grip: Apply FreeBSD patch to fix a flaw with handling CDDB responses

Addresses CVE-2005-0706.

diff --git a/recipes/grip/grip-3.2.0/patch-src::discdb b/recipes/grip/grip-3.2.0/patch-src::discdb
new file mode 100644 (file)
index 0000000..1d300b2
--- /dev/null
+++ b/recipes/grip/grip-3.2.0/patch-src::discdb
@@ -0,0 +1,20 @@
+--- src/discdb.c.orig  Thu Apr 15 21:23:37 2004
++++ src/discdb.c       Wed Mar 16 19:02:09 2005
+@@ -311,7 +311,7 @@
+     query->query_match=MATCH_EXACT;
+     query->query_matches=0;
+ 
+-    while((inbuffer=DiscDBReadLine(&dataptr))) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+       query->query_list[query->query_matches].list_genre=
+       DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+       
+@@ -331,7 +331,7 @@
+     query->query_match=MATCH_INEXACT;
+     query->query_matches=0;
+ 
+-    while((inbuffer=DiscDBReadLine(&dataptr))) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && (inbuffer=DiscDBReadLine(&dataptr))) {
+       query->query_list[query->query_matches].list_genre=
+       DiscDBGenreValue(g_strstrip(strtok(inbuffer," ")));
+       

diff --git a/recipes/grip/grip_3.2.0.bb b/recipes/grip/grip_3.2.0.bb
index 0638031..b447386 100644 (file)
--- a/recipes/grip/grip_3.2.0.bb
+++ b/recipes/grip/grip_3.2.0.bb
@@ -5,7 +5,10 @@
 HOMEPAGE="http://www.nostatic.org/grip/"
 LICENSE="GPL"
 
-SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz"
+SRC_URI="${SOURCEFORGE_MIRROR}/grip/grip-${PV}.tar.gz \
+         file://patch-src::discdb;patch=1;pnum=0 "
 DEPENDS="libgnomeui vte curl cdparanoia id3lib"
 
+PR = "r1"
+
 inherit autotools