sys-apps/most: backport fix for buffer overflow on long search

Use the version of the patch Arch backported as it applies cleanly then. Bug: https://github.com/jedsoft/most/issues/29 Closes: https://bugs.gentoo.org/963958 Signed-off-by: Sam James <sam@gentoo.org>
2026-01-06 02:17:34 -08:00 · 2025-10-09 09:45:40 +01:00 · 2025-10-09 09:45:40 +01:00 · 9a2798d0c9
commit 9a2798d0c9
parent 96b85a779e
2 changed files with 68 additions and 0 deletions
--- a/sys-apps/most/files/most-5.2.0-buffer-overflow.patch
+++ b/sys-apps/most/files/most-5.2.0-buffer-overflow.patch
@ -0,0 +1,29 @@
+https://bugs.gentoo.org/963958
+https://gitlab.archlinux.org/archlinux/packaging/packages/most/-/raw/a07ea9304fd99710f8fc15e3b9d02304fd766e6e/most-5.2.0-most_message-buffer-overlow.patch
+https://github.com/jedsoft/most/commit/77653f684ab2793696b0a5b9502e79d86632b10c
+
+From 77653f684ab2793696b0a5b9502e79d86632b10c Mon Sep 17 00:00:00 2001
+From: "John E. Davis" <jed@jedsoft.org>
+Date: Thu, 3 Jul 2025 19:51:37 -0400
+Subject: [PATCH] pre5.2.5: Avoid a buffer overflow in most_message.  This
+ addresses
+ https://gitlab.archlinux.org/archlinux/packaging/packages/most/-/issues/1
+
+---
+ src/window.c  | 3 ++-
+ 3 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/src/window.c b/src/window.c
+index 41f5356..483dc8b 100644
+--- a/src/window.c
+++ b/src/window.c
+@@ -61,7 +61,8 @@ static int Minibuffer_Selected;
+ 
+ void most_message(char *what, int how)
+ {
+-   strcpy (Most_Mini_Buf,what);
+   strncpy (Most_Mini_Buf, what, sizeof(Most_Mini_Buf));
+   Most_Mini_Buf[sizeof(Most_Mini_Buf)-1] = 0;
+    if (how) Beep_Mini = 1; else Beep_Mini = 0;
+ }
+ 
--- a/sys-apps/most/most-5.2.0-r1.ebuild
+++ b/sys-apps/most/most-5.2.0-r1.ebuild
@ -0,0 +1,39 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+DESCRIPTION="Paging program that displays, one windowful at a time, the contents of a file"
+HOMEPAGE="https://www.jedsoft.org/most/"
+SRC_URI="
+	https://www.jedsoft.org/releases/${PN}/${P}.tar.gz
+	https://www.jedsoft.org/releases/${PN}/old/${P}.tar.gz
+"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos"
+
+RDEPEND=">=sys-libs/slang-2.1.3"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-5.0.0a-donot-hardcode-path.patch
+	"${FILESDIR}"/${PN}-5.2.0-buffer-overflow.patch
+)
+
+src_prepare() {
+	default
+	# Do not strip by default
+	sed -e '/\$(INSTALL)/s@ -s@@' -i src/Makefile.in || die
+}
+
+src_configure() {
+	unset ARCH
+	econf
+}
+
+src_install() {
+	emake DESTDIR="${D}" DOC_DIR="${EPREFIX}/usr/share/doc/${PF}" \
+		install
+}