Security bump

(Portage version: 2.2.0_alpha84/cvs/Linux x86_64)

3 files changed, 60 insertions, 2 deletions

diff --git a/app-pda/usbmuxd/ChangeLog b/app-pda/usbmuxd/ChangeLog
index 1f00958d1896..72d6e4679733 100644
--- a/app-pda/usbmuxd/ChangeLog
+++ b/app-pda/usbmuxd/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for app-pda/usbmuxd
-# Copyright 1999-2011 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-pda/usbmuxd/ChangeLog,v 1.12 2011/11/06 17:58:42 ssuominen Exp $
+# Copyright 1999-2012 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/app-pda/usbmuxd/ChangeLog,v 1.13 2012/01/19 18:04:41 ssuominen Exp $
+
+*usbmuxd-1.0.7-r1 (19 Jan 2012)
+
+  19 Jan 2012; Samuli Suominen <ssuominen@gentoo.org> +usbmuxd-1.0.7-r1.ebuild,
+  +files/usbmuxd-1.0.7-receive_packet_overflow.patch:
+  Upstream security patch for "receive_packet() Buffer Overflow Vulnerability"
+  wrt #399409 by Agostino Sarubbo
 
   06 Nov 2011; Samuli Suominen <ssuominen@gentoo.org> -usbmuxd-1.0.4.ebuild:
   old
diff --git a/app-pda/usbmuxd/files/usbmuxd-1.0.7-receive_packet_overflow.patch b/app-pda/usbmuxd/files/usbmuxd-1.0.7-receive_packet_overflow.patch
new file mode 100644
index 000000000000..eed63f364b83
--- /dev/null
+++ b/app-pda/usbmuxd/files/usbmuxd-1.0.7-receive_packet_overflow.patch
@@ -0,0 +1,21 @@
+From 8968476bb5262d8aef20cb199337b174d338beb8 Mon Sep 17 00:00:00 2001
+From: Nikias Bassen
+Date: Thu, 12 Jan 2012 16:58:26 +0000
+Subject: Fix possible buffer overflow (thanks Rigan)
+
+---
+diff --git a/libusbmuxd/libusbmuxd.c b/libusbmuxd/libusbmuxd.c
+index e06ee61..98e92df 100644
+--- a/libusbmuxd/libusbmuxd.c
++++ b/libusbmuxd/libusbmuxd.c
+@@ -189,7 +189,7 @@ static int receive_packet(int sfd, struct usbmuxd_header *header, void **payload
+ 				char *strval = NULL;
+ 				plist_get_string_val(n, &strval);
+ 				if (strval) {
+-					strcpy(dev->serial_number, strval);
++					strncpy(dev->serial_number, strval, 255);
+ 					free(strval);
+ 				}
+ 				n = plist_dict_get_item(props, "LocationID");
+--
+cgit v0.8.3.1-34-gbf3d
diff --git a/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild b/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild
new file mode 100644
index 000000000000..687319ab67b8
--- /dev/null
+++ b/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-pda/usbmuxd/usbmuxd-1.0.7-r1.ebuild,v 1.1 2012/01/19 18:04:41 ssuominen Exp $
+
+EAPI=3
+inherit eutils cmake-utils
+
+DESCRIPTION="USB multiplex daemon for use with Apple iPhone/iPod Touch devices"
+HOMEPAGE="http://marcansoft.com/blog/iphonelinux/usbmuxd/"
+SRC_URI="http://marcansoft.com/uploads/${PN}/${P}.tar.bz2"
+
+LICENSE="GPL-2 GPL-3 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~ppc64 ~x86"
+IUSE=""
+
+DEPEND="app-pda/libplist
+	virtual/libusb:1"
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup plugdev
+	enewuser usbmux -1 -1 -1 "usb,plugdev"
+}
+
+src_prepare() {
+	epatch "${FILESDIR}"/${P}-receive_packet_overflow.patch #399409
+}
+
+DOCS="AUTHORS README README.devel"