summaryrefslogtreecommitdiffstats
path: root/abs
diff options
context:
space:
mode:
Diffstat (limited to 'abs')
-rw-r--r--abs/core/libcdaudio/01-cddb-bufferoverflow.patch15
-rw-r--r--abs/core/libcdaudio/02-cddb-bufferoverflow.patch15
-rw-r--r--abs/core/libcdaudio/PKGBUILD33
3 files changed, 51 insertions, 12 deletions
diff --git a/abs/core/libcdaudio/01-cddb-bufferoverflow.patch b/abs/core/libcdaudio/01-cddb-bufferoverflow.patch
new file mode 100644
index 0000000..0a44497
--- /dev/null
+++ b/abs/core/libcdaudio/01-cddb-bufferoverflow.patch
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm@inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c 2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c 2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+ }
+
+ query->query_matches = 0;
+- while(!cddb_read_line(sock, inbuffer, 256)) {
++ while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+ slashed = 0;
+ if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ index = 0;
diff --git a/abs/core/libcdaudio/02-cddb-bufferoverflow.patch b/abs/core/libcdaudio/02-cddb-bufferoverflow.patch
new file mode 100644
index 0000000..b542273
--- /dev/null
+++ b/abs/core/libcdaudio/02-cddb-bufferoverflow.patch
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm@inutil.org>
+Description: CVE-2008-5030
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c 2008-09-07 23:53:16.000000000 +0000
++++ libcdaudio/src/cddb.c 2008-11-12 21:32:21.000000000 +0000
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct
+ free(file);
+
+ while(!feof(cddb_data)) {
+- fgets(inbuffer, 512, cddb_data);
++ fgets(inbuffer, 256, cddb_data);
+ cddb_process_line(inbuffer, data);
+ }
+
diff --git a/abs/core/libcdaudio/PKGBUILD b/abs/core/libcdaudio/PKGBUILD
index 0494dbd..2a287e5 100644
--- a/abs/core/libcdaudio/PKGBUILD
+++ b/abs/core/libcdaudio/PKGBUILD
@@ -1,23 +1,32 @@
-# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
-# Maintainer: arjan <arjan@archlinux.org>
-#contributor Sarah Hay <sarahhay@mb.sympatico.ca>
+# $Id: PKGBUILD 150528 2012-02-18 12:08:44Z pierre $
+# Maintainer:
+# Contributor Sarah Hay <sarahhay@mb.sympatico.ca>
pkgname=libcdaudio
pkgver=0.99.12
-pkgrel=3
-pkgdesc="A portable library for controlling Audio CDs and managing the transfers of information with the CDDB system."
-arch=(i686 x86_64)
+pkgrel=6
+pkgdesc="Library for controlling Audio CDs and interacting with CDDB"
+arch=('i686' 'x86_64')
url="http://libcdaudio.sourceforge.net/"
license=('GPL')
-depends=(glibc)
-source=(http://dl.sourceforge.net/sourceforge/libcdaudio/$pkgname-${pkgver}p2.tar.gz)
-md5sums=('15de3830b751818a54a42899bd3ae72c')
+depends=('glibc')
options=('!libtool')
+source=("http://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${pkgver}.tar.gz"
+ '01-cddb-bufferoverflow.patch'
+ '02-cddb-bufferoverflow.patch')
+md5sums=('63b49cf14d53eed31e7a87cca17a3963'
+ 'f78c881b92cd7d25472daa90af284e18'
+ 'e36755c125d2710dc8619bb401e37444')
build() {
- cd $startdir/src/$pkgname-${pkgver}p2
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch"
+ patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch"
./configure --prefix=/usr
- make || return 1
- make DESTDIR=$startdir/pkg install
+ make
}
+package() {
+ cd "${srcdir}/${pkgname}-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+}