diff options
| author |   Sven Wegener <swegener@gentoo.org> | 2008-06-03 18:50:34 +0000 |
|---|---|---|
| committer | Sven Wegener <swegener@gentoo.org> | 2008-06-03 18:50:34 +0000 |
| commit | ba1f618700e871fe74cfc8ba822fe96abb36e9d2 (patch) | |
| tree | 8c837997be87f7430a6dd9b97718dbc9fadc6501 | |
| parent | No altivec patching with this gromacs version. Thanks to Maik Nijhuis in bug ... (diff) | |
| download | gentoo-2-ba1f618700e871fe74cfc8ba822fe96abb36e9d2.tar.gz gentoo-2-ba1f618700e871fe74cfc8ba822fe96abb36e9d2.tar.bz2 gentoo-2-ba1f618700e871fe74cfc8ba822fe96abb36e9d2.zip | |
Revision bump, security bug #224051.
(Portage version: 2.1.5.3)
| -rw-r--r-- | net-nntp/pan/ChangeLog | 8 | ||||
| -rw-r--r-- | net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch | 93 | ||||
| -rw-r--r-- | net-nntp/pan/pan-0.132-r3.ebuild | 51 |
3 files changed, 151 insertions, 1 deletions
diff --git a/net-nntp/pan/ChangeLog b/net-nntp/pan/ChangeLog index e1b22b3e93a9..155d73dcf5c0 100644 --- a/net-nntp/pan/ChangeLog +++ b/net-nntp/pan/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for net-nntp/pan # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/ChangeLog,v 1.57 2008/04/13 10:55:27 eva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/ChangeLog,v 1.58 2008/06/03 18:50:33 swegener Exp $ + +*pan-0.132-r3 (03 Jun 2008) + + 03 Jun 2008; Sven Wegener <swegener@gentoo.org> + +files/pan-0.132-CVE-2008-2363.patch, +pan-0.132-r3.ebuild: + Revision bump, security bug #224051. 13 Apr 2008; Gilles Dartiguelongue <eva@gentoo.org> +files/pan-0.132-gcc43-fixes.patch, pan-0.132-r2.ebuild: diff --git a/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch b/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch new file mode 100644 index 000000000000..6f9b9f0a2b14 --- /dev/null +++ b/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch @@ -0,0 +1,93 @@ +https://bugs.gentoo.org/show_bug.cgi?id=224051 +https://bugzilla.gnome.org/show_bug.cgi?id=535413 +https://bugzilla.redhat.com/show_bug.cgi?id=446902 + +--- pan-0.132/pan/data/parts.cc ++++ pan-0.132/pan/data/parts.cc +@@ -303,8 +303,7 @@ + this->n_parts_total = n_parts_total; + this->n_parts_found = 0; // they haven't been added yet + +- if (n_parts_found > parts.size()) +- parts.resize (n_parts_found); ++ parts.clear(); + } + + void +@@ -312,21 +311,10 @@ + const StringView & mid, + bytes_t bytes) + { +- if (n_parts_found >= parts.size()) +- parts.resize (n_parts_found+1); +- +- Part& p = *(&parts.front() + n_parts_found++); +- p.number = number; +- p.bytes = bytes; + + Packer packer; + pack_message_id (packer, mid, reference_mid); +- p.len_used = packer.size (); +- if (p.len_alloced < p.len_used) { +- delete [] p.packed_mid; +- p.packed_mid = new char [p.len_used]; +- p.len_alloced = p.len_used; +- } ++ Part p(number,bytes,packer.size()); + packer.pack (p.packed_mid); + packed_mids_len += p.len_used; + +@@ -337,8 +325,9 @@ + assert (mid == tmp); + #endif + +- if (n_parts_total < n_parts_found) ++ if (n_parts_total < ++n_parts_found) + n_parts_total = n_parts_found; ++ parts.push_back(p); + } + + PartBatch :: Part& +@@ -346,7 +335,7 @@ + { + number = that.number; + bytes = that.bytes; +- len_used = len_alloced = that.len_used; ++ len_used = that.len_used; + delete [] packed_mid; + packed_mid = new char [len_used]; + memcpy (packed_mid, that.packed_mid, len_used); +@@ -357,11 +346,17 @@ + number (that.number), + bytes (that.bytes), + len_used (that.len_used), +- len_alloced (that.len_used), + packed_mid (new char [len_used]) + { + memcpy (packed_mid, that.packed_mid, len_used); + } ++PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l): ++ number(n), ++ bytes(b), ++ len_used(l), ++ packed_mid(new char [len_used]) ++{ ++} + + void + PartBatch :: sort (void) +--- pan-0.132/pan/data/parts.h ++++ pan-0.132/pan/data/parts.h +@@ -141,10 +141,10 @@ + number_t number; + bytes_t bytes; + size_t len_used; +- size_t len_alloced; + char * packed_mid; + Part(): number(0), bytes(0), +- len_used(0), len_alloced(0), packed_mid(0) {} ++ len_used(0), packed_mid(0) {} ++ Part(number_t n, bytes_t b, size_t l); + ~Part() { delete [] packed_mid; } + Part (const Part&); + Part& operator= (const Part&); diff --git a/net-nntp/pan/pan-0.132-r3.ebuild b/net-nntp/pan/pan-0.132-r3.ebuild new file mode 100644 index 000000000000..80250b9f655d --- /dev/null +++ b/net-nntp/pan/pan-0.132-r3.ebuild @@ -0,0 +1,51 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/pan-0.132-r3.ebuild,v 1.1 2008/06/03 18:50:33 swegener Exp $ + +inherit eutils + +DESCRIPTION="A newsreader for the Gnome2 desktop" +HOMEPAGE="http://pan.rebelbase.com/" +SRC_URI="http://pan.rebelbase.com/download/releases/${PV}/source/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="spell" + +RDEPEND=">=dev-libs/glib-2.4.0 + >=x11-libs/gtk+-2.4.0 + >=dev-libs/libpcre-5.0 + >=dev-libs/gmime-2.1.9 + spell? ( >=app-text/gtkspell-2.0.7 )" + +DEPEND="${RDEPEND} + >=dev-util/intltool-0.21 + dev-util/pkgconfig + sys-devel/gettext" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}"/load-pixbuf-in-1024-byte-chunks.diff + + # Fix compilation with >=glib-2.16, bug #214446 + epatch "${FILESDIR}"/${P}-glib-compat.patch + + # Fix compilation with gcc-4.3, bug #211670 + epatch "${FILESDIR}"/${P}-gcc43-fixes.patch + + # Security bug #224051 + epatch "${FILESDIR}"/${P}-CVE-2008-2363.patch +} + +src_compile() { + econf $(use_with spell gtkspell) || die "econf failed" + emake || die "emake failed" +} + +src_install() { + emake install DESTDIR="${D}" || die "make install failed" + dodoc AUTHORS ChangeLog NEWS README TODO || die "dodoc failed" +} |