From: Diego Elio Pettenò Date: Wed, 14 Feb 2007 20:34:34 +0000 (+0000) Subject: Version bump, adding a patch to fix a possible security flaw in the magnatune store... X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=fd499463d48deeeab1132e38d44e57614d856d32;p=gentoo.git Version bump, adding a patch to fix a possible security flaw in the magnatune store support (KDE BUG #138499). Also add unzip as runtime dependency as it is used for the magnatune shop. Package-Manager: portage-2.1.2-r9 --- diff --git a/media-sound/amarok/ChangeLog b/media-sound/amarok/ChangeLog index 860d6ec421d0..4f7d4540d69e 100644 --- a/media-sound/amarok/ChangeLog +++ b/media-sound/amarok/ChangeLog @@ -1,6 +1,16 @@ # ChangeLog for media-sound/amarok # Copyright 2000-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/amarok/ChangeLog,v 1.205 2007/02/06 21:27:43 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-sound/amarok/ChangeLog,v 1.206 2007/02/14 20:34:34 flameeyes Exp $ + +*amarok-1.4.5-r1 (14 Feb 2007) + + 14 Feb 2007; Diego Pettenò + -files/amarok-1.4.3-playlist-encoding.patch, + +files/amarok-1.4.5-magnatune.patch, -amarok-1.4.4-r4.ebuild, + -amarok-1.4.5.ebuild, +amarok-1.4.5-r1.ebuild: + Version bump, adding a patch to fix a possible security flaw in the + magnatune store support (KDE BUG #138499). Also add unzip as runtime + dependency as it is used for the magnatune shop. 06 Feb 2007; Diego Pettenò amarok-1.4.5.ebuild: Fix dependency for amarok 1.4.5, libgpod 0.4.2 is needed at least. diff --git a/media-sound/amarok/Manifest b/media-sound/amarok/Manifest index ac002cd81048..ce34b7a88afc 100644 --- a/media-sound/amarok/Manifest +++ b/media-sound/amarok/Manifest @@ -1,14 +1,14 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 -AUX amarok-1.4.3-playlist-encoding.patch 365 RMD160 5add54202bcc34ad1d695b938c075dd030bf6705 SHA1 9d2eacaf4d8f35cf88e3a2358258ca83c1d35fee SHA256 71ac78fbac11d404017ab1c9a942b0b72ac24638739498ca6f761298a906b11d -MD5 0e211053265ad86a0f6656c07463b43a files/amarok-1.4.3-playlist-encoding.patch 365 -RMD160 5add54202bcc34ad1d695b938c075dd030bf6705 files/amarok-1.4.3-playlist-encoding.patch 365 -SHA256 71ac78fbac11d404017ab1c9a942b0b72ac24638739498ca6f761298a906b11d files/amarok-1.4.3-playlist-encoding.patch 365 AUX amarok-1.4.4+libgpod-0.4.0.patch 2738 RMD160 2e6a44eabe8691c209a3beba5764fa9ca59aa43c SHA1 bc6e39a93490be265e3f37e3af73a31c0d27bc59 SHA256 8def3879b8adb5e2e32d4b4f724d4dd2d896791f6cbe99d5fffcb3f128b26b26 MD5 2b0195629a6a2b52f22db726bc59cd2f files/amarok-1.4.4+libgpod-0.4.0.patch 2738 RMD160 2e6a44eabe8691c209a3beba5764fa9ca59aa43c files/amarok-1.4.4+libgpod-0.4.0.patch 2738 SHA256 8def3879b8adb5e2e32d4b4f724d4dd2d896791f6cbe99d5fffcb3f128b26b26 files/amarok-1.4.4+libgpod-0.4.0.patch 2738 +AUX amarok-1.4.5-magnatune.patch 813 RMD160 248468df00bcfd14bb9b387880b6b6090586ef84 SHA1 acad6c59634d4b3e0e4480f1f196b2fb59213901 SHA256 dd76b63f7c5a5a93f00190bb927c01ad5dcfe1b235a72df437b1edc6d175f20c +MD5 5c609c757ec57fb2a6f4f03d8d74cd60 files/amarok-1.4.5-magnatune.patch 813 +RMD160 248468df00bcfd14bb9b387880b6b6090586ef84 files/amarok-1.4.5-magnatune.patch 813 +SHA256 dd76b63f7c5a5a93f00190bb927c01ad5dcfe1b235a72df437b1edc6d175f20c files/amarok-1.4.5-magnatune.patch 813 DIST amarok-1.4.4-gentoo.tar.bz2 2830 RMD160 75c42ba3bab6aa363aa71bfd17d9532555abc040 SHA1 0a9bb86e197f4af47e17a4aaa5cb82eb4850b49d SHA256 d874db4cd1b63084df4c20b26ef461e95c242579c4d6e4ca80ccff046d149b33 DIST amarok-1.4.4.tar.bz2 17635707 RMD160 61cd2748ce0111f4ba388a71e9504abb7362b0d7 SHA1 932ab971407172a86746e473a1d1cf6871aea93c SHA256 760d30337cb73c86b9298e5c2c9836b3a753c39805b54f75b1eea82c15e9a0ea DIST amarok-1.4.5.tar.bz2 18034110 RMD160 c2bbfe06f3e613dfc7d3926d086024073390c712 SHA1 882dec8d30c10f609a1f5e21d2e91342e78304c5 SHA256 45aa7cafe2a46dd988cd5034ae19da988926eecb2ac90d3e6912c57e558108c8 @@ -16,22 +16,18 @@ EBUILD amarok-1.4.4-r3.ebuild 2243 RMD160 6b3856d91f5fa823761ef330472a138d62453c MD5 88d6fae4f34648898b448df3b67108e9 amarok-1.4.4-r3.ebuild 2243 RMD160 6b3856d91f5fa823761ef330472a138d62453c65 amarok-1.4.4-r3.ebuild 2243 SHA256 8572bda6a3a8221652b2c4bb88499a8d04ef5d37a870c94953351a78ef0be0c3 amarok-1.4.4-r3.ebuild 2243 -EBUILD amarok-1.4.4-r4.ebuild 2633 RMD160 d1895f64579d3994856d17180fb00d7459800c5e SHA1 8e2b3677d11501b28d61f5cfb58fe69f02c8ab20 SHA256 27cd2bdab8193633b9d6ef019a24f89face6e319e5f9e722bd65c9e0c624f436 -MD5 f4e8527e9fc8845c9e6df41f5b0db4bf amarok-1.4.4-r4.ebuild 2633 -RMD160 d1895f64579d3994856d17180fb00d7459800c5e amarok-1.4.4-r4.ebuild 2633 -SHA256 27cd2bdab8193633b9d6ef019a24f89face6e319e5f9e722bd65c9e0c624f436 amarok-1.4.4-r4.ebuild 2633 -EBUILD amarok-1.4.5.ebuild 2572 RMD160 a6e64a3dc5e4e738594e76f45ed9c86d471fb548 SHA1 7a2f4aa1347504e779e6032169a2dee810ef4f38 SHA256 479bf318e1e7fc8e00887ace0b29df5f5639b52171b865545401b3df2e7134f8 -MD5 a890f2d68fa89c66ef08e399d28b02c5 amarok-1.4.5.ebuild 2572 -RMD160 a6e64a3dc5e4e738594e76f45ed9c86d471fb548 amarok-1.4.5.ebuild 2572 -SHA256 479bf318e1e7fc8e00887ace0b29df5f5639b52171b865545401b3df2e7134f8 amarok-1.4.5.ebuild 2572 +EBUILD amarok-1.4.5-r1.ebuild 2635 RMD160 c14fcd8faf6e8e206fcdce8baf03798a8a66cc93 SHA1 d1c6cff1432d4bdfa4bacf3e162ab869aec11b21 SHA256 17b93170dcd3cb6772258fd37992ed11f56e94b249d92e4364b246d073a3ffe9 +MD5 86764e9fe58a3d9d272d4503c9ad75e4 amarok-1.4.5-r1.ebuild 2635 +RMD160 c14fcd8faf6e8e206fcdce8baf03798a8a66cc93 amarok-1.4.5-r1.ebuild 2635 +SHA256 17b93170dcd3cb6772258fd37992ed11f56e94b249d92e4364b246d073a3ffe9 amarok-1.4.5-r1.ebuild 2635 EBUILD amarok-9999-r1.ebuild 2753 RMD160 eeb8c4016feb305a447c7757e292a0ef21ae2c9b SHA1 89e35931ee077d1557618993d5c9f18cbed98a9b SHA256 e9876a6ba0782965217a86820b8536bd6537673d2dc36b27e4515b5e6d303f7e MD5 c116c2eb572ee0f17dc0028e1f26598e amarok-9999-r1.ebuild 2753 RMD160 eeb8c4016feb305a447c7757e292a0ef21ae2c9b amarok-9999-r1.ebuild 2753 SHA256 e9876a6ba0782965217a86820b8536bd6537673d2dc36b27e4515b5e6d303f7e amarok-9999-r1.ebuild 2753 -MISC ChangeLog 33845 RMD160 1493f883768bef64b8ee274dd0853119508c6762 SHA1 a18c23179ad320ca3b4e542ece5706a02c426841 SHA256 337032b61e704f8442a6429a4008e0a7d486bf9cdcd07fd51ea360ed10ec6308 -MD5 f4ceff4eea88785cf6925adc0084d6ff ChangeLog 33845 -RMD160 1493f883768bef64b8ee274dd0853119508c6762 ChangeLog 33845 -SHA256 337032b61e704f8442a6429a4008e0a7d486bf9cdcd07fd51ea360ed10ec6308 ChangeLog 33845 +MISC ChangeLog 34283 RMD160 564b8b1644095af3d1b4bddca524cf1fab758664 SHA1 bbeea2940e9a158873150b0eeaa3db52f7a1695b SHA256 8b943412dccd386bbd311f198deb2eb54f37083072ed100b320738c2bc0c6c40 +MD5 5ca3a7cf9eca5a5c7232ee7295a9ef1e ChangeLog 34283 +RMD160 564b8b1644095af3d1b4bddca524cf1fab758664 ChangeLog 34283 +SHA256 8b943412dccd386bbd311f198deb2eb54f37083072ed100b320738c2bc0c6c40 ChangeLog 34283 MISC metadata.xml 266 RMD160 3ce35cecb3927850e61ee5bad2e0e4b210c0df3e SHA1 d41658ffae344562e8579d219bd3f746d4cba624 SHA256 c2f316075bb660460a285a5474235615f5946bb47df6e6f0c9c4de9ed64edf26 MD5 986cc6d7e9a21474e34336045796ffaa metadata.xml 266 RMD160 3ce35cecb3927850e61ee5bad2e0e4b210c0df3e metadata.xml 266 @@ -39,19 +35,16 @@ SHA256 c2f316075bb660460a285a5474235615f5946bb47df6e6f0c9c4de9ed64edf26 metadata MD5 09d4216c683d6a633f4c8fb6dfe73719 files/digest-amarok-1.4.4-r3 503 RMD160 f2b5a9cb52037ec05f9aafc0ce89015d9ca015a2 files/digest-amarok-1.4.4-r3 503 SHA256 5684c57a46c61c81e4eb0204bdfd7b6baf02dd2e5f3613a76b1876d812fd5b23 files/digest-amarok-1.4.4-r3 503 -MD5 09d4216c683d6a633f4c8fb6dfe73719 files/digest-amarok-1.4.4-r4 503 -RMD160 f2b5a9cb52037ec05f9aafc0ce89015d9ca015a2 files/digest-amarok-1.4.4-r4 503 -SHA256 5684c57a46c61c81e4eb0204bdfd7b6baf02dd2e5f3613a76b1876d812fd5b23 files/digest-amarok-1.4.4-r4 503 -MD5 800f0767daa0ef9fe4ab838f9417e389 files/digest-amarok-1.4.5 247 -RMD160 193cf84cab415ad5adeed61993a76209cecd9f3c files/digest-amarok-1.4.5 247 -SHA256 2588dc180c448a480698e60949cbecff302cbd3a56db2e98120ceca137759bbd files/digest-amarok-1.4.5 247 +MD5 800f0767daa0ef9fe4ab838f9417e389 files/digest-amarok-1.4.5-r1 247 +RMD160 193cf84cab415ad5adeed61993a76209cecd9f3c files/digest-amarok-1.4.5-r1 247 +SHA256 2588dc180c448a480698e60949cbecff302cbd3a56db2e98120ceca137759bbd files/digest-amarok-1.4.5-r1 247 MD5 d41d8cd98f00b204e9800998ecf8427e files/digest-amarok-9999-r1 0 RMD160 9c1185a5c5e9fc54612808977ee8f548b2258d31 files/digest-amarok-9999-r1 0 SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 files/digest-amarok-9999-r1 0 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.2 (GNU/Linux) -iD8DBQFFyPLXAiZjviIA2XgRAp9CAKCrmgUgwrjpC0T5i1sTH5gLSHOjWgCfVwSt -1y0xh7f3HZtvR6F0es2RqLA= -=NlzI +iD8DBQFF03JkAiZjviIA2XgRAuDBAKC7elFG8i7XSIJ/ib3vAvEEDTTGVwCdFYVZ +I93gflSGp+T6DDWoX+FsD2I= +=SHyl -----END PGP SIGNATURE----- diff --git a/media-sound/amarok/amarok-1.4.4-r4.ebuild b/media-sound/amarok/amarok-1.4.4-r4.ebuild deleted file mode 100644 index 3c78cc553612..000000000000 --- a/media-sound/amarok/amarok-1.4.4-r4.ebuild +++ /dev/null @@ -1,89 +0,0 @@ -# Copyright 1999-2007 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/amarok/amarok-1.4.4-r4.ebuild,v 1.3 2007/02/04 20:04:23 mabi Exp $ - -LANGS="af ar az bg br ca cs cy da de el en_GB es et fi fr ga gl he hi hu is it -ja ka km ko lt ms nb nl nn pa pl pt pt_BR ro ru rw sk sl sq sr sr@Latn sv ta tg -th tr uk uz zh_CN zh_TW" -LANGS_DOC="da de es et fr it nl pl pt pt_BR ru sv" - -USE_KEG_PACKAGING=1 - -inherit kde eutils flag-o-matic - -PKG_SUFFIX="" - -MY_P="${P/_/-}" -S="${WORKDIR}/${P/_/-}" - -DESCRIPTION="Advanced audio player based on KDE framework." -HOMEPAGE="http://amarok.kde.org/" - -SRC_URI="mirror://kde/stable/amarok/${PV}/src/${MY_P}.tar.bz2 - mirror://gentoo/${P}-gentoo.tar.bz2" -LICENSE="GPL-2" - -SLOT="0" -KEYWORDS="~amd64 ~ppc ~sparc ~x86 ~x86-fbsd" -IUSE="aac kde mysql noamazon opengl postgres -visualization ipod ifp real njb mtp musicbrainz" -# kde: enables compilation of the konqueror sidebar plugin - -RDEPEND="kde? ( || ( kde-base/konqueror kde-base/kdebase ) ) - >=media-libs/xine-lib-1.1.2_pre20060328-r8 - >=media-libs/taglib-1.4 - mysql? ( >=virtual/mysql-4.0 ) - postgres? ( dev-db/libpq ) - opengl? ( virtual/opengl ) - visualization? ( media-libs/libsdl - =media-plugins/libvisual-plugins-0.4* ) - ipod? ( >=media-libs/libgpod-0.3 ) - aac? ( media-libs/libmp4v2 ) - ifp? ( media-libs/libifp ) - real? ( media-video/realplayer ) - njb? ( >=media-libs/libnjb-2.2.4 ) - mtp? ( media-libs/libmtp ) - musicbrainz? ( media-libs/tunepimp ) - =dev-lang/ruby-1.8*" - -DEPEND="${RDEPEND}" - -RDEPEND="${RDEPEND} - www-servers/mongrel" - -need-kde 3.3 - -PATCHES="${WORKDIR}/${P}-gentoo/*.patch - ${FILESDIR}/${P}+libgpod-0.4.0.patch" - -src_compile() { - # Extra, unsupported engines are forcefully disabled. - local myconf="$(use_enable mysql) $(use_enable postgres postgresql) - $(use_with opengl) --without-xmms - $(use_with visualization libvisual) - $(use_enable !noamazon amazon) - $(use_with ipod libgpod) - $(use_with aac mp4v2) - $(use_with ifp) - $(use_with real helix) - $(use_with njb libnjb) - $(use_with mtp libmtp) - $(use_with musicbrainz) - --with-xine - --without-mas - --without-nmm" - - kde_src_compile -} - -src_install() { - kde_src_install - - # As much as I respect Ian, I'd rather leave Amarok to use mongrel - # from Portage, for security and policy reasons. - rm -rf "${D}"/usr/share/apps/amarok/ruby_lib/rbconfig \ - "${D}"/usr/share/apps/amarok/ruby_lib/mongrel* \ - "${D}"/usr/share/apps/amarok/ruby_lib/rubygems* \ - "${D}"/usr/share/apps/amarok/ruby_lib/gem* \ - "${D}"/usr/$(get_libdir)/ruby_lib -} diff --git a/media-sound/amarok/amarok-1.4.5.ebuild b/media-sound/amarok/amarok-1.4.5-r1.ebuild similarity index 95% rename from media-sound/amarok/amarok-1.4.5.ebuild rename to media-sound/amarok/amarok-1.4.5-r1.ebuild index 061ab53d8b35..63d55fdeb76b 100644 --- a/media-sound/amarok/amarok-1.4.5.ebuild +++ b/media-sound/amarok/amarok-1.4.5-r1.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2007 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/amarok/amarok-1.4.5.ebuild,v 1.4 2007/02/06 21:27:43 flameeyes Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-sound/amarok/amarok-1.4.5-r1.ebuild,v 1.1 2007/02/14 20:34:34 flameeyes Exp $ LANGS="af ar az bg br ca cs cy da de el en_GB es et fa fi fr ga gl he hi hu is it ja ka km ko lt ms nb nl nn pa pl pt pt_BR ro ru rw se sk @@ -48,8 +48,11 @@ RDEPEND="kde? ( || ( kde-base/konqueror kde-base/kdebase ) ) DEPEND="${RDEPEND}" RDEPEND="${RDEPEND} + app-arch/unzip daap? ( www-servers/mongrel )" +PATCHES="${FILESDIR}/${P}-magnatune.patch" + need-kde 3.3 src_compile() { diff --git a/media-sound/amarok/files/amarok-1.4.3-playlist-encoding.patch b/media-sound/amarok/files/amarok-1.4.3-playlist-encoding.patch deleted file mode 100644 index 301aa8100aaf..000000000000 --- a/media-sound/amarok/files/amarok-1.4.3-playlist-encoding.patch +++ /dev/null @@ -1,12 +0,0 @@ -Index: amarok/src/playlist.cpp -=================================================================== ---- amarok/src/playlist.cpp (Revision 583705) -+++ amarok/src/playlist.cpp (Revision 583706) -@@ -3188,6 +3188,7 @@ - stream << "\n"; - - QTextStream fstream( &file ); -+ fstream.setEncoding( QTextStream::UnicodeUTF8 ); - fstream << buffer; - } - diff --git a/media-sound/amarok/files/amarok-1.4.5-magnatune.patch b/media-sound/amarok/files/amarok-1.4.5-magnatune.patch new file mode 100644 index 000000000000..a4890d0e32f5 --- /dev/null +++ b/media-sound/amarok/files/amarok-1.4.5-magnatune.patch @@ -0,0 +1,14 @@ +Index: src/magnatunebrowser/magnatunealbumdownloader.cpp +=================================================================== +--- src/magnatunebrowser/magnatunealbumdownloader.cpp (revision 633568) ++++ src/magnatunebrowser/magnatunealbumdownloader.cpp (revision 633677) +@@ -89,8 +89,8 @@ + + //ok, now we have the .zip file downloaded. All we need is to unpack it to the desired location and add it to the collection. + +- QString unzipString = "unzip \""+m_tempDir.name() + m_currentAlbumFileName + "\" -d \"" + m_currentAlbumUnpackLocation + "\" &"; ++ QString unzipString = "unzip "+ KProcess::quote( m_tempDir.name() + m_currentAlbumFileName) + " -d " +KProcess::quote( m_currentAlbumUnpackLocation ) + " &"; + + debug() << "unpacking: " << unzipString << endl; + + system( unzipString.ascii() ); diff --git a/media-sound/amarok/files/digest-amarok-1.4.4-r4 b/media-sound/amarok/files/digest-amarok-1.4.4-r4 deleted file mode 100644 index 262445ff5727..000000000000 --- a/media-sound/amarok/files/digest-amarok-1.4.4-r4 +++ /dev/null @@ -1,6 +0,0 @@ -MD5 1eb17420bc9036303958da5a2567e611 amarok-1.4.4-gentoo.tar.bz2 2830 -RMD160 75c42ba3bab6aa363aa71bfd17d9532555abc040 amarok-1.4.4-gentoo.tar.bz2 2830 -SHA256 d874db4cd1b63084df4c20b26ef461e95c242579c4d6e4ca80ccff046d149b33 amarok-1.4.4-gentoo.tar.bz2 2830 -MD5 56a9aec42088c338b81252f8e0651781 amarok-1.4.4.tar.bz2 17635707 -RMD160 61cd2748ce0111f4ba388a71e9504abb7362b0d7 amarok-1.4.4.tar.bz2 17635707 -SHA256 760d30337cb73c86b9298e5c2c9836b3a753c39805b54f75b1eea82c15e9a0ea amarok-1.4.4.tar.bz2 17635707 diff --git a/media-sound/amarok/files/digest-amarok-1.4.5 b/media-sound/amarok/files/digest-amarok-1.4.5-r1 similarity index 100% rename from media-sound/amarok/files/digest-amarok-1.4.5 rename to media-sound/amarok/files/digest-amarok-1.4.5-r1