diff options
Diffstat (limited to 'extra')
-rw-r--r-- | extra/libkeybinder3/PKGBUILD | 6 | ||||
-rw-r--r-- | extra/libmodplug/PKGBUILD | 19 | ||||
-rw-r--r-- | extra/libmodplug/libmodplug-CVE-2013-4233-Fix.patch | 42 | ||||
-rw-r--r-- | extra/libmodplug/libmodplug-CVE-2013-4234-Fix.patch | 95 |
4 files changed, 8 insertions, 154 deletions
diff --git a/extra/libkeybinder3/PKGBUILD b/extra/libkeybinder3/PKGBUILD index 501c66c61..ec9da817b 100644 --- a/extra/libkeybinder3/PKGBUILD +++ b/extra/libkeybinder3/PKGBUILD @@ -1,13 +1,13 @@ -# $Id: PKGBUILD 198192 2013-10-30 13:21:58Z allan $ +# $Id: PKGBUILD 208524 2014-03-23 21:26:50Z eric $ # Maintainer: Eric Bélanger <eric@archlinux.org> # Contributor: speps <speps at aur dot archlinux dot org> pkgname=libkeybinder3 pkgver=0.3.0 -pkgrel=3 +pkgrel=4 pkgdesc="A library for registering global keyboard shortcuts" arch=('i686' 'x86_64') -url="http://kaizer.se/wiki/keybinder/" +url="https://github.com/engla/keybinder/tree/keybinder-3.0" license=('MIT') depends=('gtk3') makedepends=('gtk-doc' 'gobject-introspection') diff --git a/extra/libmodplug/PKGBUILD b/extra/libmodplug/PKGBUILD index f45c8d68f..862bca8df 100644 --- a/extra/libmodplug/PKGBUILD +++ b/extra/libmodplug/PKGBUILD @@ -1,25 +1,16 @@ -# $Id: PKGBUILD 198199 2013-10-30 13:24:33Z allan $ +# $Id: PKGBUILD 208526 2014-03-23 21:51:07Z eric $ # Maintainer: Eric Bélanger <eric@archlinux.org> pkgname=libmodplug -pkgver=0.8.8.4 -pkgrel=2 +pkgver=0.8.8.5 +pkgrel=1 pkgdesc="A MOD playing library" arch=('i686' 'x86_64') url="http://modplug-xmms.sourceforge.net/" license=('custom') depends=('gcc-libs') -source=(http://downloads.sourceforge.net/modplug-xmms/${pkgname}-${pkgver}.tar.gz - libmodplug-CVE-2013-4233-Fix.patch libmodplug-CVE-2013-4234-Fix.patch) -sha1sums=('df4deffe542b501070ccb0aee37d875ebb0c9e22' - 'daee7fba80f633236a3d09ad19225c57013140e9' - '2e870747261a86dce5056cbf077c5914e9e8b287') - -prepare() { - cd ${pkgname}-${pkgver} - patch -p2 -i "${srcdir}/libmodplug-CVE-2013-4233-Fix.patch" - patch -p2 -i "${srcdir}/libmodplug-CVE-2013-4234-Fix.patch" -} +source=(http://downloads.sourceforge.net/modplug-xmms/${pkgname}-${pkgver}.tar.gz) +sha1sums=('771ee75bb8bfcfe95eae434ed1f3b2c5b63b2cb3') build() { cd ${pkgname}-${pkgver} diff --git a/extra/libmodplug/libmodplug-CVE-2013-4233-Fix.patch b/extra/libmodplug/libmodplug-CVE-2013-4233-Fix.patch deleted file mode 100644 index 288b44d13..000000000 --- a/extra/libmodplug/libmodplug-CVE-2013-4233-Fix.patch +++ /dev/null @@ -1,42 +0,0 @@ -From c4d4e047862649a75f6dba905c613aff0df81309 Mon Sep 17 00:00:00 2001 -From: Konstanty Bialkowski <konstanty@ieee.org> -Date: Wed, 14 Aug 2013 14:15:27 +1000 -Subject: [PATCH] CVE-2013-4233 Fix - -Integer overflow in j variable - --- reported by Florian "Agix" Gaultier ---- - libmodplug/src/load_abc.cpp | 7 ++++--- - 1 file changed, 4 insertions(+), 3 deletions(-) - -diff --git a/libmodplug/src/load_abc.cpp b/libmodplug/src/load_abc.cpp -index 9f4b328..ecb7b62 100644 ---- a/libmodplug/src/load_abc.cpp -+++ b/libmodplug/src/load_abc.cpp -@@ -1814,7 +1814,7 @@ static int abc_extract_tempo(const char *p, int invoice) - - static void abc_set_parts(char **d, char *p) - { -- int i,j,k,m,n; -+ int i,j,k,m,n,size; - char *q; - #ifdef NEWMIKMOD - static MM_ALLOC *h; -@@ -1852,10 +1852,11 @@ static void abc_set_parts(char **d, char *p) - i += n-1; - } - } -- q = (char *)_mm_calloc(h, j+1, sizeof(char)); // enough storage for the worst case -+ size = (j + 1) > 0 ? j+1 : j; -+ q = (char *)_mm_calloc(h, size, sizeof(char)); // enough storage for the worst case - // now copy bytes from p to *d, taking parens and digits in account - j = 0; -- for( i=0; p[i] && p[i] != '%'; i++ ) { -+ for( i=0; p[i] && p[i] != '%' && j < size; i++ ) { - if( isdigit(p[i]) || isupper(p[i]) || p[i] == '(' || p[i] == ')' ) { - if( p[i] == ')' ) { - for( n=j; n > 0 && q[n-1] != '('; n-- ) ; // find open paren in q --- -1.8.4 - diff --git a/extra/libmodplug/libmodplug-CVE-2013-4234-Fix.patch b/extra/libmodplug/libmodplug-CVE-2013-4234-Fix.patch deleted file mode 100644 index c4b105d19..000000000 --- a/extra/libmodplug/libmodplug-CVE-2013-4234-Fix.patch +++ /dev/null @@ -1,95 +0,0 @@ -From 5de53a46283e7c463115444a9339978011dab961 Mon Sep 17 00:00:00 2001 -From: Konstanty Bialkowski <konstanty@ieee.org> -Date: Wed, 14 Aug 2013 15:15:09 +1000 -Subject: [PATCH] CVE-2013-4234 Fix - -Heap overflow in abc_MIDI_drum + abc_MIDI_gchord - --- reported by Florian "Agix" Gaultier ---- - libmodplug/src/load_abc.cpp | 34 +++++++++++++++++++++++----------- - 1 file changed, 23 insertions(+), 11 deletions(-) - -diff --git a/libmodplug/src/load_abc.cpp b/libmodplug/src/load_abc.cpp -index ecb7b62..dd9cc6b 100644 ---- a/libmodplug/src/load_abc.cpp -+++ b/libmodplug/src/load_abc.cpp -@@ -3205,27 +3205,33 @@ static void abc_MIDI_chordname(const char *p) - static int abc_MIDI_drum(const char *p, ABCHANDLE *h) - { - char *q; -- int i,n,m; -+ int i, n, m, len; - while( isspace(*p) ) p++; - if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2; - if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1; -- n = 0; -+ n = 0; len = 0; - for( q = h->drum; *p && !isspace(*p); p++ ) { - if( !strchr("dz0123456789",*p) ) break; -- *q++ = *p; -- if( !isdigit(*p) ) { -- if( !isdigit(p[1]) ) *q++ = '1'; -+ *q++ = *p; len++; -+ if( !isdigit(*p) && len < sizeof(h->drum)-1 ) { -+ if( !isdigit(p[1]) ) { *q++ = '1'; len ++; } - n++; // count the silences too.... - } -+ if (len >= sizeof(h->drum)-1) { -+ // consume the rest of the input -+ // definitely enough "drum last state" stored. -+ while ( *p && !isspace(*p) ) p++; -+ break; -+ } - } - *q = '\0'; - q = h->drumins; - for( i = 0; i<n; i++ ) { - if( h->drum[i*2] == 'd' ) { -- while( isspace(*p) ) p++; -+ while( *p && isspace(*p) ) p++; - if( !isdigit(*p) ) { - m = 0; -- while( !isspace(*p) ) p++; -+ while( *p && !isspace(*p) ) p++; - } - else - p += abc_getnumber(p,&m); -@@ -3236,10 +3242,10 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h) - q = h->drumvol; - for( i = 0; i<n; i++ ) { - if( h->drum[i*2] == 'd' ) { -- while( isspace(*p) ) p++; -+ while( *p && isspace(*p) ) p++; - if( !isdigit(*p) ) { - m = 0; -- while( !isspace(*p) ) p++; -+ while( *p && !isspace(*p) ) p++; - } - else - p += abc_getnumber(p,&m); -@@ -3254,13 +3260,19 @@ static int abc_MIDI_drum(const char *p, ABCHANDLE *h) - static int abc_MIDI_gchord(const char *p, ABCHANDLE *h) - { - char *q; -+ int len = 0; - while( isspace(*p) ) p++; - if( !strncmp(p,"on",2) && (isspace(p[2]) || p[2] == '\0') ) return 2; - if( !strncmp(p,"off",3) && (isspace(p[3]) || p[3] == '\0') ) return 1; - for( q = h->gchord; *p && !isspace(*p); p++ ) { - if( !strchr("fbcz0123456789ghijGHIJ",*p) ) break; -- *q++ = *p; -- if( !isdigit(*p) && !isdigit(p[1]) ) *q++ = '1'; -+ *q++ = *p; len++; -+ if( !isdigit(*p) && len < sizeof(h->gchord)-1 && !isdigit(p[1]) ) { *q++ = '1'; len ++; } -+ if (len >= sizeof(h->gchord)-1) { -+ // consume the rest of the input -+ // definitely enough "drum last state" stored. -+ while ( *p && !isspace(*p) ) p++; -+ } - } - *q = '\0'; - return 0; --- -1.8.4 - |