pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/pkgsrc-2019Q2]: pkgsrc/audio/taglib Pullup ticket #6005 - requested b...
details: https://anonhg.NetBSD.org/pkgsrc/rev/55d4cc1e97ea
branches: pkgsrc-2019Q2
changeset: 336609:55d4cc1e97ea
user: bsiegert <bsiegert%pkgsrc.org@localhost>
date: Thu Jul 18 13:33:52 2019 +0000
description:
Pullup ticket #6005 - requested by nia
audio/taglib: security fix
Revisions pulled up:
- audio/taglib/Makefile 1.40
- audio/taglib/distinfo 1.22
- audio/taglib/patches/patch-CVE-2017-12678 1.1
- audio/taglib/patches/patch-CVE-2018-11439 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jul 18 09:36:37 UTC 2019
Modified Files:
pkgsrc/audio/taglib: Makefile distinfo
Added Files:
pkgsrc/audio/taglib/patches: patch-CVE-2017-12678 patch-CVE-2018-11439
Log Message:
taglib: Add patches from upstream's git for the following CVEs:
CVE-2017-12678 - denial-of-service
CVE-2018-11439 - information-disclosure
Bump PKGREVISION.
diffstat:
audio/taglib/Makefile | 3 +-
audio/taglib/distinfo | 4 ++-
audio/taglib/patches/patch-CVE-2017-12678 | 28 ++++++++++++++++++++++++++
audio/taglib/patches/patch-CVE-2018-11439 | 33 +++++++++++++++++++++++++++++++
4 files changed, 66 insertions(+), 2 deletions(-)
diffs (94 lines):
diff -r d99735ca6336 -r 55d4cc1e97ea audio/taglib/Makefile
--- a/audio/taglib/Makefile Thu Jul 18 13:32:31 2019 +0000
+++ b/audio/taglib/Makefile Thu Jul 18 13:33:52 2019 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2017/05/03 08:38:39 jperkin Exp $
+# $NetBSD: Makefile,v 1.39.20.1 2019/07/18 13:33:52 bsiegert Exp $
DISTNAME= taglib-1.11.1
+PKGREVISION= 1
CATEGORIES= audio
MASTER_SITES= http://taglib.github.io/releases/
diff -r d99735ca6336 -r 55d4cc1e97ea audio/taglib/distinfo
--- a/audio/taglib/distinfo Thu Jul 18 13:32:31 2019 +0000
+++ b/audio/taglib/distinfo Thu Jul 18 13:33:52 2019 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.21 2016/10/31 16:32:56 wiz Exp $
+$NetBSD: distinfo,v 1.21.24.1 2019/07/18 13:33:52 bsiegert Exp $
SHA1 (taglib-1.11.1.tar.gz) = 80a30eeae67392f636c9f113c60d778c2995c99e
RMD160 (taglib-1.11.1.tar.gz) = 408d2a888875bc29fc64c4d0056daebba2c55192
SHA512 (taglib-1.11.1.tar.gz) = 7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98
Size (taglib-1.11.1.tar.gz) = 1261620 bytes
+SHA1 (patch-CVE-2017-12678) = 4979bc04c5fad6e3b5daaf5b6f62c10c7e4f7841
+SHA1 (patch-CVE-2018-11439) = 96a627c07420c194e892d622c694b11ce7476898
diff -r d99735ca6336 -r 55d4cc1e97ea audio/taglib/patches/patch-CVE-2017-12678
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/taglib/patches/patch-CVE-2017-12678 Thu Jul 18 13:33:52 2019 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-CVE-2017-12678,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2017-12678
+
+In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp
+has a pointer to cast vulnerability, which allows remote attackers to cause a
+denial of service or possibly have unspecified other impact via a crafted
+audio file.
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
+
+--- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig 2016-10-24 03:03:23.000000000 +0000
++++ taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
+ tag->frameList("TDAT").size() == 1)
+ {
+ TextIdentificationFrame *tdrc =
+- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+ UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+
+- if(tdrc->fieldList().size() == 1 &&
++ if(tdrc &&
++ tdrc->fieldList().size() == 1 &&
+ tdrc->fieldList().front().size() == 4 &&
+ tdat->data().size() >= 5)
+ {
diff -r d99735ca6336 -r 55d4cc1e97ea audio/taglib/patches/patch-CVE-2018-11439
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/taglib/patches/patch-CVE-2018-11439 Thu Jul 18 13:33:52 2019 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-CVE-2018-11439,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file.
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
+
+--- taglib/ogg/flac/oggflacfile.cpp.orig 2016-10-24 03:03:23.000000000 +0000
++++ taglib/ogg/flac/oggflacfile.cpp
+@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan()
+
+ if(!metadataHeader.startsWith("fLaC")) {
+ // FLAC 1.1.2+
++ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++ if(metadataHeader.size() < 13)
++ return;
++
++ if(metadataHeader[0] != 0x7f)
++ return;
++
+ if(metadataHeader.mid(1, 4) != "FLAC")
+ return;
+
+- if(metadataHeader[5] != 1)
+- return; // not version 1
++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++ return; // not version 1.0
++
++ if(metadataHeader.mid(9, 4) != "fLaC")
++ return;
+
+ metadataHeader = metadataHeader.mid(13);
+ }
Home |
Main Index |
Thread Index |
Old Index