CDE has relied upon catgets() implementations following a relaxed
interpretation of the XPG internationalization standard that ignored
-1, the standard error value returned by catopen, as the catalog
argument. However, this same behavior causes segmentation faults with
the musl C library.
This patch:
- Centralizes (with the exception of ToolTalk) all calls to catopen(),
catgets(), and catclose() through MsgCat within the DtSvc library.
- Prevents calls to catgets() and catclose() that rely upon
undefined behavior.
- Eliminates a number of bespoke catgets() wrappers, including multiple
redundant caching implementations designed to work around a design
peculiarity in HP/UX.
- Eases building CDE without XPG internationalization support by providing
the appropriate macros.
Fixes the following warning:
In file included from ../../../imports/x11/include/X11/Xutil.h:54,
from ../../../imports/x11/include/X11/Intrinsic.h:54,
from Action.c:64:
../../../imports/x11/include/X11/keysym.h:49:1: warning: "XK_MISCELLANY" redefined
<command-line>: warning: this is the location of the previous definition
<keysym.h> which includes all key symbols and loads <keysymdef.h>
is automaticlly included by the X Toolkit.
This patch removes #include <keysymdef.h> whenever not needed,
and adds #define XK_MISCALLANY in the source code where required.
According to the spec, blank lines in message catalogs or lines
beginning with '$ ' are valid comments.
However, there were many cases where lines in the message catalogs
contained just a single '$', without the required space after it.
Under linux, this caused 126766 error lines (in my builds) of the
form:
... unknown directive `': line ignored
This also causes gencat to exit with a non-0 exit code. Even though
gencat says it ignores the line, it really doesn't.
An early porting change to programs/localized/util/merge.c was made to
ignore this return value on linux. This hack has now been removed.
Build logs are a lot smaller and cleaner now.
don't use the idiom
char foo[BUFSIZ];
snprintf(foo, BUFSIZ, ....);
but
char foo[BUFSIZ];
snprintf(foo, sizeo foo, ....);
because this will automatically catch situations where the size of foo
is later changed, e.g. like foo[BUFSIZ + 8];
Fix another use of sprintf.
Patch from Robert Tomsick <robert+cde@tomsick.net>:
I believe this fixes vulnerability #3 from CERT CA-1999-11.[1] The other
uses of sprintf in DtAction seem to be safe.
[1] https://www.cert.org/advisories/CA-1999-11.html
Patrick Georgi