diff options
Diffstat (limited to 'audio/orpheus')
-rw-r--r-- | audio/orpheus/101_fix-buffer-overflow.diff | 15 | ||||
-rw-r--r-- | audio/orpheus/README | 3 | ||||
-rw-r--r-- | audio/orpheus/orpheus-1.6-nolibghttp.patch | 11 | ||||
-rw-r--r-- | audio/orpheus/orpheus.SlackBuild | 88 | ||||
-rw-r--r-- | audio/orpheus/orpheus.info | 8 | ||||
-rw-r--r-- | audio/orpheus/slack-desc | 19 |
6 files changed, 144 insertions, 0 deletions
diff --git a/audio/orpheus/101_fix-buffer-overflow.diff b/audio/orpheus/101_fix-buffer-overflow.diff new file mode 100644 index 0000000000..4d6c8e4e18 --- /dev/null +++ b/audio/orpheus/101_fix-buffer-overflow.diff @@ -0,0 +1,15 @@ +Fix a stack-based buffer overflow in kkstrtext.h in ktools library. +(CVE-2005-3863) (Closes: #368402) +Index: orpheus-1.5/kkstrtext-0.1/kkstrtext.h +=================================================================== +--- orpheus-1.5.orig/kkstrtext-0.1/kkstrtext.h 2003-12-14 11:51:38.000000000 +0100 ++++ orpheus-1.5/kkstrtext-0.1/kkstrtext.h 2006-08-01 21:57:14.000000000 +0200 +@@ -87,7 +87,7 @@ + { \ + va_list vgs__ap; char vgs__buf[1024]; \ + va_start(vgs__ap, fmt); \ +- vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf; \ ++ vsnprintf(vgs__buf, 1024, fmt, vgs__ap); c = vgs__buf; \ + va_end(vgs__ap); \ + } + diff --git a/audio/orpheus/README b/audio/orpheus/README new file mode 100644 index 0000000000..ff75d3c4fc --- /dev/null +++ b/audio/orpheus/README @@ -0,0 +1,3 @@ +Orpheus is a light-weight text mode menu and window driven audio +player application for CDs, internet stream broadcasts, and files +in MP3 and Ogg Vorbis format. diff --git a/audio/orpheus/orpheus-1.6-nolibghttp.patch b/audio/orpheus/orpheus-1.6-nolibghttp.patch new file mode 100644 index 0000000000..28823e85e9 --- /dev/null +++ b/audio/orpheus/orpheus-1.6-nolibghttp.patch @@ -0,0 +1,11 @@ +--- orpheus-1.6/configure.old 2006-11-25 16:56:53.000000000 +0100 ++++ orpheus-1.6/configure 2006-11-25 16:57:30.000000000 +0100 +@@ -4219,7 +4219,7 @@ + fi + echo "$as_me:$LINENO: result: $ac_cv_lib_ghttp_ghttp_request_new" >&5 + echo "${ECHO_T}$ac_cv_lib_ghttp_ghttp_request_new" >&6 +-if test $ac_cv_lib_ghttp_ghttp_request_new = yes; then ++if test $ac_cv_lib_ghttp_ghttp_request_new = nolibghttp; then + cat >>confdefs.h <<_ACEOF + #define HAVE_LIBGHTTP 1 + _ACEOF diff --git a/audio/orpheus/orpheus.SlackBuild b/audio/orpheus/orpheus.SlackBuild new file mode 100644 index 0000000000..685fcce01f --- /dev/null +++ b/audio/orpheus/orpheus.SlackBuild @@ -0,0 +1,88 @@ +#!/bin/sh + +# Slackware build script for orpheus. +# Copyright (c) 2008, Antonio Hernández Blas <hba.nihilismus@gmail.com> +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# 1.- Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY +# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=orpheus +VERSION=1.6 +ARCH=${ARCH:-i486} +BUILD=${BUILD:-2} +TAG=${TAG:-_SBo} + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar -xjvf $CWD/$PRGNAM-$VERSION.tar.bz2 +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + + +# Acording with http://bugs.gentoo.org/show_bug.cgi?id=113683 +# theres a stack-based buffer overflow in kkstrtext.h +cat $CWD/101_fix-buffer-overflow.diff | patch -p1 + +# Also, we're going to disable the use of the deprecated libghttp +cat $CWD/orpheus-1.6-nolibghttp.patch | patch -p1 + +# If CFLAGS are declared, then its going to result in an error: +# "can only configure for one host and one target at a time" +# so its better to unset them +# This is not *our* bug - feel free to notify the upstream authors... :) +unset CFLAGS CXXFLAGS +./configure \ + --prefix=/usr + +make +make install-strip DESTDIR=$PKG + +mkdir -p $PKG/usr/man/man1 +gzip -c9 orpheus.1 > $PKG/usr/man/man1/orpheus.1.gz + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a ABOUT-NLS AUTHORS COPYING ChangeLog FAQ INSTALL NEWS README TODO \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.tgz diff --git a/audio/orpheus/orpheus.info b/audio/orpheus/orpheus.info new file mode 100644 index 0000000000..8fce9adb43 --- /dev/null +++ b/audio/orpheus/orpheus.info @@ -0,0 +1,8 @@ +PRGNAM="orpheus" +VERSION="1.6" +HOMEPAGE="http://thekonst.net/en/orpheus" +DOWNLOAD="http://thekonst.net/download/orpheus-1.6.tar.bz2" +MD5SUM="1c6c07fbdd0ad9001c3f9fbf8cd68551" +MAINTAINER="Antonio Hernández Blas" +EMAIL="hba.nihilismus@gmail.com" +APPROVED="David Somero" diff --git a/audio/orpheus/slack-desc b/audio/orpheus/slack-desc new file mode 100644 index 0000000000..85c9245ced --- /dev/null +++ b/audio/orpheus/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' +# on the right side marks the last column you can put a character in. You must +# make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +orpheus: orpheus (light-weight text mode menu- and audio player) +orpheus: +orpheus: Orpheus is a light-weight text mode menu- and window-driven audio +orpheus: player application for CDs, internet stream broadcasts and files in +orpheus: MP3 and Vorbis OGG format. +orpheus: +orpheus: Homepage: http://thekonst.net/en/orpheus +orpheus: +orpheus: +orpheus: +orpheus: |