diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2015-09-14 11:10:20 +0200 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-09-14 13:25:30 +0200 |
commit | b7907f7617dead5d20642d065c15cf67310f5571 (patch) | |
tree | c1a620e955df2c63e7ad5d47478bf2c1c46826b8 /main | |
parent | 6d48f0b02438bf79f96b803d221c8909e88decfd (diff) | |
download | aports-b7907f7617dead5d20642d065c15cf67310f5571.tar.bz2 aports-b7907f7617dead5d20642d065c15cf67310f5571.tar.xz |
main/libid3tag: fix CVE-2008-2109 and add .pc file
Diffstat (limited to 'main')
-rw-r--r-- | main/libid3tag/APKBUILD | 33 | ||||
-rw-r--r-- | main/libid3tag/CVE-2008-2109.patch | 11 |
2 files changed, 41 insertions, 3 deletions
diff --git a/main/libid3tag/APKBUILD b/main/libid3tag/APKBUILD index bf7bfaa46d..1acbf1bd60 100644 --- a/main/libid3tag/APKBUILD +++ b/main/libid3tag/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Carlo Landmeter <clandmeter@gmail.com> pkgname=libid3tag pkgver=0.15.1b -pkgrel=5 +pkgrel=6 pkgdesc="id3 tagger for mp3" url="http://www.underbit.com/products/mad/" arch="all" @@ -11,13 +11,21 @@ depends="" makedepends="zlib-dev" install= subpackages="$pkgname-dev" -source="ftp://ftp.mars.org/pub/mpeg/libid3tag-$pkgver.tar.gz" +source="ftp://ftp.mars.org/pub/mpeg/libid3tag-$pkgver.tar.gz + CVE-2008-2109.patch + " _builddir="$srcdir/$pkgname-$pkgver" +_builddir="$srcdir"/$pkgname-$pkgver prepare() { cd "$_builddir" update_config_sub || return 1 + for i in $source; do + case $i in + *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; + esac + done } build() { @@ -36,6 +44,25 @@ build() { package() { cd "$_builddir" make DESTDIR="$pkgdir" install || return 1 + mkdir -p "$pkgdir"/usr/lib/pkgconfig + cat > "$pkgdir"/usr/lib/pkgconfig/id3tag.pc <<EOF +prefix=/usr +exec_prefix=/usr/bin +libdir=/usr/lib +includedir=/usr/include + +Name: id3tag +Description: ID3 tag manipulation library +Requires: +Version: $pkgver +Libs: -lid3tag +Cflags: +EOF } -md5sums="e5808ad997ba32c498803822078748c3 libid3tag-0.15.1b.tar.gz" +md5sums="e5808ad997ba32c498803822078748c3 libid3tag-0.15.1b.tar.gz +19696a5d683456983f120e53294d8ca6 CVE-2008-2109.patch" +sha256sums="63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151 libid3tag-0.15.1b.tar.gz +bd3e690078ad7a48a2acfba7115d4ac37e4e2f6e083a8249306d422746e04b62 CVE-2008-2109.patch" +sha512sums="ade7ce2a43c3646b4c9fdc642095174b9d4938b078b205cd40906d525acd17e87ad76064054a961f391edcba6495441450af2f68be69f116549ca666b069e6d3 libid3tag-0.15.1b.tar.gz +fc79d44ca9d1435ab5b11d4da6b46d3684827a1384a0156cd88242225f98f3a0668c0d6e6a88159f0c4985fcbdc636777c2f100d7f371eef258a6050d6fde567 CVE-2008-2109.patch" diff --git a/main/libid3tag/CVE-2008-2109.patch b/main/libid3tag/CVE-2008-2109.patch new file mode 100644 index 0000000000..6226d14af7 --- /dev/null +++ b/main/libid3tag/CVE-2008-2109.patch @@ -0,0 +1,11 @@ +--- a/field.c.orig 2008-05-05 09:49:15.000000000 -0400 ++++ b/field.c 2008-05-05 09:49:25.000000000 -0400 +@@ -291,7 +291,7 @@ + + end = *ptr + length; + +- while (end - *ptr > 0) { ++ while (end - *ptr > 0 && **ptr != '\0') { + ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0); + if (ucs4 == 0) + goto fail; |