summaryrefslogtreecommitdiff
path: root/user
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-08-01 03:56:07 -0500
committerMax Rees <maxcrees@me.com>2019-08-01 04:00:09 -0500
commitf876330a642caced116aac1dac31f38d6c924e8d (patch)
treea6a848dec0f54b5200450b93128dd8ede3738ccb /user
parent74a96529112e2a6793d41fc1981285772a388201 (diff)
downloadpackages-f876330a642caced116aac1dac31f38d6c924e8d.tar.gz
packages-f876330a642caced116aac1dac31f38d6c924e8d.tar.bz2
packages-f876330a642caced116aac1dac31f38d6c924e8d.tar.xz
packages-f876330a642caced116aac1dac31f38d6c924e8d.zip
user/id3lib: patch for CVE-2007-4460 (#161)
Diffstat (limited to 'user')
-rw-r--r--user/id3lib/APKBUILD10
-rw-r--r--user/id3lib/CVE-2007-4460.patch54
2 files changed, 62 insertions, 2 deletions
diff --git a/user/id3lib/APKBUILD b/user/id3lib/APKBUILD
index 724429e96..957ed5eb0 100644
--- a/user/id3lib/APKBUILD
+++ b/user/id3lib/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=id3lib
pkgver=3.8.3
-pkgrel=1
+pkgrel=2
pkgdesc="Library for reading, writing, and manipulating ID3v2 tags"
url="http://id3lib.sourceforge.net"
arch="all"
@@ -15,8 +15,13 @@ source="https://downloads.sourceforge.net/project/id3lib/id3lib/$pkgver/id3lib-$
cstring.patch
modern-cpp.patch
test-expose-proper-stdlib-symbols.patch
+ CVE-2007-4460.patch
"
+# secfixes:
+# 3.8.3-r2:
+# - CVE-2007-4460
+
prepare() {
default_prepare
update_config_sub
@@ -49,4 +54,5 @@ package() {
sha512sums="3787e261f86933c1c2f2bff2c4b349b42f5d8636e489e4f39f9d75e6dfbdc79b87009a0f4ce4b786f2fb3dbc01ca9d56c4112095b46244f897e6c9a28573adaf id3lib-3.8.3.tar.gz
e379e848788f7fda3a86b02b9865dfe5db69d66ffcfb81184c1cd92f2f1ed7b4d40f13cc77f9de294afc13ae61ab50c3aa13f9a4cc4eb85cb7a727d25268ee6a cstring.patch
334eed099c93ea279d877437a92f684bfb0df12774fd7fffb628b6e8c4b17b17952d6f7c0bf0dff03a87887f0f1233c70d98b69f23580dcf3bf64c8d4b93fc85 modern-cpp.patch
-cd79daddffbafc11e555f16be827ccedc03e419b7c24ab1da1852af294dc486a0836d612318eb9861691ef8462ca38be41cfa2c12849f022ebb187c6ef95a1b9 test-expose-proper-stdlib-symbols.patch"
+cd79daddffbafc11e555f16be827ccedc03e419b7c24ab1da1852af294dc486a0836d612318eb9861691ef8462ca38be41cfa2c12849f022ebb187c6ef95a1b9 test-expose-proper-stdlib-symbols.patch
+97b1686ca3b7feefe7c2cc5f90a31f42fb55fd7baf45b0abe07c6d879bdf752f21305a6a883241c18e20847c43175c3d2c911dce14aa5f382f46bf44c07759f1 CVE-2007-4460.patch"
diff --git a/user/id3lib/CVE-2007-4460.patch b/user/id3lib/CVE-2007-4460.patch
new file mode 100644
index 000000000..36c84179f
--- /dev/null
+++ b/user/id3lib/CVE-2007-4460.patch
@@ -0,0 +1,54 @@
+This patch fixes an issues where temporary files were created in an insecure
+way.
+
+It was first intruduced in version 3.8.3-7 and fixes
+http://bugs.debian.org/438540
+--- a/src/tag_file.cpp
++++ b/src/tag_file.cpp
+@@ -242,8 +242,8 @@
+ strcpy(sTempFile, filename.c_str());
+ strcat(sTempFile, sTmpSuffix.c_str());
+
+-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+- // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++ // This section is for Windows folk
+ fstream tmpOut;
+ createFile(sTempFile, tmpOut);
+
+@@ -257,7 +257,7 @@
+ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+
+ // else we gotta make a temp file, copy the tag into it, copy the
+ // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+ }
+
+- ofstream tmpOut(fd);
++ ofstream tmpOut(sTempFile);
+ if (!tmpOut)
+ {
+ tmpOut.close();
+@@ -285,14 +285,14 @@
+ uchar tmpBuffer[BUFSIZ];
+ while (file)
+ {
+- file.read(tmpBuffer, BUFSIZ);
++ file.read((char *)tmpBuffer, BUFSIZ);
+ size_t nBytes = file.gcount();
+- tmpOut.write(tmpBuffer, nBytes);
++ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+ close(fd); //closes the file
+
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+
+ tmpOut.close();
+ file.close();