From 52198f7ac730e8c46fa5d464dc80ccf636e20507 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther Date: Tue, 16 Mar 2010 14:35:54 +0800 Subject: grip: Apply FreeBSD patch to fix a flaw with handling CDDB responses Addresses CVE-2005-0706. --- recipes/grip/grip-3.2.0/patch-src::discdb | 20 ++++++++++++++++++++ recipes/grip/grip_3.2.0.bb | 5 ++++- 2 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 recipes/grip/grip-3.2.0/patch-src::discdb (limited to 'recipes/grip') diff --git a/recipes/grip/grip-3.2.0/patch-src::discdb b/recipes/grip/grip-3.2.0/patch-src::discdb new file mode 100644 index 0000000000..1d300b270f --- /dev/null +++ b/recipes/grip/grip-3.2.0/patch-src::discdb @@ -0,0 +1,20 @@ +--- src/discdb.c.orig Thu Apr 15 21:23:37 2004 ++++ src/discdb.c Wed Mar 16 19:02:09 2005 +@@ -311,7 +311,7 @@ + query->query_match=MATCH_EXACT; + query->query_matches=0; + +- while((inbuffer=DiscDBReadLine(&dataptr))) { ++ while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) { + query->query_list[query->query_matches].list_genre= + DiscDBGenreValue(g_strstrip(strtok(inbuffer," "))); + +@@ -331,7 +331,7 @@ + query->query_match=MATCH_INEXACT; + query->query_matches=0; + +- while((inbuffer=DiscDBReadLine(&dataptr))) { ++ while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) { + query->query_list[query->query_matches].list_genre= + DiscDBGenreValue(g_strstrip(strtok(inbuffer," "))); + diff --git a/recipes/grip/grip_3.2.0.bb b/recipes/grip/grip_3.2.0.bb index 063803138d..b4473860e0 100644 --- a/recipes/grip/grip_3.2.0.bb +++ b/recipes/grip/grip_3.2.0.bb @@ -5,7 +5,10 @@ HOMEPAGE="http://www.nostatic.org/grip/" LICENSE="GPL" -SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz" +SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz \ + file://patch-src::discdb;patch=1;pnum=0 " DEPENDS="libgnomeui vte curl cdparanoia id3lib" +PR = "r1" + inherit autotools -- cgit v1.2.3