 0 - 0 ! gnu/configure.in \| 4 3 1 - 0 ! 3 files changed, 6 insertions( ), 1 deletion(-)	detect and conditionally use system strnlen function. This fixes build failures when the system has eglibc 2.10.
006_use_safe_strcpy.patch \| (download)	arj.c \| 2 1 1 - 0 ! arjdata.c \| 9 1 8 - 0 ! ea_mgr.c \| 2 1 1 - 0 ! misc.h \| 4 4 0 - 0 ! msgbind.c \| 2 1 1 - 0 ! packager.c \| 2 1 1 - 0 ! 6 files changed, 9 insertions( ), 12 deletions(-)	use a safe strcpy for overlapping strings, among others fixes a build problem with a mangled generated .c file by msgbind (thus FTBFS), and CRC errors at run-time.
hurd_no_fcntl_getlk.patch \| (download)	environ.c \| 3 2 1 - 0 ! 1 file changed, 2 insertions( ), 1 deletion(-)	fix build failure on gnu/hurd, by handling unimplemented fcntl(F_GETLK). The Hurd does not implement yet fcntl(F_GETLK) and returns ENOSYS, handle this as a non-fatal error.
security_format.patch \| (download)	arj_arcv.c \| 12 6 6 - 0 ! arj_user.c \| 8 4 4 - 0 ! arjdisp.c \| 58 28 30 - 0 ! arjsfx.c \| 2 1 1 - 0 ! fardata.c \| 10 5 5 - 0 ! rearj.c \| 2 1 1 - 0 ! register.c \| 2 1 1 - 0 ! 7 files changed, 46 insertions( ), 48 deletions(-)	fix format security errors.
doc_refer_robert_k_jung.patch \| (download)	resource/en/arj.1 \| 3 3 0 - 0 ! 1 file changed, 3 insertions( )	refer to original author robert k. jung in the manual page.
gnu_build_fix.patch \| (download)	gnu/configure.in \| 7 1 6 - 0 ! 1 file changed, 1 insertion( ), 6 deletions(-)	fix build failure on gnu/hurd due to missing -ldl, by adding gnu* to the configure case handling libdl linking.
gnu_build_flags.patch \| (download)	gnu/makefile.in \| 8 4 4 - 0 ! 1 file changed, 4 insertions( ), 4 deletions(-)	fix upstream build system to honour cppflags and ldflags.
gnu_build_strip.patch \| (download)	gnu/makefile.in \| 18 16 2 - 0 ! 1 file changed, 16 insertions( ), 2 deletions(-)	support nostrip build option. By changing the upstrem build system to optionally strip the binaries after the linking stage and before their preprocessing.
gnu_build_pie.patch \| (download)	gnu/configure.in \| 2 2 0 - 0 ! gnu/makefile.in \| 4 2 2 - 0 ! 2 files changed, 4 insertions( ), 2 deletions(-)	support pie build option. We always pass -shared and -fPIC after all user defined flags, so that these will override any possibly passed -fPIE option.
self_integrity_64bit.patch \| (download)	arj_proc.c \| 5 3 2 - 0 ! postproc.c \| 4 3 1 - 0 ! 2 files changed, 6 insertions( ), 3 deletions(-)	fix arj self-integrity check on 64-bit systems
security afl.patch \| (download)	decode.c \| 6 3 3 - 0 ! 1 file changed, 3 insertions( ), 3 deletions(-)	fix buffer overflow causing an invalid pointer free().
security traversal dir.patch \| (download)	environ.c \| 3 3 0 - 0 ! 1 file changed, 3 insertions( )	fix absolute path traversals. Catch multiple leading slashes when checking for absolute path traversals. . Fixes CVE-2015-0557.
security traversal symlink.patch \| (download)	uxspec.c \| 54 54 0 - 0 ! 1 file changed, 54 insertions( )	fix symlink directory traversal. Do not allow symlinks that traverse the current directory, nor absolute symlinks. . Fixes CVE-2015-0556.
out of bounds read.patch \| (download)	decode.c \| 13 8 5 - 0 ! 1 file changed, 8 insertions( ), 5 deletions(-)	fix out-of-bounds read We need to handle possible overflows, by using an int instead of a short, and terminating if after computing the index it is out-of-bounds.
remove_build_date.patch \| (download)	arj.c \| 2 1 1 - 0 ! arj.h \| 1 0 1 - 0 ! arjsfx.c \| 2 1 1 - 0 ! gnu/makefile.in \| 27 5 22 - 0 ! rearj.c \| 2 1 1 - 0 ! resource/resource.txt \| 6 3 3 - 0 ! 6 files changed, 11 insertions( ), 29 deletions(-)	remove the build date
reproducible_help_archive.patch \| (download)	arj_arcv.c \| 12 10 2 - 0 ! gnu/makefile.in \| 4 3 1 - 0 ! 2 files changed, 13 insertions( ), 3 deletions(-)	force the timestamp for the help.arj embedded in the executable to the date from SOURCE_DATE_EPOCH, and use DOS mode, to avoid recording the UNIX file attributes, to generate a reproducible archive. Make the -hdo option also affect the stored atime and ctime.
gnu_build_cross.patch \| (download)	gnu/configure.in \| 6 6 0 - 0 ! gnu/makefile.in \| 45 37 8 - 0 ! 2 files changed, 43 insertions( ), 8 deletions(-)	fix cross builds Set the CC detected in configure in the generated makefile. Thanks to Helmut Grohne <[email protected]> . Set CROSS_BUILDING at configure time. Set CC_FOR_BUILD in configure and use it in the makefile to build any tool executed at build time. When cross-building build another arj program for the build architecture.
fix time_t usage.patch \| (download)	arjtypes.c \| 17 9 8 - 0 ! 1 file changed, 9 insertions( ), 8 deletions(-)	use proper time_t type instead of unsigned long for variables that are being passed to localhost() and gmtime(). This fixes several segfaults on x32.
gnu_build_fix_autoreconf.patch \| (download)	gnu/configure.in \| 9 5 4 - 0 ! 1 file changed, 5 insertions( ), 4 deletions(-)	fix configure.in to work with autoreconf.

Patch	File delta	Description
001_arches_align.patch \| (download)	arj_proc.c \| 2 1 1 - 0 ! arj_proc.h \| 4 2 2 - 0 ! 2 files changed, 3 insertions( ), 3 deletions(-)	correct build failure on ia64 due to unaligned memory access.
002_no_remove_static_const.patch \| (download)	integr.c \| 2 1 1 - 0 ! 1 file changed, 1 insertion( ), 1 deletion(-)	set the static const intergrity_identifier variable as volatile instead of building the file with -O0 to avoid the compiler optimizing it away, so that we can use standard flags everywhere.
003_64_bit_clean.patch \| (download)	arj_arcv.c \| 22 11 11 - 0 ! arj_proc.c \| 22 11 11 - 0 ! arj_proc.h \| 24 13 11 - 0 ! 3 files changed, 35 insertions( ), 33 deletions(-)	make code 64-bit clean.
004_parallel_build.patch \| (download)	gnu/makefile.in \| 74 44 30 - 0 ! 1 file changed, 44 insertions( ), 30 deletions(-)	fix upstream build sysstem to support parallel builds.
005_use_system_strnlen.patch \| (download)	fardata.c \| 2 2 0 - 0 ! gnu/config.h.in \| 1 1 0 - 0 ! gnu/configure.in \| 4 3 1 - 0 ! 3 files changed, 6 insertions( ), 1 deletion(-)	detect and conditionally use system strnlen function. This fixes build failures when the system has eglibc 2.10.
006_use_safe_strcpy.patch \| (download)	arj.c \| 2 1 1 - 0 ! arjdata.c \| 9 1 8 - 0 ! ea_mgr.c \| 2 1 1 - 0 ! misc.h \| 4 4 0 - 0 ! msgbind.c \| 2 1 1 - 0 ! packager.c \| 2 1 1 - 0 ! 6 files changed, 9 insertions( ), 12 deletions(-)	use a safe strcpy for overlapping strings, among others fixes a build problem with a mangled generated .c file by msgbind (thus FTBFS), and CRC errors at run-time.
hurd_no_fcntl_getlk.patch \| (download)	environ.c \| 3 2 1 - 0 ! 1 file changed, 2 insertions( ), 1 deletion(-)	fix build failure on gnu/hurd, by handling unimplemented fcntl(F_GETLK). The Hurd does not implement yet fcntl(F_GETLK) and returns ENOSYS, handle this as a non-fatal error.
security_format.patch \| (download)	arj_arcv.c \| 12 6 6 - 0 ! arj_user.c \| 8 4 4 - 0 ! arjdisp.c \| 58 28 30 - 0 ! arjsfx.c \| 2 1 1 - 0 ! fardata.c \| 10 5 5 - 0 ! rearj.c \| 2 1 1 - 0 ! register.c \| 2 1 1 - 0 ! 7 files changed, 46 insertions( ), 48 deletions(-)	fix format security errors.
doc_refer_robert_k_jung.patch \| (download)	resource/en/arj.1 \| 3 3 0 - 0 ! 1 file changed, 3 insertions( )	refer to original author robert k. jung in the manual page.
gnu_build_fix.patch \| (download)	gnu/configure.in \| 7 1 6 - 0 ! 1 file changed, 1 insertion( ), 6 deletions(-)	fix build failure on gnu/hurd due to missing -ldl, by adding gnu* to the configure case handling libdl linking.
gnu_build_flags.patch \| (download)	gnu/makefile.in \| 8 4 4 - 0 ! 1 file changed, 4 insertions( ), 4 deletions(-)	fix upstream build system to honour cppflags and ldflags.
gnu_build_strip.patch \| (download)	gnu/makefile.in \| 18 16 2 - 0 ! 1 file changed, 16 insertions( ), 2 deletions(-)	support nostrip build option. By changing the upstrem build system to optionally strip the binaries after the linking stage and before their preprocessing.
gnu_build_pie.patch \| (download)	gnu/configure.in \| 2 2 0 - 0 ! gnu/makefile.in \| 4 2 2 - 0 ! 2 files changed, 4 insertions( ), 2 deletions(-)	support pie build option. We always pass -shared and -fPIC after all user defined flags, so that these will override any possibly passed -fPIE option.
self_integrity_64bit.patch \| (download)	arj_proc.c \| 5 3 2 - 0 ! postproc.c \| 4 3 1 - 0 ! 2 files changed, 6 insertions( ), 3 deletions(-)	fix arj self-integrity check on 64-bit systems
security afl.patch \| (download)	decode.c \| 6 3 3 - 0 ! 1 file changed, 3 insertions( ), 3 deletions(-)	fix buffer overflow causing an invalid pointer free().
security traversal dir.patch \| (download)	environ.c \| 3 3 0 - 0 ! 1 file changed, 3 insertions( )	fix absolute path traversals. Catch multiple leading slashes when checking for absolute path traversals. . Fixes CVE-2015-0557.
security traversal symlink.patch \| (download)	uxspec.c \| 54 54 0 - 0 ! 1 file changed, 54 insertions( )	fix symlink directory traversal. Do not allow symlinks that traverse the current directory, nor absolute symlinks. . Fixes CVE-2015-0556.
out of bounds read.patch \| (download)	decode.c \| 13 8 5 - 0 ! 1 file changed, 8 insertions( ), 5 deletions(-)	fix out-of-bounds read We need to handle possible overflows, by using an int instead of a short, and terminating if after computing the index it is out-of-bounds.
remove_build_date.patch \| (download)	arj.c \| 2 1 1 - 0 ! arj.h \| 1 0 1 - 0 ! arjsfx.c \| 2 1 1 - 0 ! gnu/makefile.in \| 27 5 22 - 0 ! rearj.c \| 2 1 1 - 0 ! resource/resource.txt \| 6 3 3 - 0 ! 6 files changed, 11 insertions( ), 29 deletions(-)	remove the build date
reproducible_help_archive.patch \| (download)	arj_arcv.c \| 12 10 2 - 0 ! gnu/makefile.in \| 4 3 1 - 0 ! 2 files changed, 13 insertions( ), 3 deletions(-)	force the timestamp for the help.arj embedded in the executable to the date from SOURCE_DATE_EPOCH, and use DOS mode, to avoid recording the UNIX file attributes, to generate a reproducible archive. Make the -hdo option also affect the stored atime and ctime.
gnu_build_cross.patch \| (download)	gnu/configure.in \| 6 6 0 - 0 ! gnu/makefile.in \| 45 37 8 - 0 ! 2 files changed, 43 insertions( ), 8 deletions(-)	fix cross builds Set the CC detected in configure in the generated makefile. Thanks to Helmut Grohne <[email protected]> . Set CROSS_BUILDING at configure time. Set CC_FOR_BUILD in configure and use it in the makefile to build any tool executed at build time. When cross-building build another arj program for the build architecture.
fix time_t usage.patch \| (download)	arjtypes.c \| 17 9 8 - 0 ! 1 file changed, 9 insertions( ), 8 deletions(-)	use proper time_t type instead of unsigned long for variables that are being passed to localhost() and gmtime(). This fixes several segfaults on x32.
gnu_build_fix_autoreconf.patch \| (download)	gnu/configure.in \| 9 5 4 - 0 ! 1 file changed, 5 insertions( ), 4 deletions(-)	fix configure.in to work with autoreconf.