summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Huddleston <eradicator@gentoo.org>2005-01-18 09:09:19 +0000
committerJeremy Huddleston <eradicator@gentoo.org>2005-01-18 09:09:19 +0000
commit2988bb694a56714a451e24898230b2c058cfa456 (patch)
tree2bdd301c3d59d534d4ee3b4bca6dc41c0d8cdcf8 /media-sound/playmidi
parentFix multilib libbsd-compat.a symlink. (diff)
downloadhistorical-2988bb694a56714a451e24898230b2c058cfa456.tar.gz
historical-2988bb694a56714a451e24898230b2c058cfa456.tar.bz2
historical-2988bb694a56714a451e24898230b2c058cfa456.zip
Revbump for security bug #78429.
Package-Manager: portage-2.0.51-r13
Diffstat (limited to 'media-sound/playmidi')
-rw-r--r--media-sound/playmidi/ChangeLog10
-rw-r--r--media-sound/playmidi/Manifest17
-rw-r--r--media-sound/playmidi/files/CAN-2005-0020.patch69
-rw-r--r--media-sound/playmidi/files/digest-playmidi-2.5-r1 (renamed from media-sound/playmidi/files/digest-playmidi-2.5)0
-rw-r--r--media-sound/playmidi/playmidi-2.5-r1.ebuild (renamed from media-sound/playmidi/playmidi-2.5.ebuild)7
5 files changed, 95 insertions, 8 deletions
diff --git a/media-sound/playmidi/ChangeLog b/media-sound/playmidi/ChangeLog
index 3c602ed18650..8211b08a4702 100644
--- a/media-sound/playmidi/ChangeLog
+++ b/media-sound/playmidi/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for media-sound/playmidi
-# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/ChangeLog,v 1.6 2004/09/15 17:18:05 eradicator Exp $
+# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/ChangeLog,v 1.7 2005/01/18 09:09:19 eradicator Exp $
+
+*playmidi-2.5-r1 (18 Jan 2005)
+
+ 18 Jan 2005; Jeremy Huddleston <eradicator@gentoo.org>
+ +files/CAN-2005-0020.patch, +playmidi-2.5-r1.ebuild, -playmidi-2.5.ebuild:
+ Revbump for security bug #78429.
15 Sep 2004; Jeremy Huddleston <eradicator@gentoo.org> playmidi-2.5.ebuild:
Stable amd64, sparc.
diff --git a/media-sound/playmidi/Manifest b/media-sound/playmidi/Manifest
index 97fba7a404a2..44e23d9a080f 100644
--- a/media-sound/playmidi/Manifest
+++ b/media-sound/playmidi/Manifest
@@ -1,5 +1,16 @@
-MD5 374270342c516677b49bbd132395c6f0 ChangeLog 885
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+MD5 c64b0834b26fbc1d202f5b8f2b44c101 ChangeLog 1087
MD5 a1eaeb2ae801daeb712c90c060e922dc metadata.xml 158
-MD5 0fcfeb0a2f92595c3cb031deb9255a91 playmidi-2.5.ebuild 1471
-MD5 503417b957f61f0cfcfade05c51cc8c5 files/digest-playmidi-2.5 64
+MD5 69721302e9f5b409666b228c2344dfe0 playmidi-2.5-r1.ebuild 1516
MD5 ee0356dc56ad13119227d036ad8f409a files/playmidi-2.5.patch 773
+MD5 689e23daf8f2c4890c537153642c682d files/CAN-2005-0020.patch 2512
+MD5 503417b957f61f0cfcfade05c51cc8c5 files/digest-playmidi-2.5-r1 64
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (GNU/Linux)
+
+iD8DBQFB7NJcArHZZzCEUG0RAno+AJ0U+vzN+sRK4zMxBLEJItTBzZpjpQCfQ9eF
+xwSQnZyjjZrrLiRZHOaQBxg=
+=Dhly
+-----END PGP SIGNATURE-----
diff --git a/media-sound/playmidi/files/CAN-2005-0020.patch b/media-sound/playmidi/files/CAN-2005-0020.patch
new file mode 100644
index 000000000000..9cd120eddb59
--- /dev/null
+++ b/media-sound/playmidi/files/CAN-2005-0020.patch
@@ -0,0 +1,69 @@
+--- playmidi.c.orig 2005-01-17 17:43:20.578060936 -0500
++++ playmidi.c 2005-01-17 17:48:55.022217696 -0500
+@@ -22,6 +22,7 @@
+ #include <ctype.h>
+ #include <unistd.h>
+ #include <sys/stat.h>
++#include <errno.h>
+ #include "playmidi.h"
+
+ SEQ_DEFINEBUF(SEQUENCERBLOCKSIZE);
+@@ -186,6 +187,15 @@
+ struct stat info;
+ int piped = 0;
+
++ /* CPhipps 2000/02/04 - this might be splaymidi, in which case we're
++ * probably setuid root. Drop privs immediately.. io_svgalib.c can
++ * regain them */
++ if (getuid() != geteuid())
++ if (seteuid(getuid())) {
++ perror("seteuid");
++ exit(EPERM); /* Seems appropriate */
++ }
++
+ printf("%s Copyright (C) 1994-1997 Nathan I. Laredo,"
+ " AWE32 by Takashi Iwai\n"
+ "This is free software with ABSOLUTELY NO WARRANTY.\n"
+@@ -439,9 +449,9 @@
+ for (i = optind; i < argc;) {
+ filename = argv[i];
+ if (stat(filename, &info) == -1) {
+- if ((extra = malloc(strlen(filename) + 4)) == NULL)
++ if ((extra = malloc(strlen(filename) + 5)) == NULL)
+ close_show(-1);
+- sprintf(extra, "%s.mid", filename);
++ snprintf(extra, sizeof(extra), "%s.mid", filename);
+ if (stat(extra, &info) == -1)
+ close_show(-1);
+ if ((mfd = fopen(extra, "r")) == NULL)
+@@ -452,7 +462,7 @@
+ if (ext && strcmp(ext, ".gz") == 0) {
+ char temp[1024];
+ piped = 1;
+- sprintf(temp, "gzip -l %s", filename);
++ snprintf(temp, sizeof(temp), "gzip -l %s", filename);
+ if ((mfd = popen(temp, "r")) == NULL)
+ close_show(-1);
+ fgets(temp, sizeof(temp), mfd); /* skip 1st line */
+@@ -460,7 +470,7 @@
+ strtok(temp, " "); /* compressed size */
+ info.st_size = atoi(strtok(NULL, " ")); /* original size */
+ pclose(mfd);
+- sprintf(temp, "gzip -d -c %s", filename);
++ snprintf(temp, sizeof(temp), "gzip -d -c %s", filename);
+ if ((mfd = popen(temp, "r")) == NULL)
+ close_show(-1);
+ } else if ((mfd = fopen(filename, "r")) == NULL)
+--- io_svgalib.c.orig 2005-01-17 17:49:55.758984304 -0500
++++ io_svgalib.c 2005-01-17 17:49:59.310444400 -0500
+@@ -259,6 +259,10 @@
+ tcgetattr(mytty, &newtty);
+ newtty.c_lflag &= ~(ICANON | ECHO | ICRNL | ISIG);
+ tcsetattr(mytty, TCSANOW, &newtty);
++ /* CPhipps 2000/02/04 - restore euid root in order to start SVGALib.
++ * We don't have to worry about errors, or dropping priv's afterwards,
++ * SVGALib handles that safely for us. */
++ seteuid(0);
+ vga_init();
+ if ((vgamode = vga_getdefaultmode()) == -1)
+ vgamode = G640x480x256;
diff --git a/media-sound/playmidi/files/digest-playmidi-2.5 b/media-sound/playmidi/files/digest-playmidi-2.5-r1
index 80c5c409247e..80c5c409247e 100644
--- a/media-sound/playmidi/files/digest-playmidi-2.5
+++ b/media-sound/playmidi/files/digest-playmidi-2.5-r1
diff --git a/media-sound/playmidi/playmidi-2.5.ebuild b/media-sound/playmidi/playmidi-2.5-r1.ebuild
index a3435533a9d2..8bfc7184fb45 100644
--- a/media-sound/playmidi/playmidi-2.5.ebuild
+++ b/media-sound/playmidi/playmidi-2.5-r1.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2004 Gentoo Foundation
+# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/playmidi-2.5.ebuild,v 1.7 2004/09/15 17:18:05 eradicator Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/playmidi-2.5-r1.ebuild,v 1.1 2005/01/18 09:09:19 eradicator Exp $
IUSE="svga X gtk"
@@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
LICENSE="GPL-2"
SLOT="0"
-KEYWORDS="x86 amd64 ~ppc sparc"
+KEYWORDS="amd64 ~ppc sparc x86"
DEPEND="sys-libs/ncurses
svga? ( media-libs/svgalib )
@@ -27,6 +27,7 @@ src_unpack() {
unpack ${A}
cd ${S}
epatch "${FILESDIR}/${P}.patch"
+ epatch "${FILESDIR}/CAN-2005-0020.patch"
}
src_compile() {