Add patch to address stack-based buffer overflow, bug #348344, thank Tim Sammut for report. Drop old.

(Portage version: 2.1.9.25/cvs/Linux x86_64)

4 files changed, 125 insertions, 80 deletions

diff --git a/media-gfx/xfig/ChangeLog b/media-gfx/xfig/ChangeLog
index 6f8c615d1a32..78360eae2aec 100644
--- a/media-gfx/xfig/ChangeLog
+++ b/media-gfx/xfig/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-gfx/xfig
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/xfig/ChangeLog,v 1.66 2010/11/24 12:16:59 pva Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/xfig/ChangeLog,v 1.67 2010/12/20 17:45:22 pva Exp $
+
+*xfig-3.2.5b-r1 (20 Dec 2010)
+
+  20 Dec 2010; Peter Volkov <pva@gentoo.org> -xfig-3.2.5-r3.ebuild,
+  +xfig-3.2.5b-r1.ebuild, +files/xfig-3.2.5b-CVE-2010-4262.patch:
+  Add patch to address stack-based buffer overflow, bug #348344, thank Tim
+  Sammut for report. Drop old.
 
   24 Nov 2010; Peter Volkov <pva@gentoo.org> xfig-3.2.5-r3.ebuild,
   xfig-3.2.5b.ebuild:
diff --git a/media-gfx/xfig/files/xfig-3.2.5b-CVE-2010-4262.patch b/media-gfx/xfig/files/xfig-3.2.5b-CVE-2010-4262.patch
new file mode 100644
index 000000000000..eb85513ef69d
--- /dev/null
+++ b/media-gfx/xfig/files/xfig-3.2.5b-CVE-2010-4262.patch
@@ -0,0 +1,22 @@
+--- w_msgpanel.c 	
++++ w_msgpanel.c 2010-12-03 14:21:07.931926127 +0000
+@@ -60,7 +60,7 @@ DeclareStaticArgs(12);
+ /* for the popup message (file_msg) window */
+ 
+ static int	file_msg_length=0;
+-static char	tmpstr[300];
++static char	tmpstr[512];
+ static Widget	file_msg_panel,
+ 		file_msg_win, file_msg_dismiss;
+ 
+@@ -582,8 +582,8 @@ file_msg(char *format,...)
+     }
+ 
+     va_start(ap, format);
+-    /* format the string */
+-    vsprintf(tmpstr, format, ap);
++    /* format the string (but leave room for \n and \0) */
++    vsnprintf(tmpstr, sizeof(tmpstr)-2, format, ap);
+     va_end(ap);
+ 
+     strcat(tmpstr,"\n");
diff --git a/media-gfx/xfig/xfig-3.2.5-r3.ebuild b/media-gfx/xfig/xfig-3.2.5-r3.ebuild
deleted file mode 100644
index 70ac3066029c..000000000000
--- a/media-gfx/xfig/xfig-3.2.5-r3.ebuild
+++ /dev/null
@@ -1,79 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-gfx/xfig/xfig-3.2.5-r3.ebuild,v 1.7 2010/11/24 12:16:59 pva Exp $
-
-inherit eutils multilib
-
-MY_P=${PN}.${PV}
-DESCRIPTION="A menu-driven tool to draw and manipulate objects interactively in an X window."
-HOMEPAGE="http://www.xfig.org"
-SRC_URI="http://www.xfig.org/software/xfig/3.2.5/${MY_P}.full.tar.gz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
-IUSE=""
-
-RDEPEND="x11-libs/libXaw
-		x11-libs/libXp
-		x11-libs/Xaw3d
-		virtual/jpeg
-		media-libs/libpng
-		>=media-gfx/transfig-3.2.5-r1
-		media-libs/netpbm"
-DEPEND="${RDEPEND}
-		x11-misc/imake
-		app-text/rman
-		x11-proto/xproto
-		x11-proto/inputproto
-		x11-libs/libXi"
-
-S="${WORKDIR}"/${MY_P}
-
-src_unpack() {
-	unpack ${A}
-	cd "${S}"
-
-	# We do not have nescape. Let's use firefox instead...
-	sed -i "s+netscape+firefox+g" Fig.ad
-	find "${S}" -type f -exec chmod -x \{\} \;
-}
-
-sed_Imakefile() {
-	# see Imakefile for details
-	vars2subs="BINDIR=/usr/bin
-		PNGINC=-I/usr/include
-		JPEGLIBDIR=/usr/$(get_libdir)
-		JPEGINC=-I/usr/include
-		XPMLIBDIR=/usr/$(get_libdir)
-		XPMINC=-I/usr/include/X11
-		USEINLINE=-DUSE_INLINE
-		XFIGLIBDIR=/usr/share/xfig
-		XFIGDOCDIR=/usr/share/doc/${P}
-		MANDIR=/usr/share/man/man\$\(MANSUFFIX\)
-		CC=$(tc-getCC)"
-
-	for variable in ${vars2subs} ; do
-		varname=${variable%%=*}
-		varval=${variable##*=}
-		sed -i "s:^\(XCOMM\)*[[:space:]]*${varname}[[:space:]]*=.*$:${varname} = ${varval}:" "$@"
-	done
-}
-
-src_compile() {
-	sed_Imakefile Imakefile
-
-	xmkmf || die
-	emake CC="$(tc-getCC)" LOCAL_LDFLAGS="${LDFLAGS}" CDEBUGFLAGS="${CFLAGS}" \
-	USRLIBDIR=/usr/$(get_libdir) || die
-}
-
-src_install() {
-	emake -j1 DESTDIR="${D}" install.all || die
-
-	insinto /usr/share/doc/${P}
-	doins README FIGAPPS CHANGES LATEX.AND.XFIG
-
-	doicon xfig.png
-	make_desktop_entry xfig Xfig xfig
-}
diff --git a/media-gfx/xfig/xfig-3.2.5b-r1.ebuild b/media-gfx/xfig/xfig-3.2.5b-r1.ebuild
new file mode 100644
index 000000000000..5c3b53461055
--- /dev/null
+++ b/media-gfx/xfig/xfig-3.2.5b-r1.ebuild
@@ -0,0 +1,95 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-gfx/xfig/xfig-3.2.5b-r1.ebuild,v 1.1 2010/12/20 17:45:22 pva Exp $
+
+EAPI="2"
+inherit eutils multilib
+
+MY_P=${PN}.${PV}
+
+DESCRIPTION="A menu-driven tool to draw and manipulate objects interactively in an X window."
+HOMEPAGE="http://www.xfig.org"
+SRC_URI="mirror://sourceforge/mcj/${MY_P}.full.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE=""
+
+RDEPEND="x11-libs/libXaw
+		x11-libs/libXp
+		x11-libs/Xaw3d
+		x11-libs/libXi
+		virtual/jpeg
+		media-libs/libpng
+		media-fonts/font-misc-misc
+		media-fonts/urw-fonts
+		>=media-gfx/transfig-3.2.5-r1
+		media-libs/netpbm"
+DEPEND="${RDEPEND}
+		x11-misc/imake
+		x11-proto/xproto
+		x11-proto/inputproto"
+
+S=${WORKDIR}/${MY_P}
+
+sed_Imakefile() {
+	# see Imakefile for details
+	vars2subs=( BINDIR=/usr/bin
+		PNGINC=-I/usr/include
+		JPEGLIBDIR="/usr/$(get_libdir)"
+		JPEGINC=-I/usr/include
+		XPMLIBDIR="/usr/$(get_libdir)"
+		XPMINC=-I/usr/include/X11
+		"USEINLINE = -DUSE_INLINE"
+		XFIGLIBDIR=/usr/share/xfig
+		XFIGDOCDIR="/usr/share/doc/${PF}"
+		MANDIR="/usr/share/man/man\$\(MANSUFFIX\)"
+		"CC=$(tc-getCC)" )
+
+	for variable in "${vars2subs[@]}" ; do
+		varname=${variable%%=*}
+		varval=${variable##*=}
+		sed -i "s:^\(XCOMM\)*[[:space:]]*${varname}[[:space:]]*=.*$:${varname} = ${varval}:" "$@"
+	done
+	sed -i "s:^\(XCOMM\)*[[:space:]]*\(#define I18N\).*$:\2:" "$@"
+	if has_version '>=x11-libs/Xaw3d-1.5e'; then
+		einfo "x11-libs/Xaw3d 1.5e and abover installed"
+		sed -i "s:^\(XCOMM\)*[[:space:]]*\(#define XAW3D1_5E\).*$:\2:" "$@"
+	fi
+}
+
+src_prepare() {
+	# Permissions are really crazy here
+	chmod -R go+rX .
+	find . -type f -exec chmod a-x '{}' \;
+	epatch "${FILESDIR}/${P}-figparserstack.patch" #297379
+	epatch "${FILESDIR}/${P}-spelling.patch"
+	epatch "${FILESDIR}/${P}-papersize_b1.patch"
+	epatch "${FILESDIR}/${P}-pdfimport_mediabox.patch"
+	epatch "${FILESDIR}/${P}-network_images.patch"
+	epatch "${FILESDIR}/${P}-app-defaults.patch"
+	epatch "${FILESDIR}/${P}-zoom-during-edit.patch"
+	epatch "${FILESDIR}/${P}-urwfonts.patch"
+	epatch "${FILESDIR}/${P}-mkstemp.patch" #264575
+	epatch "${FILESDIR}/${P}-CVE-2010-4262.patch" #348344
+	sed_Imakefile Imakefile
+	sed -e "s:/usr/lib/X11/xfig:/usr/share/doc/${PF}:" \
+		-i Doc/xfig.man -i Doc/xfig_man.html || die
+}
+
+src_compile() {
+	xmkmf || die
+	emake CC="$(tc-getCC)" LOCAL_LDFLAGS="${LDFLAGS}" CDEBUGFLAGS="${CFLAGS}" \
+		USRLIBDIR=/usr/$(get_libdir) || die
+}
+
+src_install() {
+	emake -j1 DESTDIR="${D}" install.all || die
+
+	insinto /usr/share/doc/${PF}
+	doins README FIGAPPS CHANGES LATEX.AND.XFIG
+
+	doicon xfig.png
+	make_desktop_entry xfig Xfig xfig
+}