From e2fa4ac78e97238eedb771a373a1595dd3013f56 Mon Sep 17 00:00:00 2001 From: James Meyer <james.meyer@operamail.com> Date: Tue, 7 Aug 2012 09:42:59 -0500 Subject: libcdaudio 0.99.12 --- abs/core/libcdaudio/01-cddb-bufferoverflow.patch | 15 +++++++++++ abs/core/libcdaudio/02-cddb-bufferoverflow.patch | 15 +++++++++++ abs/core/libcdaudio/PKGBUILD | 33 +++++++++++++++--------- 3 files changed, 51 insertions(+), 12 deletions(-) create mode 100644 abs/core/libcdaudio/01-cddb-bufferoverflow.patch create mode 100644 abs/core/libcdaudio/02-cddb-bufferoverflow.patch diff --git a/abs/core/libcdaudio/01-cddb-bufferoverflow.patch b/abs/core/libcdaudio/01-cddb-bufferoverflow.patch new file mode 100644 index 0000000..0a44497 --- /dev/null +++ b/abs/core/libcdaudio/01-cddb-bufferoverflow.patch @@ -0,0 +1,15 @@ +Author: Moritz Muehlenhoff <jmm@inutil.org> +Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing + +diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c +--- libcdaudio.orig/src/cddb.c 2009-08-02 10:30:05.000000000 +0000 ++++ libcdaudio/src/cddb.c 2009-08-02 10:34:57.000000000 +0000 +@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock, + } + + query->query_matches = 0; +- while(!cddb_read_line(sock, inbuffer, 256)) { ++ while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) { + slashed = 0; + if(strchr(inbuffer, '/') != NULL && parse_disc_artist) { + index = 0; diff --git a/abs/core/libcdaudio/02-cddb-bufferoverflow.patch b/abs/core/libcdaudio/02-cddb-bufferoverflow.patch new file mode 100644 index 0000000..b542273 --- /dev/null +++ b/abs/core/libcdaudio/02-cddb-bufferoverflow.patch @@ -0,0 +1,15 @@ +Author: Moritz Muehlenhoff <jmm@inutil.org> +Description: CVE-2008-5030 + +diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c +--- libcdaudio.orig/src/cddb.c 2008-09-07 23:53:16.000000000 +0000 ++++ libcdaudio/src/cddb.c 2008-11-12 21:32:21.000000000 +0000 +@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct + free(file); + + while(!feof(cddb_data)) { +- fgets(inbuffer, 512, cddb_data); ++ fgets(inbuffer, 256, cddb_data); + cddb_process_line(inbuffer, data); + } + diff --git a/abs/core/libcdaudio/PKGBUILD b/abs/core/libcdaudio/PKGBUILD index 0494dbd..2a287e5 100644 --- a/abs/core/libcdaudio/PKGBUILD +++ b/abs/core/libcdaudio/PKGBUILD @@ -1,23 +1,32 @@ -# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $ -# Maintainer: arjan <arjan@archlinux.org> -#contributor Sarah Hay <sarahhay@mb.sympatico.ca> +# $Id: PKGBUILD 150528 2012-02-18 12:08:44Z pierre $ +# Maintainer: +# Contributor Sarah Hay <sarahhay@mb.sympatico.ca> pkgname=libcdaudio pkgver=0.99.12 -pkgrel=3 -pkgdesc="A portable library for controlling Audio CDs and managing the transfers of information with the CDDB system." -arch=(i686 x86_64) +pkgrel=6 +pkgdesc="Library for controlling Audio CDs and interacting with CDDB" +arch=('i686' 'x86_64') url="http://libcdaudio.sourceforge.net/" license=('GPL') -depends=(glibc) -source=(http://dl.sourceforge.net/sourceforge/libcdaudio/$pkgname-${pkgver}p2.tar.gz) -md5sums=('15de3830b751818a54a42899bd3ae72c') +depends=('glibc') options=('!libtool') +source=("http://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${pkgver}.tar.gz" + '01-cddb-bufferoverflow.patch' + '02-cddb-bufferoverflow.patch') +md5sums=('63b49cf14d53eed31e7a87cca17a3963' + 'f78c881b92cd7d25472daa90af284e18' + 'e36755c125d2710dc8619bb401e37444') build() { - cd $startdir/src/$pkgname-${pkgver}p2 + cd "${srcdir}/${pkgname}-${pkgver}" + patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch" + patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch" ./configure --prefix=/usr - make || return 1 - make DESTDIR=$startdir/pkg install + make } +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install +} -- cgit v0.12