pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc Apply patch from Gentoo to fix security problem in the...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/2993fdc2c90a
branches:  trunk
changeset: 492445:2993fdc2c90a
user:      jmmv <jmmv%pkgsrc.org@localhost>
date:      Tue Apr 12 20:12:02 2005 +0000

description:
Apply patch from Gentoo to fix security problem in the cdda module.  Bump
gnome-vfs2-cdda's module to 1.

Quoting the Gentoo advisory: "The GnomeVFS and libcdaudio libraries contain
a buffer overflow that can be triggered by a large CDDB response, potentially
allowing the execution of arbitrary code."

See http://www.gentoo.org/security/en/glsa/glsa-200504-07.xml and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 for more
information.

diffstat:

 audio/gnome-vfs2-cdda/Makefile       |   3 ++-
 sysutils/gnome-vfs2/distinfo         |   3 ++-
 sysutils/gnome-vfs2/patches/patch-ac |  13 +++++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diffs (46 lines):

diff -r b569f2f9e825 -r 2993fdc2c90a audio/gnome-vfs2-cdda/Makefile
--- a/audio/gnome-vfs2-cdda/Makefile    Tue Apr 12 19:00:37 2005 +0000
+++ b/audio/gnome-vfs2-cdda/Makefile    Tue Apr 12 20:12:02 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2005/02/26 17:23:01 jmmv Exp $
+# $NetBSD: Makefile,v 1.6 2005/04/12 20:12:02 jmmv Exp $
 #
 
 GNOME_VFS2_NAME=       cdda
+PKGREVISION=           1
 CATEGORIES=            audio
 
 CPPFLAGS+=             -I${BUILDLINK_PREFIX.cdparanoia}/include/cdparanoia
diff -r b569f2f9e825 -r 2993fdc2c90a sysutils/gnome-vfs2/distinfo
--- a/sysutils/gnome-vfs2/distinfo      Tue Apr 12 19:00:37 2005 +0000
+++ b/sysutils/gnome-vfs2/distinfo      Tue Apr 12 20:12:02 2005 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.35 2005/04/05 20:29:04 rillig Exp $
+$NetBSD: distinfo,v 1.36 2005/04/12 20:12:02 jmmv Exp $
 
 SHA1 (gnome-vfs-2.10.0.tar.bz2) = ae6524a48a6acc43db58cc1d0c63132977e5fbf3
 RMD160 (gnome-vfs-2.10.0.tar.bz2) = 528962e887c8e6690a710c13e0910f69fbe1ae4d
 Size (gnome-vfs-2.10.0.tar.bz2) = 1901027 bytes
 SHA1 (patch-aa) = a5a3ac6be3e2a888eaaab108807d2aff651e62db
 SHA1 (patch-ab) = 6320180870f234a150dfe40f8f990deec7a2a0b5
+SHA1 (patch-ac) = 6c9604b57eab2429935dffac8c17e09fa6e3e53a
 SHA1 (patch-ad) = 326e835c7fd1d2e25ac2ae4736347d38ffe8ea06
 SHA1 (patch-ae) = 32fe1a4e82d96bf80f3364704e7369a4ee778e0f
 SHA1 (patch-af) = ebbd81c92403cd429a807f9a89c81971d1c4fb88
diff -r b569f2f9e825 -r 2993fdc2c90a sysutils/gnome-vfs2/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/gnome-vfs2/patches/patch-ac      Tue Apr 12 20:12:02 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.5 2005/04/12 20:12:02 jmmv Exp $
+
+--- modules/cdda-cddb.c.orig   2004-07-25 15:40:35.000000000 +0000
++++ modules/cdda-cddb.c
+@@ -440,7 +440,7 @@ CDDBDoQuery (cdrom_drive *cd_desc, CDDBS
+     query->query_match=MATCH_INEXACT;
+     query->query_matches=0;
+ 
+-    while(!CDDBReadLine(socket,inbuffer,256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && !CDDBReadLine(socket,inbuffer,256)) {
+       query->query_list[query->query_matches].list_genre=
+       CDDBGenreValue(ChopWhite(strtok(inbuffer," ")));
+
Home | Main Index | Thread Index | Old Index