Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=aedbf8bbad87217ed01accd5e88587a9fc1225e2
commit aedbf8bbad87217ed01accd5e88587a9fc1225e2
Author: Miklos Vajna <[EMAIL PROTECTED]>
Date: Sat Mar 8 19:04:33 2008 +0100
rblibtorrent-0.12-6sayshell1-i686
- added CVE-2008-0646.patch
- closes #2770
diff --git a/source/lib-extra/rblibtorrent/CVE-2008-0646.patch
b/source/lib-extra/rblibtorrent/CVE-2008-0646.patch
new file mode 100644
index 0000000..b0c7922
--- /dev/null
+++ b/source/lib-extra/rblibtorrent/CVE-2008-0646.patch
@@ -0,0 +1,43 @@
+--- include/libtorrent/bencode.hpp 2007/03/10 20:38:59 956
++++ include/libtorrent/bencode.hpp 2008/01/28 02:58:17 1968
+@@ -200,8 +200,9 @@
+ }
+
+ template<class InIt>
+- void bdecode_recursive(InIt& in, InIt end, entry& ret)
++ void bdecode_recursive(InIt& in, InIt end, entry& ret, int
depth)
+ {
++ if (depth >= 100) throw invalid_encoding();
+ if (in == end) throw invalid_encoding();
+ switch (*in)
+ {
+@@ -228,7 +229,7 @@
+ {
+ ret.list().push_back(entry());
+ entry& e = ret.list().back();
+- bdecode_recursive(in, end, e);
++ bdecode_recursive(in, end, e, depth +
1);
+ if (in == end) throw invalid_encoding();
+ }
+ assert(*in == 'e');
+@@ -244,9 +245,9 @@
+ while (*in != 'e')
+ {
+ entry key;
+- bdecode_recursive(in, end, key);
++ bdecode_recursive(in, end, key, depth +
1);
+ entry& e = ret[key.string()];
+- bdecode_recursive(in, end, e);
++ bdecode_recursive(in, end, e, depth +
1);
+ if (in == end) throw invalid_encoding();
+ }
+ assert(*in == 'e');
+@@ -285,7 +286,7 @@
+ try
+ {
+ entry e;
+- detail::bdecode_recursive(start, end, e);
++ detail::bdecode_recursive(start, end, e, 0);
+ return e;
+ }
+ catch(type_error&)
diff --git a/source/lib-extra/rblibtorrent/FrugalBuild
b/source/lib-extra/rblibtorrent/FrugalBuild
index 3ed2d58..27b9128 100644
--- a/source/lib-extra/rblibtorrent/FrugalBuild
+++ b/source/lib-extra/rblibtorrent/FrugalBuild
@@ -3,7 +3,7 @@
pkgname=rblibtorrent
pkgver=0.12
-pkgrel=5
+pkgrel=6sayshell1
pkgdesc="LibTorrent is a BitTorrent library written in C++"
_F_sourceforge_name="libtorrent"
Finclude sourceforge
@@ -13,7 +13,7 @@ groups=('lib-extra')
archs=('i686' 'x86_64')
#source=(http://www.libtorrent.org/libtorrent-${pkgver}rc3.tar.gz)
up2date="lynx -dump
http://sourceforge.net/project/showfiles.php?group_id=79942|grep -m1
'.tar.gz'|sed 's/.*rent-\(.*\).tar.gz.*/\1/'"
-source=($source not-for-upstream.patch)
+source=($source not-for-upstream.patch CVE-2008-0646.patch)
_F_cd_path="libtorrent-$pkgver"
build()
@@ -36,6 +36,7 @@ build()
Fln /usr/lib/libtorrent/libtorrent.so.0.1.0 /usr/lib/libtorrent.so.0
}
-sha1sums=('c0b0535100d53452719cdfbcdf8e66c1217bc29e'\
- '729610c06b87fd4772ae0c428ad0abc5dbfeff3f')
+sha1sums=('c0b0535100d53452719cdfbcdf8e66c1217bc29e' \
+ '729610c06b87fd4772ae0c428ad0abc5dbfeff3f' \
+ 'edd8e02811f7636c6a5d1ee8f1353889d89b5f0b')
# optimization OK
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
