Fix potential buffer overflow in identity application (#339355)

Fix bugs #351872 and #351658 (Use flag names, mysql support fix) Package-Manager: portage-2.1.9.25/cvs/Linux x86_64
author: Stanislav Ochotnicky <sochotnicky@gentoo.org> 2011-01-18 23:58:04 +0000
committer: Stanislav Ochotnicky <sochotnicky@gentoo.org> 2011-01-18 23:58:04 +0000
commit: d3ecb00be666de39817197bcbae75c26123a4918 (patch)
tree: 47a1c6aa45c1a5f83c71df08ca6028135f22f397 /net-p2p
parent: Moved from sunrise overlay. Thanks to Nathan Phillip Brink (ohnobinki) <ohnob... (diff)
download: historical-d3ecb00be666de39817197bcbae75c26123a4918.tar.gz
historical-d3ecb00be666de39817197bcbae75c26123a4918.tar.bz2
historical-d3ecb00be666de39817197bcbae75c26123a4918.zip
5 files changed, 81 insertions, 22 deletions
diff --git a/net-p2p/gnunet/ChangeLog b/net-p2p/gnunet/ChangeLog
index 7b05636c5f66..0fae1ca8533f 100644
--- a/net-p2p/gnunet/ChangeLog
+++ b/net-p2p/gnunet/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for net-p2p/gnunet
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-p2p/gnunet/ChangeLog,v 1.69 2011/01/14 00:52:11 sochotnicky Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-p2p/gnunet/ChangeLog,v 1.70 2011/01/18 23:58:04 sochotnicky Exp $
+
+*gnunet-0.8.1-r2 (18 Jan 2011)
+
+  18 Jan 2011; Stanislav Ochotnicky <sochotnicky@gentoo.org>
+  +files/0.8.1-Fix-buffer-overflow.patch, -gnunet-0.8.1-r1.ebuild,
+  +gnunet-0.8.1-r2.ebuild, metadata.xml:
+  Fix potential buffer overflow in identity application (#339355)
+  Fix bugs #351872 and #351658 (Use flag names, mysql support fix)
 
 *gnunet-0.8.1-r1 (14 Jan 2011)
 
diff --git a/net-p2p/gnunet/Manifest b/net-p2p/gnunet/Manifest
index 4b725f651f7e..cff77ee088cf 100644
--- a/net-p2p/gnunet/Manifest
+++ b/net-p2p/gnunet/Manifest
@@ -1,5 +1,9 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 AUX 0.7.3-configure.patch 520 RMD160 2153ddc2a34ff30350706b1c9ce29d3f382ec438 SHA1 60d9da70e741e54c9ed9012e44c407ac5cadfa39 SHA256 86182530281e5a9c2ec0b96f2f1e608141205525ec80fbac92402f876d822f65
 AUX 0.7.3-libtool.patch 422 RMD160 a2d989a6b89d33cf023179be5725be22e80c9885 SHA1 b34499932830bdcf711d95c7312dce3ddc818699 SHA256 14909ee0d964c62d3ea102db37100dd22f8dcdba9d70c8610380ef879a26fc52
+AUX 0.8.1-Fix-buffer-overflow.patch 1043 RMD160 71a5095f8418d9c57e0e0570bb85ad86842f19fe SHA1 ec5c49d7a22e8c9b6d0ceabe8ca9f7f660ca64f0 SHA256 946362b668aef9d23997914b5e1151c36646d411a4b821d9eef8d5797954898b
 AUX 0.8.1-asneeded.patch 1357 RMD160 76b9cb7ee017ee664831c4ec995f9098d3998307 SHA1 56c4045726e5f4436c7f07c223a684d4cdb32aeb SHA256 bc340fa816b7fa56631909929ac936c5b70965d6286eca8d581aad4907721b80
 AUX 0.8.1-parallel-build.patch 8322 RMD160 2d053d760dd647eee2130e08fafecdcd58a529aa SHA1 6aa5306d1e23a9c57435a469e58e5bdecacba9e4 SHA256 cb126d515996428e4546803073150b34ddde9e2026135a700ced689ecedba26a
 AUX gnunet.initd 643 RMD160 434eb6752143fbb600f96a58ed7c5ba1a47e654d SHA1 de7f208ce286a05310551a35345b2f02f5712831 SHA256 c6748f137d7c808685a741617e1449024bcb37dcfc11e883d859f5e0134744a6
@@ -8,7 +12,24 @@ DIST GNUnet-0.8.0.tar.bz2 1689291 RMD160 7e83e0ab94b341b28435bc740eb7d962d99d266
 DIST GNUnet-0.8.1.tar.gz 2339085 RMD160 42bf5a846ba07dfbaa7207b7cfb9524ee0729f11 SHA1 679157dd8673ac912ac158b6ec65fdbe9f91605b SHA256 84da584f2b60f2026a19e38d4264c794420135323644f7b0785d67ed44815355
 EBUILD gnunet-0.7.3-r1.ebuild 2750 RMD160 f9b697cad34a90bcdfcd74f0ec3d3249af58b810 SHA1 3dfe64810858c9c27be425db4a01bb0946fcdde9 SHA256 0911db0a6b488d34a0c014239ac3df662dbb632b9c616ac673f2fba2ff72b5a9
 EBUILD gnunet-0.8.0.ebuild 2661 RMD160 84b9b35fe8e65daff10782783ac94ed816bed530 SHA1 ac617920689ff7843f6b438cad0a8d901a807f2f SHA256 e143f699e6c857159dfdd290c6641eca2ddd2e4dd5a17a3b2072d7618500c174
-EBUILD gnunet-0.8.1-r1.ebuild 3414 RMD160 a3a7c5297b6f0caa2ca1de1b2ed60b1fb8b50b30 SHA1 c35415acd9e5add18e80a492940fd98d5c3384a1 SHA256 e92e0a62d1bf905d06cc44f8d70f7530510d3c354b381e02fdd097d4eb8c7c66
+EBUILD gnunet-0.8.1-r2.ebuild 3517 RMD160 44fe023a4bf0f4144bfcc1f2273b536bd027fe58 SHA1 f6b73a142f4d1137d2ae9715d122fedd8eeaa00c SHA256 2abc14ff46339c59421742cb576745bcc4bf3a37acfc3587f8a2e09a03508e39
 EBUILD gnunet-0.8.1.ebuild 2542 RMD160 d44367426cc74d576bf513b3900f9cb00b90e126 SHA1 bd5860674c364b996d891f91eab643b408f9c36f SHA256 28ae139d27f18644320e085b44092c021f4fc4471b651ca9fa835ac8ac83f5a6
-MISC ChangeLog 11234 RMD160 2c23dd57a3e2ea076fb67f8fe021a89c76e9f695 SHA1 d1e85c7cd822c417e3b1207c66c7796a642a4ce5 SHA256 f431ee82bfc117390851cd6123ed0f4673424048380c183176c2414814ec28dc
-MISC metadata.xml 884 RMD160 f5ec0449cd81373435a2f870a2041bd949d4f2ae SHA1 3fbe7ee88c99f2f3acef7414e97e08eb37e174eb SHA256 5c285b7ec7cfad50777af9cc296ee5e0a7cdda43230b11d427f8081e991b3ad6
+MISC ChangeLog 11569 RMD160 16772a8ab256c2802420caa9db5118d83be64d4c SHA1 528469eb174e197a19015d68df6ceffe0be840d9 SHA256 20d2df9cb56e9cf7bf30313ba4123f2fed24cb1e41acc18a490e9e194236ffc6
+MISC metadata.xml 964 RMD160 aa4d1f23ab4415bfc2c516dace424b4334526863 SHA1 64dd2062f89c20841bbab0a1ad7272f599e99d93 SHA256 e66ff6a15a90c6cf93bf1e7038112f1b5b7762dc901370a3bb50737f7d7135b2
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.16 (GNU/Linux)
+
+iQIcBAEBCAAGBQJNNikXAAoJELy9dS57CHJBbi4P/ij4fXHS2jCkqSLuKjq+1oSD
+dn+GpopMqPRoPJKDoErA7pOq1ccGBe7eIkMe+xIjJ1hOIFngdYv6kFG6URJkgWcy
+jPXD2CGOTOIyH2KMG4BBuVX7wjMyYyuy5xDJaLbq8paHdPUsu9VX4M96QpyXRvto
+YVw1fDtBrGVkp9+JKF7CpQyFuyFB5LtY8rb0KDBLLM4vUctuAB/FXP5FlM51NirN
+8LKAqmuO4bkZB8VTI5KwWUCgQXs+c8m3P61Fldt8tO9U4Wj5yNfOWcE8wQZryhXi
+PVxOM0mDquMvtFqfgt8pIB9tgtj6BheWP27cKUBzkh+lyX+l3y9gyXlAOsQvB98r
+3GtR9OkwQ/5kmbnJgWzFzGuVu6prOF8W7vW/6DJhtJErU2u46PfuX8fTuyiQLYzc
+4Z1JgH4Pn7b1dqVbeWnPktUBxtjJuIdhmi+siLAmBBMXCHPbTu1siVKepgVf2HrT
+ownLB5knJE25VBFSC75bK1FQ8w02ybKoySdNGlx4MgBLqE0IWLt6JDmU/e7Bwh0y
+tsoH2eukl2l1qj3kVnG/Kt85AbQQwMIFBf0VnLFHTK51gVisWOUVBQm7kUyE2aj1
+xNr6IV8h3bikMJuoh5FsimN9DmYuZtIL1B5YWE8djp8wC9Pqd4z1eMvUeBM9BTQ7
+3U0jyRyZ8ah7L4tNWoUP
+=L5B9
+-----END PGP SIGNATURE-----
diff --git a/net-p2p/gnunet/files/0.8.1-Fix-buffer-overflow.patch b/net-p2p/gnunet/files/0.8.1-Fix-buffer-overflow.patch
new file mode 100644
index 000000000000..b41a360a87f8
--- /dev/null
+++ b/net-p2p/gnunet/files/0.8.1-Fix-buffer-overflow.patch
@@ -0,0 +1,29 @@
+From d029cce1691ba78310763059c35ed08596ebf74f Mon Sep 17 00:00:00 2001
+From: Stanislav Ochotnicky <sochotnicky@gmail.com>
+Date: Sat, 15 Jan 2011 21:02:52 +0100
+Subject: [PATCH] Fix buffer overflow
+
+memset function was called incorrectly with address of a pointer
+instead of address where pointer was pointing
+
+See https://bugs.gentoo.org/show_bug.cgi?id=339355 for details
+---
+ src/applications/identity/identity.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/applications/identity/identity.c b/src/applications/identity/identity.c
+index 063c463..6d3cf65 100644
+--- a/src/applications/identity/identity.c
++++ b/src/applications/identity/identity.c
+@@ -423,7 +423,7 @@ getPeerIdentity (const GNUNET_RSA_PublicKey * pubKey,
+                  GNUNET_PeerIdentity * result)
+ {
+   if (pubKey == NULL)
+-    memset (&result, 0, sizeof (GNUNET_PeerIdentity));
++    memset (result, 0, sizeof (GNUNET_PeerIdentity));
+   else
+     GNUNET_hash (pubKey, sizeof (GNUNET_RSA_PublicKey), &result->hashPubKey);
+ }
+-- 
+1.7.3.4
+
diff --git a/net-p2p/gnunet/gnunet-0.8.1-r1.ebuild b/net-p2p/gnunet/gnunet-0.8.1-r2.ebuild
index dbe0c707c732..5651181543b7 100644
--- a/net-p2p/gnunet/gnunet-0.8.1-r1.ebuild
+++ b/net-p2p/gnunet/gnunet-0.8.1-r2.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-p2p/gnunet/gnunet-0.8.1-r1.ebuild,v 1.1 2011/01/14 00:52:11 sochotnicky Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-p2p/gnunet/gnunet-0.8.1-r2.ebuild,v 1.1 2011/01/18 23:58:04 sochotnicky Exp $
 
 EAPI=2
 
@@ -13,7 +13,7 @@ SRC_URI="http://gnunet.org/download/GNUnet-${PV}.tar.gz"
 #tests don't work
 RESTRICT="test"
 
-IUSE="nls +sqlite mysql c-ares adns +setup dialog gtk qt esmtp microhttpd"
+IUSE="nls +sqlite mysql ares adns +setup ncurses gtk qt4 smtp microhttpd"
 KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86"
 LICENSE="GPL-2"
 SLOT="0"
@@ -28,14 +28,14 @@ DEPEND=">=dev-libs/libgcrypt-1.2.0
 	mysql? ( >=virtual/mysql-4.0 )
 	!sqlite? ( !mysql? ( >=dev-db/sqlite-3.0.8 ) )
 	setup? ( >=dev-scheme/guile-1.8.0
-	  dialog? ( dev-util/dialog )
+	  ncurses? ( dev-util/dialog )
 	  gtk? ( >=x11-libs/gtk+-2.6.10
 			 gnome-base/libglade )
-	  qt? ( x11-libs/qt-gui )
+	  qt4? ( x11-libs/qt-gui )
 	)
 	adns? ( net-libs/adns )
-	c-ares? ( net-dns/c-ares )
-	esmtp? ( net-libs/libesmtp )
+	ares? ( net-dns/c-ares )
+	smtp? ( net-libs/libesmtp )
 	!ppc? ( !ppc64? ( !sparc? ( microhttpd? ( net-libs/libmicrohttpd ) ) ) )
 	nls? ( sys-devel/gettext )"
 
@@ -47,9 +47,9 @@ pkg_preinst() {
 }
 
 src_prepare() {
-	if ! use setup && ( use dialog || use gtk || use qt ); then
+	if ! use setup && ( use ncurses || use gtk || use qt4 ); then
 		ewarn
-		ewarn "You chose NOT to install setup utility. Ignoring setup frontends (dialog, gtk, qt)."
+		ewarn "You chose NOT to install setup utility. Ignoring setup frontends (ncurses, gtk, qt4)."
 		ewarn
 	fi
 
@@ -74,6 +74,7 @@ src_prepare() {
 
 	epatch "${FILESDIR}"/${PV}-asneeded.patch
 	epatch "${FILESDIR}"/${PV}-parallel-build.patch
+	epatch "${FILESDIR}"/${PV}-Fix-buffer-overflow.patch
 	eautoreconf
 }
 
@@ -90,17 +91,17 @@ src_configure() {
 		fi
 	fi
 
-	# doesn't work for --with-qt so use_with is unusable
-	use qt || myconf="${myconf} --without-qt"
+	# doesn't work for --with-qt4 so use_with is unusable
+	use qt4 || myconf="${myconf} --without-qt"
+	use mysql || myconf="${myconf} --without-mysql"
 
 	econf \
 		$(use_enable nls) \
-		$(use_with mysql) \
 		$(use_with gtk x) \
-		$(use_with dialog) \
+		$(use_with ncurses dialog) \
 		$(use_with adns) \
-		$(use_with c-ares) \
-		$(use_with esmtp) \
+		$(use_with ares c-ares) \
+		$(use_with smtp esmtp) \
 		$(use_with microhttpd) \
 		$(use_with setup guile) \
 		${myconf} || die "econf failed"
diff --git a/net-p2p/gnunet/metadata.xml b/net-p2p/gnunet/metadata.xml
index 0072b675e988..3db195b8358c 100644
--- a/net-p2p/gnunet/metadata.xml
+++ b/net-p2p/gnunet/metadata.xml
@@ -4,13 +4,13 @@
   <herd>net-p2p</herd>
   <longdescription>GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services</longdescription>
   <use>
-    <flag name="c-ares">enable asynchronous dns support through c-ares library</flag>
-    <flag name="esmtp">enable SMTP support</flag>
+    <flag name="ares">enable asynchronous dns support through <pkg>net-dns/c-ares</pkg> library</flag>
+    <flag name="smtp">enable SMTP support using <pkg>net-libs/libesmtp</pkg></flag>
     <flag name="microhttpd">enable embedded http server support</flag>
     <flag name="setup">enable setup wizard</flag>
-    <flag name="dialog">enable ncurses dialog setup wizard</flag>
+    <flag name="ncurses">enable ncurses setup wizard using <pkg>dev-util/dialog</pkg></flag>
     <flag name="gtk">enable gtk setup wizard</flag>
-    <flag name="qt">enable qt setup wizard</flag>
+    <flag name="qt4">enable qt4 setup wizard</flag>
     <flag name="sqlite">enable sqlite database backend</flag>
     <flag name="mysql">enable mysql database backend</flag>
   </use>
author	Stanislav Ochotnicky <sochotnicky@gentoo.org>	2011-01-18 23:58:04 +0000
committer	Stanislav Ochotnicky <sochotnicky@gentoo.org>	2011-01-18 23:58:04 +0000
commit	d3ecb00be666de39817197bcbae75c26123a4918 (patch)
tree	47a1c6aa45c1a5f83c71df08ca6028135f22f397 /net-p2p
parent	Moved from sunrise overlay. Thanks to Nathan Phillip Brink (ohnobinki) <ohnob... (diff)
download	historical-d3ecb00be666de39817197bcbae75c26123a4918.tar.gz historical-d3ecb00be666de39817197bcbae75c26123a4918.tar.bz2 historical-d3ecb00be666de39817197bcbae75c26123a4918.zip