[arch-commits] CVS update of extra/lib/id3lib (2 files)
andyrtr at archlinux.org
andyrtr at archlinux.org
Thu Oct 4 16:13:52 UTC 2007
Date: Thursday, October 4, 2007 @ 12:13:52
Author: andyrtr
Path: /home/cvs-extra/extra/lib/id3lib
Added: id3lib-3.8.3-CVE-2007-4460.patch (1.1)
Modified: PKGBUILD (1.8 -> 1.9)
fix a security bug
----------------------------------+
PKGBUILD | 18 +++++++++----
id3lib-3.8.3-CVE-2007-4460.patch | 49 +++++++++++++++++++++++++++++++++++++
2 files changed, 61 insertions(+), 6 deletions(-)
Index: extra/lib/id3lib/PKGBUILD
diff -u extra/lib/id3lib/PKGBUILD:1.8 extra/lib/id3lib/PKGBUILD:1.9
--- extra/lib/id3lib/PKGBUILD:1.8 Sun Oct 15 04:08:46 2006
+++ extra/lib/id3lib/PKGBUILD Thu Oct 4 12:13:51 2007
@@ -1,20 +1,26 @@
-# $Id: PKGBUILD,v 1.8 2006/10/15 08:08:46 arjan Exp $
+# $Id: PKGBUILD,v 1.9 2007/10/04 16:13:51 andyrtr Exp $
# Maintainer:
# Contributor: Jochem Kossen <j.kossen at home.nl>
pkgname=id3lib
pkgver=3.8.3
-pkgrel=8
+pkgrel=9
pkgdesc="An open-source, cross-platform software development library for reading, writing, and manipulating ID3v1 and ID3v2 tags"
arch=(i686 x86_64)
+license=('LGPL')
url="http://id3lib.sourceforge.net/"
-depends=('zlib' 'gcc>=3.4.2')
-options=(NOLIBTOOL)
-source=(http://heanet.dl.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz patch_id3lib_3.8.3_UTF16_writing_bug.diff)
-md5sums=('19f27ddd2dda4b2d26a559a4f0f402a7' '196c65adee1ba511ddacef2de0dfd102')
+depends=('zlib' 'gcc-libs')
+options=('!libtool')
+source=(http://downloads.sourceforge.net/sourceforge/${pkgname}/${pkgname}-${pkgver}.tar.gz
+ patch_id3lib_3.8.3_UTF16_writing_bug.diff
+ id3lib-3.8.3-CVE-2007-4460.patch)
+md5sums=('19f27ddd2dda4b2d26a559a4f0f402a7'
+ '196c65adee1ba511ddacef2de0dfd102'
+ '78e90e15ddd1122b66da352b6c3b00ff')
build() {
cd ${startdir}/src/${pkgname}-${pkgver}
patch -Np1 -i ${startdir}/src/patch_id3lib_3.8.3_UTF16_writing_bug.diff || return 1
+ patch -Np0 -i ${startdir}/src/id3lib-3.8.3-CVE-2007-4460.patch || return 1
./configure --prefix=/usr
sed -i -e 's/^LIBS =/LIBS = -lz -lstdc++/' src/Makefile
make || return 1
Index: extra/lib/id3lib/id3lib-3.8.3-CVE-2007-4460.patch
diff -u /dev/null extra/lib/id3lib/id3lib-3.8.3-CVE-2007-4460.patch:1.1
--- /dev/null Thu Oct 4 12:13:52 2007
+++ extra/lib/id3lib/id3lib-3.8.3-CVE-2007-4460.patch Thu Oct 4 12:13:52 2007
@@ -0,0 +1,49 @@
+--- src/tag_file.cpp
++++ src/tag_file.cpp
+@@ -242,8 +242,8 @@
+ strcpy(sTempFile, filename.c_str());
+ strcat(sTempFile, sTmpSuffix.c_str());
+
+-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+- // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++ // This section is for Windows folk
+ fstream tmpOut;
+ createFile(sTempFile, tmpOut);
+
+@@ -257,7 +257,7 @@
+ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+
+ // else we gotta make a temp file, copy the tag into it, copy the
+ // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+ }
+
+- ofstream tmpOut(fd);
++ ofstream tmpOut(sTempFile);
+ if (!tmpOut)
+ {
+ tmpOut.close();
+@@ -285,14 +285,14 @@
+ uchar tmpBuffer[BUFSIZ];
+ while (file)
+ {
+- file.read(tmpBuffer, BUFSIZ);
++ file.read((char *)tmpBuffer, BUFSIZ);
+ size_t nBytes = file.gcount();
+- tmpOut.write(tmpBuffer, nBytes);
++ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+ close(fd); //closes the file
+
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+
+ tmpOut.close();
+ file.close();
More information about the arch-commits
mailing list