pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/misc/libcdio fix a stack-based buffer overflow (CVE-20...
details: https://anonhg.NetBSD.org/pkgsrc/rev/b5522e7b75a3
branches: trunk
changeset: 541099:b5522e7b75a3
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Apr 15 12:35:10 2008 +0000
description:
fix a stack-based buffer overflow (CVE-2007-6613), patch from upstream,
bump PKGREVISION
diffstat:
misc/libcdio/Makefile | 4 ++--
misc/libcdio/distinfo | 4 +++-
misc/libcdio/patches/patch-ba | 13 +++++++++++++
misc/libcdio/patches/patch-bb | 13 +++++++++++++
4 files changed, 31 insertions(+), 3 deletions(-)
diffs (62 lines):
diff -r d07a93801768 -r b5522e7b75a3 misc/libcdio/Makefile
--- a/misc/libcdio/Makefile Tue Apr 15 11:58:29 2008 +0000
+++ b/misc/libcdio/Makefile Tue Apr 15 12:35:10 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.32 2007/07/01 15:58:37 heinz Exp $
+# $NetBSD: Makefile,v 1.33 2008/04/15 12:35:10 drochner Exp $
DISTNAME= libcdio-0.76
-PKGREVISION= 4
+PKGREVISION= 5
CATEGORIES= misc
MASTER_SITES= ${MASTER_SITE_GNU:=libcdio/}
diff -r d07a93801768 -r b5522e7b75a3 misc/libcdio/distinfo
--- a/misc/libcdio/distinfo Tue Apr 15 11:58:29 2008 +0000
+++ b/misc/libcdio/distinfo Tue Apr 15 12:35:10 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2006/08/27 23:27:05 dbj Exp $
+$NetBSD: distinfo,v 1.14 2008/04/15 12:35:10 drochner Exp $
SHA1 (libcdio-0.76.tar.gz) = 55c738eb118e4d0f08b4af965899eb0c79b21906
RMD160 (libcdio-0.76.tar.gz) = 3ebce21179c04c5a8d721d485a28244de9ac82f3
@@ -6,3 +6,5 @@
SHA1 (patch-aa) = 8e70ee2840c19da3efc0c47dfa9f7ea400a1ec2e
SHA1 (patch-ab) = 730adf8fd064877ec9691193027aa6dc5b7c6cc5
SHA1 (patch-ac) = 2ed1f677b863c48d724dce6386ae960822a66a16
+SHA1 (patch-ba) = c2817b8ab8c7a316b969af56f30e779e5822ced5
+SHA1 (patch-bb) = 34386568c63c05ed839b37a44f83691c2a06754f
diff -r d07a93801768 -r b5522e7b75a3 misc/libcdio/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/libcdio/patches/patch-ba Tue Apr 15 12:35:10 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ba,v 1.1 2008/04/15 12:35:10 drochner Exp $
+
+--- src/cd-info.c.orig 2005-09-18 22:34:02.000000000 +0200
++++ src/cd-info.c
+@@ -510,7 +510,7 @@ print_iso9660_recurse (CdIo_t *p_cdio, c
+ iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+ char *psz_iso_name = p_statbuf->filename;
+ char _fullname[4096] = { 0, };
+- char translated_name[MAX_ISONAME+1];
++ char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
+
+ if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ iso9660_name_translate_ext(psz_iso_name, translated_name,
diff -r d07a93801768 -r b5522e7b75a3 misc/libcdio/patches/patch-bb
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/misc/libcdio/patches/patch-bb Tue Apr 15 12:35:10 2008 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bb,v 1.1 2008/04/15 12:35:10 drochner Exp $
+
+--- src/iso-info.c.orig 2005-03-18 13:56:00.000000000 +0100
++++ src/iso-info.c
+@@ -199,7 +199,7 @@ print_iso9660_recurse (iso9660_t *p_iso,
+ iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+ char *psz_iso_name = p_statbuf->filename;
+ char _fullname[4096] = { 0, };
+- char translated_name[MAX_ISONAME+1];
++ char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
+
+ if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ iso9660_name_translate_ext(psz_iso_name, translated_name,
Home |
Main Index |
Thread Index |
Old Index