[oe-commits] Holger Hans Peter Freyther : grip: Apply FreeBSD patch to fix a flaw with handling CDDB responses

[git version control]

Module: openembedded.git
Branch: org.openembedded.dev
Commit: 52198f7ac730e8c46fa5d464dc80ccf636e20507
URL:    http://gitweb.openembedded.net/?p=openembedded.git&a=commit;h=52198f7ac730e8c46fa5d464dc80ccf636e20507

Author: Holger Hans Peter Freyther <zecke at selfish.org>
Date:   Tue Mar 16 14:35:54 2010 +0800

grip: Apply FreeBSD patch to fix a flaw with handling CDDB responses

Addresses CVE-2005-0706.

---

 recipes/grip/grip-3.2.0/patch-src::discdb |   20 ++++++++++++++++++++
 recipes/grip/grip_3.2.0.bb                |    5 ++++-
 2 files changed, 24 insertions(+), 1 deletions(-)

diff --git a/recipes/grip/grip-3.2.0/patch-src::discdb b/recipes/grip/grip-3.2.0/patch-src::discdb
new file mode 100644
index 0000000..1d300b2
--- /dev/null
+++ b/recipes/grip/grip-3.2.0/patch-src::discdb
@@ -0,0 +1,20 @@
+--- src/discdb.c.orig	Thu Apr 15 21:23:37 2004
++++ src/discdb.c	Wed Mar 16 19:02:09 2005
+@@ -311,7 +311,7 @@
+     query->query_match=MATCH_EXACT;
+     query->query_matches=0;
+ 
+-    while((inbuffer=DiscDBReadLine(&dataptr))) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+       query->query_list[query->query_matches].list_genre=
+ 	DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+       
+@@ -331,7 +331,7 @@
+     query->query_match=MATCH_INEXACT;
+     query->query_matches=0;
+ 
+-    while((inbuffer=DiscDBReadLine(&dataptr))) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+       query->query_list[query->query_matches].list_genre=
+ 	DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+       
diff --git a/recipes/grip/grip_3.2.0.bb b/recipes/grip/grip_3.2.0.bb
index 0638031..b447386 100644
--- a/recipes/grip/grip_3.2.0.bb
+++ b/recipes/grip/grip_3.2.0.bb
@@ -5,7 +5,10 @@
 HOMEPAGE="http://www.nostatic.org/grip/"
 LICENSE="GPL"
 
-SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz"
+SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz \
+         file://patch-src::discdb;patch=1;pnum=0 "
 DEPENDS="libgnomeui vte curl cdparanoia id3lib"
 
+PR = "r1"
+
 inherit autotools