summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMax Rees <maxcrees@me.com>2019-08-04 00:47:38 -0500
committerMax Rees <maxcrees@me.com>2019-08-04 00:47:38 -0500
commitaae4e5d456512abdd20804e08bac1cddc95377b1 (patch)
treec4dd75d0b1eb3fea2c0f39823f886280c6e281d2
parent1ca5d4bd50ec27c389e11663177675325cbb13c8 (diff)
downloadpackages-aae4e5d456512abdd20804e08bac1cddc95377b1.tar.gz
packages-aae4e5d456512abdd20804e08bac1cddc95377b1.tar.bz2
packages-aae4e5d456512abdd20804e08bac1cddc95377b1.tar.xz
packages-aae4e5d456512abdd20804e08bac1cddc95377b1.zip
user/taglib: patch for CVE-2017-12678 and CVE-2018-11439 (#150)
-rw-r--r--user/taglib/APKBUILD15
-rw-r--r--user/taglib/CVE-2017-12678.patch31
-rw-r--r--user/taglib/CVE-2018-11439.patch42
3 files changed, 85 insertions, 3 deletions
diff --git a/user/taglib/APKBUILD b/user/taglib/APKBUILD
index 60586f78e..0b7731116 100644
--- a/user/taglib/APKBUILD
+++ b/user/taglib/APKBUILD
@@ -1,7 +1,7 @@
# Maintainer: A. Wilcox <awilfox@adelielinux.org>
pkgname=taglib
pkgver=1.11.1
-pkgrel=2
+pkgrel=3
pkgdesc="Library for manipulating audio file metadata"
url="https://taglib.org/"
arch="all"
@@ -10,7 +10,14 @@ license="LGPL-2.1-only AND MPL-1.1"
depends=""
makedepends="cmake zlib-dev"
subpackages="$pkgname-dev"
-source="http://taglib.org/releases/taglib-$pkgver.tar.gz"
+source="http://taglib.org/releases/taglib-$pkgver.tar.gz
+ CVE-2017-12678.patch
+ CVE-2018-11439.patch"
+
+# secfixes:
+# 1.11.1-r3:
+# - CVE-2017-12678
+# - CVE-2018-11439
build() {
cd "$builddir"
@@ -27,4 +34,6 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz"
+sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz
+e50810e8d790c490b7d6752c4bf65da812b7534b9920c505d83b8bd0d67fe9991b4db488b6a63e69b206bbcb3cf80754018b17294b5832dd05bfad9a0fbc56c6 CVE-2017-12678.patch
+9a118f9410404996bf3879325f77fcfb638f6cc71b4e258d9786bd741c2c45f26385a6049788ef6ebc56c7c987bd7ef6267a461f4478f5d52d236b035287cdf2 CVE-2018-11439.patch"
diff --git a/user/taglib/CVE-2017-12678.patch b/user/taglib/CVE-2017-12678.patch
new file mode 100644
index 000000000..71081c6d6
--- /dev/null
+++ b/user/taglib/CVE-2017-12678.patch
@@ -0,0 +1,31 @@
+From cb9f07d9dcd791b63e622da43f7b232adaec0a9a Mon Sep 17 00:00:00 2001
+From: "Stephen F. Booth" <me@sbooth.org>
+Date: Sat, 30 Sep 2017 10:15:41 -0500
+Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
+ (#831)
+
+If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
+which causes problems in rebuildAggregateFrames() when it is assumed
+that TDRC is a TextIdentificationFrame
+---
+ taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+index 759a9b7be..9347ab869 100644
+--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
+ tag->frameList("TDAT").size() == 1)
+ {
+ TextIdentificationFrame *tdrc =
+- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+ UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+
+- if(tdrc->fieldList().size() == 1 &&
++ if(tdrc &&
++ tdrc->fieldList().size() == 1 &&
+ tdrc->fieldList().front().size() == 4 &&
+ tdat->data().size() >= 5)
+ {
diff --git a/user/taglib/CVE-2018-11439.patch b/user/taglib/CVE-2018-11439.patch
new file mode 100644
index 000000000..20b777e74
--- /dev/null
+++ b/user/taglib/CVE-2018-11439.patch
@@ -0,0 +1,42 @@
+From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Tue, 9 Oct 2018 18:46:55 -0500
+Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
+ (#869)
+
+CVE-2018-11439 is caused by a failure to check the minimum length
+of a ogg flac header. This header is detailed in full at:
+https://xiph.org/flac/ogg_mapping.html. Added more strict checking
+for entire header.
+---
+ taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
+index 53d04508a..07ea9dccc 100644
+--- a/taglib/ogg/flac/oggflacfile.cpp
++++ b/taglib/ogg/flac/oggflacfile.cpp
+@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
+
+ if(!metadataHeader.startsWith("fLaC")) {
+ // FLAC 1.1.2+
++ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++ if(metadataHeader.size() < 13)
++ return;
++
++ if(metadataHeader[0] != 0x7f)
++ return;
++
+ if(metadataHeader.mid(1, 4) != "FLAC")
+ return;
+
+- if(metadataHeader[5] != 1)
+- return; // not version 1
++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++ return; // not version 1.0
++
++ if(metadataHeader.mid(9, 4) != "fLaC")
++ return;
+
+ metadataHeader = metadataHeader.mid(13);
+ }