diff options
| author | Leo <thinkabit.ukim@gmail.com> | 2019-05-02 02:10:04 -0300 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2019-05-05 19:05:40 +0000 |
| commit | 5a61d74337f3c6e4993a4a9b00581f554f6d1308 (patch) | |
| tree | d499c24bce7163ddbcaa2d27b4a52974e01996cd | |
| parent | b86c9d69ef22f66add28b947c238717d4e78c015 (diff) | |
main/taglib: Fix CVE-2017-12678 and CVE-2018-11439
| -rw-r--r-- | main/taglib/APKBUILD | 18 | ||||
| -rw-r--r-- | main/taglib/CVE-2017-12678.patch | 18 | ||||
| -rw-r--r-- | main/taglib/CVE-2018-11439.patch | 42 |
3 files changed, 74 insertions, 4 deletions
diff --git a/main/taglib/APKBUILD b/main/taglib/APKBUILD index 4c7231ca758..370b5bbae91 100644 --- a/main/taglib/APKBUILD +++ b/main/taglib/APKBUILD @@ -1,16 +1,24 @@ +# Contributor: Leo <thinkabit.ukim@gmail.com> # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=taglib pkgver=1.11.1 -pkgrel=1 +pkgrel=2 pkgdesc="Library for reading and editing metadata of several popular audio formats" url="http://taglib.github.io/" arch="all" options="!check" # No test suite. license="GPL-2.0" makedepends="zlib-dev cmake" -depends= -source="https://taglib.github.io/releases/taglib-$pkgver.tar.gz" subpackages="$pkgname-dev" +source="https://taglib.github.io/releases/taglib-$pkgver.tar.gz + CVE-2017-12678.patch + CVE-2018-11439.patch + " + +# secfixes: +# 1.11.1-r2: +# - CVE-2017-12678 +# - CVE-2018-11439 build() { cd "$builddir" @@ -26,4 +34,6 @@ package() { cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz" +sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98 taglib-1.11.1.tar.gz +b5ac8fda91d33236951dae89b736219529dce5d521876f89b6ab8a57953c69d3a43861be035740108e4ecbb6a97146129449a9bc560118abdc3464bcd785f8ad CVE-2017-12678.patch +9a118f9410404996bf3879325f77fcfb638f6cc71b4e258d9786bd741c2c45f26385a6049788ef6ebc56c7c987bd7ef6267a461f4478f5d52d236b035287cdf2 CVE-2018-11439.patch" diff --git a/main/taglib/CVE-2017-12678.patch b/main/taglib/CVE-2017-12678.patch new file mode 100644 index 00000000000..6291ff08945 --- /dev/null +++ b/main/taglib/CVE-2017-12678.patch @@ -0,0 +1,18 @@ +Index: b/taglib/mpeg/id3v2/id3v2framefactory.cpp +=================================================================== +--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp ++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp +@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame + tag->frameList("TDAT").size() == 1) + { + TextIdentificationFrame *tdrc = +- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); ++ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); + UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front()); + +- if(tdrc->fieldList().size() == 1 && ++ if(tdrc && ++ tdrc->fieldList().size() == 1 && + tdrc->fieldList().front().size() == 4 && + tdat->data().size() >= 5) + { diff --git a/main/taglib/CVE-2018-11439.patch b/main/taglib/CVE-2018-11439.patch new file mode 100644 index 00000000000..20b777e74e2 --- /dev/null +++ b/main/taglib/CVE-2018-11439.patch @@ -0,0 +1,42 @@ +From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001 +From: Scott Gayou <github.scott@gmail.com> +Date: Tue, 9 Oct 2018 18:46:55 -0500 +Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) + (#869) + +CVE-2018-11439 is caused by a failure to check the minimum length +of a ogg flac header. This header is detailed in full at: +https://xiph.org/flac/ogg_mapping.html. Added more strict checking +for entire header. +--- + taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp +index 53d04508a..07ea9dccc 100644 +--- a/taglib/ogg/flac/oggflacfile.cpp ++++ b/taglib/ogg/flac/oggflacfile.cpp +@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() + + if(!metadataHeader.startsWith("fLaC")) { + // FLAC 1.1.2+ ++ // See https://xiph.org/flac/ogg_mapping.html for the header specification. ++ if(metadataHeader.size() < 13) ++ return; ++ ++ if(metadataHeader[0] != 0x7f) ++ return; ++ + if(metadataHeader.mid(1, 4) != "FLAC") + return; + +- if(metadataHeader[5] != 1) +- return; // not version 1 ++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) ++ return; // not version 1.0 ++ ++ if(metadataHeader.mid(9, 4) != "fLaC") ++ return; + + metadataHeader = metadataHeader.mid(13); + } |