This patch fixes an issues where temporary files were created in an insecure way. It was first intruduced in version 3.8.3-7 and fixes http://bugs.debian.org/438540 --- a/src/tag_file.cpp +++ b/src/tag_file.cpp @@ -242,8 +242,8 @@ strcpy(sTempFile, filename.c_str()); strcat(sTempFile, sTmpSuffix.c_str()); -#if ((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) - // This section is for Windows folk && gcc 3.x folk +#if !defined(HAVE_MKSTEMP) + // This section is for Windows folk fstream tmpOut; createFile(sTempFile, tmpOut); @@ -257,7 +257,7 @@ tmpOut.write((char *)tmpBuffer, nBytes); } -#else //((defined(__GNUC__) && __GNUC__ >= 3 ) || !defined(HAVE_MKSTEMP)) +#else //!defined(HAVE_MKSTEMP) // else we gotta make a temp file, copy the tag into it, copy the // rest of the old file after the tag, delete the old file, rename @@ -270,7 +270,7 @@ //ID3_THROW_DESC(ID3E_NoFile, "couldn't open temp file"); } - ofstream tmpOut(fd); + ofstream tmpOut(sTempFile); if (!tmpOut) { tmpOut.close(); @@ -285,14 +285,14 @@
aboutsummaryrefslogtreecommitdiff
// SPDX-License-Identifier: CC0-1.0

// Copyright (C) 2021, 2022 Wojtek Kosior <koszko@koszko.org>
// Copyright (C) 2022 Jacob K
// Available under the terms of Creative Commons Zero v1.0 Universal.

{
    "$schema": "https://hydrilla.koszko.org/schemas/package_source-2.schema.json",
    "source_name": "lifewire-com-fix",
    "copyright":  [
	// The text of the LicenseRef- GPL also gets included in the report.
	{"file": "report.spdx"},
	{"file": "LICENSES/CC0-1.0.txt"}
    ],
    "additional_files": [
	{"file": "LICENSES/LicenseRef-GPL-3.0-or-later-WITH-js-exceptions.txt"}
    ],
    "upstream_url": "https://git.koszko.org/hydrilla-fixes-bundle/tree/src/lifewire-com-fix",
    "definitions": [{
        "type":        "mapping_and_resource",
        "identifier":  "lifewire-com-fix",
        "long_name":   "Lifewire fix",
        "uuid":        "57068cca-eadc-4c36-8f12-7a23fabe52de",
        "version":     [2022, 6, 28],
        "revision":    1,
        "description": "Make Lifewire more pleasant to browse without using relying on site-served JavaScript.",
        "scripts":     [{"file": "lifewire.js"}],
        "payloads": {
            "https://www.lifewire.com/***": {
                "identifier": "lifewire-com-fix"
            }
        }
    }],
    "reuse_generate_spdx_report": true
}
generated by cgit