diff options
author | Danny Rawlins <romster@shortcircuit.net.au> | 2008-09-17 02:11:16 +1000 |
---|---|---|
committer | Danny Rawlins <romster@shortcircuit.net.au> | 2008-09-17 02:11:16 +1000 |
commit | 5bf856b8a02c5912df9dac308a1d4f1c21cd7dd6 (patch) | |
tree | 0ba869fd217995a20cf177c17a8e1e5aed4b3666 /id3lib | |
parent | 3974596f4a8242d7ea7c4abeaa1f7ba01c1b1e72 (diff) | |
download | contrib-5bf856b8a02c5912df9dac308a1d4f1c21cd7dd6.tar.gz contrib-5bf856b8a02c5912df9dac308a1d4f1c21cd7dd6.tar.xz |
id3lib: fix for gcc-4.3 utf16 security
Diffstat (limited to 'id3lib')
-rw-r--r-- | id3lib/.md5sum | 6 | ||||
-rw-r--r-- | id3lib/CVE-2007-4460.diff | 51 | ||||
-rw-r--r-- | id3lib/Pkgfile | 23 | ||||
-rw-r--r-- | id3lib/id3lib-3.8.3-autoconf259.patch | 31 | ||||
-rw-r--r-- | id3lib/id3lib-3.8.3-gcc-4.3.patch | 82 | ||||
-rw-r--r-- | id3lib/id3lib-3.8.3-test_io.patch | 10 | ||||
-rw-r--r-- | id3lib/id3lib-3.8.3-unicode16.patch | 39 | ||||
-rw-r--r-- | id3lib/id3lib-3.8.3-zlib.patch | 23 |
8 files changed, 262 insertions, 3 deletions
diff --git a/id3lib/.md5sum b/id3lib/.md5sum index 3841a6b8b..b8e962318 100644 --- a/id3lib/.md5sum +++ b/id3lib/.md5sum @@ -1 +1,7 @@ +adb1915e31d29f04d0e8b597ed8946b4 CVE-2007-4460.diff +328ac5b15fbe7f3ccdf72da033a510a0 id3lib-3.8.3-autoconf259.patch +4e938dd0dc28af5a09049fc9c0562c36 id3lib-3.8.3-gcc-4.3.patch +875a7dcafeef2a995039075941fb47ae id3lib-3.8.3-test_io.patch +196c65adee1ba511ddacef2de0dfd102 id3lib-3.8.3-unicode16.patch +e896e39ce5196f4fd2ca6fc7553e2c60 id3lib-3.8.3-zlib.patch 19f27ddd2dda4b2d26a559a4f0f402a7 id3lib-3.8.3.tar.gz diff --git a/id3lib/CVE-2007-4460.diff b/id3lib/CVE-2007-4460.diff new file mode 100644 index 000000000..67342109b --- /dev/null +++ b/id3lib/CVE-2007-4460.diff @@ -0,0 +1,51 @@ +--- id3lib3.8.3-3.8.3.orig/src/tag_file.cpp ++++ id3lib3.8.3-3.8.3/src/tag_file.cpp +@@ -242,8 +242,8 @@ + strcpy(sTempFile, filename.c_str()); + strcat(sTempFile, sTmpSuffix.c_str()); + +-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +- // This section is for Windows folk && gcc 3.x folk ++#if !defined(HAVE_MKSTEMP) ++ // This section is for Windows folk + fstream tmpOut; + createFile(sTempFile, tmpOut); + +@@ -257,7 +257,7 @@ + tmpOut.write((char *)tmpBuffer, nBytes); + } + +-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#else //!defined(HAVE_MKSTEMP) + + // else we gotta make a temp file, copy the tag into it, copy the + // rest of the old file after the tag, delete the old file, rename +@@ -270,7 +270,7 @@ + //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); + } + +- ofstream tmpOut(fd); ++ ofstream tmpOut(sTempFile); + if (!tmpOut) + { + tmpOut.close(); +@@ -285,14 +285,14 @@ + uchar tmpBuffer[BUFSIZ]; + while (file) + { +- file.read(tmpBuffer, BUFSIZ); ++ file.read((char *)tmpBuffer, BUFSIZ); + size_t nBytes = file.gcount(); +- tmpOut.write(tmpBuffer, nBytes); ++ tmpOut.write((char *)tmpBuffer, nBytes); + } + + close(fd); //closes the file + +-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#endif ////!defined(HAVE_MKSTEMP) + + tmpOut.close(); + file.close(); +only in patch2: +unchanged: diff --git a/id3lib/Pkgfile b/id3lib/Pkgfile index 3f9dc23a1..fa1c0acc0 100644 --- a/id3lib/Pkgfile +++ b/id3lib/Pkgfile @@ -6,15 +6,32 @@ name=id3lib version=3.8.3 -release=1 -source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz) +release=2 +source=(http://dl.sourceforge.net/sourceforge/$name/$name-$version.tar.gz + $name-3.8.3-zlib.patch + $name-3.8.3-test_io.patch + $name-3.8.3-autoconf259.patch + $name-3.8.3-unicode16.patch + $name-3.8.3-gcc-4.3.patch + CVE-2007-4460.diff) build() { cd $name-$version + patch -p 1 -i $SRC/$name-3.8.3-zlib.patch + patch -p 1 -i $SRC/$name-3.8.3-test_io.patch + patch -p 1 -i $SRC/$name-3.8.3-autoconf259.patch + patch -p 1 -i $SRC/$name-3.8.3-unicode16.patch + patch -p 1 -i $SRC/$name-3.8.3-gcc-4.3.patch + patch -p 1 -i $SRC/CVE-2007-4460.diff + autoreconf -ivfs # buggy configure + + CC='g++' \ ./configure \ --prefix=/usr \ - --disable-static + --disable-static \ + --disable-assert \ + --enable-debug=no make make DESTDIR=$PKG install diff --git a/id3lib/id3lib-3.8.3-autoconf259.patch b/id3lib/id3lib-3.8.3-autoconf259.patch new file mode 100644 index 000000000..16921e174 --- /dev/null +++ b/id3lib/id3lib-3.8.3-autoconf259.patch @@ -0,0 +1,31 @@ +Index: id3lib-3.8.3/configure.in +=================================================================== +--- id3lib-3.8.3.orig/configure.in ++++ id3lib-3.8.3/configure.in +@@ -168,7 +168,7 @@ if test $has_iconv = 1; then + iconv_oldstyle=1, iconv_oldstyle=0) + if test $iconv_oldstyle = 1; then + AC_MSG_RESULT(const char **) +- AC_DEFINE(ID3LIB_ICONV_OLDSTYLE) ++ AC_DEFINE(ID3LIB_ICONV_OLDSTYLE, [], [Unknown]) + #we'll check out the need of + #typecast in the call of iconv_open + AC_MSG_CHECKING(whether to typecast in iconv) +@@ -184,7 +184,7 @@ if test $has_iconv = 1; then + iconv_cast=0, iconv_cast=1) + if test $iconv_cast = 1; then + AC_MSG_RESULT(yes) +- AC_DEFINE(ID3LIB_ICONV_CAST_OK) ++ AC_DEFINE(ID3LIB_ICONV_CAST_OK, [], [Unknown]) + else + AC_MSG_RESULT(no) + fi +@@ -206,7 +206,7 @@ if test $has_iconv = 1; then + iconv_cast=0, iconv_cast=1) + if test $iconv_cast = 1; then + AC_MSG_RESULT(yes) +- AC_DEFINE(ID3LIB_ICONV_CAST_OK) ++ AC_DEFINE(ID3LIB_ICONV_CAST_OK, [], [Unknown]) + else + AC_MSG_RESULT(no) + fi diff --git a/id3lib/id3lib-3.8.3-gcc-4.3.patch b/id3lib/id3lib-3.8.3-gcc-4.3.patch new file mode 100644 index 000000000..090dc0bc0 --- /dev/null +++ b/id3lib/id3lib-3.8.3-gcc-4.3.patch @@ -0,0 +1,82 @@ +diff -Naur id3lib-3.8.3-orig/configure.in id3lib-3.8.3/configure.in +--- id3lib-3.8.3-orig/configure.in 2008-03-05 18:03:25.000000000 -0600 ++++ id3lib-3.8.3/configure.in 2008-03-05 18:15:42.000000000 -0600 +@@ -227,7 +227,6 @@ + ) + AC_CHECK_HEADERS( \ + string \ +- iomanip.h \ + ,,AC_MSG_ERROR([Missing a vital header file for id3lib]) + ) + +diff -Naur id3lib-3.8.3-orig/include/id3/id3lib_strings.h id3lib-3.8.3/include/id3/id3lib_strings.h +--- id3lib-3.8.3-orig/include/id3/id3lib_strings.h 2008-03-05 18:19:46.000000000 -0600 ++++ id3lib-3.8.3/include/id3/id3lib_strings.h 2008-03-05 18:19:38.000000000 -0600 +@@ -30,6 +30,7 @@ + #define _ID3LIB_STRINGS_H_ + + #include <string> ++#include <cstring> + + #if (defined(__GNUC__) && (__GNUC__ >= 3) || (defined(_MSC_VER) && _MSC_VER > 1000)) + namespace std +diff -Naur id3lib-3.8.3-orig/include/id3/writers.h id3lib-3.8.3/include/id3/writers.h +--- id3lib-3.8.3-orig/include/id3/writers.h 2003-03-01 18:23:00.000000000 -0600 ++++ id3lib-3.8.3/include/id3/writers.h 2008-03-05 18:23:05.000000000 -0600 +@@ -30,7 +30,7 @@ + + #include "id3/writer.h" + #include "id3/id3lib_streams.h" +-//#include <string.h> ++#include <string.h> + + class ID3_CPP_EXPORT ID3_OStreamWriter : public ID3_Writer + { +diff -Naur id3lib-3.8.3-orig/examples/demo_convert.cpp id3lib-3.8.3/examples/demo_convert.cpp +--- id3lib-3.8.3-orig/examples/demo_convert.cpp 2003-03-01 18:23:00.000000000 -0600 ++++ id3lib-3.8.3/examples/demo_convert.cpp 2008-03-05 18:26:50.000000000 -0600 +@@ -84,7 +84,7 @@ + } + } + +-int main( unsigned int argc, char * const argv[]) ++int main( int argc, char * const argv[]) + { + flags_t ulFlag = ID3TT_ALL; + gengetopt_args_info args; +diff -Naur id3lib-3.8.3-orig/examples/demo_info.cpp id3lib-3.8.3/examples/demo_info.cpp +--- id3lib-3.8.3-orig/examples/demo_info.cpp 2003-03-01 18:23:00.000000000 -0600 ++++ id3lib-3.8.3/examples/demo_info.cpp 2008-03-05 18:27:40.000000000 -0600 +@@ -309,7 +309,7 @@ + + #define DEBUG + +-int main( unsigned int argc, char * const argv[]) ++int main( int argc, char * const argv[]) + { + ID3D_INIT_DOUT(); + +diff -Naur id3lib-3.8.3-orig/examples/demo_tag.cpp id3lib-3.8.3/examples/demo_tag.cpp +--- id3lib-3.8.3-orig/examples/demo_tag.cpp 2003-03-01 18:23:00.000000000 -0600 ++++ id3lib-3.8.3/examples/demo_tag.cpp 2008-03-05 18:31:20.000000000 -0600 +@@ -46,7 +46,7 @@ + os << "v2"; + } + +-int main( unsigned int argc, char * const argv[]) ++int main( int argc, char * const argv[]) + { + int ulFlag = ID3TT_ID3; + ID3D_INIT_DOUT(); +diff -Naur id3lib-3.8.3-orig/examples/demo_copy.cpp id3lib-3.8.3/examples/demo_copy.cpp +--- id3lib-3.8.3-orig/examples/demo_copy.cpp 2003-03-01 18:23:00.000000000 -0600 ++++ id3lib-3.8.3/examples/demo_copy.cpp 2008-03-05 18:32:44.000000000 -0600 +@@ -81,7 +81,7 @@ + } + } + +-int main( unsigned int argc, char * const argv[]) ++int main( int argc, char * const argv[]) + { + int ulFlag = ID3TT_ID3; + ID3D_INIT_DOUT(); diff --git a/id3lib/id3lib-3.8.3-test_io.patch b/id3lib/id3lib-3.8.3-test_io.patch new file mode 100644 index 000000000..b4a0d24d6 --- /dev/null +++ b/id3lib/id3lib-3.8.3-test_io.patch @@ -0,0 +1,10 @@ +--- id3lib-3.8.3/examples/test_io.cpp.orig 2004-09-21 23:40:48.398826320 +0200 ++++ id3lib-3.8.3/examples/test_io.cpp 2004-09-21 23:40:55.408760648 +0200 +@@ -16,6 +16,7 @@ + using std::cerr; + + using namespace dami; ++using namespace std; + + int + main(size_t argc, const char** argv) diff --git a/id3lib/id3lib-3.8.3-unicode16.patch b/id3lib/id3lib-3.8.3-unicode16.patch new file mode 100644 index 000000000..b05d2cf29 --- /dev/null +++ b/id3lib/id3lib-3.8.3-unicode16.patch @@ -0,0 +1,39 @@ +diff -ruN id3lib-3.8.3.orig/ChangeLog id3lib-3.8.3/ChangeLog +--- id3lib-3.8.3.orig/ChangeLog 2003-03-02 01:23:00.000000000 +0100 ++++ id3lib-3.8.3/ChangeLog 2006-02-22 00:33:59.946214472 +0100 +@@ -1,3 +1,8 @@ ++2006-02-17 Jerome Couderc ++ ++ * Patch from Spoon to fix UTF-16 writing bug ++ http://sourceforge.net/tracker/index.php?func=detail&aid=1016290&group_id=979&atid=300979 ++ + 2003-03-02 Sunday 17:38 Thijmen Klok <thijmen@id3lib.org> + + * THANKS (1.20): added more people +diff -ruN id3lib-3.8.3.orig/src/io_helpers.cpp id3lib-3.8.3/src/io_helpers.cpp +--- id3lib-3.8.3.orig/src/io_helpers.cpp 2003-03-02 01:23:00.000000000 +0100 ++++ id3lib-3.8.3/src/io_helpers.cpp 2006-02-22 00:35:02.926639992 +0100 +@@ -363,11 +363,22 @@ + // Write the BOM: 0xFEFF + unicode_t BOM = 0xFEFF; + writer.writeChars((const unsigned char*) &BOM, 2); ++ // Patch from Spoon : 2004-08-25 14:17 ++ // http://sourceforge.net/tracker/index.php?func=detail&aid=1016290&group_id=979&atid=300979 ++ // Wrong code ++ //for (size_t i = 0; i < size; i += 2) ++ //{ ++ // unicode_t ch = (data[i] << 8) | data[i+1]; ++ // writer.writeChars((const unsigned char*) &ch, 2); ++ //} ++ // Right code ++ unsigned char *pdata = (unsigned char *) data.c_str(); + for (size_t i = 0; i < size; i += 2) + { +- unicode_t ch = (data[i] << 8) | data[i+1]; ++ unicode_t ch = (pdata[i] << 8) | pdata[i+1]; + writer.writeChars((const unsigned char*) &ch, 2); + } ++ // End patch + } + return writer.getCur() - beg; + } diff --git a/id3lib/id3lib-3.8.3-zlib.patch b/id3lib/id3lib-3.8.3-zlib.patch new file mode 100644 index 000000000..177320bc1 --- /dev/null +++ b/id3lib/id3lib-3.8.3-zlib.patch @@ -0,0 +1,23 @@ +diff -Naur id3lib-3.8.3.orig/Makefile.am id3lib-3.8.3/Makefile.am +--- id3lib-3.8.3.orig/Makefile.am 2003-03-01 16:23:00.000000000 -0800 ++++ id3lib-3.8.3/Makefile.am 2004-09-12 19:05:39.564456828 -0700 +@@ -28,7 +28,7 @@ + endif + + SUBDIRS = . m4 $(zlib_subdir) doc include id3com src examples +-DIST_SUBDIRS = . m4 zlib doc include id3com src examples prj libprj ++DIST_SUBDIRS = . m4 $(zlib_subdir) doc include id3com src examples prj libprj + + INCLUDES = @ID3LIB_DEBUG_FLAGS@ + +diff -Naur id3lib-3.8.3.orig/src/Makefile.am id3lib-3.8.3/src/Makefile.am +--- id3lib-3.8.3.orig/src/Makefile.am 2003-03-01 16:23:00.000000000 -0800 ++++ id3lib-3.8.3/src/Makefile.am 2004-09-12 19:08:30.814149521 -0700 +@@ -77,6 +77,7 @@ + endif + + libid3_la_LDFLAGS = \ ++ -lz \ + -version-info $(LT_VERSION) \ + -release $(LT_RELEASE) \ + -export-dynamic |