Warning, /multimedia/kid3/packaging/patches/id3lib-3.8.3-40-deal-with-mkstemp.patch is written in an unsupported language. File is not indexed.
0001 This patch fixes an issues where temporary files were created in an insecure 0002 way. 0003 0004 It was first intruduced in version 3.8.3-7 and fixes 0005 http://bugs.debian.org/438540 0006 --- a/src/tag_file.cpp 0007 +++ b/src/tag_file.cpp 0008 @@ -242,8 +242,8 @@ 0009 strcpy(sTempFile, filename.c_str()); 0010 strcat(sTempFile, sTmpSuffix.c_str()); 0011 0012 -#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) 0013 - // This section is for Windows folk && gcc 3.x folk 0014 +#if !defined(HAVE_MKSTEMP) 0015 + // This section is for Windows folk 0016 fstream tmpOut; 0017 createFile(sTempFile, tmpOut); 0018 0019 @@ -257,7 +257,7 @@ 0020 tmpOut.write((char *)tmpBuffer, nBytes); 0021 } 0022 0023 -#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) 0024 +#else //!defined(HAVE_MKSTEMP) 0025 0026 // else we gotta make a temp file, copy the tag into it, copy the 0027 // rest of the old file after the tag, delete the old file, rename 0028 @@ -270,7 +270,7 @@ 0029 //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); 0030 } 0031 0032 - ofstream tmpOut(fd); 0033 + ofstream tmpOut(sTempFile); 0034 if (!tmpOut) 0035 { 0036 tmpOut.close(); 0037 @@ -285,14 +285,14 @@ 0038 uchar tmpBuffer[BUFSIZ]; 0039 while (file) 0040 { 0041 - file.read(tmpBuffer, BUFSIZ); 0042 + file.read((char *)tmpBuffer, BUFSIZ); 0043 size_t nBytes = file.gcount(); 0044 - tmpOut.write(tmpBuffer, nBytes); 0045 + tmpOut.write((char *)tmpBuffer, nBytes); 0046 } 0047 0048 close(fd); //closes the file 0049 0050 -#endif ////((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) 0051 +#endif ////!defined(HAVE_MKSTEMP) 0052 0053 tmpOut.close(); 0054 file.close();