diff --git a/media-libs/plib/files/plib-1.8.5-CVE-2011-4552.patch b/media-libs/plib/files/plib-1.8.5-CVE-2011-4552.patch new file mode 100644 index 0000000000000..78f1b22ae1292 --- /dev/null +++ b/media-libs/plib/files/plib-1.8.5-CVE-2011-4552.patch @@ -0,0 +1,54 @@ +--- plib-1.8.5/src/ssg/ssgParser.cxx~ ++++ plib-1.8.5/src/ssg/ssgParser.cxx +@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_WARNING, "%s", msgbuff ) ; ++ } + } + + +@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo + char msgbuff[ 255 ]; + va_list argp; + +- char* msgptr = msgbuff; +- if (linenum) +- { +- msgptr += sprintf ( msgptr,"%s, line %d: ", +- path, linenum ); +- } +- + va_start( argp, format ); +- vsprintf( msgptr, format, argp ); ++ vsnprintf( msgbuff, sizeof(msgbuff), format, argp ); + va_end( argp ); + +- ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ if (linenum) ++ { ++ ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ; ++ } else { ++ ulSetError ( UL_DEBUG, "%s", msgbuff ) ; ++ } + } + + // Opens the file and does a few internal calculations based on the spec. diff --git a/media-libs/plib/files/plib-1.8.5-CVE-2011-4620.patch b/media-libs/plib/files/plib-1.8.5-CVE-2011-4620.patch new file mode 100644 index 0000000000000..41fac5fe4c668 --- /dev/null +++ b/media-libs/plib/files/plib-1.8.5-CVE-2011-4620.patch @@ -0,0 +1,11 @@ +--- plib-1.8.5/src/util/ulError.cxx~ 2008-03-11 03:06:23.000000000 +0100 ++++ plib-1.8.5/src/util/ulError.cxx 2011-12-27 15:38:25.305676650 +0100 +@@ -39,7 +39,7 @@ void ulSetError ( enum ulSeverity severi + { + va_list argp; + va_start ( argp, fmt ) ; +- vsprintf ( _ulErrorBuffer, fmt, argp ) ; ++ vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ; + va_end ( argp ) ; + + if ( _ulErrorCB ) diff --git a/media-libs/plib/files/plib-1.8.5-X11.patch b/media-libs/plib/files/plib-1.8.5-X11.patch index 86bccc31c0e69..1d9e05360d372 100644 --- a/media-libs/plib/files/plib-1.8.5-X11.patch +++ b/media-libs/plib/files/plib-1.8.5-X11.patch @@ -1,5 +1,5 @@ ---- configure.in.old 2014-10-14 12:23:00.422971952 +0200 -+++ configure.in 2014-10-14 12:23:24.806746868 +0200 +--- configure.in.old ++++ configure.in @@ -276,7 +276,7 @@ LDFLAGS="$LDFLAGS $X_LIBS" diff --git a/media-libs/plib/plib-1.8.5-r1.ebuild b/media-libs/plib/plib-1.8.5-r1.ebuild new file mode 100644 index 0000000000000..f9045ab6a2a3e --- /dev/null +++ b/media-libs/plib/plib-1.8.5-r1.ebuild @@ -0,0 +1,34 @@ +# Copyright 1999-2014 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=5 +inherit flag-o-matic eutils autotools + +DESCRIPTION="multimedia library used by many games" +HOMEPAGE="http://plib.sourceforge.net/" +SRC_URI="http://plib.sourceforge.net/dist/${P}.tar.gz" + +LICENSE="LGPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86" + +DEPEND="virtual/opengl" +RDEPEND=${DEPEND} + +src_prepare() { + epatch \ + "${FILESDIR}"/${P}-X11.patch \ + "${FILESDIR}"/${P}-CVE-2011-4552.patch \ + "${FILESDIR}"/${P}-CVE-2011-4620.patch + + eautoreconf + # Since plib only provides static libraries, force + # building as PIC or plib is useless to amd64/etc... + append-flags -fPIC +} + +src_install() { + default + dodoc AUTHORS ChangeLog KNOWN_BUGS NOTICE README* TODO* +}