summary refs log tree commit diff
diff options
context:
space:
mode:
authorEfraim Flashner <efraim@flashner.co.il>2016-05-30 17:17:09 +0300
committerEfraim Flashner <efraim@flashner.co.il>2016-05-30 20:13:24 +0300
commit1f521b7055a464439774332f1a69ed31b565715f (patch)
treefaf684a35c09085ca54ba8589a156bbfe43926af
parent3d55d04ab8f11cf8e9612c0ef92b10347a867309 (diff)
downloadguix-1f521b7055a464439774332f1a69ed31b565715f.tar.gz
gnu: id3lib: Fix CVE-2007-4460.
* gnu/packages/mp3.scm (id3lib)[source]: Add patch.
* gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable.
* gnu/local.mk (dist_patch_DATA): Add it.
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/mp3.scm6
-rw-r--r--gnu/packages/patches/id3lib-CVE-2007-4460.patch54
3 files changed, 58 insertions, 3 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 5f10dd86be..11b7ccb692 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -551,6 +551,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/icu4c-CVE-2014-6585.patch		\
   %D%/packages/patches/icu4c-CVE-2015-1270.patch		\
   %D%/packages/patches/icu4c-CVE-2015-4760.patch		\
+  %D%/packages/patches/id3lib-CVE-2007-4460.patch			\
   %D%/packages/patches/ilmbase-fix-tests.patch			\
   %D%/packages/patches/inkscape-drop-wait-for-targets.patch	\
   %D%/packages/patches/irrlicht-mesa-10.patch			\
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 997c50f5f4..8451f0ac9f 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -108,11 +108,11 @@ versions of ID3v2.")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://sourceforge/id3lib/id3lib/"
-                                version "/id3lib-"
-                                version ".tar.gz"))
+                                version "/id3lib-" version ".tar.gz"))
             (sha256
              (base32
-              "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97"))))
+              "0yfhqwk0w8q2hyv1jib1008jvzmwlpsxvc8qjllhna6p1hycqj97"))
+            (patches (search-patches "id3lib-CVE-2007-4460.patch"))))
    (build-system gnu-build-system)
    (arguments
     `(#:phases
diff --git a/gnu/packages/patches/id3lib-CVE-2007-4460.patch b/gnu/packages/patches/id3lib-CVE-2007-4460.patch
new file mode 100644
index 0000000000..36c84179fc
--- /dev/null
+++ b/gnu/packages/patches/id3lib-CVE-2007-4460.patch
@@ -0,0 +1,54 @@
+This patch fixes an issues where temporary files were created in an insecure
+way.
+
+It was first intruduced in version 3.8.3-7 and fixes
+http://bugs.debian.org/438540
+--- a/src/tag_file.cpp
++++ b/src/tag_file.cpp
+@@ -242,8 +242,8 @@
+     strcpy(sTempFile, filename.c_str());
+     strcat(sTempFile, sTmpSuffix.c_str());
+ 
+-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+-    // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++    // This section is for Windows folk
+     fstream tmpOut;
+     createFile(sTempFile, tmpOut);
+ 
+@@ -257,7 +257,7 @@
+       tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+ 
+     // else we gotta make a temp file, copy the tag into it, copy the
+     // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+     }
+ 
+-    ofstream tmpOut(fd);
++    ofstream tmpOut(sTempFile);
+     if (!tmpOut)
+     {
+       tmpOut.close();
+@@ -285,14 +285,14 @@
+     uchar tmpBuffer[BUFSIZ];
+     while (file)
+     {
+-      file.read(tmpBuffer, BUFSIZ);
++      file.read((char *)tmpBuffer, BUFSIZ);
+       size_t nBytes = file.gcount();
+-      tmpOut.write(tmpBuffer, nBytes);
++      tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+     close(fd); //closes the file
+ 
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+ 
+     tmpOut.close();
+     file.close();