attempt to backport security fix to 0.8.7, hopefully can be made stable soon

5 files changed, 141 insertions, 1 deletions

diff --git a/dev-db/mysqlcc/ChangeLog b/dev-db/mysqlcc/ChangeLog
index b266f8ced5ec..2564e4c76fb0 100644
--- a/dev-db/mysqlcc/ChangeLog
+++ b/dev-db/mysqlcc/ChangeLog
@@ -1,6 +1,19 @@
 # ChangeLog for dev-db/mysqlcc
 # Copyright 2002-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-db/mysqlcc/ChangeLog,v 1.6 2003/03/09 19:47:23 rac Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-db/mysqlcc/ChangeLog,v 1.7 2003/03/09 22:42:42 rac Exp $
+
+*mysqlcc-0.8.7-r1 (09 Mar 2003)
+
+  09 Mar 2003; <rac@gentoo.org> mysqlcc-0.8.7-r1.ebuild,
+  files/mysqlcc-0.8.7-configperms.patch, files/mysqlcc-0.8.7-qmakespec.patch:
+  The config.sub included with this package does not recognize linux-gnu
+  machines correctly, so replace it with one taken from a local automake
+  installation and run autoreconf.  Allow the ebuild to override the
+  QMAKESPEC variable, so that 'linux-g++' is picked up correctly.  These
+  are backported from the 0.8.10-r1 ebuild.  Also attempt to backport
+  the security fix eliminating world-readable configuration files and
+  directories that was applied upstream in 0.8.9, since 0.8.7 seems to
+  be the last version that will compile against MySQL 3.x.
 
 *mysqlcc-0.8.10-r1 (04 Mar 2003)
 
diff --git a/dev-db/mysqlcc/files/digest-mysqlcc-0.8.7-r1 b/dev-db/mysqlcc/files/digest-mysqlcc-0.8.7-r1
new file mode 100644
index 000000000000..1ae841bca8d1
--- /dev/null
+++ b/dev-db/mysqlcc/files/digest-mysqlcc-0.8.7-r1
@@ -0,0 +1 @@
+MD5 f6069be95adbf5049e9088610eed8c2e mysqlcc-0.8.7-src.tar.gz 404997
diff --git a/dev-db/mysqlcc/files/mysqlcc-0.8.7-configperms.patch b/dev-db/mysqlcc/files/mysqlcc-0.8.7-configperms.patch
new file mode 100644
index 000000000000..c3f97aaa93b3
--- /dev/null
+++ b/dev-db/mysqlcc/files/mysqlcc-0.8.7-configperms.patch
@@ -0,0 +1,51 @@
+# This is an attempt to backport the security fix for leaving config
+# files and directories world-readable that was originally applied in
+# 0.8.9.  0.8.7 seems to be the last version that will compile without
+# MySQL 4.
+# Robert Coie <rac@gentoo.org> 2003.03.09
+
+--- src/CConfig.cpp.orig	2003-03-09 13:25:08.000000000 -0800
++++ src/CConfig.cpp	2003-03-09 13:27:19.000000000 -0800
+@@ -20,6 +20,12 @@
+ #include <qdir.h>
+ #include <qstringlist.h>
+ #include <qfile.h>
++
++#ifndef WIN32
++#include <sys/types.h>
++#include <sys/stat.h>
++#endif
++
+ #include "globals.h"
+ #include "config.h"
+ 
+@@ -183,6 +189,14 @@
+     for (QMap<QString, QString>::Iterator it = entries.begin(); it != entries.end(); ++it)
+       t_strm << it.key() << "\t=\t" << it.data() << "\r\n";
+     f_strm.close();
++#ifndef WIN32
++    if (chmod(absoluteConfigFileName, S_IRUSR | S_IWUSR) != 0)
++    {
++#ifdef DEBUG
++      qDebug("CConfig::save() - Coudn't set mode 600 for" + absoluteConfigFileName);
++#endif
++    }
++#endif
+     return true;    
+   }
+   else
+@@ -312,6 +326,14 @@
+ #ifdef DEBUG
+       qDebug("private static CConfig::createDirectory() - " + d + " was created successfully.");
+ #endif
++#ifndef WIN32
++      if (chmod(d, S_IRUSR | S_IWUSR | S_IXUSR) != 0)
++      {
++#ifdef DEBUG
++        qDebug("private static CConfig::createDirectory() - Coudn't set mode 700 for" + d);
++#endif
++      }
++#endif
+       return true;
+     }
+     else
diff --git a/dev-db/mysqlcc/files/mysqlcc-0.8.7-qmakespec.patch b/dev-db/mysqlcc/files/mysqlcc-0.8.7-qmakespec.patch
new file mode 100644
index 000000000000..0a80f4c62ea6
--- /dev/null
+++ b/dev-db/mysqlcc/files/mysqlcc-0.8.7-qmakespec.patch
@@ -0,0 +1,17 @@
+--- configure.in.orig	2003-03-04 13:13:05.000000000 -0800
++++ configure.in	2003-03-04 13:13:53.000000000 -0800
+@@ -24,7 +24,13 @@
+ AC_SUBST(MYSQLCC_HEADERS)
+ AC_SUBST(MYSQLCC_SOURCES)
+ AC_OUTPUT(mysqlcc.pro)
+-QMAKESPEC=$QTDIR/mkspecs/$host_os
++
++# the following line is disabled so that we can specify QMAKESPEC from
++# the ebuild - otherwise on some systems it looks for 'linux-gcc',
++# rather than the correct 'linux-g++'
++# Robert Coie <rac@gentoo.org> 2003.03.04
++#QMAKESPEC=$QTDIR/mkspecs/$host_os
++
+ echo "Creating Makefile with qmake"
+ QMAKESPEC=$QMAKESPEC QTDIR=$QTDIR $QTDIR/bin/qmake mysqlcc.pro
+ if test ! $? = 0 ; then
diff --git a/dev-db/mysqlcc/mysqlcc-0.8.7-r1.ebuild b/dev-db/mysqlcc/mysqlcc-0.8.7-r1.ebuild
new file mode 100644
index 000000000000..504037b359b5
--- /dev/null
+++ b/dev-db/mysqlcc/mysqlcc-0.8.7-r1.ebuild
@@ -0,0 +1,58 @@
+# Copyright 1999-2003 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header:
+
+S=${WORKDIR}/${P}-src
+DESCRIPTION="a MySQL GUI Client"
+HOMEPAGE="http://www.mysql.com/"
+SRC_URI="ftp://ftp.sunet.se/pub/unix/databases/relational/mysql/Downloads/MyCC/${P}-src.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~x86"
+IUSE="X qt"
+
+DEPEND="virtual/glibc
+	>=x11-libs/qt-3.0.5
+	dev-db/mysql"
+RDEPEND=""
+
+inherit eutils
+
+src_unpack() {
+	unpack ${P}-src.tar.gz ; cd ${S}
+	epatch ${FILESDIR}/${P}-qmakespec.patch
+	epatch ${FILESDIR}/${P}-configperms.patch
+}
+
+src_compile() {
+	# The config.sub in this distribution appears to be very stale
+	# so we replace it with one from a known better source.  I am
+	# not attached to using 1.4, but it seemed like it had the best
+	# chance of compatibility.
+	# Robert Coie <rac@gentoo.org> 2003.03.03
+	if [ -e /usr/share/automake-1.4/config.sub ]; then
+		cp /usr/share/automake-1.4/config.sub ${S}
+	fi
+	cd ${S}; autoreconf -f; 
+
+	econf || die
+
+	cp Makefile Makefile.orig
+	sed -e "s:CFLAGS   = -pipe -Wall -W -g:CFLAGS   = ${CFLAGS}:" \
+		-e "s:CXXFLAGS = -pipe -Wall -W -g:CXXFLAGS = ${CXXFLAGS}:" \
+		Makefile.orig > Makefile
+		
+	QTDIR=$QTDIR 
+	emake || die
+}
+
+src_install() {
+	dobin mysqlcc
+	dodir /usr/share/mysqlcc
+	insinto /usr/share/mysqlcc
+	doins warning.wav information.wav error.wav syntax.txt
+	dodir /usr/share/mysqlcc/translations
+	insinto /usr/share/mysqlcc/translations 
+	doins translations/Espanol.qm  translations/Espanol.ts  translations/Russian.qm  translations/Russian.ts
+}