diff options
| author |   Samuli Suominen <ssuominen@gentoo.org> | 2009-05-12 06:19:03 +0000 |
|---|---|---|
| committer | Samuli Suominen <ssuominen@gentoo.org> | 2009-05-12 06:19:03 +0000 |
| commit | b9b6dcee0ad47fbee15dbc706b5bf079c4bab652 (patch) | |
| tree | 0051db604991606c5e3cafeb4a734c00b7232429 /media-sound/cmus | |
| parent | Mask media-sound/rat for removal wrt security #208464, CVE-2008-0553. (diff) | |
| download | gentoo-2-b9b6dcee0ad47fbee15dbc706b5bf079c4bab652.tar.gz gentoo-2-b9b6dcee0ad47fbee15dbc706b5bf079c4bab652.tar.bz2 gentoo-2-b9b6dcee0ad47fbee15dbc706b5bf079c4bab652.zip | |
CVE-2008-5375, symlink attack wrt #250474.
(Portage version: 2.1.6.13/cvs/Linux x86_64)
Diffstat (limited to 'media-sound/cmus')
| -rw-r--r-- | media-sound/cmus/ChangeLog | 10 | ||||
| -rw-r--r-- | media-sound/cmus/cmus-2.2.0-r1.ebuild | 90 | ||||
| -rw-r--r-- | media-sound/cmus/files/cmus-2.2.0-symlink_attack.patch | 12 |
3 files changed, 110 insertions, 2 deletions
diff --git a/media-sound/cmus/ChangeLog b/media-sound/cmus/ChangeLog index 4344410f50f5..873ae8e2146e 100644 --- a/media-sound/cmus/ChangeLog +++ b/media-sound/cmus/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for media-sound/cmus -# Copyright 1999-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-sound/cmus/ChangeLog,v 1.21 2008/10/25 22:18:35 pvdabeel Exp $ +# Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/cmus/ChangeLog,v 1.22 2009/05/12 06:19:02 ssuominen Exp $ + +*cmus-2.2.0-r1 (12 May 2009) + + 12 May 2009; Samuli Suominen <ssuominen@gentoo.org> +cmus-2.2.0-r1.ebuild, + +files/cmus-2.2.0-symlink_attack.patch: + CVE-2008-5375, symlink attack wrt #250474. 25 Oct 2008; Pieter Van den Abeele <pvdabeel@gentoo.org> cmus-2.2.0.ebuild: Keyworded ~ppc. Closes bug #235775 diff --git a/media-sound/cmus/cmus-2.2.0-r1.ebuild b/media-sound/cmus/cmus-2.2.0-r1.ebuild new file mode 100644 index 000000000000..aee476ac08c3 --- /dev/null +++ b/media-sound/cmus/cmus-2.2.0-r1.ebuild @@ -0,0 +1,90 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-sound/cmus/cmus-2.2.0-r1.ebuild,v 1.1 2009/05/12 06:19:02 ssuominen Exp $ + +EAPI=2 +inherit eutils multilib + +DESCRIPTION="A ncurses based music player with plugin support for many formats" +HOMEPAGE="http://cmus.sourceforge.net/" +SRC_URI="http://mirror.greaterscope.net/cmus/${P}.tar.bz2" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~ppc ~x86 ~x86-fbsd" +IUSE="aac alsa ao arts debug examples flac mad mikmod modplug mp3 mp4 musepack \ + oss pidgin unicode vorbis wavpack wma zsh-completion" + +DEPEND="sys-libs/ncurses[unicode?] + aac? ( media-libs/faad2 ) + alsa? ( >=media-libs/alsa-lib-1.0.11 ) + ao? ( media-libs/libao ) + arts? ( kde-base/arts ) + flac? ( media-libs/flac ) + mad? ( >=media-libs/libmad-0.14 ) + mikmod? ( media-libs/libmikmod ) + modplug? ( >=media-libs/libmodplug-0.7 ) + mp3? ( >=media-libs/libmad-0.14 ) + mp4? ( media-libs/libmp4v2 + media-libs/faad2 ) + musepack? ( >=media-libs/libmpcdec-1.2 ) + vorbis? ( >=media-libs/libvorbis-1.0 ) + wavpack? ( media-sound/wavpack ) + wma? ( >=media-video/ffmpeg-0.4.9_p20080326 )" +RDEPEND="${DEPEND} + zsh-completion? ( app-shells/zsh ) + pidgin? ( net-im/pidgin + dev-python/dbus-python )" + +my_config() { + local value + use ${1} && value=y || value=n + myconf="${myconf} ${2}=${value}" +} + +src_prepare() { + epatch "${FILESDIR}"/${P}-new-ffmpeg.patch \ + "${FILESDIR}"/${P}-symlink_attack.patch +} + +src_configure() { + local debuglevel=1 myconf="CONFIG_SUN=n" + + use debug && debuglevel=2 + + my_config aac CONFIG_AAC + my_config ao CONFIG_AO + my_config alsa CONFIG_ALSA + my_config arts CONFIG_ARTS + my_config flac CONFIG_FLAC + my_config mad CONFIG_MAD + my_config mikmod CONFIG_MIKMOD + my_config mp3 CONFIG_MAD + my_config mp4 CONFIG_MP4 + my_config modplug CONFIG_MODPLUG + my_config musepack CONFIG_MPC + my_config oss CONFIG_OSS + my_config vorbis CONFIG_VORBIS + my_config wavpack CONFIG_WAVPACK + my_config wma CONFIG_FFMPEG + + # econf doesn't work, because configure wants "prefix" (and similar) without dashes + ./configure prefix=/usr ${myconf} exampledir=/usr/share/doc/${PF}/examples \ + libdir=/usr/$(get_libdir) DEBUG=${debuglevel} || die "configure failed" +} + +src_install() { + emake DESTDIR="${D}" install || die "emake install failed" + dodoc AUTHORS README + use examples || rm -rf "${D}/usr/share/doc/${PF}/examples/" + + if use zsh-completion; then + insinto /usr/share/zsh/site-functions + doins contrib/_cmus + fi + + if use pidgin; then + sed -i -e "s:/usr/local/bin/python:/usr/bin/python:" contrib/cmus-updatepidgin.py + newbin contrib/cmus-updatepidgin.py cmus-updatepidgin + fi +} diff --git a/media-sound/cmus/files/cmus-2.2.0-symlink_attack.patch b/media-sound/cmus/files/cmus-2.2.0-symlink_attack.patch new file mode 100644 index 000000000000..3c3e09c55cfe --- /dev/null +++ b/media-sound/cmus/files/cmus-2.2.0-symlink_attack.patch @@ -0,0 +1,12 @@ +diff -ur cmus-2.2.0.orig/cmus-status-display cmus-2.2.0/cmus-status-display +--- cmus-2.2.0.orig/cmus-status-display 2007-07-27 17:52:13.000000000 +0300 ++++ cmus-2.2.0/cmus-status-display 2009-05-12 09:12:56.000000000 +0300 +@@ -19,7 +19,7 @@ + output() + { + # write status to /tmp/cmus-status (not very useful though) +- echo "$*" >> /tmp/cmus-status 2>&1 ++ echo "$*" >> ~/.cmus-status 2>&1 + + # WMI (http://wmi.modprobe.de/) + #wmiremote -t "$*" &> /dev/null |