Fix buffer overflow, bug 339898

Package-Manager: portage-2.1.9.46/cvs/Linux x86_64
author: Andreas Hüttel <dilfridge@gentoo.org> 2011-04-24 21:54:17 +0000
committer: Andreas Hüttel <dilfridge@gentoo.org> 2011-04-24 21:54:17 +0000
commit: 812ce0bf54a2f33c9fcef51e0eda820fb4252dc1 (patch)
tree: 473cd349ee7429774f6920802715eee9e1848fb6 /sci-visualization/spyview
parent: Remove old-style virtual/modutils, bug 358891. (diff)
download: historical-812ce0bf54a2f33c9fcef51e0eda820fb4252dc1.tar.gz
historical-812ce0bf54a2f33c9fcef51e0eda820fb4252dc1.tar.bz2
historical-812ce0bf54a2f33c9fcef51e0eda820fb4252dc1.zip
4 files changed, 68 insertions, 18 deletions
diff --git a/sci-visualization/spyview/ChangeLog b/sci-visualization/spyview/ChangeLog
index db1174dc83c2..152b75412d19 100644
--- a/sci-visualization/spyview/ChangeLog
+++ b/sci-visualization/spyview/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sci-visualization/spyview
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/ChangeLog,v 1.12 2011/03/29 23:01:55 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/ChangeLog,v 1.13 2011/04/24 21:54:17 dilfridge Exp $
+
+*spyview-20110329-r1 (24 Apr 2011)
+
+  24 Apr 2011; Andreas K. Huettel <dilfridge@gentoo.org>
+  -spyview-20110329.ebuild, +spyview-20110329-r1.ebuild,
+  +files/spyview-20110329-xsection_fn.patch:
+  Fix buffer overflow, bug 339898
 
 *spyview-20110329 (29 Mar 2011)
 
diff --git a/sci-visualization/spyview/Manifest b/sci-visualization/spyview/Manifest
index 405b2c9a5587..76f82c530d1c 100644
--- a/sci-visualization/spyview/Manifest
+++ b/sci-visualization/spyview/Manifest
@@ -1,26 +1,27 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA512
 
+AUX spyview-20110329-xsection_fn.patch 1339 RMD160 c10198df42cedd55c850d18501d77afc10330995 SHA1 1c3a3f20d121e4cea77511a1ad773392b25f66ca SHA256 dbd3acd54747cc62a7a7656a678e1cf32957f2063b06447c75230586b5997aa3
 DIST spyview-20100810.tar.gz 3651109 RMD160 78c95ceb958d99d836dd563724f7978331d0b9a8 SHA1 09f57dbc8308b577e5bd7616462d4ce5a406fe7e SHA256 eafafb948d465bc11aede0fb4b5f8e6a9f8bb63ba514a677b31608b4ff8cda29
 DIST spyview-20110329.tar.gz 1900039 RMD160 1cf8ad167bcce0335001dd78d6431cb1aab74f43 SHA1 436f0452e47bf7efdaad61ee930ca857b6ebd457 SHA256 f425543882f4db19cc017f7f9a4442b9f2277a706ced3d4865b73d8661393c86
 EBUILD spyview-20100810.ebuild 1106 RMD160 358c28298b5539cfff507f3da925646cc6a21b1f SHA1 57a16d2be11f87f3470f3dda924bcdc8bc7fbae4 SHA256 0af7d9b0827c01411d1c15faf56bbe411b9d617a173313f185b7d021c2b962f6
-EBUILD spyview-20110329.ebuild 1113 RMD160 b51687883097581ad3cff67545dc3da4e5c6db51 SHA1 ee5e5db79db9467a9293e67f5e2adf7d9f3948fb SHA256 8b6db321a2a95969167717706ab444a3707ffd5550e9ea69e080115de324e000
-MISC ChangeLog 2277 RMD160 8d5e025c13b916d12c14dd135dd9875bdc8732a1 SHA1 49c91433e009a9835ee191be495cc875f147e972 SHA256 3a9b1c7fcc00051fc1e00943ba23dfa75c95d15bac93a87ec9034f59bfb635b0
+EBUILD spyview-20110329-r1.ebuild 1185 RMD160 324f6ccc1dc233040ad8b6d477f51d67df1f05c0 SHA1 3671373d03d75843598a261b6b6fbda9504c9dd8 SHA256 50301b3aba428a15116513cec1fb09eabef7a4183d655958e85a165255bc2da8
+MISC ChangeLog 2507 RMD160 0f0474934c0083a38fe4357e226a2b62fc8bab55 SHA1 1eddbe0b851b232c47004bcfebf597e3b1fa027c SHA256 b21f8b381e3217c30558e5e1c41c7b247913ba1f8667bc1fe212f56e4952a2c6
 MISC metadata.xml 303 RMD160 50f0ff629a275f85dde3059e0cbc957cf8b6780c SHA1 3b5805bf0c6254f4c6ac7103a811d3fc6e05a60b SHA256 c55abad1ec0f88420e5714fe566059838cdb93e760106e15e3bfdaf4a1cd90a9
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.17 (GNU/Linux)
 
-iQIcBAEBCgAGBQJNkmTsAAoJENwGBM22xffe31AP/0iKOyPpy/tB7lTeZS4aEiyt
-O0DuUATy+eVEQG5EQEARqrPw5BgiZld5tCyFz+mbYOaaYOP5aQ521JajUUVF+fyZ
-RqZeOKY5a13hm3v2FLjN57oHuJfjgvWcH7UD8P8MY2Y2vC03BQ9AQn0xhzonzYUf
-RoDCVmdO37iWLi+XUPXI4PevjPE/4xieBc+yiuAGiCfeh9t+WqQ7ncwIt1XpWgk5
-dFT/z/qKFZEMQ+OqL6Cr+54tZB3oBPSOoQhdwflY5hcznQnacdtEdBOWGw59Un55
-kCU+ez2+uSrQ4bJA/tBTN8Utbf8RUOjzxlHbV3knuL5R7Dwa/ObyNvN0vysPS6Ka
-s0EhZb+xIVrIz6p4OnDTCIG+vPEDowDXHppou3MqeEV4Bsp0eZ7cDLHvdAqXxnFK
-D//OqwCser3anLW/un49Bwn3jQAZ0M58WTd/DXY6zOIIcVjcJD2EfqxsDSLd1WHi
-qrEqvTwypPCKZJkFsIfNIbuD410pI3PreFrp4cXISHpmsrYhlhBPXT7jXAna6uqO
-IzX7RLy0NmWxVAj+dTj+FiYtdRIv/kw0MP8lRRTcl12kHyBTFguWpfzqDmtowSOL
-hSfaMW2JV852VR7CbTHUwA1J/pttmifQp6A/cq8OwElW7xP370mx387cJUhAGqOK
-1qvybgm8IqLiYAT7LSCX
-=cq0n
+iQIcBAEBCgAGBQJNtJyoAAoJENwGBM22xffe8XoP/jY5GULB4C7MSGWIsldjtv+C
+MMxehOshhY2SZVx4NdsuL7vOlKKnFgESeXdER2QrENapsDjN4r7OPvveJtw5dU3H
+XzYpmudtzZCYTDozNKMNI+7iueiKYhdBsKeQUKj6xTTXxA3vYSlHS9aOXDtiTVvq
+fCGG33s6X0mKa+0A59u3scMZ4p/UlW+ngtNZnzfIC8Tb84+cYqWYNDSx7I9KxXjI
+nU97RrnaVFkzdGdmOckWjFMyB14XRWBo1J5wpGWmEh4xWCvWOWxVLw0LkSEQo+ln
+oxxnt1FSw+uVL5AEXZemnORw07ovSdQ6SHy4LozE2LVNqeeZmfFzpAV8WFnDxSvx
+BjpVfJcLbec3mMcOG2j9EkeeSQJYpdJyVFDEc0W/Gc8gv3quYKDHf5REs+LIZ6XP
+5eJVA3U+34FOGwKMgCHj36eT+OrxkeML0ganNkLmua9vsMfEIdi31710fb/AEg8A
+PvHr2cDXeOjFBrqNvAhlHfrVnfYlS/2KWL3FUBdWBFcj1WtHjuZnMobjyqBI+uSs
+zYBfVcjih1M83ye7q8ZyDbk7B8RVOoJ63+vXLVwXZJby5mlbGu3U++MDacjS+nDp
+HRBxO5Fpc6rit2nNKE+TLDLmddp39Zqre9y42J27b4dKA+z2zlnHNfi3kxRdu4/O
+WLTq/rduoBJaqIcO+xwm
+=umx0
 -----END PGP SIGNATURE-----
diff --git a/sci-visualization/spyview/files/spyview-20110329-xsection_fn.patch b/sci-visualization/spyview/files/spyview-20110329-xsection_fn.patch
new file mode 100644
index 000000000000..47fe50c6ffc9
--- /dev/null
+++ b/sci-visualization/spyview/files/spyview-20110329-xsection_fn.patch
@@ -0,0 +1,38 @@
+diff -ruN spyview-2011-03-29-10_59.orig/spyview/ImageWindow.C spyview-2011-03-29-10_59/spyview/ImageWindow.C
+--- spyview-2011-03-29-10_59.orig/spyview/ImageWindow.C	2010-08-10 22:12:05.000000000 +0200
++++ spyview-2011-03-29-10_59/spyview/ImageWindow.C	2011-04-24 23:43:55.000000000 +0200
+@@ -2034,25 +2034,25 @@
+ void ImageWindow::exportLinecut()
+ {
+   // Ok, this is a real hack, but it's easy...
+-  char tmp[1024];
+-  char label[1024];
+-  char fn[1024];
++  char tmp[256];
++  char label[256];
++  char fn[256];
+ 
+   //sprintf is just so damn more convenient than c++ strings
+   if (line_cut_type == HORZLINE) 
+-    snprintf(label, 1024, "l.%d", line_cut_yp);
++    snprintf(label, 256, "l.%d", line_cut_yp);
+   else if (line_cut_type == VERTLINE) 
+-    snprintf(label, 1024, "c.%d", line_cut_xp);
++    snprintf(label, 256, "c.%d", line_cut_xp);
+   else 
+     sprintf(label, "other");
+-  snprintf(fn, 1024, "%s.%s.linecut.dat", output_basename, label);
++  snprintf(fn, 256, "%s.%s.linecut.dat", output_basename, label);
+ 	
+   info("exporting linecut to file %s\n", fn);
+ 
+-  strncpy(tmp, xsection_fn, 1024);
+-  strncpy(xsection_fn, fn, 1024);
++  strncpy(tmp, xsection_fn, 256);
++  strncpy(xsection_fn, fn, 256);
+   plotLineCut();
+-  strncpy(xsection_fn, tmp, 1024);
++  strncpy(xsection_fn, tmp, 256);
+ }
+ 
+ void ImageWindow::exportGnuplot()
diff --git a/sci-visualization/spyview/spyview-20110329.ebuild b/sci-visualization/spyview/spyview-20110329-r1.ebuild
index 5218cc922995..9701de41942d 100644
--- a/sci-visualization/spyview/spyview-20110329.ebuild
+++ b/sci-visualization/spyview/spyview-20110329-r1.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/spyview-20110329.ebuild,v 1.1 2011/03/29 23:01:57 dilfridge Exp $
+# $Header: /var/cvsroot/gentoo-x86/sci-visualization/spyview/spyview-20110329-r1.ebuild,v 1.1 2011/04/24 21:54:17 dilfridge Exp $
 
-EAPI=3
+EAPI=4
 
 inherit base flag-o-matic eutils multilib
 
@@ -28,6 +28,8 @@ RDEPEND="${COMMON_DEPEND}
 
 S=${WORKDIR}/spyview-2011-03-29-10_59
 
+PATCHES=( "${FILESDIR}/${P}-xsection_fn.patch" )
+
 src_prepare() {
 	append-cflags $(fltk-config --cflags)
 	append-cxxflags $(fltk-config --cxxflags) -I/usr/include/netpbm
@@ -36,6 +38,8 @@ src_prepare() {
 	# this one leads to an insane amount of warnings
 
 	append-ldflags -L$(dirname $(fltk-config --libs))
+
+	base_src_prepare
 }
 
 src_configure() {
author	Andreas Hüttel <dilfridge@gentoo.org>	2011-04-24 21:54:17 +0000
committer	Andreas Hüttel <dilfridge@gentoo.org>	2011-04-24 21:54:17 +0000
commit	812ce0bf54a2f33c9fcef51e0eda820fb4252dc1 (patch)
tree	473cd349ee7429774f6920802715eee9e1848fb6 /sci-visualization/spyview
parent	Remove old-style virtual/modutils, bug 358891. (diff)
download	historical-812ce0bf54a2f33c9fcef51e0eda820fb4252dc1.tar.gz historical-812ce0bf54a2f33c9fcef51e0eda820fb4252dc1.tar.bz2 historical-812ce0bf54a2f33c9fcef51e0eda820fb4252dc1.zip