[pkgsrc/trunk]: pkgsrc/www/webalizer webalizer: fix crashes

[bsiegert <bsiegert%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/7d1d767210bf
branches:  trunk
changeset: 447391:7d1d767210bf
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sat Feb 20 14:37:23 2021 +0000

description:
webalizer: fix crashes

Use memmove instead of memcpy with overlapping arguments. Patch from
Adrian Immanuel Kiess in PR pkg/55809.

diffstat:

 www/webalizer/Makefile                 |   3 ++-
 www/webalizer/distinfo                 |   3 ++-
 www/webalizer/patches/patch-preserve.c |  25 +++++++++++++++++++++++++
 3 files changed, 29 insertions(+), 2 deletions(-)

diffs (56 lines):

diff -r f7897a48598b -r 7d1d767210bf www/webalizer/Makefile
--- a/www/webalizer/Makefile    Sat Feb 20 14:24:58 2021 +0000
+++ b/www/webalizer/Makefile    Sat Feb 20 14:37:23 2021 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.72 2020/11/26 16:08:13 bsiegert Exp $
+# $NetBSD: Makefile,v 1.73 2021/02/20 14:37:23 bsiegert Exp $
 
 DISTNAME=      webalizer-2.23-08-src
 PKGNAME=       webalizer-2.23.8
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  ftp://ftp.mrunix.net/pub/webalizer/
 EXTRACT_SUFX=  .tar.bz2
diff -r f7897a48598b -r 7d1d767210bf www/webalizer/distinfo
--- a/www/webalizer/distinfo    Sat Feb 20 14:24:58 2021 +0000
+++ b/www/webalizer/distinfo    Sat Feb 20 14:37:23 2021 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.17 2020/11/26 16:08:13 bsiegert Exp $
+$NetBSD: distinfo,v 1.18 2021/02/20 14:37:23 bsiegert Exp $
 
 SHA1 (webalizer-2.23-08-src.tar.bz2) = 601d5b6557c9916a050544592f5bf9c2ad540f59
 RMD160 (webalizer-2.23-08-src.tar.bz2) = 6f1d2ca90d9a891c878e5edb220684869f9fd32c
@@ -11,3 +11,4 @@
 SHA1 (patch-bb) = d8a5f6f60f53d6de8fc24d3b1844a052be0ad69a
 SHA1 (patch-bc) = 98d263cfb585477798f620a6f3690680ce2759b6
 SHA1 (patch-bd) = 21f074725a85de5d9d865b84cc88dc04919226d4
+SHA1 (patch-preserve.c) = 5fc85459af088b773073f161a29160a2cff73ba8
diff -r f7897a48598b -r 7d1d767210bf www/webalizer/patches/patch-preserve.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/webalizer/patches/patch-preserve.c    Sat Feb 20 14:37:23 2021 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-preserve.c,v 1.1 2021/02/20 14:37:23 bsiegert Exp $
+
+memcpy with overlapping arguments is undefined behavior, use memmove.
+See PR pkg/55809.
+
+--- preserve.c.orig    2013-02-26 05:37:27.000000000 +0000
++++ preserve.c
+@@ -109,7 +109,7 @@ void get_history()
+                         yr = hist[i].year;
+                         mth= hist[i].month+1;
+                         if (mth>12) { mth=1; yr++; }
+-                        memcpy(&hist[0], &hist[1], sizeof(hist[0])*i);
++                        memmove(&hist[0], &hist[1], sizeof(hist[0])*i);
+                         memset(&hist[i], 0, sizeof(struct hist_rec));
+                         hist[i].year=yr; hist[i].month=mth; n--;
+                     }
+@@ -277,7 +277,7 @@ void update_history()
+                   yr = hist[i].year;
+                   mth= hist[i].month+1;
+                   if (mth>12) { mth=1; yr++; }
+-                  memcpy(&hist[0],&hist[1],sizeof(hist[0])*i);
++                  memmove(&hist[0],&hist[1],sizeof(hist[0])*i);
+                   memset(&hist[i], 0, sizeof(struct hist_rec));
+                   hist[i].year=yr; hist[i].month=mth; n--;
+                }