summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHolger Hans Peter Freyther <zecke@selfish.org>2010-03-16 14:35:54 +0800
committerHolger Hans Peter Freyther <zecke@selfish.org>2010-03-16 14:58:41 +0800
commit52198f7ac730e8c46fa5d464dc80ccf636e20507 (patch)
tree38ce0e1ef64baf8591a74d581ee3d3664d5bf445
parent5051155fd112ebce51ce262444400a666966c3f8 (diff)
grip: Apply FreeBSD patch to fix a flaw with handling CDDB responses
Addresses CVE-2005-0706.
-rw-r--r--recipes/grip/grip-3.2.0/patch-src::discdb20
-rw-r--r--recipes/grip/grip_3.2.0.bb5
2 files changed, 24 insertions, 1 deletions
diff --git a/recipes/grip/grip-3.2.0/patch-src::discdb b/recipes/grip/grip-3.2.0/patch-src::discdb
new file mode 100644
index 0000000000..1d300b270f
--- /dev/null
+++ b/recipes/grip/grip-3.2.0/patch-src::discdb
@@ -0,0 +1,20 @@
+--- src/discdb.c.orig Thu Apr 15 21:23:37 2004
++++ src/discdb.c Wed Mar 16 19:02:09 2005
+@@ -311,7 +311,7 @@
+ query->query_match=MATCH_EXACT;
+ query->query_matches=0;
+
+- while((inbuffer=DiscDBReadLine(&dataptr))) {
++ while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+ query->query_list[query->query_matches].list_genre=
+ DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+
+@@ -331,7 +331,7 @@
+ query->query_match=MATCH_INEXACT;
+ query->query_matches=0;
+
+- while((inbuffer=DiscDBReadLine(&dataptr))) {
++ while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+ query->query_list[query->query_matches].list_genre=
+ DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+
diff --git a/recipes/grip/grip_3.2.0.bb b/recipes/grip/grip_3.2.0.bb
index 063803138d..b4473860e0 100644
--- a/recipes/grip/grip_3.2.0.bb
+++ b/recipes/grip/grip_3.2.0.bb
@@ -5,7 +5,10 @@
HOMEPAGE="http://www.nostatic.org/grip/"
LICENSE="GPL"
-SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz"
+SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz \
+ file://patch-src::discdb;patch=1;pnum=0 "
DEPENDS="libgnomeui vte curl cdparanoia id3lib"
+PR = "r1"
+
inherit autotools