From 1a94fa83f2c986332e2ef568b1d81cedc0a39b6e Mon Sep 17 00:00:00 2001 From: Peter Volkov Date: Wed, 19 Oct 2011 09:16:31 +0000 Subject: [PATCH] Fix Input Validation Failure reported in bug #384227 by Agostino Sarubbo. Thank Nikoli and rion for this patch. Package-Manager: portage-2.1.10.27/cvs/Linux x86_64 --- net-im/psi/ChangeLog | 9 +- net-im/psi/Manifest | 20 +- .../psi/files/psi-0.14-input-validation.patch | 257 ++++++++++++++++++ net-im/psi/psi-0.14-r3.ebuild | 161 +++++++++++ 4 files changed, 432 insertions(+), 15 deletions(-) create mode 100644 net-im/psi/files/psi-0.14-input-validation.patch create mode 100644 net-im/psi/psi-0.14-r3.ebuild diff --git a/net-im/psi/ChangeLog b/net-im/psi/ChangeLog index 0ff9f89d2de1..90b2aa281f5c 100644 --- a/net-im/psi/ChangeLog +++ b/net-im/psi/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for net-im/psi # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/net-im/psi/ChangeLog,v 1.213 2011/10/04 07:11:35 pva Exp $ +# $Header: /var/cvsroot/gentoo-x86/net-im/psi/ChangeLog,v 1.214 2011/10/19 09:16:31 pva Exp $ + +*psi-0.14-r3 (19 Oct 2011) + + 19 Oct 2011; Peter Volkov +psi-0.14-r3.ebuild, + +files/psi-0.14-input-validation.patch: + Fix Input Validation Failure reported in bug #384227 by Agostino Sarubbo. + Thank Nikoli and rion for this patch. 04 Oct 2011; Peter Volkov psi-0.14-r2.ebuild, +files/psi-0.14-minizip-detection.patch: diff --git a/net-im/psi/Manifest b/net-im/psi/Manifest index b5d143729a37..b5e80b24058a 100644 --- a/net-im/psi/Manifest +++ b/net-im/psi/Manifest @@ -1,9 +1,7 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 -- -----BEGIN PGP SIGNED MESSAGE----- -Hash: SHA256 - +AUX psi-0.14-input-validation.patch 7440 RMD160 74d1fdcacd3481fcebae9107ba4b185946a2bb82 SHA1 8eb19e4e5b86f59e8adf5d5b98464017d811120d SHA256 4f8f52b6846b238586d8584d8ca5a62b56bd5bfad328765eb157dc95c83bf017 AUX psi-0.14-minizip-detection.patch 6539 RMD160 4fa6e4991e338ee8a69c766675798655e7827153 SHA1 4052c6f01380a5fcf0879266b76e0bfaeae9d33a SHA256 04ac9f7b908c60a1288e1446625038a45637fabf387848cd135f20a4b71529c3 AUX psi-0.14-qt-compat.patch 1492 RMD160 eafdbe9391496bfd2198eaf6aa0637b569331c4a SHA1 5639a2078b1cbe318a4ba7d930fead6101766b59 SHA256 1af6ebbe01094519fcdbbe442a3c5798d499da134a08787648e71783e7b0ba60 DIST psi-0.14.tar.bz2 2168801 RMD160 0c4a07726c2f9819da0f8aa8f1982e939f1fc20f SHA1 f5f8e1a427339a4e9113b5fa513b01a42ae1be4b SHA256 aa014a20d59beb23ce2e853fac3d1d70b4b029591627ae0f0a6a3b9f7150a4c0 @@ -12,20 +10,14 @@ DIST psi-extra-iconsets-r1428.tar.bz2 3214991 RMD160 5aba49e65ca39209a4791c6e5eb DIST psi-extra-patches-r1428.tar.bz2 131700 RMD160 071eadf3a174f392cfb7202a85d2082b3256c76e SHA1 78cfe1f6b8a15852b9ed72c0dd569c9b4e6d9fac SHA256 a458f44773c53abe369b174d220038d3b1dce6bbab981d6baf7ca48ec211cf48 EBUILD psi-0.14-r1.ebuild 4668 RMD160 7e3aed2859dc2880471640af3a1c6296df848889 SHA1 37c58876124c1696b1111d8c11ee140ba93ee86d SHA256 7e7bf643317bc775d0e0e9d747e307edd6cba96a8f2a1162e62565fd383334bb EBUILD psi-0.14-r2.ebuild 4767 RMD160 8577968b92ca9e9c23222b2caaa8b70c86b41ce4 SHA1 4282e29358296d6f44e99d1fb88618dc107a82e9 SHA256 0933ae51870de2849f0b3543c1826a7784016ed40d21fd3e46db4a192f4c235b +EBUILD psi-0.14-r3.ebuild 4825 RMD160 4aa58fd4adcdd653e58ae5517e9bbac0294fb968 SHA1 f79746b9a5564a7aa787d3be7e8e74d06a4cb5cd SHA256 2e37a7ec64725748a3bf536a3f38d7160cafe1760e5c979569995367592848ee EBUILD psi-9999.ebuild 6274 RMD160 4990e95378f6436e54381205ada5a12c7cb5a028 SHA1 f585c22d9434ea63cb6e2355f736a0ab5dcfd175 SHA256 ce57eabc0adf28ef23d2cf77b2e0c6efa8fb9ffe84a97918611954e561cdfedd -MISC ChangeLog 31315 RMD160 2dec81cff9dd8d50b3e64bf9e3bd3149f3a1bbcc SHA1 77e53f2dabdbb9d791e92898cd7ae300315cc188 SHA256 92d9f26e3b604b621cb4dd343f135b44f5a846a2a26cef55d7b70de1b26297cf +MISC ChangeLog 31568 RMD160 f2055238f268bc319eb4c1a362d7d378e8326820 SHA1 ec9df96ddf59ac037951e3a68fb615780f3945b4 SHA256 2057387780c702918de55a3df1570388b6d59e895ad9b4789f6e7b854606e0a1 MISC metadata.xml 1045 RMD160 41a67d4b456737917e90945bfd1ca1798603b7dd SHA1 38066b4c6e461321d33471202cc212d56aa8f463 SHA256 2d2db4b3989de29ab27080da8e7d4301b4b6a85a1f55a405a17de10d93a92be2 -- -----BEGIN PGP SIGNATURE----- -Version: GnuPG v2.0.17 (GNU/Linux) - -iF4EAREIAAYFAk6KsVEACgkQGrk+8vGYmwd9OgD+PJQswc/+aMfQawF+tp5Z8sk0 -PNkqBHzfGwpt0z4ZTo8A/16SmyjmFYbcI6Yn1SlGzeMVdwjJ1HoTghsy5OPXKp4J -=Hxrq -- -----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) -iF4EAREIAAYFAk6KsX0ACgkQGrk+8vGYmwfIVQD/RzDHdyB6P92mhBRud+W7qxuE -z/AHzqT5IxlHCWErXpsA/1n6WeP89PY4qyoCqtD51M3uQ2K7OLwqtOysIR/qn9MP -=d8+/ +iF4EAREIAAYFAk6elQMACgkQGrk+8vGYmwcsWAD/ZhMoLiawL8+W0vwSJHKeeZoF +2SNkP67/svZpE97tmTABAK40/NlWkyb+qiQeNZWJLeYT1INlCAxz0kx1UB4J3DqA +=iTX3 -----END PGP SIGNATURE----- diff --git a/net-im/psi/files/psi-0.14-input-validation.patch b/net-im/psi/files/psi-0.14-input-validation.patch new file mode 100644 index 000000000000..7260c80e1ff9 --- /dev/null +++ b/net-im/psi/files/psi-0.14-input-validation.patch @@ -0,0 +1,257 @@ +commit c68fdd9926a38b2820bc5df97fd1905355a2640d +Author: rion +Date: Fri Oct 7 22:19:05 2011 +0600 + + Fixed QLabel CVE + +--- src/Certificates/CertificateDisplay.ui 2011-10-19 08:30:15 +0000 ++++ src/Certificates/CertificateDisplay.ui 2011-10-19 08:31:23 +0000 +@@ -1,105 +1,118 @@ +- ++ ++ + CertificateDisplay +- +- ++ ++ + + 0 + 0 +- 518 ++ 525 + 369 + + +- ++ + Certificate Information + +- +- ++ ++ ++ 6 ++ ++ + 11 + +- +- 6 +- + +- +- ++ ++ ++ 6 ++ ++ + 0 + +- +- 6 +- + +- +- ++ ++ ++ 6 ++ ++ + 0 + +- +- 6 +- + +- +- ++ ++ + Certificate Validation: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + +- +- ++ ++ + Valid From: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + +- +- ++ ++ + Valid Until: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + +- +- ++ ++ + Serial Number: + + + + +- +- ++ ++ + + ++ ++ Qt::PlainText ++ + + + + +- ++ + Qt::Vertical + +- ++ + QSizePolicy::Expanding + +- ++ + + 20 + 106 +@@ -110,14 +123,14 @@ + + + +- +- ++ ++ + + 350 + 300 + + +- ++ + Qt::ScrollBarAlwaysOff + + +@@ -125,35 +138,35 @@ + + + +- +- ++ ++ + QFrame::HLine + +- ++ + QFrame::Sunken + +- ++ + Qt::Horizontal + + + + +- +- ++ ++ ++ 6 ++ ++ + 0 + +- +- 6 +- + + +- ++ + Qt::Horizontal + +- ++ + QSizePolicy::Expanding + +- ++ + + 421 + 20 +@@ -162,17 +175,17 @@ + + + +- +- +- Close +- +- ++ ++ ++ Close ++ ++ + + + + + +- ++ + qPixmapFromMimeSource + + tb_cert + diff --git a/net-im/psi/psi-0.14-r3.ebuild b/net-im/psi/psi-0.14-r3.ebuild new file mode 100644 index 000000000000..c559dc5dc3ff --- /dev/null +++ b/net-im/psi/psi-0.14-r3.ebuild @@ -0,0 +1,161 @@ +# Copyright 1999-2011 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/net-im/psi/psi-0.14-r3.ebuild,v 1.1 2011/10/19 09:16:31 pva Exp $ + +EAPI="2" + +inherit eutils qt4 multilib + +MY_P="${P/_rc/-rc}" + +DESCRIPTION="Qt4 Jabber client, with Licq-like interface" +HOMEPAGE="http://psi-im.org/" +# Langpack: +# http://lists.affinix.com/pipermail/psi-devel-affinix.com/2009-August/008798.html +# Later found his site: http://fs.scs-tsa.de/psi_l10n/ +SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.bz2 + http://fs.scs-tsa.de/psi_l10n/psi-0.14_langpack_for_packagers_2009-12-02.zip + extras? ( mirror://gentoo/${PN}-extra-patches-r1428.tar.bz2 + mirror://gentoo/${PN}-extra-iconsets-r1428.tar.bz2 )" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~hppa ~ppc ~ppc64 ~x86 ~x86-fbsd" +IUSE="crypt dbus debug doc extras jingle spell ssl xscreensaver webkit" +RESTRICT="test" + +LANGS="be cs de fr it ja pl pt_BR ru sl sv ur_PK zh_TW" +for LNG in ${LANGS}; do + IUSE="${IUSE} linguas_${LNG}" + #SRC_URI="${SRC_URI} http://psi-im.org/download/lang/psi_${LNG/ur_PK/ur_pk}.qm" +done + +RDEPEND=">=x11-libs/qt-gui-4.4:4[qt3support,dbus?] + >=x11-libs/qt-qt3support-4.4:4 + >=app-crypt/qca-2.0.2:2 + spell? ( >=app-text/enchant-1.3.0 ) + xscreensaver? ( x11-libs/libXScrnSaver ) + extras? ( webkit? ( x11-libs/qt-webkit ) ) + app-arch/unzip" + +DEPEND="${RDEPEND} + extras? ( sys-devel/qconf ) + doc? ( app-doc/doxygen )" + +PDEPEND="crypt? ( app-crypt/qca-gnupg:2 ) + jingle? ( net-im/psimedia + app-crypt/qca-ossl:2 ) + ssl? ( app-crypt/qca-ossl:2 )" + +S=${WORKDIR}/${MY_P} + +src_prepare() { + epatch "${FILESDIR}/psi-0.14-qt-compat.patch" + epatch "${FILESDIR}/psi-0.14-minizip-detection.patch" + epatch "${FILESDIR}/psi-0.14-input-validation.patch" + + if use extras; then + # some patches from psi+ project http://code.google.com/p/psi-dev + ewarn "You're about to build heavily patched version of Psi called Psi+." + ewarn "It has really nice features but still is under heavy development." + ewarn "Take a look at homepage for more info: http://code.google.com/p/psi-dev" + ewarn "If you wish to disable some patches just put" + ewarn "MY_EPATCH_EXCLUDE=\"list of patches\"" + ewarn "into /etc/portage/env/${CATEGORY}/${PN} file." + ewarn + ewarn "Note: some patches depend on other. So if you disabled some patch" + ewarn "and other started to fail to apply, you'll have to disable patches" + ewarn "that fail too." + ebeep + + EPATCH_EXCLUDE="${MY_EPATCH_EXCLUDE} + 755-psiplus-fix-application-info-defines.diff + 9999-psiplus-application-info.diff" \ + EPATCH_SUFFIX="diff" EPATCH_FORCE="yes" epatch + sed -e 's/\(^#define PROG_CAPS_NODE \).*/\1"http:\/\/psi-dev.googlecode.com\/caps";/' \ + -e 's:\(^#define PROG_NAME "Psi\):\1+:' \ + -i src/applicationinfo.cpp || die + + qconf || die "Failed to create ./configure." + else + if use webkit; then + ewarn "Webkit support disabled as it is only available in Psi+" + ewarn "(USE='extras' enabled)." + fi + fi + + rm -rf third-party/qca # We use system libraries. +} + +src_configure() { + # unable to use econf because of non-standard configure script + # disable growl as it is a MacOS X extension only + local confcmd="./configure + --prefix=/usr + --qtdir=/usr + --disable-bundled-qca + --disable-growl + $(use dbus || echo '--disable-qdbus') + $(use debug && echo '--debug') + $(use spell || echo '--disable-aspell') + $(use spell || echo '--disable-enchant') + $(use xscreensaver || echo '--disable-xss') + $(use extras && { use webkit && echo '--enable-qtwebkit';} )" + + echo ${confcmd} + ${confcmd} || die "configure failed" + # Makefile is not always created... + [[ ! -f Makefile ]] && die "configure failed" +} + +src_compile() { + eqmake4 + + emake || die "emake failed" + + if use doc; then + cd doc + mkdir -p api # 259632 + make api_public || die "make api_public failed" + fi +} + +src_install() { + emake INSTALL_ROOT="${D}" install || die "emake install failed" + rm "${D}"/usr/share/psi/{COPYING,README} + + # this way the docs will be installed in the standard gentoo dir + newdoc iconsets/roster/README README.roster || die + newdoc iconsets/system/README README.system || die + newdoc certs/README README.certs || die + dodoc README || die + + if use doc; then + cd doc + dohtml -r api || die "dohtml failed" + fi + + # install translations + cd "${WORKDIR}" + insinto /usr/share/${PN}/ + local nolangs=true + for LNG in ${LANGS}; do + if use linguas_${LNG}; then + doins ${LNG}/${PN}_${LNG}.qm || die + newins ${LNG}/INFO INFO.${LNG} || die + nolangs=false + fi + done + + # if linguas is empty install all translations + if ${nolangs}; then + for LNG in ${LANGS}; do + doins ${LNG}/${PN}_${LNG}.qm || die + newins ${LNG}/INFO INFO.${LNG} || die + done + fi + + if use extras; then + cp -a "${WORKDIR}"/iconsets/* "${D}"/usr/share/${PN}/iconsets/ || die + fi +} -- 2.26.2