commit: 9a2798d0c952f65cf420756e0041c24433cec183 Author: Sam James <sam <AT> gentoo <DOT> org> AuthorDate: Thu Oct 9 08:45:40 2025 +0000 Commit: Sam James <sam <AT> gentoo <DOT> org> CommitDate: Thu Oct 9 08:47:00 2025 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a2798d0
sys-apps/most: backport fix for buffer overflow on long search Use the version of the patch Arch backported as it applies cleanly then. Bug: https://github.com/jedsoft/most/issues/29 Closes: https://bugs.gentoo.org/963958 Signed-off-by: Sam James <sam <AT> gentoo.org> .../most/files/most-5.2.0-buffer-overflow.patch | 29 ++++++++++++++++ sys-apps/most/most-5.2.0-r1.ebuild | 39 ++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/sys-apps/most/files/most-5.2.0-buffer-overflow.patch b/sys-apps/most/files/most-5.2.0-buffer-overflow.patch new file mode 100644 index 000000000000..b0e45e9b95af --- /dev/null +++ b/sys-apps/most/files/most-5.2.0-buffer-overflow.patch @@ -0,0 +1,29 @@ +https://bugs.gentoo.org/963958 +https://gitlab.archlinux.org/archlinux/packaging/packages/most/-/raw/a07ea9304fd99710f8fc15e3b9d02304fd766e6e/most-5.2.0-most_message-buffer-overlow.patch +https://github.com/jedsoft/most/commit/77653f684ab2793696b0a5b9502e79d86632b10c + +From 77653f684ab2793696b0a5b9502e79d86632b10c Mon Sep 17 00:00:00 2001 +From: "John E. Davis" <[email protected]> +Date: Thu, 3 Jul 2025 19:51:37 -0400 +Subject: [PATCH] pre5.2.5: Avoid a buffer overflow in most_message. This + addresses + https://gitlab.archlinux.org/archlinux/packaging/packages/most/-/issues/1 + +--- + src/window.c | 3 ++- + 3 files changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/window.c b/src/window.c +index 41f5356..483dc8b 100644 +--- a/src/window.c ++++ b/src/window.c +@@ -61,7 +61,8 @@ static int Minibuffer_Selected; + + void most_message(char *what, int how) + { +- strcpy (Most_Mini_Buf,what); ++ strncpy (Most_Mini_Buf, what, sizeof(Most_Mini_Buf)); ++ Most_Mini_Buf[sizeof(Most_Mini_Buf)-1] = 0; + if (how) Beep_Mini = 1; else Beep_Mini = 0; + } + diff --git a/sys-apps/most/most-5.2.0-r1.ebuild b/sys-apps/most/most-5.2.0-r1.ebuild new file mode 100644 index 000000000000..d5181327d7ab --- /dev/null +++ b/sys-apps/most/most-5.2.0-r1.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2025 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +DESCRIPTION="Paging program that displays, one windowful at a time, the contents of a file" +HOMEPAGE="https://www.jedsoft.org/most/"; +SRC_URI=" + https://www.jedsoft.org/releases/${PN}/${P}.tar.gz + https://www.jedsoft.org/releases/${PN}/old/${P}.tar.gz +" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos" + +RDEPEND=">=sys-libs/slang-2.1.3" +DEPEND="${RDEPEND}" + +PATCHES=( + "${FILESDIR}"/${PN}-5.0.0a-donot-hardcode-path.patch + "${FILESDIR}"/${PN}-5.2.0-buffer-overflow.patch +) + +src_prepare() { + default + # Do not strip by default + sed -e '/\$(INSTALL)/s@ -s@@' -i src/Makefile.in || die +} + +src_configure() { + unset ARCH + econf +} + +src_install() { + emake DESTDIR="${D}" DOC_DIR="${EPREFIX}/usr/share/doc/${PF}" \ + install +}
