diff options
| -rw-r--r-- | media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch | 103 | ||||
| -rw-r--r-- | media-sound/vimpc/vimpc-0.09.2-r2.ebuild | 56 | ||||
| -rw-r--r-- | media-sound/vimpc/vimpc-9999.ebuild | 37 |
3 files changed, 185 insertions, 11 deletions
diff --git a/media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch b/media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch new file mode 100644 index 000000000000..2d8c09e416e5 --- /dev/null +++ b/media-sound/vimpc/files/vimpc-0.09.2-wformat-security.patch @@ -0,0 +1,103 @@ +https://github.com/boysetsfrog/vimpc/commit/055ecdce0720fdfc9ec2528c520b6c33da36271b + +From 055ecdce0720fdfc9ec2528c520b6c33da36271b Mon Sep 17 00:00:00 2001 +From: Sergei Trofimovich <slyich@gmail.com> +Date: Wed, 3 Nov 2021 08:25:58 +0000 +Subject: [PATCH] vimpc: always use "%s"-style format for printf()-style + functions + +`ncuses-6.3` added printf-style function attributes and now makes +it easier to catch cases when user input is used in palce of format +string when built with CFLAGS=-Werror=format-security: + + src/window/listwindow.cpp:120:16: + error: format not a string literal and no format arguments [-Werror=format-security] + 120 | mvwprintw(window, line, 0, BlankLine.c_str()); + | ~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Let's wrap all the missing places with "%s" format. +--- a/src/screen.cpp ++++ b/src/screen.cpp +@@ -1489,7 +1489,7 @@ void Screen::ClearStatus() const + wattron(statusWindow_, A_REVERSE); + } + +- mvwprintw(statusWindow_, 0, 0, BlankLine.c_str()); ++ mvwprintw(statusWindow_, 0, 0, "%s", BlankLine.c_str()); + + if (settings_.Get(Setting::ColourEnabled) == true) + { +@@ -1516,7 +1516,7 @@ void Screen::UpdateTabWindow() const + wattron(tabWindow_, COLOR_PAIR(settings_.colours.TabWindow)); + } + +- mvwprintw(tabWindow_, 0, 0, BlankLine.c_str()); ++ mvwprintw(tabWindow_, 0, 0, "%s", BlankLine.c_str()); + wmove(tabWindow_, 0, 0); + + std::string name = ""; +--- a/src/window/directorywindow.cpp ++++ b/src/window/directorywindow.cpp +@@ -220,8 +220,8 @@ void DirectoryWindow::Print(uint32_t line) const + + wattron(window, A_BOLD); + std::string const Directory = "/" + directory_.CurrentDirectory(); +- mvwprintw(window, line, 0, BlankLine.c_str()); +- mvwprintw(window, line, 1, Directory.c_str()); ++ mvwprintw(window, line, 0, "%s", BlankLine.c_str()); ++ mvwprintw(window, line, 1, "%s", Directory.c_str()); + wattroff(window, A_BOLD); + + if (settings_.Get(Setting::ColourEnabled) == true) +@@ -250,7 +250,7 @@ void DirectoryWindow::Print(uint32_t line) const + wattron(window, A_REVERSE); + } + +- mvwprintw(window, line, 0, BlankLine.c_str()); ++ mvwprintw(window, line, 0, "%s", BlankLine.c_str()); + + uint8_t expandCol = 1; + +@@ -276,7 +276,7 @@ void DirectoryWindow::Print(uint32_t line) const + } + else + { +- mvwprintw(window, line, 0, BlankLine.c_str()); ++ mvwprintw(window, line, 0, "%s", BlankLine.c_str()); + } + } + } +--- a/src/window/help.cpp ++++ b/src/window/help.cpp +@@ -64,7 +64,7 @@ void HelpWindow::Print(uint32_t line) const + WINDOW * window = N_WINDOW(); + + std::string const BlankLine(Columns(), ' '); +- mvwprintw(window, line, 0, BlankLine.c_str()); ++ mvwprintw(window, line, 0, "%s", BlankLine.c_str()); + wmove(window, line, 0); + + if ((FirstLine() + line) < help_.Size()) +--- a/src/window/listwindow.cpp ++++ b/src/window/listwindow.cpp +@@ -117,7 +117,7 @@ void ListWindow::Print(uint32_t line) const + else + { + std::string const BlankLine(Columns(), ' '); +- mvwprintw(window, line, 0, BlankLine.c_str()); ++ mvwprintw(window, line, 0, "%s", BlankLine.c_str()); + } + #else + SelectWindow::Print(line); +--- a/src/window/lyricswindow.cpp ++++ b/src/window/lyricswindow.cpp +@@ -61,7 +61,7 @@ void LyricsWindow::Print(uint32_t line) const + WINDOW * window = N_WINDOW(); + + std::string const BlankLine(Columns(), ' '); +- mvwprintw(window, line, 0, BlankLine.c_str()); ++ mvwprintw(window, line, 0, "%s", BlankLine.c_str()); + wmove(window, line, 0); + + if ((FirstLine() == 0) && (line == 0)) + diff --git a/media-sound/vimpc/vimpc-0.09.2-r2.ebuild b/media-sound/vimpc/vimpc-0.09.2-r2.ebuild new file mode 100644 index 000000000000..a6a60a208193 --- /dev/null +++ b/media-sound/vimpc/vimpc-0.09.2-r2.ebuild @@ -0,0 +1,56 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit autotools + +DESCRIPTION="An ncurses based mpd client with vi-like key bindings" +HOMEPAGE="https://github.com/boysetsfrog/vimpc" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/boysetsfrog/${PN}.git" + inherit git-r3 +else + SRC_URI="https://github.com/boysetsfrog/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="GPL-3+" +SLOT="0" +IUSE="boost taglib" + +RDEPEND=" + dev-libs/libpcre + media-libs/libmpdclient + boost? ( dev-libs/boost:= ) + taglib? ( media-libs/taglib ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}"/${P}-boost.patch + "${FILESDIR}"/${P}-wformat-security.patch +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + # Tests here seem to make cppunit linked into the main vimpc binary + # Not clear how to run them either + econf \ + $(use_enable boost) \ + $(use_enable taglib) \ + --disable-test +} + +src_install() { + local DOCS=( AUTHORS README.md doc/vimpcrc.example ) + default + + # vimpc will look for help.txt + docompress -x /usr/share/doc/${PF}/help.txt +} diff --git a/media-sound/vimpc/vimpc-9999.ebuild b/media-sound/vimpc/vimpc-9999.ebuild index 5d7ee52d0a6e..a6a60a208193 100644 --- a/media-sound/vimpc/vimpc-9999.ebuild +++ b/media-sound/vimpc/vimpc-9999.ebuild @@ -1,26 +1,37 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=7 +EAPI=8 -inherit autotools git-r3 +inherit autotools -DESCRIPTION="An ncurses based mpd client with vi like key bindings" +DESCRIPTION="An ncurses based mpd client with vi-like key bindings" HOMEPAGE="https://github.com/boysetsfrog/vimpc" -EGIT_REPO_URI="https://github.com/boysetsfrog/${PN}.git" - -LICENSE="GPL-3" +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/boysetsfrog/${PN}.git" + inherit git-r3 +else + SRC_URI="https://github.com/boysetsfrog/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + KEYWORDS="~amd64 ~x86" +fi + +LICENSE="GPL-3+" SLOT="0" IUSE="boost taglib" -RDEPEND="dev-libs/libpcre +RDEPEND=" + dev-libs/libpcre media-libs/libmpdclient boost? ( dev-libs/boost:= ) - taglib? ( media-libs/taglib )" + taglib? ( media-libs/taglib ) +" DEPEND="${RDEPEND}" BDEPEND="virtual/pkgconfig" -DOCS=( AUTHORS README.md doc/vimpcrc.example ) +PATCHES=( + "${FILESDIR}"/${P}-boost.patch + "${FILESDIR}"/${P}-wformat-security.patch +) src_prepare() { default @@ -28,12 +39,16 @@ src_prepare() { } src_configure() { + # Tests here seem to make cppunit linked into the main vimpc binary + # Not clear how to run them either econf \ $(use_enable boost) \ - $(use_enable taglib) + $(use_enable taglib) \ + --disable-test } src_install() { + local DOCS=( AUTHORS README.md doc/vimpcrc.example ) default # vimpc will look for help.txt |