diff options
author | Peter Volkov <pva@gentoo.org> | 2011-10-19 09:16:31 +0000 |
---|---|---|
committer | Peter Volkov <pva@gentoo.org> | 2011-10-19 09:16:31 +0000 |
commit | cf3a223626547acc0f6a7053e6e1d95377122cef (patch) | |
tree | 6a912c667c518303be672607cc38ec603048276c /net-im | |
parent | Stable for HPPA (bug #387535). (diff) | |
download | gentoo-2-cf3a223626547acc0f6a7053e6e1d95377122cef.tar.gz gentoo-2-cf3a223626547acc0f6a7053e6e1d95377122cef.tar.bz2 gentoo-2-cf3a223626547acc0f6a7053e6e1d95377122cef.zip |
Fix Input Validation Failure reported in bug #384227 by Agostino Sarubbo. Thank Nikoli and rion for this patch.
(Portage version: 2.1.10.27/cvs/Linux x86_64)
Diffstat (limited to 'net-im')
-rw-r--r-- | net-im/psi/ChangeLog | 9 | ||||
-rw-r--r-- | net-im/psi/files/psi-0.14-input-validation.patch | 257 | ||||
-rw-r--r-- | net-im/psi/psi-0.14-r3.ebuild | 161 |
3 files changed, 426 insertions, 1 deletions
diff --git a/net-im/psi/ChangeLog b/net-im/psi/ChangeLog index 0ff9f89d2de1..90b2aa281f5c 100644 --- a/net-im/psi/ChangeLog +++ b/net-im/psi/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-im/psi # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-im/psi/ChangeLog,v 1.213 2011/10/04 07:11:35 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-im/psi/ChangeLog,v 1.214 2011/10/19 09:16:31 pva Exp $ + +*psi-0.14-r3 (19 Oct 2011) + + 19 Oct 2011; Peter Volkov <pva@gentoo.org> +psi-0.14-r3.ebuild, + +files/psi-0.14-input-validation.patch: + Fix Input Validation Failure reported in bug #384227 by Agostino Sarubbo. + Thank Nikoli and rion for this patch. 04 Oct 2011; Peter Volkov <pva@gentoo.org> psi-0.14-r2.ebuild, +files/psi-0.14-minizip-detection.patch: diff --git a/net-im/psi/files/psi-0.14-input-validation.patch b/net-im/psi/files/psi-0.14-input-validation.patch new file mode 100644 index 000000000000..7260c80e1ff9 --- /dev/null +++ b/net-im/psi/files/psi-0.14-input-validation.patch @@ -0,0 +1,257 @@ +commit c68fdd9926a38b2820bc5df97fd1905355a2640d +Author: rion <rion4ik@gmail.com> +Date: Fri Oct 7 22:19:05 2011 +0600 + + Fixed QLabel CVE + +--- src/Certificates/CertificateDisplay.ui 2011-10-19 08:30:15 +0000 ++++ src/Certificates/CertificateDisplay.ui 2011-10-19 08:31:23 +0000 +@@ -1,105 +1,118 @@ +-<ui version="4.0" > ++<?xml version="1.0" encoding="UTF-8"?> ++<ui version="4.0"> + <class>CertificateDisplay</class> +- <widget class="QDialog" name="CertificateDisplay" > +- <property name="geometry" > ++ <widget class="QDialog" name="CertificateDisplay"> ++ <property name="geometry"> + <rect> + <x>0</x> + <y>0</y> +- <width>518</width> ++ <width>525</width> + <height>369</height> + </rect> + </property> +- <property name="windowTitle" > ++ <property name="windowTitle"> + <string>Certificate Information</string> + </property> +- <layout class="QVBoxLayout" > +- <property name="margin" > ++ <layout class="QVBoxLayout"> ++ <property name="spacing"> ++ <number>6</number> ++ </property> ++ <property name="margin"> + <number>11</number> + </property> +- <property name="spacing" > +- <number>6</number> +- </property> + <item> +- <layout class="QHBoxLayout" > +- <property name="margin" > ++ <layout class="QHBoxLayout"> ++ <property name="spacing"> ++ <number>6</number> ++ </property> ++ <property name="margin"> + <number>0</number> + </property> +- <property name="spacing" > +- <number>6</number> +- </property> + <item> +- <layout class="QVBoxLayout" > +- <property name="margin" > ++ <layout class="QVBoxLayout"> ++ <property name="spacing"> ++ <number>6</number> ++ </property> ++ <property name="margin"> + <number>0</number> + </property> +- <property name="spacing" > +- <number>6</number> +- </property> + <item> +- <widget class="QLabel" name="textLabel4" > +- <property name="text" > ++ <widget class="QLabel" name="textLabel4"> ++ <property name="text"> + <string>Certificate Validation:</string> + </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="lb_valid" > +- <property name="text" > ++ <widget class="QLabel" name="lb_valid"> ++ <property name="text"> + <string/> + </property> ++ <property name="textFormat"> ++ <enum>Qt::PlainText</enum> ++ </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="textLabel2" > +- <property name="text" > ++ <widget class="QLabel" name="textLabel2"> ++ <property name="text"> + <string>Valid From:</string> + </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="lb_notBefore" > +- <property name="text" > ++ <widget class="QLabel" name="lb_notBefore"> ++ <property name="text"> + <string/> + </property> ++ <property name="textFormat"> ++ <enum>Qt::PlainText</enum> ++ </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="textLabel3" > +- <property name="text" > ++ <widget class="QLabel" name="textLabel3"> ++ <property name="text"> + <string>Valid Until:</string> + </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="lb_notAfter" > +- <property name="text" > ++ <widget class="QLabel" name="lb_notAfter"> ++ <property name="text"> + <string/> + </property> ++ <property name="textFormat"> ++ <enum>Qt::PlainText</enum> ++ </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="textLabel1" > +- <property name="text" > ++ <widget class="QLabel" name="textLabel1"> ++ <property name="text"> + <string>Serial Number:</string> + </property> + </widget> + </item> + <item> +- <widget class="QLabel" name="lb_sn" > +- <property name="text" > ++ <widget class="QLabel" name="lb_sn"> ++ <property name="text"> + <string/> + </property> ++ <property name="textFormat"> ++ <enum>Qt::PlainText</enum> ++ </property> + </widget> + </item> + <item> + <spacer> +- <property name="orientation" > ++ <property name="orientation"> + <enum>Qt::Vertical</enum> + </property> +- <property name="sizeType" > ++ <property name="sizeType"> + <enum>QSizePolicy::Expanding</enum> + </property> +- <property name="sizeHint" > ++ <property name="sizeHint" stdset="0"> + <size> + <width>20</width> + <height>106</height> +@@ -110,14 +123,14 @@ + </layout> + </item> + <item> +- <widget class="QTextBrowser" name="tb_cert" > +- <property name="minimumSize" > ++ <widget class="QTextBrowser" name="tb_cert"> ++ <property name="minimumSize"> + <size> + <width>350</width> + <height>300</height> + </size> + </property> +- <property name="horizontalScrollBarPolicy" > ++ <property name="horizontalScrollBarPolicy"> + <enum>Qt::ScrollBarAlwaysOff</enum> + </property> + </widget> +@@ -125,35 +138,35 @@ + </layout> + </item> + <item> +- <widget class="Line" name="line1" > +- <property name="frameShape" > ++ <widget class="Line" name="line1"> ++ <property name="frameShape"> + <enum>QFrame::HLine</enum> + </property> +- <property name="frameShadow" > ++ <property name="frameShadow"> + <enum>QFrame::Sunken</enum> + </property> +- <property name="orientation" > ++ <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> + </widget> + </item> + <item> +- <layout class="QHBoxLayout" > +- <property name="margin" > ++ <layout class="QHBoxLayout"> ++ <property name="spacing"> ++ <number>6</number> ++ </property> ++ <property name="margin"> + <number>0</number> + </property> +- <property name="spacing" > +- <number>6</number> +- </property> + <item> + <spacer> +- <property name="orientation" > ++ <property name="orientation"> + <enum>Qt::Horizontal</enum> + </property> +- <property name="sizeType" > ++ <property name="sizeType"> + <enum>QSizePolicy::Expanding</enum> + </property> +- <property name="sizeHint" > ++ <property name="sizeHint" stdset="0"> + <size> + <width>421</width> + <height>20</height> +@@ -162,17 +175,17 @@ + </spacer> + </item> + <item> +- <widget class="QPushButton" native="1" name="pb_close"> +- <property name="text"> +- <string>Close</string> +- </property> +- </widget> ++ <widget class="QPushButton" name="pb_close"> ++ <property name="text"> ++ <string>Close</string> ++ </property> ++ </widget> + </item> + </layout> + </item> + </layout> + </widget> +- <layoutdefault spacing="6" margin="11" /> ++ <layoutdefault spacing="6" margin="11"/> + <pixmapfunction>qPixmapFromMimeSource</pixmapfunction> + <tabstops> + <tabstop>tb_cert</tabstop> + diff --git a/net-im/psi/psi-0.14-r3.ebuild b/net-im/psi/psi-0.14-r3.ebuild new file mode 100644 index 000000000000..c559dc5dc3ff --- /dev/null +++ b/net-im/psi/psi-0.14-r3.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-im/psi/psi-0.14-r3.ebuild,v 1.1 2011/10/19 09:16:31 pva Exp $ + +EAPI="2" + +inherit eutils qt4 multilib + +MY_P="${P/_rc/-rc}" + +DESCRIPTION="Qt4 Jabber client, with Licq-like interface" +HOMEPAGE="http://psi-im.org/" +# Langpack: +# http://lists.affinix.com/pipermail/psi-devel-affinix.com/2009-August/008798.html +# Later found his site: http://fs.scs-tsa.de/psi_l10n/ +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2 + http://fs.scs-tsa.de/psi_l10n/psi-0.14_langpack_for_packagers_2009-12-02.zip + extras? ( mirror://gentoo/${PN}-extra-patches-r1428.tar.bz2 + mirror://gentoo/${PN}-extra-iconsets-r1428.tar.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86 ~x86-fbsd" +IUSE="crypt dbus debug doc extras jingle spell ssl xscreensaver webkit" +RESTRICT="test" + +LANGS="be cs de fr it ja pl pt_BR ru sl sv ur_PK zh_TW" +for LNG in ${LANGS}; do + IUSE="${IUSE} linguas_${LNG}" + #SRC_URI="${SRC_URI} http://psi-im.org/download/lang/psi_${LNG/ur_PK/ur_pk}.qm" +done + +RDEPEND=">=x11-libs/qt-gui-4.4:4[qt3support,dbus?] + >=x11-libs/qt-qt3support-4.4:4 + >=app-crypt/qca-2.0.2:2 + spell? ( >=app-text/enchant-1.3.0 ) + xscreensaver? ( x11-libs/libXScrnSaver ) + extras? ( webkit? ( x11-libs/qt-webkit ) ) + app-arch/unzip" + +DEPEND="${RDEPEND} + extras? ( sys-devel/qconf ) + doc? ( app-doc/doxygen )" + +PDEPEND="crypt? ( app-crypt/qca-gnupg:2 ) + jingle? ( net-im/psimedia + app-crypt/qca-ossl:2 ) + ssl? ( app-crypt/qca-ossl:2 )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch "${FILESDIR}/psi-0.14-qt-compat.patch" + epatch "${FILESDIR}/psi-0.14-minizip-detection.patch" + epatch "${FILESDIR}/psi-0.14-input-validation.patch" + + if use extras; then + # some patches from psi+ project http://code.google.com/p/psi-dev + ewarn "You're about to build heavily patched version of Psi called Psi+." + ewarn "It has really nice features but still is under heavy development." + ewarn "Take a look at homepage for more info: http://code.google.com/p/psi-dev" + ewarn "If you wish to disable some patches just put" + ewarn "MY_EPATCH_EXCLUDE=\"list of patches\"" + ewarn "into /etc/portage/env/${CATEGORY}/${PN} file." + ewarn + ewarn "Note: some patches depend on other. So if you disabled some patch" + ewarn "and other started to fail to apply, you'll have to disable patches" + ewarn "that fail too." + ebeep + + EPATCH_EXCLUDE="${MY_EPATCH_EXCLUDE} + 755-psiplus-fix-application-info-defines.diff + 9999-psiplus-application-info.diff" \ + EPATCH_SUFFIX="diff" EPATCH_FORCE="yes" epatch + sed -e 's/\(^#define PROG_CAPS_NODE \).*/\1"http:\/\/psi-dev.googlecode.com\/caps";/' \ + -e 's:\(^#define PROG_NAME "Psi\):\1+:' \ + -i src/applicationinfo.cpp || die + + qconf || die "Failed to create ./configure." + else + if use webkit; then + ewarn "Webkit support disabled as it is only available in Psi+" + ewarn "(USE='extras' enabled)." + fi + fi + + rm -rf third-party/qca # We use system libraries. +} + +src_configure() { + # unable to use econf because of non-standard configure script + # disable growl as it is a MacOS X extension only + local confcmd="./configure + --prefix=/usr + --qtdir=/usr + --disable-bundled-qca + --disable-growl + $(use dbus || echo '--disable-qdbus') + $(use debug && echo '--debug') + $(use spell || echo '--disable-aspell') + $(use spell || echo '--disable-enchant') + $(use xscreensaver || echo '--disable-xss') + $(use extras && { use webkit && echo '--enable-qtwebkit';} )" + + echo ${confcmd} + ${confcmd} || die "configure failed" + # Makefile is not always created... + [[ ! -f Makefile ]] && die "configure failed" +} + +src_compile() { + eqmake4 + + emake || die "emake failed" + + if use doc; then + cd doc + mkdir -p api # 259632 + make api_public || die "make api_public failed" + fi +} + +src_install() { + emake INSTALL_ROOT="${D}" install || die "emake install failed" + rm "${D}"/usr/share/psi/{COPYING,README} + + # this way the docs will be installed in the standard gentoo dir + newdoc iconsets/roster/README README.roster || die + newdoc iconsets/system/README README.system || die + newdoc certs/README README.certs || die + dodoc README || die + + if use doc; then + cd doc + dohtml -r api || die "dohtml failed" + fi + + # install translations + cd "${WORKDIR}" + insinto /usr/share/${PN}/ + local nolangs=true + for LNG in ${LANGS}; do + if use linguas_${LNG}; then + doins ${LNG}/${PN}_${LNG}.qm || die + newins ${LNG}/INFO INFO.${LNG} || die + nolangs=false + fi + done + + # if linguas is empty install all translations + if ${nolangs}; then + for LNG in ${LANGS}; do + doins ${LNG}/${PN}_${LNG}.qm || die + newins ${LNG}/INFO INFO.${LNG} || die + done + fi + + if use extras; then + cp -a "${WORKDIR}"/iconsets/* "${D}"/usr/share/${PN}/iconsets/ || die + fi +} |