Security bump

Package-Manager: portage-2.2.0_alpha84/cvs/Linux x86_64

4 files changed, 70 insertions, 10 deletions

diff --git a/app-pda/usbmuxd/ChangeLog b/app-pda/usbmuxd/ChangeLog
index 1f00958d1896..72d6e4679733 100644
--- a/app-pda/usbmuxd/ChangeLog
+++ b/app-pda/usbmuxd/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-pda/usbmuxd
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-pda/usbmuxd/ChangeLog,v 1.12 2011/11/06 17:58:42 ssuominen Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-pda/usbmuxd/ChangeLog,v 1.13 2012/01/19 18:04:41 ssuominen Exp $
+
+*usbmuxd-1.0.7-r1 (19 Jan 2012)
+
+  19 Jan 2012; Samuli Suominen <ssuominen@gentoo.org> +usbmuxd-1.0.7-r1.ebuild,
+  +files/usbmuxd-1.0.7-receive_packet_overflow.patch:
+  Upstream security patch for "receive_packet() Buffer Overflow Vulnerability"
+  wrt #399409 by Agostino Sarubbo
 
   06 Nov 2011; Samuli Suominen <ssuominen@gentoo.org> -usbmuxd-1.0.4.ebuild:
   old
diff --git a/app-pda/usbmuxd/Manifest b/app-pda/usbmuxd/Manifest
index 2b5b352383f2..48bdc5ece5d6 100644
--- a/app-pda/usbmuxd/Manifest
+++ b/app-pda/usbmuxd/Manifest
@@ -1,18 +1,20 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA1
 
+AUX usbmuxd-1.0.7-receive_packet_overflow.patch 719 RMD160 7375d7035cb4bb3fffad25a62254b53d574fdb38 SHA1 fe2c6b7108102e56c96e2a194afe1de716ac0d6c SHA256 6202010041a3b6106bb3c77cae4143fdd01220c9d8fbf09bcc4b75692311e195
 DIST usbmuxd-1.0.7.tar.bz2 59152 RMD160 9fcbfa3e3bf50385b68c396f6bbac0f34971bc37 SHA1 8de79bf9cc96760ebba475de66ef4f7701f84ad6 SHA256 80a02c106f88f7cedf93f12545b906d9fe4b20f696fa4c3daf1d1bd24de65c27
+EBUILD usbmuxd-1.0.7-r1.ebuild 798 RMD160 ceaa115e923164360869d76a33c0bbb25008af3e SHA1 c66e6c2ce77e6d5fcecfe8b190de64f9597a3ca4 SHA256 ed4e815fa524f664ba2ef9a269a7affd04a169b3947ee570ee31cb0ca6e90624
 EBUILD usbmuxd-1.0.7.ebuild 709 RMD160 151fea8cd6b3683d59749e749d59134713ca458c SHA1 6993a3dc69ec0e82dd4891eaf7ed68c4991ebe78 SHA256 e5c2f22c48af2d3e1ac6b80558588df29a85c5ddf9f721f89d60d48ddbf7facf
-MISC ChangeLog 1742 RMD160 301bd8a07f1c6d5b5225023347e6aadbd6dce35f SHA1 51ede9ba19e823a4f6179ebb955edfa466b3185c SHA256 0e91953aa194b8faa456246ac9c76773de6ca8672f559b693c3f2d57f5d8cb63
+MISC ChangeLog 2023 RMD160 d0cfd6c4333ed3db40a68995c90883fb79eaf40d SHA1 243b512a02148d6c6dbe3ac32f67f0ce9056a043 SHA256 2bdbac0312cb7ea8abad45809492ddfdb6e7e1bcfeeb1220c222e583aa09e673
 MISC metadata.xml 158 RMD160 9607beedd6b0b3106670818bb36e430eb85c445d SHA1 29f8cdc6e7a52e0eb48857fa8a2de39d6e2113e1 SHA256 21247a564394680460e294ac138a92903d91b5cafee5cafc38a50656caf965e2
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.18 (GNU/Linux)
 
-iQEcBAEBAgAGBQJOtsqwAAoJEEdUh39IaPFNGjQH/jqDFXoBcQdECeUQDo1SpG2t
-zgOD6CB4z/W9B1JrhG1zF7Zis92schfmvpq0/ilnbw0yDFRzap5/01TB3HVn7gLu
-LzAUBGd528Bbl0bB4y7TAzAVkcTYOPvZlmOZS8O4znEvBsXeFFQtgBA+8X9JXaIL
-pVakeTvdvo5zm82XB3FhTSJDplQmk3Duhvu05pDYGhsdQWlKt7bsM3YcJV86lGr1
-issH22Eq4PP5spUnh21/2UH488MiENCFacyUQ2y1vgLCKNYl+A9OK+lkCByDXvf+
-XXev0YGiVSJRJYq0JJT5D2ZMYXCnksm6PtEr7vHCguwK+NNf8/bYpqII9oKdNvg=
-=Kxj5
+iQEcBAEBAgAGBQJPGFrAAAoJEEdUh39IaPFNDQIH/344Nwu2MecqcpdjV95mfvPG
+h77M5kNX2tajQzL851fRnIYGcT7JLCzwMknpTZSvUpHyaTV1vY88wZIZP+MQXiBa
+Wf0M/KfmXSnvVlk/MdqfqKk19n9PQsgjzZmOxaIANDp0AJrPa69z2txK37niMzmO
+kNej/Zi7x/FVlUMNZvV9lx8hz/yPXLsq5Iy3d9t/30yGEUhwrejdtIEbAgT6+GKU
+xspneYvUABgl7fo4T6UoVS4MVdxx5M0rpHtBv8otgRj10gU9uzFkbNVqEVtmIOoU
+BE4R4xPnpHfJp78wyC75mlqCPdUheKtUZhJhNb/v+8Gq18ibEiE9CoXQ6PWfSzQ=
+=a85s
 -----END PGP SIGNATURE-----
diff --git a/app-pda/usbmuxd/files/usbmuxd-1.0.7-receive_packet_overflow.patch b/app-pda/usbmuxd/files/usbmuxd-1.0.7-receive_packet_overflow.patch
new file mode 100644
index 000000000000..eed63f364b83
--- /dev/null
+++ b/app-pda/usbmuxd/files/usbmuxd-1.0.7-receive_packet_overflow.patch
@@ -0,0 +1,21 @@
+From 8968476bb5262d8aef20cb199337b174d338beb8 Mon Sep 17 00:00:00 2001
+From: Nikias Bassen
+Date: Thu, 12 Jan 2012 16:58:26 +0000
+Subject: Fix possible buffer overflow (thanks Rigan)
+
+---
+diff --git a/libusbmuxd/libusbmuxd.c b/libusbmuxd/libusbmuxd.c
+index e06ee61..98e92df 100644
+--- a/libusbmuxd/libusbmuxd.c
++++ b/libusbmuxd/libusbmuxd.c
+@@ -189,7 +189,7 @@ static int receive_packet(int sfd, struct usbmuxd_header *header, void **payload
+ 				char *strval = NULL;
+ 				plist_get_string_val(n, &strval);
+ 				if (strval) {
+-					strcpy(dev->serial_number, strval);
++					strncpy(dev->serial_number, strval, 255);
+ 					free(strval);
+ 				}
+ 				n = plist_dict_get_item(props, "LocationID");
+--
+cgit v0.8.3.1-34-gbf3d
diff --git a/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild b/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild
new file mode 100644
index 000000000000..687319ab67b8
--- /dev/null
+++ b/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild,v 1.1 2012/01/19 18:04:41 ssuominen Exp $
+
+EAPI=3
+inherit eutils cmake-utils
+
+DESCRIPTION="USB multiplex daemon for use with Apple iPhone/iPod Touch devices"
+HOMEPAGE="http://marcansoft.com/blog/iphonelinux/usbmuxd/"
+SRC_URI="http://marcansoft.com/uploads/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2 GPL-3 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc64 ~x86"
+IUSE=""
+
+DEPEND="app-pda/libplist
+	virtual/libusb:1"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup plugdev
+	enewuser usbmux -1 -1 -1 "usb,plugdev"
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-receive_packet_overflow.patch #399409
+}
+
+DOCS="AUTHORS README README.devel"