[arch-commits] Commit in libcdaudio/trunk (3 files)
Jan de Groot
jgc at archlinux.org
Tue Aug 17 10:23:03 UTC 2010
Date: Tuesday, August 17, 2010 @ 06:23:02
Author: jgc
Revision: 87596
upgpkg: libcdaudio 0.99.12-5
Add patches for FS#20475. Use patches from Debian. Switch to 0.99.12, p2 has no relevant fixes for our supported platforms
Added:
libcdaudio/trunk/01-cddb-bufferoverflow.patch
libcdaudio/trunk/02-cddb-bufferoverflow.patch
Modified:
libcdaudio/trunk/PKGBUILD
------------------------------+
01-cddb-bufferoverflow.patch | 15 +++++++++++++++
02-cddb-bufferoverflow.patch | 15 +++++++++++++++
PKGBUILD | 21 +++++++++++++--------
3 files changed, 43 insertions(+), 8 deletions(-)
Added: 01-cddb-bufferoverflow.patch
===================================================================
--- 01-cddb-bufferoverflow.patch (rev 0)
+++ 01-cddb-bufferoverflow.patch 2010-08-17 10:23:02 UTC (rev 87596)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c 2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c 2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+ }
+
+ query->query_matches = 0;
+- while(!cddb_read_line(sock, inbuffer, 256)) {
++ while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+ slashed = 0;
+ if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ index = 0;
Added: 02-cddb-bufferoverflow.patch
===================================================================
--- 02-cddb-bufferoverflow.patch (rev 0)
+++ 02-cddb-bufferoverflow.patch 2010-08-17 10:23:02 UTC (rev 87596)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CVE-2008-5030
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c 2008-09-07 23:53:16.000000000 +0000
++++ libcdaudio/src/cddb.c 2008-11-12 21:32:21.000000000 +0000
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct
+ free(file);
+
+ while(!feof(cddb_data)) {
+- fgets(inbuffer, 512, cddb_data);
++ fgets(inbuffer, 256, cddb_data);
+ cddb_process_line(inbuffer, data);
+ }
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2010-08-17 07:50:02 UTC (rev 87595)
+++ PKGBUILD 2010-08-17 10:23:02 UTC (rev 87596)
@@ -4,24 +4,29 @@
pkgname=libcdaudio
pkgver=0.99.12
-pkgrel=4
+pkgrel=5
pkgdesc="Library for controlling Audio CDs and interacting with CDDB"
arch=('i686' 'x86_64')
url="http://libcdaudio.sourceforge.net/"
license=('GPL')
depends=('glibc')
options=('!libtool')
-source=(http://downloads.sourceforge.net/sourceforge/libcdaudio/$pkgname-${pkgver}p2.tar.gz)
-md5sums=('15de3830b751818a54a42899bd3ae72c')
+source=(http://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${pkgver}.tar.gz
+ 01-cddb-bufferoverflow.patch
+ 02-cddb-bufferoverflow.patch)
+md5sums=('63b49cf14d53eed31e7a87cca17a3963'
+ 'f78c881b92cd7d25472daa90af284e18'
+ 'e36755c125d2710dc8619bb401e37444')
build() {
- cd $srcdir/$pkgname-${pkgver}p2
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch"
+ patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch"
./configure --prefix=/usr
- make || return 1
+ make
}
package() {
- cd $srcdir/$pkgname-${pkgver}p2
- make DESTDIR=$pkgdir install
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
}
-
More information about the arch-commits
mailing list