[oe-commits] Denis 'GNUtoo' Carikli : xchat 2.8.6: fix CVE-2009-0315 and a building issues with 2 debian patches and bump PR

git version control git at git.openembedded.org
Sun Apr 18 23:31:38 UTC 2010 

Module: openembedded.git
Branch: shr/unstable
Commit: fdaa0a396ccaa5def33628d6a76450cb33af24cc
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=fdaa0a396ccaa5def33628d6a76450cb33af24cc

Author: Denis 'GNUtoo' Carikli <GNUtoo at no-log.org>
Date:   Sun Apr 18 22:14:55 2010 +0200

xchat 2.8.6: fix CVE-2009-0315 and a building issues with 2 debian patches and bump PR

The building issue was the following:
| fe-gtk.o: In function `fe_gui_info':
| [...]/src/fe-gtk/fe-gtk.c:822: undefined reference to `GTK_WIDGET_VISIBLE'
| menu.o: In function `menu_canacaccel':
| [...]/src/fe-gtk/menu.c:1673: undefined reference to `GTK_WIDGET_IS_SENSITIVE'
| maingui.o: In function `mg_hide_empty_pane':
| [...]/src/fe-gtk/maingui.c:812: undefined reference to `GTK_WIDGET_VISIBLE'
| [...]/src/fe-gtk/maingui.c:813: undefined reference to `GTK_WIDGET_VISIBLE'
| maingui.o: In function `mg_show_generic_tab':
| [...]/src/fe-gtk/maingui.c:602: undefined reference to `GTK_WIDGET_HAS_FOCUS'

I noticied the security issue while looking into the debian patches of xchat:
  They had a file named 46_CVE-2009-0315.dpatch.
  Then I looked at that CVE to see if it was relevant ,and applied the patch

---

 recipes/xchat/files/46_CVE-2009-0315.dpatch        |   26 ++++++++++
 .../xchat/files/53_fix_deprecated_widgets.dpatch   |   53 ++++++++++++++++++++
 recipes/xchat/xchat_2.8.6.bb                       |    7 ++-
 3 files changed, 84 insertions(+), 2 deletions(-)

diff --git a/recipes/xchat/files/46_CVE-2009-0315.dpatch b/recipes/xchat/files/46_CVE-2009-0315.dpatch
new file mode 100755
index 0000000..97bd442
--- /dev/null
+++ b/recipes/xchat/files/46_CVE-2009-0315.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 46_CVE-2009-0315.dpatch by Nico Golde <nion at debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+ at DPATCH@
+diff -urNad xchat-2.8.6~/plugins/python/python.c xchat-2.8.6/plugins/python/python.c
+--- xchat-2.8.6~/plugins/python/python.c	2008-03-29 06:57:35.000000000 +0100
++++ xchat-2.8.6/plugins/python/python.c	2009-02-05 19:13:02.000000000 +0100
+@@ -1106,6 +1106,7 @@
+ 	}
+ 
+ 	PySys_SetArgv(1, argv);
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 	PySys_SetObject("__plugin__", (PyObject *) plugin);
+ 
+ 	/* Set stdout and stderr to xchatout. */
+@@ -2110,6 +2111,7 @@
+ 	Py_SetProgramName("xchat");
+ 	Py_Initialize();
+ 	PySys_SetArgv(1, argv);
++	PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 
+ 	Plugin_Type.ob_type = &PyType_Type;
+ 	Context_Type.ob_type = &PyType_Type;
diff --git a/recipes/xchat/files/53_fix_deprecated_widgets.dpatch b/recipes/xchat/files/53_fix_deprecated_widgets.dpatch
new file mode 100755
index 0000000..bab087b
--- /dev/null
+++ b/recipes/xchat/files/53_fix_deprecated_widgets.dpatch
@@ -0,0 +1,53 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 53_fix_deprecated_widgets.dpatch by Davide Puricelli <evo at debian.org>
+##
+## Description: Fix FTBFS errors due to new GTK 2.20 widgets names.
+
+ at DPATCH@
+diff -Naur xchat-2.8.6foo/src/fe-gtk/fe-gtk.c xchat-2.8.6/src/fe-gtk/fe-gtk.c
+--- xchat-2.8.6foo/src/fe-gtk/fe-gtk.c	2010-04-06 21:48:19.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/fe-gtk.c	2010-04-06 21:49:27.000000000 +0200
+@@ -819,7 +819,7 @@
+ 	switch (info_type)
+ 	{
+ 	case 0:	/* window status */
+-		if (!GTK_WIDGET_VISIBLE (GTK_WINDOW (sess->gui->window)))
++		if (!gtk_widget_get_visible (GTK_WINDOW (sess->gui->window)))
+ 			return 2;	/* hidden (iconified or systray) */
+ #if GTK_CHECK_VERSION(2,4,0)
+ 		if (gtk_window_is_active (GTK_WINDOW (sess->gui->window)))
+diff -Naur xchat-2.8.6foo/src/fe-gtk/maingui.c xchat-2.8.6/src/fe-gtk/maingui.c
+--- xchat-2.8.6foo/src/fe-gtk/maingui.c	2008-04-01 10:53:41.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/maingui.c	2010-04-06 21:50:45.000000000 +0200
+@@ -599,7 +599,7 @@
+ 	int num;
+ 	GtkWidget *f = NULL;
+ 
+-	if (current_sess && GTK_WIDGET_HAS_FOCUS (current_sess->gui->input_box))
++	if (current_sess && gtk_widget_has_focus (current_sess->gui->input_box))
+ 		f = current_sess->gui->input_box;
+ 
+ 	num = gtk_notebook_page_num (GTK_NOTEBOOK (mg_gui->note_book), box);
+@@ -809,8 +809,8 @@
+ static void
+ mg_hide_empty_pane (GtkPaned *pane)
+ {
+-	if ((pane->child1 == NULL || !GTK_WIDGET_VISIBLE (pane->child1)) &&
+-		 (pane->child2 == NULL || !GTK_WIDGET_VISIBLE (pane->child2)))
++	if ((pane->child1 == NULL || !gtk_widget_get_visible (pane->child1)) &&
++		 (pane->child2 == NULL || !gtk_widget_get_visible (pane->child2)))
+ 	{
+ 		gtk_widget_hide (GTK_WIDGET (pane));
+ 		return;
+diff -Naur xchat-2.8.6foo/src/fe-gtk/menu.c xchat-2.8.6/src/fe-gtk/menu.c
+--- xchat-2.8.6foo/src/fe-gtk/menu.c	2008-06-08 09:59:37.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/menu.c	2010-04-06 21:49:54.000000000 +0200
+@@ -1670,7 +1670,7 @@
+ menu_canacaccel (GtkWidget *widget, guint signal_id, gpointer user_data)
+ {
+ 	/* GTK2.2 behaviour */
+-	return GTK_WIDGET_IS_SENSITIVE (widget);
++	return gtk_widget_is_sensitive (widget);
+ }
+ 
+ #endif
diff --git a/recipes/xchat/xchat_2.8.6.bb b/recipes/xchat/xchat_2.8.6.bb
index d6d6200..9e203fb 100644
--- a/recipes/xchat/xchat_2.8.6.bb
+++ b/recipes/xchat/xchat_2.8.6.bb
@@ -4,9 +4,12 @@ HOMEPAGE = "http://www.xchat.org"
 SECTION = "x11/network"
 DEPENDS = "libgcrypt zlib gtk+"
 DEPENDS += "gdk-pixbuf-csource-native"
-PR = "r1"
+PR = "r2"
 
-SRC_URI = "http://www.xchat.org/files/source/2.8/xchat-${PV}.tar.bz2"
+SRC_URI = "http://www.xchat.org/files/source/2.8/xchat-${PV}.tar.bz2 \
+	 file://46_CVE-2009-0315.dpatch;patch=1 \
+	 file://53_fix_deprecated_widgets.dpatch;patch=1 \
+	 "
 
 inherit autotools

More information about the Openembedded-commits mailing list