Warning, /multimedia/kid3/packaging/patches/id3lib-3.8.3-40-deal-with-mkstemp.patch is written in an unsupported language. File is not indexed.
0001 This patch fixes an issues where temporary files were created in an insecure
0002 way.
0003
0004 It was first intruduced in version 3.8.3-7 and fixes
0005 http://bugs.debian.org/438540
0006 --- a/src/tag_file.cpp
0007 +++ b/src/tag_file.cpp
0008 @@ -242,8 +242,8 @@
0009 strcpy(sTempFile, filename.c_str());
0010 strcat(sTempFile, sTmpSuffix.c_str());
0011
0012 -#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
0013 - // This section is for Windows folk && gcc 3.x folk
0014 +#if !defined(HAVE_MKSTEMP)
0015 + // This section is for Windows folk
0016 fstream tmpOut;
0017 createFile(sTempFile, tmpOut);
0018
0019 @@ -257,7 +257,7 @@
0020 tmpOut.write((char *)tmpBuffer, nBytes);
0021 }
0022
0023 -#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
0024 +#else //!defined(HAVE_MKSTEMP)
0025
0026 // else we gotta make a temp file, copy the tag into it, copy the
0027 // rest of the old file after the tag, delete the old file, rename
0028 @@ -270,7 +270,7 @@
0029 //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
0030 }
0031
0032 - ofstream tmpOut(fd);
0033 + ofstream tmpOut(sTempFile);
0034 if (!tmpOut)
0035 {
0036 tmpOut.close();
0037 @@ -285,14 +285,14 @@
0038 uchar tmpBuffer[BUFSIZ];
0039 while (file)
0040 {
0041 - file.read(tmpBuffer, BUFSIZ);
0042 + file.read((char *)tmpBuffer, BUFSIZ);
0043 size_t nBytes = file.gcount();
0044 - tmpOut.write(tmpBuffer, nBytes);
0045 + tmpOut.write((char *)tmpBuffer, nBytes);
0046 }
0047
0048 close(fd); //closes the file
0049
0050 -#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP))
0051 +#endif ////!defined(HAVE_MKSTEMP)
0052
0053 tmpOut.close();
0054 file.close();