Page Menu
Home
Solus
Search
Configure Global Search
Log In
Files
F10992805
D2753.id6806.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
5 KB
Referenced Files
None
Subscribers
None
D2753.id6806.diff
View Options
diff --git a/files/gperf-size_t.patch b/files/gperf-size_t.patch
new file mode 100644
--- /dev/null
+++ b/files/gperf-size_t.patch
@@ -0,0 +1,25 @@
+Index: libid3tag-0.15.1b/frametype.h
+===================================================================
+--- libid3tag-0.15.1b.orig/frametype.h
++++ libid3tag-0.15.1b/frametype.h
+@@ -37,6 +37,6 @@ extern struct id3_frametype const id3_fr
+ extern struct id3_frametype const id3_frametype_obsolete;
+
+ struct id3_frametype const *id3_frametype_lookup(register char const *,
+- register unsigned int);
++ register size_t);
+
+ # endif
+Index: libid3tag-0.15.1b/compat.h
+===================================================================
+--- libid3tag-0.15.1b.orig/compat.h
++++ libid3tag-0.15.1b/compat.h
+@@ -34,7 +34,7 @@ struct id3_compat {
+ };
+
+ struct id3_compat const *id3_compat_lookup(register char const *,
+- register unsigned int);
++ register size_t);
+
+ int id3_compat_fixup(struct id3_tag *);
+
diff --git a/files/security/CVE-2004-2779.patch b/files/security/CVE-2004-2779.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2004-2779.patch
@@ -0,0 +1,11 @@
+--- utf16.c.old 2005-01-07 12:35:28.622883237 +0100
++++ utf16.c 2005-01-07 12:35:36.603673548 +0100
+@@ -250,6 +250,8 @@
+ id3_ucs4_t *ucs4;
+
+ end = *ptr + (length & ~1);
++ if (end == *ptr)
++ return 0;
+
+ utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
+ if (utf16 == 0)
diff --git a/files/security/CVE-2008-2109.patch b/files/security/CVE-2008-2109.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2008-2109.patch
@@ -0,0 +1,11 @@
+--- field.c.orig 2008-05-05 09:49:15.000000000 -0400
++++ field.c 2008-05-05 09:49:25.000000000 -0400
+@@ -291,7 +291,7 @@
+
+ end = *ptr + length;
+
+- while (end - *ptr > 0) {
++ while (end - *ptr > 0 && **ptr != '\0') {
+ ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ if (ucs4 == 0)
+ goto fail;
diff --git a/files/security/CVE-2017-11550.patch b/files/security/CVE-2017-11550.patch
new file mode 100644
--- /dev/null
+++ b/files/security/CVE-2017-11550.patch
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 11_unknown_encoding.dpatch by Andreas Henriksson <andreas@fatal.se>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: In case of an unknown/invalid encoding, id3_parse_string() will
+## DP: return NULL, but the return value wasn't checked resulting
+## DP: in segfault in id3_ucs4_length(). This is the only place
+## DP: the return value wasn't checked.
+
+@DPATCH@
+diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
+--- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000
+@@ -236,6 +236,10 @@
+
+ encoding = id3_parse_uint(&data, 1);
+ string = id3_parse_string(&data, end - data, encoding, 0);
++ if (!string)
++ {
++ continue;
++ }
+
+ if (id3_ucs4_length(string) < 4) {
+ free(string);
+diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
+--- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000
+@@ -165,6 +165,9 @@
+ case ID3_FIELD_TEXTENCODING_UTF_8:
+ ucs4 = id3_utf8_deserialize(ptr, length);
+ break;
++ default:
++ /* FIXME: Unknown encoding! Print warning? */
++ return NULL;
+ }
+
+ if (ucs4 && !full) {
diff --git a/files/series b/files/series
new file mode 100644
--- /dev/null
+++ b/files/series
@@ -0,0 +1,4 @@
+security/CVE-2004-2779.patch -p0
+security/CVE-2008-2109.patch -p0
+security/CVE-2017-11550.patch
+gperf-size_t.patch
diff --git a/package.yml b/package.yml
--- a/package.yml
+++ b/package.yml
@@ -1,14 +1,21 @@
name : libid3tag
version : 0.15.1b
-release : 3
+release : 4
source :
- ftp://ftp.mars.org/pub/mpeg/libid3tag-0.15.1b.tar.gz : 63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151
-license : GPL-2.0
+license : GPL-2.0-only
component : multimedia.library
summary : library for id3 tagging
description: |
library for id3 tagging
+builddeps :
+ - gperf
setup : |
+ %apply_patches
+
+ # Force these files to be regenerated from the .gperf sources
+ rm compat.c frametype.c
+
%configure --disable-static
build : |
%make
diff --git a/pspec_x86_64.xml b/pspec_x86_64.xml
--- a/pspec_x86_64.xml
+++ b/pspec_x86_64.xml
@@ -2,10 +2,10 @@
<Source>
<Name>libid3tag</Name>
<Packager>
- <Name>Joshua Strobl</Name>
- <Email>joshua@stroblindustries.com</Email>
+ <Name>Pierre-Yves</Name>
+ <Email>pyu@riseup.net</Email>
</Packager>
- <License>GPL-2.0</License>
+ <License>GPL-2.0-only</License>
<PartOf>multimedia.library</PartOf>
<Summary xml:lang="en">library for id3 tagging</Summary>
<Description xml:lang="en">library for id3 tagging
@@ -29,7 +29,7 @@
</Description>
<PartOf>programming.devel</PartOf>
<RuntimeDependencies>
- <Dependency release="3">libid3tag</Dependency>
+ <Dependency release="4">libid3tag</Dependency>
</RuntimeDependencies>
<Files>
<Path fileType="header">/usr/include/</Path>
@@ -38,12 +38,12 @@
</Files>
</Package>
<History>
- <Update release="3">
- <Date>2016-06-16</Date>
+ <Update release="4">
+ <Date>2018-04-19</Date>
<Version>0.15.1b</Version>
<Comment>Packaging update</Comment>
- <Name>Joshua Strobl</Name>
- <Email>joshua@stroblindustries.com</Email>
+ <Name>Pierre-Yves</Name>
+ <Email>pyu@riseup.net</Email>
</Update>
</History>
</PISI>
\ No newline at end of file
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Wed, Jul 26, 1:27 PM (2 w, 2 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
5797866
Default Alt Text
D2753.id6806.diff (5 KB)
Attached To
Mode
D2753: Address multiple CVE's in libid3tag
Attached
Detach File
Event Timeline
Log In to Comment