diff options
Diffstat (limited to 'extra/libcdaudio')
| -rw-r--r-- | extra/libcdaudio/01-cddb-bufferoverflow.patch | 15 | ||||
| -rw-r--r-- | extra/libcdaudio/02-cddb-bufferoverflow.patch | 15 | ||||
| -rw-r--r-- | extra/libcdaudio/PKGBUILD | 32 |
3 files changed, 62 insertions, 0 deletions
diff --git a/extra/libcdaudio/01-cddb-bufferoverflow.patch b/extra/libcdaudio/01-cddb-bufferoverflow.patch new file mode 100644 index 000000000..0a4449717 --- /dev/null +++ b/extra/libcdaudio/01-cddb-bufferoverflow.patch @@ -0,0 +1,15 @@ +Author: Moritz Muehlenhoff <jmm@inutil.org> +Description: CAN-2005-0706: Bufferoverflow in CDDB lookup parsing + +diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c +--- libcdaudio.orig/src/cddb.c 2009-08-02 10:30:05.000000000 +0000 ++++ libcdaudio/src/cddb.c 2009-08-02 10:34:57.000000000 +0000 +@@ -1052,7 +1052,7 @@ cddb_query(int cd_desc, int sock, + } + + query->query_matches = 0; +- while(!cddb_read_line(sock, inbuffer, 256)) { ++ while(query->query_matches < MAX_INEXACT_MATCHES && !cddb_read_line(sock, inbuffer, 256)) { + slashed = 0; + if(strchr(inbuffer, '/') != NULL && parse_disc_artist) { + index = 0; diff --git a/extra/libcdaudio/02-cddb-bufferoverflow.patch b/extra/libcdaudio/02-cddb-bufferoverflow.patch new file mode 100644 index 000000000..b5422735c --- /dev/null +++ b/extra/libcdaudio/02-cddb-bufferoverflow.patch @@ -0,0 +1,15 @@ +Author: Moritz Muehlenhoff <jmm@inutil.org> +Description: CVE-2008-5030 + +diff -Naurp libcdaudio.orig/src/cddb.c libcdaudio/src/cddb.c +--- libcdaudio.orig/src/cddb.c 2008-09-07 23:53:16.000000000 +0000 ++++ libcdaudio/src/cddb.c 2008-11-12 21:32:21.000000000 +0000 +@@ -1679,7 +1679,7 @@ cddb_read_disc_data(int cd_desc, struct + free(file); + + while(!feof(cddb_data)) { +- fgets(inbuffer, 512, cddb_data); ++ fgets(inbuffer, 256, cddb_data); + cddb_process_line(inbuffer, data); + } + diff --git a/extra/libcdaudio/PKGBUILD b/extra/libcdaudio/PKGBUILD new file mode 100644 index 000000000..64159d23e --- /dev/null +++ b/extra/libcdaudio/PKGBUILD @@ -0,0 +1,32 @@ +# $Id: PKGBUILD 87596 2010-08-17 10:23:02Z jgc $ +# Maintainer: +# Contributor Sarah Hay <sarahhay@mb.sympatico.ca> + +pkgname=libcdaudio +pkgver=0.99.12 +pkgrel=5 +pkgdesc="Library for controlling Audio CDs and interacting with CDDB" +arch=('i686' 'x86_64') +url="http://libcdaudio.sourceforge.net/" +license=('GPL') +depends=('glibc') +options=('!libtool') +source=(http://downloads.sourceforge.net/sourceforge/libcdaudio/${pkgname}-${pkgver}.tar.gz + 01-cddb-bufferoverflow.patch + 02-cddb-bufferoverflow.patch) +md5sums=('63b49cf14d53eed31e7a87cca17a3963' + 'f78c881b92cd7d25472daa90af284e18' + 'e36755c125d2710dc8619bb401e37444') + +build() { + cd "${srcdir}/${pkgname}-${pkgver}" + patch -Np1 -i "${srcdir}/01-cddb-bufferoverflow.patch" + patch -Np1 -i "${srcdir}/02-cddb-bufferoverflow.patch" + ./configure --prefix=/usr + make +} + +package() { + cd "${srcdir}/${pkgname}-${pkgver}" + make DESTDIR="${pkgdir}" install +} |