diff options
author | Efraim Flashner <efraim@flashner.co.il> | 2016-05-30 17:17:09 +0300 |
---|---|---|
committer | Efraim Flashner <efraim@flashner.co.il> | 2016-05-30 20:13:24 +0300 |
commit | 1f521b7055a464439774332f1a69ed31b565715f (patch) | |
tree | faf684a35c09085ca54ba8589a156bbfe43926af /gnu/packages/patches/id3lib-CVE-2007-4460.patch | |
parent | 3d55d04ab8f11cf8e9612c0ef92b10347a867309 (diff) | |
download | guix-1f521b7055a464439774332f1a69ed31b565715f.tar guix-1f521b7055a464439774332f1a69ed31b565715f.tar.gz |
gnu: id3lib: Fix CVE-2007-4460.
* gnu/packages/mp3.scm (id3lib)[source]: Add patch.
* gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/patches/id3lib-CVE-2007-4460.patch')
-rw-r--r-- | gnu/packages/patches/id3lib-CVE-2007-4460.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/gnu/packages/patches/id3lib-CVE-2007-4460.patch b/gnu/packages/patches/id3lib-CVE-2007-4460.patch new file mode 100644 index 0000000000..36c84179fc --- /dev/null +++ b/gnu/packages/patches/id3lib-CVE-2007-4460.patch @@ -0,0 +1,54 @@ +This patch fixes an issues where temporary files were created in an insecure +way. + +It was first intruduced in version 3.8.3-7 and fixes +http://bugs.debian.org/438540 +--- a/src/tag_file.cpp ++++ b/src/tag_file.cpp +@@ -242,8 +242,8 @@ + strcpy(sTempFile, filename.c_str()); + strcat(sTempFile, sTmpSuffix.c_str()); + +-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +- // This section is for Windows folk && gcc 3.x folk ++#if !defined(HAVE_MKSTEMP) ++ // This section is for Windows folk + fstream tmpOut; + createFile(sTempFile, tmpOut); + +@@ -257,7 +257,7 @@ + tmpOut.write((char *)tmpBuffer, nBytes); + } + +-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#else //!defined(HAVE_MKSTEMP) + + // else we gotta make a temp file, copy the tag into it, copy the + // rest of the old file after the tag, delete the old file, rename +@@ -270,7 +270,7 @@ + //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); + } + +- ofstream tmpOut(fd); ++ ofstream tmpOut(sTempFile); + if (!tmpOut) + { + tmpOut.close(); +@@ -285,14 +285,14 @@ + uchar tmpBuffer[BUFSIZ]; + while (file) + { +- file.read(tmpBuffer, BUFSIZ); ++ file.read((char *)tmpBuffer, BUFSIZ); + size_t nBytes = file.gcount(); +- tmpOut.write(tmpBuffer, nBytes); ++ tmpOut.write((char *)tmpBuffer, nBytes); + } + + close(fd); //closes the file + +-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#endif ////!defined(HAVE_MKSTEMP) + + tmpOut.close(); + file.close(); |