From 024d1b6f101ade7073320fba887d4808c933a8e8 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Tue, 10 Oct 2023 00:07:53 +0100 Subject: gentoo auto-resync : 10:10:2023 - 00:07:53 --- media-libs/libcue/Manifest | 2 ++ media-libs/libcue/files/CVE-2023-43641.patch | 15 +++++++++++++++ media-libs/libcue/libcue-2.2.1-r1.ebuild | 24 ++++++++++++++++++++++++ 3 files changed, 41 insertions(+) create mode 100644 media-libs/libcue/files/CVE-2023-43641.patch create mode 100644 media-libs/libcue/libcue-2.2.1-r1.ebuild (limited to 'media-libs/libcue') diff --git a/media-libs/libcue/Manifest b/media-libs/libcue/Manifest index 9adf7b421ab7..5fc6aac13aa9 100644 --- a/media-libs/libcue/Manifest +++ b/media-libs/libcue/Manifest @@ -1,3 +1,5 @@ +AUX CVE-2023-43641.patch 409 BLAKE2B 141e918945e422f84602df33b43f4ab4aebd6dc44985d9908c83cce5514311b5610a274766cc9857a9fdffc0fac332f501c94364731320c34b817e9d30c231e0 SHA512 fd756d6949ed8032e6a4f4a3d0cd88d49f251e494df05497704b769c4d5157ecd5944b788ec4f6af60c4d461a346ed72b3e32f0926cd1ff66b9a8f67a199c7a9 DIST libcue-2.2.1.tar.gz 24177 BLAKE2B 478f897567aee006c9e835bbf6e54373351b6b4e4bb68154c94f13107b38bdb670fa032d69744e7dbc51132d86dbf276cbf9701c9d7da0882820b71adae53362 SHA512 32e476cb09ed2cb2d64aaba1342fb91e77e448391b493a3a794a8d2a6723a0e6097a90b11c6ad82998cb7f270f4f18c2578d7b8575f6929c2a35502e09ebc964 +EBUILD libcue-2.2.1-r1.ebuild 512 BLAKE2B e62dd095bb69abff29aafa80d3c3162a0e88a78ef3e66d4687b66b8adc4b22216dadb23c3bc9e7f66cb86cdf9ba6cfd9b946c34e95c27ee6dff0200475a13b0c SHA512 5bb5750ba619e5786010f18e5cdef510298e93b0e43b5c35448d0dec4193a78594c2e501b1391ea748efe210ec2ce50ccc50ad0c78cad258e096173b63ed4669 EBUILD libcue-2.2.1.ebuild 456 BLAKE2B 24a08f91791c356c67eaf9c56659c6e034d00d12ac842b385677cd0876d38a22994b2bf4ca456772af95fd7c3c807183671d2a78f8be605a3fad7f478c54ed11 SHA512 f50794fd7560a78509c1eb6743e2b2ff60e97eb2ce61e3b3a28db46ca7eda1fde9181cf875878ebbad37b5ebddd55ff15e48b8dafb8b18d1e07382b00c937855 MISC metadata.xml 334 BLAKE2B 02d441ff7dcdb2138ee06f2819e25c49f313b71ed0c6f742e4dcfbf6b32cf619850e4b13ffd611ecac9374d3ffdfbe9115bd668f83024c83de25452bf88e5c02 SHA512 1bcdf9c97b0cf3e40cbc2a751f7c9e9f93f2a5995ebafbfacff2dcd023caf99cbeb18101a683dcf2ad9e5acdd697fc487bbb693131ef02e675fd189e77c805db diff --git a/media-libs/libcue/files/CVE-2023-43641.patch b/media-libs/libcue/files/CVE-2023-43641.patch new file mode 100644 index 000000000000..b94de663aaa0 --- /dev/null +++ b/media-libs/libcue/files/CVE-2023-43641.patch @@ -0,0 +1,15 @@ +https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/ + +diff --git a/cd.c b/cd.c +index cf77a18..4bbea19 100644 +--- a/cd.c ++++ b/cd.c +@@ -339,7 +339,7 @@ track_get_rem(const Track* track) + + void track_set_index(Track *track, int i, long ind) + { +- if (i > MAXINDEX) { ++ if (i < 0 || i > MAXINDEX) { + fprintf(stderr, "too many indexes\n"); + return; + } diff --git a/media-libs/libcue/libcue-2.2.1-r1.ebuild b/media-libs/libcue/libcue-2.2.1-r1.ebuild new file mode 100644 index 000000000000..979036a6ead3 --- /dev/null +++ b/media-libs/libcue/libcue-2.2.1-r1.ebuild @@ -0,0 +1,24 @@ +# Copyright 1999-2023 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit cmake + +DESCRIPTION="CUE Sheet Parser Library" +HOMEPAGE="https://github.com/lipnitsk/libcue" +SRC_URI="https://github.com/lipnitsk/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0/2" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~ppc ~ppc64 ~riscv ~sparc ~x86" +IUSE="" + +BDEPEND=" + sys-devel/bison + sys-devel/flex +" + +PATCHES=( + "${FILESDIR}"/CVE-2023-43641.patch +) -- cgit v1.2.3