Sat Feb 20 14:37:24 2021 UTC ()
webalizer: fix crashes

Use memmove instead of memcpy with overlapping arguments. Patch from
Adrian Immanuel Kiess in PR pkg/55809.


(bsiegert)
diff -r1.72 -r1.73 pkgsrc/www/webalizer/Makefile
diff -r1.17 -r1.18 pkgsrc/www/webalizer/distinfo
diff -r0 -r1.1 pkgsrc/www/webalizer/patches/patch-preserve.c
cvs diff -r1.72 -r1.73 pkgsrc/www/webalizer/Makefile (expand / switch to unified diff)

--- pkgsrc/www/webalizer/Makefile 2020/11/26 16:08:13 1.72
+++ pkgsrc/www/webalizer/Makefile 2021/02/20 14:37:23 1.73
@@ -1,17 +1,18 @@ @@ -1,17 +1,18 @@
1# $NetBSD: Makefile,v 1.72 2020/11/26 16:08:13 bsiegert Exp $ 1# $NetBSD: Makefile,v 1.73 2021/02/20 14:37:23 bsiegert Exp $
2 2
3DISTNAME= webalizer-2.23-08-src 3DISTNAME= webalizer-2.23-08-src
4PKGNAME= webalizer-2.23.8 4PKGNAME= webalizer-2.23.8
 5PKGREVISION= 1
5CATEGORIES= www 6CATEGORIES= www
6MASTER_SITES= ftp://ftp.mrunix.net/pub/webalizer/ 7MASTER_SITES= ftp://ftp.mrunix.net/pub/webalizer/
7EXTRACT_SUFX= .tar.bz2 8EXTRACT_SUFX= .tar.bz2
8 9
9MAINTAINER= pkgsrc-users@NetBSD.org 10MAINTAINER= pkgsrc-users@NetBSD.org
10HOMEPAGE= http://www.webalizer.org/ 11HOMEPAGE= http://www.webalizer.org/
11COMMENT= Web server log file analysis program 12COMMENT= Web server log file analysis program
12 13
13WRKSRC= ${WRKDIR}/${DISTNAME:S/-src//} 14WRKSRC= ${WRKDIR}/${DISTNAME:S/-src//}
14BDB_ACCEPTED= db4 db5 15BDB_ACCEPTED= db4 db5
15GNU_CONFIGURE= yes 16GNU_CONFIGURE= yes
16CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 17CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
17CONFIGURE_ARGS+= --enable-dns 18CONFIGURE_ARGS+= --enable-dns
cvs diff -r1.17 -r1.18 pkgsrc/www/webalizer/distinfo (expand / switch to unified diff)

--- pkgsrc/www/webalizer/distinfo 2020/11/26 16:08:13 1.17
+++ pkgsrc/www/webalizer/distinfo 2021/02/20 14:37:23 1.18
@@ -1,13 +1,14 @@ @@ -1,13 +1,14 @@
1$NetBSD: distinfo,v 1.17 2020/11/26 16:08:13 bsiegert Exp $ 1$NetBSD: distinfo,v 1.18 2021/02/20 14:37:23 bsiegert Exp $
2 2
3SHA1 (webalizer-2.23-08-src.tar.bz2) = 601d5b6557c9916a050544592f5bf9c2ad540f59 3SHA1 (webalizer-2.23-08-src.tar.bz2) = 601d5b6557c9916a050544592f5bf9c2ad540f59
4RMD160 (webalizer-2.23-08-src.tar.bz2) = 6f1d2ca90d9a891c878e5edb220684869f9fd32c 4RMD160 (webalizer-2.23-08-src.tar.bz2) = 6f1d2ca90d9a891c878e5edb220684869f9fd32c
5SHA512 (webalizer-2.23-08-src.tar.bz2) = 23fe6e3ef1c85aa527ffafef16c31c13ad8e1f9feb774557c07a5c8fd6c67986b98180ef16d6cebe62d59c5f7ca214b8292e94ce8f195fa0541de9c5438fb9bd 5SHA512 (webalizer-2.23-08-src.tar.bz2) = 23fe6e3ef1c85aa527ffafef16c31c13ad8e1f9feb774557c07a5c8fd6c67986b98180ef16d6cebe62d59c5f7ca214b8292e94ce8f195fa0541de9c5438fb9bd
6Size (webalizer-2.23-08-src.tar.bz2) = 308090 bytes 6Size (webalizer-2.23-08-src.tar.bz2) = 308090 bytes
7SHA1 (patch-ac) = f4885b334b3adb3f8523f959a89e6fe5f7f3b52f 7SHA1 (patch-ac) = f4885b334b3adb3f8523f959a89e6fe5f7f3b52f
8SHA1 (patch-ad) = 7a296638b50341648ca70ad730c1e91282212dad 8SHA1 (patch-ad) = 7a296638b50341648ca70ad730c1e91282212dad
9SHA1 (patch-ae) = ea0c444408cef1be4e69b837170bbbe9a7a5150e 9SHA1 (patch-ae) = ea0c444408cef1be4e69b837170bbbe9a7a5150e
10SHA1 (patch-ba) = eadf9f9d22c89d441debd90b993846529fc872fd 10SHA1 (patch-ba) = eadf9f9d22c89d441debd90b993846529fc872fd
11SHA1 (patch-bb) = d8a5f6f60f53d6de8fc24d3b1844a052be0ad69a 11SHA1 (patch-bb) = d8a5f6f60f53d6de8fc24d3b1844a052be0ad69a
12SHA1 (patch-bc) = 98d263cfb585477798f620a6f3690680ce2759b6 12SHA1 (patch-bc) = 98d263cfb585477798f620a6f3690680ce2759b6
13SHA1 (patch-bd) = 21f074725a85de5d9d865b84cc88dc04919226d4 13SHA1 (patch-bd) = 21f074725a85de5d9d865b84cc88dc04919226d4
 14SHA1 (patch-preserve.c) = 5fc85459af088b773073f161a29160a2cff73ba8
File Added: pkgsrc/www/webalizer/patches/patch-preserve.c
$NetBSD: patch-preserve.c,v 1.1 2021/02/20 14:37:23 bsiegert Exp $

memcpy with overlapping arguments is undefined behavior, use memmove.
See PR pkg/55809.

--- preserve.c.orig	2013-02-26 05:37:27.000000000 +0000
+++ preserve.c
@@ -109,7 +109,7 @@ void get_history()
                         yr = hist[i].year;
                         mth= hist[i].month+1;
                         if (mth>12) { mth=1; yr++; }
-                        memcpy(&hist[0], &hist[1], sizeof(hist[0])*i);
+                        memmove(&hist[0], &hist[1], sizeof(hist[0])*i);
                         memset(&hist[i], 0, sizeof(struct hist_rec));
                         hist[i].year=yr; hist[i].month=mth; n--;
                     }
@@ -277,7 +277,7 @@ void update_history()
                   yr = hist[i].year;
                   mth= hist[i].month+1;
                   if (mth>12) { mth=1; yr++; }
-                  memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
+                  memmove(&hist[0],&hist[1],sizeof(hist[0])*i);
                   memset(&hist[i], 0, sizeof(struct hist_rec));
                   hist[i].year=yr; hist[i].month=mth; n--;
                }