rpms/id3lib/devel id3lib-3.8.3-mkstemp.patch, NONE, 1.1 id3lib.spec, 1.14, 1.15

Mon Aug 20 21:08:49 UTC 2007

Author: jwrdegoede

Update of /cvs/extras/rpms/id3lib/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv19244

Modified Files:
	id3lib.spec 
Added Files:
	id3lib-3.8.3-mkstemp.patch 
Log Message:
* Mon Aug 20 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 3.8.3-17
- Use mkstemp instead of insecure tempfile creation (bz 253553)


id3lib-3.8.3-mkstemp.patch:

--- NEW FILE id3lib-3.8.3-mkstemp.patch ---
--- id3lib3.8.3-3.8.3.orig/src/tag_file.cpp
+++ id3lib3.8.3-3.8.3/src/tag_file.cpp
@@ -242,8 +242,8 @@
     strcpy(sTempFile, filename.c_str());
     strcat(sTempFile, sTmpSuffix.c_str());
 
-#if ((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
-    // This section is for Windows folk && gcc 3.x folk
+#if !defined(HAVE_MKSTEMP)
+    // This section is for Windows folk
     fstream tmpOut;
     createFile(sTempFile, tmpOut);
 
@@ -257,7 +257,7 @@
       tmpOut.write((char *)tmpBuffer, nBytes);
     }
 
-#else //((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#else //!defined(HAVE_MKSTEMP)
 
     // else we gotta make a temp file, copy the tag into it, copy the
     // rest of the old file after the tag, delete the old file, rename
@@ -270,7 +270,7 @@
       //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file");
     }
 
-    ofstream tmpOut(fd);
+    ofstream tmpOut(sTempFile);
     if (!tmpOut)
     {
       tmpOut.close();
@@ -285,14 +285,14 @@
     uchar tmpBuffer[BUFSIZ];
     while (file)
     {
-      file.read(tmpBuffer, BUFSIZ);
+      file.read((char *)tmpBuffer, BUFSIZ);
       size_t nBytes = file.gcount();
-      tmpOut.write(tmpBuffer, nBytes);
+      tmpOut.write((char *)tmpBuffer, nBytes);
     }
 
     close(fd); //closes the file
 
-#endif ////((defined(__GNUC__) && __GNUC__ >= 3  ) || !defined(HAVE_MKSTEMP))
+#endif ////!defined(HAVE_MKSTEMP)
 
     tmpOut.close();
     file.close();


Index: id3lib.spec
===================================================================
RCS file: /cvs/extras/rpms/id3lib/devel/id3lib.spec,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- id3lib.spec	13 Aug 2007 15:13:50 -0000	1.14
+++ id3lib.spec	20 Aug 2007 21:08:15 -0000	1.15
@@ -1,7 +1,7 @@
 Summary:	Library for manipulating ID3v1 and ID3v2 tags
 Name:		id3lib
 Version:	3.8.3
-Release:	16%{?dist}
+Release:	17%{?dist}
 License:	LGPLv2+
 Group:		System Environment/Libraries
 URL:		http://id3lib.sourceforge.net/
@@ -9,6 +9,7 @@
 Patch0:		id3lib-dox.patch
 Patch1:		id3lib-3.8.3-libtool-autofoo.patch.bz2
 Patch2:		id3lib-3.8.3-io_helpers-163101.patch
+Patch3:		id3lib-3.8.3-mkstemp.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires:	zlib-devel doxygen
 
@@ -37,10 +38,11 @@
 %patch0 -p0
 %patch1 -p1 -b .libtool-autofoo
 %patch2 -p1 -b .io_helpers-163101
+%patch3 -p1 -b .mkstemp
 chmod -x src/*.h src/*.cpp include/id3/*.h
 sed -i -e 's/\r//' doc/id3v2.3.0.*
 sed -i -e 's|@DOX_DIR_HTML@|%{_docdir}/%{name}-devel-%{version}/api|' \
-    doc/index.html.in
+	doc/index.html.in
 
 
 %build
@@ -83,6 +85,9 @@
 
 
 %changelog
+* Mon Aug 20 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 3.8.3-17
+- Use mkstemp instead of insecure tempfile creation (bz 253553)
+
 * Mon Aug 13 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 3.8.3-16
 - Update License tag for new Licensing Guidelines compliance
 


