[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
01/03: gnu: id3lib: Fix CVE-2007-4460.
|
From: |
Efraim Flashner |
|
Subject: |
01/03: gnu: id3lib: Fix CVE-2007-4460. |
|
Date: |
Mon, 30 May 2016 17:22:42 +0000 (UTC) |
efraim pushed a commit to branch master
in repository guix.
commit 1f521b7055a464439774332f1a69ed31b565715f
Author: Efraim Flashner <address@hidden>
Date: Mon May 30 17:17:09 2016 +0300
gnu: id3lib: Fix CVE-2007-4460.
* gnu/packages/mp3.scm (id3lib)[source]: Add patch.
* gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
---
gnu/local.mk | 1 +
gnu/packages/mp3.scm | 6 +--
gnu/packages/patches/id3lib-CVE-2007-4460.patch | 54 +++++++++++++++++++++++
3 files changed, 58 insertions(+), 3 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 5f10dd8..11b7ccb 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -551,6 +551,7 @@ dist_patch_DATA =
\
%D%/packages/patches/icu4c-CVE-2014-6585.patch \
%D%/packages/patches/icu4c-CVE-2015-1270.patch \
%D%/packages/patches/icu4c-CVE-2015-4760.patch \
+ %D%/packages/patches/id3lib-CVE-2007-4460.patch \
%D%/packages/patches/ilmbase-fix-tests.patch \
%D%/packages/patches/inkscape-drop-wait-for-targets.patch \
%D%/packages/patches/irrlicht-mesa-10.patch \
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 997c50f..8451f0a 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -108,11 +108,11 @@ versions of ID3v2.")
(source (origin
(method url-fetch)
(uri (string-append "mirror://sourceforge/id3lib/id3lib/"
- version "/id3lib-"
- version ".tar.gz"))
+ version "/id3lib-" version ".tar.gz"))
(sha256
(base32
- "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97"))))
+ "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97"))
+ (patches (search-patches "id3lib-CVE-2007-4460.patch"))))
(build-system gnu-build-system)
(arguments
`(#:phases
diff --git a/gnu/packages/patches/id3lib-CVE-2007-4460.patch
b/gnu/packages/patches/id3lib-CVE-2007-4460.patch
new file mode 100644
index 0000000..36c8417
--- /dev/null
+++ b/gnu/packages/patches/id3lib-CVE-2007-4460.patch
@@ -0,0 +1,54 @@
+This patch fixes an issues where temporary files were created in an insecure
+way.
+
+It was first intruduced in version 3.8.3-7 and fixes
+http://bugs.debian.org/438540
+--- a/src/tag_file.cpp
++++ b/src/tag_file.cpp
+@@ -242,8 +242,8 @@
+ strcpy(sTempFile, filename.c_str());
+ strcat(sTempFile, sTmpSuffix.c_str());
+
+-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+- // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++ // This section is for Windows folk
+ fstream tmpOut;
+ createFile(sTempFile, tmpOut);
+
+@@ -257,7 +257,7 @@
+ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+
+ // else we gotta make a temp file, copy the tag into it, copy the
+ // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+ }
+
+- ofstream tmpOut(fd);
++ ofstream tmpOut(sTempFile);
+ if (!tmpOut)
+ {
+ tmpOut.close();
+@@ -285,14 +285,14 @@
+ uchar tmpBuffer[BUFSIZ];
+ while (file)
+ {
+- file.read(tmpBuffer, BUFSIZ);
++ file.read((char *)tmpBuffer, BUFSIZ);
+ size_t nBytes = file.gcount();
+- tmpOut.write(tmpBuffer, nBytes);
++ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+ close(fd); //closes the file
+
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+
+ tmpOut.close();
+ file.close();