diff options
| author | drochner <drochner@pkgsrc.org> | 2007-09-04 09:58:20 +0000 |
|---|---|---|
| committer | drochner <drochner@pkgsrc.org> | 2007-09-04 09:58:20 +0000 |
| commit | 1c62ee22ec1a3ce14148cf258c3234ad3d86eb13 (patch) | |
| tree | 2cfe018c3a6bb3c94aeb9d0f246935427a94a52c /audio/id3lib/patches | |
| parent | a22621e7ed9467ac998be30ffe32a3609465f8ce (diff) | |
| download | pkgsrc-1c62ee22ec1a3ce14148cf258c3234ad3d86eb13.tar.gz | |
fix unsafe temp file creation (CVE-2007-4460), patch from Debian
bump PKGREVISION
Diffstat (limited to 'audio/id3lib/patches')
| -rw-r--r-- | audio/id3lib/patches/patch-aj | 44 |
1 files changed, 40 insertions, 4 deletions
diff --git a/audio/id3lib/patches/patch-aj b/audio/id3lib/patches/patch-aj index 3cc8fb1a259..3bf9988f4f3 100644 --- a/audio/id3lib/patches/patch-aj +++ b/audio/id3lib/patches/patch-aj @@ -1,9 +1,36 @@ -$NetBSD: patch-aj,v 1.3 2007/01/20 01:04:04 rillig Exp $ - -char and unsigned char are different data types. +$NetBSD: patch-aj,v 1.4 2007/09/04 09:58:20 drochner Exp $ --- src/tag_file.cpp.orig 2003-03-02 01:23:00.000000000 +0100 -+++ src/tag_file.cpp 2007-01-10 21:57:03.513247016 +0100 ++++ src/tag_file.cpp +@@ -242,8 +242,8 @@ size_t RenderV2ToFile(const ID3_TagImpl& + strcpy(sTempFile, filename.c_str()); + strcat(sTempFile, sTmpSuffix.c_str()); + +-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +- // This section is for Windows folk && gcc 3.x folk ++#if !defined(HAVE_MKSTEMP) ++ // This section is for Windows folk + fstream tmpOut; + createFile(sTempFile, tmpOut); + +@@ -257,7 +257,7 @@ size_t RenderV2ToFile(const ID3_TagImpl& + tmpOut.write((char *)tmpBuffer, nBytes); + } + +-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#else //!defined(HAVE_MKSTEMP) + + // else we gotta make a temp file, copy the tag into it, copy the + // rest of the old file after the tag, delete the old file, rename +@@ -270,7 +270,7 @@ size_t RenderV2ToFile(const ID3_TagImpl& + //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); + } + +- ofstream tmpOut(fd); ++ ofstream tmpOut(sTempFile); + if (!tmpOut) + { + tmpOut.close(); @@ -282,7 +282,7 @@ size_t RenderV2ToFile(const ID3_TagImpl& tmpOut.write(tagData, tagSize); @@ -13,3 +40,12 @@ char and unsigned char are different data types. while (file) { file.read(tmpBuffer, BUFSIZ); +@@ -292,7 +292,7 @@ size_t RenderV2ToFile(const ID3_TagImpl& + + close(fd); //closes the file + +-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) ++#endif ////!defined(HAVE_MKSTEMP) + + tmpOut.close(); + file.close(); |