Date: Wednesday, September 8, 2010 @ 09:24:51 Author: andrea Revision: 90138
upgpkg: libid3tag 0.15.1b-6 CVE 2008-2109 (FS#20484) Added: libid3tag/trunk/CVE-2008-2109.patch Modified: libid3tag/trunk/PKGBUILD ---------------------+ CVE-2008-2109.patch | 11 +++++++++++ PKGBUILD | 23 ++++++++++++++--------- 2 files changed, 25 insertions(+), 9 deletions(-) Added: CVE-2008-2109.patch =================================================================== --- CVE-2008-2109.patch (rev 0) +++ CVE-2008-2109.patch 2010-09-08 13:24:51 UTC (rev 90138) @@ -0,0 +1,11 @@ +--- field.c.orig 2008-05-05 09:49:15.000000000 -0400 ++++ field.c 2008-05-05 09:49:25.000000000 -0400 +@@ -291,7 +291,7 @@ + + end = *ptr + length; + +- while (end - *ptr > 0) { ++ while (end - *ptr > 0 && **ptr != '\0') { + ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); + if (ucs4 == 0) + goto fail; Modified: PKGBUILD =================================================================== --- PKGBUILD 2010-09-08 13:11:27 UTC (rev 90137) +++ PKGBUILD 2010-09-08 13:24:51 UTC (rev 90138) @@ -1,27 +1,32 @@ # $Id$ -# Maintainer: dorphell <dorph...@archlinux.org> +# Maintainer: +# Contributor: dorphell <dorph...@archlinux.org> pkgname=libid3tag pkgver=0.15.1b -pkgrel=5 +pkgrel=6 pkgdesc="library for id3 tagging" arch=('i686' 'x86_64') url="http://www.underbit.com/products/mad/" license=('GPL') depends=('zlib') makedepends=('gperf') -options=(!libtool) -source=(ftp://ftp.mars.org/pub/mpeg/${pkgname}-${pkgver}.tar.gz \ - id3tag.pc 10_utf16.diff 11_unknown_encoding.diff) -md5sums=('e5808ad997ba32c498803822078748c3' '8bb41fd814fafcc37ec8bc88f5545a4a'\ - '4f9df4011e6a8c23240fff5de2d05f6e' '3ca856b97924d48a0fdfeff0bd83ce7d') -sha1sums=('4d867e8a8436e73cd7762fe0e85958e35f1e4306' '27753135177029bd443be188307c2934dd3caa13'\ - '40fbb2e790adfa98703d1a33bbd73f4e1da3d566' 'ae4dc32185ee2257e4269ca482d94b0cd5440b7e') +options=('!libtool') +source=("ftp://ftp.mars.org/pub/mpeg/${pkgname}-${pkgver}.tar.gz" + 'id3tag.pc' + '10_utf16.diff' '11_unknown_encoding.diff' 'CVE-2008-2109.patch') +md5sums=('e5808ad997ba32c498803822078748c3' + '8bb41fd814fafcc37ec8bc88f5545a4a' + '4f9df4011e6a8c23240fff5de2d05f6e' + '3ca856b97924d48a0fdfeff0bd83ce7d' + 'c51822ea6301b1ca469975f0c9ee8e34') build() { cd "${srcdir}/${pkgname}-${pkgver}" patch -p1 < ../10_utf16.diff patch -p1 < ../11_unknown_encoding.diff + patch -Np0 -i ${srcdir}/CVE-2008-2109.patch + ./configure --prefix=/usr make }