From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 5CAFA158176 for ; Thu, 09 Oct 2025 08:47:58 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 3F753340F20 for ; Thu, 09 Oct 2025 08:47:58 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 1E3B41102C9; Thu, 09 Oct 2025 08:47:57 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 11FB01102C9 for ; Thu, 09 Oct 2025 08:47:57 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange x25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id B2299340F15 for ; Thu, 09 Oct 2025 08:47:56 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 1FB8E2A94 for ; Thu, 09 Oct 2025 08:47:55 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1759999620.9a2798d0c952f65cf420756e0041c24433cec183.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-apps/most/files/, sys-apps/most/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-apps/most/files/most-5.2.0-buffer-overflow.patch sys-apps/most/most-5.2.0-r1.ebuild X-VCS-Directories: sys-apps/most/ sys-apps/most/files/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 9a2798d0c952f65cf420756e0041c24433cec183 X-VCS-Branch: master Date: Thu, 09 Oct 2025 08:47:55 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 96e76309-4506-4352-a06b-a8454f96b6c1 X-Archives-Hash: d44f4156c3d9c31481855edccbea902c commit: 9a2798d0c952f65cf420756e0041c24433cec183 Author: Sam James gentoo org> AuthorDate: Thu Oct 9 08:45:40 2025 +0000 Commit: Sam James gentoo org> CommitDate: Thu Oct 9 08:47:00 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a2798d0 sys-apps/most: backport fix for buffer overflow on long search Use the version of the patch Arch backported as it applies cleanly then. Bug: https://github.com/jedsoft/most/issues/29 Closes: https://bugs.gentoo.org/963958 Signed-off-by: Sam James gentoo.org> .../most/files/most-5.2.0-buffer-overflow.patch | 29 ++++++++++++++++ sys-apps/most/most-5.2.0-r1.ebuild | 39 ++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/sys-apps/most/files/most-5.2.0-buffer-overflow.patch b/sys-apps/most/files/most-5.2.0-buffer-overflow.patch new file mode 100644 index 000000000000..b0e45e9b95af --- /dev/null +++ b/sys-apps/most/files/most-5.2.0-buffer-overflow.patch @@ -0,0 +1,29 @@ +https://bugs.gentoo.org/963958 +https://gitlab.archlinux.org/archlinux/packaging/packages/most/-/raw/a07ea9304fd99710f8fc15e3b9d02304fd766e6e/most-5.2.0-most_message-buffer-overlow.patch +https://github.com/jedsoft/most/commit/77653f684ab2793696b0a5b9502e79d86632b10c + +From 77653f684ab2793696b0a5b9502e79d86632b10c Mon Sep 17 00:00:00 2001 +From: "John E. Davis" +Date: Thu, 3 Jul 2025 19:51:37 -0400 +Subject: [PATCH] pre5.2.5: Avoid a buffer overflow in most_message. This + addresses + https://gitlab.archlinux.org/archlinux/packaging/packages/most/-/issues/1 + +--- + src/window.c | 3 ++- + 3 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/window.c b/src/window.c +index 41f5356..483dc8b 100644 +--- a/src/window.c ++++ b/src/window.c +@@ -61,7 +61,8 @@ static int Minibuffer_Selected; + + void most_message(char *what, int how) + { +- strcpy (Most_Mini_Buf,what); ++ strncpy (Most_Mini_Buf, what, sizeof(Most_Mini_Buf)); ++ Most_Mini_Buf[sizeof(Most_Mini_Buf)-1] = 0; + if (how) Beep_Mini = 1; else Beep_Mini = 0; + } + diff --git a/sys-apps/most/most-5.2.0-r1.ebuild b/sys-apps/most/most-5.2.0-r1.ebuild new file mode 100644 index 000000000000..d5181327d7ab --- /dev/null +++ b/sys-apps/most/most-5.2.0-r1.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Paging program that displays, one windowful at a time, the contents of a file" +HOMEPAGE="https://www.jedsoft.org/most/" +SRC_URI=" + https://www.jedsoft.org/releases/${PN}/${P}.tar.gz + https://www.jedsoft.org/releases/${PN}/old/${P}.tar.gz +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" + +RDEPEND=">=sys-libs/slang-2.1.3" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-5.0.0a-donot-hardcode-path.patch + "${FILESDIR}"/${PN}-5.2.0-buffer-overflow.patch +) + +src_prepare() { + default + # Do not strip by default + sed -e '/\$(INSTALL)/s@ -s@@' -i src/Makefile.in || die +} + +src_configure() { + unset ARCH + econf +} + +src_install() { + emake DESTDIR="${D}" DOC_DIR="${EPREFIX}/usr/share/doc/${PF}" \ + install +}