From: Diego Elio Pettenò Date: Fri, 24 Nov 2006 20:59:47 +0000 (+0000) Subject: Add patch for security bug #143404. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=38fbf478eb783a7b26d80c96a3631d283add6ebc;p=gentoo.git Add patch for security bug #143404. Package-Manager: portage-2.1.2_rc2-r1 --- diff --git a/media-libs/libmodplug/ChangeLog b/media-libs/libmodplug/ChangeLog index 61f367d8dd11..baa136066a85 100644 --- a/media-libs/libmodplug/ChangeLog +++ b/media-libs/libmodplug/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-libs/libmodplug # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/ChangeLog,v 1.19 2006/08/28 02:00:55 kumba Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/ChangeLog,v 1.20 2006/11/24 20:59:47 flameeyes Exp $ + +*libmodplug-0.8-r1 (24 Nov 2006) + + 24 Nov 2006; Diego Pettenò + +files/libmodplug-0.8-CVE-2006-4192.patch, libmodplug-0.8.ebuild, + +libmodplug-0.8-r1.ebuild: + Add patch for security bug #143404. 28 Aug 2006; Joshua Kinard libmodplug-0.7.ebuild: Marked stable on mips. diff --git a/media-libs/libmodplug/Manifest b/media-libs/libmodplug/Manifest index 09fdc38560cf..fb217a22b92d 100644 --- a/media-libs/libmodplug/Manifest +++ b/media-libs/libmodplug/Manifest @@ -1,3 +1,6 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + AUX libmodplug-0.7-amd64.patch 1580 RMD160 75793a88b2d4113e8872c79da028ba2f7d98f569 SHA1 661f62ed0c1ff5848cab9cb3a663c0d285741163 SHA256 931534f2420722e51ddf136f8f84d3a7ef0d6b065fddd9cc8c244a06e0373e5e MD5 a8b506be2f9429c8b4ac508b04213432 files/libmodplug-0.7-amd64.patch 1580 RMD160 75793a88b2d4113e8872c79da028ba2f7d98f569 files/libmodplug-0.7-amd64.patch 1580 @@ -6,20 +9,28 @@ AUX libmodplug-0.7-asneeded.patch 421 RMD160 453028054887c5366aee85a34bfb7571c78 MD5 9ad05c4679d06d99935b79cc3ad19026 files/libmodplug-0.7-asneeded.patch 421 RMD160 453028054887c5366aee85a34bfb7571c787fff4 files/libmodplug-0.7-asneeded.patch 421 SHA256 221ce05b1f727f2c22747463db6b3917f32d74a9cd26ad6c24f96738975568e3 files/libmodplug-0.7-asneeded.patch 421 +AUX libmodplug-0.8-CVE-2006-4192.patch 1449 RMD160 659c804f64394078c72d6c1359d7d32559e741a3 SHA1 acdfc70e232b0eb01dc13ecc7560638fb0cd8341 SHA256 4068347f14f85220910abbf7eacb1a9ccb9540d3c8495e62b19618d54fdd4a9c +MD5 b04c926ad142751512df8b7869f4117e files/libmodplug-0.8-CVE-2006-4192.patch 1449 +RMD160 659c804f64394078c72d6c1359d7d32559e741a3 files/libmodplug-0.8-CVE-2006-4192.patch 1449 +SHA256 4068347f14f85220910abbf7eacb1a9ccb9540d3c8495e62b19618d54fdd4a9c files/libmodplug-0.8-CVE-2006-4192.patch 1449 DIST libmodplug-0.7.tar.gz 329398 RMD160 ba610e357027676274035811b42746b811608eed SHA1 1a76f8c530f118c00bcbad474b76bf8fb1437423 SHA256 c80da366576501be18a987c28609bd8ffa340ed20fc03249c70c43634f077052 DIST libmodplug-0.8.tar.gz 441612 RMD160 ccf5c29b06a2f5ed93f7b42676d892521c65bfbd SHA1 62c755e178e708cab2113c54b351d3dce793bc21 SHA256 ef2269cc4ba5c8574d38321349d76063c6b200857f0c9256ea97e608583e8857 EBUILD libmodplug-0.7.ebuild 813 RMD160 897e0437e10b25f06d3afb8ae30ef3b443b4eccc SHA1 6e57fa4ddd9ce19401becd43e9175ba345529ab0 SHA256 b8468769d2f6476500f9a6850723fd618edb125b051a05296bc312317a05aee6 MD5 7fc2708450ae91d43944e2f4fc98c782 libmodplug-0.7.ebuild 813 RMD160 897e0437e10b25f06d3afb8ae30ef3b443b4eccc libmodplug-0.7.ebuild 813 SHA256 b8468769d2f6476500f9a6850723fd618edb125b051a05296bc312317a05aee6 libmodplug-0.7.ebuild 813 -EBUILD libmodplug-0.8.ebuild 896 RMD160 999e5987a624ed4e3a6596a70f46d5e812660465 SHA1 96d04314ac68935c4e6058c633725beac0d9ec57 SHA256 2b5b8c8e9179cf2453beb177ec1ea1b969d9747620f77adfbf3b598d306002eb -MD5 9330361885bc339eae2fddcb925717d5 libmodplug-0.8.ebuild 896 -RMD160 999e5987a624ed4e3a6596a70f46d5e812660465 libmodplug-0.8.ebuild 896 -SHA256 2b5b8c8e9179cf2453beb177ec1ea1b969d9747620f77adfbf3b598d306002eb libmodplug-0.8.ebuild 896 -MISC ChangeLog 2246 RMD160 ad9794d55afce5c00abcb34bef1a95557e91b153 SHA1 91ab76d0f7990e79710ce093bd92918043d6d728 SHA256 7a523f7707dbb9a92afe0ab3e65e548c6c18baf6bd1fb38154aac59b64dc2e84 -MD5 89cbed4d3516e2573d45fb1510a6fdf4 ChangeLog 2246 -RMD160 ad9794d55afce5c00abcb34bef1a95557e91b153 ChangeLog 2246 -SHA256 7a523f7707dbb9a92afe0ab3e65e548c6c18baf6bd1fb38154aac59b64dc2e84 ChangeLog 2246 +EBUILD libmodplug-0.8-r1.ebuild 993 RMD160 28fa47e61c6a8de68ecda297222ecface3f1f4e9 SHA1 08da606b8598abb56cb241d6ee93d10789037982 SHA256 5e958c5bbddc4372ef5532da77682fbadb264a9d3b8e7a4c8541937d06d2d418 +MD5 ea0b6d97570228fd3a81e494a11aa9ea libmodplug-0.8-r1.ebuild 993 +RMD160 28fa47e61c6a8de68ecda297222ecface3f1f4e9 libmodplug-0.8-r1.ebuild 993 +SHA256 5e958c5bbddc4372ef5532da77682fbadb264a9d3b8e7a4c8541937d06d2d418 libmodplug-0.8-r1.ebuild 993 +EBUILD libmodplug-0.8.ebuild 943 RMD160 2207ba72e5d134f834ef34314aa5248a9a52c0d5 SHA1 f56535f1fd3a8984b950a27b4237829c836c29c7 SHA256 120536049558699bb253181769e580ca094cde2febc84eb19cad0dcb003e32e4 +MD5 289acc8c999cd9e7bc48d863955c2c33 libmodplug-0.8.ebuild 943 +RMD160 2207ba72e5d134f834ef34314aa5248a9a52c0d5 libmodplug-0.8.ebuild 943 +SHA256 120536049558699bb253181769e580ca094cde2febc84eb19cad0dcb003e32e4 libmodplug-0.8.ebuild 943 +MISC ChangeLog 2473 RMD160 aad6a04cbcc65a92035583dd651c2ceabb2130eb SHA1 180c8414b80085a563764ec13e61e71af3d3e16d SHA256 ad62fd7eb147719b7dcdec915f5f11d971692469355eb03a093822d52fd3aba6 +MD5 65f846c4e768f291404234ff5be693aa ChangeLog 2473 +RMD160 aad6a04cbcc65a92035583dd651c2ceabb2130eb ChangeLog 2473 +SHA256 ad62fd7eb147719b7dcdec915f5f11d971692469355eb03a093822d52fd3aba6 ChangeLog 2473 MISC metadata.xml 248 RMD160 f9de13e16a150195633b055ebe61bb4cea95160d SHA1 4ea80510c4e90c385ac851b4f82c36b4f91d9402 SHA256 6a8ca116bded5cdd92cb700f92acd22b01ae159ef1b69c60a03fc9859bb9b3d6 MD5 319fe8f45b51a2d31f8d4e9a4071ca10 metadata.xml 248 RMD160 f9de13e16a150195633b055ebe61bb4cea95160d metadata.xml 248 @@ -30,3 +41,13 @@ SHA256 d5ec57b92a61d4ee39acaf0fd578e9f8328ff65ed836f64b4678a3a1d0e17d9b files/di MD5 6099a721c7a188eabdc91042dac3de3d files/digest-libmodplug-0.8 244 RMD160 deea679a926392dd22bec1017cc644f8ed5764f1 files/digest-libmodplug-0.8 244 SHA256 6aab7593739988a695fcbdba006f50c78d520cabe81cfaac7de84f5934363bf0 files/digest-libmodplug-0.8 244 +MD5 6099a721c7a188eabdc91042dac3de3d files/digest-libmodplug-0.8-r1 244 +RMD160 deea679a926392dd22bec1017cc644f8ed5764f1 files/digest-libmodplug-0.8-r1 244 +SHA256 6aab7593739988a695fcbdba006f50c78d520cabe81cfaac7de84f5934363bf0 files/digest-libmodplug-0.8-r1 244 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (GNU/Linux) + +iD8DBQFFZ11RAiZjviIA2XgRAt7FAJkBpMqqRKdFixdAQ7t0Ad4tUL98uwCfdVgN +uJLT2f97/jMwsyQkofWNn/c= +=Z90l +-----END PGP SIGNATURE----- diff --git a/media-libs/libmodplug/files/digest-libmodplug-0.8-r1 b/media-libs/libmodplug/files/digest-libmodplug-0.8-r1 new file mode 100644 index 000000000000..2867154b0153 --- /dev/null +++ b/media-libs/libmodplug/files/digest-libmodplug-0.8-r1 @@ -0,0 +1,3 @@ +MD5 cea399626e2a074e2a77c8cd98387a48 libmodplug-0.8.tar.gz 441612 +RMD160 ccf5c29b06a2f5ed93f7b42676d892521c65bfbd libmodplug-0.8.tar.gz 441612 +SHA256 ef2269cc4ba5c8574d38321349d76063c6b200857f0c9256ea97e608583e8857 libmodplug-0.8.tar.gz 441612 diff --git a/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch b/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch new file mode 100644 index 000000000000..c80af44b37c3 --- /dev/null +++ b/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch @@ -0,0 +1,36 @@ +--- libmodplug/src/sndfile.cpp 2006/08/10 02:26:44 1.3 ++++ libmodplug/src/sndfile.cpp 2006/11/02 04:19:00 1.4 +@@ -5,7 +5,7 @@ + * Adam Goode (endian and char fixes for PPC) + */ + +-#include //for GCCFIX ++#include //for GCCFIX + #include + #include + +@@ -228,7 +228,8 @@ + if (pins->nGlobalVol > 64) pins->nGlobalVol = 64; + } + // Check invalid instruments +- while ((m_nInstruments > 0) && (!Headers[m_nInstruments])) m_nInstruments--; ++ while ((m_nInstruments > 0) && (!Headers[m_nInstruments])) ++ m_nInstruments--; + // Set default values + if (m_nSongPreAmp < 0x20) m_nSongPreAmp = 0x20; + if (m_nDefaultTempo < 32) m_nDefaultTempo = 125; +@@ -1081,11 +1082,12 @@ + + + UINT CSoundFile::ReadSample(MODINSTRUMENT *pIns, UINT nFlags, LPCSTR lpMemFile, DWORD dwMemLength) +-//------------------------------------------------------------------------------------------------ ++//------------------------------------------------------------------------------ + { + UINT len = 0, mem = pIns->nLength+6; + +- if ((!pIns) || (pIns->nLength < 4) || (!lpMemFile)) return 0; ++ // Disable >2Gb samples,(preventing buffer overflow in AllocateSample) ++ if ((!pIns) || ((int)pIns->nLength < 4) || (!lpMemFile)) return 0; + if (pIns->nLength > MAX_SAMPLE_LENGTH) pIns->nLength = MAX_SAMPLE_LENGTH; + pIns->uFlags &= ~(CHN_16BIT|CHN_STEREO); + if (nFlags & RSF_16BIT) diff --git a/media-libs/libmodplug/libmodplug-0.8-r1.ebuild b/media-libs/libmodplug/libmodplug-0.8-r1.ebuild new file mode 100644 index 000000000000..f350e5edc971 --- /dev/null +++ b/media-libs/libmodplug/libmodplug-0.8-r1.ebuild @@ -0,0 +1,38 @@ +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/libmodplug-0.8-r1.ebuild,v 1.1 2006/11/24 20:59:47 flameeyes Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" + +inherit eutils autotools + +DESCRIPTION="Library for playing MOD-like music files" +SRC_URI="mirror://sourceforge/modplug-xmms/${P}.tar.gz" +HOMEPAGE="http://modplug-xmms.sourceforge.net/" + +LICENSE="GPL-2" +SLOT="0" +#-sparc: 1.0 - Bus Error on play +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh -sparc ~x86 ~x86-fbsd" +IUSE="" + +RDEPEND="" +DEPEND="dev-util/pkgconfig" + +src_unpack() { + unpack ${A} + cd "${S}" + epatch "${FILESDIR}/${PN}-0.7-amd64.patch" + epatch "${FILESDIR}/${PN}-0.7-asneeded.patch" + epatch "${FILESDIR}/${P}-CVE-2006-4192.patch" + + sed -i -e 's:-ffast-math::' "${S}/configure.in" + + eautoreconf +} + +src_install() { + make DESTDIR="${D}" install || die + dodoc AUTHORS ChangeLog README TODO +} diff --git a/media-libs/libmodplug/libmodplug-0.8.ebuild b/media-libs/libmodplug/libmodplug-0.8.ebuild index 8185033ced24..22a06522c4cd 100644 --- a/media-libs/libmodplug/libmodplug-0.8.ebuild +++ b/media-libs/libmodplug/libmodplug-0.8.ebuild @@ -1,6 +1,9 @@ # Copyright 1999-2006 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/libmodplug-0.8.ebuild,v 1.3 2006/05/25 02:59:33 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/libmodplug-0.8.ebuild,v 1.4 2006/11/24 20:59:47 flameeyes Exp $ + +WANT_AUTOCONF="latest" +WANT_AUTOMAKE="latest" inherit eutils autotools