Add patch for security bug #143404.

(Portage version: 2.1.2_rc2-r1)

5 files changed, 89 insertions, 2 deletions

diff --git a/media-libs/libmodplug/ChangeLog b/media-libs/libmodplug/ChangeLog
index 61f367d8dd11..baa136066a85 100644
--- a/media-libs/libmodplug/ChangeLog
+++ b/media-libs/libmodplug/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-libs/libmodplug
 # Copyright 1999-2006 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/ChangeLog,v 1.19 2006/08/28 02:00:55 kumba Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/ChangeLog,v 1.20 2006/11/24 20:59:47 flameeyes Exp $
+
+*libmodplug-0.8-r1 (24 Nov 2006)
+
+  24 Nov 2006; Diego Pettenò <flameeyes@gentoo.org>
+  +files/libmodplug-0.8-CVE-2006-4192.patch, libmodplug-0.8.ebuild,
+  +libmodplug-0.8-r1.ebuild:
+  Add patch for security bug #143404.
 
   28 Aug 2006; Joshua Kinard <kumba@gentoo.org> libmodplug-0.7.ebuild:
   Marked stable on mips.
diff --git a/media-libs/libmodplug/files/digest-libmodplug-0.8-r1 b/media-libs/libmodplug/files/digest-libmodplug-0.8-r1
new file mode 100644
index 000000000000..2867154b0153
--- /dev/null
+++ b/media-libs/libmodplug/files/digest-libmodplug-0.8-r1
@@ -0,0 +1,3 @@
+MD5 cea399626e2a074e2a77c8cd98387a48 libmodplug-0.8.tar.gz 441612
+RMD160 ccf5c29b06a2f5ed93f7b42676d892521c65bfbd libmodplug-0.8.tar.gz 441612
+SHA256 ef2269cc4ba5c8574d38321349d76063c6b200857f0c9256ea97e608583e8857 libmodplug-0.8.tar.gz 441612
diff --git a/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch b/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch
new file mode 100644
index 000000000000..c80af44b37c3
--- /dev/null
+++ b/media-libs/libmodplug/files/libmodplug-0.8-CVE-2006-4192.patch
@@ -0,0 +1,36 @@
+--- libmodplug/src/sndfile.cpp	2006/08/10 02:26:44	1.3
++++ libmodplug/src/sndfile.cpp	2006/11/02 04:19:00	1.4
+@@ -5,7 +5,7 @@
+  *          Adam Goode       <adam@evdebs.org> (endian and char fixes for PPC)
+ */
+ 
+-#include <math.h>       //for GCCFIX
++#include <math.h> //for GCCFIX
+ #include <libmodplug/stdafx.h>
+ #include <libmodplug/sndfile.h>
+ 
+@@ -228,7 +228,8 @@
+ 		if (pins->nGlobalVol > 64) pins->nGlobalVol = 64;
+ 	}
+ 	// Check invalid instruments
+-	while ((m_nInstruments > 0) && (!Headers[m_nInstruments])) m_nInstruments--;
++	while ((m_nInstruments > 0) && (!Headers[m_nInstruments])) 
++		m_nInstruments--;
+ 	// Set default values
+ 	if (m_nSongPreAmp < 0x20) m_nSongPreAmp = 0x20;
+ 	if (m_nDefaultTempo < 32) m_nDefaultTempo = 125;
+@@ -1081,11 +1082,12 @@
+ 
+ 
+ UINT CSoundFile::ReadSample(MODINSTRUMENT *pIns, UINT nFlags, LPCSTR lpMemFile, DWORD dwMemLength)
+-//------------------------------------------------------------------------------------------------
++//------------------------------------------------------------------------------
+ {
+ 	UINT len = 0, mem = pIns->nLength+6;
+ 
+-	if ((!pIns) || (pIns->nLength < 4) || (!lpMemFile)) return 0;
++	// Disable >2Gb samples,(preventing buffer overflow in AllocateSample)
++	if ((!pIns) || ((int)pIns->nLength < 4) || (!lpMemFile)) return 0;
+ 	if (pIns->nLength > MAX_SAMPLE_LENGTH) pIns->nLength = MAX_SAMPLE_LENGTH;
+ 	pIns->uFlags &= ~(CHN_16BIT|CHN_STEREO);
+ 	if (nFlags & RSF_16BIT)
diff --git a/media-libs/libmodplug/libmodplug-0.8-r1.ebuild b/media-libs/libmodplug/libmodplug-0.8-r1.ebuild
new file mode 100644
index 000000000000..f350e5edc971
--- /dev/null
+++ b/media-libs/libmodplug/libmodplug-0.8-r1.ebuild
@@ -0,0 +1,38 @@
+# Copyright 1999-2006 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/libmodplug-0.8-r1.ebuild,v 1.1 2006/11/24 20:59:47 flameeyes Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
+
+inherit eutils autotools
+
+DESCRIPTION="Library for playing MOD-like music files"
+SRC_URI="mirror://sourceforge/modplug-xmms/${P}.tar.gz"
+HOMEPAGE="http://modplug-xmms.sourceforge.net/"
+
+LICENSE="GPL-2"
+SLOT="0"
+#-sparc: 1.0 - Bus Error on play
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh -sparc ~x86 ~x86-fbsd"
+IUSE=""
+
+RDEPEND=""
+DEPEND="dev-util/pkgconfig"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+	epatch "${FILESDIR}/${PN}-0.7-amd64.patch"
+	epatch "${FILESDIR}/${PN}-0.7-asneeded.patch"
+	epatch "${FILESDIR}/${P}-CVE-2006-4192.patch"
+
+	sed -i -e 's:-ffast-math::' "${S}/configure.in"
+
+	eautoreconf
+}
+
+src_install() {
+	make DESTDIR="${D}" install || die
+	dodoc AUTHORS ChangeLog README TODO
+}
diff --git a/media-libs/libmodplug/libmodplug-0.8.ebuild b/media-libs/libmodplug/libmodplug-0.8.ebuild
index 8185033ced24..22a06522c4cd 100644
--- a/media-libs/libmodplug/libmodplug-0.8.ebuild
+++ b/media-libs/libmodplug/libmodplug-0.8.ebuild
@@ -1,6 +1,9 @@
 # Copyright 1999-2006 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/libmodplug-0.8.ebuild,v 1.3 2006/05/25 02:59:33 flameeyes Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libmodplug/libmodplug-0.8.ebuild,v 1.4 2006/11/24 20:59:47 flameeyes Exp $
+
+WANT_AUTOCONF="latest"
+WANT_AUTOMAKE="latest"
 
 inherit eutils autotools