[arch-commits] Commit in libcdaudio/repos (4 files)

Evangelos Foutras foutrelis at archlinux.org
Sat May 16 09:11:36 UTC 2020


    Date: Saturday, May 16, 2020 @ 09:11:36
  Author: foutrelis
Revision: 383786

archrelease: copy trunk to staging-x86_64

Added:
  libcdaudio/repos/staging-x86_64/
  libcdaudio/repos/staging-x86_64/01-cddb-bufferoverflow.patch
    (from rev 383785, libcdaudio/trunk/01-cddb-bufferoverflow.patch)
  libcdaudio/repos/staging-x86_64/02-cddb-bufferoverflow.patch
    (from rev 383785, libcdaudio/trunk/02-cddb-bufferoverflow.patch)
  libcdaudio/repos/staging-x86_64/PKGBUILD
    (from rev 383785, libcdaudio/trunk/PKGBUILD)

------------------------------+
 01-cddb-bufferoverflow.patch |   15 +++++++++++++++
 02-cddb-bufferoverflow.patch |   15 +++++++++++++++
 PKGBUILD                     |   31 +++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+)

Copied: libcdaudio/repos/staging-x86_64/01-cddb-bufferoverflow.patch (from rev 383785, libcdaudio/trunk/01-cddb-bufferoverflow.patch)
===================================================================
--- staging-x86_64/01-cddb-bufferoverflow.patch	                        (rev 0)
+++ staging-x86_64/01-cddb-bufferoverflow.patch	2020-05-16 09:11:36 UTC (rev 383786)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c	2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+     }
+ 	   
+     query->query_matches = 0;
+-    while(!cddb_read_line(sock, inbuffer, 256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+       slashed = 0;
+       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ 	index = 0;

Copied: libcdaudio/repos/staging-x86_64/02-cddb-bufferoverflow.patch (from rev 383785, libcdaudio/trunk/02-cddb-bufferoverflow.patch)
===================================================================
--- staging-x86_64/02-cddb-bufferoverflow.patch	                        (rev 0)
+++ staging-x86_64/02-cddb-bufferoverflow.patch	2020-05-16 09:11:36 UTC (rev 383786)
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm at inutil.org>
+Description: CVE-2008-5030
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2008-09-07 23:53:16.000000000 +0000
++++ libcdaudio/src/cddb.c	2008-11-12 21:32:21.000000000 +0000
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct 
+       free(file);
+ 	 
+       while(!feof(cddb_data)) {
+-	fgets(inbuffer, 512, cddb_data);			   
++	fgets(inbuffer, 256, cddb_data);
+ 	cddb_process_line(inbuffer, data);
+       }
+ 	 

Copied: libcdaudio/repos/staging-x86_64/PKGBUILD (from rev 383785, libcdaudio/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2020-05-16 09:11:36 UTC (rev 383786)
@@ -0,0 +1,31 @@
+# Maintainer: 
+# Contributor Sarah Hay <sarahhay at mb.sympatico.ca>
+
+pkgname=libcdaudio
+_pkgver=0.99.12p2
+pkgver=0.99.12.p2
+pkgrel=3
+pkgdesc="Library for controlling Audio CDs and interacting with CDDB"
+arch=('x86_64')
+url="http://libcdaudio.sourceforge.net/"
+license=('GPL')
+depends=('glibc')
+source=("https://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${_pkgver}.tar.gz"
+        '01-cddb-bufferoverflow.patch'
+        '02-cddb-bufferoverflow.patch')
+sha256sums=('5fdaf9af5ac4f75c0215d000b82b128fd054a582f81cc4f039a1e7fe69335ebb'
+            '2eb622aeabcaeb1e3cdae5a5f6015cf16c1cd4e1ea38344da00905923d34a60f'
+            '3a91822b22bdf8a87df5a17b5ef5e134140ea2147792cae37be97f09c812062a')
+
+build() {
+  cd ${pkgname}-${_pkgver}
+  patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch"
+  patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch"
+  ./configure --prefix=/usr
+  make
+}
+
+package() {
+  cd ${pkgname}-${_pkgver}
+  make DESTDIR="${pkgdir}" install
+}


More information about the arch-commits mailing list