diff options
-rw-r--r-- | .SRCINFO | 27 | ||||
-rw-r--r-- | PKGBUILD | 57 | ||||
-rw-r--r-- | accept-line-folding.diff | 23 | ||||
-rw-r--r-- | count-vcards-buffer-overflow.diff | 40 | ||||
-rw-r--r-- | field-names-comply-with-vCard2.1diff | 25 | ||||
-rw-r--r-- | manpage-Lb-definition.diff | 16 |
6 files changed, 188 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..e950c0bf8a5b --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,27 @@ +pkgbase = libvc + pkgdesc = vCard library. + pkgver = 003 + pkgrel = 3 + url = http://rolo.sourceforge.net + arch = i686 + arch = x86_64 + license = LGPL + depends = glibc + source = http://downloads.sourceforge.net/rolo/libvc-003.tar.gz + source = count-vcards-buffer-overflow.diff + source = field-names-comply-with-vCard2.1diff + source = manpage-Lb-definition.diff + source = accept-line-folding.diff + md5sums = 3c9f0fb512d02d179f57a9eadcfa1043 + md5sums = 98b3c99555f1e69a0d07152cb800da4f + md5sums = d5bd5ff0720cc726998694c2e01e495e + md5sums = 1366acdbc5569cd18079d823eb91782c + md5sums = 8cf005aac291836e574751f49b5fa32b + sha256sums = c5e75ff0ad63b723179dfcc62849adedcfa575473b784f3bca982b2c481e0b9b + sha256sums = 78466514046a2c04e3c50b51d4a8e1d7c0f4ae781b0d1221078b9e9ba46dbab2 + sha256sums = bfeb6c52aece423646454ca17905fdf2c351eb56fa19a79db51c4c0c08420c5e + sha256sums = 08798202bcc7c8453eeb13f5328ec1a135527f55920b67d05ec1674692191691 + sha256sums = 62e8ab67b03d4140ced02ec894a460bf3a0d06f86f1d4ab804132d71cc8b0e7d + +pkgname = libvc + diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..ec7b08c0ed75 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,57 @@ +# Maintainer: Loui Chang <base64:bG91aXBjLmlzdEBnbWFpbC5jb20=> +# Contributor: Jeff Mickey <j@codemac.net> + +pkgname=libvc +pkgver=003 +pkgrel=3 +pkgdesc="vCard library." +arch=('i686' 'x86_64') +url="http://rolo.sourceforge.net" +license=("LGPL") +depends=('glibc') + +source=( + http://downloads.sourceforge.net/rolo/$pkgname-$pkgver.tar.gz + count-vcards-buffer-overflow.diff + field-names-comply-with-vCard2.1diff + manpage-Lb-definition.diff + accept-line-folding.diff +) + +# Patches originate from +# https://anonscm.debian.org/cgit/users/rafael/deb-pkg/libvc.git/ +# but I don't want to rely on the source being available. + +build() { + cd ${srcdir}/${pkgname}-${pkgver} + + patch -p1 -i ../count-vcards-buffer-overflow.diff + patch -p1 -i ../field-names-comply-with-vCard2.1diff + patch -p1 -i ../manpage-Lb-definition.diff + patch -p1 -i ../accept-line-folding.diff + + ./configure --prefix=/usr + make +} + +package() { + cd ${srcdir}/${pkgname}-${pkgver} + make DESTDIR=${pkgdir} install + find ${pkgdir} -name '*.la' -exec rm {} \; +} + +md5sums=( + '3c9f0fb512d02d179f57a9eadcfa1043' + '98b3c99555f1e69a0d07152cb800da4f' + 'd5bd5ff0720cc726998694c2e01e495e' + '1366acdbc5569cd18079d823eb91782c' + '8cf005aac291836e574751f49b5fa32b' +) + +sha256sums=( + 'c5e75ff0ad63b723179dfcc62849adedcfa575473b784f3bca982b2c481e0b9b' + '78466514046a2c04e3c50b51d4a8e1d7c0f4ae781b0d1221078b9e9ba46dbab2' + 'bfeb6c52aece423646454ca17905fdf2c351eb56fa19a79db51c4c0c08420c5e' + '08798202bcc7c8453eeb13f5328ec1a135527f55920b67d05ec1674692191691' + '62e8ab67b03d4140ced02ec894a460bf3a0d06f86f1d4ab804132d71cc8b0e7d' +) diff --git a/accept-line-folding.diff b/accept-line-folding.diff new file mode 100644 index 000000000000..c9ed39e40008 --- /dev/null +++ b/accept-line-folding.diff @@ -0,0 +1,23 @@ +Make the flex scanner accept values of the fields spanning +several lines using the folding technique of RFC-822 (i.e. using +a space in the beginning of the continuation lines. This does +not yet make libvc completely RFC-2425-compliant, because the +continuation sequence "\n " is still contained in the +output (i.e. not eaten up). At any rate, rolo should now be able +to read vCard files containing folded lines (closes: #442944). + + -- Rafael Laboissiere <rafael@debian.org> Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc_scan.l +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc_scan.l 2008-07-01 17:28:46.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc_scan.l 2008-07-01 17:28:54.000000000 +0200 +@@ -67,7 +67,7 @@ + + <SC_VALUE> + { +-{VALUE-CHAR}* { yylval = yytext; return TOK_VALUE; } ++({VALUE-CHAR}|"\n ")* { yylval = yytext; return TOK_VALUE; } + "\n" { yylval = NULL; BEGIN(INITIAL); return yytext[0]; } + } + diff --git a/count-vcards-buffer-overflow.diff b/count-vcards-buffer-overflow.diff new file mode 100644 index 000000000000..d2841d736841 --- /dev/null +++ b/count-vcards-buffer-overflow.diff @@ -0,0 +1,40 @@ +Fix buffer overflow problem, as reported in +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1356 + + -- Rafael Laboissiere <rafael@debian.org> Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc.c +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc.c 2008-07-01 17:19:22.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc.c 2008-07-01 17:19:24.000000000 +0200 +@@ -25,6 +25,7 @@ + #include "vc.h" + #include <stdlib.h> + #include <string.h> ++#define __USE_GNU + #include <stdio.h> + + #define BUF_LEN 80 +@@ -832,14 +833,16 @@ + int + count_vcards (FILE * fp) + { +- char buf[256]; ++ char* line = NULL; ++ size_t len = 0; + int counter = 0; + +- while (EOF != fscanf (fp, "%s\n", buf)) +- { +- if (0 == strcasecmp (buf, "BEGIN:VCARD")) +- counter++; +- } ++ while (getline (&line, &len, fp) != EOF) ++ if (0 == strncasecmp (line, "BEGIN:VCARD", 11)) ++ counter++; ++ ++ if (line) ++ free (line); + + return counter; + } diff --git a/field-names-comply-with-vCard2.1diff b/field-names-comply-with-vCard2.1diff new file mode 100644 index 000000000000..5b32c97dc64c --- /dev/null +++ b/field-names-comply-with-vCard2.1diff @@ -0,0 +1,25 @@ +Change lex scanning variables, complying with VCard-2 + + -- Rafael Laboissiere <rafael@debian.org> Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/src/vc_scan.l +=================================================================== +--- libvc-003.dfsg.1.orig/src/vc_scan.l 2008-07-01 17:20:04.000000000 +0200 ++++ libvc-003.dfsg.1/src/vc_scan.l 2008-07-01 17:20:10.000000000 +0200 +@@ -49,6 +49,7 @@ + NON-ASCII [\x80-\xFF] + SAFE-CHAR {WSP}|\x21|[\x23-\x2B]|[\x2D-\x39]|[\x3C-\x7E]|{NON-ASCII} + VALUE-CHAR {WSP}|{VCHAR}|{NON-ASCII} ++NAME-CHAR [\x21-\x2B\x2D\x2F-\x39\x3C\x3E-\x5A\x5C\x5E-\x7E] + + %option noyywrap + %x SC_VALUE SC_PARAM SC_PARAM_VALUE +@@ -60,7 +61,7 @@ + "\n" { yylval = NULL; return yytext[0]; } + "." { yylval = NULL; return yytext[0]; } + ({ALPHA}|{DIGIT}|-)+/"." { yylval = yytext; return TOK_GROUP; } +-({ALPHA}|{DIGIT}|-)+ { yylval = yytext; return TOK_NAME; } ++{NAME-CHAR}+ { yylval = yytext; return TOK_NAME; } + ";" { yylval = NULL; BEGIN(SC_PARAM); return yytext[0]; } + ":" { yylval = NULL; BEGIN(SC_VALUE); return yytext[0]; } + diff --git a/manpage-Lb-definition.diff b/manpage-Lb-definition.diff new file mode 100644 index 000000000000..ae1c00fe4155 --- /dev/null +++ b/manpage-Lb-definition.diff @@ -0,0 +1,16 @@ +Adds definition for the libvc library (.Lb macro) and avoids nroff warnings + + -- Rafael Laboissiere <rafael@debian.org> Tue, 01 Jul 2008 17:10:33 +0200 + +Index: libvc-003.dfsg.1/doc/vc.3 +=================================================================== +--- libvc-003.dfsg.1.orig/doc/vc.3 2008-07-01 17:20:46.000000000 +0200 ++++ libvc-003.dfsg.1/doc/vc.3 2008-07-01 17:20:54.000000000 +0200 +@@ -44,6 +44,7 @@ + .Nm get_val_struct_part + .Nd vCard library + .Sh LIBRARY ++.ds str-Lb-libvc vCard\~library (libvc, \-lvc) + .Lb libvc + .Sh SYNOPSIS + .In vc.h |