pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/id3lib fix unsafe temp file creation (CVE-2007-4...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7dd3c48e112f
branches: trunk
changeset: 532907:7dd3c48e112f
user: drochner <drochner%pkgsrc.org@localhost>
date: Tue Sep 04 09:58:20 2007 +0000
description:
fix unsafe temp file creation (CVE-2007-4460), patch from Debian
bump PKGREVISION
diffstat:
audio/id3lib/Makefile | 4 +-
audio/id3lib/distinfo | 4 +-
audio/id3lib/patches/patch-aj | 44 +++++++++++++++++++++++++++++++++++++++---
3 files changed, 44 insertions(+), 8 deletions(-)
diffs (86 lines):
diff -r 027e496e568e -r 7dd3c48e112f audio/id3lib/Makefile
--- a/audio/id3lib/Makefile Tue Sep 04 09:47:38 2007 +0000
+++ b/audio/id3lib/Makefile Tue Sep 04 09:58:20 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.26 2006/09/23 13:26:24 wiz Exp $
+# $NetBSD: Makefile,v 1.27 2007/09/04 09:58:20 drochner Exp $
#
DISTNAME= id3lib-3.8.3
-PKGREVISION= 3
+PKGREVISION= 4
CATEGORIES= audio
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=id3lib/}
diff -r 027e496e568e -r 7dd3c48e112f audio/id3lib/distinfo
--- a/audio/id3lib/distinfo Tue Sep 04 09:47:38 2007 +0000
+++ b/audio/id3lib/distinfo Tue Sep 04 09:58:20 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.14 2007/01/20 01:04:04 rillig Exp $
+$NetBSD: distinfo,v 1.15 2007/09/04 09:58:20 drochner Exp $
SHA1 (id3lib-3.8.3.tar.gz) = c92c880da41d1ec0b242745a901702ae87970838
RMD160 (id3lib-3.8.3.tar.gz) = bfa2499ec649ed40815ad0a370c78eb1517952c4
@@ -8,4 +8,4 @@
SHA1 (patch-ag) = a047fe90d83c88e0f6d0a6a0595a440ef49276e3
SHA1 (patch-ah) = 42a04014cc839565063daa395884b757214eb911
SHA1 (patch-ai) = c0521a6d62d17826c9b1f35f6be51e1b72c48e7c
-SHA1 (patch-aj) = cbffa394ef07e59e3036788f265b3319bbdf2c39
+SHA1 (patch-aj) = 626952e7bbddbcf5db66a0509f62d588ccaed17a
diff -r 027e496e568e -r 7dd3c48e112f audio/id3lib/patches/patch-aj
--- a/audio/id3lib/patches/patch-aj Tue Sep 04 09:47:38 2007 +0000
+++ b/audio/id3lib/patches/patch-aj Tue Sep 04 09:58:20 2007 +0000
@@ -1,9 +1,36 @@
-$NetBSD: patch-aj,v 1.3 2007/01/20 01:04:04 rillig Exp $
-
-char and unsigned char are different data types.
+$NetBSD: patch-aj,v 1.4 2007/09/04 09:58:20 drochner Exp $
--- src/tag_file.cpp.orig 2003-03-02 01:23:00.000000000 +0100
-+++ src/tag_file.cpp 2007-01-10 21:57:03.513247016 +0100
++++ src/tag_file.cpp
+@@ -242,8 +242,8 @@ size_t RenderV2ToFile(const ID3_TagImpl&
+ strcpy(sTempFile, filename.c_str());
+ strcat(sTempFile, sTmpSuffix.c_str());
+
+-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+- // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++ // This section is for Windows folk
+ fstream tmpOut;
+ createFile(sTempFile, tmpOut);
+
+@@ -257,7 +257,7 @@ size_t RenderV2ToFile(const ID3_TagImpl&
+ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+
+ // else we gotta make a temp file, copy the tag into it, copy the
+ // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@ size_t RenderV2ToFile(const ID3_TagImpl&
+ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+ }
+
+- ofstream tmpOut(fd);
++ ofstream tmpOut(sTempFile);
+ if (!tmpOut)
+ {
+ tmpOut.close();
@@ -282,7 +282,7 @@ size_t RenderV2ToFile(const ID3_TagImpl&
tmpOut.write(tagData, tagSize);
@@ -13,3 +40,12 @@
while (file)
{
file.read(tmpBuffer, BUFSIZ);
+@@ -292,7 +292,7 @@ size_t RenderV2ToFile(const ID3_TagImpl&
+
+ close(fd); //closes the file
+
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+
+ tmpOut.close();
+ file.close();
Home |
Main Index |
Thread Index |
Old Index