Revision bump, security bug #264607.

Package-Manager: portage-2.2_rc28/cvs/Linux x86_64

4 files changed, 151 insertions, 4 deletions

diff --git a/net-im/centerim/ChangeLog b/net-im/centerim/ChangeLog
index ffbdd91fa5cb..ec1c7148f5fd 100644
--- a/net-im/centerim/ChangeLog
+++ b/net-im/centerim/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for net-im/centerim
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-im/centerim/ChangeLog,v 1.32 2009/03/07 19:40:25 gentoofan23 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-im/centerim/ChangeLog,v 1.33 2009/04/05 10:18:55 swegener Exp $
+
+*centerim-4.22.7-r1 (05 Apr 2009)
+
+  05 Apr 2009; Sven Wegener <swegener@gentoo.org>
+  +files/centerim-4.22.7-libgadu-CVE-2008-4776.patch,
+  +centerim-4.22.7-r1.ebuild:
+  Revision bump, security bug #264607.
 
   07 Mar 2009; Thomas Anderson <gentoofan23@gentoo.org>
   centerim-4.22.6.ebuild:
diff --git a/net-im/centerim/Manifest b/net-im/centerim/Manifest
index e241c5699fff..07e027e9e99b 100644
--- a/net-im/centerim/Manifest
+++ b/net-im/centerim/Manifest
@@ -1,7 +1,19 @@
-MISC ChangeLog 5444 RMD160 505fc2d0c007b23657cf905e06f1bfe342fc1619 SHA1 a91301646e01509e5d1a2102539344c958cfff6a SHA256 9d3ba393b8991cf0ea696e5cdd60f8b787cee660aad1337ac705c42c8924234c
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX centerim-4.22.7-libgadu-CVE-2008-4776.patch 555 RMD160 7e9c908827544aef065f0091b0eb94d44d89f4a6 SHA1 28ab98f6561f8f8773f90c664d15a3a55b02dc6e SHA256 d13bd5f672e24036cd9ce1884da96fe11f27a439cfd9ca27ec2d6ce7ba3d41fc
+DIST centerim-4.22.6.tar.gz 2284721 RMD160 8e4185aefc3788efb2086758e845fb3b603c7323 SHA1 587ed5efd11c32ffbcf93698ca16accc182dd4ec SHA256 66785b044fb3ab9aa046343c9dded8357f1a980f1b4e76ee0669bb7fd52855e0
+DIST centerim-4.22.7.tar.bz2 1794779 RMD160 83c579db34fe6e7c5d539cf78102a2de6b89f47a SHA1 c0b3433ed260fca23f8e10999c1cf91895489b35 SHA256 59356d55d7fb293809d8d26fdef6bcb07bf3dd1452e11e3798ac3550cba5efcd
 EBUILD centerim-4.22.6-r1.ebuild 2385 RMD160 41f056af875fa78949105b6c2b7e6e3935ab0504 SHA1 658ca65c78e69aea3dc996582a573365e5b4d074 SHA256 7f71ea3043e9668017c845bc198bff0d9571840229b35b5513243ce3757c1783
 EBUILD centerim-4.22.6.ebuild 2434 RMD160 cce9711f2a3fc69682e1586680ca0c04346d297e SHA1 ae1c58c315f254a89ed9e2721f942e866926e38b SHA256 35ece7ecd1324de648984374f743453ca9880977015e8148c4884d8b0251aa08
+EBUILD centerim-4.22.7-r1.ebuild 2458 RMD160 4c9dbb66cdd4c21e50c35aef870424314f065dcb SHA1 3be339280d3ed3d2568bde584715ca0b97a0435f SHA256 6eaca404471d8a19e9cf1d9a528013c374c4ce7b2b985b25a9253ee0bf68c2ad
 EBUILD centerim-4.22.7.ebuild 2383 RMD160 6f910dd084a75813069bb0cd7e9f87b68fcf70d7 SHA1 656bb9c669f11701997aa784d27a99fd293cfc2b SHA256 033acaf035cfe23ed4df30f2835ef58c93ce8652a40bb162e44e1bb0e8df59e1
+MISC ChangeLog 5650 RMD160 3eb509cb4eec94202329bcfe8e039651cddc3262 SHA1 537d1c81cfcd7936a6fb5d3414ec907d5ccd8b90 SHA256 ae660b0aa1a4214385cf0e586f046e8519fdf11faf4c3700d0871e78f5f34eb6
 MISC metadata.xml 541 RMD160 27854f0c9356b45252baec904025bb06782f084e SHA1 591145cbbb6c177e36e498af16342dee1841157b SHA256 e7c1b47a4545dcb4d9502e3fd77da7f6d83d559e43da84e3428c5d298ee773f6
-DIST centerim-4.22.6.tar.gz 2284721 RMD160 8e4185aefc3788efb2086758e845fb3b603c7323 SHA1 587ed5efd11c32ffbcf93698ca16accc182dd4ec SHA256 66785b044fb3ab9aa046343c9dded8357f1a980f1b4e76ee0669bb7fd52855e0
-DIST centerim-4.22.7.tar.bz2 1794779 RMD160 83c579db34fe6e7c5d539cf78102a2de6b89f47a SHA1 c0b3433ed260fca23f8e10999c1cf91895489b35 SHA256 59356d55d7fb293809d8d26fdef6bcb07bf3dd1452e11e3798ac3550cba5efcd
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.11 (GNU/Linux)
+
+iEUEARECAAYFAknYhZcACgkQI1lqEGTUzySSdQCbByVdfqX2iJWZyYIPKSouHm92
+2mAAl1I6jUysTzZa0RYP0g/1qUlRjZY=
+=NP5/
+-----END PGP SIGNATURE-----
diff --git a/net-im/centerim/centerim-4.22.7-r1.ebuild b/net-im/centerim/centerim-4.22.7-r1.ebuild
new file mode 100644
index 000000000000..a09f8b74a425
--- /dev/null
+++ b/net-im/centerim/centerim-4.22.7-r1.ebuild
@@ -0,0 +1,114 @@
+# Copyright 1999-2009 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-im/centerim/centerim-4.22.7-r1.ebuild,v 1.1 2009/04/05 10:18:55 swegener Exp $
+
+EAPI="2"
+
+inherit eutils
+
+PROTOCOL_IUSE="+aim gadu +icq +irc +jabber lj +msn rss +yahoo"
+IUSE="${PROTOCOL_IUSE} bidi nls ssl crypt jpeg otr"
+
+DESCRIPTION="CenterIM is a fork of CenterICQ - a ncurses ICQ/Yahoo!/AIM/IRC/MSN/Jabber/GaduGadu/RSS/LiveJournal Client"
+if [[ ${PV} = *_p* ]] # is this a snaphot?
+then
+	SRC_URI="http://www.centerim.org/download/snapshots/${PN}-${PV/*_p/}.tar.gz"
+else
+	SRC_URI="http://www.centerim.org/download/releases/${P}.tar.bz2"
+fi
+HOMEPAGE="http://www.centerim.org/"
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~amd64 ~x86 ~x86-fbsd"
+
+DEPEND=">=sys-libs/ncurses-5.2
+	bidi? ( dev-libs/fribidi )
+	ssl? ( >=dev-libs/openssl-0.9.6g )
+	jpeg? ( media-libs/jpeg )
+	jabber? (
+		otr? ( net-libs/libotr )
+		crypt? ( >=app-crypt/gpgme-1.0.2 )
+	)
+	msn? (
+		net-misc/curl[ssl]
+		dev-libs/openssl
+	)"
+
+RDEPEND="${DEPEND}
+	nls? ( sys-devel/gettext )"
+
+S="${WORKDIR}"/${P/_p*}
+
+check_protocol_iuse() {
+	local flag
+
+	for flag in ${PROTOCOL_IUSE}
+	do
+		use ${flag#+} && return 0
+	done
+
+	return 1
+}
+
+pkg_setup() {
+	if ! check_protocol_iuse
+	then
+		eerror
+		eerror "Please activate at least one of the following protocol USE flags:"
+		eerror "${PROTOCOL_IUSE//+}"
+		eerror
+		die "Please activate at least one protocol USE flag!"
+	fi
+
+	if use otr && ! use jabber
+	then
+		ewarn
+		ewarn "Support for OTR is only supported with Jabber!"
+		ewarn
+	fi
+
+	if use gadu && ! use jpeg
+	then
+		ewarn
+		ewarn "You need jpeg support to be able to register Gadu-Gadu accounts!"
+		ewarn
+	fi
+}
+
+src_unpack() {
+	default
+
+	epatch "${FILESDIR}"/${P}-libgadu-CVE-2008-4776.patch
+
+	# Don't execute git commands, bug #228151
+	cat >"${S}"/misc/git-version-gen <<-EOF
+		#!/bin/sh
+		echo -n "${PVR}"
+	EOF
+}
+
+src_configure() {
+	econf \
+		$(use_with ssl) \
+		$(use_enable aim) \
+		$(use_with bidi fribidi) \
+		$(use_with jpeg libjpeg) \
+		$(use_with otr libotr) \
+		$(use_enable gadu gg) \
+		$(use_enable icq) \
+		$(use_enable irc) \
+		$(use_enable jabber) \
+		$(use_enable lj) \
+		$(use_enable msn) \
+		$(use_enable nls locales-fix) \
+		$(use_enable nls) \
+		$(use_enable rss) \
+		$(use_enable yahoo) \
+		|| die "econf failed"
+}
+
+src_install () {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	dodoc AUTHORS ChangeLog FAQ README THANKS TODO
+}
diff --git a/net-im/centerim/files/centerim-4.22.7-libgadu-CVE-2008-4776.patch b/net-im/centerim/files/centerim-4.22.7-libgadu-CVE-2008-4776.patch
new file mode 100644
index 000000000000..ee6eb3bde391
--- /dev/null
+++ b/net-im/centerim/files/centerim-4.22.7-libgadu-CVE-2008-4776.patch
@@ -0,0 +1,14 @@
+https://bugs.gentoo.org/264607
+https://bugs.gentoo.org/244888
+
+--- centerim-4.22.7/libgadu/events.c
++++ centerim-4.22.7/libgadu/events.c
+@@ -578,7 +578,7 @@
+ 				if (GG_S_D(n->status)) {
+ 					unsigned char descr_len = *((char*) n + sizeof(struct gg_notify_reply60));
+ 
+-					if (descr_len < length) {
++					if (sizeof(struct gg_notify_reply60) + descr_len < length) {
+ 						if (!(e->event.notify60[i].descr = malloc(descr_len + 1))) {
+ 							gg_debug(GG_DEBUG_MISC, "// gg_watch_fd_connected() not enough memory for notify data\n");
+ 							goto fail;