guix-devel/gnu/packages/patches/id3lib-CVE-2007-4460.patch

This patch fixes an issues where temporary files were created in an insecure
way.

It was first intruduced in version 3.8.3-7 and fixes
http://bugs.debian.org/438540
--- a/src/tag_file.cpp
+++ b/src/tag_file.cpp
@@ -242,8 +242,8 @@
     strcpy(sTempFile, filename.c_str());
     strcat(sTempFile, sTmpSuffix.c_str());
 
-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
-    // This section is for Windows folk && gcc 3.x folk
+#if !defined(HAVE_MKSTEMP)
+    // This section is for Windows folk
     fstream tmpOut;
     createFile(sTempFile, tmpOut);
 
@@ -257,7 +257,7 @@
       tmpOut.write((char *)tmpBuffer, nBytes);
     }
 
-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#else //!defined(HAVE_MKSTEMP)
 
     // else we gotta make a temp file, copy the tag into it, copy the
     // rest of the old file after the tag, delete the old file, rename
@@ -270,7 +270,7 @@
       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
     }
 
-    ofstream tmpOut(fd);
+    ofstream tmpOut(sTempFile);
     if (!tmpOut)
     {
       tmpOut.close();
@@ -285,14 +285,14 @@
     uchar tmpBuffer[BUFSIZ];
     while (file)
     {
-      file.read(tmpBuffer, BUFSIZ);
+      file.read((char *)tmpBuffer, BUFSIZ);
       size_t nBytes = file.gcount();
-      tmpOut.write(tmpBuffer, nBytes);
+      tmpOut.write((char *)tmpBuffer, nBytes);
     }
 
     close(fd); //closes the file
 
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#endif ////!defined(HAVE_MKSTEMP)
 
     tmpOut.close();
     file.close();
gnu: id3lib: Fix CVE-2007-4460. * gnu/packages/mp3.scm (id3lib)[source]: Add patch. * gnu/packages/patches/id3lib-CVE-2007-4460.patch: New variable. * gnu/local.mk (dist_patch_DATA): Add it. 2016-05-30 16:17:09 +02:00			`This patch fixes an issues where temporary files were created in an insecure`
			`way.`

			`It was first intruduced in version 3.8.3-7 and fixes`
			`http://bugs.debian.org/438540`
			`--- a/src/tag_file.cpp`
			`+++ b/src/tag_file.cpp`
			`@@ -242,8 +242,8 @@`
			`strcpy(sTempFile, filename.c_str());`
			`strcat(sTempFile, sTmpSuffix.c_str());`

			`-#if ((defined(__GNUC__) && __GNUC__ >= 3 ) \|\| !defined(HAVE_MKSTEMP))`
			`- // This section is for Windows folk && gcc 3.x folk`
			`+#if !defined(HAVE_MKSTEMP)`
			`+ // This section is for Windows folk`
			`fstream tmpOut;`
			`createFile(sTempFile, tmpOut);`

			`@@ -257,7 +257,7 @@`
			`tmpOut.write((char *)tmpBuffer, nBytes);`
			`}`

			`-#else //((defined(__GNUC__) && __GNUC__ >= 3 ) \|\| !defined(HAVE_MKSTEMP))`
			`+#else //!defined(HAVE_MKSTEMP)`

			`// else we gotta make a temp file, copy the tag into it, copy the`
			`// rest of the old file after the tag, delete the old file, rename`
			`@@ -270,7 +270,7 @@`
			`//ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");`
			`}`

			`- ofstream tmpOut(fd);`
			`+ ofstream tmpOut(sTempFile);`
			`if (!tmpOut)`
			`{`
			`tmpOut.close();`
			`@@ -285,14 +285,14 @@`
			`uchar tmpBuffer[BUFSIZ];`
			`while (file)`
			`{`
			`- file.read(tmpBuffer, BUFSIZ);`
			`+ file.read((char *)tmpBuffer, BUFSIZ);`
			`size_t nBytes = file.gcount();`
			`- tmpOut.write(tmpBuffer, nBytes);`
			`+ tmpOut.write((char *)tmpBuffer, nBytes);`
			`}`

			`close(fd); //closes the file`

			`-#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) \|\| !defined(HAVE_MKSTEMP))`
			`+#endif ////!defined(HAVE_MKSTEMP)`

			`tmpOut.close();`
			`file.close();`