Add patch for security bug #391283

Package-Manager: portage-2.2.0_alpha72/cvs/Linux x86_64

4 files changed, 336 insertions, 14 deletions

diff --git a/www-plugins/gnash/ChangeLog b/www-plugins/gnash/ChangeLog
index 7ea3d8a34637..08e90d58e011 100644
--- a/www-plugins/gnash/ChangeLog
+++ b/www-plugins/gnash/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for www-plugins/gnash
 # Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-plugins/gnash/ChangeLog,v 1.66 2011/08/16 12:56:26 chithanh Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-plugins/gnash/ChangeLog,v 1.67 2011/11/21 21:30:22 chithanh Exp $
+
+*gnash-0.8.9-r1 (21 Nov 2011)
+
+  21 Nov 2011; Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
+  +gnash-0.8.9-r1.ebuild, +files/gnash-0.8.9-cve-2011-4328.patch:
+  Add patch for security bug #391283
 
   16 Aug 2011; Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
   gnash-0.8.9.ebuild:
diff --git a/www-plugins/gnash/Manifest b/www-plugins/gnash/Manifest
index 1a72124e5f36..3c7d13bf0caf 100644
--- a/www-plugins/gnash/Manifest
+++ b/www-plugins/gnash/Manifest
@@ -1,6 +1,3 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
-
 AUX gnash-0.8.3-boost-dynamic-link.patch 1474 RMD160 0ce418d9e7a0f4d5b3bc724c65dedc3c675b69ef SHA1 df6ae427a0efda13da822ca65700aebcb25ef504 SHA256 d3ada2ca33083b0b233051f66041eb57c402783b2cc177b126e4dccab2e32b76
 AUX gnash-0.8.5-klash.patch 4219 RMD160 f7d49ca32cf18d3d160ce8f0653fd12e5a278511 SHA1 fc44e119975ecc49d2d64450e0eeb92f6a84f893 SHA256 e1ad6b241bc28892ff9758d55851439b2b61b496dc2e73d96d9a13fdd44a4a08
 AUX gnash-0.8.7-amf-include.patch 1121 RMD160 5e17e26f5033816f011ccee9b943588fd55986a4 SHA1 955b1e17ddad3f2cca3cadb73e84c52714f57f3c SHA256 ea3a2324c061828142f715c9e40dbf21007e5230b1f81f8dbea7a8313bcc86bd
@@ -9,6 +6,7 @@ AUX gnash-0.8.8-documentation-paths.patch 662 RMD160 8ebce11605d93297e8af4ca1a54
 AUX gnash-0.8.8-external-dejagnu.patch 703 RMD160 971bfb775a4019f27ca0a5048672154fe2555fe9 SHA1 8e0ab1caef24ed7cefd5da10a8985579bec01c84 SHA256 7bb96c5adf54686b1c6350dbc2730a0aab2529ed8e3f892c2ccd85a5f9afc27d
 AUX gnash-0.8.8-klash.patch 1127 RMD160 f03e8de0d5bcc3eeea08ca45b96196519b01d362 SHA1 f117f36d8452ee088b80552efdc7eea969324e8f SHA256 b3015cb93b91575d214c17cfbb7f5614c3df047261e184ec9ef84e28641ddc25
 AUX gnash-0.8.8-secure-tempfile-creation.patch 1166 RMD160 0c8d089de4107fc473e8cf765fa6ab809e07051a SHA1 f0037f46314fb2430f61dd8a3f8251b0513dbe01 SHA256 7883b1b94e5cb621d1c7773450dcf0b23bb9a677f72df8b50309ee9747ddc197
+AUX gnash-0.8.9-cve-2011-4328.patch 806 RMD160 d972c13cfc5f15007599ee7617c85a453a026130 SHA1 17dd80afa10b8bd9ea3d96b547f269bb02b78192 SHA256 0fc31bdffedcd4d97e4df78c66c02e9575b5fb055c3c2a79eb43315433a15a77
 AUX gnash-0.8.9-documentation-paths.patch 623 RMD160 cdf0bb4cc4626bd50ab32c5a19183b57917f6e8e SHA1 eae72553893d2150b79ec71d948143ae8a4c5959 SHA256 473fefab01376ef8d9450518dee16ef6057cfd0618629e13f3f3ec8adf8c251f
 AUX gnash-0.8.9-external-dejagnu.patch 700 RMD160 b24901796187f5b9ee2a27b60c0232884302af69 SHA1 5dc178479f5ad2aa1eb0d5314df0bec505708890 SHA256 b838af0304d41165557dff2538031edf8d14d5a221375aff4b9e404ef1cb261d
 AUX gnash-0.8.9-ffmpeg-detection.patch 780 RMD160 a7b02c2472b3bf2b8618e5d6d4203e8f30cc8aea SHA1 e6cfed32780546bc68acce66fb5da5fc64627585 SHA256 09bcb58f61d05a582206c82f789484471565f955e8daa6e852c62bca87624353
@@ -24,15 +22,7 @@ AUX gnash-0.8.9-no-deprecated-avformat-metadata.patch 1299 RMD160 a88e744b8886ad
 DIST gnash-0.8.8.tar.bz2 3850383 RMD160 621afbd14180ce770f60a6e158f9fda0b4d5ec02 SHA1 d349e0321e7fe9abcd265d63ce282cd2a7ce59d3 SHA256 dcac4b81f81ecd6cc7c5422d7c731fc5c2a7be7fb18b5570a7e6f8fb5fc6e220
 DIST gnash-0.8.9.tar.bz2 3777140 RMD160 34bb51cfe5b8593dc14bc2c21c0085277dbb23f1 SHA1 585c320c98b3304fcbba230f2c4b1fdf2a52aee0 SHA256 f90dbdc6f03d787b239b9edacbea077b46d69ae9d85f08af23f256af389c48bd
 EBUILD gnash-0.8.8.ebuild 9006 RMD160 cd9a10d9b7b121b638bac179c97de26771e66542 SHA1 f6b0ae7862286aabbbd34e99a318021136ae33bc SHA256 594842337ae216fa7a89112298f00e2a1c74609af4a4b48f3e39b4b2dc82b380
+EBUILD gnash-0.8.9-r1.ebuild 8916 RMD160 8f2081fcfbcbe6ea561b63098568ec6fdedad7e6 SHA1 c63eec17ef3431952e13786bfaf79383b07701f4 SHA256 dfb35f6260eeab8cb28092b31385963020a5f1e75ff43235825a379033421979
 EBUILD gnash-0.8.9.ebuild 8830 RMD160 b3e6ab1a6a6ce84c502af1647e4e58b65e110809 SHA1 f6fd90d100132b8658428cf3cafc8cbe6bec1c8d SHA256 8a3c33a3a82619f22863e32fb83e264193cfe94132491535fb919a9ed863478a
-MISC ChangeLog 24945 RMD160 67790cfebfdb5a00609c91cab16a965e4003e1ec SHA1 76ab62cd1c458cd22b5f6da6d420d598acbc7563 SHA256 0e3380a7ec9fe7995043ac755f8ccac91476d4b0af6e5a53c5f9e49e11e117aa
+MISC ChangeLog 25149 RMD160 1c2a9e61436d241ba7411f2122ece7d74a9f47c1 SHA1 919683de340058a48d8de86ea417714d869f46d9 SHA256 0323711b0d327d16a2efe8f995036c5b8bc39dbd3f8a2f17a59f233de9912c90
 MISC metadata.xml 876 RMD160 c66baf8ded1d751eda1c55992f39a189931f1a9f SHA1 bc490cb83a3ed47c561f2975c61400c8bc867be4 SHA256 b087a4196095d60ce0949b9374c4077322aca887bd6e0019c5dc34762d199152
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (GNU/Linux)
-
-iJwEAQEIAAYFAk59t3wACgkQfXuS5UK5QB39HgQAoYMn6qSLh0ZjUJDHayQIfpR0
-39RXkjy3p0VfTTFWrXpONtStRBdCZ+ChIGbmOVyNphRArVdUBuqDxBoNvpa8dhIv
-u6LWZ0N9TWyP4oNfr24FN/5R0PDVohEbD0Cku8apU9AIqiM9yMQrRXftzv2/sx2u
-d5b03wIxBMVelcY/MfE=
-=skb/
------END PGP SIGNATURE-----
diff --git a/www-plugins/gnash/files/gnash-0.8.9-cve-2011-4328.patch b/www-plugins/gnash/files/gnash-0.8.9-cve-2011-4328.patch
new file mode 100644
index 000000000000..14e3477b8020
--- /dev/null
+++ b/www-plugins/gnash/files/gnash-0.8.9-cve-2011-4328.patch
@@ -0,0 +1,24 @@
+From fa481c116e65ccf9137c7ddc8abc3cf05dc12f55 Mon Sep 17 00:00:00 2001
+From: Gabriele Giacone <1o5g4r8o@gmail.com>
+Date: Sun, 20 Nov 2011 17:27:42 +0100
+Subject: [PATCH] Make cookie file not world-readable. Fixes http://bugs.debian.org/649384
+
+---
+ plugin/npapi/plugin.cpp |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/plugin/npapi/plugin.cpp b/plugin/npapi/plugin.cpp
+index e161a1d..04950e6 100644
+--- a/plugin/npapi/plugin.cpp
++++ b/plugin/npapi/plugin.cpp
+@@ -1108,6 +1108,7 @@ nsPluginInstance::setupCookies(const std::string& pageurl)
+     ss << "/tmp/gnash-cookies." << getpid();
+ 
+     cookiefile.open(ss.str().c_str(), std::ios::out | std::ios::trunc);
++    chmod (ss.str().c_str(), 0600);
+ 
+     // Firefox provides cookies in the following format:
+     //
+-- 
+1.7.2.5
+
diff --git a/www-plugins/gnash/gnash-0.8.9-r1.ebuild b/www-plugins/gnash/gnash-0.8.9-r1.ebuild
new file mode 100644
index 000000000000..2ad7855b3c97
--- /dev/null
+++ b/www-plugins/gnash/gnash-0.8.9-r1.ebuild
@@ -0,0 +1,302 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/www-plugins/gnash/gnash-0.8.9-r1.ebuild,v 1.1 2011/11/21 21:30:22 chithanh Exp $
+
+EAPI=3
+CMAKE_REQUIRED="never"
+KDE_REQUIRED="optional"
+AT_M4DIR="cygnal"
+
+inherit autotools eutils kde4-base multilib nsplugins python flag-o-matic
+
+DESCRIPTION="GNU Flash movie player that supports many SWF v7,8,9 features"
+HOMEPAGE="http://www.gnu.org/software/gnash/"
+
+if [[ ${PV} = 9999* ]]; then
+	SRC_URI=""
+	EGIT_REPO_URI="git://git.savannah.gnu.org/gnash.git"
+	inherit git-2
+else
+	SRC_URI="mirror://gnu/${PN}/${PV}/${P}.tar.bz2"
+fi
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="+agg cairo cygnal dbus doc fbcon +ffmpeg gnome gstreamer gtk kde lirc mysql +nls nsplugin opengl openvg python sdl +sdl-sound ssh ssl test vaapi"
+
+# gnash fails if obsolete boost is installed, bug #334259
+RDEPEND=">=dev-libs/boost-1.41.0
+	!!dev-libs/boost:0
+	dev-libs/expat
+	dev-libs/libxml2
+	virtual/jpeg
+	media-libs/libpng
+	net-misc/curl
+	x11-libs/libX11
+	x11-libs/libXi
+	x11-libs/libXmu
+	x11-libs/libXt
+	media-libs/giflib
+	x11-proto/xproto
+	agg? ( x11-libs/agg )
+	cairo? ( x11-libs/cairo )
+	doc? (
+		>=app-text/docbook2X-0.8.8
+		app-text/docbook-sgml-utils
+	)
+	fbcon? (
+		x11-libs/tslib
+	)
+	ffmpeg? (
+		virtual/ffmpeg[vaapi?]
+	)
+	gstreamer? (
+		media-plugins/gst-plugins-ffmpeg
+		media-plugins/gst-plugins-mad
+		media-plugins/gst-plugins-meta
+	)
+	gtk? (
+		x11-libs/gtk+:2
+		net-libs/xulrunner:1.9
+		python? ( dev-python/pygtk:2 )
+	)
+	kde? ( $(add_kdebase_dep kdebase-startkde) )
+	opengl? (
+		virtual/opengl
+		gtk? ( x11-libs/gtkglext )
+	)
+	openvg? (
+		virtual/opengl
+	)
+	nsplugin? ( >=net-libs/xulrunner-1.9.2:1.9 )
+	sdl? ( media-libs/libsdl[X] )
+	sdl-sound? ( media-libs/libsdl )
+	media-libs/speex[ogg]
+	sys-libs/zlib
+	>=sys-devel/libtool-2.2
+	mysql? ( virtual/mysql )
+	lirc? ( app-misc/lirc )
+	dbus? ( sys-apps/dbus )
+	ssh?  ( >=net-libs/libssh-0.4[server] )
+	ssl? ( dev-libs/openssl )
+	vaapi? ( x11-libs/libva[opengl?] )
+	"
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig
+	nls? ( sys-devel/gettext )
+	gnome? ( app-text/rarian )
+	test? ( dev-util/dejagnu )"
+# Tests hang with sandbox, bug #321017
+RESTRICT="test"
+
+pkg_setup() {
+	if has_version ">=dev-libs/boost-1.46" && has_version "<dev-libs/boost-1.46"; then
+		ewarn "If you have multiple versions of boost installed, gnash may attempt to"
+		ewarn "compile against the older version and link against newer version, which can"
+		ewarn "cause the build to fail. Unmerge of the old version of boost is recommended."
+	fi
+
+	if use !ffmpeg && use !gstreamer; then
+		ewarn "You are trying to build Gnash without choosing a media handler."
+		ewarn "Sound and video playback will not work."
+	fi
+
+	if use vaapi && use !ffmpeg; then
+		eerror "Support for VAAPI currently requires the ffmpeg media handler."
+		die "vaapi requires the ffmpeg USE flag."
+	fi
+
+	if use vaapi && use !agg; then
+		eerror "Support for VAAPI currently requires the agg renderer."
+		die "vaapi requires the agg USE flag."
+	fi
+
+	if use !agg && use !cairo && use !opengl && !use openvg; then
+		eerror "You are trying to build Gnash without choosing a renderer [agg|cairo|opengl|openvg]."
+		die "Please enable a renderer"
+	fi
+
+	if use !fbcon && use !kde && use !gtk && use !sdl; then
+		ewarn "You are trying to build Gnash without choosing a gui frontend [fbcon,gtk,kde,sdl]."
+		die "Please enable at least one of these USE flags."
+	fi
+
+	if use python && use !gtk; then
+		eerror "Building gnash with python support requires gtk."
+		die "python requires the gtk USE flag."
+	fi
+
+	if use nsplugin && use !gtk; then
+		eerror "Building gnash with nsplugin requires the gtk gui."
+		die "Nsplugin requires the gtk gui."
+	fi
+
+	if use fbcon && use !agg; then
+		eerror "Building gnash with fbcon requires the agg renderer."
+		die "fbcon requires the agg USE flag."
+	fi
+
+	kde4-base_pkg_setup
+}
+
+src_prepare() {
+	# TODO: Patch no longer applies
+#	epatch "${FILESDIR}"/${PN}-0.8.7-amf-include.patch
+
+	# Look for openvg.h in correct path
+	epatch "${FILESDIR}"/${PN}-0.8.9-find-openvg.patch
+
+	# Fix paths for klash, bug #339610
+	epatch "${FILESDIR}"/${PN}-0.8.9-klash.patch
+
+	# Install documentation into the proper directories, bug #296110
+	epatch "${FILESDIR}"/${PN}-0.8.9-documentation-paths.patch
+
+	# Use external dejagnu for tests, bug #321017
+	epatch "${FILESDIR}"/${PN}-0.8.9-external-dejagnu.patch
+
+	# Fix detection of recent ffmpeg, bug #362683
+	epatch "${FILESDIR}"/${PN}-0.8.9-ffmpeg-detection.patch
+	epatch "${FILESDIR}"/${PN}-0.8.9-libavcodec-version.patch
+	epatch "${FILESDIR}"/${PN}-0.8.9-look-harder-for-version_h.patch
+
+	# Fix building against ffmpeg-0.8, bug #362949, upstream #33696
+	epatch "${FILESDIR}"/${PN}-0.8.9-no-deprecated-avcodec-audio-resample.patch
+	epatch "${FILESDIR}"/${PN}-0.8.9-no-deprecated-avcodec-decode-audio.patch
+	epatch "${FILESDIR}"/${PN}-0.8.9-no-deprecated-avcodec-decode-video.patch
+	epatch "${FILESDIR}"/${PN}-0.8.9-no-deprecated-avcodec-parser.patch
+	epatch "${FILESDIR}"/${PN}-0.8.9-no-deprecated-avformat-metadata.patch
+
+	# Fix building on ppc64, bug #342535
+	use ppc64 && append-flags -mminimal-toc
+
+	# Fix security bug #391283
+	epatch "${FILESDIR}"/${PN}-0.8.9-cve-2011-4328.patch
+
+	eautoreconf
+}
+src_configure() {
+	local gui hwaccel input media myconf myext renderers
+
+	# Set nsplugin install directory.
+	use nsplugin && myconf="${myconf} --with-npapi-plugindir=/usr/$(get_libdir)/gnash/npapi/"
+
+	# Set hardware acceleration.
+	if use vaapi; then
+		hwaccel="vaapi"
+	else
+		hwaccel="none"
+	fi
+
+	# Set rendering engine.
+	use agg && renderers+=",agg"
+	use cairo && renderers+=",cairo"
+	use opengl && renderers+=",opengl"
+	use openvg && renderers+=",openvg"
+
+	# Set kde and konqueror plugin directories.
+	if use kde; then
+		myconf="${myconf}
+			--with-plugins-install=system
+			--with-kde4-incl=${KDEDIR}/include
+			--with-kde4-configdir=${KDEDIR}/share/config
+			--with-kde4-prefix=${KDEDIR}
+			--with-kde4-lib=${KDEDIR}/$(get_libdir)
+			--with-kde-appsdatadir=${KDEDIR}/share/apps/klash
+			--with-kde4-servicesdir=${KDEDIR}/share/kde4/services"
+	fi
+
+	# Set media handler.
+	use ffmpeg || use gstreamer || media+=",none"
+	use ffmpeg && media+=",ffmpeg"
+	use gstreamer && media+=",gst"
+
+	# Set gui.
+	use gtk && gui=",gtk"
+	use fbcon && gui="${gui},fb"
+	use kde && gui="${gui},kde4"
+	use sdl && gui="${gui},sdl"
+
+	if use sdl-sound; then
+		myconf="${myconf} --enable-sound=sdl"
+	else
+		myconf="${myconf} --enable-sound=none"
+	fi
+
+	# Set extensions
+	use mysql && myext=",mysql"
+	use gtk && myext="${myext},gtk"
+	use lirc && myext="${myext},lirc"
+	use dbus && myext="${myext},dbus"
+
+	# Strip extra comma from gui, myext, hwaccel and renderers.
+	gui=$( echo $gui | sed -e 's/,//' )
+	hwaccel=$( echo $hwaccel | sed -e 's/,//' )
+	myext=$( echo $myext | sed -e 's/,//' )
+	renderers=$( echo $renderers | sed -e 's/,//' )
+	media=$( echo $media | sed -e 's/,//' )
+
+	econf \
+		--docdir=/usr/share/doc/${PF} \
+		--disable-dependency-tracking \
+		--disable-kparts3 \
+		$(use_enable cygnal) \
+		$(use_enable cygnal cgibins) \
+		$(use_enable doc docbook) \
+		$(use_enable gnome ghelp) \
+		$(use_enable kde kparts4) \
+		$(use_enable lirc) \
+		$(use_enable nls) \
+		$(use_enable nsplugin npapi) \
+		$(use_enable python) \
+		$(use_enable ssh) \
+		$(use_enable ssl) \
+		$(use_enable test testsuite) \
+		--enable-gui=${gui} \
+		--enable-extensions=${myext} \
+		--enable-renderer=${renderers} \
+		--enable-hwaccel=${hwaccel} \
+		--enable-media=${media} \
+		${myconf}
+}
+src_test() {
+	local log=testsuite-results.txt
+	cd testsuite
+	emake check || die "make check failed"
+	./anaylse-results.sh > $log || die "results analyze failed"
+	cat $log
+}
+src_install() {
+	emake DESTDIR="${D}" install || die "emake install failed"
+
+	# Install nsplugin in directory set by --with-npapi-plugindir.
+	if use nsplugin; then
+		emake DESTDIR="${D}" install-plugin || die "install plugins failed"
+	fi
+
+	# Install kde konqueror plugin.
+	if use kde; then
+		pushd "${S}/plugin/klash4" >& /dev/null || die
+		emake DESTDIR="${D}" install-plugin || die "install kde plugins failed"
+		popd >& /dev/null
+	fi
+	# Create a symlink in /usr/$(get_libdir)/nsbrowser/plugins to the nsplugin install directory.
+	use nsplugin && inst_plugin /usr/$(get_libdir)/gnash/npapi/libgnashplugin.so \
+
+	dodoc AUTHORS ChangeLog NEWS README || die "dodoc failed"
+}
+pkg_postinst() {
+	if use !gnome || use !gstreamer && use !ffmpeg ; then
+		ewarn ""
+		ewarn "Gnash was built without a media handler and or http handler !"
+		ewarn ""
+		ewarn "If you want Gnash to support video then you will need to"
+		ewarn "rebuild Gnash with either the ffmpeg or gstreamer and gnome use flags set."
+		ewarn ""
+	fi
+	ewarn "${PN} is still in heavy development"
+	ewarn "Please first report bugs on upstream gnashdevs and deal with them"
+	ewarn "And then report a Gentoo bug to the maintainer"
+	use kde && kde4-base_pkg_postinst
+}