From 85bb0779ba6b6e928eb44a23df72fbd861965991 Mon Sep 17 00:00:00 2001
From: Hanspeter Niederstrasser <nieder@users.sourceforge.net>
Date: Wed, 22 Feb 2023 05:12:17 -0600
Subject: [PATCH] libid3tag: modernize build and pull patches from Debian,
 Fedora, Gentoo. Consider moving to upstream fork
 https://codeberg.org/tenacityteam/libid3tag which is used by Fedora and
 Gentoo. Need to wait for SONAME fix first:
 https://codeberg.org/tenacityteam/libid3tag/issues/5 Should fix #998

---
 .../stable/main/finkinfo/sound/libid3tag.info | 42 +++++++++++--
 .../main/finkinfo/sound/libid3tag.patch       | 62 +++++++++++++++++++
 2 files changed, 98 insertions(+), 6 deletions(-)

diff --git a/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.info b/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.info
index b4eebec3cff..aeab6d52433 100644
--- a/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.info
+++ b/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.info
@@ -1,20 +1,40 @@
 Package: libid3tag
 Version: 0.15.1b
-Revision: 5
+Revision: 6
 Depends: %N-shlibs (= %v-%r)
-BuildDepends: libgettext8-dev, gettext-bin, gettext-tools, fink (>= 0.24.12)
+BuildDepends: <<
+	autoconf2.6,
+	fink (>= 0.32),
+	fink-package-precedence,
+	gettext-bin,
+	gettext-tools,
+	libgettext8-dev,
+	libtool2
+<<
 Replaces: mad
 Maintainer: None <fink-devel@lists.sourceforge.net>
 Source: mirror:sourceforge:mad/%n-%v.tar.gz
 Source-Checksum: SHA256(63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151)
+Source2: mirror:debian:pool/main/libi/libid3tag/libid3tag_%v-14.debian.tar.xz
+Source2-Checksum: SHA256(f174cafe02bef25a9ad8cb7f9ce80119147297a7036f50878e85ac0d7ae09c62)
+UpdateConfigGuess: true
 PatchFile: %n.patch
-PatchFile-MD5: d6a8f96f7d17df32197d9fda168f653f
+PatchFile-MD5: 2ce6285f81f4e693039c10ecff4e9e51
+SetCFLAGS: -MD
 PatchScript: <<
- %{default_script}
- perl -pi.bak -e 's,-flat_namespace -undefined suppress,-twolevel_namespace -undefined error,g' configure && perl -pi.bak -e 's,FINK_PREFIX,%p,g' id3tag.pc
+	%{default_script}
+	patch -p1 < ../debian/patches/10_a_capella.dpatch
+	patch -p1 < ../debian/patches/10_utf16.dpatch
+	patch -p1 < ../debian/patches/11_unknown_encoding.dpatch
+	patch -p1 < ../debian/patches/add-m4-directory.patch
+	patch -p1 < ../debian/patches/gperf_size_t.patch
+	autoreconf -vfi
+	perl -pi.bak -e 's,FINK_PREFIX,%p,g' id3tag.pc
 <<
 InstallScript: <<
- make install DESTDIR=%d && mkdir -p %i/lib/pkgconfig && mv id3tag.pc %i/lib/pkgconfig/
+	fink-package-precedence --prohibit-bdep %n .
+	make install DESTDIR=%d
+	mkdir -p %i/lib/pkgconfig && mv id3tag.pc %i/lib/pkgconfig/
 <<
 
 DocFiles: CHANGES COPYING COPYRIGHT CREDITS README TODO VERSION
@@ -33,5 +53,15 @@ DescDetail: <<
  libid3tag is a library for reading and (eventually) writing
  ID3 tags, both ID3v1 and the various versions of ID3v2.
 <<
+DescPackaging: <<
+* Use Debian's patches.
+* Gentoo's patch from possible revived 'upstream' for CVE-2017-11550, CVE-2017-11551
+causes a conflicting types error in compat.c generated files, so only use part of it.
+https://bugs.gentoo.org/626698
+https://codeberg.org/tenacityteam/libid3tag/pulls/7
+* 'Upstream' patch for CVE2008-05-05
+* Fedora patches not already in Debian's list
+https://src.fedoraproject.org/rpms/libid3tag/tree/f37
+<<
 License: GPL
 Homepage: http://www.underbit.com/products/mad/
diff --git a/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.patch b/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.patch
index 9ebdd8cddcb..a154d1e6c3f 100644
--- a/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.patch
+++ b/10.9-libcxx/stable/main/finkinfo/sound/libid3tag.patch
@@ -13,3 +13,65 @@ diff -Naur libid3tag-0.15.0b-old/id3tag.pc libid3tag-0.15.0b/id3tag.pc
 +Version: 0.15.0b
 +Libs: -L${libdir} -lid3tag -lm
 +Cflags: -I${includedir}
+From 8bfecd7e1ec8919cad3c7fe08ef83a2c9cbd1f92 Mon Sep 17 00:00:00 2001
+From: Michael Moon <triffid.hunter@gmail.com>
+Date: Thu, 7 Oct 2021 12:29:53 +0800
+Subject: [PATCH 2/2] Add a sanity check to id3_ucs4_length. Issue #6
+
+Signed-off-by: Michael Moon <triffid.hunter@gmail.com>
+---
+ ucs4.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/ucs4.c b/ucs4.c
+index f55f159..9d2e02b 100644
+--- a/ucs4.c
++++ b/ucs4.c
+@@ -37,6 +37,9 @@ id3_ucs4_t const id3_ucs4_empty[] = { 0 };
+  */
+ id3_length_t id3_ucs4_length(id3_ucs4_t const *ucs4)
+ {
++	if (!ucs4)
++		return 0;
++
+   id3_ucs4_t const *ptr = ucs4;
+ 
+   while (*ptr)
+-- 
+2.30.8
+
+From 468a863f1da1d5b48e18bb409eb932d765dfcd68 Mon Sep 17 00:00:00 2001
+From: Be <be@mixxx.org>
+Date: Thu, 12 Aug 2021 12:10:42 -0500
+Subject: [PATCH] apply patch for CVE 2008-05-05
+
+---
+ field.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/field.c b/field.c
+index f2ecc0f..24856c6 100644
+--- a/field.c
++++ b/field.c
+@@ -291,7 +291,7 @@ int id3_field_parse(union id3_field *field, id3_byte_t const **ptr,
+ 
+       end = *ptr + length;
+ 
+-      while (end - *ptr > 0) {
++      while (end - *ptr > 0 && **ptr != '\0') {
+ 	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ 	if (ucs4 == 0)
+ 	  goto fail;
+
+From Fedora libid3tag-0.15.1b-id3v2-endless-loop.patch
+--- a/utf16.c	2005-01-07 12:35:28.622883237 +0100
++++ b/utf16.c	2005-01-07 12:35:36.603673548 +0100
+@@ -250,6 +250,8 @@
+   id3_ucs4_t *ucs4;
+ 
+   end = *ptr + (length & ~1);
++  if (end == *ptr)
++    return 0;
+ 
+   utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
+   if (utf16 == 0)