Hello community, here is the log from the commit of package id3lib for openSUSE:Factory checked in at 2013-04-07 14:22:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/id3lib (Old) and /work/SRC/openSUSE:Factory/.id3lib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "id3lib", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/id3lib/id3lib.changes 2013-03-03 21:06:40.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.id3lib.new/id3lib.changes 2013-04-07 14:22:43.000000000 +0200 @@ -1,0 +2,7 @@ +Sat Apr 6 09:45:09 UTC 2013 - [email protected] + +- Renamed id3lib-3.8.3-tag_file.patch to + id3lib-3.8.3-CVE-2007-4460.patch. This matches the redhat fix for + this issue. + +------------------------------------------------------------------- Old: ---- id3lib-3.8.3-tag_file.patch New: ---- id3lib-3.8.3-CVE-2007-4460.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ id3lib.spec ++++++ --- /var/tmp/diff_new_pack.ptCUk5/_old 2013-04-07 14:22:44.000000000 +0200 +++ /var/tmp/diff_new_pack.ptCUk5/_new 2013-04-07 14:22:44.000000000 +0200 @@ -34,7 +34,8 @@ Patch5: id3lib-%{version}-UTF16-writing-bug.patch Patch6: id3lib-%{version}-zlib.patch Patch7: id3lib-%{version}-uninitialized.patch -Patch8: id3lib-%{version}-tag_file.patch +# This patch fixes CVE-2007-4460 - id3lib doesn't use mkstemp() to create a name of a temporary file. +Patch8: id3lib-%{version}-CVE-2007-4460.patch Patch9: id3lib-%{version}-missing_c_includes.patch Patch10: id3lib-%{version}-fix_m4_quoting.patch Patch11: id3lib-%{version}-unsigned_argc.patch ++++++ id3lib-3.8.3-CVE-2007-4460.patch ++++++ --- src/tag_file.cpp +++ src/tag_file.cpp @@ -242,8 +242,8 @@ strcpy(sTempFile, filename.c_str()); strcat(sTempFile, sTmpSuffix.c_str()); -#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) - // This section is for Windows folk && gcc 3.x folk +#if !defined(HAVE_MKSTEMP) + // This section is for Windows folk fstream tmpOut; createFile(sTempFile, tmpOut); @@ -257,7 +257,7 @@ tmpOut.write((char *)tmpBuffer, nBytes); } -#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +#else //!defined(HAVE_MKSTEMP) // else we gotta make a temp file, copy the tag into it, copy the // rest of the old file after the tag, delete the old file, rename @@ -270,7 +270,7 @@ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); } - ofstream tmpOut(fd); + ofstream tmpOut(sTempFile); if (!tmpOut) { tmpOut.close(); @@ -285,14 +285,14 @@ uchar tmpBuffer[BUFSIZ]; while (file) { - file.read(tmpBuffer, BUFSIZ); + file.read((char *)tmpBuffer, BUFSIZ); size_t nBytes = file.gcount(); - tmpOut.write(tmpBuffer, nBytes); + tmpOut.write((char *)tmpBuffer, nBytes); } close(fd); //closes the file -#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +#endif ////!defined(HAVE_MKSTEMP) tmpOut.close(); file.close(); -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
