Apply patch to fix possible buffer overflows. Thanks to Kevin Pyle for the patch. Bug #338619

Package-Manager: portage-2.2_rc86/cvs/Linux x86_64
author: Markos Chandras <hwoarang@gentoo.org> 2010-10-05 17:40:25 +0000
committer: Markos Chandras <hwoarang@gentoo.org> 2010-10-05 17:40:25 +0000
commit: 77d6bfbfb00e47e276311f11e70f879d2e420b0a (patch)
tree: d1fa9cbc962cb7330a5e83f32af79ddf7d929ab2 /media-video/avidemux
parent: Old. (diff)
download: historical-77d6bfbfb00e47e276311f11e70f879d2e420b0a.tar.gz
historical-77d6bfbfb00e47e276311f11e70f879d2e420b0a.tar.bz2
historical-77d6bfbfb00e47e276311f11e70f879d2e420b0a.zip
5 files changed, 68 insertions, 170 deletions
diff --git a/media-video/avidemux/ChangeLog b/media-video/avidemux/ChangeLog
index cf2fabfd6bef..493ddadcee0d 100644
--- a/media-video/avidemux/ChangeLog
+++ b/media-video/avidemux/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for media-video/avidemux
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/avidemux/ChangeLog,v 1.173 2010/09/18 11:06:52 lxnay Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/avidemux/ChangeLog,v 1.174 2010/10/05 17:40:25 hwoarang Exp $
+
+*avidemux-2.5.3-r3 (05 Oct 2010)
+
+  05 Oct 2010; Markos Chandras <hwoarang@gentoo.org>
+  -avidemux-2.5.3-r1.ebuild, -avidemux-2.5.3-r2.ebuild,
+  +avidemux-2.5.3-r3.ebuild, +files/avidemux-2.5.3-fix-fgets-fortify.patch:
+  Apply patch to fix possible buffer overflows. Thanks to Kevin Pyle for the
+  patch. Bug #338619
 
   18 Sep 2010; Fabio Erculiani <lxnay@gentoo.org>
   avidemux-2.5.1_p5428.ebuild, avidemux-2.5.2.ebuild,
diff --git a/media-video/avidemux/Manifest b/media-video/avidemux/Manifest
index 4c2126f6e2de..584d7b94dadd 100644
--- a/media-video/avidemux/Manifest
+++ b/media-video/avidemux/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 AUX 2.5.3_field_asm_fix.diff 4377 RMD160 d7f90a7086ac1a1112681832eb9af9d6d0ea73dd SHA1 bfd66b5a5cc98f2f1eedf2f3a9b67a11cdb973df SHA256 6f8093983b0bd53ef50e2f7aa22beb85147c2a4566c0faa9416fb90f282aa6b5
 AUX avidemux-2.4-cmake264.patch 820 RMD160 e02c32891a257dd6e14e2b6aa464232cea222429 SHA1 387804ad24a816a24a036b57692cee9ff13e728f SHA256 693958df6c16d467e3c4a0b9dc56861c2c1bf8eed051de5cd7422b274d5d68af
 AUX avidemux-2.4-i18n.patch 1676 RMD160 5cc06702f8a4d96a12630d4f543035baa5ccac0f SHA1 32557519caeed3b236f48b40d5ee8953b2d03197 SHA256 ab978ed96a2689af2e01ad8b9a08ed9bd4b2f8e4c6721d9598964f1fd8a5e6d2
@@ -6,6 +9,7 @@ AUX avidemux-2.4.4-gcc-4.4.patch 3946 RMD160 1be6fb90f05befb0399ef38ccb6358d082f
 AUX avidemux-2.5.1-build-plugins-fix.patch 438 RMD160 4ddd7d69679940efbb783149e5c994e2036e65ea SHA1 5988536e2d74fe3b050026fee6a22ba0a85d037b SHA256 4316a65d59a3eedd482ae845d586d50e67311cb4a7c8680aca3d67c575c53a1f
 AUX avidemux-2.5.2-altivec-bool.patch 330 RMD160 694d756e3ea022b95833cbf988d363950787358d SHA1 437a342b63d66eb817e46a0a67ea3a4e4069aef8 SHA256 4fe3455a9e7441e19160814147385d98106e69ea21e7172f87c429bfca9e5744
 AUX avidemux-2.5.3-build-plugins-fix.patch 469 RMD160 9788ca88e4016b90e7e4fd2a17db0dd7abdcd324 SHA1 833d977f6ea873d611f01111de8f6e4abf43cc17 SHA256 579fd684d271e4858b35187603065e03a1fb6f2309e9d4e76ae2c30719c78d4c
+AUX avidemux-2.5.3-fix-fgets-fortify.patch 1313 RMD160 8f0d81b331ad6f28f3e989f11a07a7d9b3fae4d7 SHA1 c41b1116970660a051c87c7e536ad36e1ca5a3e6 SHA256 f75bf00058715479d4e1d531e81aefc6db8375de509b3001bdba0332a6bb09fd
 AUX avidemux-pulseaudiosimple.patch 840 RMD160 7ac4ec7030524c94400cefc3eaf7b9cc55b65958 SHA1 4cff8353b11008c7da880357ef32c4c59fdcbe50 SHA256 1fa35c31f95e7276e816c47ba46977e4ad102ccf70652f95196df1bf9a1587b1
 AUX lavcodec-mpegvideo_mmx-asm-fix.patch 2443 RMD160 3b1b315ef1e5083f95807ce5419196c832a66aad SHA1 0bd5ca05d373f7fd63cafb03d5514cfc86d8504c SHA256 c6cfcf06da8a254e542077a7ac728be220d41fc0ad3c4b7001ac63de5f36bc6c
 DIST avidemux-2.5-r5428.tar.bz2 11433656 RMD160 ae72e5d03f2c12b1a9e64ed9cd57a00c84eac841 SHA1 d29d7a2d1054108bc20b4371be9c5ab29816a2e6 SHA256 42e3d596d8ac106120f88a77442a5a916fd34c64b09940f70d3156221cd7e50c
@@ -18,7 +22,13 @@ EBUILD avidemux-2.4.4-r2.ebuild 3538 RMD160 e88f8a04653b628a1300b4d73473a320f2a7
 EBUILD avidemux-2.5.1-r2.ebuild 4955 RMD160 bf3971eec4b58d10c6d5241af9f8725d78c9f101 SHA1 66279aae61f9a66503f628c5358a1776e03e33e0 SHA256 4a1a5ddcef86f2e9e0d9141b8172ad31246a499415fb903ac07faf38c22ca374
 EBUILD avidemux-2.5.1_p5428.ebuild 4883 RMD160 80b9a527a782c664733467084f138ccdc71f0a89 SHA1 db0e69a15c0d5d4fd5b5e852bdd2f11c091d345c SHA256 0bbb7321abd8856e688701427e539da708711f27674a50e04555e2f89e0f615e
 EBUILD avidemux-2.5.2.ebuild 5078 RMD160 01d9643f16ca4cda45bfbf4dfe859333e39d2401 SHA1 93251a2ea6448aee30cac7b5c7b15d104da30c1c SHA256 eec2b223b81e4129d042a4e8229b2ee760f93559d6455c95aef68edee0489379
-EBUILD avidemux-2.5.3-r1.ebuild 4975 RMD160 d0d6ec283d2f97e0f4317e5f038d7ae91062dc98 SHA1 a32bb8127007e20ad6aff2757c4ad357cd89e808 SHA256 ff58e865949ee1b3c77d7960fffa8007d9aa1dde92e47364cd51442b9025a100
-EBUILD avidemux-2.5.3-r2.ebuild 5102 RMD160 2a8771099074393e14ca42e7cf8f5b4d15139d8d SHA1 e29227628b91637ecf9975d71c1b729eddd7cb93 SHA256 80d3e0e580e6254b925b010b6f06b786f4085e0e4194b8a87aa496bcace25047
-MISC ChangeLog 31175 RMD160 eff69f96d7c8dc0306eb47800253dab71628c6de SHA1 eb3592ea7eda3863a8d96d454961d74088bc5d9f SHA256 013537a3d05d01f1a3258234a6dad8f64279d844086e766579c510930c4966bd
+EBUILD avidemux-2.5.3-r3.ebuild 5194 RMD160 7996e9bbfb4f8834706ea3252a5c5bc8d170eb00 SHA1 63ccb96164a400f86730892870b07d610e3dc6f4 SHA256 4d747694ee4e2b77e323137ce9298564d6daa77d6bf4d83c6e133f76b29791e4
+MISC ChangeLog 31496 RMD160 9e0fa8d2313105fdf68d81768137b26fc057f17e SHA1 796710d2319e649d43fc843aad705c8d58dc23a5 SHA256 38a82d5f07d0ac07cdb300747e061d1679d74506c559f4a6faf082a14e3993a0
 MISC metadata.xml 485 RMD160 95a87d5c668b8ebcf81bda32aa17066dd4c8482e SHA1 0b52f00590772f6caa104e4a8ac830ddf230e95c SHA256 07609a99bbf9772db5da33f0a6fe4fd72f1e6d60ccd96961ee9032bcd331b5c6
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.16 (GNU/Linux)
+
+iEYEARECAAYFAkyrYtYACgkQ9/cejkQaxBCXVwCfXcVMvPzuD5O08Uq/HkL9rLDH
+CaYAnirEU8cOstQI32eZq5kF6iDSPpUM
+=er1J
+-----END PGP SIGNATURE-----
diff --git a/media-video/avidemux/avidemux-2.5.3-r1.ebuild b/media-video/avidemux/avidemux-2.5.3-r1.ebuild
deleted file mode 100644
index 9bfbf8230e91..000000000000
--- a/media-video/avidemux/avidemux-2.5.3-r1.ebuild
+++ /dev/null
@@ -1,165 +0,0 @@
-# Copyright 1999-2010 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/avidemux/avidemux-2.5.3-r1.ebuild,v 1.2 2010/09/18 11:06:52 lxnay Exp $
-
-EAPI="2"
-
-inherit cmake-utils flag-o-matic
-
-MY_P=${PN}_${PV}
-
-DESCRIPTION="Video editor designed for simple cutting, filtering and encoding tasks"
-HOMEPAGE="http://fixounet.free.fr/avidemux"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="2"
-KEYWORDS="~amd64 ~ppc ~x86"
-IUSE="+aac +aften +alsa amr +dts esd jack libsamplerate +mp3 nls oss
-	pulseaudio +sdl +truetype +vorbis +x264 +xv +xvid gtk +qt4"
-
-RDEPEND="dev-libs/libxml2
-	aac? ( media-libs/faac
-		media-libs/faad2 )
-	aften? ( media-libs/aften )
-	alsa? ( media-libs/alsa-lib )
-	amr? ( media-libs/opencore-amr )
-	dts? ( media-libs/libdca )
-	mp3? ( media-sound/lame )
-	esd? ( media-sound/esound )
-	jack? ( media-sound/jack-audio-connection-kit )
-	libsamplerate? ( media-libs/libsamplerate )
-	oss? ( media-libs/alsa-oss )
-	pulseaudio? ( media-sound/pulseaudio )
-	sdl? ( media-libs/libsdl )
-	truetype? ( media-libs/freetype:2
-		media-libs/fontconfig )
-	vorbis? ( media-libs/libvorbis )
-	x264? ( media-libs/x264 )
-	xv? ( x11-libs/libXv )
-	xvid? ( media-libs/xvid )
-	gtk? ( x11-libs/gtk+:2 )
-	qt4? ( x11-libs/qt-gui:4 )"
-DEPEND="${RDEPEND}
-	nls? ( sys-devel/gettext )
-	dev-util/pkgconfig
-	dev-util/cmake"
-
-S=${WORKDIR}/${MY_P}
-BUILD_S=${WORKDIR}/${P}_build
-
-AVIDEMUX_LANGS="bg ca cs de el es fr it ja pt_BR ru sr sr@latin tr zh_TW"
-for L in ${AVIDEMUX_LANGS}; do
-	IUSE="${IUSE} linguas_${L}"
-done
-
-PATCHES=(
-	"${FILESDIR}/${PV}_field_asm_fix.diff"
-	"${FILESDIR}/${P}-build-plugins-fix.patch"
-)
-
-src_prepare() {
-	base_src_prepare
-
-	local po_files=
-	local qt_ts_files=
-	local avidemux_ts_files=
-	for lingua in ${LINGUAS}; do
-		if has ${lingua} ${AVIDEMUX_LANGS}; then
-			if [[ -e ${S}/po/${lingua}.po ]]; then
-				po_files="${po_files} \${po_subdir}/${lingua}.po"
-			fi
-			if [[ -e ${S}/po/qt_${lingua}.ts ]]; then
-				qt_ts_files="${qt_ts_files} \${ts_subdir}/qt_${lingua}.ts"
-			fi
-			if [[ -e ${S}/po/${PN}_${lingua}.ts ]]; then
-				avidemux_ts_files="${avidemux_ts_files} \${ts_subdir}/${PN}_${lingua}.ts"
-			fi
-		fi
-	done
-
-	sed -i -e "s!FILE(GLOB po_files .*)!SET(po_files ${po_files})!" \
-		"${S}/cmake/Po.cmake" || die "sed failed"
-	sed -i -e "s!FILE(GLOB.*qt.*)!SET(ts_files ${qt_ts_files})!" \
-	    -e "s!FILE(GLOB.*avidemux.*)!SET(ts_files ${avidemux_ts_files})!" \
-		"${S}/cmake/Ts.cmake" || die "sed failed"
-	#fix exec command wrt bug #316599 and #291453
-	sed -i "/Exec/s:\[\$e\]::" ${PN}2-gtk.desktop
-}
-
-src_configure() {
-	### Add lax vector typing for PowerPC
-	if use ppc || use ppc64; then
-		append-cflags "-flax-vector-conversions"
-	fi
-
-	mycmakeargs="${mycmakeargs}
-		-DAVIDEMUX_SOURCE_DIR='${S}'
-		-DAVIDEMUX_INSTALL_PREFIX='${BUILD_S}'
-		-DAVIDEMUX_CORECONFIG_DIR='${BUILD_S}/config'"
-
-	# CMakeLists.txt
-	use gtk || mycmakeargs="${mycmakeargs} -DGTK=0"
-	use qt4 || mycmakeargs="${mycmakeargs} -DQT4=0"
-
-	# cmake/admCheckMiscLibs.cmake
-	use nls || mycmakeargs="${mycmakeargs} -DGETTEXT=0"
-	use sdl || mycmakeargs="${mycmakeargs} -DSDL=0"
-	use xv || mycmakeargs="${mycmakeargs} -DXVIDEO=0"
-
-	# cmake/admCheckAudioDeviceLibs.cmake
-	use alsa || mycmakeargs="${mycmakeargs} -DALSA=0"
-	use esd || mycmakeargs="${mycmakeargs} -DESD=0"
-	use jack || mycmakeargs="${mycmakeargs} -DJACK=0"
-	use oss || mycmakeargs="${mycmakeargs} -DOSS=0"
-	use pulseaudio || mycmakeargs="${mycmakeargs} -DPULSEAUDIOSIMPLE=0"
-
-	# cmake/admCheckAudioEncoderLibs.cmake
-	use aften || mycmakeargs="${mycmakeargs} -DAFTEN=0"
-	use mp3 || mycmakeargs="${mycmakeargs} -DLAME=0"
-	use aac || mycmakeargs="${mycmakeargs} -DFAAC=0"
-	use vorbis || mycmakeargs="${mycmakeargs} -DVORBIS=0"
-
-	# plugins/ADM_audioDecoders
-	use aac || mycmakeargs="${mycmakeargs} -DFAAD=0"
-	use dts || mycmakeargs="${mycmakeargs} -DLIBDCA=0"
-
-	# opencore
-	use amr || mycmakeargs="${mycmakeargs} -DOPENCORE_AMRNB=0 -DOPENCORE_AMRWB=0"
-
-	# plugins/ADM_videoFilters
-	use truetype || mycmakeargs="${mycmakeargs} -DFREETYPE2=0 -DFONTCONFIG=0"
-
-	# plugins/ADM_videoEncoder
-	use xvid || mycmakeargs="${mycmakeargs} -DXVID=0"
-	use x264 || mycmakeargs="${mycmakeargs} -DX264=0"
-
-	cmake-utils_src_configure
-}
-
-src_compile() {
-	# first build the application
-	cmake-utils_src_compile
-	# and then go on with plugins
-	emake -C "${CMAKE_BUILD_DIR}/plugins" || die "building plugins failed"
-}
-
-src_install() {
-	# install the application
-	cmake-utils_src_install
-	# install plugins
-	emake -C "${CMAKE_BUILD_DIR}/plugins" DESTDIR="${D}" install \
-		|| die "installing plugins failed"
-
-	dodoc AUTHORS || die "dodoc failed"
-	newicon ${PN}_icon.png ${PN}.png || die "installing icon failed"
-
-	if use qt4; then
-		sed -i "s/\(${PN}2_\)gtk/\1qt4/" ${PN}2.desktop || die "sed failed"
-		domenu ${PN}2.desktop || die "installing desktop file failed"
-	fi
-
-	if use gtk; then
-		domenu ${PN}2-gtk.desktop || die "installing desktop file failed"
-	fi
-}
diff --git a/media-video/avidemux/avidemux-2.5.3-r2.ebuild b/media-video/avidemux/avidemux-2.5.3-r3.ebuild
index acbfead3ce97..75e56e9e0552 100644
--- a/media-video/avidemux/avidemux-2.5.3-r2.ebuild
+++ b/media-video/avidemux/avidemux-2.5.3-r3.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/avidemux/avidemux-2.5.3-r2.ebuild,v 1.5 2010/09/18 11:06:52 lxnay Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-video/avidemux/avidemux-2.5.3-r3.ebuild,v 1.1 2010/10/05 17:40:25 hwoarang Exp $
 
 EAPI="2"
 
@@ -58,6 +58,8 @@ PATCHES=(
 	"${FILESDIR}/${P}-build-plugins-fix.patch"
 	#bug 327555. Pulseaudio automagic dependency
 	"${FILESDIR}/${PN}-pulseaudiosimple.patch"
+	#bug #338619. The patch was merged upstream
+	"${FILESDIR}/${P}-fix-fgets-fortify.patch"
 )
 
 src_prepare() {
diff --git a/media-video/avidemux/files/avidemux-2.5.3-fix-fgets-fortify.patch b/media-video/avidemux/files/avidemux-2.5.3-fix-fgets-fortify.patch
new file mode 100644
index 000000000000..509478ab4dd9
--- /dev/null
+++ b/media-video/avidemux/files/avidemux-2.5.3-fix-fgets-fortify.patch
@@ -0,0 +1,43 @@
+Switch calls of fgets from using magic numbers to using sizeof() to
+ensure that the size passed to fgets is consistent with the size
+allocated by the compiler.
+
+diff -ru a/plugins/ADM_videoFilters/Srt/ADM_vidSRTload.cpp b/plugins/ADM_videoFilters/Srt/ADM_vidSRTload.cpp
+--- a/plugins/ADM_videoFilters/Srt/ADM_vidSRTload.cpp	2009-12-19 20:41:13.000000000 +0000
++++ b/plugins/ADM_videoFilters/Srt/ADM_vidSRTload.cpp	2010-10-02 21:02:59.000000000 +0000
+@@ -86,7 +86,7 @@
+ 	return 0;
+ 
+   }
+-  while (fgets (string, 200, _fd))
++  while (fgets (string, sizeof(string), _fd))
+     {
+       _line++;
+     }
+@@ -104,7 +104,7 @@
+ //
+   for (uint32_t i = 0; i < _line; i++)
+     {
+-      fgets (string, ADM_RAW, _fd);
++      fgets (string, sizeof(string), _fd);
+       //printf("\n in : %s ",string);
+       if (string[0] != '{')
+ 	continue;
+@@ -250,7 +250,7 @@
+   // first cound how many line
+   line = 0;
+   _line = 0;
+-  while (fgets (string, 300, _fd))
++  while (fgets (string, sizeof(string), _fd))
+     line++;
+   printf ("\n subs : %ld lines\n", line);
+   // rewind
+@@ -272,7 +272,7 @@
+   for (uint32_t i = 0; i < line; i++)
+     {
+ 	current=&_subs[_line];
+-	fgets (string, ADM_RAW, _fd);
++	fgets (string, sizeof(string), _fd);
+ 	ADM_utfConv(final,string,strlen(string),&finallen);
+ 	// Purge cr/lf
+ 	switch (state)
author	Markos Chandras <hwoarang@gentoo.org>	2010-10-05 17:40:25 +0000
committer	Markos Chandras <hwoarang@gentoo.org>	2010-10-05 17:40:25 +0000
commit	77d6bfbfb00e47e276311f11e70f879d2e420b0a (patch)
tree	d1fa9cbc962cb7330a5e83f32af79ddf7d929ab2 /media-video/avidemux
parent	Old. (diff)
download	historical-77d6bfbfb00e47e276311f11e70f879d2e420b0a.tar.gz historical-77d6bfbfb00e47e276311f11e70f879d2e420b0a.tar.bz2 historical-77d6bfbfb00e47e276311f11e70f879d2e420b0a.zip