[gentoo-commits] repo/gentoo:master commit in: media-sound/mp3info/, media-sound/mp3info/files/

Fri, 22 Jun 2018 15:18:02 -0700 

commit:     a64e78259432a21caae85b633496331235377130
Author:     Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com>
AuthorDate: Sat Jun  9 19:26:36 2018 +0000
Commit:     Patrice Clement <monsieurp <AT> gentoo <DOT> org>
CommitDate: Fri Jun 22 22:17:11 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a64e7825

media-sound/mp3info: patch against printf format issue.

Closes: https://bugs.gentoo.org/657668

Package-Manager: Portage-2.3.40, Repoman-2.3.9
Closes: https://github.com/gentoo/gentoo/pull/8771

 .../files/mp3info-0.8.5a-format-security.patch     | 21 +++++++++++
 media-sound/mp3info/mp3info-0.8.5a-r1.ebuild       | 41 ++++++++++++++++++++++
 2 files changed, 62 insertions(+)

diff --git a/media-sound/mp3info/files/mp3info-0.8.5a-format-security.patch 
b/media-sound/mp3info/files/mp3info-0.8.5a-format-security.patch
new file mode 100644
index 00000000000..5a8a749b55f
--- /dev/null
+++ b/media-sound/mp3info/files/mp3info-0.8.5a-format-security.patch
@@ -0,0 +1,21 @@
+diff -Nuar mp3info-0.8.5a.orig/textfunc.c mp3info-0.8.5a/textfunc.c
+--- mp3info-0.8.5a.orig/textfunc.c     2018-06-09 21:56:18.450985762 +0300
++++ mp3info-0.8.5a/textfunc.c  2018-06-09 22:09:07.164948467 +0300
+@@ -227,7 +227,7 @@
+ 
+       while((percent=strchr(format,'%'))) {
+               *percent=0;
+-              printf(format);
++              printf("%s", format);
+               *percent='%';
+               code=percent+1;
+               while(*code && (code[0] != '%' && !isalpha(*code))) code++;
+@@ -354,7 +354,7 @@
+               }
+               
+       }
+-      printf(format);
++      printf("%s", format);
+ }
+ 
+ 

diff --git a/media-sound/mp3info/mp3info-0.8.5a-r1.ebuild 
b/media-sound/mp3info/mp3info-0.8.5a-r1.ebuild
new file mode 100644
index 00000000000..5982213a3da
--- /dev/null
+++ b/media-sound/mp3info/mp3info-0.8.5a-r1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit toolchain-funcs
+
+DESCRIPTION="An MP3 technical info viewer and ID3 1.x tag editor"
+HOMEPAGE="http://ibiblio.org/mp3info/";
+SRC_URI="http://ibiblio.org/pub/linux/apps/sound/mp3-utils/${PN}/${P}.tgz";
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux 
~x86-linux ~ppc-macos ~x86-macos ~sparc-solaris"
+IUSE="gtk"
+
+RDEPEND="
+       gtk? ( >=x11-libs/gtk+-2.6.10:2 )
+       sys-libs/ncurses:0=
+"
+DEPEND="
+       ${RDEPEND}
+       virtual/pkgconfig
+"
+
+PATCHES=(
+       "${FILESDIR}/${P}-ldflags.patch"
+       "${FILESDIR}/${P}-tinfo.patch"
+       "${FILESDIR}/${P}-format-security.patch"
+)
+
+src_compile() {
+       tc-export PKG_CONFIG
+       emake mp3info $(usex gtk gmp3info '') CC="$(tc-getCC)" 
CFLAGS="${CFLAGS}"
+}
+
+src_install() {
+       dobin mp3info $(usex gtk gmp3info '')
+
+       dodoc ChangeLog README
+       doman mp3info.1
+}

Reply via email to