From 2e372bbb845c4c8a89d03ba814e8c5f5fca16e90 Mon Sep 17 00:00:00 2001
From: maxice8 <thinkabit.ukim@gmail.com>
Date: Wed, 3 Oct 2018 10:17:43 -0300
Subject: [PATCH] id3lib: fix CVE-2007-4460

---
 srcpkgs/id3lib/patches/CVE-2007-4460.patch | 55 ++++++++++++++++++++++
 srcpkgs/id3lib/template                    | 10 ++--
 2 files changed, 60 insertions(+), 5 deletions(-)
 create mode 100644 srcpkgs/id3lib/patches/CVE-2007-4460.patch

diff --git a/srcpkgs/id3lib/patches/CVE-2007-4460.patch b/srcpkgs/id3lib/patches/CVE-2007-4460.patch
new file mode 100644
index 00000000000..ad1a4fe01e0
--- /dev/null
+++ b/srcpkgs/id3lib/patches/CVE-2007-4460.patch
@@ -0,0 +1,55 @@
+This patch fixes an issues where temporary files were created in an insecure
+way.
+
+It was first intruduced in version 3.8.3-7 and fixes
+http://bugs.debian.org/438540
+--- src/tag_file.cpp
++++ src/tag_file.cpp
+@@ -242,8 +242,8 @@
+     strcpy(sTempFile, filename.c_str());
+     strcat(sTempFile, sTmpSuffix.c_str());
+ 
+-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+-    // This section is for Windows folk && gcc 3.x folk
++#if !defined(HAVE_MKSTEMP)
++    // This section is for Windows folk
+     fstream tmpOut;
+     createFile(sTempFile, tmpOut);
+ 
+@@ -257,7 +257,7 @@
+       tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
++#else //!defined(HAVE_MKSTEMP)
+ 
+     // else we gotta make a temp file, copy the tag into it, copy the
+     // rest of the old file after the tag, delete the old file, rename
+@@ -270,7 +270,7 @@
+       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
+     }
+ 
+-    ofstream tmpOut(fd);
++    ofstream tmpOut(sTempFile);
+     if (!tmpOut)
+     {
+       tmpOut.close();
+@@ -285,14 +285,14 @@
+     uchar tmpBuffer[BUFSIZ];
+     while (file)
+     {
+-      file.read(tmpBuffer, BUFSIZ);
++      file.read((char *)tmpBuffer, BUFSIZ);
+       size_t nBytes = file.gcount();
+-      tmpOut.write(tmpBuffer, nBytes);
++      tmpOut.write((char *)tmpBuffer, nBytes);
+     }
+ 
+     close(fd); //closes the file
+ 
+-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
++#endif ////!defined(HAVE_MKSTEMP)
+ 
+     tmpOut.close();
+     file.close();
+
diff --git a/srcpkgs/id3lib/template b/srcpkgs/id3lib/template
index 846c29a45c9..44cb7f55f1d 100644
--- a/srcpkgs/id3lib/template
+++ b/srcpkgs/id3lib/template
@@ -1,15 +1,15 @@
-# Template file for 'id3lib' 
+# Template file for 'id3lib'
 pkgname=id3lib
 version=3.8.3
-revision=5
+revision=6
 build_style=gnu-configure
 hostmakedepends="libtool automake"
 makedepends="zlib-devel"
 short_desc="Library for reading, writing, and manipulating ID3v1 and ID3v2 tags"
-maintainer="Christian Neukirchen <chneukirchen@gmail.com>"
-license="LGPL-3"
+maintainer="Leah Neukirchen <leah@vuxu.org>"
+license="LGPL-2.0-or-later"
 homepage="http://id3lib.sourceforge.net/"
-distfiles="${SOURCEFORGE_SITE}/$pkgname/$pkgname-$version.tar.gz"
+distfiles="${SOURCEFORGE_SITE}/${pkgname}/${pkgname}-${version}.tar.gz"
 checksum=2749cc3c0cd7280b299518b1ddf5a5bcfe2d1100614519b68702230e26c7d079
 
 pre_configure() {