libhx bump and security fix

Package-Manager: portage-2.1.8.3/cvs/Linux x86_64

4 files changed, 93 insertions, 6 deletions

diff --git a/sys-libs/libhx/ChangeLog b/sys-libs/libhx/ChangeLog
index 2522d7be4f54..6bb689c5c355 100644
--- a/sys-libs/libhx/ChangeLog
+++ b/sys-libs/libhx/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-libs/libhx
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-libs/libhx/ChangeLog,v 1.23 2010/08/13 13:31:54 josejx Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/libhx/ChangeLog,v 1.24 2010/08/20 17:34:13 hanno Exp $
+
+*libhx-3.5 (20 Aug 2010)
+
+  20 Aug 2010; Hanno Boeck <hanno@gentoo.org> +libhx-3.5.ebuild,
+  +files/libhx-3.5-buffer-overflow.patch:
+  Version bump and fix for security bug #333635, thanks to Tim Sammut for
+  notice.
 
   13 Aug 2010; Joseph Jezak <josejx@gentoo.org> libhx-3.4.ebuild:
   Marked ppc stable for bug #328501.
diff --git a/sys-libs/libhx/Manifest b/sys-libs/libhx/Manifest
index 6c18668e390e..8d3dbf94a4f4 100644
--- a/sys-libs/libhx/Manifest
+++ b/sys-libs/libhx/Manifest
@@ -1,16 +1,19 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX libhx-3.5-buffer-overflow.patch 878 RMD160 fb5d63f6ab46fc737d37890e48f3aaa8642ddf4d SHA1 534dd3bde61f82dcc87d16e95d67de868cc20667 SHA256 91359612fc2e170044a4e3fa9dbc09bd0cc8c4a9be544d1d038316c1674effe7
 DIST libHX-3.2.tar.bz2 829439 RMD160 1ad80195892aaf0696720f888dbc78a7a3722242 SHA1 9f3302b7e271c1fc36bbd22ad6e25eac4124be82 SHA256 03ae3ed25a7285aaf62e8a0dfe87aae9a8512db4719761316dba81abc364dc6e
 DIST libHX-3.4.tar.xz 765964 RMD160 b71fcc102f876eb64cdc384f8732b53912669bb9 SHA1 7880f72346c1302f1960ddaecce3bca8070e3b68 SHA256 75dd2d3f6d995761e34303c7ae70500412389ec80f4fcac5c41ab4d008bfea6f
+DIST libHX-3.5.tar.xz 767468 RMD160 d73a7bcedbdcf0aec358d833c88318af5ef1e773 SHA1 aac1485e2a184af668c7d7eeda65b95f3d188c11 SHA256 21cc91c9838c78fcc72d352bd441242c83fe700397e7cc4f47bf8f5cac75f430
 EBUILD libhx-3.2.ebuild 729 RMD160 620b107ce63e619367802f4e29fe3de9502da62a SHA1 95c30c4b82cd60ab2e96ab9ae4a6e14da790cfaa SHA256 6739fb0f9f906a0473a66647bbeb3aa826b8d66804c478d0fd5c0617dfbb5202
 EBUILD libhx-3.4.ebuild 706 RMD160 fb2889a384c396a56efb8079f855831d35869db8 SHA1 244112c45e9af9668e4fce5512762215c5436c30 SHA256 d195c8fea5c93fb97538635214b2eeb9b8076db84a7979afd5d0da39923c58d5
-MISC ChangeLog 2805 RMD160 3a18aa3002a259e755b65b7ed46f6c722af95d13 SHA1 c4ffb5df4629572f3af90bcc44797b84e9816e4b SHA256 4f1c3af472fbb9d17def4e4c9e4b7f38fbbdbf28aff8fbc23c46043dc1661044
+EBUILD libhx-3.5.ebuild 792 RMD160 e4b7259b87959568656b1d8e19d1f9de5992998d SHA1 c7620893a1fdd35bc303b0d26f4b8272b55397e6 SHA256 bb3e476f8c442fd44ab8c3cce200d495e1ff0b0cd2fcfa7694ba2855ae04a62c
+MISC ChangeLog 3022 RMD160 6b9d143d27142625e151f367976a35b24e918d0d SHA1 975e4b3c40ed754194c46ee0e8c3a7e27ab9aa68 SHA256 e4fc25b7ccad79b40035eb4da3b55cca5dc9d3ee62f5851d10f530d38220480c
 MISC metadata.xml 217 RMD160 3b01d5dab901ee93217f72b711954d3cccbb1717 SHA1 e304788b60dd2cf214d360a21d267e8635474d98 SHA256 2f5dfc1eb79d2d9ee02663da6e1449f499c3a37b7f4cc2391e18d7789a314669
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.15 (GNU/Linux)
+Version: GnuPG v2.0.16 (GNU/Linux)
 
-iEYEARECAAYFAkxlSPgACgkQcsIHjyDViGSC0gCg4PWUB6JM358tzrfNNcyBpoML
-+LsAnjT7c/3+xwppK2cg8DanAx8G+Xuf
-=bhxf
+iEYEARECAAYFAkxuvJsACgkQr2QksT29OyAv/ACggv9+YDNYi0NbFnYcHKzuShPx
+jOkAoIf4i22H5gxwiMFbuBSqsGpFiJAt
+=xCse
 -----END PGP SIGNATURE-----
diff --git a/sys-libs/libhx/files/libhx-3.5-buffer-overflow.patch b/sys-libs/libhx/files/libhx-3.5-buffer-overflow.patch
new file mode 100644
index 000000000000..ae6ff91bb9bf
--- /dev/null
+++ b/sys-libs/libhx/files/libhx-3.5-buffer-overflow.patch
@@ -0,0 +1,43 @@
+diff --git a/src/string.c b/src/string.c
+index 1acfab2..bea6e71 100644
+--- a/src/string.c
++++ b/src/string.c
+@@ -153,7 +153,7 @@ EXPORT_SYMBOL char **HX_split(const char *str, const char *delim,
+ 		}
+ 	}
+ 
+-	if (max == 0)
++	if (max == 0 || *cp < max)
+ 		max = *cp;
+ 	else if (*cp > max)
+ 		*cp = max;
+diff --git a/src/tx-string.cpp b/src/tx-string.cpp
+index 4e9a534..cc2cbf8 100644
+--- a/src/tx-string.cpp
++++ b/src/tx-string.cpp
+@@ -142,6 +142,17 @@ static void t_split(void)
+ 	free(a1);
+ }
+ 
++static void t_split2(void)
++{
++	static const char tmp[] = "";
++	int c = 0;
++	char **a;
++
++	a = HX_split(tmp, " ", &c, 6);
++	printf("Got %d fields\n", c);
++	HX_zvecfree(a);
++}
++
+ static void t_quote(void)
+ {
+ 	char *fm = NULL;
+@@ -178,6 +189,7 @@ int main(int argc, const char **argv)
+ 	t_strncat();
+ 	t_strsep();
+ 	t_split();
++	t_split2();
+ 	t_quote();
+ 	HXmc_free(tx);
+ 	HX_exit();
diff --git a/sys-libs/libhx/libhx-3.5.ebuild b/sys-libs/libhx/libhx-3.5.ebuild
new file mode 100644
index 000000000000..d3c5e9a2c0c0
--- /dev/null
+++ b/sys-libs/libhx/libhx-3.5.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-libs/libhx/libhx-3.5.ebuild,v 1.1 2010/08/20 17:34:13 hanno Exp $
+
+EAPI=3
+
+inherit eutils
+
+DESCRIPTION="Platform independent library providing basic system functions."
+HOMEPAGE="http://libhx.sourceforge.net"
+SRC_URI="mirror://sourceforge/${PN}/libHX-${PV}.tar.xz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+DEPEND="app-arch/xz-utils"
+RDEPEND=""
+
+S="${WORKDIR}/libHX-${PV}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-buffer-overflow.patch"
+}
+
+src_configure() {
+	econf --docdir="/usr/share/doc/${PF}" || die "econf failed"
+}
+
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+	dodoc doc/*.txt || die
+}