From c9cd8c875ef80a88bb19101f35dcaab3c30eb6da Mon Sep 17 00:00:00 2001 From: maxice8 Date: Tue, 2 Oct 2018 09:32:06 -0300 Subject: [PATCH] taglib: fix CVE-2017-12678 CVE-2018-11439 --- srcpkgs/taglib/patches/CVE-2017-12678.patch | 40 ++++++++++++++++ srcpkgs/taglib/patches/CVE-2018-11439.patch | 51 +++++++++++++++++++++ srcpkgs/taglib/template | 5 +- 3 files changed, 94 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/taglib/patches/CVE-2017-12678.patch create mode 100644 srcpkgs/taglib/patches/CVE-2018-11439.patch diff --git a/srcpkgs/taglib/patches/CVE-2017-12678.patch b/srcpkgs/taglib/patches/CVE-2017-12678.patch new file mode 100644 index 00000000000..4bd9f2be175 --- /dev/null +++ b/srcpkgs/taglib/patches/CVE-2017-12678.patch @@ -0,0 +1,40 @@ +From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001 +From: "Stephen F. Booth" +Date: Sun, 23 Jul 2017 10:11:09 -0400 +Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame + +If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame +which causes problems in rebuildAggregateFrames() when it is assumed +that TDRC is a TextIdentificationFrame + +Upstream-Status: Backport +[https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6] + +CVE: CVE-2017-12678 + +Signed-off-by: Yi Zhao +--- + taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp +index 759a9b7b..9347ab86 100644 +--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp ++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp +@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const + tag->frameList("TDAT").size() == 1) + { + TextIdentificationFrame *tdrc = +- static_cast(tag->frameList("TDRC").front()); ++ dynamic_cast(tag->frameList("TDRC").front()); + UnknownFrame *tdat = static_cast(tag->frameList("TDAT").front()); + +- if(tdrc->fieldList().size() == 1 && ++ if(tdrc && ++ tdrc->fieldList().size() == 1 && + tdrc->fieldList().front().size() == 4 && + tdat->data().size() >= 5) + { +-- +2.13.5 + diff --git a/srcpkgs/taglib/patches/CVE-2018-11439.patch b/srcpkgs/taglib/patches/CVE-2018-11439.patch new file mode 100644 index 00000000000..cdd66e67f72 --- /dev/null +++ b/srcpkgs/taglib/patches/CVE-2018-11439.patch @@ -0,0 +1,51 @@ +From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 +From: Scott Gayou +Date: Mon, 4 Jun 2018 11:34:36 -0400 +Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) + +This CVE is caused by a failure to check the minimum length +of a ogg flac header. This header is detailed in full at: +https://xiph.org/flac/ogg_mapping.html. Added more strict checking +for entire header. + +Upstream-Status: Backport +[https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278] + +CVE: CVE-2018-11439 + +Signed-off-by: Yi Zhao +--- + taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp +index 53d0450..07ea9dc 100644 +--- a/taglib/ogg/flac/oggflacfile.cpp ++++ b/taglib/ogg/flac/oggflacfile.cpp +@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() + + if(!metadataHeader.startsWith("fLaC")) { + // FLAC 1.1.2+ ++ // See https://xiph.org/flac/ogg_mapping.html for the header specification. ++ if(metadataHeader.size() < 13) ++ return; ++ ++ if(metadataHeader[0] != 0x7f) ++ return; ++ + if(metadataHeader.mid(1, 4) != "FLAC") + return; + +- if(metadataHeader[5] != 1) +- return; // not version 1 ++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) ++ return; // not version 1.0 ++ ++ if(metadataHeader.mid(9, 4) != "fLaC") ++ return; + + metadataHeader = metadataHeader.mid(13); + } +-- +2.7.4 + diff --git a/srcpkgs/taglib/template b/srcpkgs/taglib/template index 635ad2ddd48..652ca01c30b 100644 --- a/srcpkgs/taglib/template +++ b/srcpkgs/taglib/template @@ -1,7 +1,8 @@ # Template file for 'taglib' pkgname=taglib version=1.11.1 -revision=3 +revision=4 +patch_args="-Np1" build_style=cmake configure_args="-DWITH_MP4=ON -DWITH_ASF=ON -DBUILD_SHARED_LIBS=ON" hostmakedepends="pkg-config" @@ -10,7 +11,7 @@ short_desc="Library for accessing ID tags in various media files" maintainer="Juan RP " homepage="https://taglib.github.io/" license="LGPL-2.1, MPL-1.1" -distfiles="https://github.com/taglib/taglib/archive/v$version.tar.gz" +distfiles="https://github.com/taglib/taglib/archive/v${version}.tar.gz" checksum=b6d1a5a610aae6ff39d93de5efd0fdc787aa9e9dc1e7026fa4c961b26563526b taglib-devel_package() {