diff options
| author |   Alex Legler <a3li@gentoo.org> | 2009-04-04 16:30:06 +0000 |
|---|---|---|
| committer | Alex Legler <a3li@gentoo.org> | 2009-04-04 16:30:06 +0000 |
| commit | a563187bbaa91cd94e6711fff1c51bcaeb012676 (patch) | |
| tree | cc1d7c76b8e40703d0ef9c495121e8937d1d4c3e /media-video | |
| parent | Marking powerpc stabilizations for 264504 (diff) | |
| download | gentoo-2-a563187bbaa91cd94e6711fff1c51bcaeb012676.tar.gz gentoo-2-a563187bbaa91cd94e6711fff1c51bcaeb012676.tar.bz2 gentoo-2-a563187bbaa91cd94e6711fff1c51bcaeb012676.zip | |
Non-maintainer commit: Removing vulnerable scripts, bug 245921.
(Portage version: 2.2_rc28/cvs/Linux x86_64)
Diffstat (limited to 'media-video')
| -rw-r--r-- | media-video/ogle/ChangeLog | 11 | ||||
| -rw-r--r-- | media-video/ogle/files/ogle-vuln-scripts-makefile.patch | 36 | ||||
| -rw-r--r-- | media-video/ogle/ogle-0.9.2-r2.ebuild | 76 |
3 files changed, 121 insertions, 2 deletions
diff --git a/media-video/ogle/ChangeLog b/media-video/ogle/ChangeLog index cb7adf1a8117..a7604a3b0484 100644 --- a/media-video/ogle/ChangeLog +++ b/media-video/ogle/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for media-video/ogle -# Copyright 2002-2008 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/media-video/ogle/ChangeLog,v 1.50 2008/12/02 20:38:20 ranger Exp $ +# Copyright 2002-2009 Gentoo Foundation; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/media-video/ogle/ChangeLog,v 1.51 2009/04/04 16:30:05 a3li Exp $ + +*ogle-0.9.2-r2 (04 Apr 2009) + + 04 Apr 2009; Alex Legler <a3li@gentoo.org> + +files/ogle-vuln-scripts-makefile.patch, +ogle-0.9.2-r2.ebuild: + Non-maintainer commit: Removing vulnerable debug scripts per security bug + 245921. 02 Dec 2008; Brent Baude <ranger@gentoo.org> ogle-0.9.2-r1.ebuild: Marking ogle-0.9.2-r1 ~ppc64 for bug 249286 diff --git a/media-video/ogle/files/ogle-vuln-scripts-makefile.patch b/media-video/ogle/files/ogle-vuln-scripts-makefile.patch new file mode 100644 index 000000000000..f25964378c48 --- /dev/null +++ b/media-video/ogle/files/ogle-vuln-scripts-makefile.patch @@ -0,0 +1,36 @@ +This patch inhibits the installation of debug scripts vulnerable to a symlink +attack, see bug 245921 for reference. + +--- scripts/Makefile.in.orig 2009-04-04 18:13:33.000000000 +0200 ++++ scripts/Makefile.in 2009-04-04 18:15:46.000000000 +0200 +@@ -133,10 +133,10 @@ + subdir = scripts + mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs + CONFIG_CLEAN_FILES = ogle +-SCRIPTS = $(bin_SCRIPTS) $(dist_pkglib_SCRIPTS) ++SCRIPTS = $(bin_SCRIPTS) + + DIST_SOURCES = +-DIST_COMMON = $(dist_pkglib_SCRIPTS) Makefile.am Makefile.in ogle.in ++DIST_COMMON = Makefile.am Makefile.in ogle.in + all: all-am + + .SUFFIXES: +@@ -279,7 +279,7 @@ + + install-data-am: + +-install-exec-am: install-binSCRIPTS install-dist_pkglibSCRIPTS ++install-exec-am: install-binSCRIPTS + + install-info: install-info-am + +@@ -295,7 +295,7 @@ + + mostlyclean-am: mostlyclean-generic mostlyclean-libtool + +-uninstall-am: uninstall-binSCRIPTS uninstall-dist_pkglibSCRIPTS \ ++uninstall-am: uninstall-binSCRIPTS \ + uninstall-info-am + + .PHONY: all all-am check check-am clean clean-generic clean-libtool \ diff --git a/media-video/ogle/ogle-0.9.2-r2.ebuild b/media-video/ogle/ogle-0.9.2-r2.ebuild new file mode 100644 index 000000000000..226ca7015c97 --- /dev/null +++ b/media-video/ogle/ogle-0.9.2-r2.ebuild @@ -0,0 +1,76 @@ +# Copyright 1999-2009 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/media-video/ogle/ogle-0.9.2-r2.ebuild,v 1.1 2009/04/04 16:30:05 a3li Exp $ + +inherit eutils libtool + +DESCRIPTION="Full featured DVD player that supports DVD menus." +HOMEPAGE="http://www.dtek.chalmers.se/groups/dvd/" +SRC_URI="http://www.dtek.chalmers.se/groups/dvd/dist/${P}.tar.gz" + +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +LICENSE="GPL-2" +IUSE="oss mmx alsa xv altivec" + +RDEPEND=">=media-libs/libdvdcss-1.2.2 + media-libs/jpeg + >=media-libs/libdvdread-0.9.4 + media-libs/libmad + x11-libs/libXinerama + x11-libs/libXxf86vm + x11-libs/libICE + x11-libs/libSM + xv? ( x11-libs/libXv ) + >=dev-libs/libxml2-2.4.19 + >=media-libs/a52dec-0.7.3 + alsa? ( media-libs/alsa-lib )" +DEPEND="${RDEPEND} + x11-proto/xextproto + x11-proto/xf86vidmodeproto + x11-proto/xineramaproto + xv? ( x11-proto/videoproto )" + +src_unpack() { + unpack ${A} + + cd "${S}" + + # Removing vunlerable scripts, bug 245921 + epatch "${FILESDIR}"/ogle-vuln-scripts-makefile.patch + rm scripts/*debug || die "rm failed" + + epatch \ + "${FILESDIR}"/ogle-configure-alsa-fix.patch \ + "${FILESDIR}"/ogle-gcc34-fix.patch \ + "${FILESDIR}"/ogle-gcc4-fix.patch + + elibtoolize +} + +src_compile() { + # STOP! If you make any changes, make sure to unmerge all copies + # of ogle and ogle-gui from your system and merge ogle-gui using your + # new version of ogle... Changes in this package can break ogle-gui + # very very easily -- blocke + + # configure needs access to the updated CFLAGS + CFLAGS="${CFLAGS} -I/usr/include/libxml2/libxml -I/usr/include/libxml2" + + econf \ + $(use_enable mmx) \ + $(use_enable altivec) \ + $(use_enable oss) \ + $(use_enable alsa) \ + $(use_enable xv) \ + ${myconf} || die "./configure failed" + emake CFLAGS="${CFLAGS}" || die "make failed" +} + +src_install() { + make DESTDIR="${D}" install || die "make install failed" + dodoc AUTHORS README + + cd "${D}"usr/bin/ + mv ./ifo_dump ./ifo_dump_ogle +} |