diff options
author | Samuli Suominen <drac@gentoo.org> | 2007-11-06 21:14:00 +0000 |
---|---|---|
committer | Samuli Suominen <drac@gentoo.org> | 2007-11-06 21:14:00 +0000 |
commit | 4baa7fd27f1244da8c65892dfc24af1ae9e09edd (patch) | |
tree | c09c5096e862d3c16f147dfda7fcfb759adaa062 /media-sound | |
parent | Stable on amd64/x86 wrt bug #151465. (diff) | |
download | gentoo-2-4baa7fd27f1244da8c65892dfc24af1ae9e09edd.tar.gz gentoo-2-4baa7fd27f1244da8c65892dfc24af1ae9e09edd.tar.bz2 gentoo-2-4baa7fd27f1244da8c65892dfc24af1ae9e09edd.zip |
Fix security bug 113683, CVE-2005-3863, a stack-based buffer overflow in kkstrtext.h in ktools library and stabilize amd64.
(Portage version: 2.1.3.18, RepoMan options: --force)
Diffstat (limited to 'media-sound')
-rw-r--r-- | media-sound/orpheus/ChangeLog | 11 | ||||
-rw-r--r-- | media-sound/orpheus/files/101_fix-buffer-overflow.diff | 15 | ||||
-rw-r--r-- | media-sound/orpheus/files/digest-orpheus-1.6-r1 | 3 | ||||
-rw-r--r-- | media-sound/orpheus/orpheus-1.6-r1.ebuild | 55 |
4 files changed, 82 insertions, 2 deletions
diff --git a/media-sound/orpheus/ChangeLog b/media-sound/orpheus/ChangeLog index 3a5c93bfe929..acf61b53d1fd 100644 --- a/media-sound/orpheus/ChangeLog +++ b/media-sound/orpheus/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-sound/orpheus -# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/ChangeLog,v 1.21 2006/11/29 19:39:59 aballier Exp $ +# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/ChangeLog,v 1.22 2007/11/06 21:13:59 drac Exp $ + +*orpheus-1.6-r1 (06 Nov 2007) + + 06 Nov 2007; Samuli Suominen <drac@gentoo.org> + +files/101_fix-buffer-overflow.diff, +orpheus-1.6-r1.ebuild: + Fix security bug 113683, CVE-2005-3863, a stack-based buffer overflow in + kkstrtext.h in ktools library and stabilize amd64. 29 Nov 2006; Alexis Ballier <aballier@gentoo.org> orpheus-1.5.ebuild, orpheus-1.6.ebuild: diff --git a/media-sound/orpheus/files/101_fix-buffer-overflow.diff b/media-sound/orpheus/files/101_fix-buffer-overflow.diff new file mode 100644 index 000000000000..4d6c8e4e18a4 --- /dev/null +++ b/media-sound/orpheus/files/101_fix-buffer-overflow.diff @@ -0,0 +1,15 @@ +Fix a stack-based buffer overflow in kkstrtext.h in ktools library. +(CVE-2005-3863) (Closes: #368402) +Index: orpheus-1.5/kkstrtext-0.1/kkstrtext.h +=================================================================== +--- orpheus-1.5.orig/kkstrtext-0.1/kkstrtext.h 2003-12-14 11:51:38.000000000 +0100 ++++ orpheus-1.5/kkstrtext-0.1/kkstrtext.h 2006-08-01 21:57:14.000000000 +0200 +@@ -87,7 +87,7 @@ + { \ + va_list vgs__ap; char vgs__buf[1024]; \ + va_start(vgs__ap, fmt); \ +- vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \ ++ vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \ + va_end(vgs__ap); \ + } + diff --git a/media-sound/orpheus/files/digest-orpheus-1.6-r1 b/media-sound/orpheus/files/digest-orpheus-1.6-r1 new file mode 100644 index 000000000000..df58ce21c4ca --- /dev/null +++ b/media-sound/orpheus/files/digest-orpheus-1.6-r1 @@ -0,0 +1,3 @@ +MD5 718b57d507d4dfae5008e7fb53f7b840 orpheus-1.6.tar.gz 440553 +RMD160 bd1b04f8c1195074e648d1ed8731970f512e120a orpheus-1.6.tar.gz 440553 +SHA256 18a6a4b0171c8a2a5a09be6e2cd8fc781c145fde1b266e43a9902fef10ee6ff5 orpheus-1.6.tar.gz 440553 diff --git a/media-sound/orpheus/orpheus-1.6-r1.ebuild b/media-sound/orpheus/orpheus-1.6-r1.ebuild new file mode 100644 index 000000000000..7cfa792de848 --- /dev/null +++ b/media-sound/orpheus/orpheus-1.6-r1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/orpheus-1.6-r1.ebuild,v 1.1 2007/11/06 21:13:59 drac Exp $ + +WANT_AUTOCONF=2.5 +WANT_AUTOMAKE=1.8 + +inherit eutils autotools + +DESCRIPTION="Command line MP3 player." +HOMEPAGE="http://konst.org.ua/en/orpheus" +SRC_URI="http://konst.org.ua/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 ~ppc ~sparc ~x86" +IUSE="cddb" + +DEPEND=">=sys-libs/ncurses-5.2 + >=media-libs/libvorbis-1.0_beta1 + virtual/mpg123 + cddb? ( gnome-base/libghttp ) + media-sound/vorbis-tools" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/1.5-amd64.patch" + + # Fix a stack-based buffer overflow in kkstrtext.h in ktools library. + # Bug 113683, CVE-2005-3863. + epatch "${FILESDIR}"/101_fix-buffer-overflow.diff + + # configures generated by different autoconf versions + # cause problems when calling econf + cd "${S}/kkstrtext-0.1" + eautoreconf + cd "${S}/kkconsui-0.1" + eautoreconf + + # force not using deprecated libghttp + cd "${S}" + use cddb || epatch "${FILESDIR}/${P}-nolibghttp.patch" +} + +src_compile() { + econf || die "configure failed" + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + dodoc AUTHORS ChangeLog NEWS README TODO +} |