Add a fix for bug #177512.

(Portage version: 2.1.2.7)
author: Michael Januszewski <spock@gentoo.org> 2007-05-21 17:22:47 +0000
committer: Michael Januszewski <spock@gentoo.org> 2007-05-21 17:22:47 +0000
commit: fe96bee52d83286e49e6947fb999f70297260eed (patch)
tree: a182a1c4bffe9589ee2c49c3b591851826c8b1bb /www-client/elinks
parent: Removing insecure version. See bug #177820. (diff)
download: gentoo-2-fe96bee52d83286e49e6947fb999f70297260eed.tar.gz
gentoo-2-fe96bee52d83286e49e6947fb999f70297260eed.tar.bz2
gentoo-2-fe96bee52d83286e49e6947fb999f70297260eed.zip
5 files changed, 47 insertions, 4 deletions
diff --git a/www-client/elinks/ChangeLog b/www-client/elinks/ChangeLog
index 6ccb83a0f0ab..651664840377 100644
--- a/www-client/elinks/ChangeLog
+++ b/www-client/elinks/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for www-client/elinks
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/ChangeLog,v 1.78 2007/05/13 10:03:50 spock Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/ChangeLog,v 1.79 2007/05/21 17:22:47 spock Exp $
+
+  21 May 2007; Michał Januszewski <spock@gentoo.org>
+  +files/elinks-po-path.patch, elinks-0.11.1.ebuild, elinks-0.11.2.ebuild,
+  elinks-0.11.3.ebuild:
+  Add a fix for bug #177512.
 
 *elinks-0.11.3 (13 May 2007)
 
diff --git a/www-client/elinks/elinks-0.11.1.ebuild b/www-client/elinks/elinks-0.11.1.ebuild
index 3cc939074b55..dfeffbbf3298 100644
--- a/www-client/elinks/elinks-0.11.1.ebuild
+++ b/www-client/elinks/elinks-0.11.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/elinks-0.11.1.ebuild,v 1.15 2007/03/15 12:03:13 spock Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/elinks-0.11.1.ebuild,v 1.16 2007/05/21 17:22:47 spock Exp $
 
 WANT_AUTOCONF="latest"
 WANT_AUTOMAKE="1.4"
@@ -53,6 +53,7 @@ src_unpack() {
 	if use unicode ; then
 		epatch ${FILESDIR}/elinks-0.10.1-utf_8_io-default.patch
 	fi
+	epatch ${FILESDIR}/elinks-po-path.patch
 	sed -i -e 's/-Werror//' configure*
 }
 
diff --git a/www-client/elinks/elinks-0.11.2.ebuild b/www-client/elinks/elinks-0.11.2.ebuild
index f42dd113dad7..9091e7f1a7e3 100644
--- a/www-client/elinks/elinks-0.11.2.ebuild
+++ b/www-client/elinks/elinks-0.11.2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/elinks-0.11.2.ebuild,v 1.14 2007/04/25 13:44:25 eroyf Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/elinks-0.11.2.ebuild,v 1.15 2007/05/21 17:22:47 spock Exp $
 
 WANT_AUTOCONF="latest"
 WANT_AUTOMAKE="1.4"
@@ -68,6 +68,7 @@ src_unpack() {
 		epatch ${FILESDIR}/elinks-0.10.1-utf_8_io-default.patch
 	fi
 
+	epatch ${FILESDIR}/elinks-po-path.patch
 	sed -i -e 's/-Werror//' configure*
 }
 
diff --git a/www-client/elinks/elinks-0.11.3.ebuild b/www-client/elinks/elinks-0.11.3.ebuild
index b490bc5ef5ad..a7e38cd15f51 100644
--- a/www-client/elinks/elinks-0.11.3.ebuild
+++ b/www-client/elinks/elinks-0.11.3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2007 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/elinks-0.11.3.ebuild,v 1.1 2007/05/13 10:03:50 spock Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-client/elinks/elinks-0.11.3.ebuild,v 1.2 2007/05/21 17:22:47 spock Exp $
 
 WANT_AUTOCONF="latest"
 WANT_AUTOMAKE="1.4"
@@ -65,6 +65,8 @@ src_unpack() {
 		epatch ${FILESDIR}/elinks-0.10.1-utf_8_io-default.patch
 	fi
 
+	epatch ${FILESDIR}/elinks-po-path.patch
+
 	sed -i -e 's/-Werror//' configure*
 }
 
diff --git a/www-client/elinks/files/elinks-po-path.patch b/www-client/elinks/files/elinks-po-path.patch
new file mode 100644
index 000000000000..ce4305de6d9b
--- /dev/null
+++ b/www-client/elinks/files/elinks-po-path.patch
@@ -0,0 +1,34 @@
+From: Jonas Fonseca <fonseca@diku.dk>
+Date: Thu, 3 May 2007 06:46:29 +0000 (+0200)
+Subject: Check if the program path contains "src/" before using ../po files
+X-Git-Tag: elinks-0.11rc0
+X-Git-Url: http://pasky.or.cz/gitweb.cgi?p=elinks.git;a=commitdiff;h=928f364ba2803f98d71775dc03b694d6403c0754
+
+Check if the program path contains "src/" before using ../po files
+
+Don't look for gettext message catalogs in ../po/ unless ELinks is being
+run as src/elinks, ./src/elinks, or .../src/elinks.
+
+Discovered by Arnaud Giersch, this alternate fix (than what is in debian
+package 0.11.1-1.4) closes debian bug #417789 and redhat bug #235411.
+Also reported in: CVE-2007-2027.
+
+Restricting it to only work with --enable-debug was also considered,
+however, it is an important feature for translaters so this less
+paranoid fix was chosen.
+---
+
+--- a/src/intl/gettext/loadmsgcat.c
++++ b/src/intl/gettext/loadmsgcat.c
+@@ -212,6 +212,11 @@ add_filename_to_string(struct string *st
+ 	unsigned char *slash = strrchr(program.path, '/');
+ 	size_t dirnamelen = (slash ? slash - program.path + 1 : 0);
+ 
++	/* Check if elinks is being run from the source tree. */
++	if (dirnamelen < 4
++	    || strncmp(program.path + dirnamelen - 4, "src", 3))
++		return NULL;
++
+ 	if ((dirnamelen && !add_bytes_to_string(str, program.path, dirnamelen))
+ 	    || !add_to_string(str, "../po/")
+ 	    || !add_bytes_to_string(str,
author	Michael Januszewski <spock@gentoo.org>	2007-05-21 17:22:47 +0000
committer	Michael Januszewski <spock@gentoo.org>	2007-05-21 17:22:47 +0000
commit	fe96bee52d83286e49e6947fb999f70297260eed (patch)
tree	a182a1c4bffe9589ee2c49c3b591851826c8b1bb /www-client/elinks
parent	Removing insecure version. See bug #177820. (diff)
download	gentoo-2-fe96bee52d83286e49e6947fb999f70297260eed.tar.gz gentoo-2-fe96bee52d83286e49e6947fb999f70297260eed.tar.bz2 gentoo-2-fe96bee52d83286e49e6947fb999f70297260eed.zip