[arch-commits] Commit in libcdaudio/repos (4 files)

Evangelos Foutras foutrelis at archlinux.org
Sat Nov 10 00:29:23 UTC 2018


    Date: Saturday, November 10, 2018 @ 00:29:22
  Author: foutrelis
Revision: 338855

archrelease: copy trunk to staging-x86_64

Added:
  libcdaudio/repos/staging-x86_64/
  libcdaudio/repos/staging-x86_64/01-cddb-bufferoverflow.patch
    (from rev 338854, libcdaudio/trunk/01-cddb-bufferoverflow.patch)
  libcdaudio/repos/staging-x86_64/02-cddb-bufferoverflow.patch
    (from rev 338854, libcdaudio/trunk/02-cddb-bufferoverflow.patch)
  libcdaudio/repos/staging-x86_64/PKGBUILD
    (from rev 338854, libcdaudio/trunk/PKGBUILD)

------------------------------+
 01-cddb-bufferoverflow.patch |   15 +++++++++++++++
 02-cddb-bufferoverflow.patch |   15 +++++++++++++++
 PKGBUILD                     |   31 +++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+)

Copied: libcdaudio/repos/staging-x86_64/01-cddb-bufferoverflow.patch (from rev 338854, libcdaudio/trunk/01-cddb-bufferoverflow.patch)
===================================================================
--- staging-x86_64/01-cddb-bufferoverflow.patch	                        (rev 0)
+++ staging-x86_64/01-cddb-bufferoverflow.patch	2018-11-10 00:29:22 UTC (rev 338855)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c	2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+     }
+ 	   
+     query->query_matches = 0;
+-    while(!cddb_read_line(sock, inbuffer, 256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+       slashed = 0;
+       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ 	index = 0;

Copied: libcdaudio/repos/staging-x86_64/02-cddb-bufferoverflow.patch (from rev 338854, libcdaudio/trunk/02-cddb-bufferoverflow.patch)
===================================================================
--- staging-x86_64/02-cddb-bufferoverflow.patch	                        (rev 0)
+++ staging-x86_64/02-cddb-bufferoverflow.patch	2018-11-10 00:29:22 UTC (rev 338855)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CVE-2008-5030
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2008-09-07 23:53:16.000000000 +0000
++++ libcdaudio/src/cddb.c	2008-11-12 21:32:21.000000000 +0000
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct 
+       free(file);
+ 	 
+       while(!feof(cddb_data)) {
+-	fgets(inbuffer, 512, cddb_data);			   
++	fgets(inbuffer, 256, cddb_data);
+ 	cddb_process_line(inbuffer, data);
+       }
+ 	 

Copied: libcdaudio/repos/staging-x86_64/PKGBUILD (from rev 338854, libcdaudio/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2018-11-10 00:29:22 UTC (rev 338855)
@@ -0,0 +1,31 @@
+# Maintainer: 
+# Contributor Sarah Hay <sarahhay at mb.sympatico.ca>
+
+pkgname=libcdaudio
+_pkgver=0.99.12p2
+pkgver=0.99.12.p2
+pkgrel=2
+pkgdesc="Library for controlling Audio CDs and interacting with CDDB"
+arch=('x86_64')
+url="http://libcdaudio.sourceforge.net/"
+license=('GPL')
+depends=('glibc')
+source=("http://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${_pkgver}.tar.gz"
+        '01-cddb-bufferoverflow.patch'
+        '02-cddb-bufferoverflow.patch')
+md5sums=('15de3830b751818a54a42899bd3ae72c'
+         'f78c881b92cd7d25472daa90af284e18'
+         'e36755c125d2710dc8619bb401e37444')
+
+build() {
+  cd "${srcdir}/${pkgname}-${_pkgver}"
+  patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch"
+  patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch"
+  ./configure --prefix=/usr
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${_pkgver}"
+  make DESTDIR="${pkgdir}" install
+}



More information about the arch-commits mailing list