Fix overflow, bug 339451 by Kevin McCarthy.

Package-Manager: portage-2.1.10.49/cvs/Linux x86_64

4 files changed, 66 insertions, 10 deletions

diff --git a/app-misc/rioutil/ChangeLog b/app-misc/rioutil/ChangeLog
index 53d8813c7c18..e2c6832f541f 100644
--- a/app-misc/rioutil/ChangeLog
+++ b/app-misc/rioutil/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for app-misc/rioutil
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-misc/rioutil/ChangeLog,v 1.28 2011/03/20 18:23:42 ssuominen Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/rioutil/ChangeLog,v 1.29 2012/03/03 16:00:27 pacho Exp $
+
+*rioutil-1.5.0-r2 (03 Mar 2012)
+
+  03 Mar 2012; Pacho Ramos <pacho@gentoo.org>
+  +files/rioutil-1.5.0-buffer-overflow.patch, +rioutil-1.5.0-r2.ebuild:
+  Fix overflow, bug 339451 by Kevin McCarthy.
 
   20 Mar 2011; Samuli Suominen <ssuominen@gentoo.org> rioutil-1.5.0-r1.ebuild:
   Fix libusb depend to correct SLOT and install udev rules to /lib/udev instead
diff --git a/app-misc/rioutil/Manifest b/app-misc/rioutil/Manifest
index c9553ed982dd..298d997fd952 100644
--- a/app-misc/rioutil/Manifest
+++ b/app-misc/rioutil/Manifest
@@ -1,17 +1,17 @@
 -----BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA256
+Hash: SHA1
 
 AUX 75-rio.rules 1452 RMD160 4f11a45f0ee1d103c5047ab317dc7565e227e3f4 SHA1 4a13b07e0844a3c9b3d5b8b376a2494677010ec9 SHA256 43f50ee1aa1af9e603278bf72557581cb59226af6e84473a43315c73e724b479
+AUX rioutil-1.5.0-buffer-overflow.patch 515 RMD160 bd3e476b46888c27619d8b9a557889bb7b3b77e1 SHA1 2cf9d8494e55badcc9221425d71687b48372ca1f SHA256 4dc93722ca35ece7bfff4cb472972a0a9a4d50c7847ea7c60ee2a053398e476b
 DIST rioutil-1.5.0.tar.gz 401244 RMD160 2f1db9eb36501aecdb388278d5f7c1876bfebf19 SHA1 f775bab0ed7ec456dd5d2826083ca8a5075aa4ec SHA256 4991cda30bcd0cd01097c4d220c5facf67e988d4bbfc2f272a359ac89d52e9a7
 EBUILD rioutil-1.5.0-r1.ebuild 763 RMD160 1bf2420d173dbc76c89e0e366f9e8b0a7542b185 SHA1 cfe5155929594a67e7752f3264b6a26d06b67d9a SHA256 362fb27d04b027955612730dea62a13b458f0e8296703c86f7a6bd5c0556f6c8
-MISC ChangeLog 4055 RMD160 c24db1b4be27f4934edf40a350bade18337957d0 SHA1 f1d81415486d3a004dfa8573a8a56059fa10d168 SHA256 b59c6c408504b5ae34cf3b0cfc31385b2655e34f35288c195c0a292c405f5a9a
+EBUILD rioutil-1.5.0-r2.ebuild 949 RMD160 a8543e8efceb299b5539f00728725cd740cd33c1 SHA1 914e52bfd3840f61fef57a22ec9f27c4a06809a4 SHA256 363332c713aa144e0b0941b125ce524c931faf58275eeb91a23638e63bd4d0c7
+MISC ChangeLog 4249 RMD160 e8edec93160f1ecbc0dd375d4afad934005011e5 SHA1 01c5dc9a9d2a469ea0c75a23cebd5ab78abd61c8 SHA256 3265accf2fd901ed559ecd27af82d8eb4a664c54f0c0392ede347d1d0dbbc487
 MISC metadata.xml 292 RMD160 354d84d97415a69afafccaae6cd627760a95475f SHA1 6266efbae4646d6658dacb480b8f3a78e5c4735f SHA256 ed31222caf411bbd2101fd43f6b711048213b7ecf27ce7f1643eff0f0ed5f2b3
 -----BEGIN PGP SIGNATURE-----
-Version: GnuPG v2.0.18 (GNU/Linux)
+Version: GnuPG v2.0.17 (GNU/Linux)
 
-iJwEAQEIAAYFAk58/5IACgkQfXuS5UK5QB0hLAQAnDz/96Y8X+5O740UFnvPUmYQ
-a016XVCnhQIEGkF16lGQnt8mFIFa90UL1+cfLKRpAE30zhZxHQ8N7XaC5U6+p6hu
-Ync7Q9cgygDai6o2DiPlX0P6aSQhIg5LJ8elADyOA0IhbGIBdDKIpiaxaAy7m5b3
-2d0jZiKqprtrwSfDiwo=
-=hWFa
+iEYEARECAAYFAk9SQCAACgkQCaWpQKGI+9TLdACdFgi8CbsAf17W7byXICFHnKO9
+yisAnAp1Ahx66fNA8blAb/1WyKtu0o36
+=uiEb
 -----END PGP SIGNATURE-----
diff --git a/app-misc/rioutil/files/rioutil-1.5.0-buffer-overflow.patch b/app-misc/rioutil/files/rioutil-1.5.0-buffer-overflow.patch
new file mode 100644
index 000000000000..1739a146c485
--- /dev/null
+++ b/app-misc/rioutil/files/rioutil-1.5.0-buffer-overflow.patch
@@ -0,0 +1,15 @@
+flist->genre is defined as 'char genre[17]' so don't copy 22 into it
+
+Patch by Kevin McCarthy <signals42@gmail.com>
+
+--- librioutil/file_list.c
++++ librioutil/file_list.c
+@@ -241,7 +241,7 @@
+   strncpy(flist->title,  info.data->title, 64);
+   strncpy(flist->album,  info.data->album, 64);
+   strncpy(flist->name,   info.data->name, 64);
+-  strncpy(flist->genre,  (char *)info.data->genre2, 22);
++  strncpy(flist->genre,  (char *)info.data->genre2, 17);
+ 
+   strncpy(flist->year,   (char *)info.data->year2, 4);
+   
diff --git a/app-misc/rioutil/rioutil-1.5.0-r2.ebuild b/app-misc/rioutil/rioutil-1.5.0-r2.ebuild
new file mode 100644
index 000000000000..80963fe16ecf
--- /dev/null
+++ b/app-misc/rioutil/rioutil-1.5.0-r2.ebuild
@@ -0,0 +1,35 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-misc/rioutil/rioutil-1.5.0-r2.ebuild,v 1.1 2012/03/03 16:00:26 pacho Exp $
+
+EAPI=4
+inherit multilib eutils
+
+DESCRIPTION="Command line tool for transfering mp3s to and from a Rio 600, 800, Rio Riot, and Nike PSA/Play"
+HOMEPAGE="http://rioutil.sourceforge.net/"
+SRC_URI="mirror://sourceforge/rioutil/${P}.tar.gz"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc ~x86"
+IUSE=""
+
+RDEPEND="virtual/libusb:0"
+DEPEND="${RDEPEND}"
+
+src_prepare() {
+	epatch "${FILESDIR}/${P}-buffer-overflow.patch"
+}
+
+src_configure() {
+	econf --disable-static
+}
+
+src_install() {
+	emake DESTDIR="${D}" libdir="/usr/$(get_libdir)" install
+	find "${D}" -name '*.la' -exec rm -f {} + || die "la file removal failed"
+	dodoc AUTHORS ChangeLog NEWS README TODO
+
+	insinto /$(get_libdir)/udev/rules.d
+	doins "${FILESDIR}"/75-rio.rules
+}