summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSamuli Suominen <drac@gentoo.org>2007-11-06 21:14:00 +0000
committerSamuli Suominen <drac@gentoo.org>2007-11-06 21:14:00 +0000
commit4baa7fd27f1244da8c65892dfc24af1ae9e09edd (patch)
treec09c5096e862d3c16f147dfda7fcfb759adaa062 /media-sound
parentStable on amd64/x86 wrt bug #151465. (diff)
downloadgentoo-2-4baa7fd27f1244da8c65892dfc24af1ae9e09edd.tar.gz
gentoo-2-4baa7fd27f1244da8c65892dfc24af1ae9e09edd.tar.bz2
gentoo-2-4baa7fd27f1244da8c65892dfc24af1ae9e09edd.zip
Fix security bug 113683, CVE-2005-3863, a stack-based buffer overflow in kkstrtext.h in ktools library and stabilize amd64.
(Portage version: 2.1.3.18, RepoMan options: --force)
Diffstat (limited to 'media-sound')
-rw-r--r--media-sound/orpheus/ChangeLog11
-rw-r--r--media-sound/orpheus/files/101_fix-buffer-overflow.diff15
-rw-r--r--media-sound/orpheus/files/digest-orpheus-1.6-r13
-rw-r--r--media-sound/orpheus/orpheus-1.6-r1.ebuild55
4 files changed, 82 insertions, 2 deletions
diff --git a/media-sound/orpheus/ChangeLog b/media-sound/orpheus/ChangeLog
index 3a5c93bfe929..acf61b53d1fd 100644
--- a/media-sound/orpheus/ChangeLog
+++ b/media-sound/orpheus/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for media-sound/orpheus
-# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/ChangeLog,v 1.21 2006/11/29 19:39:59 aballier Exp $
+# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/ChangeLog,v 1.22 2007/11/06 21:13:59 drac Exp $
+
+*orpheus-1.6-r1 (06 Nov 2007)
+
+ 06 Nov 2007; Samuli Suominen <drac@gentoo.org>
+ +files/101_fix-buffer-overflow.diff, +orpheus-1.6-r1.ebuild:
+ Fix security bug 113683, CVE-2005-3863, a stack-based buffer overflow in
+ kkstrtext.h in ktools library and stabilize amd64.
29 Nov 2006; Alexis Ballier <aballier@gentoo.org> orpheus-1.5.ebuild,
orpheus-1.6.ebuild:
diff --git a/media-sound/orpheus/files/101_fix-buffer-overflow.diff b/media-sound/orpheus/files/101_fix-buffer-overflow.diff
new file mode 100644
index 000000000000..4d6c8e4e18a4
--- /dev/null
+++ b/media-sound/orpheus/files/101_fix-buffer-overflow.diff
@@ -0,0 +1,15 @@
+Fix a stack-based buffer overflow in kkstrtext.h in ktools library.
+(CVE-2005-3863) (Closes: #368402)
+Index: orpheus-1.5/kkstrtext-0.1/kkstrtext.h
+===================================================================
+--- orpheus-1.5.orig/kkstrtext-0.1/kkstrtext.h 2003-12-14 11:51:38.000000000 +0100
++++ orpheus-1.5/kkstrtext-0.1/kkstrtext.h 2006-08-01 21:57:14.000000000 +0200
+@@ -87,7 +87,7 @@
+ { \
+ va_list vgs__ap; char vgs__buf[1024]; \
+ va_start(vgs__ap, fmt); \
+- vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \
++ vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \
+ va_end(vgs__ap); \
+ }
+
diff --git a/media-sound/orpheus/files/digest-orpheus-1.6-r1 b/media-sound/orpheus/files/digest-orpheus-1.6-r1
new file mode 100644
index 000000000000..df58ce21c4ca
--- /dev/null
+++ b/media-sound/orpheus/files/digest-orpheus-1.6-r1
@@ -0,0 +1,3 @@
+MD5 718b57d507d4dfae5008e7fb53f7b840 orpheus-1.6.tar.gz 440553
+RMD160 bd1b04f8c1195074e648d1ed8731970f512e120a orpheus-1.6.tar.gz 440553
+SHA256 18a6a4b0171c8a2a5a09be6e2cd8fc781c145fde1b266e43a9902fef10ee6ff5 orpheus-1.6.tar.gz 440553
diff --git a/media-sound/orpheus/orpheus-1.6-r1.ebuild b/media-sound/orpheus/orpheus-1.6-r1.ebuild
new file mode 100644
index 000000000000..7cfa792de848
--- /dev/null
+++ b/media-sound/orpheus/orpheus-1.6-r1.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/orpheus-1.6-r1.ebuild,v 1.1 2007/11/06 21:13:59 drac Exp $
+
+WANT_AUTOCONF=2.5
+WANT_AUTOMAKE=1.8
+
+inherit eutils autotools
+
+DESCRIPTION="Command line MP3 player."
+HOMEPAGE="http://konst.org.ua/en/orpheus"
+SRC_URI="http://konst.org.ua/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~ppc ~sparc ~x86"
+IUSE="cddb"
+
+DEPEND=">=sys-libs/ncurses-5.2
+ >=media-libs/libvorbis-1.0_beta1
+ virtual/mpg123
+ cddb? ( gnome-base/libghttp )
+ media-sound/vorbis-tools"
+
+src_unpack() {
+ unpack ${A}
+ cd "${S}"
+
+ epatch "${FILESDIR}/1.5-amd64.patch"
+
+ # Fix a stack-based buffer overflow in kkstrtext.h in ktools library.
+ # Bug 113683, CVE-2005-3863.
+ epatch "${FILESDIR}"/101_fix-buffer-overflow.diff
+
+ # configures generated by different autoconf versions
+ # cause problems when calling econf
+ cd "${S}/kkstrtext-0.1"
+ eautoreconf
+ cd "${S}/kkconsui-0.1"
+ eautoreconf
+
+ # force not using deprecated libghttp
+ cd "${S}"
+ use cddb || epatch "${FILESDIR}/${P}-nolibghttp.patch"
+}
+
+src_compile() {
+ econf || die "configure failed"
+ emake || die "emake failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "make install failed"
+ dodoc AUTHORS ChangeLog NEWS README TODO
+}