xchat 2.8.6: fix CVE-2009-0315 and a building issues with 2 debian patches and bump PR

The building issue was the following:
| fe-gtk.o: In function `fe_gui_info':
| [...]/src/fe-gtk/fe-gtk.c:822: undefined reference to `GTK_WIDGET_VISIBLE'
| menu.o: In function `menu_canacaccel':
| [...]/src/fe-gtk/menu.c:1673: undefined reference to `GTK_WIDGET_IS_SENSITIVE'
| maingui.o: In function `mg_hide_empty_pane':
| [...]/src/fe-gtk/maingui.c:812: undefined reference to `GTK_WIDGET_VISIBLE'
| [...]/src/fe-gtk/maingui.c:813: undefined reference to `GTK_WIDGET_VISIBLE'
| maingui.o: In function `mg_show_generic_tab':
| [...]/src/fe-gtk/maingui.c:602: undefined reference to `GTK_WIDGET_HAS_FOCUS'

I noticied the security issue while looking into the debian patches of xchat:
  They had a file named 46_CVE-2009-0315.dpatch.
  Then I looked at that CVE to see if it was relevant ,and applied the patch

diff --git a/recipes/xchat/files/46_CVE-2009-0315.dpatch b/recipes/xchat/files/46_CVE-2009-0315.dpatch
new file mode 100755 (executable)
index 0000000..97bd442
--- /dev/null
+++ b/recipes/xchat/files/46_CVE-2009-0315.dpatch
@@ -0,0 +1,26 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 46_CVE-2009-0315.dpatch by Nico Golde <nion@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad xchat-2.8.6~/plugins/python/python.c xchat-2.8.6/plugins/python/python.c
+--- xchat-2.8.6~/plugins/python/python.c       2008-03-29 06:57:35.000000000 +0100
++++ xchat-2.8.6/plugins/python/python.c        2009-02-05 19:13:02.000000000 +0100
+@@ -1106,6 +1106,7 @@
+       }
+ 
+       PySys_SetArgv(1, argv);
++      PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+       PySys_SetObject("__plugin__", (PyObject *) plugin);
+ 
+       /* Set stdout and stderr to xchatout. */
+@@ -2110,6 +2111,7 @@
+       Py_SetProgramName("xchat");
+       Py_Initialize();
+       PySys_SetArgv(1, argv);
++      PyRun_SimpleString("import sys; sys.path = filter(None, sys.path)");
+ 
+       Plugin_Type.ob_type = &PyType_Type;
+       Context_Type.ob_type = &PyType_Type;

diff --git a/recipes/xchat/files/53_fix_deprecated_widgets.dpatch b/recipes/xchat/files/53_fix_deprecated_widgets.dpatch
new file mode 100755 (executable)
index 0000000..bab087b
--- /dev/null
+++ b/recipes/xchat/files/53_fix_deprecated_widgets.dpatch
@@ -0,0 +1,53 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 53_fix_deprecated_widgets.dpatch by Davide Puricelli <evo@debian.org>
+##
+## Description: Fix FTBFS errors due to new GTK 2.20 widgets names.
+
+@DPATCH@
+diff -Naur xchat-2.8.6foo/src/fe-gtk/fe-gtk.c xchat-2.8.6/src/fe-gtk/fe-gtk.c
+--- xchat-2.8.6foo/src/fe-gtk/fe-gtk.c 2010-04-06 21:48:19.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/fe-gtk.c    2010-04-06 21:49:27.000000000 +0200
+@@ -819,7 +819,7 @@
+       switch (info_type)
+       {
+       case 0: /* window status */
+-              if (!GTK_WIDGET_VISIBLE (GTK_WINDOW (sess->gui->window)))
++              if (!gtk_widget_get_visible (GTK_WINDOW (sess->gui->window)))
+                       return 2;       /* hidden (iconified or systray) */
+ #if GTK_CHECK_VERSION(2,4,0)
+               if (gtk_window_is_active (GTK_WINDOW (sess->gui->window)))
+diff -Naur xchat-2.8.6foo/src/fe-gtk/maingui.c xchat-2.8.6/src/fe-gtk/maingui.c
+--- xchat-2.8.6foo/src/fe-gtk/maingui.c        2008-04-01 10:53:41.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/maingui.c   2010-04-06 21:50:45.000000000 +0200
+@@ -599,7 +599,7 @@
+       int num;
+       GtkWidget *f = NULL;
+ 
+-      if (current_sess && GTK_WIDGET_HAS_FOCUS (current_sess->gui->input_box))
++      if (current_sess && gtk_widget_has_focus (current_sess->gui->input_box))
+               f = current_sess->gui->input_box;
+ 
+       num = gtk_notebook_page_num (GTK_NOTEBOOK (mg_gui->note_book), box);
+@@ -809,8 +809,8 @@
+ static void
+ mg_hide_empty_pane (GtkPaned *pane)
+ {
+-      if ((pane->child1 == NULL || !GTK_WIDGET_VISIBLE (pane->child1)) &&
+-               (pane->child2 == NULL || !GTK_WIDGET_VISIBLE (pane->child2)))
++      if ((pane->child1 == NULL || !gtk_widget_get_visible (pane->child1)) &&
++               (pane->child2 == NULL || !gtk_widget_get_visible (pane->child2)))
+       {
+               gtk_widget_hide (GTK_WIDGET (pane));
+               return;
+diff -Naur xchat-2.8.6foo/src/fe-gtk/menu.c xchat-2.8.6/src/fe-gtk/menu.c
+--- xchat-2.8.6foo/src/fe-gtk/menu.c   2008-06-08 09:59:37.000000000 +0200
++++ xchat-2.8.6/src/fe-gtk/menu.c      2010-04-06 21:49:54.000000000 +0200
+@@ -1670,7 +1670,7 @@
+ menu_canacaccel (GtkWidget *widget, guint signal_id, gpointer user_data)
+ {
+       /* GTK2.2 behaviour */
+-      return GTK_WIDGET_IS_SENSITIVE (widget);
++      return gtk_widget_is_sensitive (widget);
+ }
+ 
+ #endif

diff --git a/recipes/xchat/xchat_2.8.6.bb b/recipes/xchat/xchat_2.8.6.bb
index d6d6200..9e203fb 100644 (file)
--- a/recipes/xchat/xchat_2.8.6.bb
+++ b/recipes/xchat/xchat_2.8.6.bb
@@ -4,9 +4,12 @@ HOMEPAGE = "http://www.xchat.org"
 SECTION = "x11/network"
 DEPENDS = "libgcrypt zlib gtk+"
 DEPENDS += "gdk-pixbuf-csource-native"
-PR = "r1"
+PR = "r2"
 
-SRC_URI = "http://www.xchat.org/files/source/2.8/xchat-${PV}.tar.bz2"
+SRC_URI = "http://www.xchat.org/files/source/2.8/xchat-${PV}.tar.bz2 \
+        file://46_CVE-2009-0315.dpatch;patch=1 \
+        file://53_fix_deprecated_widgets.dpatch;patch=1 \
+        "
 
 inherit autotools