[gentoo-commits] repo/gentoo:master commit in: media-libs/plib/, media-libs/plib/files/

Sat, 23 Jan 2016 10:39:06 -0800 

commit:     c2c3350ada353ca2c523210909a4fea07fcc5a10
Author:     Michael Sterrett <mr_bones_ <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 23 18:35:22 2016 +0000
Commit:     Michael Sterrett <mr_bones_ <AT> gentoo <DOT> org>
CommitDate: Sat Jan 23 18:37:04 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2c3350a

media-libs/plib: add patches from Debian (bug #395553 and bug #440762)

Package-Manager: portage-2.2.26

 .../plib/files/plib-1.8.5-CVE-2011-4552.patch      | 54 ++++++++++++++++++++++
 .../plib/files/plib-1.8.5-CVE-2011-4620.patch      | 11 +++++
 media-libs/plib/files/plib-1.8.5-X11.patch         |  4 +-
 media-libs/plib/plib-1.8.5-r1.ebuild               | 34 ++++++++++++++
 4 files changed, 101 insertions(+), 2 deletions(-)

diff --git a/media-libs/plib/files/plib-1.8.5-CVE-2011-4552.patch 
b/media-libs/plib/files/plib-1.8.5-CVE-2011-4552.patch
new file mode 100644
index 0000000..78f1b22
--- /dev/null
+++ b/media-libs/plib/files/plib-1.8.5-CVE-2011-4552.patch
@@ -0,0 +1,54 @@
+--- plib-1.8.5/src/ssg/ssgParser.cxx~
++++ plib-1.8.5/src/ssg/ssgParser.cxx
+@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
+   char msgbuff[ 255 ];
+   va_list argp;
+ 
+-  char* msgptr = msgbuff;
+-  if (linenum)
+-  {
+-    msgptr += sprintf ( msgptr,"%s, line %d: ",
+-      path, linenum );
+-  }
+-
+   va_start( argp, format );
+-  vsprintf( msgptr, format, argp );
++  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+   va_end( argp );
+ 
+-  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++  if (linenum)
++  {
++    ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
++  } else {
++    ulSetError ( UL_WARNING, "%s", msgbuff ) ;
++  }
+ }
+ 
+ 
+@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
+   char msgbuff[ 255 ];
+   va_list argp;
+ 
+-  char* msgptr = msgbuff;
+-  if (linenum)
+-  {
+-    msgptr += sprintf ( msgptr,"%s, line %d: ",
+-      path, linenum );
+-  }
+-
+   va_start( argp, format );
+-  vsprintf( msgptr, format, argp );
++  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
+   va_end( argp );
+ 
+-  ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++  if (linenum)
++  {
++    ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
++  } else {
++    ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
++  }
+ }
+ 
+ // Opens the file and does a few internal calculations based on the spec.

diff --git a/media-libs/plib/files/plib-1.8.5-CVE-2011-4620.patch 
b/media-libs/plib/files/plib-1.8.5-CVE-2011-4620.patch
new file mode 100644
index 0000000..41fac5f
--- /dev/null
+++ b/media-libs/plib/files/plib-1.8.5-CVE-2011-4620.patch
@@ -0,0 +1,11 @@
+--- plib-1.8.5/src/util/ulError.cxx~    2008-03-11 03:06:23.000000000 +0100
++++ plib-1.8.5/src/util/ulError.cxx     2011-12-27 15:38:25.305676650 +0100
+@@ -39,7 +39,7 @@ void ulSetError ( enum ulSeverity severi
+ {
+   va_list argp;
+   va_start ( argp, fmt ) ;
+-  vsprintf ( _ulErrorBuffer, fmt, argp ) ;
++  vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
+   va_end ( argp ) ;
+
+   if ( _ulErrorCB )

diff --git a/media-libs/plib/files/plib-1.8.5-X11.patch 
b/media-libs/plib/files/plib-1.8.5-X11.patch
index 86bccc3..1d9e053 100644
--- a/media-libs/plib/files/plib-1.8.5-X11.patch
+++ b/media-libs/plib/files/plib-1.8.5-X11.patch
@@ -1,5 +1,5 @@
---- configure.in.old   2014-10-14 12:23:00.422971952 +0200
-+++ configure.in       2014-10-14 12:23:24.806746868 +0200
+--- configure.in.old
++++ configure.in
 @@ -276,7 +276,7 @@
  
          LDFLAGS="$LDFLAGS $X_LIBS"

diff --git a/media-libs/plib/plib-1.8.5-r1.ebuild 
b/media-libs/plib/plib-1.8.5-r1.ebuild
new file mode 100644
index 0000000..f9045ab
--- /dev/null
+++ b/media-libs/plib/plib-1.8.5-r1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=5
+inherit flag-o-matic eutils autotools
+
+DESCRIPTION="multimedia library used by many games"
+HOMEPAGE="http://plib.sourceforge.net/";
+SRC_URI="http://plib.sourceforge.net/dist/${P}.tar.gz";
+
+LICENSE="LGPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86"
+
+DEPEND="virtual/opengl"
+RDEPEND=${DEPEND}
+
+src_prepare() {
+       epatch \
+               "${FILESDIR}"/${P}-X11.patch \
+               "${FILESDIR}"/${P}-CVE-2011-4552.patch \
+               "${FILESDIR}"/${P}-CVE-2011-4620.patch
+
+       eautoreconf
+       # Since plib only provides static libraries, force
+       # building as PIC or plib is useless to amd64/etc...
+       append-flags -fPIC
+}
+
+src_install() {
+       default
+       dodoc AUTHORS ChangeLog KNOWN_BUGS NOTICE README* TODO*
+}

Reply via email to