plib: add patch to fix CVE-2011-4620

2016-07-10 02:24:56 +02:00 · 2016-07-10 02:24:56 +02:00 · 9c9abc4c94
parent b8ecb949e6
commit 9c9abc4c94
2 changed files with 11 additions and 57 deletions
--- a/pkgs/development/libraries/plib/CVE-2012-4552.patch
+++ b/pkgs/development/libraries/plib/CVE-2012-4552.patch
@ -1,55 +0,0 @@
-diff -up plib-1.8.5/src/ssg/ssgParser.cxx~ plib-1.8.5/src/ssg/ssgParser.cxx
--- plib-1.8.5/src/ssg/ssgParser.cxx~	2008-03-11 03:06:23.000000000 +0100
-+++ plib-1.8.5/src/ssg/ssgParser.cxx	2012-11-01 15:33:12.424483374 +0100
-@@ -57,18 +57,16 @@ void _ssgParser::error( const char *form
-   char msgbuff[ 255 ];
-   va_list argp;
-
-  char* msgptr = msgbuff;
-  if (linenum)
-  {
-    msgptr += sprintf ( msgptr,"%s, line %d: ",
-      path, linenum );
-  }
-
-   va_start( argp, format );
-  vsprintf( msgptr, format, argp );
-+  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
-   va_end( argp );
-
-  ulSetError ( UL_WARNING, "%s", msgbuff ) ;
-+  if (linenum)
-+  {
-+    ulSetError ( UL_WARNING, "%s, line %d: %s", path, linenum, msgbuff ) ;
-+  } else {
-+    ulSetError ( UL_WARNING, "%s", msgbuff ) ;
-+  }
- }
-
-
-@@ -78,18 +76,16 @@ void _ssgParser::message( const char *fo
-   char msgbuff[ 255 ];
-   va_list argp;
-
-  char* msgptr = msgbuff;
-  if (linenum)
-  {
-    msgptr += sprintf ( msgptr,"%s, line %d: ",
-      path, linenum );
-  }
-
-   va_start( argp, format );
-  vsprintf( msgptr, format, argp );
-+  vsnprintf( msgbuff, sizeof(msgbuff), format, argp );
-   va_end( argp );
-
-  ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
-+  if (linenum)
-+  {
-+    ulSetError ( UL_DEBUG, "%s, line %d: %s", path, linenum, msgbuff ) ;
-+  } else {
-+    ulSetError ( UL_DEBUG, "%s", msgbuff ) ;
-+  }
- }
-
- // Opens the file and does a few internal calculations based on the spec.
--- a/pkgs/development/libraries/plib/default.nix
+++ b/pkgs/development/libraries/plib/default.nix
@ -1,4 +1,4 @@
-{ fetchurl, stdenv, mesa, freeglut, SDL
+{ fetchurl, fetchpatch, stdenv, mesa, freeglut, SDL
 , libXi, libSM, libXmu, libXext, libX11,
 enablePIC ? false }:

@ -11,7 +11,16 @@ stdenv.mkDerivation rec {
    sha256 = "0cha71mflpa10vh2l7ipyqk67dq2y0k5xbafwdks03fwdyzj4ns8";
  };

-  patches = [ ./CVE-2012-4552.patch ];
+  patches = [
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/p/plib/1.8.5-7/debian/patches/04_CVE-2011-4620.diff";
+      sha256 = "1b7y0vqqdzd48q68ldlzw0zzqy9mg4c10a754r4hi3ldjmcplf0j";
+    })
+    (fetchpatch {
+      url = "https://sources.debian.net/data/main/p/plib/1.8.5-7/debian/patches/05_CVE-2012-4552.diff";
+      sha256 = "0b6cwdwii5b5vy78sbw5cw1s96l4jyzr4dk69v63pa0wwi2b5dki";
+    })
+  ];

  NIX_CFLAGS_COMPILE = if enablePIC then "-fPIC" else "";