libid3tag: libid3tag-$(LIBID3TAG_VERSION).tar.gz
$(EXTRACT_GZ)
+ patch -d libid3tag -p0 < Patches/libid3tag-0.15.1b-fix-CVE-2008-2109.patch
.id3tag: libid3tag
(cd $<; $(HOSTCC) ./configure $(HOSTCONF) --prefix=$(PREFIX) && make && make install)
--- /dev/null
+*** field.c 2003-04-19 09:14:33.000000000 +0900
+--- field-patched.c 2008-01-13 16:08:22.000000000 +0900
+***************
+*** 291,297 ****
+
+ end = *ptr + length;
+
+! while (end - *ptr > 0) {
+ ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ if (ucs4 == 0)
+ goto fail;
+--- 291,297 ----
+
+ end = *ptr + length;
+
+! while (end - *ptr > 0 && **ptr != '\0') {
+ ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ if (ucs4 == 0)
+ goto fail;