From e2fa4ac78e97238eedb771a373a1595dd3013f56 Mon Sep 17 00:00:00 2001
From: James Meyer <james.meyer@operamail.com>
Date: Tue, 7 Aug 2012 09:42:59 -0500
Subject: libcdaudio 0.99.12

---
 abs/core/libcdaudio/01-cddb-bufferoverflow.patch | 15 +++++++++++
 abs/core/libcdaudio/02-cddb-bufferoverflow.patch | 15 +++++++++++
 abs/core/libcdaudio/PKGBUILD                     | 33 +++++++++++++++---------
 3 files changed, 51 insertions(+), 12 deletions(-)
 create mode 100644 abs/core/libcdaudio/01-cddb-bufferoverflow.patch
 create mode 100644 abs/core/libcdaudio/02-cddb-bufferoverflow.patch

diff --git a/abs/core/libcdaudio/01-cddb-bufferoverflow.patch b/abs/core/libcdaudio/01-cddb-bufferoverflow.patch
new file mode 100644
index 0000000..0a44497
--- /dev/null
+++ b/abs/core/libcdaudio/01-cddb-bufferoverflow.patch
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm@inutil.org>
+Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2009-08-02 10:30:05.000000000 +0000
++++ libcdaudio/src/cddb.c	2009-08-02 10:34:57.000000000 +0000
+@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock,
+     }
+ 	   
+     query->query_matches = 0;
+-    while(!cddb_read_line(sock, inbuffer, 256)) {
++    while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) {
+       slashed = 0;
+       if(strchr(inbuffer, '/') != NULL && parse_disc_artist) {
+ 	index = 0;
diff --git a/abs/core/libcdaudio/02-cddb-bufferoverflow.patch b/abs/core/libcdaudio/02-cddb-bufferoverflow.patch
new file mode 100644
index 0000000..b542273
--- /dev/null
+++ b/abs/core/libcdaudio/02-cddb-bufferoverflow.patch
@@ -0,0 +1,15 @@
+Author: Moritz Muehlenhoff <jmm@inutil.org>
+Description: CVE-2008-5030
+
+diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c
+--- libcdaudio.orig/src/cddb.c	2008-09-07 23:53:16.000000000 +0000
++++ libcdaudio/src/cddb.c	2008-11-12 21:32:21.000000000 +0000
+@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct 
+       free(file);
+ 	 
+       while(!feof(cddb_data)) {
+-	fgets(inbuffer, 512, cddb_data);			   
++	fgets(inbuffer, 256, cddb_data);
+ 	cddb_process_line(inbuffer, data);
+       }
+ 	 
diff --git a/abs/core/libcdaudio/PKGBUILD b/abs/core/libcdaudio/PKGBUILD
index 0494dbd..2a287e5 100644
--- a/abs/core/libcdaudio/PKGBUILD
+++ b/abs/core/libcdaudio/PKGBUILD
@@ -1,23 +1,32 @@
-# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
-# Maintainer: arjan <arjan@archlinux.org>
-#contributor Sarah Hay <sarahhay@mb.sympatico.ca>
+# $Id: PKGBUILD 150528 2012-02-18 12:08:44Z pierre $
+# Maintainer: 
+# Contributor Sarah Hay <sarahhay@mb.sympatico.ca>
 
 pkgname=libcdaudio
 pkgver=0.99.12
-pkgrel=3
-pkgdesc="A portable library for controlling Audio CDs and managing the transfers of information with the CDDB system."
-arch=(i686 x86_64)
+pkgrel=6
+pkgdesc="Library for controlling Audio CDs and interacting with CDDB"
+arch=('i686' 'x86_64')
 url="http://libcdaudio.sourceforge.net/"
 license=('GPL')
-depends=(glibc)
-source=(http://dl.sourceforge.net/sourceforge/libcdaudio/$pkgname-${pkgver}p2.tar.gz)
-md5sums=('15de3830b751818a54a42899bd3ae72c')
+depends=('glibc')
 options=('!libtool')
+source=("http://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${pkgver}.tar.gz"
+        '01-cddb-bufferoverflow.patch'
+        '02-cddb-bufferoverflow.patch')
+md5sums=('63b49cf14d53eed31e7a87cca17a3963'
+         'f78c881b92cd7d25472daa90af284e18'
+         'e36755c125d2710dc8619bb401e37444')
 
 build() {
-  cd $startdir/src/$pkgname-${pkgver}p2
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch"
+  patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch"
   ./configure --prefix=/usr
-  make || return 1
-  make DESTDIR=$startdir/pkg install
+  make
 }
 
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+}
-- 
cgit v0.12