diff options
author | Jeremy Huddleston <eradicator@gentoo.org> | 2005-01-18 09:09:19 +0000 |
---|---|---|
committer | Jeremy Huddleston <eradicator@gentoo.org> | 2005-01-18 09:09:19 +0000 |
commit | 2988bb694a56714a451e24898230b2c058cfa456 (patch) | |
tree | 2bdd301c3d59d534d4ee3b4bca6dc41c0d8cdcf8 /media-sound/playmidi | |
parent | Fix multilib libbsd-compat.a symlink. (diff) | |
download | historical-2988bb694a56714a451e24898230b2c058cfa456.tar.gz historical-2988bb694a56714a451e24898230b2c058cfa456.tar.bz2 historical-2988bb694a56714a451e24898230b2c058cfa456.zip |
Revbump for security bug #78429.
Package-Manager: portage-2.0.51-r13
Diffstat (limited to 'media-sound/playmidi')
-rw-r--r-- | media-sound/playmidi/ChangeLog | 10 | ||||
-rw-r--r-- | media-sound/playmidi/Manifest | 17 | ||||
-rw-r--r-- | media-sound/playmidi/files/CAN-2005-0020.patch | 69 | ||||
-rw-r--r-- | media-sound/playmidi/files/digest-playmidi-2.5-r1 (renamed from media-sound/playmidi/files/digest-playmidi-2.5) | 0 | ||||
-rw-r--r-- | media-sound/playmidi/playmidi-2.5-r1.ebuild (renamed from media-sound/playmidi/playmidi-2.5.ebuild) | 7 |
5 files changed, 95 insertions, 8 deletions
diff --git a/media-sound/playmidi/ChangeLog b/media-sound/playmidi/ChangeLog index 3c602ed18650..8211b08a4702 100644 --- a/media-sound/playmidi/ChangeLog +++ b/media-sound/playmidi/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-sound/playmidi -# Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/ChangeLog,v 1.6 2004/09/15 17:18:05 eradicator Exp $ +# Copyright 2000-2005 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/ChangeLog,v 1.7 2005/01/18 09:09:19 eradicator Exp $ + +*playmidi-2.5-r1 (18 Jan 2005) + + 18 Jan 2005; Jeremy Huddleston <eradicator@gentoo.org> + +files/CAN-2005-0020.patch, +playmidi-2.5-r1.ebuild, -playmidi-2.5.ebuild: + Revbump for security bug #78429. 15 Sep 2004; Jeremy Huddleston <eradicator@gentoo.org> playmidi-2.5.ebuild: Stable amd64, sparc. diff --git a/media-sound/playmidi/Manifest b/media-sound/playmidi/Manifest index 97fba7a404a2..44e23d9a080f 100644 --- a/media-sound/playmidi/Manifest +++ b/media-sound/playmidi/Manifest @@ -1,5 +1,16 @@ -MD5 374270342c516677b49bbd132395c6f0 ChangeLog 885 +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +MD5 c64b0834b26fbc1d202f5b8f2b44c101 ChangeLog 1087 MD5 a1eaeb2ae801daeb712c90c060e922dc metadata.xml 158 -MD5 0fcfeb0a2f92595c3cb031deb9255a91 playmidi-2.5.ebuild 1471 -MD5 503417b957f61f0cfcfade05c51cc8c5 files/digest-playmidi-2.5 64 +MD5 69721302e9f5b409666b228c2344dfe0 playmidi-2.5-r1.ebuild 1516 MD5 ee0356dc56ad13119227d036ad8f409a files/playmidi-2.5.patch 773 +MD5 689e23daf8f2c4890c537153642c682d files/CAN-2005-0020.patch 2512 +MD5 503417b957f61f0cfcfade05c51cc8c5 files/digest-playmidi-2.5-r1 64 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (GNU/Linux) + +iD8DBQFB7NJcArHZZzCEUG0RAno+AJ0U+vzN+sRK4zMxBLEJItTBzZpjpQCfQ9eF +xwSQnZyjjZrrLiRZHOaQBxg= +=Dhly +-----END PGP SIGNATURE----- diff --git a/media-sound/playmidi/files/CAN-2005-0020.patch b/media-sound/playmidi/files/CAN-2005-0020.patch new file mode 100644 index 000000000000..9cd120eddb59 --- /dev/null +++ b/media-sound/playmidi/files/CAN-2005-0020.patch @@ -0,0 +1,69 @@ +--- playmidi.c.orig 2005-01-17 17:43:20.578060936 -0500 ++++ playmidi.c 2005-01-17 17:48:55.022217696 -0500 +@@ -22,6 +22,7 @@ + #include <ctype.h> + #include <unistd.h> + #include <sys/stat.h> ++#include <errno.h> + #include "playmidi.h" + + SEQ_DEFINEBUF(SEQUENCERBLOCKSIZE); +@@ -186,6 +187,15 @@ + struct stat info; + int piped = 0; + ++ /* CPhipps 2000/02/04 - this might be splaymidi, in which case we're ++ * probably setuid root. Drop privs immediately.. io_svgalib.c can ++ * regain them */ ++ if (getuid() != geteuid()) ++ if (seteuid(getuid())) { ++ perror("seteuid"); ++ exit(EPERM); /* Seems appropriate */ ++ } ++ + printf("%s Copyright (C) 1994-1997 Nathan I. Laredo," + " AWE32 by Takashi Iwai\n" + "This is free software with ABSOLUTELY NO WARRANTY.\n" +@@ -439,9 +449,9 @@ + for (i = optind; i < argc;) { + filename = argv[i]; + if (stat(filename, &info) == -1) { +- if ((extra = malloc(strlen(filename) + 4)) == NULL) ++ if ((extra = malloc(strlen(filename) + 5)) == NULL) + close_show(-1); +- sprintf(extra, "%s.mid", filename); ++ snprintf(extra, sizeof(extra), "%s.mid", filename); + if (stat(extra, &info) == -1) + close_show(-1); + if ((mfd = fopen(extra, "r")) == NULL) +@@ -452,7 +462,7 @@ + if (ext && strcmp(ext, ".gz") == 0) { + char temp[1024]; + piped = 1; +- sprintf(temp, "gzip -l %s", filename); ++ snprintf(temp, sizeof(temp), "gzip -l %s", filename); + if ((mfd = popen(temp, "r")) == NULL) + close_show(-1); + fgets(temp, sizeof(temp), mfd); /* skip 1st line */ +@@ -460,7 +470,7 @@ + strtok(temp, " "); /* compressed size */ + info.st_size = atoi(strtok(NULL, " ")); /* original size */ + pclose(mfd); +- sprintf(temp, "gzip -d -c %s", filename); ++ snprintf(temp, sizeof(temp), "gzip -d -c %s", filename); + if ((mfd = popen(temp, "r")) == NULL) + close_show(-1); + } else if ((mfd = fopen(filename, "r")) == NULL) +--- io_svgalib.c.orig 2005-01-17 17:49:55.758984304 -0500 ++++ io_svgalib.c 2005-01-17 17:49:59.310444400 -0500 +@@ -259,6 +259,10 @@ + tcgetattr(mytty, &newtty); + newtty.c_lflag &= ~(ICANON | ECHO | ICRNL | ISIG); + tcsetattr(mytty, TCSANOW, &newtty); ++ /* CPhipps 2000/02/04 - restore euid root in order to start SVGALib. ++ * We don't have to worry about errors, or dropping priv's afterwards, ++ * SVGALib handles that safely for us. */ ++ seteuid(0); + vga_init(); + if ((vgamode = vga_getdefaultmode()) == -1) + vgamode = G640x480x256; diff --git a/media-sound/playmidi/files/digest-playmidi-2.5 b/media-sound/playmidi/files/digest-playmidi-2.5-r1 index 80c5c409247e..80c5c409247e 100644 --- a/media-sound/playmidi/files/digest-playmidi-2.5 +++ b/media-sound/playmidi/files/digest-playmidi-2.5-r1 diff --git a/media-sound/playmidi/playmidi-2.5.ebuild b/media-sound/playmidi/playmidi-2.5-r1.ebuild index a3435533a9d2..8bfc7184fb45 100644 --- a/media-sound/playmidi/playmidi-2.5.ebuild +++ b/media-sound/playmidi/playmidi-2.5-r1.ebuild @@ -1,6 +1,6 @@ -# Copyright 1999-2004 Gentoo Foundation +# Copyright 1999-2005 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/playmidi-2.5.ebuild,v 1.7 2004/09/15 17:18:05 eradicator Exp $ +# $Header: /var/cvsroot/gentoo-x86/media-sound/playmidi/playmidi-2.5-r1.ebuild,v 1.1 2005/01/18 09:09:19 eradicator Exp $ IUSE="svga X gtk" @@ -12,7 +12,7 @@ SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" LICENSE="GPL-2" SLOT="0" -KEYWORDS="x86 amd64 ~ppc sparc" +KEYWORDS="amd64 ~ppc sparc x86" DEPEND="sys-libs/ncurses svga? ( media-libs/svgalib ) @@ -27,6 +27,7 @@ src_unpack() { unpack ${A} cd ${S} epatch "${FILESDIR}/${P}.patch" + epatch "${FILESDIR}/CAN-2005-0020.patch" } src_compile() { |