security fix for fvwm-menu-directory, patch from the debian project.

Package-Manager: portage-2.1.1-r1
author: Tavis Ormandy <taviso@gentoo.org> 2006-11-13 22:12:39 +0000
committer: Tavis Ormandy <taviso@gentoo.org> 2006-11-13 22:12:39 +0000
commit: 21a72ac7c2cc1ffa43173443b1d92df0741367ea (patch)
tree: ae32ea0ebda7bfb607add4a90bd823ed5a94a503 /x11-wm/fvwm
parent: Marked ppc stable for bug #155010. (diff)
download: historical-21a72ac7c2cc1ffa43173443b1d92df0741367ea.tar.gz
historical-21a72ac7c2cc1ffa43173443b1d92df0741367ea.tar.bz2
historical-21a72ac7c2cc1ffa43173443b1d92df0741367ea.zip
5 files changed, 222 insertions, 7 deletions
diff --git a/x11-wm/fvwm/ChangeLog b/x11-wm/fvwm/ChangeLog
index 5db17b688fa0..93e98170c144 100644
--- a/x11-wm/fvwm/ChangeLog
+++ b/x11-wm/fvwm/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for x11-wm/fvwm
 # Copyright 2002-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/x11-wm/fvwm/ChangeLog,v 1.124 2006/11/05 03:39:40 ranger Exp $
+# $Header: /var/cvsroot/gentoo-x86/x11-wm/fvwm/ChangeLog,v 1.125 2006/11/13 22:12:39 taviso Exp $
+
+*fvwm-2.5.18-r1 (13 Nov 2006)
+
+  13 Nov 2006; Tavis Ormandy <taviso@gentoo.org>
+  +files/fvwm-menu-directory-security.diff, +fvwm-2.5.18-r1.ebuild:
+  add security patch to fvwm-menu-directory from debian
+  http://article.gmane.org/gmane.comp.window-managers.fvwm.devel/2419
 
   05 Nov 2006; Brent Baude <ranger@gentoo.org> fvwm-2.5.18.ebuild:
   marking fvwm-2.5.18 ppc64 stable for bug 152758
diff --git a/x11-wm/fvwm/Manifest b/x11-wm/fvwm/Manifest
index d6b3b001d3f1..138ba82024bc 100644
--- a/x11-wm/fvwm/Manifest
+++ b/x11-wm/fvwm/Manifest
@@ -1,27 +1,38 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 AUX README.transluceny 8910 RMD160 417b3416aef5ddd4b13672a2760d3736cac6f900 SHA1 c1cd348840df7774f62f67aa9e1b1e2ea78219de SHA256 0a4b3f143ee0b6fc32098cbd556b25fdc695a980bc8b4cf032b1dad4a4952ddb
 MD5 9e8e5c601353e0933820fc4f2f543c13 files/README.transluceny 8910
 RMD160 417b3416aef5ddd4b13672a2760d3736cac6f900 files/README.transluceny 8910
 SHA256 0a4b3f143ee0b6fc32098cbd556b25fdc695a980bc8b4cf032b1dad4a4952ddb files/README.transluceny 8910
+AUX fvwm-menu-directory-security.diff 651 RMD160 4c33671109d1d1f0927bbb755b86691040535bfc SHA1 9b2609a33c85e72c7735de1b3d5fa0fd866819bb SHA256 5ad90a20f6d5f32d718e54347dde66f863971f46a05f6c83c9a294a74cfc24df
+MD5 cfc66216fdfc3e872b6285e23581ca0b files/fvwm-menu-directory-security.diff 651
+RMD160 4c33671109d1d1f0927bbb755b86691040535bfc files/fvwm-menu-directory-security.diff 651
+SHA256 5ad90a20f6d5f32d718e54347dde66f863971f46a05f6c83c9a294a74cfc24df files/fvwm-menu-directory-security.diff 651
 AUX fvwm-menu-xlock-xlockmore-compat.diff 550 RMD160 72af6f306e5869581fcd48c84edfe00adea4a5b9 SHA1 0eccf83c3046e3822737c5facb23f547a062bff8 SHA256 5db8bc279f618096b23fed04b70b626c6ff50c104283d5ece505200db1e5a8af
 MD5 d91fb7d2af57653fc93a70e6e1c0a0ea files/fvwm-menu-xlock-xlockmore-compat.diff 550
 RMD160 72af6f306e5869581fcd48c84edfe00adea4a5b9 files/fvwm-menu-xlock-xlockmore-compat.diff 550
 SHA256 5db8bc279f618096b23fed04b70b626c6ff50c104283d5ece505200db1e5a8af files/fvwm-menu-xlock-xlockmore-compat.diff 550
-DIST fvwm-2.5.16-translucent-menus.diff.gz 5022 RMD160 995c1dcd20bd5e4342cb0d2db442ef14490275e6 SHA256 ac57011a3211267ed7893001e6bc381230c2491526231efc2468991a9774f977
-DIST fvwm-2.5.16.tar.bz2 2018815 RMD160 2c0d9c3c1c452d970dbcd4ba4800944714d4c2d4 SHA256 9fb3f38dfd329b3de1cab0b4e500edd7a2d2fbe11357ef0ca11e052e4ee406d9
+DIST fvwm-2.5.16-translucent-menus.diff.gz 5022 RMD160 995c1dcd20bd5e4342cb0d2db442ef14490275e6 SHA1 5331b75cb63681df53dde8567c9475a15ac12a2e SHA256 ac57011a3211267ed7893001e6bc381230c2491526231efc2468991a9774f977
+DIST fvwm-2.5.16.tar.bz2 2018815 RMD160 2c0d9c3c1c452d970dbcd4ba4800944714d4c2d4 SHA1 fb12b06bec5992b5d3e640f9a530fe453f5f7a1e SHA256 9fb3f38dfd329b3de1cab0b4e500edd7a2d2fbe11357ef0ca11e052e4ee406d9
 DIST fvwm-2.5.18-translucent-menus.diff.gz 82595 RMD160 175e2dc93ca4e265a5022655deeede32dd653b38 SHA1 58e7120717e9dc581d9c6b61770aa740ef33bcbe SHA256 ffdaf69a93f626a709541e15ecbbb8842c306543beebd4adc909a6edbda42516
 DIST fvwm-2.5.18.tar.bz2 2034340 RMD160 68bd7a5d3e1c5fb3776de0fbda75414d9e7ad54b SHA1 b7ef45dfe3975deab38dd9ae306c5fd280f307c6 SHA256 8489b32ad488d91898d9be0ff4ec4697590feee66f10de88301511efc617e9c5
 EBUILD fvwm-2.5.16.ebuild 6159 RMD160 658af33bac1e80c4668835c55a8bb7bb5632c57c SHA1 0f4910541a82850fec8fd241de12bb0ad81746d6 SHA256 ad2cbe053ef104a72e908b64aa47b406a7b7b5da515a22ad55a943eeebf77812
 MD5 567f2456b8b933cc6971ff7731935a50 fvwm-2.5.16.ebuild 6159
 RMD160 658af33bac1e80c4668835c55a8bb7bb5632c57c fvwm-2.5.16.ebuild 6159
 SHA256 ad2cbe053ef104a72e908b64aa47b406a7b7b5da515a22ad55a943eeebf77812 fvwm-2.5.16.ebuild 6159
+EBUILD fvwm-2.5.18-r1.ebuild 5458 RMD160 6fc1fe8f2715ff3e583a37bffbe386834d52a073 SHA1 01b37cad408f5a91057c1d559f9cc42c7932a61e SHA256 378eeb0456a0f33b5b084fc8c95415b9500be68235392dd0bc6faf411f503d6b
+MD5 37cf41b7e0f1556131c62d5f5abd245e fvwm-2.5.18-r1.ebuild 5458
+RMD160 6fc1fe8f2715ff3e583a37bffbe386834d52a073 fvwm-2.5.18-r1.ebuild 5458
+SHA256 378eeb0456a0f33b5b084fc8c95415b9500be68235392dd0bc6faf411f503d6b fvwm-2.5.18-r1.ebuild 5458
 EBUILD fvwm-2.5.18.ebuild 5297 RMD160 379a7d1cd019e7bb4544774cdeb0a8e1aa2a8ccb SHA1 c16792bc097f0c4229038d82a195cb0bb839d8f7 SHA256 c7453ab45b2d684c0dc28d5b5d51a3c7ab5ae48c8dad4390521617380ba2455f
 MD5 026f50fb0d09ad92417c548e2d610466 fvwm-2.5.18.ebuild 5297
 RMD160 379a7d1cd019e7bb4544774cdeb0a8e1aa2a8ccb fvwm-2.5.18.ebuild 5297
 SHA256 c7453ab45b2d684c0dc28d5b5d51a3c7ab5ae48c8dad4390521617380ba2455f fvwm-2.5.18.ebuild 5297
-MISC ChangeLog 20401 RMD160 4b545322f67e0699f2d8090fb84336be03bff27c SHA1 59da32fd2aee6ce16f97fb3c02585aa6f8c196c6 SHA256 f3fce18019fd8df1fa0157ede2e5fdd625b456856ddcbda13db71f931200b34e
-MD5 7179b36d198b038a19c9b129b5e59da8 ChangeLog 20401
-RMD160 4b545322f67e0699f2d8090fb84336be03bff27c ChangeLog 20401
-SHA256 f3fce18019fd8df1fa0157ede2e5fdd625b456856ddcbda13db71f931200b34e ChangeLog 20401
+MISC ChangeLog 20676 RMD160 2fa0ed71250f22b3d9357ccc437f7a5cb60570fb SHA1 295df5d3ec2bc0d940d562d7b1e5adb7be67f94c SHA256 cc8a36a659476ad06027de3acf487464fcd594613062fd644a29d847faca20f9
+MD5 b564a162561d7c5bd76b500d880c93bd ChangeLog 20676
+RMD160 2fa0ed71250f22b3d9357ccc437f7a5cb60570fb ChangeLog 20676
+SHA256 cc8a36a659476ad06027de3acf487464fcd594613062fd644a29d847faca20f9 ChangeLog 20676
 MISC metadata.xml 527 RMD160 e50357d85b1410cf8a00f1afad349ed77b986fd7 SHA1 30ccd6474c2e572a1758202aa2a8b5f8edaf843d SHA256 e22df6337e402284589214f91894a06fd29786e4412ffd70845fe1cf86bb1375
 MD5 4833e4d0685ef48988c0c5c4f9c6b377 metadata.xml 527
 RMD160 e50357d85b1410cf8a00f1afad349ed77b986fd7 metadata.xml 527
@@ -32,3 +43,13 @@ SHA256 21ea20a2227a9ec115691056fdb382b440de63f2f1552567898dfcc780aadd33 files/di
 MD5 25addc6d638328c72c1b1e2d9d89181f files/digest-fvwm-2.5.18 530
 RMD160 cc98cfff3501a5b64176f936befd759f075894a1 files/digest-fvwm-2.5.18 530
 SHA256 15f65ff835712c3942c2d073dd95abe0d5739ac281be5b31bd598f9bff97e5fc files/digest-fvwm-2.5.18 530
+MD5 25addc6d638328c72c1b1e2d9d89181f files/digest-fvwm-2.5.18-r1 530
+RMD160 cc98cfff3501a5b64176f936befd759f075894a1 files/digest-fvwm-2.5.18-r1 530
+SHA256 15f65ff835712c3942c2d073dd95abe0d5739ac281be5b31bd598f9bff97e5fc files/digest-fvwm-2.5.18-r1 530
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+iQBVAwUBRVjt9dommWwmkP1xAQLhYgH/bxPQ+Ia38H9dyjcKCouMU6/txesoEsR6
+ng7Uj0CcykSt2M7+0AwaG/JFiQTJ0gAwZJNZ3qdw4UBsiJWRX80l9Q==
+=fDoL
+-----END PGP SIGNATURE-----
diff --git a/x11-wm/fvwm/files/digest-fvwm-2.5.18-r1 b/x11-wm/fvwm/files/digest-fvwm-2.5.18-r1
new file mode 100644
index 000000000000..6ebdba7bf2ce
--- /dev/null
+++ b/x11-wm/fvwm/files/digest-fvwm-2.5.18-r1
@@ -0,0 +1,6 @@
+MD5 140c3b506c7afb69a3e6ac0b2b56e75b fvwm-2.5.18-translucent-menus.diff.gz 82595
+RMD160 175e2dc93ca4e265a5022655deeede32dd653b38 fvwm-2.5.18-translucent-menus.diff.gz 82595
+SHA256 ffdaf69a93f626a709541e15ecbbb8842c306543beebd4adc909a6edbda42516 fvwm-2.5.18-translucent-menus.diff.gz 82595
+MD5 d90612ab2bd3a86b2bd23325aa87d3d4 fvwm-2.5.18.tar.bz2 2034340
+RMD160 68bd7a5d3e1c5fb3776de0fbda75414d9e7ad54b fvwm-2.5.18.tar.bz2 2034340
+SHA256 8489b32ad488d91898d9be0ff4ec4697590feee66f10de88301511efc617e9c5 fvwm-2.5.18.tar.bz2 2034340
diff --git a/x11-wm/fvwm/files/fvwm-menu-directory-security.diff b/x11-wm/fvwm/files/fvwm-menu-directory-security.diff
new file mode 100644
index 000000000000..440431415369
--- /dev/null
+++ b/x11-wm/fvwm/files/fvwm-menu-directory-security.diff
@@ -0,0 +1,11 @@
+--- fvwm-2.5.18.orig/bin/fvwm-menu-directory.in
++++ fvwm-2.5.18/bin/fvwm-menu-directory.in
+@@ -279,7 +279,7 @@
+        my $itemStr = $dir && $itemF_eval? &evalItem($_name, $dir): $_name;
+        $itemStr = escapeItemName($itemStr);
+        my $act = !$dir || $checkSubdirs && !-x $dir? "Nop": !$reuse?
+-               qq(Popup ") . escapeFvwmName($dir) . qq("$submenuPos):
++               qq(Popup ") . escapeFileName($dir) . qq("$submenuPos):
+                qq(PipeRead 'echo ") . escapeFileName($dir) . qq(" >$dirFile; )
+                . qq(echo Menu ") . escapeFvwmName($name) . qq(" WarpTitle');
+        return qq(+ "$iconDStr$itemStr" $act\n);
diff --git a/x11-wm/fvwm/fvwm-2.5.18-r1.ebuild b/x11-wm/fvwm/fvwm-2.5.18-r1.ebuild
new file mode 100644
index 000000000000..311ad40c75b6
--- /dev/null
+++ b/x11-wm/fvwm/fvwm-2.5.18-r1.ebuild
@@ -0,0 +1,170 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/x11-wm/fvwm/fvwm-2.5.18-r1.ebuild,v 1.1 2006/11/13 22:12:39 taviso Exp $
+
+inherit eutils flag-o-matic
+
+DESCRIPTION="An extremely powerful ICCCM-compliant multiple virtual desktop window manager"
+HOMEPAGE="http://www.fvwm.org/"
+SRC_URI="ftp://ftp.fvwm.org/pub/fvwm/version-2/${P}.tar.bz2 mirror://gentoo/fvwm-2.5.18-translucent-menus.diff.gz"
+
+LICENSE="GPL-2 FVWM"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="bidi debug gtk imlib nls perl png readline rplay stroke tk truetype xinerama"
+
+RDEPEND="readline? ( sys-libs/readline sys-libs/ncurses )
+		gtk? ( =x11-libs/gtk+-1.2*
+				imlib? ( media-libs/gdk-pixbuf
+						media-libs/imlib ) )
+		rplay? ( media-sound/rplay )
+		bidi? ( dev-libs/fribidi )
+		png? ( media-libs/libpng )
+		stroke? ( dev-libs/libstroke )
+		perl? ( tk? ( dev-lang/tk
+						dev-perl/perl-tk
+						>=dev-perl/X11-Protocol-0.56 ) )
+		truetype? ( virtual/xft media-libs/fontconfig )
+		dev-lang/perl
+		sys-libs/zlib
+		sys-apps/debianutils
+		|| ( (
+			x11-libs/libXpm
+			x11-libs/libXft
+			xinerama? ( x11-libs/libXinerama ) )
+		virtual/x11 )"
+# XXX:	gtk2 perl bindings require dev-perl/gtk2-perl, worth a dependency?
+# XXX:	gtk perl bindings require dev-perl/gtk-perl, worth a dependency?
+# XXX:	netpbm is used by FvwmScript-ScreenDump, worth a dependency?
+DEPEND="${RDEPEND}
+		dev-util/pkgconfig
+		!x11-wm/metisse
+		|| ( (
+			x11-libs/libXrandr
+			x11-proto/xextproto
+			x11-proto/xproto
+			xinerama? ( x11-proto/xineramaproto ) )
+		virtual/x11 )"
+
+src_unpack() {
+	unpack ${A}; export EPATCH_OPTS="-F3 -l"
+
+	# this patch enables fast translucent menus in fvwm. this is a
+	# minor tweak of a patch posted to fvwm-user mailing list by Olivier
+	# Chapuis in <20030827135125.GA6370@snoopy.folie>.
+	cd ${S}; epatch ${WORKDIR}/fvwm-2.5.18-translucent-menus.diff
+
+	# fixing #51287, the fvwm-menu-xlock script is not compatible
+	# with the xlockmore implementation in portage.
+	cd ${S}; epatch ${FILESDIR}/fvwm-menu-xlock-xlockmore-compat.diff
+
+	# fix security issue in fvwm-menu-directory when parsing directories
+	# with newlines.
+	cd ${S}; epatch ${FILESDIR}/fvwm-menu-directory-security.diff
+}
+
+src_compile() {
+	local myconf="--libexecdir=/usr/lib --with-imagepath=/usr/include/X11/bitmaps:/usr/include/X11/pixmaps:/usr/share/icons/fvwm --enable-package-subdirs"
+
+	# use readline in FvwmConsole.
+	if use readline; then
+		myconf="${myconf} --without-termcap-library"
+	fi
+
+	# FvwmGtk can be built as a gnome application, or a Gtk+ application.
+	if ! use gtk; then
+		myconf="${myconf} --disable-gtk --without-gnome"
+	else
+		if ! use imlib; then
+			einfo "ATTN: You can safely ignore any imlib related configure errors."
+			myconf="${myconf} --with-imlib-prefix=${T}"
+		fi
+		myconf="${myconf} --without-gnome"
+	fi
+
+	# set the local maintainer for fvwm-bug.
+	export FVWM_BUGADDR="taviso@gentoo.org"
+
+	# reccommended by upstream
+	append-flags -fno-strict-aliasing
+
+	econf ${myconf} `use_enable truetype xft` \
+					`use_with stroke stroke-library` \
+					`use_enable nls` \
+					`use_enable nls iconv` \
+					`use_enable png png-library` \
+					`use_enable bidi` \
+					`use_enable xinerama` \
+					`use_enable debug debug-msgs` \
+					`use_enable debug command-log` \
+					`use_enable perl perllib` \
+					`use_with readline readline-library` \
+					`use_with rplay rplay-library` || die
+	emake || die
+}
+
+src_install() {
+	make DESTDIR=${D} install || die
+
+	if use perl; then
+
+		local toolkits="gtk tcltk"
+
+		if ! use tk; then
+			# Remove the Tk bindings (requires perl-tk)
+			rm -f ${D}/usr/share/fvwm/perllib/FVWM/Module/Tk.pm
+			toolkits=${toolkits/tcltk/}
+		fi
+		if ! use gtk; then
+			# Remove gtk bindings (requires gtk-perl/gtk2-perl)
+			rm -f ${D}/usr/share/fvwm/perllib/FVWM/Module/Gtk.pm \
+				${D}/usr/share/fvwm/perllib/FVWM/Module/Gtk2.pm
+			toolkits=${toolkits/gtk/}
+		fi
+		toolkits=${toolkits// /}
+		if ! test "${toolkits}"; then
+			# No perl toolkit bindings wanted, remove the unneeded files
+			# and empty directories.
+			rm -f ${D}/usr/share/fvwm/perllib/FVWM/Module/Toolkit.pm
+			find ${D}/usr/share/fvwm/perllib -depth -type d -exec rmdir {} \; 2>/dev/null
+		fi
+	else
+		# Remove useless script if perllib isnt required.
+		rm -rf ${D}/usr/bin/fvwm-perllib ${D}/usr/share/man/man1/fvwm-perllib.1
+	fi
+
+	# neat utility for testing fvwm behaviour on applications setting various
+	# hints, creates a simple black window with configurable hints set.
+	if use debug; then
+		dobin ${S}/tests/hints/hints_test
+		newdoc ${S}/tests/hints/README README.hints
+	fi
+
+	# fvwm-convert-2.6 is just a stub, contains no code - remove it for now.
+	# fvwm-convert-2.2 has a man page, but the script is no longer distributed.
+	rm -f ${D}/usr/bin/fvwm-convert-2.6 ${D}/usr/share/man/man1/fvwm-convert-2.6.1
+	rm -f ${D}/usr/share/man/man1/fvwm-convert-2.2.1
+
+	# ive included `exec` to save a few bytes of memory.
+	echo "#!/bin/bash" > fvwm2
+	echo "exec /usr/bin/fvwm2" >> fvwm2
+
+	exeinto /etc/X11/Sessions
+	doexe fvwm2
+
+	dodoc AUTHORS ChangeLog COPYING README NEWS docs/ANNOUNCE docs/BUGS \
+	docs/COMMANDS docs/DEVELOPERS docs/FAQ docs/error_codes docs/TODO \
+	docs/fvwm.lsm
+
+	dodoc ${FILESDIR}/README.transluceny
+
+	# fix a couple of symlinks.
+	prepallman
+}
+
+pkg_postinst() {
+	einfo
+	einfo "For information about the changes in this release, please"
+	einfo "refer to the NEWS file."
+	einfo
+}
author	Tavis Ormandy <taviso@gentoo.org>	2006-11-13 22:12:39 +0000
committer	Tavis Ormandy <taviso@gentoo.org>	2006-11-13 22:12:39 +0000
commit	21a72ac7c2cc1ffa43173443b1d92df0741367ea (patch)
tree	ae32ea0ebda7bfb607add4a90bd823ed5a94a503 /x11-wm/fvwm
parent	Marked ppc stable for bug #155010. (diff)
download	historical-21a72ac7c2cc1ffa43173443b1d92df0741367ea.tar.gz historical-21a72ac7c2cc1ffa43173443b1d92df0741367ea.tar.bz2 historical-21a72ac7c2cc1ffa43173443b1d92df0741367ea.zip