summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSven Wegener <swegener@gentoo.org>2008-06-03 18:50:34 +0000
committerSven Wegener <swegener@gentoo.org>2008-06-03 18:50:34 +0000
commitba1f618700e871fe74cfc8ba822fe96abb36e9d2 (patch)
tree8c837997be87f7430a6dd9b97718dbc9fadc6501 /net-nntp
parentNo altivec patching with this gromacs version. Thanks to Maik Nijhuis in bug ... (diff)
downloadgentoo-2-ba1f618700e871fe74cfc8ba822fe96abb36e9d2.tar.gz
gentoo-2-ba1f618700e871fe74cfc8ba822fe96abb36e9d2.tar.bz2
gentoo-2-ba1f618700e871fe74cfc8ba822fe96abb36e9d2.zip
Revision bump, security bug #224051.
(Portage version: 2.1.5.3)
Diffstat (limited to 'net-nntp')
-rw-r--r--net-nntp/pan/ChangeLog8
-rw-r--r--net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch93
-rw-r--r--net-nntp/pan/pan-0.132-r3.ebuild51
3 files changed, 151 insertions, 1 deletions
diff --git a/net-nntp/pan/ChangeLog b/net-nntp/pan/ChangeLog
index e1b22b3e93a9..155d73dcf5c0 100644
--- a/net-nntp/pan/ChangeLog
+++ b/net-nntp/pan/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-nntp/pan
# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/ChangeLog,v 1.57 2008/04/13 10:55:27 eva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/ChangeLog,v 1.58 2008/06/03 18:50:33 swegener Exp $
+
+*pan-0.132-r3 (03 Jun 2008)
+
+ 03 Jun 2008; Sven Wegener <swegener@gentoo.org>
+ +files/pan-0.132-CVE-2008-2363.patch, +pan-0.132-r3.ebuild:
+ Revision bump, security bug #224051.
13 Apr 2008; Gilles Dartiguelongue <eva@gentoo.org>
+files/pan-0.132-gcc43-fixes.patch, pan-0.132-r2.ebuild:
diff --git a/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch b/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch
new file mode 100644
index 000000000000..6f9b9f0a2b14
--- /dev/null
+++ b/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch
@@ -0,0 +1,93 @@
+https://bugs.gentoo.org/show_bug.cgi?id=224051
+https://bugzilla.gnome.org/show_bug.cgi?id=535413
+https://bugzilla.redhat.com/show_bug.cgi?id=446902
+
+--- pan-0.132/pan/data/parts.cc
++++ pan-0.132/pan/data/parts.cc
+@@ -303,8 +303,7 @@
+ this->n_parts_total = n_parts_total;
+ this->n_parts_found = 0; // they haven't been added yet
+
+- if (n_parts_found > parts.size())
+- parts.resize (n_parts_found);
++ parts.clear();
+ }
+
+ void
+@@ -312,21 +311,10 @@
+ const StringView & mid,
+ bytes_t bytes)
+ {
+- if (n_parts_found >= parts.size())
+- parts.resize (n_parts_found+1);
+-
+- Part& p = *(&parts.front() + n_parts_found++);
+- p.number = number;
+- p.bytes = bytes;
+
+ Packer packer;
+ pack_message_id (packer, mid, reference_mid);
+- p.len_used = packer.size ();
+- if (p.len_alloced < p.len_used) {
+- delete [] p.packed_mid;
+- p.packed_mid = new char [p.len_used];
+- p.len_alloced = p.len_used;
+- }
++ Part p(number,bytes,packer.size());
+ packer.pack (p.packed_mid);
+ packed_mids_len += p.len_used;
+
+@@ -337,8 +325,9 @@
+ assert (mid == tmp);
+ #endif
+
+- if (n_parts_total < n_parts_found)
++ if (n_parts_total < ++n_parts_found)
+ n_parts_total = n_parts_found;
++ parts.push_back(p);
+ }
+
+ PartBatch :: Part&
+@@ -346,7 +335,7 @@
+ {
+ number = that.number;
+ bytes = that.bytes;
+- len_used = len_alloced = that.len_used;
++ len_used = that.len_used;
+ delete [] packed_mid;
+ packed_mid = new char [len_used];
+ memcpy (packed_mid, that.packed_mid, len_used);
+@@ -357,11 +346,17 @@
+ number (that.number),
+ bytes (that.bytes),
+ len_used (that.len_used),
+- len_alloced (that.len_used),
+ packed_mid (new char [len_used])
+ {
+ memcpy (packed_mid, that.packed_mid, len_used);
+ }
++PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l):
++ number(n),
++ bytes(b),
++ len_used(l),
++ packed_mid(new char [len_used])
++{
++}
+
+ void
+ PartBatch :: sort (void)
+--- pan-0.132/pan/data/parts.h
++++ pan-0.132/pan/data/parts.h
+@@ -141,10 +141,10 @@
+ number_t number;
+ bytes_t bytes;
+ size_t len_used;
+- size_t len_alloced;
+ char * packed_mid;
+ Part(): number(0), bytes(0),
+- len_used(0), len_alloced(0), packed_mid(0) {}
++ len_used(0), packed_mid(0) {}
++ Part(number_t n, bytes_t b, size_t l);
+ ~Part() { delete [] packed_mid; }
+ Part (const Part&);
+ Part& operator= (const Part&);
diff --git a/net-nntp/pan/pan-0.132-r3.ebuild b/net-nntp/pan/pan-0.132-r3.ebuild
new file mode 100644
index 000000000000..80250b9f655d
--- /dev/null
+++ b/net-nntp/pan/pan-0.132-r3.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/pan-0.132-r3.ebuild,v 1.1 2008/06/03 18:50:33 swegener Exp $
+
+inherit eutils
+
+DESCRIPTION="A newsreader for the Gnome2 desktop"
+HOMEPAGE="http://pan.rebelbase.com/"
+SRC_URI="http://pan.rebelbase.com/download/releases/${PV}/source/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="spell"
+
+RDEPEND=">=dev-libs/glib-2.4.0
+ >=x11-libs/gtk+-2.4.0
+ >=dev-libs/libpcre-5.0
+ >=dev-libs/gmime-2.1.9
+ spell? ( >=app-text/gtkspell-2.0.7 )"
+
+DEPEND="${RDEPEND}
+ >=dev-util/intltool-0.21
+ dev-util/pkgconfig
+ sys-devel/gettext"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}"/load-pixbuf-in-1024-byte-chunks.diff
+
+ # Fix compilation with >=glib-2.16, bug #214446
+ epatch "${FILESDIR}"/${P}-glib-compat.patch
+
+ # Fix compilation with gcc-4.3, bug #211670
+ epatch "${FILESDIR}"/${P}-gcc43-fixes.patch
+
+ # Security bug #224051
+ epatch "${FILESDIR}"/${P}-CVE-2008-2363.patch
+}
+
+src_compile() {
+ econf $(use_with spell gtkspell) || die "econf failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake install DESTDIR="${D}" || die "make install failed"
+ dodoc AUTHORS ChangeLog NEWS README TODO || die "dodoc failed"
+}