diff options
-rw-r--r-- | audio/orpheus/101_fix-buffer-overflow.diff | 15 | ||||
-rw-r--r-- | audio/orpheus/README (renamed from multimedia/orpheus/README) | 3 | ||||
-rw-r--r-- | audio/orpheus/orpheus-1.6-nolibghttp.patch | 11 | ||||
-rw-r--r-- | audio/orpheus/orpheus.SlackBuild | 88 | ||||
-rw-r--r-- | audio/orpheus/orpheus.info (renamed from multimedia/orpheus/orpheus.info) | 6 | ||||
-rw-r--r-- | audio/orpheus/slack-desc (renamed from multimedia/orpheus/slack-desc) | 0 | ||||
-rw-r--r-- | multimedia/orpheus/orpheus.SlackBuild | 57 |
7 files changed, 117 insertions, 63 deletions
diff --git a/audio/orpheus/101_fix-buffer-overflow.diff b/audio/orpheus/101_fix-buffer-overflow.diff new file mode 100644 index 0000000000..4d6c8e4e18 --- /dev/null +++ b/audio/orpheus/101_fix-buffer-overflow.diff @@ -0,0 +1,15 @@ +Fix a stack-based buffer overflow in kkstrtext.h in ktools library. +(CVE-2005-3863) (Closes: #368402) +Index: orpheus-1.5/kkstrtext-0.1/kkstrtext.h +=================================================================== +--- orpheus-1.5.orig/kkstrtext-0.1/kkstrtext.h 2003-12-14 11:51:38.000000000 +0100 ++++ orpheus-1.5/kkstrtext-0.1/kkstrtext.h 2006-08-01 21:57:14.000000000 +0200 +@@ -87,7 +87,7 @@ + { \ + va_list vgs__ap; char vgs__buf[1024]; \ + va_start(vgs__ap, fmt); \ +- vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \ ++ vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \ + va_end(vgs__ap); \ + } + diff --git a/multimedia/orpheus/README b/audio/orpheus/README index cb8bb88b7e..ff75d3c4fc 100644 --- a/multimedia/orpheus/README +++ b/audio/orpheus/README @@ -1,6 +1,3 @@ Orpheus is a light-weight text mode menu and window driven audio player application for CDs, internet stream broadcasts, and files in MP3 and Ogg Vorbis format. - -Support for CDDB requires libghttp, which is also available at -SlackBuilds.org. diff --git a/audio/orpheus/orpheus-1.6-nolibghttp.patch b/audio/orpheus/orpheus-1.6-nolibghttp.patch new file mode 100644 index 0000000000..28823e85e9 --- /dev/null +++ b/audio/orpheus/orpheus-1.6-nolibghttp.patch @@ -0,0 +1,11 @@ +--- orpheus-1.6/configure.old 2006-11-25 16:56:53.000000000 +0100 ++++ orpheus-1.6/configure 2006-11-25 16:57:30.000000000 +0100 +@@ -4219,7 +4219,7 @@ + fi + echo "$as_me:$LINENO: result: $ac_cv_lib_ghttp_ghttp_request_new" >&5 + echo "${ECHO_T}$ac_cv_lib_ghttp_ghttp_request_new" >&6 +-if test $ac_cv_lib_ghttp_ghttp_request_new = yes; then ++if test $ac_cv_lib_ghttp_ghttp_request_new = nolibghttp; then + cat >>confdefs.h <<_ACEOF + #define HAVE_LIBGHTTP 1 + _ACEOF diff --git a/audio/orpheus/orpheus.SlackBuild b/audio/orpheus/orpheus.SlackBuild new file mode 100644 index 0000000000..685fcce01f --- /dev/null +++ b/audio/orpheus/orpheus.SlackBuild @@ -0,0 +1,88 @@ +#!/bin/sh + +# Slackware build script for orpheus. +# Copyright (c) 2008, Antonio Hernández Blas <hba.nihilismus@gmail.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# 1.- Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=orpheus +VERSION=1.6 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-2} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar -xjvf $CWD/$PRGNAM-$VERSION.tar.bz2 +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + + +# Acording with http://bugs.gentoo.org/show_bug.cgi?id=113683 +# theres a stack-based buffer overflow in kkstrtext.h +cat $CWD/101_fix-buffer-overflow.diff | patch -p1 + +# Also, we're going to disable the use of the deprecated libghttp +cat $CWD/orpheus-1.6-nolibghttp.patch | patch -p1 + +# If CFLAGS are declared, then its going to result in an error: +# "can only configure for one host and one target at a time" +# so its better to unset them +# This is not *our* bug - feel free to notify the upstream authors... :) +unset CFLAGS CXXFLAGS +./configure \ + --prefix=/usr + +make +make install-strip DESTDIR=$PKG + +mkdir -p $PKG/usr/man/man1 +gzip -c9 orpheus.1 > $PKG/usr/man/man1/orpheus.1.gz + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a ABOUT-NLS AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/multimedia/orpheus/orpheus.info b/audio/orpheus/orpheus.info index 0d5c61d79b..8fce9adb43 100644 --- a/multimedia/orpheus/orpheus.info +++ b/audio/orpheus/orpheus.info @@ -3,6 +3,6 @@ VERSION="1.6" HOMEPAGE="http://thekonst.net/en/orpheus" DOWNLOAD="http://thekonst.net/download/orpheus-1.6.tar.bz2" MD5SUM="1c6c07fbdd0ad9001c3f9fbf8cd68551" -MAINTAINER="eroc" -EMAIL="eroc@linuxmail.org" -APPROVED="rworkman" +MAINTAINER="Antonio Hernández Blas" +EMAIL="hba.nihilismus@gmail.com" +APPROVED="David Somero" diff --git a/multimedia/orpheus/slack-desc b/audio/orpheus/slack-desc index 85c9245ced..85c9245ced 100644 --- a/multimedia/orpheus/slack-desc +++ b/audio/orpheus/slack-desc diff --git a/multimedia/orpheus/orpheus.SlackBuild b/multimedia/orpheus/orpheus.SlackBuild deleted file mode 100644 index af642f7ab5..0000000000 --- a/multimedia/orpheus/orpheus.SlackBuild +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/sh - -# Slackware build script for orpheus. -# Written by eroc <eroc@linuxmail.org> - -# Modified by the SlackBuilds.org project - -PRGNAM=orpheus -VERSION=1.6 -ARCH=${ARCH:-i486} -BUILD=${BUILD:-1} -TAG=${TAG:-_SBo} -CWD=$(pwd) -TMP=${TMP:-/tmp/SBo} -PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} - -if [ "$ARCH" = "i486" ]; then - SLKCFLAGS="-O2 -march=i486 -mtune=i686" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" -fi - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP || exit 1 -rm -rf $PRGNAM-$VERSION -tar -xjvf $CWD/$PRGNAM-$VERSION.tar.bz2 || exit 1 -cd $PRGNAM-$VERSION || exit 1 -chown -R root:root . -chmod -R a-s,u+rw,go-w . - -# If the C*FLAGS are declared, then its going to result in an error: -# "can only configure for one host and one target at a time" -# so its better to unset them -# This is not *our* bug - feel free to notify the upstream authors... :) -unset CFLAGS CXXFLAGS -./configure \ - --prefix=/usr \ - || exit 1 - -make || exit 1 -make install-strip DESTDIR=$PKG || exit 1 - -mkdir -p $PKG/usr/man/man1 -gzip -c9 orpheus.1 > $PKG/usr/man/man1/orpheus.1.gz - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION -cp -a ABOUT-NLS AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO \ - $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc - -cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz |