Date: Friday, February 12, 2016 @ 06:37:49 Author: fyan Revision: 161373
addpkg: lib32-libid3tag 0.15.1b-1 Added: lib32-libid3tag/ lib32-libid3tag/repos/ lib32-libid3tag/trunk/ lib32-libid3tag/trunk/10_utf16.diff lib32-libid3tag/trunk/11_unknown_encoding.diff lib32-libid3tag/trunk/CVE-2008-2109.patch lib32-libid3tag/trunk/PKGBUILD lib32-libid3tag/trunk/id3tag.pc --------------------------+ 10_utf16.diff | 48 +++++++++++++++++++++++++++++++++++++++++++++ 11_unknown_encoding.diff | 37 ++++++++++++++++++++++++++++++++++ CVE-2008-2109.patch | 11 ++++++++++ PKGBUILD | 45 ++++++++++++++++++++++++++++++++++++++++++ id3tag.pc | 10 +++++++++ 5 files changed, 151 insertions(+) Added: lib32-libid3tag/trunk/10_utf16.diff =================================================================== --- lib32-libid3tag/trunk/10_utf16.diff (rev 0) +++ lib32-libid3tag/trunk/10_utf16.diff 2016-02-12 05:37:49 UTC (rev 161373) @@ -0,0 +1,48 @@ +#! /bin/sh -e +## 10_utf16.dpatch by <k...@roeckx.be> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Handle bogus UTF16 sequences that have a length that is not +## DP: an even number of 8 bit characters. + +if [ $# -lt 1 ]; then + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1 +fi + +[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts +patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}" + +case "$1" in + -patch) patch -p1 ${patch_opts} < $0;; + -unpatch) patch -R -p1 ${patch_opts} < $0;; + *) + echo "`basename $0`: script expects -patch|-unpatch as argument" >&2 + exit 1;; +esac + +exit 0 + +@DPATCH@ +diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } Added: lib32-libid3tag/trunk/11_unknown_encoding.diff =================================================================== --- lib32-libid3tag/trunk/11_unknown_encoding.diff (rev 0) +++ lib32-libid3tag/trunk/11_unknown_encoding.diff 2016-02-12 05:37:49 UTC (rev 161373) @@ -0,0 +1,37 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 11_unknown_encoding.dpatch by Andreas Henriksson <andr...@fatal.se> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: In case of an unknown/invalid encoding, id3_parse_string() will +## DP: return NULL, but the return value wasn't checked resulting +## DP: in segfault in id3_ucs4_length(). This is the only place +## DP: the return value wasn't checked. + +@DPATCH@ +diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf +--- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000 ++++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000 +@@ -236,6 +236,10 @@ + + encoding = id3_parse_uint(&data, 1); + string = id3_parse_string(&data, end - data, encoding, 0); ++ if (!string) ++ { ++ continue; ++ } + + if (id3_ucs4_length(string) < 4) { + free(string); +diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c +--- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000 ++++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000 +@@ -165,6 +165,9 @@ + case ID3_FIELD_TEXTENCODING_UTF_8: + ucs4 = id3_utf8_deserialize(ptr, length); + break; ++ default: ++ /* FIXME: Unknown encoding! Print warning? */ ++ return NULL; + } + + if (ucs4 && !full) { Added: lib32-libid3tag/trunk/CVE-2008-2109.patch =================================================================== --- lib32-libid3tag/trunk/CVE-2008-2109.patch (rev 0) +++ lib32-libid3tag/trunk/CVE-2008-2109.patch 2016-02-12 05:37:49 UTC (rev 161373) @@ -0,0 +1,11 @@ +--- field.c.orig 2008-05-05 09:49:15.000000000 -0400 ++++ field.c 2008-05-05 09:49:25.000000000 -0400 +@@ -291,7 +291,7 @@ + + end = *ptr + length; + +- while (end - *ptr > 0) { ++ while (end - *ptr > 0 && **ptr != '\0') { + ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); + if (ucs4 == 0) + goto fail; Added: lib32-libid3tag/trunk/PKGBUILD =================================================================== --- lib32-libid3tag/trunk/PKGBUILD (rev 0) +++ lib32-libid3tag/trunk/PKGBUILD 2016-02-12 05:37:49 UTC (rev 161373) @@ -0,0 +1,45 @@ +# $Id$ +# Maintainer: Felix Yan <felixonm...@archlinux.org> +# Contributor: dorphell <dorph...@archlinux.org> +# Contributor: GordonGR <gordo...@freemail.gr> + +pkgname="lib32-libid3tag" +_pkgname="libid3tag" +pkgver=0.15.1b +pkgrel=1 +pkgdesc="library for id3 tagging, lib32." +arch=('x86_64') +url="http://www.underbit.com/products/mad/" +license=('GPL') +depends=('lib32-zlib' "${_pkgname}") +makedepends=('gperf') +source=("ftp://ftp.mars.org/pub/mpeg/${_pkgname}-${pkgver}.tar.gz" + 'id3tag.pc' + '10_utf16.diff' + '11_unknown_encoding.diff' + 'CVE-2008-2109.patch') +md5sums=('e5808ad997ba32c498803822078748c3' + '95e2fa67579dbae3222e802fc66e9477' + '4f9df4011e6a8c23240fff5de2d05f6e' + '3ca856b97924d48a0fdfeff0bd83ce7d' + 'c51822ea6301b1ca469975f0c9ee8e34') + +build() { + cd "${srcdir}/${_pkgname}-${pkgver}" + patch -p1 -i ${srcdir}/10_utf16.diff + patch -p1 -i ${srcdir}/11_unknown_encoding.diff + patch -Np0 -i ${srcdir}/CVE-2008-2109.patch + + export CC="gcc -m32" + export CXX="g++ -m32" + export PKG_CONFIG_PATH="/usr/lib32/pkgconfig" + ./configure --prefix=/usr --libdir=/usr/lib32 --libexecdir=/usr/lib32 + make +} + +package() { + cd "${srcdir}/${_pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install + install -D -m644 "${srcdir}/id3tag.pc" "${pkgdir}/usr/lib32/pkgconfig/id3tag.pc" + rm -rf "${pkgdir}/usr/include" +} Property changes on: lib32-libid3tag/trunk/PKGBUILD ___________________________________________________________________ Added: svn:keywords ## -0,0 +1 ## +Id \ No newline at end of property Added: lib32-libid3tag/trunk/id3tag.pc =================================================================== --- lib32-libid3tag/trunk/id3tag.pc (rev 0) +++ lib32-libid3tag/trunk/id3tag.pc 2016-02-12 05:37:49 UTC (rev 161373) @@ -0,0 +1,10 @@ +prefix=/usr +exec_prefix=/usr/bin +libdir=/usr/lib32 +includedir=/usr/include + +Name: ID3TAG +Description: libid3tag - ID3 tag manipulation library +Version: 0.15.0b +Libs: -L${libdir} -lid3tag -lz +Cflags: