Respecting LDFLAGS now, eliminated a few (not security relevant) intentional buffer overflows. See bug #337314.

Package-Manager: portage-2.1.9/cvs/Linux i686

4 files changed, 112 insertions, 3 deletions

diff --git a/media-video/motioneye/ChangeLog b/media-video/motioneye/ChangeLog
index 8bf434c4c71c..cbd05c09692e 100644
--- a/media-video/motioneye/ChangeLog
+++ b/media-video/motioneye/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-video/motioneye
-# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-video/motioneye/ChangeLog,v 1.12 2007/11/27 12:04:16 zzam Exp $
+# Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-video/motioneye/ChangeLog,v 1.13 2010/09/14 21:24:02 phosphan Exp $
+
+*motioneye-1.3-r2 (14 Sep 2010)
+
+  14 Sep 2010; Patrick Kursawe <phosphan@gentoo.org>
+  +motioneye-1.3-r2.ebuild, +files/buflen+ldflags.patch:
+  Respecting LDFLAGS now, eliminated a few (not security relevant)
+  intentional buffer overflows. See bug #337314.
 
   27 Nov 2007; Matthias Schwarzott <zzam@gentoo.org>
   motioneye-1.3-r1.ebuild:
diff --git a/media-video/motioneye/Manifest b/media-video/motioneye/Manifest
index 58907cd62f22..297ce2496c94 100644
--- a/media-video/motioneye/Manifest
+++ b/media-video/motioneye/Manifest
@@ -1,4 +1,16 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+AUX buflen+ldflags.patch 1414 RMD160 42e7e89715426eda86ba6c52cf342b69869f0718 SHA1 6d66b8f38c362193c3be6059b6ffca3e2d8ac6e0 SHA256 1b93f44a040bb7f428d53ae6380476ffdd231ae0d7cb6e91640b21c194f6f4c4
 DIST motioneye-1.3.tar.bz2 8816 RMD160 acddebf06f9f727cd21458989a832da270ddb036 SHA1 30a3c5725c4a963e8626fed2e90cf9d43c463761 SHA256 e6f91f85889d6fc9733f578e213a0008d1c5f4fe8af669f861886bc6b3134006
 EBUILD motioneye-1.3-r1.ebuild 814 RMD160 a5fe68f95f2656b14708d22931ec26d538671394 SHA1 518ab56323bba21b6850aae1d0d9870873ef38b9 SHA256 418d267cc7c937ec23296d7b8b027a350940dc5e9394c8451a96f1d181fec493
-MISC ChangeLog 1704 RMD160 a5e3d433b5922031546a2807969735488a1279ec SHA1 84c0dc94919f92d5c10d6170a078b91964a68c79 SHA256 a003fc01383565cf7b6bcb496850e0a344f09cb3123066ec5c76b727572a2872
+EBUILD motioneye-1.3-r2.ebuild 892 RMD160 af19885fe7a22e632ae230a7e24fe8562a8431b6 SHA1 824de2ced78ee092ebf79aae3587614a24ef1fb1 SHA256 70b69aafdfc612576827b91f46e072d948706019eca03bead120167fae503541
+MISC ChangeLog 1968 RMD160 91a935ab46450a1d32f7fd28a3b1647f83ac901c SHA1 44dde54ecdcf46cd562b4af8ecd7ba35fd80e750 SHA256 91a0ee4ada19d44659a25aa27d71cff22dadef437710b5a81e8d77a8a5db6fa0
 MISC metadata.xml 414 RMD160 e91b56f0f97cc5873fb9b165a5c268c1fe5534da SHA1 0cc7982cdfee5e27933621dae5dce662dc61086f SHA256 2143de19dff26eceb039e19f696ddc75b46a22bee45a6cbc94f4334d494e4818
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.16 (GNU/Linux)
+
+iF4EAREIAAYFAkyP6AAACgkQJRJa6W8CX/42QQD/R4E6c/jKOYh809t4Tz3FU1cj
+jjax8N+BbUUk+8sGiFUA/1j6pCtP+T+V5kIOd2ABnWcEsWdp+kIiQTzLh9KRWIbU
+=zuNw
+-----END PGP SIGNATURE-----
diff --git a/media-video/motioneye/files/buflen+ldflags.patch b/media-video/motioneye/files/buflen+ldflags.patch
new file mode 100644
index 000000000000..a7df269bf476
--- /dev/null
+++ b/media-video/motioneye/files/buflen+ldflags.patch
@@ -0,0 +1,51 @@
+diff -u -r motioneye-1.3/avi.c motioneye-1.3-new/avi.c
+--- motioneye-1.3/avi.c	2002-11-16 16:57:01.000000000 +0100
++++ motioneye-1.3-new/avi.c	2010-09-14 22:36:25.000000000 +0200
+@@ -81,7 +81,7 @@
+ 		++fps;
+ 
+ 	bzero(&ah, sizeof(ah));
+-	strcpy(ah.avih, "avih");
++	strncpy(ah.avih, "avih",4);
+ 	ah.time = 1e6 / fps;
+ 	ah.numstreams = 1;
+ 	ah.scale = 1;
+@@ -89,21 +89,21 @@
+ 	ah.length = fps * nframes;
+ 
+ 	bzero(&sh, sizeof(sh));
+-	strcpy(sh.strh, "strh");
+-	strcpy(sh.vids, "vids");
+-	strcpy(sh.codec, "MJPG");
++	strncpy(sh.strh, "strh",4);
++	strncpy(sh.vids, "vids",4);
++	strncpy(sh.codec, "MJPG",4);
+ 	sh.scale = 1;
+ 	sh.rate = fps;
+ 	sh.length = fps * nframes;
+ 	sh.quality = -1;
+ 
+ 	bzero(&fh, sizeof(fh));
+-	strcpy(fh.strf, "strf");
++	strncpy(fh.strf, "strf",4);
+ 	fh.width = width;
+ 	fh.height = height;
+ 	fh.planes = 1;
+ 	fh.bitcount = 24;
+-	strcpy(fh.codec,"MJPG");
++	strncpy(fh.codec,"MJPG",4);
+ 	fh.unpackedsize = 3*width*height;
+ 
+ 	rh.size = sizeof(lh1)+sizeof(ah)+sizeof(lh2)+sizeof(sh)+
+diff -u -r motioneye-1.3/Makefile motioneye-1.3-new/Makefile
+--- motioneye-1.3/Makefile	2003-05-12 17:25:30.000000000 +0200
++++ motioneye-1.3-new/Makefile	2010-09-14 22:31:03.000000000 +0200
+@@ -17,7 +17,7 @@
+ all: motioneye motioneye.1
+ 
+ motioneye: $(OBJ)
+-	$(CC) -o motioneye $(OBJ) $(LIBS)
++	$(CC) -o motioneye $(LDFLAGS) $(OBJ) $(LIBS)
+ 
+ motioneye.o: motioneye.c motioneye.h
+ avi.o: avi.c avi.h motioneye.h
diff --git a/media-video/motioneye/motioneye-1.3-r2.ebuild b/media-video/motioneye/motioneye-1.3-r2.ebuild
new file mode 100644
index 000000000000..fbdebb82daeb
--- /dev/null
+++ b/media-video/motioneye/motioneye-1.3-r2.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2010 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-video/motioneye/motioneye-1.3-r2.ebuild,v 1.1 2010/09/14 21:24:02 phosphan Exp $
+
+inherit eutils
+
+DESCRIPTION="ppm, jpeg or mjpeg grabber for the MotionEye camera on Sony VAIO Picturebooks."
+HOMEPAGE="http://popies.net/meye/"
+SRC_URI="http://popies.net/meye/${P}.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="X"
+RDEPEND="X? ( x11-libs/libX11
+			media-libs/imlib )"
+
+DEPEND="${RDEPEND}
+	sys-kernel/linux-headers
+	X? ( x11-proto/xextproto )
+	app-text/docbook-sgml-utils"
+
+src_unpack() {
+	unpack ${A}
+	epatch "${FILESDIR}/buflen+ldflags.patch"
+}
+
+src_compile() {
+	if use X; then
+		export WITHX='yes'
+	else
+		export WITHX='no'
+	fi
+	emake WITH_X="${WITHX}" CFLAGS="${CFLAGS}" || die
+}
+
+src_install() {
+	exeinto /usr/bin
+	doexe motioneye
+}