Add patch for security issue in bug #200297

svn path=/emacs-overlay/; revision=787

3 files changed, 301 insertions, 0 deletions

diff --git a/app-editors/xemacs/Manifest b/app-editors/xemacs/Manifest
index eded191..d000bdd 100644
--- a/app-editors/xemacs/Manifest
+++ b/app-editors/xemacs/Manifest
@@ -1,7 +1,11 @@
 AUX font-lock-warning-face.patch 766 RMD160 54a1eb71872a97d10aadc30326fa600356eb821c SHA1 33a590b2f79291262e50b240f9ac518ae555020f SHA256 608eeb3e9b02519cc0373782c00cf7f42914abf93b05c2509490e3c00d4c987c
 AUX gdbm-and-db.patch 1425 RMD160 e0481823ea9d192a32737e71896a3ccde478db5c SHA1 60077800c56c49f8db1911bc5d787e9fb2bb4685 SHA256 bc2c38dfa7a4cc014d6e1776cb09c4219e40ba066fb29861264eb83642ed757e
+AUX xemacs-21.5.28-int-format.patch 1565 RMD160 6b731eef38d0bb7e87de80d00a1033dbe56d9f24 SHA1 64e75eae258512df9c50209a81f1635d47dc5e85 SHA256 0153f312f8ca4419289d6f40707714e4b94bd15fcdb5d8a608e3a81afd7acc5b
 AUX xemacs.desktop 1080 RMD160 9ddca2747abcc4e7a8bb305740942f62daa73ba6 SHA1 6a3a88ea334b510951a15efb126c4fb71a3b8c38 SHA256 a97f2b5f1b85fde16eaf6b00cd3889a0c2777a0e2c1d7d3d2814f752a976b060
 DIST NeXT_XEmacs.tar.gz 39571 RMD160 3c2cedf75e4ece412031b20a15614a78367393f4 SHA1 619912734b1a1fae5115941b904d41beb4765b47 SHA256 35a0d988fd4ee801572639a99798571aa9fad140ddbed1455565ae9d5e0086c7
 DIST xemacs-21.5.28.tar.gz 15310202 RMD160 a225a2da39c22dccbc5d14399d40dadecead5e11 SHA1 6de5f4b4cecac0480dd9ff50170a72f23f36dbac SHA256 588a3970ee44426975cd86026a932ed0e2cf47f597ebcf76d376bbd18638eae2
+EBUILD xemacs-21.5.28-r1.ebuild 6973 RMD160 01d46192a601bedf7a358a72d9176a8f785ec4ae SHA1 708d1301e560d4428ac3dce718484f7758e25925 SHA256 d83e7ae08c829dad9d678054173e43226aab09703de394acd59651eb21bcdeb8
 EBUILD xemacs-21.5.28.ebuild 6858 RMD160 6cf3d2f5ca70d593f55a4de018c1faa3f0f4813a SHA1 b134a6bba6d73a95c20c5563ab2df01a9e246097 SHA256 96436af9a6f93c44b72d1fbf0e1587c7f98615bdf3ec7db53099d6d2093f9b6a
 MISC ChangeLog 255 RMD160 f538272c219b40df5c377bf8b97bafa406af2b55 SHA1 02c4b7697327662b0306fe7e7825ce92f727e6f7 SHA256 03cc073660a1cb31ca0d0be6e3ba7733e115a41698fa24c39162930b4beda76e
+MISC xemacs-21.5.28-r1.ebuild.~1~ 6974 RMD160 496798d69490614662c6229457f26775384a893f SHA1 ff6de77b5def03a53466725b91dee16558db0386 SHA256 8e0d63588164c7a63788e0849bec252e328008fac9d708744b146ba67b58c45b
+MISC xemacs-21.5.28.ebuild.~1~ 6858 RMD160 6cf3d2f5ca70d593f55a4de018c1faa3f0f4813a SHA1 b134a6bba6d73a95c20c5563ab2df01a9e246097 SHA256 96436af9a6f93c44b72d1fbf0e1587c7f98615bdf3ec7db53099d6d2093f9b6a
diff --git a/app-editors/xemacs/files/xemacs-21.5.28-int-format.patch b/app-editors/xemacs/files/xemacs-21.5.28-int-format.patch
new file mode 100644
index 0000000..b4b1a47
--- /dev/null
+++ b/app-editors/xemacs/files/xemacs-21.5.28-int-format.patch
@@ -0,0 +1,43 @@
+
+diff -r 33f6ee3a6e75 src/doprnt.c
+--- a/src/doprnt.c	Thu Sep 06 21:51:29 2007 +0000
++++ b/src/doprnt.c	Mon Nov 26 03:46:16 2007 +0100
+@@ -776,9 +776,21 @@ emacs_doprnt_1 (Lisp_Object stream, cons
+ #endif /* HAVE_BIGFLOAT */
+ 	  else
+ 	    {
+-	      Ascbyte *text_to_print = alloca_array (char, 350);
++	      Ascbyte *text_to_print;
+ 	      Ascbyte constructed_spec[100];
+ 	      Ascbyte *p = constructed_spec;
++              int alloca_sz = 350;
++              int min = spec->minwidth, prec = spec->precision;
++
++              if (prec < 0)
++                prec = 0;
++              if (min < 0)
++                min = 0;
++
++              if (32+min+prec > alloca_sz)
++                alloca_sz = 32 + min + prec;
++
++              text_to_print = alloca_array(char, alloca_sz);
+ 
+ 	      /* Mostly reconstruct the spec and use sprintf() to
+ 		 format the string. */
+diff -r 33f6ee3a6e75 tests/automated/lisp-tests.el
+--- a/tests/automated/lisp-tests.el	Thu Sep 06 21:51:29 2007 +0000
++++ b/tests/automated/lisp-tests.el	Mon Nov 26 03:46:16 2007 +0100
+@@ -1279,6 +1279,10 @@
+ (Assert (= (read (format "%d"  most-negative-fixnum)) most-negative-fixnum))
+ (Assert (= (read (format "%ld" most-negative-fixnum)) most-negative-fixnum))
+ 
++;; These used to crash. 
++(Assert (eql (read (format "%f" 1.2e+302)) 1.2e+302))
++(Assert (eql (read (format "%.1000d" 1)) 1))
++
+ ;;; "%u" is undocumented, and Emacs Lisp has no unsigned type.
+ ;;; What to do if "%u" is used with a negative number?
+ ;;; For non-bignum XEmacsen, the most reasonable thing seems to be to print an
+
+
diff --git a/app-editors/xemacs/xemacs-21.5.28-r1.ebuild b/app-editors/xemacs/xemacs-21.5.28-r1.ebuild
new file mode 100644
index 0000000..644a5ec
--- /dev/null
+++ b/app-editors/xemacs/xemacs-21.5.28-r1.ebuild
@@ -0,0 +1,254 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-editors/xemacs/xemacs-21.4.20-r3.ebuild,v 1.4 2007/04/30 23:04:57 ulm Exp $
+
+# Note: xemacs currently does not work with a hardened profile. If you
+# want to use xemacs on a hardened profile then compile with the
+# -nopie flag in CFLAGS or help fix bug #75028.
+
+export WANT_AUTOCONF="2.5"
+inherit autotools eutils flag-o-matic
+
+DESCRIPTION="highly customizable open source text editor and application development system"
+HOMEPAGE="http://www.xemacs.org/"
+SRC_URI="http://ftp.xemacs.org/xemacs-21.5/${P}.tar.gz
+	http://www.malfunction.de/afterstep/files/NeXT_XEmacs.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+IUSE="alsa debug eolconv esd gif gpm pop postgres ldap xface nas dnd X jpeg tiff png mule motif freewnn canna xft xim athena neXt Xaw3d gdbm berkdb"
+
+X_DEPEND="x11-libs/libXt x11-libs/libXmu x11-libs/libXext x11-misc/xbitmaps"
+
+DEPEND="virtual/libc
+	!virtual/xemacs
+	berkdb? ( sys-libs/db )
+	gdbm? ( >=sys-libs/gdbm-1.8.3 )
+	>=sys-libs/zlib-1.1.4
+	>=dev-libs/openssl-0.9.6
+	>=media-libs/audiofile-0.2.3
+	gpm? ( >=sys-libs/gpm-1.19.6 )
+	postgres? ( >=dev-db/postgresql-7.2 )
+	ldap? ( net-nds/openldap )
+	alsa? ( media-libs/alsa-lib )
+	esd? ( media-sound/esound )
+	nas? ( media-libs/nas )
+	X? ( $X_DEPEND !Xaw3d? ( !neXt? ( x11-libs/libXaw ) ) )
+	dnd? ( x11-libs/dnd )
+	motif? ( >=x11-libs/openmotif-2.1.30 )
+	athena? ( x11-libs/libXaw )
+	Xaw3d? ( x11-libs/Xaw3d )
+	xft? ( media-libs/freetype x11-libs/libXrender media-libs/fontconfig )
+	neXt? ( x11-libs/neXtaw )
+	xface? ( media-libs/compface )
+	tiff? ( media-libs/tiff )
+	png? ( =media-libs/libpng-1.2* )
+	jpeg? ( media-libs/jpeg )
+	canna? ( app-i18n/canna )
+	!amd64? ( freewnn? ( app-i18n/freewnn ) )
+	>=sys-libs/ncurses-5.2
+	>=app-admin/eselect-emacs-0.7-r1"
+
+PDEPEND="app-xemacs/xemacs-base
+	mule? ( app-xemacs/mule-base )"
+
+PROVIDE="virtual/xemacs"
+
+src_unpack() {
+	unpack ${P}.tar.gz
+	use neXt && unpack NeXT_XEmacs.tar.gz
+
+	cd "${S}"
+
+	# see bug 58350, 102540 and 143580
+	epatch "${FILESDIR}"/gdbm-and-db.patch
+
+	# Fix font-lock-warning-face not being exported, needed for
+	# gentoo-syntax
+	epatch "${FILESDIR}"/font-lock-warning-face.patch
+
+	# Fix for crash and security issue in #200297, fix from upstream CVS
+	epatch "${FILESDIR}"/${P}-int-format.patch
+
+	eautoconf
+
+	use neXt && cp "${WORKDIR}"/NeXT.XEmacs/xemacs-icons/* "${S}"/etc/toolbar/
+}
+
+src_compile() {
+	local myconf=""
+
+	if use X; then
+
+		myconf="${myconf} --with-widgets=athena"
+		myconf="${myconf} --with-dialogs=athena"
+		myconf="${myconf} --with-menubars=lucid"
+		myconf="${myconf} --with-scrollbars=lucid"
+		if use motif ; then
+			myconf="--with-widgets=motif"
+			myconf="${myconf} --with-dialogs=motif"
+			myconf="${myconf} --with-scrollbars=motif"
+			myconf="${myconf} --with-menubars=lucid"
+		fi
+		if use athena ; then
+			myconf="--with-scrollbars=athena"
+		fi
+
+		if use Xaw3d; then
+			myconf="${myconf} --with-athena=3d"
+		elif use neXt; then
+			myconf="${myconf} --with-athena=next"
+		else
+			myconf="${myconf} --with-athena=xaw"
+		fi
+
+		use dnd && myconf="${myconf} --with-dragndrop --with-offix"
+
+		use tiff && myconf="${myconf} --with-tiff" ||
+			myconf="${myconf} --without-tiff"
+		use png && myconf="${myconf} --with-png" ||
+			myconf="${myconf} --without-png"
+		use jpeg && myconf="${myconf} --with-jpeg" ||
+			myconf="${myconf} --without-jpeg"
+		use xface && myconf="${myconf} --with-xface" ||
+			myconf="${myconf} --without-xface"
+
+		use xft && myconf="${myconf} --with-xft=emacs,tabs,menubars,gauges" ||
+			myconf="${myconf} --with-xft=no"
+
+	else
+		myconf="${myconf}
+			--without-x
+			--without-xpm
+			--without-dragndrop
+			--with-xft=no
+			--with-gif=no"
+	fi
+
+	if use mule ; then
+		myconf="${myconf} --with-mule"
+
+		if use xim ; then
+			if use motif ; then
+				myconf="${myconf} --with-xim=motif"
+			else
+				myconf="${myconf} --with-xim=xlib"
+			fi
+		else
+			myconf="${myconf} --with-xim=no"
+		fi
+
+		use canna && myconf="${myconf} --with-canna" ||
+					myconf="${myconf} --without-canna"
+		use freewnn && myconf="${myconf} --with-wnn" ||
+					myconf="${myconf} --without-wnn"
+	fi
+
+	# This determines the type of sounds we are playing
+	local soundconf="native"
+
+	# This determines how these sounds should be played
+	use nas	&& soundconf="${soundconf},nas"
+	use esd && soundconf="${soundconf},esd"
+	use alsa
+
+	myconf="${myconf} --with-sound=${soundconf}"
+
+	if use gdbm || use berkdb ; then
+		if use gdbm ; then
+			mydb="gdbm"
+			# We have GDBM in a non-standard location
+			append-flags "-I/usr/include/gdbm"
+		fi
+
+		use berkdb && mydb="${mydb},berkdb"
+
+		myconf="${myconf} --with-database=${mydb}"
+	else
+		myconf="${myconf} --without-database"
+	fi
+
+	# fixes #21264, this should be fixed in 21.4.21 and has been fixed
+	# in 21.5 for sure.
+	use alpha && myconf="${myconf} --with-system-malloc"
+	use ppc64 && myconf="${myconf} --with-system-malloc"
+	use ia64  && myconf="${myconf} --with-system-malloc"
+
+	use debug && myconf="${myconf} --with-optimization=no --with-debug" ||
+		myconf="${myconf} --with-optimizations=yes"
+
+	# Don't use econf because it uses options which this configure
+	# script does not understand (like --host).
+	econf ${myconf} \
+		$(use_with gif ) \
+		$(use_with gpm ) \
+		$(use_with postgres postgresql ) \
+		$(use_with ldap ) \
+		$(use_with eolconv file-coding ) \
+		$(use_with pop ) \
+		--prefix=/usr \
+		--with-ncurses \
+		--with-msw=no \
+		--with-mail-locking=flock \
+		--with-site-lisp=yes \
+		--with-site-modules=yes \
+		--with-newgc \
+		|| die
+
+	emake || die
+}
+
+src_install() {
+	make prefix="${D}"/usr \
+		mandir="${D}"/usr/share/man/man1 \
+		infodir="${D}"/usr/share/info \
+		libdir="${D}"/usr/lib \
+		install gzip-el || die
+
+	# Rename some applications installed in bin so that it is clear
+	# which application installed them and so that conflicting
+	# packages (emacs) can't clobber the actual applications.
+	# Addresses bug #62991.
+	for i in b2m ctags etags rcs-checkin ; do
+		mv "${D}"/usr/bin/${i} "${D}"/usr/bin/${i}-xemacs || die "mv ${i} failed"
+	done
+
+	# rename man pages
+	for i in ctags etags; do
+		mv "${D}"/usr/share/man/man1/${i}{,-xemacs}.1 || die "mv ${i}.1 failed"
+	done
+
+	# install base packages directories
+	dodir /usr/lib/xemacs/xemacs-packages/
+	dodir /usr/lib/xemacs/site-packages/
+	dodir /usr/lib/xemacs/site-modules/
+	dodir /usr/lib/xemacs/site-lisp/
+
+	if use mule;
+	then
+		dodir /usr/lib/xemacs/mule-packages
+	fi
+
+	# remove extraneous info files
+	cd "${D}"/usr/share/info
+	rm -f dir info.info texinfo* termcap* standards*
+
+	cd "${S}"
+	dodoc CHANGES-* ChangeLog INSTALL Installation PROBLEMS README*
+	dodoc "${FILESDIR}"/README.Gentoo
+
+	insinto /usr/share/pixmaps
+	newins "${S}"/etc/${PN}-icon.xpm ${PN}.xpm
+
+	insinto /usr/share/applications
+	doins "${FILESDIR}"/${PN}.desktop
+}
+
+pkg_postinst() {
+	eselect emacs update --if-unset
+}
+
+pkg_postrm() {
+	eselect emacs update --if-unset
+}