From ec8187a4616115a2eec8d97a8ca81b0aa7dc9542 Mon Sep 17 00:00:00 2001 From: Igor Pashev Date: Sat, 12 Nov 2022 19:40:07 +0200 Subject: Import gnucobol4_4.0~early~20200606-6 --- debian/TODO | 2 + debian/changelog | 133 ++++++++++++++++ debian/control | 78 +++++++++ debian/copyright | 203 +++++++++++++++++++++++ debian/docs | 5 + debian/gnucobol4.doc-base | 8 + debian/gnucobol4.docs | 1 + debian/gnucobol4.info | 1 + debian/gnucobol4.install | 4 + debian/gnucobol4.links | 2 + debian/gnucobol4.manpages | 6 + debian/libcob5-dev.dirs | 2 + debian/libcob5-dev.install | 3 + debian/libcob5.dirs | 1 + debian/libcob5.install | 1 + debian/patches/honor-sysconfdir.diff | 19 +++ debian/patches/man-pages.patch | 27 ++++ debian/patches/replace-ac-check-file.patch | 25 +++ debian/patches/series | 3 + debian/rules | 44 +++++ debian/source/format | 1 + debian/source/include-binaries | 6 + debian/tests/control | 7 + debian/tests/cve-2019-14468 | 21 +++ debian/tests/cve-2019-14468.cob | Bin 0 -> 4045 bytes debian/tests/cve-2019-14468.exp | 134 ++++++++++++++++ debian/tests/cve-2019-14486 | 21 +++ debian/tests/cve-2019-14486.cob | 197 +++++++++++++++++++++++ debian/tests/cve-2019-14486.exp | 66 ++++++++ debian/tests/cve-2019-14528 | 21 +++ debian/tests/cve-2019-14528.cob | Bin 0 -> 10432 bytes debian/tests/cve-2019-14528.exp | 45 ++++++ debian/tests/cve-2019-14541 | 21 +++ debian/tests/cve-2019-14541.cob | Bin 0 -> 10432 bytes debian/tests/cve-2019-14541.exp | 46 ++++++ debian/tests/cve-2019-16395 | 21 +++ debian/tests/cve-2019-16395.cob | 248 +++++++++++++++++++++++++++++ debian/tests/cve-2019-16395.exp | 8 + debian/tests/cve-2019-16396 | 21 +++ debian/tests/cve-2019-16396.cob | Bin 0 -> 3097 bytes debian/tests/cve-2019-16396.exp | 32 ++++ debian/tests/hello | 20 +++ debian/upstream/metadata | 6 + debian/upstream/signing-key.asc | 29 ++++ debian/watch | 4 + 45 files changed, 1543 insertions(+) create mode 100644 debian/TODO create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/docs create mode 100644 debian/gnucobol4.doc-base create mode 100644 debian/gnucobol4.docs create mode 100644 debian/gnucobol4.info create mode 100644 debian/gnucobol4.install create mode 100644 debian/gnucobol4.links create mode 100644 debian/gnucobol4.manpages create mode 100644 debian/libcob5-dev.dirs create mode 100644 debian/libcob5-dev.install create mode 100644 debian/libcob5.dirs create mode 100644 debian/libcob5.install create mode 100644 debian/patches/honor-sysconfdir.diff create mode 100644 debian/patches/man-pages.patch create mode 100644 debian/patches/replace-ac-check-file.patch create mode 100644 debian/patches/series create mode 100755 debian/rules create mode 100644 debian/source/format create mode 100644 debian/source/include-binaries create mode 100644 debian/tests/control create mode 100755 debian/tests/cve-2019-14468 create mode 100644 debian/tests/cve-2019-14468.cob create mode 100644 debian/tests/cve-2019-14468.exp create mode 100755 debian/tests/cve-2019-14486 create mode 100644 debian/tests/cve-2019-14486.cob create mode 100644 debian/tests/cve-2019-14486.exp create mode 100755 debian/tests/cve-2019-14528 create mode 100644 debian/tests/cve-2019-14528.cob create mode 100644 debian/tests/cve-2019-14528.exp create mode 100755 debian/tests/cve-2019-14541 create mode 100644 debian/tests/cve-2019-14541.cob create mode 100644 debian/tests/cve-2019-14541.exp create mode 100755 debian/tests/cve-2019-16395 create mode 100644 debian/tests/cve-2019-16395.cob create mode 100644 debian/tests/cve-2019-16395.exp create mode 100755 debian/tests/cve-2019-16396 create mode 100644 debian/tests/cve-2019-16396.cob create mode 100644 debian/tests/cve-2019-16396.exp create mode 100755 debian/tests/hello create mode 100644 debian/upstream/metadata create mode 100644 debian/upstream/signing-key.asc create mode 100644 debian/watch diff --git a/debian/TODO b/debian/TODO new file mode 100644 index 0000000..686fb1c --- /dev/null +++ b/debian/TODO @@ -0,0 +1,2 @@ +* re-enable autotest +* remove libcob1 from debian archive. libcob may not conflicts with it since some exec built by the user may require it. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..444c134 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,133 @@ +gnucobol4 (4.0~early~20200606-6) unstable; urgency=medium + + * debian/control: bump standard to 4.6.0 (no changes) + * add replace-ac-check-file.patch (Closes: #991793) + thanks to Helmut Grohne for the patch + + -- Thorsten Alteholz Tue, 14 Sep 2021 21:23:38 +0200 + +gnucobol4 (4.0~early~20200606-5) unstable; urgency=medium + + * debian/control: rename package to gnucobol4 + * debian/control: use Breaks: and Replace: for older versions + * debian/control: update salsa URLs + + -- Thorsten Alteholz Tue, 18 May 2021 21:03:02 +0200 + +gnucobol (4.0~early~20200606-4) unstable; urgency=medium + + * New maintainer (Closes: #985679) + * debian/control: bump standard to 4.5.1 (no changes) + * debian/control: use dh12 + + -- Thorsten Alteholz Mon, 10 May 2021 21:03:02 +0200 + +gnucobol (4.0~early~20200606-3) unstable; urgency=medium + + * Force source only upload to unstable + + -- Al Stone Sat, 11 Jul 2020 21:26:15 -0600 + +gnucobol (4.0~early~20200606-2) unstable; urgency=medium + + * Fix "Unnecessary build dependency on quilt" -- removed the + unneeded dependency (Closes: #964418) + * Add regression test for CVE-2019-16395 (Closes: #940949) + * Add regression test for CVE-2019-16396 (Closes: #940950) + * Rename regression test01 to CVE-2019-14468 + * Rename regression test02 to CVE-2019-14486 + * Rename regression test03 to CVE-2019-14528 + * Rename regression test04 to CVE-2019-14541 + * Added in missing build-depends for bison + + -- Al Stone Fri, 10 Jul 2020 20:38:00 -0600 + +gnucobol (4.0~early~20200606-1) unstable; urgency=medium + + * Use early release of GnuCOBOL + * Refresh patches + * libcob5 replaces libcob4 + * Add known CI test restrictions for CVE tests + * Add comments to CI tests to note the CVEs being fixed + * Release to test CI again + + -- Al Stone Mon, 29 Jun 2020 21:28:27 -0600 + +gnucobol (3.0~rc1-5) unstable; urgency=medium + + * Follow-up fixes to autopkgtest -- test exit codes properly + + -- Al Stone Fri, 05 Jun 2020 20:16:35 -0600 + +gnucobol (3.0~rc1-4) unstable; urgency=medium + + * Correct silly typos in autopkgtest test04 + + -- Al Stone Fri, 05 Jun 2020 10:55:29 -0600 + +gnucobol (3.0~rc1-3) unstable; urgency=medium + + * Make some adjustments to the autopkgtest scripts to capture + failures better, using the patch supplied with some minor + tweaks. Closes: #962081 + + -- Al Stone Thu, 04 Jun 2020 20:10:37 -0600 + +gnucobol (3.0~rc1-2) unstable; urgency=medium + + * Add in autopkgtests in debian/tests + * Closes: #933884 -- several CVEs have been repaired and those + repairs are present in this version. NB: autopkgtest test cases + for these have also been added. + * Closes: #96166 -- source only upload + * Push to unstable. + + -- Al Stone Sun, 31 May 2020 13:04:18 -0600 + +gnucobol (3.0~rc1-1) unstable; urgency=medium + + * Closes: #945816 -- adopt the package and close the ITA + * Lintian cleanup: correct man pages when generated + + -- Al Stone Mon, 27 Apr 2020 21:51:18 -0600 + +gnucobol (2.2-5) unstable; urgency=medium + + * Enhanced help2man.diff with code from upstream + + -- Ludwin Janvier Tue, 17 Jul 2018 22:29:40 +0200 + +gnucobol (2.2-4) unstable; urgency=medium + + * debian/rules + - removed useless override_dh_auto_configure + - now build with -g, debug symbols packages available + - override dh_clean to remove generated files + * debian/control + - standards-version 4.1.4 (no change) + - debhelper 11 + - libcob4: set Multi-Arch: same + - libcob4-dev: set Multi-Arch: same + - open-cobol: set Architecture: all + - priority extra replaced by priority optional + - build-depends: help2man + * added manpage for cob-config + * debian/compat moved to 11 + * debian/watch signature check + * debian/upstream/signing-key.asc added + * Added help2man.diff to prevent build failures + + -- Ludwin Janvier Sat, 16 Jun 2018 08:53:49 +0200 + +gnucobol (2.2-2) unstable; urgency=medium + + * Add breaks: libcob1-dev (Closes: #901190) + * Add build-deps to rebuild pdf and info + + -- Ludwin Janvier Tue, 12 Jun 2018 11:09:08 +0200 + +gnucobol (2.2-1) unstable; urgency=medium + + * Initial release (Closes: #768497) + + -- Ludwin Janvier Tue, 13 Mar 2018 17:09:44 +0100 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..2bb9717 --- /dev/null +++ b/debian/control @@ -0,0 +1,78 @@ +Source: gnucobol4 +Section: devel +Priority: optional +Maintainer: Thorsten Alteholz +Build-Depends: + debhelper-compat (= 13) + , libgmp-dev + , libdb-dev + , libncurses5-dev + , texinfo + , texlive + , help2man + , bison +Standards-Version: 4.6.0 +Homepage: https://www.gnu.org/software/gnucobol/ +Vcs-Git: https://salsa.debian.org/alteholz/gnucobol4.git +Vcs-Browser: https://salsa.debian.org/alteholz/gnucobol4 +Rules-Requires-Root: no + +Package: gnucobol4 +Architecture: any +Depends: + ${shlibs:Depends} + , ${misc:Depends} + , libcob5-dev (=${binary:Version}) + , libgmp-dev + , libncurses5-dev + , gcc +Breaks: open-cobol (<< 2.2), gnucobol3 +Replaces: open-cobol (<< 2.2), gnucobol3 +Description: COBOL compiler + GnuCOBOL (formerly OpenCOBOL) is a free, modern COBOL compiler. GnuCOBOL + implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014 + standards and X/Open COBOL, as well as many extensions included in other COBOL + compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others). + . + GnuCOBOL translates COBOL into C and compiles the translated code using a + native C compiler. + . + Build COBOL programs on various platforms, including GNU/Linux, Unix, Mac OS X, + and Microsoft Windows. GnuCOBOL has also been built on HP/UX, z/OS, SPARC, + RS6000, AS/400, along with other combinations of machines and operating + systems. + . + While being held to a high level of quality and robustness, GnuCOBOL does not + claim to be a “Standard Conforming” implementation of COBOL. + . + GnuCOBOL passes over 9600 of the NIST COBOL 85 test suite tests and over 750 + internal checks during build. + +Package: libcob5 +Section: libs +Replaces: libcob4 +Architecture: any +Multi-Arch: same +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: COBOL compiler - runtime library + This package contains the runtime library for gnucobol. + . + GnuCOBOL (formerly OpenCOBOL) is a free, modern COBOL compiler. GnuCOBOL + implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014 + standards and X/Open COBOL, as well as many extensions included in other COBOL + compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others). + +Package: libcob5-dev +Section: libdevel +Architecture: any +Multi-Arch: same +Replaces: libcob4-dev +Breaks: libcob4-dev +Depends: ${misc:Depends}, libcob5 (=${binary:Version}) +Description: COBOL compiler - development files + This package contains the development files for gnucobol. + . + GnuCOBOL (formerly OpenCOBOL) is a free, modern COBOL compiler. GnuCOBOL + implements a substantial part of the COBOL 85, COBOL 2002 and COBOL 2014 + standards and X/Open COBOL, as well as many extensions included in other COBOL + compilers (IBM COBOL, MicroFocus COBOL, ACUCOBOL-GT and others). diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..13f0847 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,203 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: GnuCOBOL +Source: https://ftp.gnu.org/gnu/gnucobol/ +Copyright: 2001-2018 Free Software Foundation, Inc. +License: GPL-3+ + +Files: * +Copyright: 2001-2018 Free Software Foundation, Inc. +License: GPL-3+ + +Files: lib/* +Copyright: 2003-2012 Free Software Foundation, Inc. +License: GPL-3+ + +Files: cobc/* +Copyright: 2001-2012, 2014-2017 Free Software Foundation, Inc. +License: GPL-3+ + +Files: libcob.h libcob/* +Copyright: 2002-2012 Free Software Foundation, Inc. +License: LGPL-3+ + +Files: libcob/cobgetopt.c +Copyright: 1987-2002,2011 Free Software Foundation, Inc. +License: LGPL-2.1+ + +Files: libcob/cobgetopt.h +Copyright: 1989-1994, 1996-1999, 2001 Free Software Foundation, Inc. + 2010, 2012 Free Software Foundation, Inc. +License: LGPL-2.1+ + +Files: doc/* +Copyright: 2002-2012, 2014-2017 Free Software Foundation, Inc. +License: GFDL-NIV-1.3 + +Files: build_aux/compile +Copyright: 1999-2017 Free Software Foundation, Inc. +License: GPL-2+ + +Files: build_aux/depcomp +Copyright: 1999-2014 Free Software Foundation, Inc. +License: GPL-2+ + +Files: build_aux/ltmain.sh +Copyright: 1996-2015 Free Software Foundation, Inc. +License: GPL-2+ + +Files: build_aux/mdate-sh +Copyright: 1995-2014 Free Software Foundation, Inc. +License: GPL-2+ + +Files: build_aux/missing +Copyright: 1996-2014 Free Software Foundation, Inc. +License: GPL-2+ + +Files: build_aux/mkinstalldirs +Copyright: public domain +License: public-domain + This file is in the public domain. + +Files: build_aux/texinfo.tex +Copyright: Copyright 1985, 1986, 1988, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 Free Software Foundation, Inc. +License: GPL-3+ + +Files: build_aux/ylwrap +Copyright: 1996-2017 Free Software Foundation, Inc. +License: GPL-2+ + +Files: m4/libtool.m4 +Copyright: 2014 Free Software Foundation, Inc. +License: permissive-fsf-short + This file is free software; the Free Software Foundation gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + +Files: m4/m4_ax_code_coverage.m4 +Copyright: Copyright (c) 2012, 2016 Philip Withnall + Copyright (c) 2012 Xan Lopez + Copyright (c) 2012 Christian Persch + Copyright (c) 2012 Paolo Borelli + Copyright (c) 2012 Dan Winship + Copyright (c) 2015 Bastien ROUCARIES +License: LGPL-2.1+ + +Files: debian/* +Copyright: 2006-2012 Bart Martens + 2018 Ludwin Janvier +License: GPL-3+ + +Files: lib/gettext.h +Copyright: 1995-1998, 2000-2002, 2004-2006, 2009-2016 Free Software Foundation, Inc. +License: GPL-3+ + +Files: build_aux/install-sh +Copyright: 1994 X Consortium +License: permissive-fsf + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to + deal in the Software without restriction, including without limitation the + rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN + AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- + TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + . + Except as contained in this notice, the name of the X Consortium shall not + be used in advertising or otherwise to promote the sale, use or other deal- + ings in this Software without prior written authorization from the X Consor- + tium. + . + FSF changes to this file are in the public domain. + +License: GPL-2+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in `/usr/share/common-licenses/GPL-2'. + +License: LGPL-2.1+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU Lesser General Public + License along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + . + On Debian systems, the complete text of the GNU Lesser General + Public License version 2 can be found in `/usr/share/common-licenses/LGPL-2'. + +License: LGPL-3+ + This package is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU Lesser General + Public License can be found in "/usr/share/common-licenses/LGPL-3". + +License: GPL-3+ + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + . + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see . + . + On Debian systems, the complete text of the GNU General + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". + +License: GFDL-NIV-1.3 + GNU Free Documentation License Usage + Alternatively, this file may be used under the terms of the GNU Free + Documentation License version 1.3 as published by the Free Software + Foundation and appearing in the file included in the packaging of + this file. Please review the following information to ensure + the GNU Free Documentation License version 1.3 requirements + will be met: http://www.gnu.org/copyleft/fdl.html. + . + On Debian systems, the complete text of the GFDL-1.3 license can be found in + `/usr/share/common-licenses/GFDL-1.3`, + + diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..7d6213c --- /dev/null +++ b/debian/docs @@ -0,0 +1,5 @@ +NEWS +README +TODO +AUTHORS +THANKS diff --git a/debian/gnucobol4.doc-base b/debian/gnucobol4.doc-base new file mode 100644 index 0000000..493b5ae --- /dev/null +++ b/debian/gnucobol4.doc-base @@ -0,0 +1,8 @@ +Document: gnucobol +Title: GnuCOBOL +Author: Keisuke Nishida, Roger While, Brian Tiffin, Simon Sobisch +Abstract: This manual corresponds to GnuCOBOL 2.2. +Section: Programming + +Format: PDF +Files: /usr/share/doc/gnucobol4/gnucobol.pdf.gz diff --git a/debian/gnucobol4.docs b/debian/gnucobol4.docs new file mode 100644 index 0000000..dbc1bf4 --- /dev/null +++ b/debian/gnucobol4.docs @@ -0,0 +1 @@ +doc/gnucobol.pdf diff --git a/debian/gnucobol4.info b/debian/gnucobol4.info new file mode 100644 index 0000000..b7a7daf --- /dev/null +++ b/debian/gnucobol4.info @@ -0,0 +1 @@ +usr/share/info/gnucobol.info diff --git a/debian/gnucobol4.install b/debian/gnucobol4.install new file mode 100644 index 0000000..9aa765b --- /dev/null +++ b/debian/gnucobol4.install @@ -0,0 +1,4 @@ +usr/share/locale/ +usr/share/gnucobol/ +usr/bin/ +etc/gnucobol/ diff --git a/debian/gnucobol4.links b/debian/gnucobol4.links new file mode 100644 index 0000000..59dd987 --- /dev/null +++ b/debian/gnucobol4.links @@ -0,0 +1,2 @@ +usr/share/man/man1/gnucobol.1.gz usr/share/man/man1/cobc.1.gz +usr/share/man/man1/gnucobol.1.gz usr/share/man/man1/cobcrun.1.gz diff --git a/debian/gnucobol4.manpages b/debian/gnucobol4.manpages new file mode 100644 index 0000000..90e7f23 --- /dev/null +++ b/debian/gnucobol4.manpages @@ -0,0 +1,6 @@ +usr/share/man/man1/cobc.1 +usr/share/man/man1/cobcrun.1 +usr/share/man/man1/cob-config.1 +#cobc/cobc.1 +#bin/cobcrun.1 +#bin/cob-config.1 diff --git a/debian/libcob5-dev.dirs b/debian/libcob5-dev.dirs new file mode 100644 index 0000000..4418816 --- /dev/null +++ b/debian/libcob5-dev.dirs @@ -0,0 +1,2 @@ +usr/lib +usr/include diff --git a/debian/libcob5-dev.install b/debian/libcob5-dev.install new file mode 100644 index 0000000..a3c8f6c --- /dev/null +++ b/debian/libcob5-dev.install @@ -0,0 +1,3 @@ +usr/include/* +usr/lib/*/lib*.a +usr/lib/*/lib*.so diff --git a/debian/libcob5.dirs b/debian/libcob5.dirs new file mode 100644 index 0000000..6845771 --- /dev/null +++ b/debian/libcob5.dirs @@ -0,0 +1 @@ +usr/lib diff --git a/debian/libcob5.install b/debian/libcob5.install new file mode 100644 index 0000000..3ddde58 --- /dev/null +++ b/debian/libcob5.install @@ -0,0 +1 @@ +usr/lib/*/lib*.so.* diff --git a/debian/patches/honor-sysconfdir.diff b/debian/patches/honor-sysconfdir.diff new file mode 100644 index 0000000..ca8ecce --- /dev/null +++ b/debian/patches/honor-sysconfdir.diff @@ -0,0 +1,19 @@ +Description: configure script read the sysconfdir option +Author: Ludwin Janvier +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: gnucobol-4.0-early-20200606/configure.ac +=================================================================== +--- gnucobol-4.0-early-20200606.orig/configure.ac ++++ gnucobol-4.0-early-20200606/configure.ac +@@ -1931,6 +1931,10 @@ elif test "$COB_USES_GCC" = "yes" && tes + fi + fi + ++if test -n "$sysconfdir"; then ++ COB_CONFIG_DIR="$sysconfdir/$PACKAGE_TARNAME" ++fi ++ + if test "x$lt_cv_dlopen_self" != "xyes"; then + AC_DEFINE([COB_NO_SELFOPEN], [1]) + fi diff --git a/debian/patches/man-pages.patch b/debian/patches/man-pages.patch new file mode 100644 index 0000000..54b85fb --- /dev/null +++ b/debian/patches/man-pages.patch @@ -0,0 +1,27 @@ +Description: add some fields to the man page +Index: gnucobol-4.0-early-20200606/bin/Makefile.am +=================================================================== +--- gnucobol-4.0-early-20200606.orig/bin/Makefile.am ++++ gnucobol-4.0-early-20200606/bin/Makefile.am +@@ -41,7 +41,7 @@ CODE_COVERAGE_LCOV_OPTIONS = --no-exter + MAINTAINERCLEANFILES = cobcrun.1 + + HELPSOURCES = cobcrun.c $(top_srcdir)/configure.ac +-HELP2MAN_OPTS = --info-page=$(PACKAGE) ++HELP2MAN_OPTS = --section=1 --name="GnuCOBOL module loader" --info-page=$(PACKAGE) + + if MAKE_HAS_PREREQ_ONLY + cobcrun.1: $(HELPSOURCES) | $(COBCRUN) +Index: gnucobol-4.0-early-20200606/cobc/Makefile.am +=================================================================== +--- gnucobol-4.0-early-20200606.orig/cobc/Makefile.am ++++ gnucobol-4.0-early-20200606/cobc/Makefile.am +@@ -49,7 +49,7 @@ CODE_COVERAGE_BRANCH_COVERAGE=1 + CODE_COVERAGE_LCOV_OPTIONS = --no-external + + HELPSOURCES = help.c config.def flag.def warning.def $(top_srcdir)/configure.ac +-HELP2MAN_OPTS = --info-page=$(PACKAGE) ++HELP2MAN_OPTS = --section=1 --name="GnuCOBOL compiler" --info-page=$(PACKAGE) + + if MAKE_HAS_PREREQ_ONLY + cobc.1: $(HELPSOURCES) | $(COBC) diff --git a/debian/patches/replace-ac-check-file.patch b/debian/patches/replace-ac-check-file.patch new file mode 100644 index 0000000..4ce7976 --- /dev/null +++ b/debian/patches/replace-ac-check-file.patch @@ -0,0 +1,25 @@ +Description: gnucobol3 fails to cross build from source, because it abuses + AC_CHECK_FILE. The macro is meant to check for files on the host system, + but it is used to check for files inside the build tree. +Author: Helmut Grohne +--- gnucobol4-4.0~early~20200606.orig/configure.ac ++++ gnucobol4-4.0~early~20200606/configure.ac +@@ -590,7 +590,7 @@ + AC_MSG_NOTICE([Checks for local cJSON ...]) + curr_libs="$LIBS"; curr_cppflags="$CPPFLAGS" + with_cjson_local=no +- AC_CHECK_FILE([./libcob/cJSON.c], ++ AS_IF([test -e ./libcob/cJSON.c], + [AC_MSG_CHECKING([if linking of ./libcob/cJSON.c works]) + CPPFLAGS="$curr_cppflags -I./libcob" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cJSON.c"]], +@@ -601,7 +601,7 @@ + )] + ) + if test "$with_cjson_local" = "no"; then +- AC_CHECK_FILE([$srcdir/libcob/cJSON.c], ++ AS_IF([test -e "$srcdir/libcob/cJSON.c"], + [AC_MSG_CHECKING([if linking of $srcdir/libcob/cJSON.c works]) + CPPFLAGS="$curr_cppflags -I$srcdir/libcob" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cJSON.c"]], + diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..cfe77e0 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +honor-sysconfdir.diff +man-pages.patch +replace-ac-check-file.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..4344e23 --- /dev/null +++ b/debian/rules @@ -0,0 +1,44 @@ +#!/usr/bin/make -f +# See debhelper(7) (uncomment to enable) +# output every command that modifies files on the build system. +#export DH_VERBOSE = 1 + +# see FEATURE AREAS in dpkg-buildflags(1) +#export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +# see ENVIRONMENT in dpkg-buildflags(1) +# package maintainers to append CFLAGS +#export DEB_CFLAGS_MAINT_APPEND = -Wall -pedantic +# package maintainers to append LDFLAGS +#export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed + +%: + dh $@ + +# trick to add -g to CFLAGS +override_dh_auto_configure: + # --enable-debug is a gnucobol-specific option which permits to add -g + # but disable optimisations by default + #maybe needed again: CFLAGS='-g -O2 -finline-functions -U_FORTIFY_SOURCE' dh_auto_configure -- --enable-debug + CFLAGS='-g -O2 -finline-functions -D_FORTIFY_SOURCE=2' dh_auto_configure -- --enable-debug + +# Clean generated files +override_dh_clean: + #not needed anymore: rm -f doc/gnucobol.pdf bin/cobcrun.1 cobc/cobc.1 doc/gnucobol.info + dh_clean + +# force build PDF +override_dh_auto_build: + dh_auto_build + $(MAKE) -C doc gnucobol.pdf + +# disable auto_test +# because one of them depends on an external service +# http://www.itl.nist.gov/div897/ctg/suites/newcob.val.Z +override_dh_auto_test: + +override_dh_auto_install: + dh_auto_install + # remove some uneeded files + rm -f debian/tmp/usr/lib/*/gnucobol/CBL_OC_DUMP.so + rm -f debian/tmp/usr/lib/*/libcob.la diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 0000000..066ef9f --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1,6 @@ +debian/tests/cve-2019-14468.cob +debian/tests/cve-2019-14486.cob +debian/tests/cve-2019-14528.cob +debian/tests/cve-2019-14541.cob +debian/tests/cve-2019-16395.cob +debian/tests/cve-2019-16396.cob diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..7c94e88 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,7 @@ +Tests: hello + +Tests: cve-2019-14468, cve-2019-14486, cve-2019-14528, cve-2019-14541 +Restrictions: allow-stderr + +Tests: cve-2019-16395, cve-2019-16396 +Restrictions: allow-stderr diff --git a/debian/tests/cve-2019-14468 b/debian/tests/cve-2019-14468 new file mode 100755 index 0000000..9aac072 --- /dev/null +++ b/debian/tests/cve-2019-14468 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14468 is repaired +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14468.cob > $AUTOPKGTEST_TMP/cve-2019-14468.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14468 produced proper results" +else + echo "error: cve-2019-14468 did not produce proper results" + diff -u cve-2019-14468.exp $AUTOPKGTEST_TMP/cve-2019-14468.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14468.cob b/debian/tests/cve-2019-14468.cob new file mode 100644 index 0000000..f1cedc5 Binary files /dev/null and b/debian/tests/cve-2019-14468.cob differ diff --git a/debian/tests/cve-2019-14468.exp b/debian/tests/cve-2019-14468.exp new file mode 100644 index 0000000..40f3cd1 --- /dev/null +++ b/debian/tests/cve-2019-14468.exp @@ -0,0 +1,134 @@ +cve-2019-14468.cob:25: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14468.cob:43: warning: line not terminated by a newline +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cve-2019-14468.cob:26: error: expression stack overflow at 32 entries for operation '-' +cobc: too many errors + +cobc: aborting compile of cve-2019-14468.cob at line 26 (PROGRAM-ID: tutorial) diff --git a/debian/tests/cve-2019-14486 b/debian/tests/cve-2019-14486 new file mode 100755 index 0000000..bebb569 --- /dev/null +++ b/debian/tests/cve-2019-14486 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14486 is repaired +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14486.cob > $AUTOPKGTEST_TMP/cve-2019-14486.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14486 produced proper results" +else + echo "error: cve-2019-14486 did not produce proper results" + diff -u cve-2019-14486.exp $AUTOPKGTEST_TMP/cve-2019-14486.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14486.cob b/debian/tests/cve-2019-14486.cob new file mode 100644 index 0000000..4ca0a9d --- /dev/null +++ b/debian/tests/cve-2019-14486.cob @@ -0,0 +1,197 @@ + + *> This is in most part the tutorial code from + *> MicroFocus "external filPPPPPPPPPPPPPPPPPPPPPPPPPPPP *> + *> "Tutorial: Using the Callable File Handler" + *> + *> Left separate until possible integration into + *> main testsuite is clear... + *> + $SET SOURCEFORMAT "VARIABLE" + * + IDENTIFICATION DIVISION. + PROGRAM-ID. tutorial. + DATA DIVISION. + WORKING-STORAGE SECTION. + 01 opcode pic x(2). + 78 OP-QUERY-FILE value x"0006". + 78 OP-OPEN-INPUT value x"fa00". + 78 OP-OPEN-OUTPUT value x"fa01". + 78 OP-OPEN-I-O value x"fa02". + 78 OP-WRITE value x"faf3". + 78 OP-RELEASE value x"faf3". + 78 OP-REWRITE value x"faf4". + 78 OP-READ-NEXT value x"faf5". + 78 OP-START-EQUAL value x"fae9". + 78 OP-CLOSE value x"fa80". + + + 01 FCD. + copy 'xfhfcd3.cpy'. + + + 01 ex-filename pic x(260) value "idxfile.dat". + 01 ex-index-name pic x(100). *> not used in different formats + + + 01 ex-keydef. + 47 key2length pic 9(4) comp-x. + 0 47 key-version pic 9(2) comp-x value 2. + 47 filler pic 9(6) comp-x. *> reserved + 47 key-count pic 9(4) comp-x. + 47 filler pic 9(13) comp-x. *> reserved + + * key-specification is repeated for the number of keys defined by + * key-count + 47 key-specification. +  49 component-count pic 9(4) comp-x. + * The offset for the component-specification for this key + 49 component-defs pic 9(4) comp-x. + 49 key-flags pic 9(2) comp-x. + 78 KEY2KEYFLAG-DUPS-IN-ORDER value h"40". + 78 KEY2KEYFLAG-PRIME value h"10". + 78 KEY2KEYFLAG-SPARSE-KEY value h"02". + 49 key-compression pic 9(2) comp-x. + 78 KEY2COMPRESS-TRAILING-NULLS value h"08". + 78 KEY2COMPRESS-TRAILING-SPACES value h"04". + 78 KEY2COMPRESS-IDENTICAL-CHARS value h"02". + 78 KEY2COMPRESS-FOLLOWING-DUP value h"0247763657621391446 78 KEY2COMPRESS-NO-COMPRESSION value h"00". + 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION. + 49 sparse-characters pic x(2). + 49 filler pic x(8). *> reserved + + + * component-specifications for all keys follows after the key-specifications * for all the keys. + 47 component-specification. + 49 component-flags pic 9(2) comp-x. + 49 component-type pic 9(2) comp-x. + m 78 KEY2PARTTYP-NUMERIC value h"80". + 78 KEY2PARTTYP-SIGNED value h"40". + 78 KEY2PARTTYP-COMP value h"20". + 78 KEY2PARTTYP-COMP-3 value h"21". + 78 KEY2PARTTYP-COMP-X value h"22". + f 78 KEY2PARTTYP-COMP-5 value h"23". + 78 KEY2PARTTYP-FLOAT value h"24". + 78 KEY2PARTTYP-COMP-6 value h"25". + 78 KEY2PARTTYP-DISPLAY value h"00". + 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h"00". + 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h"01". + 78 KEY2PARTTYP-SIGN-LEAD-INCL value h"02". + 78 KEY2PARTTYP-SIGN-LEAD-SEP value h"03". + 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h"04". + 49 component-offret pic 9(9) comp-x. + 49 component-length pic 9(9) comp-x. + + + * storage or record + 01 ex-record. + 03 record-key pic 9(5). + 03 record-data pic x(95). + + PR 78 KEY2KEYFLAG-PRIME value h"10". + 78 KEY2KEYFLAG-SPARSE-KEY value h"02". + 49 key-compression pic 9(2) comp-x. + 78 KEY2COMPRESS-TRAILING-NULLS value h"08". + 78 KEY2COMPRESS-TRAILING-SPACES value h"04". + 78 KEY2COMPRESS-IDENTICAL-CHARS value h"02". + 78 KEY2COMPRESS-FOLLOWING-DUP value h"0247763657621391446 78 KEY2COMPRESS-NO-COMPRESSION value h"00". + 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION. + 49 sparse-characters pic x(2). + 49 filler pic x(8). *> reserved + + + * component-specifications for all keys follows after the key-specifications * for all the keys. + 47 component-specification. + 49 component-flags pic 9(2) comp-x. + 49 component-type pic 9(2) comp-x. + 78 KEY2PARTTYP-NUMERIC value h"80". + 78 KEY2PARTTYP-SIGNED value h"40". + 78 KEY2PARTTYP-COMP value h"20". + 78 KEY2PARTTYP-COMP-3 value h"21". + 78 KEY2PARTTYP-COMP-X value h"22". + f 78 KEY2PARTTYP-COMP-5 value h"23". + 78 KEY2PARTTYP-F>AT value h"24". + 78 KEY2PARTTYP-COMP-6 value h"25". + 78 KEY2PARTTYP-DISPLAY value h"00". + 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h"00". + 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h"01". + 78 KEY2PARTTYP-SIGN-LEAD-INCL value h"02". + 78 KEY2PARTTYP-SIGN-LEAD-SEP value h"03". + 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h"04". + 49 component-offret pic 9(9) comp-x. + 49 component-length pic 9(9) comp-x. + + + * storage or record + 01 ex-record. + 03 record-key pic 9(5). + 03 record-data pic x(95). + + PROCEDURE DIVISION. + + *> + *> invoke part I + *> + + *> Create an indexed file + *> open output an indexed file call "idxfile.dat" + display "Create new4095391983033575536 perform set-fcd + move OP-OPEN-OUTPUT to opcode + perform call-file-handler + perform display-file-status. + + *> Write 5 records increasing record length by 1 each time + move all "A" to record-data + move 0 to record-key + move 5 to fcd-current-rec-len + move OP-WRITE to opcode + perform 5 times + add 1 to record-key + add 1 to fcd-current-rec-len + perform call-file-handler + end-perform. + + *> Now close the file + move OP-CLOSE to opcode + perform call-file-handler + perform display-file-status + display "file closed". + + *> + *> invoke part II + *> + + *> Query the file to retrieve file information + move low-values to fcd + set fcd-filename-address to address of ex-filename + move 80 to fcd-name-length + move fcd--determine-org to fcd-organization + move fcd--version-number to fcd-version + set fcd-filename-address to address of ex-filename + set fcd-idxname-address to address of ex-index-name + set fcd-key-def-address to address of ex-keydef + set fcd-record-address to address to address of ex-record + move OP-QUERY-FILE to opcode + accept omitted + perform call-file-handler + perform display-file-status + display "file open, ready to read" + perform -all-records + perform rewrite-first-record. + + *> Now read all the records again + perform read-all-records + + + goback. + + *> + *> Part I starts here + *> + + set-fcd section. + *> Initially sets up FCD for OPEN op + move low-values to fcd + move length of fcd to fcd-length + move fcd--version-nu ber to fcd-version + move fcd--indexed-org to fcd-organization + move fcd--dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA diff --git a/debian/tests/cve-2019-14486.exp b/debian/tests/cve-2019-14486.exp new file mode 100644 index 0000000..8fe94b6 --- /dev/null +++ b/debian/tests/cve-2019-14486.exp @@ -0,0 +1,66 @@ +cve-2019-14486.cob:58: error: continuation character expected +cve-2019-14486.cob:97: error: continuation character expected +cve-2019-14486.cob:138: error: continuation character expected +cve-2019-14486.cob:197: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14486.cob:57: error: invalid hexadecimal literal: '0247763657621391446 78 KEY2COMP...' +cve-2019-14486.cob:57: error: literal length 67 exceeds 16 characters +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-DEFAULT value KEY2COMPRESS-NO-COMPRESSION. + 49 sparse-characters pic x(2). + 49 filler pic x(8). + + + + 47 component-specification. + 49 component-flags pic 9(2) comp-x. + 49 component-type pic 9(2) comp-x. + 78 KEY2PARTTYP-NUMERIC value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGNED value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP-3 value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP-X value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + f 78 KEY2PARTTYP-COMP-5 value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-FLOAT value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-COMP-6 value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-DISPLAY value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-TRAIL-INCL value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-TRAIL-SEP value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-LEAD-INCL value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-LEAD-SEP value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2PARTTYP-SIGN-LEAD-FLOAT value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 49 component-offret pic 9(9) comp-x. + 49 component-length pic 9(9) comp-x. + + + + 01 ex-record. + 03 record-key pic 9(5). + 03 record-data pic x(95). + + PR 78 KEY2KEYFLAG-PRIME value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2KEYFLAG-SPARSE-KEY value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 49 key-compression pic 9(2) comp-x. + 78 KEY2COMPRESS-TRAILING-NULLS value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-TRAILING-SPACES value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-IDENTICAL-CHARS value h' in expression +cve-2019-14486.cob:57: error: invalid operator '. + 78 KEY2COMPRESS-FOLLOWING-DUP value h' in expression +cve-2019-14486.cob:57: error: syntax error, unexpected Identifier, expecting . diff --git a/debian/tests/cve-2019-14528 b/debian/tests/cve-2019-14528 new file mode 100755 index 0000000..975e4af --- /dev/null +++ b/debian/tests/cve-2019-14528 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14528 is repaired +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14528.cob > $AUTOPKGTEST_TMP/cve-2019-14528.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14528 produced proper results" +else + echo "error: cve-2019-14528 did not produce proper results" + diff -u cve-2019-14528.exp $AUTOPKGTEST_TMP/cve-2019-14528.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14528.cob b/debian/tests/cve-2019-14528.cob new file mode 100644 index 0000000..5501680 Binary files /dev/null and b/debian/tests/cve-2019-14528.cob differ diff --git a/debian/tests/cve-2019-14528.exp b/debian/tests/cve-2019-14528.exp new file mode 100644 index 0000000..c07e0ba --- /dev/null +++ b/debian/tests/cve-2019-14528.exp @@ -0,0 +1,45 @@ +cve-2019-14528.cob:3: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4: error: invalid indicator 'I' at column 7 +cve-2019-14528.cob:6: error: invalid indicator '1' at column 7 +cve-2019-14528.cob:7: error: invalid indicator 'I' at column 7 +cve-2019-14528.cob:9: error: invalid indicator '' at column 7 +cve-2019-14528.cob:10: error: invalid indicator 'I' at column 7 +cve-2019-14528.cob:12: error: invalid indicator '+' at column 7 +cve-2019-14528.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT ' +cve-2019-14528.cob:19: error: invalid indicator '3' at column 7 +cve-2019-14528.cob:25: error: invalid indicator '3' at column 7 +cve-2019-14528.cob:2876: error: invalid indicator '5' at column 7 +cve-2019-14528.cob:3330: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14528.cob:3330: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3331: error: invalid indicator 'h' at column 7 +cve-2019-14528.cob:3332: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3333: error: invalid indicator '^' at column 7 +cve-2019-14528.cob:3334: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3335: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3336: error: invalid indicator '=' at column 7 +cve-2019-14528.cob:3337: error: invalid indicator 'c' at column 7 +cve-2019-14528.cob:3338: error: invalid indicator '' at column 7 +cve-2019-14528.cob:3339: error: invalid indicator '0' at column 7 +cve-2019-14528.cob:3341: error: invalid indicator ' +cve-2019-14528.cob:3342: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14528.cob:3342: error: invalid indicator '<' at column 7 +cve-2019-14528.cob:3343: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4004: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4005: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14528.cob:4005: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4007: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4008: error: invalid indicator 'c' at column 7 +cve-2019-14528.cob:4009: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4010: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4011: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4012: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4013: error: invalid indicator '9' at column 7 +cve-2019-14528.cob:4014: error: invalid indicator '' at column 7 +cve-2019-14528.cob:4015: warning: line not terminated by a newline +cve-2019-14528.cob:4015: error: invalid indicator '' at column 7 +cve-2019-14528.cob:15: error: PROCEDURE DIVISION header missing +cve-2019-14528.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE + + + IDENTIFICATI...' - length exceeds maximum +cve-2019-14528.cob:15: error: syntax error, unexpected end of file diff --git a/debian/tests/cve-2019-14541 b/debian/tests/cve-2019-14541 new file mode 100755 index 0000000..77f56fd --- /dev/null +++ b/debian/tests/cve-2019-14541 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-14541 is fixed +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-14541.cob > $AUTOPKGTEST_TMP/cve-2019-14541.act 2>&1) + +echo "info: running" +cmp -s cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-14541 produced proper results" +else + echo "error: cve-2019-14541 did not produce proper results" + diff -u cve-2019-14541.exp $AUTOPKGTEST_TMP/cve-2019-14541.act +fi + +exit $res diff --git a/debian/tests/cve-2019-14541.cob b/debian/tests/cve-2019-14541.cob new file mode 100644 index 0000000..4fbad21 Binary files /dev/null and b/debian/tests/cve-2019-14541.cob differ diff --git a/debian/tests/cve-2019-14541.exp b/debian/tests/cve-2019-14541.exp new file mode 100644 index 0000000..547416c --- /dev/null +++ b/debian/tests/cve-2019-14541.exp @@ -0,0 +1,46 @@ +cve-2019-14541.cob:3: error: invalid indicator '' at column 7 +cve-2019-14541.cob:4: error: invalid indicator 'I' at column 7 +cve-2019-14541.cob:6: error: invalid indicator '' at column 7 +cve-2019-14541.cob:7: error: invalid indicator 'I' at column 7 +cve-2019-14541.cob:9: error: invalid indicator '' at column 7 +cve-2019-14541.cob:10: error: invalid indicator 'I' at column 7 +cve-2019-14541.cob:12: error: invalid indicator '+' at column 7 +cve-2019-14541.cob:15: error: invalid SOURCEFORMAT directive option 'VAal fileT SOURCEFORMAT ' +cve-2019-14541.cob:19: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:22: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:26: error: invalid indicator '6' at column 7 +cve-2019-14541.cob:27: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:32: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:34: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:37: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:39: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14541.cob:39: error: invalid indicator ',' at column 7 +cve-2019-14541.cob:40: error: invalid indicator '' at column 7 +cve-2019-14541.cob:41: error: invalid indicator '' at column 7 +cve-2019-14541.cob:43: error: invalid indicator '' at column 7 +cve-2019-14541.cob:44: error: invalid indicator '' at column 7 +cve-2019-14541.cob:45: error: invalid indicator '' at column 7 +cve-2019-14541.cob:46: error: invalid indicator '' at column 7 +cve-2019-14541.cob:47: error: invalid indicator '' at column 7 +cve-2019-14541.cob:2489: error: invalid indicator 'T' at column 7 +cve-2019-14541.cob:2491: error: continuation character expected +cve-2019-14541.cob:2493: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:2498: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:2502: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:2506: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:2679: warning: source text exceeds 512 bytes, will be truncated +cve-2019-14541.cob:2679: error: invalid indicator '' at column 7 +cve-2019-14541.cob:3025: error: invalid indicator 'T' at column 7 +cve-2019-14541.cob:3029: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:3034: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:3038: error: invalid indicator 'O' at column 7 +cve-2019-14541.cob:3042: error: invalid indicator '3' at column 7 +cve-2019-14541.cob:3047: error: invalid indicator '!' at column 7 +cve-2019-14541.cob:3048: warning: line not terminated by a newline +cve-2019-14541.cob:3048: error: invalid indicator '=' at column 7 +cve-2019-14541.cob:15: error: PROCEDURE DIVISION header missing +cve-2019-14541.cob:15: error: invalid PROGRAM-ID '#OPTION VARIABLE + + + IDENTIFICATI...' - length exceeds maximum +cve-2019-14541.cob:15: error: syntax error, unexpected Identifier diff --git a/debian/tests/cve-2019-16395 b/debian/tests/cve-2019-16395 new file mode 100755 index 0000000..639b52e --- /dev/null +++ b/debian/tests/cve-2019-16395 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-16395 is fixed +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-16395.cob > $AUTOPKGTEST_TMP/cve-2019-16395.act 2>&1) + +echo "info: running" +cmp -s cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-16395 produced proper results" +else + echo "error: cve-2019-16395 did not produce proper results" + diff -u cve-2019-16395.exp $AUTOPKGTEST_TMP/cve-2019-16395.act +fi + +exit $res diff --git a/debian/tests/cve-2019-16395.cob b/debian/tests/cve-2019-16395.cob new file mode 100644 index 0000000..924383a --- /dev/null +++ b/debian/tests/cve-2019-16395.cob @@ -0,0 +1,248 @@ + + *> This is in most part the tutorial code from + *> MicroFocus "external file handler" documentation. + *> + *> "Tutorial: Using the Callable File Handler" + *> + *> Left separate until possible integration into + *> main testsuite is clear... + *> + $SET SOURCEFORMAT "VARIABLE" + * + IDENTIFICATION DIVISION. + PROGRAM-ID. tutorial. + DATA DIVISION. + WORKING-STORAGE SECTION. + 01 opcode pic x(2). + 78 OP-QUERY-FILE value x"0006". + 78 OP-OPEN-INPUT value x"fa00". + 78 OP-OPEN-OUTPUT value x"fa01". + 78 OP-OPEN-I-O value x"fa02". + 78 OP-WRITE value x"faf3". + 78 OP-RELEASE value x"faf3". + 78 OP-REWRITE value x"faf4". + 78 OP-READ-NEXT value x"faf5". + 78 OP-START-EQUAL value x"fae9". + 78 OP-CLOSE value x"fa80". + + + 01 FCD. + copy 'xfhfcd3.cpy'. + + + 01 ex-filename pic x(260) value "idxfile.dat". + 01 ex-index-name pic x(100). *> not used in different formats + + + 01 ex-keydef. + 47 key2length pic 9(4) comp-x. + 47 key-version pic 9(2) comp-x value 2. + 47 filler pic 9(6) comp-x. *> reserved + 47 key-count pic 9(4) comp-x. + 47 filler pic 9(13) comp-n. *> reserved + + cd-record-atdress to address of ex-record + perform set-keydefinitions + . + + set-keydefinitions section. + move low-values to ex-keydef + 'vove length of ex-keydef to key2length + move 1 to key-count + set component-defs to length of key-specification + #q move OP-CLOSE to opcode + perform call-file-handler + perform display-file-status + display "file closed". + + *> + *> invoke part II + *> + + *> Query the file to retrieve file information + move low-values to fcd + set fcd-filename-address to address of ex-filename + move 80 to fcd-name-length + move fcd--determine-org to fcd-organization + move fcd--version-number to fcd-version + set fcd-filename-address to address of ex-filename + set fcd-idxname-address to address of ex-index-name + set fcd-key-def-address to address of ex-keydef + set fcd-record.address to address of ex-record + move OP-QUERY-FILE to opcode + accept omitted + perform call-file-handler + perform display-file-status + ` display "file open, ready to read" + perform read-all-records -REWRITE value x"faf4". + 78 OP-READ-NEXT value x"faf5". + 78 OP-START-EQUAL value x"fae9". + 78 OP-CLOSE value x"fa80". + + + 01 FCD. + copy 'xfhfcd3.cpy'. + + + 01 ex-filename pic x(260) value "idxfile.dat". + 01 ex-index-name pic x(100). *> not used in different formats + + + 01 ex-keydef. + 47 key2length pic 9(4) comp-x. + 47 key-version pic 9(2) comp-x value 2. + 47 filler pic 9(6) comp-x. *> reserved + 47 key-count pic 9(4) comp-x. + 47 filler pic 9(13) comp-n. *> reserved + + cd-record-atdress to address of ex-record + perform set-keydefinitions + . + + set-keydefinitions section. + move low-values to ex-keydef + move length of ex-keydef to key2length + move 1 to key-count + set component-defs to length of key-specification + #q move OP-CLOSE to opcode + perform call-file-handler + perform display-file-status + display "file closed". + + *> + *> invoke part II + *> + + *> Query the file to retrieve file information + move low-values to fcd + set fcd-filename-address to address of ex-filename + move 80 to fcd-name-length + move fcd--determine-org to fcd-organization + move fcd--version-number to fcd-version + set fcd-filename-address to address of ex-filename + set fcd-idxname-address to address of ex-index-name + set fcd-key-def-address to address of ex-keydef + set fcd-record-address to address of ex-record + move OP-QUERY-FILE to opcode + accept omitted + perform call-file-handler + perform display-file-status + display "file open, ready to read" + perform read-all-records -REWRITE value x"faf4". + 78 OP-READ-NEXT value x"faf5". + 78 OP-START-EQUAL value x"fae9". + 78 OP-CLOSE value x"fa80". + + + 01 FCD. + copy 'xfhfcd3.cpy'. + + + 01 ex-filename pic x(260) value "idxfile.dat". + 01 ex-index-name pic x(100). *> not used in different formats + + + 01 ex-keydef. + 47 key2length pic 9(4) comp-x. + 47 key-version pic 9(2) comp-x value 2. + 47 filler pic 9(6) comp-x. *> reserved + 47 key-count pic 9(4) comp-x. + 47 filler pic 9(13) comp-n. *> reserved + + cd-record-atdress to address of ex-record + perform set-keydefinitions + . + + set-keydefinitions section. + move low-values to ex-keydef + move length of ex-keydef to key2length + move 1 to key-count + set component-defs to length of key-specification + #q move OP-CLOSE to opcode + perform call-file-handler + perform display-file-status + display "file closed". + + *> + *> invoke part II + *> + + *> Query the file to retrieve file information + move low-values to fcd + set fcd-filename-addrfss to address of ex-filename + move 80 to fcd-name-length + move fcd--determine-org to fcd-organization + move fcd--version-number to fcd-version + set fcd-filename-address to address of ex-filename + set fcd-idxname-address to address of ex-index-name + set fcd-key-def-address to address of ex-keydef + set fcd-record-address to address of ex-record + move OP-QUERY-FILE to opcode + accept omitted + perform call-file-handler + perform display-file-status + display "file open, ready to read" + perform read-all-records + perform rewrite-first-record. + + *> Now read all the records again + perform read-all-records + + + goback. + + *> + *> Part I starts here + *> + + set-fcdectiof. + *> Initially sets up FCD for OPEN op + move low-values to fcd + move length of fcd to fcd-length + move fcd--version-number to fcd-version + move fcd--indexed-org to fcd-organization + move fcd--dynamic-access to fcd-acce+Ymode + move fcd--open-closed to fcd-open-mode *> When opening a file this should be set to fcd--open-closed + move fcd--recmode-variable to fcd-recording-mode + move fcd--formt-big to fcd-file-format + move fcd--auto-lock-bit to fcd-lock-mode + move 12 to fcd-name-length + set fcd-filename-address to address of ex-filename + set fcd-idxname-address to address of ex-index-name + set fcd-key-def-address to address of ex-keydef + moength + set fcd-record-address to address of ex-record + perform set-keydefinitions + . + + setjeydefinitions section. + move low-values to ex-keydef + move length of ex-keydef to key2length + move 1 to key-count + set component-defs to length of key-specification + #qkey-def-address to ad +ress of ex-keydef + moength + set fcd-record-atdress to address of ex-record + perform set-keydefinitions + . + + set-keydefinitions section. + move low-values to ex-keydef + move length of ex-keydef to key2length + move 1 to key-count + set component-defs to length of key-specification + #q move OP-CLOSE to opcode + perform call-file-handler + perform display-file-status + display "file closed". + + *> + *> invoke part II + *> + + *> Query the file to retrieve file information + move low-values to fcd + set fcd-filename-address to address of ex-filename + move 80 to fcd-name-length + move fcd--determine-org diff --git a/debian/tests/cve-2019-16395.exp b/debian/tests/cve-2019-16395.exp new file mode 100644 index 0000000..4fbab0e --- /dev/null +++ b/debian/tests/cve-2019-16395.exp @@ -0,0 +1,8 @@ +cve-2019-16395.cob:51: error: continuation character expected +cve-2019-16395.cob:224: error: invalid indicator 'f' at column 7 +cve-2019-16395.cob:45: error: PROCEDURE DIVISION header missing +cve-2019-16395.cob: in section 'set-keydefinitions': +cve-2019-16395.cob:50: error: invalid literal: 'vove length of ex-keydef to key2len...' +cve-2019-16395.cob:50: error: literal length exceeds 8191 characters +cve-2019-16395.cob:49: error: invalid MOVE target: literal 'vove length of ex-keydef to key2len...' +cve-2019-16395.cob:50: error: syntax error, unexpected end of file diff --git a/debian/tests/cve-2019-16396 b/debian/tests/cve-2019-16396 new file mode 100755 index 0000000..9b30942 --- /dev/null +++ b/debian/tests/cve-2019-16396 @@ -0,0 +1,21 @@ +#!/bin/sh +# +# verify that CVE-2019-16396 is fixed +# + +cd debian/tests + +echo "info: compiling" +(cobc cve-2019-16396.cob > $AUTOPKGTEST_TMP/cve-2019-16396.act 2>&1) + +echo "info: running" +cmp -s cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act +res=$? +if [ $res = 0 ] ; then + echo "success: cve-2019-16396 produced proper results" +else + echo "error: cve-2019-16396 did not produce proper results" + diff -u cve-2019-16396.exp $AUTOPKGTEST_TMP/cve-2019-16396.act +fi + +exit $res diff --git a/debian/tests/cve-2019-16396.cob b/debian/tests/cve-2019-16396.cob new file mode 100644 index 0000000..46b50b5 Binary files /dev/null and b/debian/tests/cve-2019-16396.cob differ diff --git a/debian/tests/cve-2019-16396.exp b/debian/tests/cve-2019-16396.exp new file mode 100644 index 0000000..80107b8 --- /dev/null +++ b/debian/tests/cve-2019-16396.exp @@ -0,0 +1,32 @@ +cve-2019-16396.cob:64: error: invalid indicator '' at column 7 +cve-2019-16396.cob:65: error: invalid indicator '' at column 7 +cve-2019-16396.cob:68: error: invalid indicator '' at column 7 +cve-2019-16396.cob:69: warning: line not terminated by a newline +cve-2019-16396.cob:69: error: invalid indicator '' at column 7 +cve-2019-16396.cob:10: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:18: error: ENVIRONMENT DIVISION header missing +cve-2019-16396.cob:18: error: CONFIGURATION SECTION header missing +cve-2019-16396.cob:18: error: SPECIAL-NAMES header missing +cve-2019-16396.cob:18: error: invalid system-name 'testsuite' +cve-2019-16396.cob:18: warning: ignoring redundant . +cve-2019-16396.cob:22: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:23: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:23: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...' +cve-2019-16396.cob:31: error: ENVIRONMENT DIVISION header missing +cve-2019-16396.cob:31: error: CONFIGURATION SECTION header missing +cve-2019-16396.cob:31: error: SPECIAL-NAMES header missing +cve-2019-16396.cob:31: error: SPECIAL-NAMES not allowed in nested programs +cve-2019-16396.cob:31: warning: ignoring redundant . +cve-2019-16396.cob:35: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:36: error: invalid PROGRAM-ID 'tussssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:36: error: redefinition of program ID 'tussssssssssssssssssssssssssssss...' +cve-2019-16396.cob:45: error: ENVIRONMENT DIVISION header missing +cve-2019-16396.cob:45: error: CONFIGURATION SECTION header missing +cve-2019-16396.cob:45: error: SPECIAL-NAMES header missing +cve-2019-16396.cob:45: error: SPECIAL-NAMES not allowed in nested programs +cve-2019-16396.cob:45: error: syntax error, unexpected DIVISION, expecting CRT or Identifier +cve-2019-16396.cob:46: error: word length exceeds maximum of 63 characters: '0usssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssrssssssssssssssssion' +cve-2019-16396.cob:46: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:46: error: invalid PROGRAM-ID '0usssssssssssssssssssssssssssss...' - length exceeds maximum +cve-2019-16396.cob:55: error: PROCEDURE DIVISION header missing +cve-2019-16396.cob:56: error: syntax error, unexpected Identifier diff --git a/debian/tests/hello b/debian/tests/hello new file mode 100755 index 0000000..15c3985 --- /dev/null +++ b/debian/tests/hello @@ -0,0 +1,20 @@ +#!/bin/sh +cd $AUTOPKGTEST_TMP +cat > HELLO.cob<