Respecting LDFLAGS now, eliminated a few (not security relevant) intentional buffer overflows. See bug #337314.

(Portage version: 2.1.9/cvs/Linux i686)

3 files changed, 99 insertions, 2 deletions

diff --git a/media-video/motioneye/ChangeLog b/media-video/motioneye/ChangeLog
index 8bf434c4c71c..cbd05c09692e 100644
--- a/media-video/motioneye/ChangeLog
+++ b/media-video/motioneye/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-video/motioneye
-# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/motioneye/ChangeLog,v 1.12 2007/11/27 12:04:16 zzam Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-video/motioneye/ChangeLog,v 1.13 2010/09/14 21:24:02 phosphan Exp $
+
+*motioneye-1.3-r2 (14 Sep 2010)
+
+  14 Sep 2010; Patrick Kursawe <phosphan@gentoo.org>
+  +motioneye-1.3-r2.ebuild, +files/buflen+ldflags.patch:
+  Respecting LDFLAGS now, eliminated a few (not security relevant)
+  intentional buffer overflows. See bug #337314.
 
   27 Nov 2007; Matthias Schwarzott <zzam@gentoo.org>
   motioneye-1.3-r1.ebuild:
diff --git a/media-video/motioneye/files/buflen+ldflags.patch b/media-video/motioneye/files/buflen+ldflags.patch
new file mode 100644
index 000000000000..a7df269bf476
--- /dev/null
+++ b/media-video/motioneye/files/buflen+ldflags.patch
@@ -0,0 +1,51 @@
+diff -u -r motioneye-1.3/avi.c motioneye-1.3-new/avi.c
+--- motioneye-1.3/avi.c	2002-11-16 16:57:01.000000000 +0100
++++ motioneye-1.3-new/avi.c	2010-09-14 22:36:25.000000000 +0200
+@@ -81,7 +81,7 @@
+ 		++fps;
+ 
+ 	bzero(&ah, sizeof(ah));
+-	strcpy(ah.avih, "avih");
++	strncpy(ah.avih, "avih",4);
+ 	ah.time = 1e6 / fps;
+ 	ah.numstreams = 1;
+ 	ah.scale = 1;
+@@ -89,21 +89,21 @@
+ 	ah.length = fps * nframes;
+ 
+ 	bzero(&sh, sizeof(sh));
+-	strcpy(sh.strh, "strh");
+-	strcpy(sh.vids, "vids");
+-	strcpy(sh.codec, "MJPG");
++	strncpy(sh.strh, "strh",4);
++	strncpy(sh.vids, "vids",4);
++	strncpy(sh.codec, "MJPG",4);
+ 	sh.scale = 1;
+ 	sh.rate = fps;
+ 	sh.length = fps * nframes;
+ 	sh.quality = -1;
+ 
+ 	bzero(&fh, sizeof(fh));
+-	strcpy(fh.strf, "strf");
++	strncpy(fh.strf, "strf",4);
+ 	fh.width = width;
+ 	fh.height = height;
+ 	fh.planes = 1;
+ 	fh.bitcount = 24;
+-	strcpy(fh.codec,"MJPG");
++	strncpy(fh.codec,"MJPG",4);
+ 	fh.unpackedsize = 3*width*height;
+ 
+ 	rh.size = sizeof(lh1)+sizeof(ah)+sizeof(lh2)+sizeof(sh)+
+diff -u -r motioneye-1.3/Makefile motioneye-1.3-new/Makefile
+--- motioneye-1.3/Makefile	2003-05-12 17:25:30.000000000 +0200
++++ motioneye-1.3-new/Makefile	2010-09-14 22:31:03.000000000 +0200
+@@ -17,7 +17,7 @@
+ all: motioneye motioneye.1
+ 
+ motioneye: $(OBJ)
+-	$(CC) -o motioneye $(OBJ) $(LIBS)
++	$(CC) -o motioneye $(LDFLAGS) $(OBJ) $(LIBS)
+ 
+ motioneye.o: motioneye.c motioneye.h
+ avi.o: avi.c avi.h motioneye.h
diff --git a/media-video/motioneye/motioneye-1.3-r2.ebuild b/media-video/motioneye/motioneye-1.3-r2.ebuild
new file mode 100644
index 000000000000..fbdebb82daeb
--- /dev/null
+++ b/media-video/motioneye/motioneye-1.3-r2.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-video/motioneye/motioneye-1.3-r2.ebuild,v 1.1 2010/09/14 21:24:02 phosphan Exp $
+
+inherit eutils
+
+DESCRIPTION="ppm, jpeg or mjpeg grabber for the MotionEye camera on Sony VAIO Picturebooks."
+HOMEPAGE="http://popies.net/meye/"
+SRC_URI="http://popies.net/meye/${P}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="X"
+RDEPEND="X? ( x11-libs/libX11
+			media-libs/imlib )"
+
+DEPEND="${RDEPEND}
+	sys-kernel/linux-headers
+	X? ( x11-proto/xextproto )
+	app-text/docbook-sgml-utils"
+
+src_unpack() {
+	unpack ${A}
+	epatch "${FILESDIR}/buflen+ldflags.patch"
+}
+
+src_compile() {
+	if use X; then
+		export WITHX='yes'
+	else
+		export WITHX='no'
+	fi
+	emake WITH_X="${WITHX}" CFLAGS="${CFLAGS}" || die
+}
+
+src_install() {
+	exeinto /usr/bin
+	doexe motioneye
+}