diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2021-02-16 06:27:21 -0300 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2021-02-16 09:41:54 +0000 |
| commit | 2c1187dcd7411d430c33c34762bc542ce1403367 (patch) | |
| tree | 945073b9a03c6aef99be4549a947eaec179b25a3 | |
| parent | ec13236f36e74fb69a93ef51f9b351993ce8af7b (diff) | |
community/taglib: upgrade to 1.12
| -rw-r--r-- | community/taglib/APKBUILD | 10 | ||||
| -rw-r--r-- | community/taglib/CVE-2017-12678.patch | 18 | ||||
| -rw-r--r-- | community/taglib/CVE-2018-11439.patch | 42 |
3 files changed, 3 insertions, 67 deletions
diff --git a/community/taglib/APKBUILD b/community/taglib/APKBUILD index 45ac933114e..35faef3ea2b 100644 --- a/community/taglib/APKBUILD +++ b/community/taglib/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Leo <thinkabit.ukim@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=taglib -pkgver=1.11.1 -pkgrel=3 +pkgver=1.12 +pkgrel=0 pkgdesc="Library for reading and editing metadata of several popular audio formats" url="http://taglib.github.io/" arch="all" @@ -11,8 +11,6 @@ license="LGPL-2.1-only or MPL-1.1" makedepends="zlib-dev cmake" subpackages="$pkgname-dev" source="https://taglib.github.io/releases/taglib-$pkgver.tar.gz - CVE-2017-12678.patch - CVE-2018-11439.patch " # secfixes: @@ -32,6 +30,4 @@ build() { package() { make DESTDIR="$pkgdir" install } -sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz -b5ac8fda91d33236951dae89b736219529dce5d521876f89b6ab8a57953c69d3a43861be035740108e4ecbb6a97146129449a9bc560118abdc3464bcd785f8ad CVE-2017-12678.patch -9a118f9410404996bf3879325f77fcfb638f6cc71b4e258d9786bd741c2c45f26385a6049788ef6ebc56c7c987bd7ef6267a461f4478f5d52d236b035287cdf2 CVE-2018-11439.patch" +sha512sums="7e369faa5e3c6c6401052b7a19e35b0cf8c1e5ed9597053ac731a7718791d5d4803d1b18a93e903ec8c3fc6cb92e34d9616daa2ae4d326965d4c4d5624dcdaba taglib-1.12.tar.gz" diff --git a/community/taglib/CVE-2017-12678.patch b/community/taglib/CVE-2017-12678.patch deleted file mode 100644 index 6291ff08945..00000000000 --- a/community/taglib/CVE-2017-12678.patch +++ /dev/null @@ -1,18 +0,0 @@ -Index: b/taglib/mpeg/id3v2/id3v2framefactory.cpp -=================================================================== ---- a/taglib/mpeg/id3v2/id3v2framefactory.cpp -+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp -@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame - tag->frameList("TDAT").size() == 1) - { - TextIdentificationFrame *tdrc = -- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); -+ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); - UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front()); - -- if(tdrc->fieldList().size() == 1 && -+ if(tdrc && -+ tdrc->fieldList().size() == 1 && - tdrc->fieldList().front().size() == 4 && - tdat->data().size() >= 5) - { diff --git a/community/taglib/CVE-2018-11439.patch b/community/taglib/CVE-2018-11439.patch deleted file mode 100644 index 20b777e74e2..00000000000 --- a/community/taglib/CVE-2018-11439.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001 -From: Scott Gayou <github.scott@gmail.com> -Date: Tue, 9 Oct 2018 18:46:55 -0500 -Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) - (#869) - -CVE-2018-11439 is caused by a failure to check the minimum length -of a ogg flac header. This header is detailed in full at: -https://xiph.org/flac/ogg_mapping.html. Added more strict checking -for entire header. ---- - taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp -index 53d04508a..07ea9dccc 100644 ---- a/taglib/ogg/flac/oggflacfile.cpp -+++ b/taglib/ogg/flac/oggflacfile.cpp -@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() - - if(!metadataHeader.startsWith("fLaC")) { - // FLAC 1.1.2+ -+ // See https://xiph.org/flac/ogg_mapping.html for the header specification. -+ if(metadataHeader.size() < 13) -+ return; -+ -+ if(metadataHeader[0] != 0x7f) -+ return; -+ - if(metadataHeader.mid(1, 4) != "FLAC") - return; - -- if(metadataHeader[5] != 1) -- return; // not version 1 -+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) -+ return; // not version 1.0 -+ -+ if(metadataHeader.mid(9, 4) != "fLaC") -+ return; - - metadataHeader = metadataHeader.mid(13); - } |