Revision bump, security bug #224051.

Package-Manager: portage-2.1.5.3
author: Sven Wegener <swegener@gentoo.org> 2008-06-03 18:50:34 +0000
committer: Sven Wegener <swegener@gentoo.org> 2008-06-03 18:50:34 +0000
commit: 23b3d6be9c206abfb278bcbdab78a60e459aa61a (patch)
tree: 66062ecf03256b1bcca5560977df57f25b55872a /net-nntp
parent: No altivec patching with this gromacs version. Thanks to Maik Nijhuis in bug ... (diff)
download: historical-23b3d6be9c206abfb278bcbdab78a60e459aa61a.tar.gz
historical-23b3d6be9c206abfb278bcbdab78a60e459aa61a.tar.bz2
historical-23b3d6be9c206abfb278bcbdab78a60e459aa61a.zip
4 files changed, 158 insertions, 6 deletions
diff --git a/net-nntp/pan/ChangeLog b/net-nntp/pan/ChangeLog
index e1b22b3e93a9..155d73dcf5c0 100644
--- a/net-nntp/pan/ChangeLog
+++ b/net-nntp/pan/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for net-nntp/pan
 # Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/ChangeLog,v 1.57 2008/04/13 10:55:27 eva Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/ChangeLog,v 1.58 2008/06/03 18:50:33 swegener Exp $
+
+*pan-0.132-r3 (03 Jun 2008)
+
+  03 Jun 2008; Sven Wegener <swegener@gentoo.org>
+  +files/pan-0.132-CVE-2008-2363.patch, +pan-0.132-r3.ebuild:
+  Revision bump, security bug #224051.
 
   13 Apr 2008; Gilles Dartiguelongue <eva@gentoo.org>
   +files/pan-0.132-gcc43-fixes.patch, pan-0.132-r2.ebuild:
diff --git a/net-nntp/pan/Manifest b/net-nntp/pan/Manifest
index 0b1973dbe99c..1cc6b52424eb 100644
--- a/net-nntp/pan/Manifest
+++ b/net-nntp/pan/Manifest
@@ -2,6 +2,7 @@
 Hash: SHA1
 
 AUX load-pixbuf-in-1024-byte-chunks.diff 914 RMD160 fab3b1ec861d92d90f9899304229a6e741dbb5c8 SHA1 371e9376db3808a0d0b98f04699a3afe43cb9ed8 SHA256 e76d46ad9b26fd6737d760c7a2d22bf082d3b52fcde81a142abb13302371fc5a
+AUX pan-0.132-CVE-2008-2363.patch 2496 RMD160 478992d13cfab47b480adbbe0f5eb6c96b96fe5d SHA1 6415adb947c564ba17892e82fff7c3122b028869 SHA256 64874a5bce5a53a5c7932367cd982b51605f1a304b52ed2e3aeae39f02dcf687
 AUX pan-0.132-gcc43-fixes.patch 2065 RMD160 7c89f27fd7b4ff8bceed97ce953276769d910b2b SHA1 8d272ca74f6527c80f53f3ba6d73a2ea4af387ca SHA256 a09a3d7851dd22444503d9298e1403a7243560d868a8f5c38a73914f105ef449
 AUX pan-0.132-glib-compat.patch 25299 RMD160 b4244ccfe242b40bdb1e9b90584c9afb70e3fea2 SHA1 a8488a3ca10470c2bf7c394481521b05513cd50c SHA256 67a63bc9f4e945e2a123c33694a5052c47a9173e05206dfb30e7df4007b3af2e
 AUX pan-0.14.2-update-desktop-file.patch 1028 RMD160 12a05a7a1050b9d10d0ece9a117ecec930e4f6c2 SHA1 c2f41ecbccf27f440d61414b535b8112b13aff7b SHA256 ee4b8d882baf52c19ac5b2897fbaa05dfd6efd6b066fc65eea7b4d53d7d99606
@@ -11,15 +12,16 @@ DIST pan-0.14.2.91.tar.bz2 1919099 RMD160 372012f9f23ef1654125977ff4dee193021fb7
 DIST pan-0.14.2.tar.bz2 1834784 RMD160 0dff24b1d83b6fabfb9cc38a7dea5f9e99513009 SHA1 39c0128906d389524e24d55691e017cf509516a0 SHA256 d864907d3179cde5bdd7afa02c8a2bd00f1d23ce6053f704f64e7814c7f6aba4
 EBUILD pan-0.132-r1.ebuild 1075 RMD160 5379333fe24d16446f0e6e7a02ec10d7256c1abd SHA1 261cc02c5c072adc1a3ed013001922a32e6dcce5 SHA256 e20d6354f0193a1cd372168ab0970774668e6c34ddee1073da5a1ac6315c0da4
 EBUILD pan-0.132-r2.ebuild 1260 RMD160 d6abb2aa577ae7156d9b5ef55ce1bd969904bfa8 SHA1 c082f68783a48e65ec6fd29a27a4962cba5f3a7d SHA256 50408f150ce7380d7922ec0488ba34106a83fabcdb87645f0d79d146ddc62f96
+EBUILD pan-0.132-r3.ebuild 1337 RMD160 699f3db6cff3cf469a518a12ae566b57358e397f SHA1 784b358ba0f0f1991cc5e96cdb408c314a30382d SHA256 0849872ac692d87b25e680412669dffd4efdcb086716b04ae2e824364d8baa45
 EBUILD pan-0.14.2.91-r2.ebuild 1491 RMD160 4dfe6c23fe4e3223dfe0305f0abcc1288a43a1a3 SHA1 77a8a7c0234fa8b64bdd961198ee2b497519f86f SHA256 2f3da49aab71628d1f16351c2bc20b499087ae28b43aba4a856e5495ca3cd314
 EBUILD pan-0.14.2.91-r3.ebuild 1596 RMD160 437145972c0077551de052271098dc7e98835f52 SHA1 e6ab1a778b03cb7ad91fe5c459eee2479edf32c0 SHA256 85f19b7afbe537c6f232f765fc9e40026aa998fdff9bbafb7ffe802b11bb82be
 EBUILD pan-0.14.2.ebuild 1428 RMD160 41f6e981fda0f4b5759a35965811674b6cf1b4b9 SHA1 0f8a043b484362e083666396a6f753a8ed3150ba SHA256 7372d3323f32d5668acde7e57964f355fa1bcdb2a6a9c42693531fd7d66d8a24
-MISC ChangeLog 14105 RMD160 ffb385943ee6a76ae3ac112228649ca77e491a0e SHA1 cc3bfe7bd398873566451d3bd34281355b58971b SHA256 b32a76181aeda346e802f3441e7ad1874f7af6687b81f000d80e69ad026c31b5
+MISC ChangeLog 14291 RMD160 6bcc8eaa3268199a4926f61e0c9e2d3f9e6762fa SHA1 68e21267238b069428a0c5b87973a8aa6a3bd110 SHA256 6b69f097cd2bffa25bb73eb6ddfb846e8f4046fe0037e00268a45fdbb58caf83
 MISC metadata.xml 180 RMD160 797b69d3fd6f36d441bda500c1310c91837720a4 SHA1 e2e177f18436d4250aadeadfd6ec27639861290e SHA256 1bb112215f4f710d26b79a43b61ec93003963663cfdec7b3b7173cfdbf85f52c
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.9 (GNU/Linux)
+Version: GnuPG v2.0.7 (GNU/Linux)
 
-iEYEARECAAYFAkgB5qYACgkQ1fmVwcYIWAYf0wCgnCG3jQ+SqNxO5eCqKPWu3S6p
-UsMAoKtkogienuIHWOg8rtQNlpISxDPQ
-=8R+4
+iD8DBQFIRZKNI1lqEGTUzyQRAutfAKDZtg369oHqow/JzA9lS9O7dr4gsQCeI4dI
+X08Vq1q0ue7CGeErmSbwYMc=
+=+0vp
 -----END PGP SIGNATURE-----
diff --git a/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch b/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch
new file mode 100644
index 000000000000..6f9b9f0a2b14
--- /dev/null
+++ b/net-nntp/pan/files/pan-0.132-CVE-2008-2363.patch
@@ -0,0 +1,93 @@
+https://bugs.gentoo.org/show_bug.cgi?id=224051
+https://bugzilla.gnome.org/show_bug.cgi?id=535413
+https://bugzilla.redhat.com/show_bug.cgi?id=446902
+
+--- pan-0.132/pan/data/parts.cc
++++ pan-0.132/pan/data/parts.cc
+@@ -303,8 +303,7 @@
+   this->n_parts_total = n_parts_total;
+   this->n_parts_found = 0; // they haven't been added yet
+ 
+-  if (n_parts_found > parts.size())
+-    parts.resize (n_parts_found);
++  parts.clear();
+ }
+ 
+ void
+@@ -312,21 +311,10 @@
+                        const StringView  & mid,
+                        bytes_t             bytes)
+ {
+-  if (n_parts_found >= parts.size())
+-    parts.resize (n_parts_found+1);
+-
+-  Part& p = *(&parts.front() + n_parts_found++);
+-  p.number = number;
+-  p.bytes = bytes;
+ 
+   Packer packer;
+   pack_message_id (packer, mid, reference_mid);
+-  p.len_used = packer.size ();
+-  if (p.len_alloced < p.len_used) {
+-    delete [] p.packed_mid;
+-    p.packed_mid = new char [p.len_used];
+-    p.len_alloced = p.len_used;
+-  }
++  Part p(number,bytes,packer.size());
+   packer.pack (p.packed_mid);
+   packed_mids_len += p.len_used;
+ 
+@@ -337,8 +325,9 @@
+   assert (mid == tmp);
+ #endif
+ 
+-  if (n_parts_total < n_parts_found)
++  if (n_parts_total < ++n_parts_found)
+       n_parts_total = n_parts_found;
++  parts.push_back(p);
+ }
+ 
+ PartBatch :: Part&
+@@ -346,7 +335,7 @@
+ {
+   number =  that.number;
+   bytes =  that.bytes;
+-  len_used = len_alloced = that.len_used;
++  len_used = that.len_used;
+   delete [] packed_mid;
+   packed_mid = new char [len_used];
+   memcpy (packed_mid, that.packed_mid, len_used);
+@@ -357,11 +346,17 @@
+   number (that.number),
+   bytes (that.bytes),
+   len_used (that.len_used),
+-  len_alloced (that.len_used),
+   packed_mid (new char [len_used])
+ {
+   memcpy (packed_mid, that.packed_mid, len_used);
+ }
++PartBatch :: Part :: Part (number_t n, bytes_t b, size_t l):
++    number(n),
++    bytes(b),
++    len_used(l),
++    packed_mid(new char [len_used])
++{
++}
+ 
+ void
+ PartBatch :: sort (void)
+--- pan-0.132/pan/data/parts.h
++++ pan-0.132/pan/data/parts.h
+@@ -141,10 +141,10 @@
+         number_t number;
+         bytes_t bytes;
+         size_t len_used;
+-        size_t len_alloced;
+         char * packed_mid;
+         Part(): number(0), bytes(0),
+-                len_used(0), len_alloced(0), packed_mid(0) {}
++                len_used(0), packed_mid(0) {}
++        Part(number_t n, bytes_t b, size_t l);
+         ~Part() { delete [] packed_mid; }
+         Part (const Part&);
+         Part& operator= (const Part&);
diff --git a/net-nntp/pan/pan-0.132-r3.ebuild b/net-nntp/pan/pan-0.132-r3.ebuild
new file mode 100644
index 000000000000..80250b9f655d
--- /dev/null
+++ b/net-nntp/pan/pan-0.132-r3.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2008 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-nntp/pan/pan-0.132-r3.ebuild,v 1.1 2008/06/03 18:50:33 swegener Exp $
+
+inherit eutils
+
+DESCRIPTION="A newsreader for the Gnome2 desktop"
+HOMEPAGE="http://pan.rebelbase.com/"
+SRC_URI="http://pan.rebelbase.com/download/releases/${PV}/source/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="spell"
+
+RDEPEND=">=dev-libs/glib-2.4.0
+	>=x11-libs/gtk+-2.4.0
+	>=dev-libs/libpcre-5.0
+	>=dev-libs/gmime-2.1.9
+	spell? ( >=app-text/gtkspell-2.0.7 )"
+
+DEPEND="${RDEPEND}
+	>=dev-util/intltool-0.21
+	dev-util/pkgconfig
+	sys-devel/gettext"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${FILESDIR}"/load-pixbuf-in-1024-byte-chunks.diff
+
+	# Fix compilation with >=glib-2.16, bug #214446
+	epatch "${FILESDIR}"/${P}-glib-compat.patch
+
+	# Fix compilation with gcc-4.3, bug #211670
+	epatch "${FILESDIR}"/${P}-gcc43-fixes.patch
+
+	# Security bug #224051
+	epatch "${FILESDIR}"/${P}-CVE-2008-2363.patch
+}
+
+src_compile() {
+	econf $(use_with spell gtkspell) || die "econf failed"
+	emake || die "emake failed"
+}
+
+src_install() {
+	emake install DESTDIR="${D}" || die "make install failed"
+	dodoc AUTHORS ChangeLog NEWS README TODO || die "dodoc failed"
+}
author	Sven Wegener <swegener@gentoo.org>	2008-06-03 18:50:34 +0000
committer	Sven Wegener <swegener@gentoo.org>	2008-06-03 18:50:34 +0000
commit	23b3d6be9c206abfb278bcbdab78a60e459aa61a (patch)
tree	66062ecf03256b1bcca5560977df57f25b55872a /net-nntp
parent	No altivec patching with this gromacs version. Thanks to Maik Nijhuis in bug ... (diff)
download	historical-23b3d6be9c206abfb278bcbdab78a60e459aa61a.tar.gz historical-23b3d6be9c206abfb278bcbdab78a60e459aa61a.tar.bz2 historical-23b3d6be9c206abfb278bcbdab78a60e459aa61a.zip