aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2015-09-14 11:10:20 +0200
committerNatanael Copa <ncopa@alpinelinux.org>2015-09-14 13:25:30 +0200
commitb7907f7617dead5d20642d065c15cf67310f5571 (patch)
treec1a620e955df2c63e7ad5d47478bf2c1c46826b8 /main
parent6d48f0b02438bf79f96b803d221c8909e88decfd (diff)
downloadaports-b7907f7617dead5d20642d065c15cf67310f5571.tar.bz2
aports-b7907f7617dead5d20642d065c15cf67310f5571.tar.xz
main/libid3tag: fix CVE-2008-2109 and add .pc file
Diffstat (limited to 'main')
-rw-r--r--main/libid3tag/APKBUILD33
-rw-r--r--main/libid3tag/CVE-2008-2109.patch11
2 files changed, 41 insertions, 3 deletions
diff --git a/main/libid3tag/APKBUILD b/main/libid3tag/APKBUILD
index bf7bfaa46d..1acbf1bd60 100644
--- a/main/libid3tag/APKBUILD
+++ b/main/libid3tag/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Carlo Landmeter <clandmeter@gmail.com>
pkgname=libid3tag
pkgver=0.15.1b
-pkgrel=5
+pkgrel=6
pkgdesc="id3 tagger for mp3"
url="http://www.underbit.com/products/mad/"
arch="all"
@@ -11,13 +11,21 @@ depends=""
makedepends="zlib-dev"
install=
subpackages="$pkgname-dev"
-source="ftp://ftp.mars.org/pub/mpeg/libid3tag-$pkgver.tar.gz"
+source="ftp://ftp.mars.org/pub/mpeg/libid3tag-$pkgver.tar.gz
+ CVE-2008-2109.patch
+ "
_builddir="$srcdir/$pkgname-$pkgver"
+_builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
update_config_sub || return 1
+ for i in $source; do
+ case $i in
+ *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;;
+ esac
+ done
}
build() {
@@ -36,6 +44,25 @@ build() {
package() {
cd "$_builddir"
make DESTDIR="$pkgdir" install || return 1
+ mkdir -p "$pkgdir"/usr/lib/pkgconfig
+ cat > "$pkgdir"/usr/lib/pkgconfig/id3tag.pc <<EOF
+prefix=/usr
+exec_prefix=/usr/bin
+libdir=/usr/lib
+includedir=/usr/include
+
+Name: id3tag
+Description: ID3 tag manipulation library
+Requires:
+Version: $pkgver
+Libs: -lid3tag
+Cflags:
+EOF
}
-md5sums="e5808ad997ba32c498803822078748c3 libid3tag-0.15.1b.tar.gz"
+md5sums="e5808ad997ba32c498803822078748c3 libid3tag-0.15.1b.tar.gz
+19696a5d683456983f120e53294d8ca6 CVE-2008-2109.patch"
+sha256sums="63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151 libid3tag-0.15.1b.tar.gz
+bd3e690078ad7a48a2acfba7115d4ac37e4e2f6e083a8249306d422746e04b62 CVE-2008-2109.patch"
+sha512sums="ade7ce2a43c3646b4c9fdc642095174b9d4938b078b205cd40906d525acd17e87ad76064054a961f391edcba6495441450af2f68be69f116549ca666b069e6d3 libid3tag-0.15.1b.tar.gz
+fc79d44ca9d1435ab5b11d4da6b46d3684827a1384a0156cd88242225f98f3a0668c0d6e6a88159f0c4985fcbdc636777c2f100d7f371eef258a6050d6fde567 CVE-2008-2109.patch"
diff --git a/main/libid3tag/CVE-2008-2109.patch b/main/libid3tag/CVE-2008-2109.patch
new file mode 100644
index 0000000000..6226d14af7
--- /dev/null
+++ b/main/libid3tag/CVE-2008-2109.patch
@@ -0,0 +1,11 @@
+--- a/field.c.orig 2008-05-05 09:49:15.000000000 -0400
++++ b/field.c 2008-05-05 09:49:25.000000000 -0400
+@@ -291,7 +291,7 @@
+
+ end = *ptr + length;
+
+- while (end - *ptr > 0) {
++ while (end - *ptr > 0 && **ptr != '\0') {
+ ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ if (ucs4 == 0)
+ goto fail;