diff options
| author |   Samuli Suominen <ssuominen@gentoo.org> | 2007-11-06 21:14:00 +0000 |
|---|---|---|
| committer | Samuli Suominen <ssuominen@gentoo.org> | 2007-11-06 21:14:00 +0000 |
| commit | 5ecb71503bdfa9588c5137d56bf1d41d8e692015 (patch) | |
| tree | 51cfccc113ca9be2515d9a8c78a2b7502908a234 /media-sound/orpheus | |
| parent | Stable on amd64/x86 wrt bug #151465. (diff) | |
| download | historical-5ecb71503bdfa9588c5137d56bf1d41d8e692015.tar.gz historical-5ecb71503bdfa9588c5137d56bf1d41d8e692015.tar.bz2 historical-5ecb71503bdfa9588c5137d56bf1d41d8e692015.zip | |
Fix security bug 113683, CVE-2005-3863, a stack-based buffer overflow in kkstrtext.h in ktools library and stabilize amd64.
Package-Manager: portage-2.1.3.18
RepoMan-Options: --force
Diffstat (limited to 'media-sound/orpheus')
| -rw-r--r-- | media-sound/orpheus/ChangeLog | 11 | ||||
| -rw-r--r-- | media-sound/orpheus/Manifest | 29 | ||||
| -rw-r--r-- | media-sound/orpheus/files/101_fix-buffer-overflow.diff | 15 | ||||
| -rw-r--r-- | media-sound/orpheus/files/digest-orpheus-1.6-r1 | 3 | ||||
| -rw-r--r-- | media-sound/orpheus/orpheus-1.6-r1.ebuild | 55 |
5 files changed, 97 insertions, 16 deletions
diff --git a/media-sound/orpheus/ChangeLog b/media-sound/orpheus/ChangeLog index 3a5c93bfe929..acf61b53d1fd 100644 --- a/media-sound/orpheus/ChangeLog +++ b/media-sound/orpheus/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-sound/orpheus -# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/ChangeLog,v 1.21 2006/11/29 19:39:59 aballier Exp $ +# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/ChangeLog,v 1.22 2007/11/06 21:13:59 drac Exp $ + +*orpheus-1.6-r1 (06 Nov 2007) + + 06 Nov 2007; Samuli Suominen <drac@gentoo.org> + +files/101_fix-buffer-overflow.diff, +orpheus-1.6-r1.ebuild: + Fix security bug 113683, CVE-2005-3863, a stack-based buffer overflow in + kkstrtext.h in ktools library and stabilize amd64. 29 Nov 2006; Alexis Ballier <aballier@gentoo.org> orpheus-1.5.ebuild, orpheus-1.6.ebuild: diff --git a/media-sound/orpheus/Manifest b/media-sound/orpheus/Manifest index bae3767c2c22..4564d54e5d89 100644 --- a/media-sound/orpheus/Manifest +++ b/media-sound/orpheus/Manifest @@ -1,6 +1,3 @@ ------BEGIN PGP SIGNED MESSAGE----- -Hash: SHA1 - AUX 1.5-amd64.patch 962 RMD160 d1161a1f7aafdb629ebf9e04850183c7d976d841 SHA1 794a565b09895e46136ebb492a7d3e24dac780ae SHA256 cd0c12aebe6909dceba04b6db0741fa997bf86f2501cbed3fccf070c9802395a MD5 21e4e8d2352ea4f1541f8ac0b43d8b9c files/1.5-amd64.patch 962 RMD160 d1161a1f7aafdb629ebf9e04850183c7d976d841 files/1.5-amd64.patch 962 @@ -9,6 +6,10 @@ AUX 1.5-gcc34.patch 1505 RMD160 02befa91982b761cad2c0523d82c5768048dc706 SHA1 4f MD5 8a5d258c9488ec265c5b8005714062a3 files/1.5-gcc34.patch 1505 RMD160 02befa91982b761cad2c0523d82c5768048dc706 files/1.5-gcc34.patch 1505 SHA256 f92866d2138cd6cb7518cf87bedec3c4dd2f97a89dba0a03245d9ac5e40eed48 files/1.5-gcc34.patch 1505 +AUX 101_fix-buffer-overflow.diff 614 RMD160 01fa9fc617eb87a7cfbb099ca8a894d39d3b864b SHA1 e98ec36f1983219dcd4fcbbd263c4cb14d5200c1 SHA256 f6c2ee9d2e53b079764b40e85678b8d23664d86432c14cedf0246112c59f2501 +MD5 fc52bb9a55836a737bbe00b2da000da2 files/101_fix-buffer-overflow.diff 614 +RMD160 01fa9fc617eb87a7cfbb099ca8a894d39d3b864b files/101_fix-buffer-overflow.diff 614 +SHA256 f6c2ee9d2e53b079764b40e85678b8d23664d86432c14cedf0246112c59f2501 files/101_fix-buffer-overflow.diff 614 AUX orpheus-1.5-nolibghttp.patch 475 RMD160 aa45fc187839cf6d7ccb94de6b8d8cfa0434e21d SHA1 b3d38759986893c33d6412994bc2f351ea28deba SHA256 745ca13333819cc48c607d65f3ab643040d139c93949c81665a7a15ca0048b91 MD5 6b4e6c1d8496342960d4f4cb8abd6c52 files/orpheus-1.5-nolibghttp.patch 475 RMD160 aa45fc187839cf6d7ccb94de6b8d8cfa0434e21d files/orpheus-1.5-nolibghttp.patch 475 @@ -23,14 +24,18 @@ EBUILD orpheus-1.5.ebuild 1519 RMD160 98da850ff927521e77f010ef6c144048743f9150 S MD5 df67029112aaca73245c5952bd8d2209 orpheus-1.5.ebuild 1519 RMD160 98da850ff927521e77f010ef6c144048743f9150 orpheus-1.5.ebuild 1519 SHA256 b3bada661a457e15949b9bd45559f63e1b9e121b81993af78d6792ca6d9f64c3 orpheus-1.5.ebuild 1519 +EBUILD orpheus-1.6-r1.ebuild 1346 RMD160 75b5e324de4037628c43f5f08c69d8eee4d1e5be SHA1 c606a7d7ffe191b2ccbbda698b15c9b98c78b8a6 SHA256 bc8ef543b05f16a1b7124edd5f7044297249f2999fdeee7241e0b7488d6339c9 +MD5 b0ea2c569b6001a12075d9cc47836fc9 orpheus-1.6-r1.ebuild 1346 +RMD160 75b5e324de4037628c43f5f08c69d8eee4d1e5be orpheus-1.6-r1.ebuild 1346 +SHA256 bc8ef543b05f16a1b7124edd5f7044297249f2999fdeee7241e0b7488d6339c9 orpheus-1.6-r1.ebuild 1346 EBUILD orpheus-1.6.ebuild 1195 RMD160 b0b4e4c7100fe5f7cea22c9bd61d014cfc582a4f SHA1 713b9192273aa496702aa8b5ddee58ab0c8a50a1 SHA256 c177006e58ec333d59fd6b0c894155f1843aa5c18f46c4cad2f00688a85fd3ef MD5 088521b9fe4c01836260a5ca4dbbbde7 orpheus-1.6.ebuild 1195 RMD160 b0b4e4c7100fe5f7cea22c9bd61d014cfc582a4f orpheus-1.6.ebuild 1195 SHA256 c177006e58ec333d59fd6b0c894155f1843aa5c18f46c4cad2f00688a85fd3ef orpheus-1.6.ebuild 1195 -MISC ChangeLog 2935 RMD160 3c72a28249705bd702d53b058ba0a1daa2c641aa SHA1 aa39f50c171b12f5748b3362a1adb27a46cf3703 SHA256 f9673cb9ad45f75b5e2d588b0c15e407ced40e64bb29b8b9684e10236463cc5f -MD5 374294957cb32f8d1d6755240ad68ad8 ChangeLog 2935 -RMD160 3c72a28249705bd702d53b058ba0a1daa2c641aa ChangeLog 2935 -SHA256 f9673cb9ad45f75b5e2d588b0c15e407ced40e64bb29b8b9684e10236463cc5f ChangeLog 2935 +MISC ChangeLog 3203 RMD160 b26d6cec81b8858f79649fd2dd87972c1ecec22c SHA1 e3e08c8b443495cb1b7b875c2e459a6728b25f48 SHA256 ad4fbdd67e694e1a488313094606ed5404886a5becefc076688072f654550816 +MD5 ee83d4069bc3d7e9664f79b80e8c4d7a ChangeLog 3203 +RMD160 b26d6cec81b8858f79649fd2dd87972c1ecec22c ChangeLog 3203 +SHA256 ad4fbdd67e694e1a488313094606ed5404886a5becefc076688072f654550816 ChangeLog 3203 MISC metadata.xml 158 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e SHA1 703cea5a2109d41f7c87993c1f01d418a4c85174 SHA256 dfb5b47e6836db39fb187301dfcff1c2605e91d13d21db160806a563d8c75f9b MD5 a1eaeb2ae801daeb712c90c060e922dc metadata.xml 158 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e metadata.xml 158 @@ -41,10 +46,6 @@ SHA256 48cebbcbaf3ebc5871b103c78cfd44f8da3eaa622b441ae96920c7110aa8f383 files/di MD5 0250e8d74d234c9dcd09ef93e6a5d4f9 files/digest-orpheus-1.6 235 RMD160 c914cf74d96726de3de30c79732e9dc8d49cefdf files/digest-orpheus-1.6 235 SHA256 a200a84cbd8d7da2727ef2631b50aacadee6616e1e4b8429463e44f73f250c63 files/digest-orpheus-1.6 235 ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1.4.5 (GNU/Linux) - -iD8DBQFFbeG+vFcC4BYPU0oRAhupAJ0QQxFDk09h59tC/h1SA3tXXdUdDACgiuxk -PeeKk4cf3VGGt9dBgB3hfSo= -=Wm1c ------END PGP SIGNATURE----- +MD5 0250e8d74d234c9dcd09ef93e6a5d4f9 files/digest-orpheus-1.6-r1 235 +RMD160 c914cf74d96726de3de30c79732e9dc8d49cefdf files/digest-orpheus-1.6-r1 235 +SHA256 a200a84cbd8d7da2727ef2631b50aacadee6616e1e4b8429463e44f73f250c63 files/digest-orpheus-1.6-r1 235 diff --git a/media-sound/orpheus/files/101_fix-buffer-overflow.diff b/media-sound/orpheus/files/101_fix-buffer-overflow.diff new file mode 100644 index 000000000000..4d6c8e4e18a4 --- /dev/null +++ b/media-sound/orpheus/files/101_fix-buffer-overflow.diff @@ -0,0 +1,15 @@ +Fix a stack-based buffer overflow in kkstrtext.h in ktools library. +(CVE-2005-3863) (Closes: #368402) +Index: orpheus-1.5/kkstrtext-0.1/kkstrtext.h +=================================================================== +--- orpheus-1.5.orig/kkstrtext-0.1/kkstrtext.h 2003-12-14 11:51:38.000000000 +0100 ++++ orpheus-1.5/kkstrtext-0.1/kkstrtext.h 2006-08-01 21:57:14.000000000 +0200 +@@ -87,7 +87,7 @@ + { \ + va_list vgs__ap; char vgs__buf[1024]; \ + va_start(vgs__ap, fmt); \ +- vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \ ++ vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \ + va_end(vgs__ap); \ + } + diff --git a/media-sound/orpheus/files/digest-orpheus-1.6-r1 b/media-sound/orpheus/files/digest-orpheus-1.6-r1 new file mode 100644 index 000000000000..df58ce21c4ca --- /dev/null +++ b/media-sound/orpheus/files/digest-orpheus-1.6-r1 @@ -0,0 +1,3 @@ +MD5 718b57d507d4dfae5008e7fb53f7b840 orpheus-1.6.tar.gz 440553 +RMD160 bd1b04f8c1195074e648d1ed8731970f512e120a orpheus-1.6.tar.gz 440553 +SHA256 18a6a4b0171c8a2a5a09be6e2cd8fc781c145fde1b266e43a9902fef10ee6ff5 orpheus-1.6.tar.gz 440553 diff --git a/media-sound/orpheus/orpheus-1.6-r1.ebuild b/media-sound/orpheus/orpheus-1.6-r1.ebuild new file mode 100644 index 000000000000..7cfa792de848 --- /dev/null +++ b/media-sound/orpheus/orpheus-1.6-r1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/orpheus/orpheus-1.6-r1.ebuild,v 1.1 2007/11/06 21:13:59 drac Exp $ + +WANT_AUTOCONF=2.5 +WANT_AUTOMAKE=1.8 + +inherit eutils autotools + +DESCRIPTION="Command line MP3 player." +HOMEPAGE="http://konst.org.ua/en/orpheus" +SRC_URI="http://konst.org.ua/download/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha amd64 ~ppc ~sparc ~x86" +IUSE="cddb" + +DEPEND=">=sys-libs/ncurses-5.2 + >=media-libs/libvorbis-1.0_beta1 + virtual/mpg123 + cddb? ( gnome-base/libghttp ) + media-sound/vorbis-tools" + +src_unpack() { + unpack ${A} + cd "${S}" + + epatch "${FILESDIR}/1.5-amd64.patch" + + # Fix a stack-based buffer overflow in kkstrtext.h in ktools library. + # Bug 113683, CVE-2005-3863. + epatch "${FILESDIR}"/101_fix-buffer-overflow.diff + + # configures generated by different autoconf versions + # cause problems when calling econf + cd "${S}/kkstrtext-0.1" + eautoreconf + cd "${S}/kkconsui-0.1" + eautoreconf + + # force not using deprecated libghttp + cd "${S}" + use cddb || epatch "${FILESDIR}/${P}-nolibghttp.patch" +} + +src_compile() { + econf || die "configure failed" + emake || die "emake failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "make install failed" + dodoc AUTHORS ChangeLog NEWS README TODO +} |