[arch-commits] Commit in libid3tag/trunk (CVE-2008-2109.patch PKGBUILD)

[Andrea Scarpino]

    Date: Wednesday, September 8, 2010 @ 09:24:51
  Author: andrea
Revision: 90138

upgpkg: libid3tag 0.15.1b-6
CVE 2008-2109 (FS#20484)

Added:
  libid3tag/trunk/CVE-2008-2109.patch
Modified:
  libid3tag/trunk/PKGBUILD

---------------------+
 CVE-2008-2109.patch |   11 +++++++++++
 PKGBUILD            |   23 ++++++++++++++---------
 2 files changed, 25 insertions(+), 9 deletions(-)

Added: CVE-2008-2109.patch
===================================================================
--- CVE-2008-2109.patch	                        (rev 0)
+++ CVE-2008-2109.patch	2010-09-08 13:24:51 UTC (rev 90138)
@@ -0,0 +1,11 @@
+--- field.c.orig	2008-05-05 09:49:15.000000000 -0400
++++ field.c	2008-05-05 09:49:25.000000000 -0400
+@@ -291,7 +291,7 @@
+ 
+       end = *ptr + length;
+ 
+-      while (end - *ptr > 0) {
++      while (end - *ptr > 0 && **ptr != '\0') {
+ 	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ 	if (ucs4 == 0)
+ 	  goto fail;

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2010-09-08 13:11:27 UTC (rev 90137)
+++ PKGBUILD	2010-09-08 13:24:51 UTC (rev 90138)
@@ -1,27 +1,32 @@
 # $Id$
-# Maintainer: dorphell <dorphell at archlinux.org>
+# Maintainer:
+# Contributor: dorphell <dorphell at archlinux.org>
 
 pkgname=libid3tag
 pkgver=0.15.1b
-pkgrel=5
+pkgrel=6
 pkgdesc="library for id3 tagging"
 arch=('i686' 'x86_64')
 url="http://www.underbit.com/products/mad/"
 license=('GPL')
 depends=('zlib')
 makedepends=('gperf')
-options=(!libtool)
-source=(ftp://ftp.mars.org/pub/mpeg/${pkgname}-${pkgver}.tar.gz \
-        id3tag.pc 10_utf16.diff 11_unknown_encoding.diff)
-md5sums=('e5808ad997ba32c498803822078748c3' '8bb41fd814fafcc37ec8bc88f5545a4a'\
-         '4f9df4011e6a8c23240fff5de2d05f6e' '3ca856b97924d48a0fdfeff0bd83ce7d')
-sha1sums=('4d867e8a8436e73cd7762fe0e85958e35f1e4306' '27753135177029bd443be188307c2934dd3caa13'\
-         '40fbb2e790adfa98703d1a33bbd73f4e1da3d566' 'ae4dc32185ee2257e4269ca482d94b0cd5440b7e')
+options=('!libtool')
+source=("ftp://ftp.mars.org/pub/mpeg/${pkgname}-${pkgver}.tar.gz"
+	'id3tag.pc'
+	'10_utf16.diff' '11_unknown_encoding.diff' 'CVE-2008-2109.patch')
+md5sums=('e5808ad997ba32c498803822078748c3'
+	'8bb41fd814fafcc37ec8bc88f5545a4a'
+	'4f9df4011e6a8c23240fff5de2d05f6e'
+	'3ca856b97924d48a0fdfeff0bd83ce7d'
+	'c51822ea6301b1ca469975f0c9ee8e34')
 
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
   patch -p1 < ../10_utf16.diff
   patch -p1 < ../11_unknown_encoding.diff
+  patch -Np0 -i ${srcdir}/CVE-2008-2109.patch
+
   ./configure --prefix=/usr
   make
 }