From 8127998b8a4cfcf4e0e1dd60362bbfff74aa4360 Mon Sep 17 00:00:00 2001
From: Dmitry Artamonow <mad_soft@inbox.ru>
Date: Fri, 16 May 2008 14:35:52 +0000
Subject: sakura: new recipe.  closes 4265. * commit by Laibsch

---
 packages/sakura/.mtn2git_empty  |  0
 packages/sakura/sakura_2.1.0.bb | 12 ++++++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 packages/sakura/.mtn2git_empty
 create mode 100644 packages/sakura/sakura_2.1.0.bb

(limited to 'packages')

diff --git a/packages/sakura/.mtn2git_empty b/packages/sakura/.mtn2git_empty
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/packages/sakura/sakura_2.1.0.bb b/packages/sakura/sakura_2.1.0.bb
new file mode 100644
index 0000000000..551ac371ad
--- /dev/null
+++ b/packages/sakura/sakura_2.1.0.bb
@@ -0,0 +1,12 @@
+DESCRIPTION = "VTE-based terminal emulator"
+AUTHOR = "David Gómez Espinosa <david@pleyades.net>"
+HOMEPAGE = "http://www.pleyades.net/david/sakura.php"
+SECTION = "x11/applications"
+PRIORITY = "optional"
+LICENSE = "GPLv2"
+DEPENDS = "gtk+ (>=2.6) vte (>=0.11)"
+
+SRC_URI = "http://www.pleyades.net/david/projects/sakura/sakura-${PV}.tar.bz2"
+
+inherit cmake
+
-- 
cgit v1.2.3


From e59191af5bc39b3ad744059da92f7c398b227c3e Mon Sep 17 00:00:00 2001
From: Henning Heinold <heinold@inf.fu-berlin.de>
Date: Fri, 16 May 2008 15:28:55 +0000
Subject: libvorbis: fix latest security bugs * got patches from redhat * bump
 PR

---
 .../libvorbis/libvorbis/r14598-CVE-2008-1420.patch | 36 ++++++++++++++++++++++
 .../libvorbis/libvorbis/r14602-CVE-2008-1419.patch | 15 +++++++++
 .../libvorbis/libvorbis/r14602-CVE-2008-1423.patch | 15 +++++++++
 packages/libvorbis/libvorbis_1.2.0.bb              |  7 ++++-
 4 files changed, 72 insertions(+), 1 deletion(-)
 create mode 100644 packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
 create mode 100644 packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
 create mode 100644 packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch

(limited to 'packages')

diff --git a/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch b/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
new file mode 100644
index 0000000000..5fb5b2acda
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14598-CVE-2008-1420.patch
@@ -0,0 +1,36 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/res0.c
+===================================================================
+--- libvorbis-1.2.0/lib/res0.c	(revision 14597)
++++ libvorbis-1.2.0/lib/res0.c	(revision 14598)
+@@ -223,6 +223,20 @@
+   for(j=0;j<acc;j++)
+     if(info->booklist[j]>=ci->books)goto errout;
+ 
++  /* verify the phrasebook is not specifying an impossible or
++     inconsistent partitioning scheme. */
++  {
++    int entries = ci->book_param[info->groupbook]->entries;
++    int dim = ci->book_param[info->groupbook]->dim;
++    int partvals = 1;
++    while(dim>0){
++      partvals *= info->partitions;
++      if(partvals > entries) goto errout;
++      dim--;
++    }
++    if(partvals != entries) goto errout;
++  }
++
+   return(info);
+  errout:
+   res0_free_info(info);
+@@ -263,7 +277,7 @@
+     }
+   }
+ 
+-  look->partvals=rint(pow((float)look->parts,(float)dim));
++  look->partvals=look->phrasebook->entries;
+   look->stages=maxstage;
+   look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+   for(j=0;j<look->partvals;j++){
diff --git a/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch b/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
new file mode 100644
index 0000000000..b9d6b7adb5
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14602-CVE-2008-1419.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c	(revision 14601)
++++ libvorbis-1.2.0/lib/codebook.c	(revision 14602)
+@@ -225,7 +225,7 @@
+       int quantvals=0;
+       switch(s->maptype){
+       case 1:
+-	quantvals=_book_maptype1_quantvals(s);
++	quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ 	break;
+       case 2:
+ 	quantvals=s->entries*s->dim;
diff --git a/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch b/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
new file mode 100644
index 0000000000..d912c57f79
--- /dev/null
+++ b/packages/libvorbis/libvorbis/r14602-CVE-2008-1423.patch
@@ -0,0 +1,15 @@
+patch taken from redhat
+
+Index: libvorbis-1.2.0/lib/codebook.c
+===================================================================
+--- libvorbis-1.2.0/lib/codebook.c	(revision 14603)
++++ libvorbis-1.2.0/lib/codebook.c	(revision 14604)
+@@ -159,6 +159,8 @@
+   s->entries=oggpack_read(opb,24);
+   if(s->entries==-1)goto _eofout;
+ 
++  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+   /* codeword ordering.... length ordered or unordered? */
+   switch((int)oggpack_read(opb,1)){
+   case 0:
diff --git a/packages/libvorbis/libvorbis_1.2.0.bb b/packages/libvorbis/libvorbis_1.2.0.bb
index 79b79e8f49..30031ad5e8 100644
--- a/packages/libvorbis/libvorbis_1.2.0.bb
+++ b/packages/libvorbis/libvorbis_1.2.0.bb
@@ -4,8 +4,13 @@ DESCRIPTION = "Ogg Vorbis is a high-quality lossy audio codec \
 that is free of intellectual property restrictions. libvorbis \
 is the main vorbis codec library."
 LICENSE = "BSD"
+PR = "1"
 
-SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz"
+SRC_URI = "http://downloads.xiph.org/releases/vorbis/libvorbis-${PV}.tar.gz \
+	   file://r14598-CVE-2008-1420.patch;patch=1 \
+	   file://r14602-CVE-2008-1419.patch;patch=1 \
+	   file://r14602-CVE-2008-1423.patch;patch=1 \
+	  "
 
 inherit autotools  pkgconfig
 
-- 
cgit v1.2.3