SOURCES: id3lib-CVE-2007-4460.patch (NEW) - new
adamg
adamg at pld-linux.org
Sat Sep 1 15:33:03 CEST 2007
Author: adamg Date: Sat Sep 1 13:33:03 2007 GMT
Module: SOURCES Tag: HEAD
---- Log message:
- new
---- Files affected:
SOURCES:
id3lib-CVE-2007-4460.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: SOURCES/id3lib-CVE-2007-4460.patch
diff -u /dev/null SOURCES/id3lib-CVE-2007-4460.patch:1.1
--- /dev/null Sat Sep 1 15:33:03 2007
+++ SOURCES/id3lib-CVE-2007-4460.patch Sat Sep 1 15:32:58 2007
@@ -0,0 +1,49 @@
+--- id3lib3.8.3-3.8.3.orig/src/tag_file.cpp
++++ id3lib3.8.3-3.8.3/src/tag_file.cpp
+@@ -242,8 +242,8 @@
+ strcpy(sTempFile, filename.c_str());
+ strcat(sTempFile, sTmpSuffix.c_str());
+
+-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
+- // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++ // This section is for Windows folk
+ fstream tmpOut;
+ createFile(sTempFile, tmpOut);
+
+@@ -257,7 +257,7 @@
+ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+
+ // else we gotta make a temp file, copy the tag into it, copy the
+ // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+ }
+
+- ofstream tmpOut(fd);
++ ofstream tmpOut(sTempFile);
+ if (!tmpOut)
+ {
+ tmpOut.close();
+@@ -285,14 +285,14 @@
+ uchar tmpBuffer[BUFSIZ];
+ while (file)
+ {
+- file.read(tmpBuffer, BUFSIZ);
++ file.read((char *)tmpBuffer, BUFSIZ);
+ size_t nBytes = file.gcount();
+- tmpOut.write(tmpBuffer, nBytes);
++ tmpOut.write((char *)tmpBuffer, nBytes);
+ }
+
+ close(fd); //closes the file
+
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+
+ tmpOut.close();
+ file.close();
================================================================
More information about the pld-cvs-commit
mailing list