[oe-commits] Denis 'GNUtoo' Carikli : xchat 2.8.6: fix CVE-2009-0315 and a building issues with 2 debian patches and bump PR
git version control
git at git.openembedded.org
Sun Apr 18 23:31:38 UTC 2010
Module: openembedded.git
Branch: shr/unstable
Commit: fdaa0a396ccaa5def33628d6a76450cb33af24cc
URL: http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=fdaa0a396ccaa5def33628d6a76450cb33af24cc
Author: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
Date: Sun Apr 18 22:14:55 2010 +0200
xchat 2.8.6: fix CVE-2009-0315 and a building issues with 2 debian patches and bump PR
The building issue was the following:
| fe-gtk.o: In function `fe_gui_info':
| [...]/src/fe-gtk/fe-gtk.c:822: undefined reference to `GTK_WIDGET_VISIBLE'
| menu.o: In function `menu_canacaccel':
| [...]/src/fe-gtk/menu.c:1673: undefined reference to `GTK_WIDGET_IS_SENSITIVE'
| maingui.o: In function `mg_hide_empty_pane':
| [...]/src/fe-gtk/maingui.c:812: undefined reference to `GTK_WIDGET_VISIBLE'
| [...]/src/fe-gtk/maingui.c:813: undefined reference to `GTK_WIDGET_VISIBLE'
| maingui.o: In function `mg_show_generic_tab':
| [...]/src/fe-gtk/maingui.c:602: undefined reference to `GTK_WIDGET_HAS_FOCUS'
I noticied the security issue while looking into the debian patches of xchat:
They had a file named 46_CVE-2009-0315.dpatch.
Then I looked at that CVE to see if it was relevant ,and applied the patch
---
recipes/xchat/files/46_CVE-2009-0315.dpatch | 26 ++++++++++
.../xchat/files/53_fix_deprecated_widgets.dpatch | 53 ++++++++++++++++++++
recipes/xchat/xchat_2.8.6.bb | 7 ++-
3 files changed, 84 insertions(+), 2 deletions(-)
diff --git a/recipes/xchat/files/46_CVE-2009-0315.dpatch b/recipes/xchat/files/46_CVE-2009-0315.dpatch
new file mode 100755
index 0000000..97bd442
--- /dev/null
+++ b/recipes/xchat/files/46_CVE-2009-0315.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 46_CVE-2009-0315.dpatch by Nico Golde <nion at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad xchat-2.8.6~/plugins/python/python.c xchat-2.8.6/plugins/python/python.c
+--- xchat-2.8.6~/plugins/python/python.c 2008-03-29 06:57:35.000000000 +0100
++++ xchat-2.8.6/plugins/python/python.c 2009-02-05 19:13:02.000000000 +0100
+@@ -1106,6 +1106,7 @@
+ }
+
+ PySys_SetArgv(1, argv);
++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ PySys_SetObject("__plugin__", (PyObject *) plugin);
+
+ /* Set stdout and stderr to xchatout. */
+@@ -2110,6 +2111,7 @@
+ Py_SetProgramName("xchat");
+ Py_Initialize();
+ PySys_SetArgv(1, argv);
++ PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+
+ Plugin_Type.ob_type = &PyType_Type;
+ Context_Type.ob_type = &PyType_Type;
diff --git a/recipes/xchat/files/53_fix_deprecated_widgets.dpatch b/recipes/xchat/files/53_fix_deprecated_widgets.dpatch
new file mode 100755
index 0000000..bab087b
--- /dev/null
+++ b/recipes/xchat/files/53_fix_deprecated_widgets.dpatch
@@ -0,0 +1,53 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 53_fix_deprecated_widgets.dpatch by Davide Puricelli <evo at debian.org>
+##
+## Description: Fix FTBFS errors due to new GTK 2.20 widgets names.
+
+ at DPATCH@
+diff -Naur xchat-2.8.6foo/src/fe-gtk/fe-gtk.c xchat-2.8.6/src/fe-gtk/fe-gtk.c
+--- xchat-2.8.6foo/src/fe-gtk/fe-gtk.c 2010-04-06 21:48:19.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/fe-gtk.c 2010-04-06 21:49:27.000000000 +0200
+@@ -819,7 +819,7 @@
+ switch (info_type)
+ {
+ case 0: /* window status */
+- if (!GTK_WIDGET_VISIBLE (GTK_WINDOW (sess->gui->window)))
++ if (!gtk_widget_get_visible (GTK_WINDOW (sess->gui->window)))
+ return 2; /* hidden (iconified or systray) */
+ #if GTK_CHECK_VERSION(2,4,0)
+ if (gtk_window_is_active (GTK_WINDOW (sess->gui->window)))
+diff -Naur xchat-2.8.6foo/src/fe-gtk/maingui.c xchat-2.8.6/src/fe-gtk/maingui.c
+--- xchat-2.8.6foo/src/fe-gtk/maingui.c 2008-04-01 10:53:41.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/maingui.c 2010-04-06 21:50:45.000000000 +0200
+@@ -599,7 +599,7 @@
+ int num;
+ GtkWidget *f = NULL;
+
+- if (current_sess && GTK_WIDGET_HAS_FOCUS (current_sess->gui->input_box))
++ if (current_sess && gtk_widget_has_focus (current_sess->gui->input_box))
+ f = current_sess->gui->input_box;
+
+ num = gtk_notebook_page_num (GTK_NOTEBOOK (mg_gui->note_book), box);
+@@ -809,8 +809,8 @@
+ static void
+ mg_hide_empty_pane (GtkPaned *pane)
+ {
+- if ((pane->child1 == NULL || !GTK_WIDGET_VISIBLE (pane->child1)) &&
+- (pane->child2 == NULL || !GTK_WIDGET_VISIBLE (pane->child2)))
++ if ((pane->child1 == NULL || !gtk_widget_get_visible (pane->child1)) &&
++ (pane->child2 == NULL || !gtk_widget_get_visible (pane->child2)))
+ {
+ gtk_widget_hide (GTK_WIDGET (pane));
+ return;
+diff -Naur xchat-2.8.6foo/src/fe-gtk/menu.c xchat-2.8.6/src/fe-gtk/menu.c
+--- xchat-2.8.6foo/src/fe-gtk/menu.c 2008-06-08 09:59:37.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/menu.c 2010-04-06 21:49:54.000000000 +0200
+@@ -1670,7 +1670,7 @@
+ menu_canacaccel (GtkWidget *widget, guint signal_id, gpointer user_data)
+ {
+ /* GTK2.2 behaviour */
+- return GTK_WIDGET_IS_SENSITIVE (widget);
++ return gtk_widget_is_sensitive (widget);
+ }
+
+ #endif
diff --git a/recipes/xchat/xchat_2.8.6.bb b/recipes/xchat/xchat_2.8.6.bb
index d6d6200..9e203fb 100644
--- a/recipes/xchat/xchat_2.8.6.bb
+++ b/recipes/xchat/xchat_2.8.6.bb
@@ -4,9 +4,12 @@ HOMEPAGE = "http://www.xchat.org"
SECTION = "x11/network"
DEPENDS = "libgcrypt zlib gtk+"
DEPENDS += "gdk-pixbuf-csource-native"
-PR = "r1"
+PR = "r2"
-SRC_URI = "http://www.xchat.org/files/source/2.8/xchat-${PV}.tar.bz2"
+SRC_URI = "http://www.xchat.org/files/source/2.8/xchat-${PV}.tar.bz2 \
+ file://46_CVE-2009-0315.dpatch;patch=1 \
+ file://53_fix_deprecated_widgets.dpatch;patch=1 \
+ "
inherit autotools
More information about the Openembedded-commits
mailing list