From cf3a223626547acc0f6a7053e6e1d95377122cef Mon Sep 17 00:00:00 2001 From: Peter Volkov Date: Wed, 19 Oct 2011 09:16:31 +0000 Subject: Fix Input Validation Failure reported in bug #384227 by Agostino Sarubbo. Thank Nikoli and rion for this patch. (Portage version: 2.1.10.27/cvs/Linux x86_64) --- net-im/psi/ChangeLog | 9 +- net-im/psi/files/psi-0.14-input-validation.patch | 257 +++++++++++++++++++++++ net-im/psi/psi-0.14-r3.ebuild | 161 ++++++++++++++ 3 files changed, 426 insertions(+), 1 deletion(-) create mode 100644 net-im/psi/files/psi-0.14-input-validation.patch create mode 100644 net-im/psi/psi-0.14-r3.ebuild (limited to 'net-im') diff --git a/net-im/psi/ChangeLog b/net-im/psi/ChangeLog index 0ff9f89d2de1..90b2aa281f5c 100644 --- a/net-im/psi/ChangeLog +++ b/net-im/psi/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-im/psi # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-im/psi/ChangeLog,v 1.213 2011/10/04 07:11:35 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-im/psi/ChangeLog,v 1.214 2011/10/19 09:16:31 pva Exp $ + +*psi-0.14-r3 (19 Oct 2011) + + 19 Oct 2011; Peter Volkov +psi-0.14-r3.ebuild, + +files/psi-0.14-input-validation.patch: + Fix Input Validation Failure reported in bug #384227 by Agostino Sarubbo. + Thank Nikoli and rion for this patch. 04 Oct 2011; Peter Volkov psi-0.14-r2.ebuild, +files/psi-0.14-minizip-detection.patch: diff --git a/net-im/psi/files/psi-0.14-input-validation.patch b/net-im/psi/files/psi-0.14-input-validation.patch new file mode 100644 index 000000000000..7260c80e1ff9 --- /dev/null +++ b/net-im/psi/files/psi-0.14-input-validation.patch @@ -0,0 +1,257 @@ +commit c68fdd9926a38b2820bc5df97fd1905355a2640d +Author: rion +Date: Fri Oct 7 22:19:05 2011 +0600 + + Fixed QLabel CVE + +--- src/Certificates/CertificateDisplay.ui 2011-10-19 08:30:15 +0000 ++++ src/Certificates/CertificateDisplay.ui 2011-10-19 08:31:23 +0000 +@@ -1,105 +1,118 @@ +- ++ ++ + CertificateDisplay +- +- ++ ++ + + 0 + 0 +- 518 ++ 525 + 369 + + +- ++ + Certificate Information + +- +- ++ ++ ++ 6 ++ ++ + 11 + +- +- 6 +- + +- +- ++ ++ ++ 6 ++ ++ + 0 + +- +- 6 +- + +- +- ++ ++ ++ 6 ++ ++ + 0 + +- +- 6 +- + +- +- ++ ++ + Certificate Validation: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + +- +- ++ ++ + Valid From: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + +- +- ++ ++ + Valid Until: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + +- +- ++ ++ + Serial Number: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + + +- ++ + Qt::Vertical + +- ++ + QSizePolicy::Expanding + +- ++ + + 20 + 106 +@@ -110,14 +123,14 @@ + + + +- +- ++ ++ + + 350 + 300 + + +- ++ + Qt::ScrollBarAlwaysOff + + +@@ -125,35 +138,35 @@ + + + +- +- ++ ++ + QFrame::HLine + +- ++ + QFrame::Sunken + +- ++ + Qt::Horizontal + + + + +- +- ++ ++ ++ 6 ++ ++ + 0 + +- +- 6 +- + + +- ++ + Qt::Horizontal + +- ++ + QSizePolicy::Expanding + +- ++ + + 421 + 20 +@@ -162,17 +175,17 @@ + + + +- +- +- Close +- +- ++ ++ ++ Close ++ ++ + + + + + +- ++ + qPixmapFromMimeSource + + tb_cert + diff --git a/net-im/psi/psi-0.14-r3.ebuild b/net-im/psi/psi-0.14-r3.ebuild new file mode 100644 index 000000000000..c559dc5dc3ff --- /dev/null +++ b/net-im/psi/psi-0.14-r3.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-im/psi/psi-0.14-r3.ebuild,v 1.1 2011/10/19 09:16:31 pva Exp $ + +EAPI="2" + +inherit eutils qt4 multilib + +MY_P="${P/_rc/-rc}" + +DESCRIPTION="Qt4 Jabber client, with Licq-like interface" +HOMEPAGE="http://psi-im.org/" +# Langpack: +# http://lists.affinix.com/pipermail/psi-devel-affinix.com/2009-August/008798.html +# Later found his site: http://fs.scs-tsa.de/psi_l10n/ +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2 + http://fs.scs-tsa.de/psi_l10n/psi-0.14_langpack_for_packagers_2009-12-02.zip + extras? ( mirror://gentoo/${PN}-extra-patches-r1428.tar.bz2 + mirror://gentoo/${PN}-extra-iconsets-r1428.tar.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86 ~x86-fbsd" +IUSE="crypt dbus debug doc extras jingle spell ssl xscreensaver webkit" +RESTRICT="test" + +LANGS="be cs de fr it ja pl pt_BR ru sl sv ur_PK zh_TW" +for LNG in ${LANGS}; do + IUSE="${IUSE} linguas_${LNG}" + #SRC_URI="${SRC_URI} http://psi-im.org/download/lang/psi_${LNG/ur_PK/ur_pk}.qm" +done + +RDEPEND=">=x11-libs/qt-gui-4.4:4[qt3support,dbus?] + >=x11-libs/qt-qt3support-4.4:4 + >=app-crypt/qca-2.0.2:2 + spell? ( >=app-text/enchant-1.3.0 ) + xscreensaver? ( x11-libs/libXScrnSaver ) + extras? ( webkit? ( x11-libs/qt-webkit ) ) + app-arch/unzip" + +DEPEND="${RDEPEND} + extras? ( sys-devel/qconf ) + doc? ( app-doc/doxygen )" + +PDEPEND="crypt? ( app-crypt/qca-gnupg:2 ) + jingle? ( net-im/psimedia + app-crypt/qca-ossl:2 ) + ssl? ( app-crypt/qca-ossl:2 )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch "${FILESDIR}/psi-0.14-qt-compat.patch" + epatch "${FILESDIR}/psi-0.14-minizip-detection.patch" + epatch "${FILESDIR}/psi-0.14-input-validation.patch" + + if use extras; then + # some patches from psi+ project http://code.google.com/p/psi-dev + ewarn "You're about to build heavily patched version of Psi called Psi+." + ewarn "It has really nice features but still is under heavy development." + ewarn "Take a look at homepage for more info: http://code.google.com/p/psi-dev" + ewarn "If you wish to disable some patches just put" + ewarn "MY_EPATCH_EXCLUDE=\"list of patches\"" + ewarn "into /etc/portage/env/${CATEGORY}/${PN} file." + ewarn + ewarn "Note: some patches depend on other. So if you disabled some patch" + ewarn "and other started to fail to apply, you'll have to disable patches" + ewarn "that fail too." + ebeep + + EPATCH_EXCLUDE="${MY_EPATCH_EXCLUDE} + 755-psiplus-fix-application-info-defines.diff + 9999-psiplus-application-info.diff" \ + EPATCH_SUFFIX="diff" EPATCH_FORCE="yes" epatch + sed -e 's/\(^#define PROG_CAPS_NODE \).*/\1"http:\/\/psi-dev.googlecode.com\/caps";/' \ + -e 's:\(^#define PROG_NAME "Psi\):\1+:' \ + -i src/applicationinfo.cpp || die + + qconf || die "Failed to create ./configure." + else + if use webkit; then + ewarn "Webkit support disabled as it is only available in Psi+" + ewarn "(USE='extras' enabled)." + fi + fi + + rm -rf third-party/qca # We use system libraries. +} + +src_configure() { + # unable to use econf because of non-standard configure script + # disable growl as it is a MacOS X extension only + local confcmd="./configure + --prefix=/usr + --qtdir=/usr + --disable-bundled-qca + --disable-growl + $(use dbus || echo '--disable-qdbus') + $(use debug && echo '--debug') + $(use spell || echo '--disable-aspell') + $(use spell || echo '--disable-enchant') + $(use xscreensaver || echo '--disable-xss') + $(use extras && { use webkit && echo '--enable-qtwebkit';} )" + + echo ${confcmd} + ${confcmd} || die "configure failed" + # Makefile is not always created... + [[ ! -f Makefile ]] && die "configure failed" +} + +src_compile() { + eqmake4 + + emake || die "emake failed" + + if use doc; then + cd doc + mkdir -p api # 259632 + make api_public || die "make api_public failed" + fi +} + +src_install() { + emake INSTALL_ROOT="${D}" install || die "emake install failed" + rm "${D}"/usr/share/psi/{COPYING,README} + + # this way the docs will be installed in the standard gentoo dir + newdoc iconsets/roster/README README.roster || die + newdoc iconsets/system/README README.system || die + newdoc certs/README README.certs || die + dodoc README || die + + if use doc; then + cd doc + dohtml -r api || die "dohtml failed" + fi + + # install translations + cd "${WORKDIR}" + insinto /usr/share/${PN}/ + local nolangs=true + for LNG in ${LANGS}; do + if use linguas_${LNG}; then + doins ${LNG}/${PN}_${LNG}.qm || die + newins ${LNG}/INFO INFO.${LNG} || die + nolangs=false + fi + done + + # if linguas is empty install all translations + if ${nolangs}; then + for LNG in ${LANGS}; do + doins ${LNG}/${PN}_${LNG}.qm || die + newins ${LNG}/INFO INFO.${LNG} || die + done + fi + + if use extras; then + cp -a "${WORKDIR}"/iconsets/* "${D}"/usr/share/${PN}/iconsets/ || die + fi +} -- cgit v1.2.3-65-gdbad