Summary: | New ebuild: GNUitar, a realtime guitar effects processor | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Keith Lea <keith> |
Component: | New packages | Assignee: | Gentoo Sound Team <sound> |
Status: | RESOLVED UPSTREAM | ||
Severity: | enhancement | CC: | theli.ua |
Priority: | High | Keywords: | EBUILD |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: |
gnuitar-0.3.1.ebuild
files/gnuitar.desktop files/main-icon.png files/strncat-fix-0.3.1.diff gnuitar-9999.ebuild |
Description
Keith Lea
2004-03-21 20:46:58 UTC
Created attachment 27774 [details]
gnuitar-0.3.1.ebuild
Created attachment 27775 [details]
files/gnuitar.desktop
Created attachment 27776 [details]
files/main-icon.png
Created attachment 27777 [details, diff]
files/strncat-fix-0.3.1.diff
Still too alpha-ish for me to want to include. The suid root thing doesn't sound appealing either. If upstream can confirm a stable version and find a way around the intensive CPU usage (to get read of this suid root scheduling hack) then let me know and I'll try and add it. ChrisWhite good call on this one. A quick 2 min audit of this package src/*.c shows a few ways which possible exploitation could happen. In gui.c for example we see code like this. char browser[2048] = "" ... env_browser = getenv("BROWSER"); ... strcpy(browser, env_browser); ... execl(browser, browser, path, NULL); http://www.gnuitar.com/news.php 0.3.2 is out ... could you please look at it ? Created attachment 113194 [details]
gnuitar-9999.ebuild
ebuild for CVS version of GNUitar
|