pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2005Q1]: pkgsrc Pullup ticket 439 - requested by Julio M. Meri...
details: https://anonhg.NetBSD.org/pkgsrc/rev/43222a4fbf7c
branches: pkgsrc-2005Q1
changeset: 490951:43222a4fbf7c
user: salo <salo%pkgsrc.org@localhost>
date: Sat Apr 16 15:47:16 2005 +0000
description:
Pullup ticket 439 - requested by Julio M. Merino Vidal
security fix for gnome-vfs2-cdda
Revisions pulled up:
- pkgsrc/audio/gnome-vfs2-cdda/Makefile 1.6
- pkgsrc/sysutils/gnome-vfs2/patches/patch-ac 1.5
Patch provided by the submitter for gnome-vfs2/distinfo.
Module Name: pkgsrc
Committed By: jmmv
Date: Tue Apr 12 20:12:02 UTC 2005
Modified Files:
pkgsrc/audio/gnome-vfs2-cdda: Makefile
pkgsrc/sysutils/gnome-vfs2: distinfo
Added Files:
pkgsrc/sysutils/gnome-vfs2/patches: patch-ac
Log Message:
Apply patch from Gentoo to fix security problem in the cdda module.
Bump gnome-vfs2-cdda's module to 1.
Quoting the Gentoo advisory: "The GnomeVFS and libcdaudio libraries
contain a buffer overflow that can be triggered by a large CDDB response,
potentially allowing the execution of arbitrary code."
See http://www.gentoo.org/security/en/glsa/glsa-200504-07.xml and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0706 for more
information.
diffstat:
audio/gnome-vfs2-cdda/Makefile | 3 ++-
sysutils/gnome-vfs2/distinfo | 3 ++-
sysutils/gnome-vfs2/patches/patch-ac | 13 +++++++++++++
3 files changed, 17 insertions(+), 2 deletions(-)
diffs (46 lines):
diff -r 8bb00aeb7b2e -r 43222a4fbf7c audio/gnome-vfs2-cdda/Makefile
--- a/audio/gnome-vfs2-cdda/Makefile Sat Apr 16 14:10:47 2005 +0000
+++ b/audio/gnome-vfs2-cdda/Makefile Sat Apr 16 15:47:16 2005 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.5 2005/02/26 17:23:01 jmmv Exp $
+# $NetBSD: Makefile,v 1.5.2.1 2005/04/16 15:47:16 salo Exp $
#
GNOME_VFS2_NAME= cdda
+PKGREVISION= 1
CATEGORIES= audio
CPPFLAGS+= -I${BUILDLINK_PREFIX.cdparanoia}/include/cdparanoia
diff -r 8bb00aeb7b2e -r 43222a4fbf7c sysutils/gnome-vfs2/distinfo
--- a/sysutils/gnome-vfs2/distinfo Sat Apr 16 14:10:47 2005 +0000
+++ b/sysutils/gnome-vfs2/distinfo Sat Apr 16 15:47:16 2005 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.33 2005/02/26 17:23:01 jmmv Exp $
+$NetBSD: distinfo,v 1.33.2.1 2005/04/16 15:47:16 salo Exp $
SHA1 (gnome-vfs-2.8.4.tar.bz2) = cb88f0c828f0750cc64336f314c84fe32bd21842
RMD160 (gnome-vfs-2.8.4.tar.bz2) = c1037fca36955adaece9a1a78958d87217fcaf15
Size (gnome-vfs-2.8.4.tar.bz2) = 1892413 bytes
SHA1 (patch-aa) = a5a3ac6be3e2a888eaaab108807d2aff651e62db
SHA1 (patch-ab) = 6320180870f234a150dfe40f8f990deec7a2a0b5
+SHA1 (patch-ac) = 6c9604b57eab2429935dffac8c17e09fa6e3e53a
SHA1 (patch-ad) = 326e835c7fd1d2e25ac2ae4736347d38ffe8ea06
SHA1 (patch-ae) = 32fe1a4e82d96bf80f3364704e7369a4ee778e0f
SHA1 (patch-af) = 2bfce4e7612e8e1322f870e256d2ba9b587d79ff
diff -r 8bb00aeb7b2e -r 43222a4fbf7c sysutils/gnome-vfs2/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/sysutils/gnome-vfs2/patches/patch-ac Sat Apr 16 15:47:16 2005 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ac,v 1.4.4.1 2005/04/16 15:47:16 salo Exp $
+
+--- modules/cdda-cddb.c.orig 2004-07-25 15:40:35.000000000 +0000
++++ modules/cdda-cddb.c
+@@ -440,7 +440,7 @@ CDDBDoQuery (cdrom_drive *cd_desc, CDDBS
+ query->query_match=MATCH_INEXACT;
+ query->query_matches=0;
+
+- while(!CDDBReadLine(socket,inbuffer,256)) {
++ while(query->query_matches < MAX_INEXACT_MATCHES && !CDDBReadLine(socket,inbuffer,256)) {
+ query->query_list[query->query_matches].list_genre=
+ CDDBGenreValue(ChopWhite(strtok(inbuffer," ")));
+
Home |
Main Index |
Thread Index |
Old Index