summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--audio/orpheus/101_fix-buffer-overflow.diff15
-rw-r--r--audio/orpheus/README (renamed from multimedia/orpheus/README)3
-rw-r--r--audio/orpheus/orpheus-1.6-nolibghttp.patch11
-rw-r--r--audio/orpheus/orpheus.SlackBuild88
-rw-r--r--audio/orpheus/orpheus.info (renamed from multimedia/orpheus/orpheus.info)6
-rw-r--r--audio/orpheus/slack-desc (renamed from multimedia/orpheus/slack-desc)0
-rw-r--r--multimedia/orpheus/orpheus.SlackBuild57
7 files changed, 117 insertions, 63 deletions
diff --git a/audio/orpheus/101_fix-buffer-overflow.diff b/audio/orpheus/101_fix-buffer-overflow.diff
new file mode 100644
index 0000000000..4d6c8e4e18
--- /dev/null
+++ b/audio/orpheus/101_fix-buffer-overflow.diff
@@ -0,0 +1,15 @@
+Fix a stack-based buffer overflow in kkstrtext.h in ktools library.
+(CVE-2005-3863) (Closes: #368402)
+Index: orpheus-1.5/kkstrtext-0.1/kkstrtext.h
+===================================================================
+--- orpheus-1.5.orig/kkstrtext-0.1/kkstrtext.h 2003-12-14 11:51:38.000000000 +0100
++++ orpheus-1.5/kkstrtext-0.1/kkstrtext.h 2006-08-01 21:57:14.000000000 +0200
+@@ -87,7 +87,7 @@
+ { \
+ va_list vgs__ap; char vgs__buf[1024]; \
+ va_start(vgs__ap, fmt); \
+- vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \
++ vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \
+ va_end(vgs__ap); \
+ }
+
diff --git a/multimedia/orpheus/README b/audio/orpheus/README
index cb8bb88b7e..ff75d3c4fc 100644
--- a/multimedia/orpheus/README
+++ b/audio/orpheus/README
@@ -1,6 +1,3 @@
Orpheus is a light-weight text mode menu and window driven audio
player application for CDs, internet stream broadcasts, and files
in MP3 and Ogg Vorbis format.
-
-Support for CDDB requires libghttp, which is also available at
-SlackBuilds.org.
diff --git a/audio/orpheus/orpheus-1.6-nolibghttp.patch b/audio/orpheus/orpheus-1.6-nolibghttp.patch
new file mode 100644
index 0000000000..28823e85e9
--- /dev/null
+++ b/audio/orpheus/orpheus-1.6-nolibghttp.patch
@@ -0,0 +1,11 @@
+--- orpheus-1.6/configure.old 2006-11-25 16:56:53.000000000 +0100
++++ orpheus-1.6/configure 2006-11-25 16:57:30.000000000 +0100
+@@ -4219,7 +4219,7 @@
+ fi
+ echo "$as_me:$LINENO: result: $ac_cv_lib_ghttp_ghttp_request_new" >&5
+ echo "${ECHO_T}$ac_cv_lib_ghttp_ghttp_request_new" >&6
+-if test $ac_cv_lib_ghttp_ghttp_request_new = yes; then
++if test $ac_cv_lib_ghttp_ghttp_request_new = nolibghttp; then
+ cat >>confdefs.h <<_ACEOF
+ #define HAVE_LIBGHTTP 1
+ _ACEOF
diff --git a/audio/orpheus/orpheus.SlackBuild b/audio/orpheus/orpheus.SlackBuild
new file mode 100644
index 0000000000..685fcce01f
--- /dev/null
+++ b/audio/orpheus/orpheus.SlackBuild
@@ -0,0 +1,88 @@
+#!/bin/sh
+
+# Slackware build script for orpheus.
+# Copyright (c) 2008, Antonio Hernández Blas <hba.nihilismus@gmail.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+# 1.- Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY
+# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+PRGNAM=orpheus
+VERSION=1.6
+ARCH=${ARCH:-i486}
+BUILD=${BUILD:-2}
+TAG=${TAG:-_SBo}
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar -xjvf $CWD/$PRGNAM-$VERSION.tar.bz2
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+
+# Acording with http://bugs.gentoo.org/show_bug.cgi?id=113683
+# theres a stack-based buffer overflow in kkstrtext.h
+cat $CWD/101_fix-buffer-overflow.diff | patch -p1
+
+# Also, we're going to disable the use of the deprecated libghttp
+cat $CWD/orpheus-1.6-nolibghttp.patch | patch -p1
+
+# If CFLAGS are declared, then its going to result in an error:
+# "can only configure for one host and one target at a time"
+# so its better to unset them
+# This is not *our* bug - feel free to notify the upstream authors... :)
+unset CFLAGS CXXFLAGS
+./configure \
+ --prefix=/usr
+
+make
+make install-strip DESTDIR=$PKG
+
+mkdir -p $PKG/usr/man/man1
+gzip -c9 orpheus.1 > $PKG/usr/man/man1/orpheus.1.gz
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a ABOUT-NLS AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz
diff --git a/multimedia/orpheus/orpheus.info b/audio/orpheus/orpheus.info
index 0d5c61d79b..8fce9adb43 100644
--- a/multimedia/orpheus/orpheus.info
+++ b/audio/orpheus/orpheus.info
@@ -3,6 +3,6 @@ VERSION="1.6"
HOMEPAGE="http://thekonst.net/en/orpheus"
DOWNLOAD="http://thekonst.net/download/orpheus-1.6.tar.bz2"
MD5SUM="1c6c07fbdd0ad9001c3f9fbf8cd68551"
-MAINTAINER="eroc"
-EMAIL="eroc@linuxmail.org"
-APPROVED="rworkman"
+MAINTAINER="Antonio Hernández Blas"
+EMAIL="hba.nihilismus@gmail.com"
+APPROVED="David Somero"
diff --git a/multimedia/orpheus/slack-desc b/audio/orpheus/slack-desc
index 85c9245ced..85c9245ced 100644
--- a/multimedia/orpheus/slack-desc
+++ b/audio/orpheus/slack-desc
diff --git a/multimedia/orpheus/orpheus.SlackBuild b/multimedia/orpheus/orpheus.SlackBuild
deleted file mode 100644
index af642f7ab5..0000000000
--- a/multimedia/orpheus/orpheus.SlackBuild
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/sh
-
-# Slackware build script for orpheus.
-# Written by eroc <eroc@linuxmail.org>
-
-# Modified by the SlackBuilds.org project
-
-PRGNAM=orpheus
-VERSION=1.6
-ARCH=${ARCH:-i486}
-BUILD=${BUILD:-1}
-TAG=${TAG:-_SBo}
-CWD=$(pwd)
-TMP=${TMP:-/tmp/SBo}
-PKG=$TMP/package-$PRGNAM
-OUTPUT=${OUTPUT:-/tmp}
-
-if [ "$ARCH" = "i486" ]; then
- SLKCFLAGS="-O2 -march=i486 -mtune=i686"
-elif [ "$ARCH" = "i686" ]; then
- SLKCFLAGS="-O2 -march=i686 -mtune=i686"
-fi
-
-rm -rf $PKG
-mkdir -p $TMP $PKG $OUTPUT
-cd $TMP || exit 1
-rm -rf $PRGNAM-$VERSION
-tar -xjvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1
-cd $PRGNAM-$VERSION || exit 1
-chown -R root:root .
-chmod -R a-s,u+rw,go-w .
-
-# If the C*FLAGS are declared, then its going to result in an error:
-# "can only configure for one host and one target at a time"
-# so its better to unset them
-# This is not *our* bug - feel free to notify the upstream authors... :)
-unset CFLAGS CXXFLAGS
-./configure \
- --prefix=/usr \
- || exit 1
-
-make || exit 1
-make install-strip DESTDIR=$PKG || exit 1
-
-mkdir -p $PKG/usr/man/man1
-gzip -c9 orpheus.1 > $PKG/usr/man/man1/orpheus.1.gz
-
-mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
-cp -a ABOUT-NLS AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO \
- $PKG/usr/doc/$PRGNAM-$VERSION
-cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
-
-mkdir -p $PKG/install
-cat $CWD/slack-desc > $PKG/install/slack-desc
-
-cd $PKG
-/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz