Merge pull request #3144 from wmertens/source-missing-fixes

Source missing fixes
2024-09-20 20:39:04 +02:00 · 2014-07-01 08:43:27 +01:00 · 2014-07-01 08:43:27 +01:00 · 37e8ebc456
parent b2ea699437 8e7fded9c9
commit 37e8ebc456
3 changed files with 53 additions and 14 deletions
--- a/pkgs/applications/misc/makeself/default.nix
+++ b/pkgs/applications/misc/makeself/default.nix
@ -1,23 +1,25 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchgit }:

 stdenv.mkDerivation rec {
-  name = "makeself-2.1.5";
-  src = fetchurl {
-    url = "http://megastep.org/makeself/makeself.run";
-    sha256 = "0khs19xpid4ng0igrjyz3vsi6a5xyixrrrhgdxpdhd2wnf5nc9w2";
+  name = "makeself-2.2.0";
+  src = fetchgit {
+    url = "https://github.com/megastep/makeself.git";
+    rev = "b836b9281ae99abe1865608b065551da56c80719";
+    sha256 = "f7c97f0f8ad8128f2f1b54383319f2cc44cbb05b60ced222784debdf326f23ad";
  };
-  unpackPhase = "sh ${src}";
  installPhase = ''
-    cd ${name}
    mkdir -p $out/{bin,share/{${name},man/man1}}
-    mv makeself.lsm README $out/share/${name}
+    mv makeself.lsm README.md $out/share/${name}
    mv makeself.sh $out/bin/makeself
    mv makeself.1  $out/share/man/man1/
    mv makeself-header.sh $out/share/${name}
    sed -e 's|HEADER=`dirname $0`/makeself-header.sh|HEADER=`dirname $0`/../share/${name}/makeself-header.sh|' -i $out/bin/makeself
  '';
-  meta = {
+  meta = with stdenv.lib; {
    homepage = http://megastep.org/makeself;
    description = "Utility to create self-extracting packages";
+    license = licenses.gpl2;
+    maintainer = maintainers.wmertens;
+    platforms = platforms.all;
  };
 }
--- a/pkgs/desktops/gnome-2/desktop/vte/default.nix
+++ b/pkgs/desktops/gnome-2/desktop/vte/default.nix
@ -11,11 +11,8 @@ stdenv.mkDerivation rec {

  patches = [
    ./alt.patch
-    ( fetchurl { # CVE-2012-2738
-      url = "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/x11-libs/"
-        + "vte/files/vte-0.28.2-limit-arguments.patch?revision=1.1";
-      sha256 = "1s8agx74wa7wlv9ybd5h3dp4hzf4ddg7piyan37g2ab3fnvg4jhn";
-    } )
+    # CVE-2012-2738
+    ./vte-0.28.2-limit-arguments.patch
  ];

  buildInputs = [ intltool pkgconfig glib gtk ncurses ] ++
--- a/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch
+++ b/pkgs/desktops/gnome-2/desktop/vte/vte-0.28.2-limit-arguments.patch
@ -0,0 +1,40 @@
+From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
+From: Christian Persch <chpe@gnome.org>
+Date: Sat, 19 May 2012 17:36:09 +0000
+Subject: emulation: Limit integer arguments to 65535
+
+To guard against malicious sequences containing excessively big numbers,
+limit all parsed numbers to 16 bit range. Doing this here in the parsing
+routine is a catch-all guard; this doesn't preclude enforcing
+more stringent limits in the handlers themselves.
+
+https://bugzilla.gnome.org/show_bug.cgi?id=676090
+---
+diff --git a/src/table.c b/src/table.c
+index 140e8c8..85cf631 100644
+--- a/src/table.c
+++ b/src/table.c
+@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
+ 		if (G_UNLIKELY (*array == NULL)) {
+ 			*array = g_value_array_new(1);
+ 		}
+-		g_value_set_long(&value, total);
+		g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
+ 		g_value_array_append(*array, &value);
+ 	} while (i++ < arginfo->length);
+ 	g_value_unset(&value);
+diff --git a/src/vteseq.c b/src/vteseq.c
+index 457c06a..46def5b 100644
+--- a/src/vteseq.c
+++ b/src/vteseq.c
+@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
+                               GValueArray *params,
+                               VteTerminalSequenceHandler handler)
+ {
+-        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
+ }
+ 
+ static void
+--
+cgit v0.9.0.2