[arch-commits] Commit in libcdaudio/repos (4 files)
Evangelos Foutras
foutrelis at archlinux.org
Sat May 16 09:11:36 UTC 2020
Date: Saturday, May 16, 2020 @ 09:11:36
Author: foutrelis
Revision: 383786
archrelease: copy trunk to staging-x86_64
Added:
libcdaudio/repos/staging-x86_64/
libcdaudio/repos/staging-x86_64/01-cddb-bufferoverflow.patch
(from rev 383785, libcdaudio/trunk/01-cddb-bufferoverflow.patch)
libcdaudio/repos/staging-x86_64/02-cddb-bufferoverflow.patch
(from rev 383785, libcdaudio/trunk/02-cddb-bufferoverflow.patch)
libcdaudio/repos/staging-x86_64/PKGBUILD
(from rev 383785, libcdaudio/trunk/PKGBUILD)
------------------------------+
01-cddb-bufferoverflow.patch | 15 +++++++++++++++
02-cddb-bufferoverflow.patch | 15 +++++++++++++++
PKGBUILD | 31 +++++++++++++++++++++++++++++++
3 files changed, 61 insertions(+)
Copied: libcdaudio/repos/staging-x86_64/01-cddb-bufferoverflow.patch (from rev 383785, libcdaudio/trunk/01-cddb-bufferoverflow.patch)
===================================================================
--- staging-x86_64/01-cddb-bufferoverflow.patch (rev 0)
+++ staging-x86_64/01-cddb-bufferoverflow.patch 2020-05-16 09:11:36 UTC (rev 383786)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c 2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c 2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+ }
+
+ query->query_matches = 0;
+- while(!cddb_read_line(sock, inbuffer, 256)) {
++ while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+ slashed = 0;
+ if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ index = 0;
Copied: libcdaudio/repos/staging-x86_64/02-cddb-bufferoverflow.patch (from rev 383785, libcdaudio/trunk/02-cddb-bufferoverflow.patch)
===================================================================
--- staging-x86_64/02-cddb-bufferoverflow.patch (rev 0)
+++ staging-x86_64/02-cddb-bufferoverflow.patch 2020-05-16 09:11:36 UTC (rev 383786)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CVE-2008-5030
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c 2008-09-07 23:53:16.000000000 +0000
++++ libcdaudio/src/cddb.c 2008-11-12 21:32:21.000000000 +0000
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct
+ free(file);
+
+ while(!feof(cddb_data)) {
+- fgets(inbuffer, 512, cddb_data);
++ fgets(inbuffer, 256, cddb_data);
+ cddb_process_line(inbuffer, data);
+ }
+
Copied: libcdaudio/repos/staging-x86_64/PKGBUILD (from rev 383785, libcdaudio/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD (rev 0)
+++ staging-x86_64/PKGBUILD 2020-05-16 09:11:36 UTC (rev 383786)
@@ -0,0 +1,31 @@
+# Maintainer:
+# Contributor Sarah Hay <sarahhay at mb.sympatico.ca>
+
+pkgname=libcdaudio
+_pkgver=0.99.12p2
+pkgver=0.99.12.p2
+pkgrel=3
+pkgdesc="Library for controlling Audio CDs and interacting with CDDB"
+arch=('x86_64')
+url="http://libcdaudio.sourceforge.net/"
+license=('GPL')
+depends=('glibc')
+source=("https://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${_pkgver}.tar.gz"
+ '01-cddb-bufferoverflow.patch'
+ '02-cddb-bufferoverflow.patch')
+sha256sums=('5fdaf9af5ac4f75c0215d000b82b128fd054a582f81cc4f039a1e7fe69335ebb'
+ '2eb622aeabcaeb1e3cdae5a5f6015cf16c1cd4e1ea38344da00905923d34a60f'
+ '3a91822b22bdf8a87df5a17b5ef5e134140ea2147792cae37be97f09c812062a')
+
+build() {
+ cd ${pkgname}-${_pkgver}
+ patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch"
+ patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch"
+ ./configure --prefix=/usr
+ make
+}
+
+package() {
+ cd ${pkgname}-${_pkgver}
+ make DESTDIR="${pkgdir}" install
+}
More information about the arch-commits
mailing list