From f876330a642caced116aac1dac31f38d6c924e8d Mon Sep 17 00:00:00 2001 From: Max Rees Date: Thu, 1 Aug 2019 03:56:07 -0500 Subject: user/id3lib: patch for CVE-2007-4460 (#161) --- user/id3lib/APKBUILD | 10 ++++++-- user/id3lib/CVE-2007-4460.patch | 54 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 2 deletions(-) create mode 100644 user/id3lib/CVE-2007-4460.patch (limited to 'user/id3lib') diff --git a/user/id3lib/APKBUILD b/user/id3lib/APKBUILD index 724429e96..957ed5eb0 100644 --- a/user/id3lib/APKBUILD +++ b/user/id3lib/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox pkgname=id3lib pkgver=3.8.3 -pkgrel=1 +pkgrel=2 pkgdesc="Library for reading, writing, and manipulating ID3v2 tags" url="http://id3lib.sourceforge.net" arch="all" @@ -15,8 +15,13 @@ source="https://downloads.sourceforge.net/project/id3lib/id3lib/$pkgver/id3lib-$ cstring.patch modern-cpp.patch test-expose-proper-stdlib-symbols.patch + CVE-2007-4460.patch " +# secfixes: +# 3.8.3-r2: +# - CVE-2007-4460 + prepare() { default_prepare update_config_sub @@ -49,4 +54,5 @@ package() { sha512sums="3787e261f86933c1c2f2bff2c4b349b42f5d8636e489e4f39f9d75e6dfbdc79b87009a0f4ce4b786f2fb3dbc01ca9d56c4112095b46244f897e6c9a28573adaf id3lib-3.8.3.tar.gz e379e848788f7fda3a86b02b9865dfe5db69d66ffcfb81184c1cd92f2f1ed7b4d40f13cc77f9de294afc13ae61ab50c3aa13f9a4cc4eb85cb7a727d25268ee6a cstring.patch 334eed099c93ea279d877437a92f684bfb0df12774fd7fffb628b6e8c4b17b17952d6f7c0bf0dff03a87887f0f1233c70d98b69f23580dcf3bf64c8d4b93fc85 modern-cpp.patch -cd79daddffbafc11e555f16be827ccedc03e419b7c24ab1da1852af294dc486a0836d612318eb9861691ef8462ca38be41cfa2c12849f022ebb187c6ef95a1b9 test-expose-proper-stdlib-symbols.patch" +cd79daddffbafc11e555f16be827ccedc03e419b7c24ab1da1852af294dc486a0836d612318eb9861691ef8462ca38be41cfa2c12849f022ebb187c6ef95a1b9 test-expose-proper-stdlib-symbols.patch +97b1686ca3b7feefe7c2cc5f90a31f42fb55fd7baf45b0abe07c6d879bdf752f21305a6a883241c18e20847c43175c3d2c911dce14aa5f382f46bf44c07759f1 CVE-2007-4460.patch" diff --git a/user/id3lib/CVE-2007-4460.patch b/user/id3lib/CVE-2007-4460.patch new file mode 100644 index 000000000..36c84179f --- /dev/null +++ b/user/id3lib/CVE-2007-4460.patch @@ -0,0 +1,54 @@ +This patch fixes an issues where temporary files were created in an insecure +way. + +It was first intruduced in version 3.8.3-7 and fixes +http://bugs.debian.org/438540 +--- a/src/tag_file.cpp ++++ b/src/tag_file.cpp +@@ -242,8 +242,8 @@ + strcpy(sTempFile, filename.c_str()); + strcat(sTempFile, sTmpSuffix.c_str()); + +-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +- // This section is for Windows folk && gcc 3.x folk ++#if !defined(HAVE_MKSTEMP) ++ // This section is for Windows folk + fstream tmpOut; + createFile(sTempFile, tmpOut); + +@@ -257,7 +257,7 @@ + tmpOut.write((char *)tmpBuffer, nBytes); + } + +-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#else //!defined(HAVE_MKSTEMP) + + // else we gotta make a temp file, copy the tag into it, copy the + // rest of the old file after the tag, delete the old file, rename +@@ -270,7 +270,7 @@ + //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); + } + +- ofstream tmpOut(fd); ++ ofstream tmpOut(sTempFile); + if (!tmpOut) + { + tmpOut.close(); +@@ -285,14 +285,14 @@ + uchar tmpBuffer[BUFSIZ]; + while (file) + { +- file.read(tmpBuffer, BUFSIZ); ++ file.read((char *)tmpBuffer, BUFSIZ); + size_t nBytes = file.gcount(); +- tmpOut.write(tmpBuffer, nBytes); ++ tmpOut.write((char *)tmpBuffer, nBytes); + } + + close(fd); //closes the file + +-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#endif ////!defined(HAVE_MKSTEMP) + + tmpOut.close(); + file.close(); -- cgit v1.2.3-60-g2f50