Fixed a possible buffer overflow, bug 201293

(Portage version: 2.1.3.19)

2 files changed, 192 insertions, 0 deletions

diff --git a/xfce-base/xfce4-panel/files/digest-xfce4-panel-4.4.1-r2 b/xfce-base/xfce4-panel/files/digest-xfce4-panel-4.4.1-r2
new file mode 100644
index 000000000000..f6b6af03f6d1
--- /dev/null
+++ b/xfce-base/xfce4-panel/files/digest-xfce4-panel-4.4.1-r2
@@ -0,0 +1,3 @@
+MD5 56b3137c190dd722dd5109be03901feb xfce4-panel-4.4.1.tar.bz2 767669
+RMD160 53d804b18b363e3571d065435163a6f74df6b3ed xfce4-panel-4.4.1.tar.bz2 767669
+SHA256 a84cfc376b1c15f941177d5189668694db365591a4132cbd4d1ac5c7da3f43fa xfce4-panel-4.4.1.tar.bz2 767669
diff --git a/xfce-base/xfce4-panel/files/xfce4-panel-4.4.1-overflow.patch b/xfce-base/xfce4-panel/files/xfce4-panel-4.4.1-overflow.patch
new file mode 100644
index 000000000000..6ffa2561cdae
--- /dev/null
+++ b/xfce-base/xfce4-panel/files/xfce4-panel-4.4.1-overflow.patch
@@ -0,0 +1,189 @@
+Index: libxfce4panel/xfce-panel-plugin-iface.c
+===================================================================
+--- libxfce4panel/xfce-panel-plugin-iface.c	(revision 25772)
++++ libxfce4panel/xfce-panel-plugin-iface.c	(working copy)
+@@ -1127,7 +1127,7 @@
+     name = xfce_panel_plugin_get_name (plugin);
+     id = xfce_panel_plugin_get_id (plugin);
+ 
+-    g_snprintf (path, 255,
++    g_snprintf (path, sizeof(path),
+                 "xfce4" G_DIR_SEPARATOR_S
+                 "panel" G_DIR_SEPARATOR_S
+                 "%s-%s.rc",
+@@ -1161,7 +1161,7 @@
+     name = xfce_panel_plugin_get_name (plugin);
+     id = xfce_panel_plugin_get_id (plugin);
+ 
+-    g_snprintf (path, 255,
++    g_snprintf (path, sizeof(path),
+                 "xfce4" G_DIR_SEPARATOR_S
+                 "panel" G_DIR_SEPARATOR_S
+                 "%s-%s.rc",
+Index: plugins/launcher/launcher-dialog.c
+===================================================================
+--- plugins/launcher/launcher-dialog.c	(revision 25772)
++++ plugins/launcher/launcher-dialog.c	(working copy)
+@@ -1183,7 +1183,7 @@
+         {
+             char last[3];
+ 
+-            g_snprintf (last, 3, "%d", ld->launcher->entries->len - 2);
++            g_snprintf (last, sizeof(last), "%d", ld->launcher->entries->len - 2);
+             path = gtk_tree_path_new_from_string (last);
+         }
+         
+Index: plugins/launcher/launcher.c
+===================================================================
+--- plugins/launcher/launcher.c	(revision 25772)
++++ plugins/launcher/launcher.c	(working copy)
+@@ -370,7 +370,7 @@
+     {
+         char first[256];
+ 
+-        g_snprintf (first, 256, _("Could not run \"%s\""), entry->name);
++        g_snprintf (first, sizeof(first), _("Could not run \"%s\""), entry->name);
+     
+         xfce_message_dialog (NULL, _("Xfce Panel"), 
+                              GTK_STOCK_DIALOG_ERROR, first, error->message,
+@@ -395,7 +395,7 @@
+     {
+         char first[256];
+         
+-        g_snprintf (first, 256, _("Error in command \"%s\""), 
++        g_snprintf (first, sizeof(first), _("Error in command \"%s\""), 
+                     entry->real_exec);
+     
+         xfce_message_dialog (NULL, _("Xfce Panel"), 
+@@ -432,7 +432,7 @@
+     {
+         char first[256];
+         
+-        g_snprintf (first, 256, _("Could not run \"%s\""), entry->name);
++        g_snprintf (first, sizeof(first), _("Could not run \"%s\""), entry->name);
+     
+         xfce_message_dialog (NULL, _("Xfce Panel"), 
+                              GTK_STOCK_DIALOG_ERROR, first, error->message,
+@@ -739,11 +739,11 @@
+     if (entry->name || entry->comment)
+     {
+         if (entry->name && entry->comment)
+-            g_snprintf (tip, 521, "%s\n%s", entry->name, entry->comment);
++            g_snprintf (tip, sizeof(tip), "%s\n%s", entry->name, entry->comment);
+         else if (entry->name)
+-            g_strlcpy (tip, entry->name, 521);
++            g_strlcpy (tip, entry->name, sizeof(tip));
+         else
+-            g_strlcpy (tip, entry->comment, 521);
++            g_strlcpy (tip, entry->comment, sizeof(tip));
+ 
+         gtk_tooltips_set_tip (launcher->tips, launcher->iconbutton, tip, NULL);
+     }
+@@ -1029,7 +1029,7 @@
+         LauncherEntry *entry;
+         char group[10];
+         
+-        g_snprintf (group, 10, "Entry %d", i);
++        g_snprintf (group, sizeof(group), "Entry %d", i);
+         
+         if (!xfce_rc_has_group (rc, group))
+             break;
+@@ -1098,7 +1098,7 @@
+     {
+         LauncherEntry *entry = g_ptr_array_index (launcher->entries, i);
+ 
+-        g_snprintf (group, 10, "Entry %d", i);
++        g_snprintf (group, sizeof(group), "Entry %d", i);
+ 
+         xfce_rc_set_group (rc, group);
+ 
+Index: plugins/clock/clock.c
+===================================================================
+--- plugins/clock/clock.c	(revision 25772)
++++ plugins/clock/clock.c	(working copy)
+@@ -173,7 +173,7 @@
+ 	 * %B  : full month name
+ 	 * %Y  : four digit year
+ 	 */
+-        strftime(date_s, 255, _("%A %d %B %Y"), tm);
++        strftime(date_s, sizeof(date_s), _("%A %d %B %Y"), tm);
+ 
+         /* Conversion to utf8
+          * Patch by Oliver M. Bolzer <oliver@fakeroot.net>
+Index: panel/panel.c
+===================================================================
+--- panel/panel.c	(revision 25772)
++++ panel/panel.c	(working copy)
+@@ -988,7 +988,7 @@
+     static char id[30];
+     
+     /* unique number: pseudo-random time() + counter */
+-    g_snprintf (id, 30, "%ld%d", (glong) time (NULL), counter++);
++    g_snprintf (id, sizeof(id), "%ld%d", (glong) time (NULL), counter++);
+     
+     return id;
+ }
+Index: panel/panel-dialogs.c
+===================================================================
+--- panel/panel-dialogs.c	(revision 25772)
++++ panel/panel-dialogs.c	(working copy)
+@@ -259,12 +259,12 @@
+         
+         if (info->comment)
+         {
+-            g_snprintf (text, 512, "<b>%s</b>\n%s", info->display_name, 
++            g_snprintf (text, sizeof(text), "<b>%s</b>\n%s", info->display_name, 
+                                     info->comment);
+         }
+         else
+         {
+-            g_snprintf (text, 512, "<b>%s</b>", info->display_name);
++            g_snprintf (text, sizeof(text), "<b>%s</b>", info->display_name);
+         }
+ 
+         g_object_set (cell, "markup", text, 
+@@ -1276,7 +1276,7 @@
+                 gtk_widget_set_size_request (scroll, req.width, -1);
+             }
+ 
+-            g_snprintf (markup, 10, "<b>%d</b>", i + 1);
++            g_snprintf (markup, sizeof(markup), "<b>%d</b>", i + 1);
+             
+             ebox = gtk_event_box_new ();
+             style = gtk_widget_get_style (ebox);
+@@ -1382,7 +1382,7 @@
+     if (G_UNLIKELY (!composite_atom))
+     {
+         char text[16];
+-        g_snprintf (text, 16, "_NET_WM_CM_S%d", 
++        g_snprintf (text, sizeof(text), "_NET_WM_CM_S%d", 
+                     GDK_SCREEN_XNUMBER(gdk_screen_get_default()));
+         composite_atom = 
+             XInternAtom (GDK_DISPLAY (), text, False);
+@@ -1453,7 +1453,7 @@
+ 
+     panel_block_autohide (PANEL (g_ptr_array_index (pmd->panels, n)));
+ 
+-    g_snprintf (name, 20, _("Panel %d"), pmd->panels->len);
++    g_snprintf (name, sizeof(name), _("Panel %d"), pmd->panels->len);
+ 
+     gtk_combo_box_append_text (GTK_COMBO_BOX (pmd->panel_selector), name);
+ 
+@@ -1489,7 +1489,7 @@
+     {
+         char name[20];
+ 
+-        g_snprintf (name, 20, _("Panel %d"), i + 1);
++        g_snprintf (name, sizeof(name), _("Panel %d"), i + 1);
+ 
+         gtk_combo_box_append_text (GTK_COMBO_BOX (pmd->panel_selector), name);
+     }
+@@ -1514,7 +1514,7 @@
+     {
+         char name[20];
+ 
+-        g_snprintf (name, 20, _("Panel %d"), i + 1);
++        g_snprintf (name, sizeof(name), _("Panel %d"), i + 1);
+ 
+         gtk_combo_box_append_text (GTK_COMBO_BOX (pmd->panel_selector), name);
+     }