diff options
| -rw-r--r-- | app-office/dia/ChangeLog | 8 | ||||
| -rw-r--r-- | app-office/dia/Manifest | 13 | ||||
| -rw-r--r-- | app-office/dia/dia-0.94-r3.ebuild | 60 | ||||
| -rw-r--r-- | app-office/dia/files/dia-0.94-secure-eval.patch | 52 | ||||
| -rw-r--r-- | app-office/dia/files/digest-dia-0.94-r3 | 1 |
5 files changed, 128 insertions, 6 deletions
diff --git a/app-office/dia/ChangeLog b/app-office/dia/ChangeLog index 4a4c553e4651..2a99e84b1a3d 100644 --- a/app-office/dia/ChangeLog +++ b/app-office/dia/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for app-office/dia # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/app-office/dia/ChangeLog,v 1.65 2005/10/03 11:44:49 hardave Exp $ +# $Header: /var/cvsroot/gentoo-x86/app-office/dia/ChangeLog,v 1.66 2005/10/03 16:09:38 dang Exp $ + +*dia-0.94-r3 (03 Oct 2005) + + 03 Oct 2005; <dang@gentoo.org> +files/dia-0.94-secure-eval.patch, + +dia-0.94-r3.ebuild: + Fix insecure python eval. Bug #107916 03 Oct 2005; Hardave Riar <hardave@gentoo.org> dia-0.94-r2.ebuild: Keyworded ~mips. diff --git a/app-office/dia/Manifest b/app-office/dia/Manifest index f20e0bafdb39..695c39849e3c 100644 --- a/app-office/dia/Manifest +++ b/app-office/dia/Manifest @@ -1,11 +1,14 @@ -MD5 c57cafd890da8aac8be9d42dfc7b0c55 ChangeLog 7967 +MD5 e64a64c8b1e5e3be5cf29d34c7374513 dia-0.94-r2.ebuild 1655 MD5 a2e230eb1d422d8da320507fb3de7838 dia-0.94-r1.ebuild 1479 +MD5 05fbc035052c9478c28eed171adf35b5 dia-0.94-r3.ebuild 1747 +MD5 c57cafd890da8aac8be9d42dfc7b0c55 ChangeLog 7967 MD5 858a96d79b7c8b479edd95aedcf0c0c6 metadata.xml 589 -MD5 e64a64c8b1e5e3be5cf29d34c7374513 dia-0.94-r2.ebuild 1655 -MD5 275b4e09a76a808202872cae5ac90f7c files/0.94-disable_python_gtk_import.patch 313 MD5 159070f80a109b691f1a945755bf2b7c files/dia-0.94-gcc4.patch 934 -MD5 364d452e7bd501c01910f613c066608e files/dia-0.94-help.patch 2766 +MD5 84f2dd6bc760e8dce273ceda328ef76e files/dia-0.94-secure-eval.patch 1940 MD5 5825798492b196ec96d3757e9e1d0de8 files/dia-0.94-no_font_cache.patch 473 MD5 c6257d6dad2b46a83757991db3f3e6c5 files/digest-dia-0.94-r1 62 -MD5 bf246d9c1eae9246fd3026d76077d7c3 files/dia-0.94-db2man.patch 901 MD5 c6257d6dad2b46a83757991db3f3e6c5 files/digest-dia-0.94-r2 62 +MD5 c6257d6dad2b46a83757991db3f3e6c5 files/digest-dia-0.94-r3 62 +MD5 364d452e7bd501c01910f613c066608e files/dia-0.94-help.patch 2766 +MD5 275b4e09a76a808202872cae5ac90f7c files/0.94-disable_python_gtk_import.patch 313 +MD5 bf246d9c1eae9246fd3026d76077d7c3 files/dia-0.94-db2man.patch 901 diff --git a/app-office/dia/dia-0.94-r3.ebuild b/app-office/dia/dia-0.94-r3.ebuild new file mode 100644 index 000000000000..ebfe19d94a04 --- /dev/null +++ b/app-office/dia/dia-0.94-r3.ebuild @@ -0,0 +1,60 @@ +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/app-office/dia/dia-0.94-r3.ebuild,v 1.1 2005/10/03 16:09:38 dang Exp $ + +inherit eutils gnome2 + +DESCRIPTION="Diagram/flowchart creation program" +HOMEPAGE="http://www.gnome.org/projects/dia/" +LICENSE="GPL-2" + +SLOT="0" +KEYWORDS="~alpha ~amd64 ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86" +IUSE="gnome png python static zlib" + +RDEPEND=">=x11-libs/gtk+-2 + >=x11-libs/pango-1.1.5 + >=dev-libs/libxml2-2.3.9 + >=dev-libs/libxslt-1 + >=media-libs/freetype-2.0.9 + dev-libs/popt + zlib? ( sys-libs/zlib ) + png? ( media-libs/libpng + >=media-libs/libart_lgpl-2 ) + gnome? ( >=gnome-base/libgnome-2.0 + >=gnome-base/libgnomeui-2.0 ) + python? ( >=dev-lang/python-1.5.2 + >=dev-python/pygtk-1.99 ) + ~app-text/docbook-xml-dtd-4.2 + app-text/docbook-xsl-stylesheets" + +DEPEND="${RDEPEND} + >=dev-util/intltool-0.21 + dev-util/pkgconfig" + +G2CONF="${G2CONF} $(use_enable gnome) $(use_with python) $(use_enable static)" + +DOCS="AUTHORS ChangeLog KNOWN_BUGS NEWS README RELEASE-PROCESS THANKS TODO" + +src_unpack() { + unpack ${A} + cd ${S} + + # Disable python -c 'import gtk' during compile to prevent using + # X being involved (#31589) + epatch ${FILESDIR}/${PV}-disable_python_gtk_import.patch + + # Fix generation of the man page (bug #98610). + rm doc/en/dia.1 + epatch ${FILESDIR}/${P}-db2man.patch + autoconf || die "Autoconf failed" + + # Disable buggy font cache. See bug #81227. + epatch ${FILESDIR}/${P}-no_font_cache.patch + # Fix help display. See bug #83726. + epatch ${FILESDIR}/${P}-help.patch + # GCC 4 compile fixes + epatch ${FILESDIR}/${P}-gcc4.patch + # Fix python execution hole. bug #107916 + epatch ${FILESDIR}/${P}-secure-eval.patch +} diff --git a/app-office/dia/files/dia-0.94-secure-eval.patch b/app-office/dia/files/dia-0.94-secure-eval.patch new file mode 100644 index 000000000000..7126dc78838c --- /dev/null +++ b/app-office/dia/files/dia-0.94-secure-eval.patch @@ -0,0 +1,52 @@ +Index: plug-ins/python/diasvg_import.py +=================================================================== +--- plug-ins/python/diasvg_import.py (revision 7) ++++ plug-ins/python/diasvg_import.py (working copy) +@@ -54,6 +54,10 @@ + return (int(m.group(1)) / 255.0, int(m.group(2)) / 255.0, int(m.group(2)) / 255.0) + # any more ugly color definitions not compatible with pango_color_parse() ? + return string.strip(s) ++ ++def eval_secure(s): ++ return string.translate(s, string.maketrans("\"()", "___")) ++ + class Object : + def __init__(self) : + self.props = {"x" : 0, "y" : 0, "stroke" : "none"} +@@ -65,7 +69,8 @@ + sp2 = string.split(string.strip(s1), ":") + if len(sp2) == 2 : + try : +- eval("self." + string.replace(sp2[0], "-", "_") + "(\"" + string.strip(sp2[1]) + "\")") ++ eval("self." + eval_secure(string.replace(sp2[0], "-", "_")) + ++ "(\"" + eval_secure(string.strip(sp2[1])) + "\")") + except AttributeError : + self.props[sp2[0]] = string.strip(sp2[1]) + def x(self, s) : +@@ -282,7 +287,7 @@ + def CopyProps(self, dest) : + # to be used to inherit group props to childs _before_ they get their own + for p in self.props.keys() : +- sf = "dest." + string.replace(p, "-", "_") + "(\"" + str(self.props[p]) + "\")" ++ sf = "dest." + eval_secure(string.replace(p, "-", "_")) + "(\"" + eval_secure(str(self.props[p])) + "\")" + try : # accessor first + eval(sf) + except : +@@ -561,7 +566,7 @@ + o = Group() + stack.append(o) + else : +- s = string.capitalize(name) + "()" ++ s = eval_secure(string.capitalize(name)) + "()" + try : + o = eval(s) + except : +@@ -575,7 +580,7 @@ + ma = string.replace(a, "-", "_") + # e.g. xlink:href -> xlink__href + ma = string.replace(ma, ":", "__") +- s = "o." + ma + "(\"" + attrs[a] + "\")" ++ s = "o." + eval_secure(ma) + "(\"" + eval_secure(attrs[a]) + "\")" + try : + eval(s) + except AttributeError, msg : diff --git a/app-office/dia/files/digest-dia-0.94-r3 b/app-office/dia/files/digest-dia-0.94-r3 new file mode 100644 index 000000000000..a4366b0c6a35 --- /dev/null +++ b/app-office/dia/files/digest-dia-0.94-r3 @@ -0,0 +1 @@ +MD5 63584224912dab49fed8d2cf87ea2d85 dia-0.94.tar.bz2 3348869 |