diff options
| -rw-r--r-- | net-im/centerim/ChangeLog | 9 | ||||
| -rw-r--r-- | net-im/centerim/centerim-4.22.3-r1.ebuild | 119 | ||||
| -rw-r--r-- | net-im/centerim/files/centerim-4.22.3-url-escape.patch | 105 |
3 files changed, 232 insertions, 1 deletions
diff --git a/net-im/centerim/ChangeLog b/net-im/centerim/ChangeLog index 4a6de72ef729..34ad1d2f67b6 100644 --- a/net-im/centerim/ChangeLog +++ b/net-im/centerim/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-im/centerim # Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-im/centerim/ChangeLog,v 1.13 2008/03/12 19:17:49 swegener Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-im/centerim/ChangeLog,v 1.14 2008/03/27 15:34:11 swegener Exp $ + +*centerim-4.22.3-r1 (27 Mar 2008) + + 27 Mar 2008; Sven Wegener <swegener@gentoo.org> + +files/centerim-4.22.3-url-escape.patch, +centerim-4.22.3-r1.ebuild: + Revision bump, security bug #214204. This disables external actions + (openurl and detectmusic) completely. *centerim-4.22.3 (12 Mar 2008) diff --git a/net-im/centerim/centerim-4.22.3-r1.ebuild b/net-im/centerim/centerim-4.22.3-r1.ebuild new file mode 100644 index 000000000000..ac59b1c7fd2f --- /dev/null +++ b/net-im/centerim/centerim-4.22.3-r1.ebuild @@ -0,0 +1,119 @@ +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-im/centerim/centerim-4.22.3-r1.ebuild,v 1.1 2008/03/27 15:34:11 swegener Exp $ + +inherit eutils + +PROTOCOL_IUSE="aim gadu icq irc jabber lj msn rss yahoo" +IUSE="${PROTOCOL_IUSE} bidi nls ssl crypt jpeg otr" + +DESCRIPTION="CenterIM is a fork of CenterICQ - a ncurses ICQ/Yahoo!/AIM/IRC/MSN/Jabber/GaduGadu/RSS/LiveJournal Client" +if [[ ${PV} = *_p* ]] # is this a snaphot? +then + SRC_URI="http://www.centerim.org/download/snapshots/${PN}-${PV/*_p/}.tar.gz" +else + SRC_URI="http://www.centerim.org/download/releases/${P}.tar.gz" +fi +HOMEPAGE="http://www.centerim.org/" +SLOT="0" +LICENSE="GPL-2" +KEYWORDS="~amd64 ~x86" + +DEPEND=">=sys-libs/ncurses-5.2 + bidi? ( dev-libs/fribidi ) + ssl? ( >=dev-libs/openssl-0.9.6g ) + jpeg? ( media-libs/jpeg ) + jabber? ( + otr? ( net-libs/libotr ) + crypt? ( >=app-crypt/gpgme-1.0.2 ) + ) + msn? ( + net-misc/curl + dev-libs/openssl + )" + +RDEPEND="${DEPEND} + nls? ( sys-devel/gettext )" + +S="${WORKDIR}"/${P/_p*} + +check_protocol_iuse() { + local flag + + for flag in ${PROTOCOL_IUSE} + do + use ${flag} && return 0 + done + + return 1 +} + +pkg_setup() { + if ! check_protocol_iuse + then + eerror + eerror "Please activate at least one of the following protocol USE flags:" + eerror "${PROTOCOL_IUSE}" + eerror + die "Please activate at least one protocol USE flag!" + fi + + if use msn && ! built_with_use net-misc/curl ssl + then + eerror + eerror "As of right now, the msn use flags requires curl to be built" + eerror "with SSL support. Make sure ssl is in your USE flags and" + eerror "re-emerge net-misc/curl." + eerror + die "net-misc/curl dependencie issue" + fi + + if use otr && ! use jabber + then + eerror + eerror "Support for OTR is only supported with Jabber!" + eerror + die "Support for OTR is only supported with Jabber!" + fi + + if use gadu && ! use jpeg + then + ewarn + ewarn "You need jpeg support to be able to register Gadu-Gadu accounts!" + ewarn + fi +} + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}"/${P}-url-escape.patch +} + +src_compile() { + econf \ + $(use_with ssl) \ + $(use_enable aim) \ + $(use_with bidi fribidi) \ + $(use_with jpeg libjpeg) \ + $(use_with otr libotr) \ + $(use_enable gadu gg) \ + $(use_enable icq) \ + $(use_enable irc) \ + $(use_enable jabber) \ + $(use_enable lj) \ + $(use_enable msn) \ + $(use_enable nls locales-fix) \ + $(use_enable nls) \ + $(use_enable rss) \ + $(use_enable yahoo) \ + || die "econf failed" + emake || die "emake failed" +} + +src_install () { + emake DESTDIR="${D}" install || die "emake install failed" + + dodoc AUTHORS ChangeLog FAQ README THANKS TODO +} diff --git a/net-im/centerim/files/centerim-4.22.3-url-escape.patch b/net-im/centerim/files/centerim-4.22.3-url-escape.patch new file mode 100644 index 000000000000..38570382c1c8 --- /dev/null +++ b/net-im/centerim/files/centerim-4.22.3-url-escape.patch @@ -0,0 +1,105 @@ +This patch disables external actions completely. Historically we created a +security-wise broken external action for opening URLs. We ignore them now and +unconditionally use the configured browser. + +https://bugs.gentoo.org/show_bug.cgi?id=214204 + +--- centerim-4.22.3/src/centerim.cc ++++ centerim-4.22.3/src/centerim.cc +@@ -755,7 +755,7 @@ + + void centerim::checkconfigs() { + static const char *configs[] = { +- "sounds", "colorscheme", "actions", "external", "keybindings", 0 ++ "sounds", "colorscheme", "external", "keybindings", 0 + }; + + struct stat st; +@@ -778,12 +778,9 @@ + face.redraw(); + break; + case 2: +- conf.loadactions(); +- break; +- case 3: + external.load(); + break; +- case 4: ++ case 3: + conf.loadkeys(); + break; + } +@@ -1147,8 +1144,13 @@ + break; + + case icqface::open: +- if(const imurl *m = static_cast<const imurl *>(&ev)) +- conf.execaction("openurl", m->geturl()); ++ if(const imurl *m = static_cast<const imurl *>(&ev)) { ++ face.log (_("+ Opening URL %s"), m->geturl().c_str()); ++ if (fork () == 0) { ++ execlp(conf.getbrowser().c_str(), conf.getbrowser().c_str(), m->geturl().c_str(), NULL); ++ exit (-1); ++ } ++ } + break; + + case icqface::accept: +--- centerim-4.22.3/src/icqconf.cc ++++ centerim-4.22.3/src/icqconf.cc +@@ -212,7 +212,6 @@ + loadmainconfig(); + loadkeys(); + loadcolors(); +- loadactions(); + loadcaptcha(); + external.load(); + } +@@ -500,7 +499,7 @@ + if(param == "sort_by_activity") setsortmode(icqconf::sort_by_activity); else + if(param == "sort_by_name") setsortmode(icqconf::sort_by_name); else + if(param == "smtp") setsmtphost(buf); else +- if(param == "browser") setbrowser(browser); else ++ if(param == "browser") setbrowser(buf); else + if(param == "http_proxy") sethttpproxyhost(buf); else + if(param == "log") makelog = true; else + if(param == "proxy_connect") proxyconnect = true; else +--- centerim-4.22.3/src/icqdialogs.cc ++++ centerim-4.22.3/src/icqdialogs.cc +@@ -2060,7 +2060,6 @@ + break; + + case 20: LJP_LIST("mood", moods, _("(none/custom)")); break; +- case 21: LJP_STR("music", _("Currently playing: ")); break; + case 22: LJP_LIST("picture", pictures, _("(default)")); break; + case 23: LJP_STR("mood", _("Current mood: ")); break; + case 25: LJP_STR("taglist", _("Tags for the entry: ")); break; +@@ -2070,9 +2069,6 @@ + case 33: LJP_BOOL("backdated"); break; + } + +- } else if(b == 1) { +- ev->setfield("music", conf.execaction("detectmusic")); +- + } else if(b == 2) { + r = true; + +--- centerim-4.22.3/src/icqface.cc ++++ centerim-4.22.3/src/icqface.cc +@@ -2245,8 +2245,14 @@ + for(i = extractedurls.begin(); i != extractedurls.end(); ++i) + m.additem(" " + *i); + +- if(n = m.open()) +- conf.execaction("openurl", extractedurls[n-1]); ++ if(n = m.open()) { ++ log(_("+ Opening URL %s"), extractedurls[n-1].c_str()); ++ ++ if (fork () == 0) { ++ execlp(conf.getbrowser().c_str(), conf.getbrowser().c_str(), extractedurls[n-1].c_str(), NULL); ++ exit (-1); ++ } ++ } + + restoreworkarea(); + } |