Fix buffer overflows wrt bug 339706. Thanks to Diego for the report.

Package-Manager: portage-2.1.9.13/cvs/Linux x86_64
author: Kacper Kowalik <xarthisius@gentoo.org> 2010-10-04 17:02:08 +0000
committer: Kacper Kowalik <xarthisius@gentoo.org> 2010-10-04 17:02:08 +0000
commit: a375e481b7a990838edc32227670c9ed0a013f52 (patch)
tree: a049e75a7108a0030fe0ca2edc97952e02908167 /sci-libs/ccp4-libs
parent: Masking net-misc/metacafe-dl for removal. (diff)
download: historical-a375e481b7a990838edc32227670c9ed0a013f52.tar.gz
historical-a375e481b7a990838edc32227670c9ed0a013f52.tar.bz2
historical-a375e481b7a990838edc32227670c9ed0a013f52.zip
4 files changed, 283 insertions, 6 deletions
diff --git a/sci-libs/ccp4-libs/ChangeLog b/sci-libs/ccp4-libs/ChangeLog
index ad17e3ca623e..a4ff4fa0ed12 100644
--- a/sci-libs/ccp4-libs/ChangeLog
+++ b/sci-libs/ccp4-libs/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for sci-libs/ccp4-libs
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sci-libs/ccp4-libs/ChangeLog,v 1.12 2010/07/16 10:14:47 jlec Exp $
+# $Header: /var/cvsroot/gentoo-x86/sci-libs/ccp4-libs/ChangeLog,v 1.13 2010/10/04 17:02:08 xarthisius Exp $
+
+*ccp4-libs-6.1.3-r4 (04 Oct 2010)
+
+  04 Oct 2010; Kacper Kowalik <xarthisius@gentoo.org>
+  +files/6.1.3-overflows.patch, +ccp4-libs-6.1.3-r4.ebuild:
+  Fix buffer overflows wrt bug 339706. Thanks to Diego for the report.
 
   16 Jul 2010; Justin Lecher <jlec@gentoo.org> -ccp4-libs-6.1.3.ebuild,
   -ccp4-libs-6.1.3-r1.ebuild, -ccp4-libs-6.1.3-r2.ebuild:
diff --git a/sci-libs/ccp4-libs/Manifest b/sci-libs/ccp4-libs/Manifest
index 28c6c61b84ec..65e165cdd45e 100644
--- a/sci-libs/ccp4-libs/Manifest
+++ b/sci-libs/ccp4-libs/Manifest
@@ -8,15 +8,19 @@ AUX 6.1.3-dont-make-dirs-in-configure.patch 2866 RMD160 ba49e45ab609a42a2d93b96f
 AUX 6.1.3-glibc2.10.patch 1018 RMD160 577ee4a6174df36bb8bac82738523f5c757df4b9 SHA1 48ad6d0d024c43d64277e4decba420d51e75a510 SHA256 d2a2ddf2a66738d94723b50797e279f64c8e057a3e584e33f9eb9c8d7ea0e532
 AUX 6.1.3-link-proberly.patch 8282 RMD160 c45d3d1931e6a083c0c96b819aff3f67873659b8 SHA1 b1be6f1f7162616a60f3e12fe02dbe4dd426e990 SHA256 f6623dfb0d270e5fbffe03f95b23c967ec8da34b3d0a1c5262941979a965f9ea
 AUX 6.1.3-noinstall.patch 5188 RMD160 d3b22f11d7c27b37243b003f03615af377c8e632 SHA1 d75402e7b23d3aa15e67cda6cec8c93864d509c2 SHA256 22d96aea9d3d5e6e090713e610b35bdb34eaff9157c41687b47294f0d62ccff7
+AUX 6.1.3-overflows.patch 904 RMD160 03d5f10e901734c6e21be3e68592711450df32cd SHA1 24a740658fae2f917061c2a032a43a60e75c5478 SHA256 e5c62922daf832b62e9ea1e14a2be0d54c88b035b78b5831eee07025dff9222a
 AUX 6.1.3-unbundle-libs.patch 9063 RMD160 326af0e6990134546fb2607dae707b94d4588149 SHA1 ef929532e45c12fb168e5fca4eb7fa8c857c376a SHA256 7e5fc919b5204e2d9141f7715afdd8a8b4e3e2a96e2bf95aa00fbd56046f1aa4
 DIST ccp4-6.1.3-core-src.tar.gz 242134076 RMD160 e9b7deb0766fb95d5e8946881f20e086f0896fe9 SHA1 ee5ada892694db5dc9b2d7d2330b4ac694f56580 SHA256 1e529c660e7f390ec0feca9d45caa00a2813d23156c10a2747c427117293c324
 EBUILD ccp4-libs-6.1.3-r3.ebuild 6485 RMD160 5ab8a0698a199249f37ab9fb611126c21be49d88 SHA1 80d50bcc94effe3669c14798bd4925edc0911c1e SHA256 141cb4b230b18d8e0ecb583a3620fc0d678a3a40f3ba666fd2e265e7171270b1
-MISC ChangeLog 2088 RMD160 f6c71b2a0e8ad9ea1df28739c5301e5b57fc1313 SHA1 d346a19788cb6c4bfac4680776fe4c3c9ffd9a28 SHA256 31f0818403b70d669741b2916edfab0999c739a90984d74184473e1ff0c79e88
+EBUILD ccp4-libs-6.1.3-r4.ebuild 6578 RMD160 d168c493511c97136f9a247896c37fc42d1287cd SHA1 8ebe838a59aed6425b66adb9eace39fa9abd38c8 SHA256 6f7d6a62b6d09e831963da44801a5e3a670d19aca576b4a7c04e5399a1be6b4b
+MISC ChangeLog 2315 RMD160 e680bae0787dc934fc6daf2fccd3592da4788d92 SHA1 d82f822df178eb48ef5343525e9a829627f95a87 SHA256 cf37cdb3e4b7b5025ae5dfc8cac9fcb282c6ee56ea722452b858820466f1754b
 MISC metadata.xml 306 RMD160 57ba72f54388a666851bda87e52d313d618084e3 SHA1 7d2f57cb3f35eb6d4567b211e01251b5945d4eb2 SHA256 af351be5ead71b377b6fa2fa118fb9aee74129afdc19f736b41596d3033106aa
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.15 (GNU/Linux)
+Version: GnuPG v2.0.16 (GNU/Linux)
 
-iEYEARECAAYFAkxAMRwACgkQgAnW8HDreRYItQCeIax3BYNY/ElSQ0p2ooh6rE9A
-/tkAn2Zbx1FUXAL4E7Lsq6SnwJct012z
-=2fA7
+iJwEAQECAAYFAkyqCJoACgkQIiMqcbOVdxTNIwQAggHdHTnIQPxUEdbY6rr1Fd2g
+bjDe/6FyW4aZzjrwyFJ3kCMlIHqlwrhPYIngUH+PB8rP6RhwPWmYHMBMgsIL+A8X
+2UAnBPhVlY8dAEH7fw+rbmSaw1FxtLMa8Ci4ckCPC9UnuI1BtCrCfIrBOLPhXGic
+DgdN9sIDVeMWKAGFf28=
+=4ywG
 -----END PGP SIGNATURE-----
diff --git a/sci-libs/ccp4-libs/ccp4-libs-6.1.3-r4.ebuild b/sci-libs/ccp4-libs/ccp4-libs-6.1.3-r4.ebuild
new file mode 100644
index 000000000000..52d48d9be57c
--- /dev/null
+++ b/sci-libs/ccp4-libs/ccp4-libs-6.1.3-r4.ebuild
@@ -0,0 +1,232 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sci-libs/ccp4-libs/ccp4-libs-6.1.3-r4.ebuild,v 1.1 2010/10/04 17:02:08 xarthisius Exp $
+
+EAPI="3"
+
+inherit fortran eutils gnuconfig multilib toolchain-funcs
+
+FORTRAN="g77 gfortran ifc"
+
+SRC="ftp://ftp.ccp4.ac.uk/ccp4"
+
+#UPDATE="04_03_09"
+#PATCHDATE="090511"
+
+MY_P="${P/-libs}"
+
+PATCH_TOT="0"
+# Here's a little scriptlet to generate this list from the provided
+# index.patches file
+#
+# i=1; while read -a line; do [[ ${line//#} != ${line} ]] && continue;
+# echo "PATCH${i}=( ${line[1]}"; echo "${line[0]} )"; (( i++ )); done <
+# index.patches
+#PATCH1=( src/topp_
+#topp.f-r1.16.2.5-r1.16.2.6.diff )
+#PATCH2=( .
+#configure-r1.372.2.18-r1.372.2.19.diff )
+
+DESCRIPTION="Protein X-ray crystallography toolkit"
+HOMEPAGE="http://www.ccp4.ac.uk/"
+SRC_URI="${SRC}/${PV}/${MY_P}-core-src.tar.gz"
+# patch tarball from upstream
+	[[ -n ${UPDATE} ]] && SRC_URI="${SRC_URI} ${SRC}/${PV}/updates/${P}-src-patch-${UPDATE}.tar.gz"
+# patches created by us
+	[[ -n ${PATCHDATE} ]] && SRC_URI="${SRC_URI} http://dev.gentooexperimental.org/~jlec/science-dist/${PV}-${PATCHDATE}-updates.patch.bz2"
+
+for i in $(seq $PATCH_TOT); do
+	NAME="PATCH${i}[1]"
+	SRC_URI="${SRC_URI}
+		${SRC}/${PV}/patches/${!NAME}"
+done
+
+LICENSE="ccp4"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
+IUSE=""
+
+RDEPEND="
+	media-libs/jpeg:0
+	app-shells/tcsh
+	!<sci-chemistry/ccp4-6.1.3
+	sci-libs/cbflib
+	=sci-libs/fftw-2*
+	sci-libs/mmdb
+	sci-libs/monomer-db
+	virtual/lapack
+	virtual/blas"
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${MY_P}"
+
+src_prepare() {
+	einfo "Applying upstream patches ..."
+	for patch in $(seq $PATCH_TOT); do
+		base="PATCH${patch}"
+		dir=$(eval echo \${${base}[0]})
+		p=$(eval echo \${${base}[1]})
+		pushd "${dir}" >& /dev/null
+		ccp_patch "${DISTDIR}/${p}"
+		popd >& /dev/null
+	done
+	einfo "Done."
+	echo
+
+	[[ -n ${PATCHDATE} ]] && epatch "${WORKDIR}"/${PV}-${PATCHDATE}-updates.patch
+
+	einfo "Applying Gentoo patches ..."
+	# fix buffer overflows wrt bug 339706
+	ccp_patch "${FILESDIR}"/${PV}-overflows.patch
+
+	# it tries to create libdir, bindir etc on live system in configure
+	ccp_patch "${FILESDIR}"/${PV}-dont-make-dirs-in-configure.patch
+
+	# gerror_ gets defined twice on ppc if you're using gfortran/g95
+	ccp_patch "${FILESDIR}"/6.0.2-ppc-double-define-gerror.patch
+
+	# make creation of libccif.so smooth
+	ccp_patch "${FILESDIR}"/${PV}-ccif-shared.patch
+
+	# lets try to build libmmdb seperatly
+	ccp_patch "${FILESDIR}"/${PV}-dont-build-mmdb.patch
+
+	# unbundle libjpeg and cbflib
+	ccp_patch "${FILESDIR}"/${PV}-unbundle-libs.patch
+
+	# Fix missing DESTIDR
+	# not installing during build
+	ccp_patch "${FILESDIR}"/${PV}-noinstall.patch
+	sed \
+		-e '/SHARE_INST/s:$(libdir):$(DESTDIR)/$(libdir):g' \
+		-i configure || die
+
+	einfo "Done." # done applying Gentoo patches
+	echo
+
+	sed \
+		-e "s:/usr:${EPREFIX}/usr:g" \
+		-e 's:-Wl,-rpath,$CLIB::g' \
+		-e 's: -rpath $CLIB::g' \
+		-e 's: -I${srcdir}/include/cpp_c_headers::g' \
+		-i configure || die
+
+	gnuconfig_update
+}
+
+src_configure() {
+
+	rm -rf lib/DiffractionImage/{jpg,CBFlib} || die
+
+	# Build system is broken if we set LDFLAGS
+	userldflags="${LDFLAGS}"
+	export SHARED_LIB_FLAGS="${LDFLAGS}"
+	unset LDFLAGS
+
+	# GENTOO_OSNAME can be one of:
+	# irix irix64 sunos sunos64 aix hpux osf1 linux freebsd
+	# linux_compaq_compilers linux_intel_compilers generic Darwin
+	# ia64_linux_intel Darwin_ibm_compilers linux_ibm_compilers
+	if [[ "${FORTRANC}" = "ifc" ]]; then
+		if use ia64; then
+			GENTOO_OSNAME="ia64_linux_intel"
+		else
+			# Should be valid for x86, maybe amd64
+			GENTOO_OSNAME="linux_intel_compilers"
+		fi
+	else
+		# Should be valid for x86 and amd64, at least
+		GENTOO_OSNAME="linux"
+	fi
+
+	# Sets up env
+	ln -s \
+		ccp4.setup-bash \
+		"${S}"/include/ccp4.setup
+
+	# We agree to the license by emerging this, set in LICENSE
+	sed -i \
+		-e "s~^\(^agreed=\).*~\1yes~g" \
+		"${S}"/configure
+
+	# Fix up variables -- need to reset CCP4_MASTER at install-time
+	sed -i \
+		-e "s~^\(setenv CCP4_MASTER.*\)/.*~\1"${WORKDIR}"~g" \
+		-e "s~^\(setenv CCP4I_TCLTK.*\)/usr/local/bin~\1${EPREFIX}/usr/bin~g" \
+		"${S}"/include/ccp4.setup*
+
+	# Set up variables for build
+	source "${S}"/include/ccp4.setup
+
+	export CC=$(tc-getCC)
+	export CXX=$(tc-getCXX)
+	export COPTIM=${CFLAGS}
+	export CXXOPTIM=${CXXFLAGS}
+	# Default to -O2 if FFLAGS is unset
+	export FC=${FORTRANC}
+	export FOPTIM=${FFLAGS:- -O2}
+#	export CCP4_SCR="${T}"
+
+	# Fix linking
+#	$(tc-getCC) ${userldflags} -shared -Wl,-soname,libmmdb.so -o libmmdb.so \${MMDBOBJS} $(gcc-config -L | awk -F: '{for(i=1; i<=NF; i++) printf " -L%s", $i}') -lm -lstdc++ && \
+	export SHARE_LIB="\
+		$(tc-getCC) ${userldflags} -shared -Wl,-soname,libccp4c.so -o libccp4c.so \${CORELIBOBJS} \${CGENERALOBJS} \${CUCOBJS} \${CMTZOBJS} \${CMAPOBJS} \${CSYMOBJS} -L../ccif/ -lccif $(gcc-config -L | awk -F: '{for(i=1; i<=NF; i++) printf " -L%s", $i}') -lm && \
+		${FORTRANC} ${userldflags} -shared -Wl,-soname,libccp4f.so -o libccp4f.so \${FORTRANLOBJS} \${FINTERFACEOBJS} -L../ccif/ -lccif -L. -lccp4c -lmmdb $(gcc-config -L | awk -F: '{for(i=1; i<=NF; i++) printf " -L%s", $i}') -lstdc++ -lgfortran -lm"
+
+	# Can't use econf, configure rejects unknown options like --prefix
+	./configure \
+		--onlylibs \
+		--with-shared-libs \
+		--with-fftw="${EPREFIX}"/usr \
+		--with-warnings \
+		--disable-cctbx \
+		--disable-clipper \
+		--tmpdir="${TMPDIR}" \
+		--bindir="${EPREFIX}"/usr/libexec/ccp4/bin/ \
+		--libdir="${EPREFIX}"/usr/$(get_libdir) \
+		${GENTOO_OSNAME} || die "econf failed"
+}
+
+src_compile() {
+	emake -j1 \
+		DESTDIR="${ED}" onlylib || die "emake failed"
+}
+
+src_install() {
+	# Set up variables for build
+	source "${S}"/include/ccp4.setup
+
+	emake -j1 \
+		DESTDIR="${ED}" \
+		includedir="${EPREFIX}"/usr/include \
+		library_includedir="${EPREFIX}"/usr/include \
+		install || die
+
+	# Libs
+	for file in "${S}"/lib/*; do
+		if [[ -d ${file} ]]; then
+			continue
+		elif [[ -x ${file} ]]; then
+			dolib.so ${file} || die
+		else
+			insinto /usr/$(get_libdir)
+			doins ${file} || die
+		fi
+	done
+
+	# Fix libdir in all *.la files
+	sed -i \
+		-e "s:^\(libdir=\).*:\1\'${EPREFIX}/usr/$(get_libdir)\':g" \
+		"${ED}"/usr/$(get_libdir)/*.la || die
+
+	# Data
+	insinto /usr/share/ccp4/data/
+	doins -r "${S}"/lib/data/{*.PARM,*.prt,*.lib,*.dic,*.idl,*.cif,*.resource,*.york,*.hist,fraglib,reference_structures} || die
+	dodoc "${S}"/lib/data/*.doc || die
+	newdoc "${S}"/lib/data/README DATA-README || die
+}
+
+# Epatch wrapper for bulk patching
+ccp_patch() {
+	EPATCH_SINGLE_MSG="  ${1##*/} ..." epatch ${1}
+}
diff --git a/sci-libs/ccp4-libs/files/6.1.3-overflows.patch b/sci-libs/ccp4-libs/files/6.1.3-overflows.patch
new file mode 100644
index 000000000000..0e3c941d1cc2
--- /dev/null
+++ b/sci-libs/ccp4-libs/files/6.1.3-overflows.patch
@@ -0,0 +1,35 @@
+Fix overflows and array subscript above array bounds
+
+http://bugs.gentoo.org/show_bug.cgi?id=339706
+
+--- ccp4-6.1.3/lib/ccif/f_interface.c
++++ ccp4-6.1.3/lib/ccif/f_interface.c
+@@ -926,7 +926,7 @@
+ #endif
+ 
+ {
+-  char logname_c[81];
++  char logname_c[MAXFLEN];
+   size_t Length;
+   int unit;
+   CIF_FILE_LIST file_list_entry;
+@@ -4064,7 +4064,7 @@
+ #endif
+ 
+ {
+-   char lognam_c[81], *blknam_c;
++   char lognam_c[MAXFLEN], *blknam_c;
+    size_t loglen, blklen;
+    int i, j, new;
+    
+--- ccp4-6.1.3/lib/src/ccp4_diskio_f.c
++++ ccp4-6.1.3/lib/src/ccp4_diskio_f.c
+@@ -705,7 +705,7 @@
+       log_name = strdup("diskio.dft"); 
+     if (!(file_name = getenv(log_name)))
+       file_name = log_name;
+-    for ( *istrm = 1; *istrm == MAXFILES; *istrm++)
++    for ( *istrm = 1; *istrm < MAXFILES; *istrm++)
+       if (!strcmp(file_name,_ioChannels[*istrm]->iobj->name)) break;
+   }
+   if (*istrm != MAXFILES) {
author	Kacper Kowalik <xarthisius@gentoo.org>	2010-10-04 17:02:08 +0000
committer	Kacper Kowalik <xarthisius@gentoo.org>	2010-10-04 17:02:08 +0000
commit	a375e481b7a990838edc32227670c9ed0a013f52 (patch)
tree	a049e75a7108a0030fe0ca2edc97952e02908167 /sci-libs/ccp4-libs
parent	Masking net-misc/metacafe-dl for removal. (diff)
download	historical-a375e481b7a990838edc32227670c9ed0a013f52.tar.gz historical-a375e481b7a990838edc32227670c9ed0a013f52.tar.bz2 historical-a375e481b7a990838edc32227670c9ed0a013f52.zip