apply security patches (extracted from Debian patch set)

uucp/uucp-1.06.1.patch

@@ -0,0 +1,361 @@
+--- uucp-1.06.1.orig/contrib/uurate.c
++++ uucp-1.06.1/contrib/uurate.c
+@@ -82,6 +82,11 @@
+  *        and one for the errors encountered
+  *      - reapplied patch by Scott Boyd <scott@futures.com> that I did not
+  *        get knowledge of
++ *
++ *      Ed Doolittle <dolittle@math.toronto.edu> - Sun Aug 8 1999
++ *      - shrunk compact summary to fit in 78 characters (time strings only
++ *        require 8 characters, not 9)
++ *
+  */
+ /* $Log: uurate.c,v $
+  * Revision 1.15  1994/04/07  21:47:11  kdburg
+@@ -302,6 +307,7 @@
+   int sent, called = IN;
+   int report = 0;            /* if <= 0 give msg that no report was avail. */
+   int junk;
++  extern int getopt();
+ 
+   /* --------------------------------------------------------------------
+    *           P r o l o g
+@@ -980,7 +986,7 @@
+              if (cur->next == NULL)            /* totals line reached ? */
+                 hdrprt('s',1);                 /* print the separator line */
+ 
+-             printf("%-8s %4d %4d %9s %9s %9s %9s %9s %5.0f %5.0f\n",
++             printf("%-8s %4ld %4ld %9s %9s %9s %8s %8s %5.0f %5.0f\n",
+                    cur->Hostname, rf, sf,
+                    t1, t2, t3, t4, t5,
+                    ir, or);
+@@ -1028,7 +1034,7 @@
+                     hdrprt('p',0);            /* print the header line(s) */
+                     hdr_done = TRUE;
+                 }
+-                printf("%-8s %3s  %4d %4d %5d %4d    %10d %7d %10d\n",
++                printf("%-8s %3s  %4ld %4ld %5ld %4ld    %10ld %7ld %10ld\n",
+                                     type == NULL ? " ":cur->Hostname,
+                                     prot->type,
+                                     prot->pr_psizemin,
+@@ -1072,7 +1078,7 @@
+                          hdrprt('p',1);       /* print the header line(s) */
+                          hdr_done = TRUE;
+                       }
+-                      printf("%-8s %3s  %11d %11d  %11d %11d\n",
++                      printf("%-8s %3s  %11ld %11ld  %11ld %11ld\n",
+                                     type == NULL ? " ":cur->Hostname,
+                                     prot->type,
+                                     prot->pr_eheader,
+@@ -1747,13 +1753,13 @@
+              puts("\nCompact summary:");
+              puts("----------------");
+              puts("\
+-Name of  + Files + +------- Bytes/1000 --------+ +------ Time -----+ + Avg CPS +\n\
+-site       in  out   inbound  outbound     total   inbound  outbound    in   out\n\
+--------- ---- ---- --------- --------- --------- --------- --------- ----- -----");
++Name of  + Files + +------- Bytes/1000 --------+ +----- Time ----+ + Avg CPS +\n\
++site       in  out   inbound  outbound     total  inbound outbound    in   out\n\
++-------- ---- ---- --------- --------- --------- -------- -------- ----- -----");
+           }
+           else
+              puts("\
+---------------------------------------------------------------------------------");
++------------------------------------------------------------------------------");
+           break;
+ 
+ 
+--- uucp-1.06.1.orig/system.h
++++ uucp-1.06.1/system.h
+@@ -303,7 +303,8 @@
+    will allow all grades from 'A' to 'Z' and 'a' to 'd').  This
+    function should return FALSE on error.  */
+ extern boolean fsysdep_get_work_init P((const struct uuconf_system *qsys,
+-					int bgrade));
++					int bgrade,
++					boolean unlimited));
+ 
+ /* Get the next command to be executed for a remote system.  The
+    bgrade argument will be the same as for fsysdep_get_work_init;
+--- uucp-1.06.1.orig/trans.c
++++ uucp-1.06.1/trans.c
+@@ -511,7 +511,7 @@
+   if (bgrade == '\0')
+     return TRUE;
+ 
+-  if (! fsysdep_get_work_init (qsys, bgrade))
++  if (! fsysdep_get_work_init (qsys, bgrade, FALSE))
+     return FALSE;
+ 
+   while (TRUE)
+@@ -670,7 +670,8 @@
+ 	  fhangup = FALSE;
+ 
+ 	  if (qdaemon->fhangup_requested
+-	      && qTsend == NULL)
++	      && qTsend == NULL
++	      && (qTreceive == NULL || qdaemon->cchans > 1))
+ 	    {
+ 	      /* The remote system has requested that we transfer
+ 		 control by sending CYM after receiving a file.  */
+--- uucp-1.06.1.orig/uucico.c
++++ uucp-1.06.1/uucico.c
+@@ -126,6 +126,9 @@
+   struct sconnection *qconn;
+ };
+ 
++/* min. grade set on commandline */
++static char cmdlgrade = '\0';
++
+ /* Local functions.  */
+ 
+ static void uusage P((void));
+@@ -176,6 +179,7 @@
+   { "nodetach", no_argument, NULL, 'D' },
+   { "loop", no_argument, NULL, 'e' },
+   { "force", no_argument, NULL, 'f'},
++  { "grade", required_argument, NULL, 'g'},
+   { "stdin", required_argument, NULL, 'i' },
+   { "prompt", no_argument, NULL, 'l' },
+   { "port", required_argument, NULL, 'p' },
+@@ -250,9 +254,9 @@
+     ++zProgram;
+ 
+ #if COHERENT_C_OPTION
+-  zopts = "c:CDefi:I:lp:qr:s:S:u:x:X:vwz";
++  zopts = "c:CDefg:i:I:lp:qr:s:S:u:x:X:vwz";
+ #else
+-  zopts = "cCDefi:I:lp:qr:s:S:u:x:X:vwz";
++  zopts = "cCDefg:i:I:lp:qr:s:S:u:x:X:vwz";
+ #endif
+ 
+   while ((iopt = getopt_long (argc, argv, zopts,
+@@ -293,6 +297,14 @@
+ 	     failed call.  */
+ 	  fforce = TRUE;
+ 	  break;
++	
++	case 'g':
++	  /* Force a grade */
++	  if (isalpha(optarg[0]))
++	     cmdlgrade = optarg[0];
++	  else
++	     fprintf (stderr, "%s: invalid grade \n", zProgram);
++	  break;
+ 
+ 	case 'i':
+ 	  /* Type of port to use for standard input.  Only TLI is
+@@ -794,6 +806,7 @@
+   printf ("Usage: %s [options]\n", zProgram);
+   printf (" -s,-S,--system system: Call system (-S implies -f)\n");
+   printf (" -f,--force: Force call despite system status\n");
++  printf (" -g,--grade: limit outgoing call to a given grade\n");
+   printf (" -r state: 1 for master, 0 for slave (default)\n");
+   printf (" --master: Act as master\n");
+   printf (" --slave: Act as slave (default)\n");
+@@ -940,6 +953,9 @@
+       if (! qsys->uuconf_fcall || qsys->uuconf_qtimegrade == NULL)
+ 	continue;
+ 
++      if (qport && strcmp (qsys->uuconf_zport,qport->uuconf_zname))
++       continue;
++
+       fnevertime = FALSE;
+ 
+       /* Make sure this is a legal time to call.  */
+@@ -1331,12 +1347,18 @@
+     boolean fret;
+ 
+     /* Determine the grade we should request of the other system.  A
+-       '\0' means that no restrictions have been made.  */
+-    if (! ftimespan_match (qsys->uuconf_qcalltimegrade, &ival,
+-			   (int *) NULL))
+-      bgrade = '\0';
++       '\0' means that no restrictions have been made.
++       If a grade is set on the command line, the calltimegrade-value
++       is overwritten.  */
++       
++    if (cmdlgrade != '\0')
++      bgrade = cmdlgrade;
+     else
+-      bgrade = (char) ival;
++      if (! ftimespan_match (qsys->uuconf_qcalltimegrade, &ival,
++			   (int *) NULL))
++         bgrade = '\0';
++      else
++         bgrade = (char) ival;
+ 
+     /* Determine the name we will call ourselves.  */
+     if (qsys->uuconf_zlocalname != NULL)
+--- uucp-1.06.1.orig/uustat.c
++++ uucp-1.06.1/uustat.c
+@@ -933,7 +933,7 @@
+ {
+   boolean fret;
+ 
+-  if (! fsysdep_get_work_init (qsys, UUCONF_GRADE_LOW))
++  if (! fsysdep_get_work_init (qsys, UUCONF_GRADE_LOW, TRUE))
+     return FALSE;
+ 
+   while (TRUE)
+@@ -2166,7 +2166,7 @@
+   char *zid;
+   boolean fret;
+ 
+-  if (! fsysdep_get_work_init (qsys, UUCONF_GRADE_LOW))
++  if (! fsysdep_get_work_init (qsys, UUCONF_GRADE_LOW, TRUE))
+     return FALSE;
+ 
+   cwork = 0;
+--- uucp-1.06.1.orig/uuxqt.c
++++ uucp-1.06.1/uuxqt.c
+@@ -928,6 +928,44 @@
+ 	 don't permit multiple arguments.  */
+       for (i = 1; azQargs[i] != NULL; i++)
+ 	{
++	  if (azQargs[i][0] == '-' && azQargs[i][1] == '-')
++	    {
++		char *zopts = azQargs[i] + 2;
++
++		/* The -g, -n, and -s options take an argument.  */
++		if (!strncmp(zopts, "grade", 5) && zopts[5] != '=')
++		  {
++		    if (azQargs[i+1] != NULL)
++		      ++i;
++		  }
++		if (!(strncmp(zopts, "notify", 6)
++		&&    strncmp(zopts, "status", 6)) && zopts[6] != '=')
++		  {
++		    if (azQargs[i+1] != NULL)
++		      ++i;
++		  }
++
++		/* The -I, -u and -x options are not permitted.  */
++		if (!strncmp(zopts, "config", 6))
++		  {
++		    if (zopts[6] != '=' && azQargs[i+1] != NULL)
++		      ++i;
++		    azQargs[i] = zbufcpy ("--nouucico");
++		  }
++		if (!strncmp(zopts, "user", 4))
++		  {
++		    if (zopts[4] != '=' && azQargs[i+1] != NULL)
++		      ++i;
++		    azQargs[i] = zbufcpy ("--nouucico");
++		  }
++		if (!strncmp(zopts, "debug", 5))
++		  {
++		    if (zopts[5] != '=' && azQargs[i+1] != NULL)
++		      ++i;
++		    azQargs[i] = zbufcpy ("--nouucico");
++		  }
++	    }
++	  else
+ 	  if (azQargs[i][0] == '-')
+ 	    {
+ 	      char *zopts;
+--- uucp-1.06.1.orig/unix/lock.c
++++ uucp-1.06.1/unix/lock.c
+@@ -425,7 +425,9 @@
+ 	{
+ 	  (void) close (o);
+ 	  o = -1;
+-	  (void) remove (zpath);
++	  if (remove (zpath) < 0 && errno == EPERM)
++		break;
++	  sleep(1);
+ 	  fret = TRUE;
+ 	  continue;
+ 	}
+--- uucp-1.06.1.orig/unix/serial.c
++++ uucp-1.06.1/unix/serial.c
+@@ -920,6 +920,12 @@
+ #ifdef B115200
+   { B115200, 115200 },
+ #endif
++#ifdef B230400
++  { B230400, 230400 },
++#endif
++#ifdef B460800
++  { B460800, 460800 },
++#endif
+   { B0, 0 }
+ };
+ 
+@@ -2371,8 +2377,17 @@
+ 	  else
+ 	    csleepchars = MAX_INPUT - 10;
+ 
++#ifndef BUG
++	  if (q->ibaud) {
++	    isleep = (int) (((long) csleepchars * 10000L) / q->ibaud);
++	    isleep -= 10;
++	  } else {
++	    isleep = 1000; /* I hope, a second is right... */
++	  }
++#else
+ 	  isleep = (int) (((long) csleepchars * 10000L) / q->ibaud);
+ 	  isleep -= 10;
++#endif
+ 
+ 	  if (isleep > 10)
+ 	    {
+@@ -2773,9 +2788,20 @@
+ 	                        / baud bits/sec)
+ 			       * 10 bits/byte)
+ 	     */
++#ifndef BUG
++	  if (q->ibaud) {
++	    stime.tv_sec = (long) 10240 / q->ibaud;
++	    stime.tv_usec = ((((long) 1024000000 / q->ibaud) * (long) 10)
++			     % (long) 1000000);
++	  } else {
++	    stime.tv_sec = 1;
++	    stime.tv_usec = 0;
++	  }
++#else
+ 	  stime.tv_sec = (long) 10240 / q->ibaud;
+ 	  stime.tv_usec = ((((long) 1024000000 / q->ibaud) * (long) 10)
+ 			   % (long) 1000000);
++#endif
+ 
+ 	  imask = 1 << q->o;
+ 	  if (imask == 0)
+@@ -2846,7 +2872,14 @@
+                  we don't need to use the catch stuff, since we know
+                  that HAVE_RESTARTABLE_SYSCALLS is 0.  */
+ 	      usset_signal (SIGALRM, usalarm, TRUE, (boolean *) NULL);
++#ifndef BUG
++	      if (q->ibaud)
++	        alarm ((int) ((long) 10240 / q->ibaud) + 1);
++	      else
++		alarm (1);
++#else
+ 	      alarm ((int) ((long) 10240 / q->ibaud) + 1);
++#endif
+ 
+ 	      /* There is a race condition here: on a severely loaded
+                  system, we could get the alarm before we start the
+--- uucp-1.06.1.orig/unix/work.c
++++ uucp-1.06.1/unix/work.c
+@@ -282,9 +282,10 @@
+ #define CWORKFILES (10)
+ 
+ boolean
+-fsysdep_get_work_init (qsys, bgrade)
++fsysdep_get_work_init (qsys, bgrade, unlimited)
+      const struct uuconf_system *qsys;
+      int bgrade;
++     boolean unlimited;
+ {
+   char *zdir;
+   DIR *qdir;
+@@ -398,7 +399,7 @@
+ 	      asSwork_files[cSwork_files].zfile = zname;
+ 	      asSwork_files[cSwork_files].bgrade = bfilegrade;
+ 	      ++cSwork_files;
+-	      if (cSwork_files - chad > COMMANDS_PER_SCAN)
++	      if (!unlimited && (cSwork_files - chad > COMMANDS_PER_SCAN))
+ 		break;
+ 	    }
+ 	}

uucp/uucp.spec

@@ -40,6 +40,7 @@ Source0:      ftp://ftp.gnu.org/gnu/uucp/uucp-%{version}.tar.gz
 Source1:      uucpd.tar.gz
 Source2:      etc.tar
 Source3:      rc.uucp
+Patch0:       uucp-%{version}.patch
 
 #   build information
 Prefix:       %{l_prefix}
@@ -56,6 +57,7 @@ AutoReqProv:  no
 
 %prep
     %setup0 -q -c -n uucp-%{version}
+    %patch0 -p0
     %setup1 -q -T -D -a 1
     %setup2 -q -T -D -a 2