New version which fixes the old DUMB vulnerability

Package-Manager: portage-2.1.1-r2

diff --git a/media-libs/aldumb/ChangeLog b/media-libs/aldumb/ChangeLog
index 4141475a52b769594eddc3823278dd7eba458a9d..634fce492f4ca01991c9096cd2acca09ffcc807e 100644 (file)
--- a/media-libs/aldumb/ChangeLog
+++ b/media-libs/aldumb/ChangeLog
@@ -1,6 +1,12 @@
 # ChangeLog for media-libs/aldumb
-# Copyright 2000-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/aldumb/ChangeLog,v 1.16 2006/11/27 01:53:40 blubb Exp $
+# Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/aldumb/ChangeLog,v 1.17 2007/01/29 01:31:40 joker Exp $
+
+*aldumb-0.9.3 (29 Jan 2007)
+
+  29 Jan 2007; Christian Birchinger <joker@gentoo.org>
+  +files/aldumb-0.9.3_CVE-2006-3668.patch, +aldumb-0.9.3.ebuild:
+  New version which fixes the old DUMB vulnerability.
 
   27 Nov 2006; <blubb@gentoo.org> aldumb-0.9.2-r1.ebuild:
   stable on amd64

diff --git a/media-libs/aldumb/Manifest b/media-libs/aldumb/Manifest
index aa415822c87b300fe175a23643855b91918b8714..79dd1d0c7dbc123abf0eff93035094e80317ab16 100644 (file)
--- a/media-libs/aldumb/Manifest
+++ b/media-libs/aldumb/Manifest
@@ -6,15 +6,24 @@ AUX aldumb-0.9.2.Makefile.patch 664 RMD160 0332f2b68543c487ce312f7b551baeed4f259
 MD5 c86b4d38a194df18a6826e03b0863d50 files/aldumb-0.9.2.Makefile.patch 664
 RMD160 0332f2b68543c487ce312f7b551baeed4f259be4 files/aldumb-0.9.2.Makefile.patch 664
 SHA256 627659e153cc8afa59ecec93d8f9188faef62983bfad81635cd51e2ea620c65e files/aldumb-0.9.2.Makefile.patch 664
+AUX aldumb-0.9.3_CVE-2006-3668.patch 637 RMD160 09c8de5a1ca5f2f45b7e1a8b245006f4f8b85dc8 SHA1 facf6c974bc436369de73367670943a23877d29a SHA256 9f6785435757db725bc73b1c4874b91e80b9277c6fdd2b56e47dae1cfbc968e6
+MD5 e1378e2eb30346073ee188608ac2c9e7 files/aldumb-0.9.3_CVE-2006-3668.patch 637
+RMD160 09c8de5a1ca5f2f45b7e1a8b245006f4f8b85dc8 files/aldumb-0.9.3_CVE-2006-3668.patch 637
+SHA256 9f6785435757db725bc73b1c4874b91e80b9277c6fdd2b56e47dae1cfbc968e6 files/aldumb-0.9.3_CVE-2006-3668.patch 637
 DIST dumb-0.9.2-fixed.tar.gz 145722
+DIST dumb-0.9.3.tar.gz 167379 RMD160 53c7931fec71dd4e67e19c4acf38c0f9202e5698 SHA1 4764bd59f5895eb5035a5139454cef7a53a76bb8 SHA256 8d44fbc9e57f3bac9f761c3b12ce102d47d717f0dd846657fb988e0bb5d1ea33
 EBUILD aldumb-0.9.2-r1.ebuild 1077 RMD160 58835c2751ff464525b4e134c5d76729b50108c8 SHA1 7c59445eeb5f28b9d0c25bc9f849ed7f7d57f38f SHA256 ba4b30f331e0dbfc3c1803b0a0c45792340d58d8ef8280ce1205c4eba13cd123
 MD5 0340031e9b62906215867cf50563b558 aldumb-0.9.2-r1.ebuild 1077
 RMD160 58835c2751ff464525b4e134c5d76729b50108c8 aldumb-0.9.2-r1.ebuild 1077
 SHA256 ba4b30f331e0dbfc3c1803b0a0c45792340d58d8ef8280ce1205c4eba13cd123 aldumb-0.9.2-r1.ebuild 1077
-MISC ChangeLog 2053 RMD160 fe23b990b540f997069f792e10d41ccd348709f5 SHA1 6599db3ac8203a4af4e9a52db5c93bcfcb810d55 SHA256 fa52829d6148d8f04f0efd0428cf44b2c46596ef65515bf748b3452a7faf5bb5
-MD5 8cfc8ee2b2f3d89080e177e4f5a68298 ChangeLog 2053
-RMD160 fe23b990b540f997069f792e10d41ccd348709f5 ChangeLog 2053
-SHA256 fa52829d6148d8f04f0efd0428cf44b2c46596ef65515bf748b3452a7faf5bb5 ChangeLog 2053
+EBUILD aldumb-0.9.3.ebuild 1144 RMD160 602cdd09f0106d7e33d51f9d611f27d9588cce42 SHA1 17c3b3f2277c695ad3d08eb8553cb5906f202a69 SHA256 e8a6d0989bdca4ec2e6d4d7c9a49c94c1bd82b7d576967992748ed3f7032a472
+MD5 8a7ca41bf891e8238ebee4ec952d174b aldumb-0.9.3.ebuild 1144
+RMD160 602cdd09f0106d7e33d51f9d611f27d9588cce42 aldumb-0.9.3.ebuild 1144
+SHA256 e8a6d0989bdca4ec2e6d4d7c9a49c94c1bd82b7d576967992748ed3f7032a472 aldumb-0.9.3.ebuild 1144
+MISC ChangeLog 2257 RMD160 741c0d8b2e430aa10219d9561348000210c57286 SHA1 46a0b76130c17921eeacb2bd46903d2b63f6c8b5 SHA256 b0eeabf843c65baba7a41f9e5fcaf282064fa896d265ed9af1ed5865d04c3380
+MD5 6af5c63be436c5ccaa81109f658f4c8a ChangeLog 2257
+RMD160 741c0d8b2e430aa10219d9561348000210c57286 ChangeLog 2257
+SHA256 b0eeabf843c65baba7a41f9e5fcaf282064fa896d265ed9af1ed5865d04c3380 ChangeLog 2257
 MISC metadata.xml 158 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e SHA1 703cea5a2109d41f7c87993c1f01d418a4c85174 SHA256 dfb5b47e6836db39fb187301dfcff1c2605e91d13d21db160806a563d8c75f9b
 MD5 a1eaeb2ae801daeb712c90c060e922dc metadata.xml 158
 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e metadata.xml 158
@@ -22,3 +31,6 @@ SHA256 dfb5b47e6836db39fb187301dfcff1c2605e91d13d21db160806a563d8c75f9b metadata
 MD5 74d6f31a83c47d916813fff87eb8e9cf files/digest-aldumb-0.9.2-r1 68
 RMD160 bd8959a2c6565e778419b6c2bb13c97c73fa52b3 files/digest-aldumb-0.9.2-r1 68
 SHA256 ff2100214d9af4414a2f6949aefd83c6a3a1a6f56bb3e1fede0a7e9748fcc819 files/digest-aldumb-0.9.2-r1 68
+MD5 ad45d8d84916429b8d79a4d0629428ca files/digest-aldumb-0.9.3 232
+RMD160 b5ff69992752d86b5179e796ec53e9d6645569ad files/digest-aldumb-0.9.3 232
+SHA256 b538cb3ba647a4fe787431819d852f8fe4465c87f85e7aed61d3d0664719b6a2 files/digest-aldumb-0.9.3 232

diff --git a/media-libs/aldumb/aldumb-0.9.3.ebuild b/media-libs/aldumb/aldumb-0.9.3.ebuild
new file mode 100644 (file)
index 0000000..520ede0
--- /dev/null
+++ b/media-libs/aldumb/aldumb-0.9.3.ebuild
@@ -0,0 +1,48 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/aldumb/aldumb-0.9.3.ebuild,v 1.1 2007/01/29 01:31:40 joker Exp $
+
+inherit eutils
+
+IUSE="debug"
+
+DESCRIPTION="Allegro support for DUMB (an IT, XM, S3M, and MOD player library)"
+HOMEPAGE="http://dumb.sourceforge.net/"
+SRC_URI="mirror://sourceforge/dumb/dumb-${PV}.tar.gz"
+
+LICENSE="DUMB-0.9.2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ia64 ~ppc ~x86"
+
+DEPEND=">=media-libs/dumb-0.9.3
+       media-libs/allegro"
+
+S="${WORKDIR}/${P/aldumb/dumb}"
+
+src_unpack() {
+       unpack ${A}
+       cd "${S}"
+       cat << EOF > make/config.txt
+include make/unix.inc
+ALL_TARGETS := allegro allegro-examples allegro-headers
+PREFIX := /usr
+EOF
+       epatch "${FILESDIR}/${PN}-0.9.2-PIC.patch"
+       epatch "${FILESDIR}/${P}_CVE-2006-3668.patch"
+       sed -i '/= -s/d' Makefile || die "sed failed"
+       cp Makefile Makefile.rdy
+}
+
+src_compile() {
+       emake OFLAGS="${CFLAGS}" all || die "emake failed"
+}
+
+src_install() {
+       dobin examples/dumbplay
+       dolib.so lib/unix/libaldmb.so
+
+       use debug && lib/unix/libaldmd.so
+
+       insinto /usr/include
+       doins include/aldumb.h
+}

diff --git a/media-libs/aldumb/files/aldumb-0.9.3_CVE-2006-3668.patch b/media-libs/aldumb/files/aldumb-0.9.3_CVE-2006-3668.patch
new file mode 100644 (file)
index 0000000..09d2fb6
--- /dev/null
+++ b/media-libs/aldumb/files/aldumb-0.9.3_CVE-2006-3668.patch
@@ -0,0 +1,16 @@
+Index: libdumb-0.9.3/src/it/itread.c
+===================================================================
+--- libdumb-0.9.3.orig/src/it/itread.c 2006-07-21 11:05:48.000000000 +0200
++++ libdumb-0.9.3/src/it/itread.c      2006-07-21 11:07:22.000000000 +0200
+@@ -292,6 +292,11 @@
+ 
+       envelope->flags = dumbfile_getc(f);
+       envelope->n_nodes = dumbfile_getc(f);
++      if(envelope->n_nodes > 25) {
++              TRACE("IT error: wrong number of envelope nodes (%d)\n", envelope->n_nodes);
++              envelope->n_nodes = 0;
++              return -1;
++      }
+       envelope->loop_start = dumbfile_getc(f);
+       envelope->loop_end = dumbfile_getc(f);
+       envelope->sus_loop_start = dumbfile_getc(f);

diff --git a/media-libs/aldumb/files/digest-aldumb-0.9.3 b/media-libs/aldumb/files/digest-aldumb-0.9.3
new file mode 100644 (file)
index 0000000..8032262
--- /dev/null
+++ b/media-libs/aldumb/files/digest-aldumb-0.9.3
@@ -0,0 +1,3 @@
+MD5 f48da5b990aa8aa822d3b6a951baf5c2 dumb-0.9.3.tar.gz 167379
+RMD160 53c7931fec71dd4e67e19c4acf38c0f9202e5698 dumb-0.9.3.tar.gz 167379
+SHA256 8d44fbc9e57f3bac9f761c3b12ce102d47d717f0dd846657fb988e0bb5d1ea33 dumb-0.9.3.tar.gz 167379