Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=5ed9dc10f6c383cbf38ffa66c48ada5788bbdb9d
commit 5ed9dc10f6c383cbf38ffa66c48ada5788bbdb9d
Author: crazy <[EMAIL PROTECTED]>
Date: Tue Jan 22 15:25:26 2008 +0100
libcdio-0.79-2-i686
* [SEC] release bump
* added CVE-2007-6613.patch
* closes #2713 in -current
diff --git a/source/lib/libcdio/CVE-2007-6613.patch
b/source/lib/libcdio/CVE-2007-6613.patch
new file mode 100644
index 0000000..d866678
--- /dev/null
+++ b/source/lib/libcdio/CVE-2007-6613.patch
@@ -0,0 +1,41 @@
+diff -Naur libcdio-0.79/src/cd-info.c libcdio-0.79-cve/src/cd-info.c
+--- libcdio-0.79/src/cd-info.c 2007-06-16 22:12:16.000000000 +0200
++++ libcdio-0.79-cve/src/cd-info.c 2008-01-22 15:15:59.000000000 +0100
+@@ -1,7 +1,7 @@
+ /*
+- $Id: cd-info.c,v 1.149 2007/06/16 20:12:16 rocky Exp $
++ $Id: cd-info.c,v 1.151 2008/01/03 14:39:29 rocky Exp $
+
+- Copyright (C) 2003, 2004, 2005, 2007 Rocky Bernstein <[EMAIL PROTECTED]>
++ Copyright (C) 2003, 2004, 2005, 2007, 2008 Rocky Bernstein <[EMAIL
PROTECTED]>
+ Copyright (C) 1996, 1997, 1998 Gerd Knorr <[EMAIL PROTECTED]>
+ and Heiko Eißfeldt <[EMAIL PROTECTED]>
+
+@@ -539,7 +539,7 @@
+ iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+ char *psz_iso_name = p_statbuf->filename;
+ char _fullname[4096] = { 0, };
+- char translated_name[MAX_ISONAME+1];
++ char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
+
+ if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ iso9660_name_translate_ext(psz_iso_name, translated_name,
+diff -Naur libcdio-0.79/src/iso-info.c libcdio-0.79-cve/src/iso-info.c
+--- libcdio-0.79/src/iso-info.c 2006-03-17 20:37:08.000000000 +0100
++++ libcdio-0.79-cve/src/iso-info.c 2008-01-22 15:15:06.000000000 +0100
+@@ -1,5 +1,5 @@
+ /*
+- $Id: iso-info.c,v 1.35 2006/03/17 19:36:54 rocky Exp $
++ $Id: iso-info.c,v 1.37 2008/01/03 14:39:29 rocky Exp $
+
+ Copyright (C) 2004, 2005, 2006 Rocky Bernstein <[EMAIL PROTECTED]>
+
+@@ -224,7 +224,7 @@
+ iso9660_stat_t *p_statbuf = _cdio_list_node_data (entnode);
+ char *psz_iso_name = p_statbuf->filename;
+ char _fullname[4096] = { 0, };
+- char translated_name[MAX_ISONAME+1];
++ char *translated_name = (char *) alloca(strlen(psz_iso_name)+1);
+
+ if (yep != p_statbuf->rr.b3_rock || 1 == opts.no_rock_ridge) {
+ iso9660_name_translate_ext(psz_iso_name, translated_name,
diff --git a/source/lib/libcdio/FrugalBuild b/source/lib/libcdio/FrugalBuild
index d4b28ee..aa76cc1 100644
--- a/source/lib/libcdio/FrugalBuild
+++ b/source/lib/libcdio/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=libcdio
pkgver=0.79
-pkgrel=1
+pkgrel=2
pkgdesc="Portable CD-ROM I/O library"
url="http://www.gnu.org/software/libcdio/";
groups=('lib')
@@ -13,7 +13,8 @@ depends=('ncurses' 'libcddb')
makedepends=('cdparanoia' 'cdrdao')
license="GPL2"
Fup2gnugz
-source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz)
-sha1sums=('0aab3dd1f808345a9ea4cdd7ee793977ab59c98d')
+source=(ftp://ftp.gnu.org/gnu/$pkgname/$pkgname-$pkgver.tar.gz
CVE-2007-6613.patch)
+sha1sums=('0aab3dd1f808345a9ea4cdd7ee793977ab59c98d' \
+ '5e6dc70f7ce3515fa69b8185b2177874f46ab1c1')
# optimization OK
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
