diff options
author | salo <salo@pkgsrc.org> | 2005-04-16 15:47:16 +0000 |
---|---|---|
committer | salo <salo@pkgsrc.org> | 2005-04-16 15:47:16 +0000 |
commit | 1643213a74dc682b3e822b98f2f42c7786f65b34 (patch) | |
tree | 1ac1a27758a915399ce5611c6cb831d7639ce393 | |
parent | 40468cee3c87912d04365ca5a61dd332ad216c49 (diff) | |
download | pkgsrc-1643213a74dc682b3e822b98f2f42c7786f65b34.tar.gz |
Pullup ticket 439 - requested by Julio M. Merino Vidal
security fix for gnome-vfs2-cdda
Revisions pulled up:
- pkgsrc/audio/gnome-vfs2-cdda/Makefile 1.6
- pkgsrc/sysutils/gnome-vfs2/patches/patch-ac 1.5
Patch provided by the submitter for gnome-vfs2/distinfo.
Module Name: pkgsrc
Committed By: jmmv
Date: Tue Apr 12 20:12:02 UTC 2005
Modified Files:
pkgsrc/audio/gnome-vfs2-cdda: Makefile
pkgsrc/sysutils/gnome-vfs2: distinfo
Added Files:
pkgsrc/sysutils/gnome-vfs2/patches: patch-ac
Log Message:
Apply patch from Gentoo to fix security problem in the cdda module.
Bump gnome-vfs2-cdda's module to 1.
Quoting the Gentoo advisory: "The GnomeVFS and libcdaudio libraries
contain a buffer overflow that can be triggered by a large CDDB response,
potentially allowing the execution of arbitrary code."
See http://www.gentoo.org/security/en/glsa/glsa-200504-07.xml and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 for more
information.
-rw-r--r-- | audio/gnome-vfs2-cdda/Makefile | 3 | ||||
-rw-r--r-- | sysutils/gnome-vfs2/distinfo | 3 | ||||
-rw-r--r-- | sysutils/gnome-vfs2/patches/patch-ac | 13 |
3 files changed, 17 insertions, 2 deletions
diff --git a/audio/gnome-vfs2-cdda/Makefile b/audio/gnome-vfs2-cdda/Makefile index b26b6bed87d..1934ed6da37 100644 --- a/audio/gnome-vfs2-cdda/Makefile +++ b/audio/gnome-vfs2-cdda/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.5 2005/02/26 17:23:01 jmmv Exp $ +# $NetBSD: Makefile,v 1.5.2.1 2005/04/16 15:47:16 salo Exp $ # GNOME_VFS2_NAME= cdda +PKGREVISION= 1 CATEGORIES= audio CPPFLAGS+= -I${BUILDLINK_PREFIX.cdparanoia}/include/cdparanoia diff --git a/sysutils/gnome-vfs2/distinfo b/sysutils/gnome-vfs2/distinfo index de8ee4ba937..1df02342b19 100644 --- a/sysutils/gnome-vfs2/distinfo +++ b/sysutils/gnome-vfs2/distinfo @@ -1,10 +1,11 @@ -$NetBSD: distinfo,v 1.33 2005/02/26 17:23:01 jmmv Exp $ +$NetBSD: distinfo,v 1.33.2.1 2005/04/16 15:47:16 salo Exp $ SHA1 (gnome-vfs-2.8.4.tar.bz2) = cb88f0c828f0750cc64336f314c84fe32bd21842 RMD160 (gnome-vfs-2.8.4.tar.bz2) = c1037fca36955adaece9a1a78958d87217fcaf15 Size (gnome-vfs-2.8.4.tar.bz2) = 1892413 bytes SHA1 (patch-aa) = a5a3ac6be3e2a888eaaab108807d2aff651e62db SHA1 (patch-ab) = 6320180870f234a150dfe40f8f990deec7a2a0b5 +SHA1 (patch-ac) = 6c9604b57eab2429935dffac8c17e09fa6e3e53a SHA1 (patch-ad) = 326e835c7fd1d2e25ac2ae4736347d38ffe8ea06 SHA1 (patch-ae) = 32fe1a4e82d96bf80f3364704e7369a4ee778e0f SHA1 (patch-af) = 2bfce4e7612e8e1322f870e256d2ba9b587d79ff diff --git a/sysutils/gnome-vfs2/patches/patch-ac b/sysutils/gnome-vfs2/patches/patch-ac new file mode 100644 index 00000000000..8fecf7c416b --- /dev/null +++ b/sysutils/gnome-vfs2/patches/patch-ac @@ -0,0 +1,13 @@ +$NetBSD: patch-ac,v 1.4.4.1 2005/04/16 15:47:16 salo Exp $ + +--- modules/cdda-cddb.c.orig 2004-07-25 15:40:35.000000000 +0000 ++++ modules/cdda-cddb.c +@@ -440,7 +440,7 @@ CDDBDoQuery (cdrom_drive *cd_desc, CDDBS + query->query_match=MATCH_INEXACT; + query->query_matches=0; + +- while(!CDDBReadLine(socket,inbuffer,256)) { ++ while(query->query_matches < MAX_INEXACT_MATCHES && !CDDBReadLine(socket,inbuffer,256)) { + query->query_list[query->query_matches].list_genre= + CDDBGenreValue(ChopWhite(strtok(inbuffer," "))); + |