main/taglib: Fix CVE-2017-12678 and CVE-2018-11439

author: Leo <thinkabit.ukim@gmail.com> 2019-05-02 02:10:04 -0300
committer: Natanael Copa <ncopa@alpinelinux.org> 2019-05-05 19:05:40 +0000
commit: 5a61d74337f3c6e4993a4a9b00581f554f6d1308 (patch)
tree: d499c24bce7163ddbcaa2d27b4a52974e01996cd /main
parent: b86c9d69ef22f66add28b947c238717d4e78c015 (diff)
3 files changed, 74 insertions, 4 deletions
diff --git a/main/taglib/APKBUILD b/main/taglib/APKBUILD
index 4c7231ca758..370b5bbae91 100644
--- a/main/taglib/APKBUILD
+++ b/main/taglib/APKBUILD
@@ -1,16 +1,24 @@
+# Contributor: Leo <thinkabit.ukim@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=taglib
 pkgver=1.11.1
-pkgrel=1
+pkgrel=2
 pkgdesc="Library for reading and editing metadata of several popular audio formats"
 url="http://taglib.github.io/"
 arch="all"
 options="!check"  # No test suite.
 license="GPL-2.0"
 makedepends="zlib-dev cmake"
-depends=
-source="https://taglib.github.io/releases/taglib-$pkgver.tar.gz"
 subpackages="$pkgname-dev"
+source="https://taglib.github.io/releases/taglib-$pkgver.tar.gz
+	CVE-2017-12678.patch
+	CVE-2018-11439.patch
+	"
+
+# secfixes:
+#   1.11.1-r2:
+#     - CVE-2017-12678
+#     - CVE-2018-11439
 
 build() {
 	cd "$builddir"
@@ -26,4 +34,6 @@ package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir" install
 }
-sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98  taglib-1.11.1.tar.gz"
+sha512sums="7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98  taglib-1.11.1.tar.gz
+b5ac8fda91d33236951dae89b736219529dce5d521876f89b6ab8a57953c69d3a43861be035740108e4ecbb6a97146129449a9bc560118abdc3464bcd785f8ad  CVE-2017-12678.patch
+9a118f9410404996bf3879325f77fcfb638f6cc71b4e258d9786bd741c2c45f26385a6049788ef6ebc56c7c987bd7ef6267a461f4478f5d52d236b035287cdf2  CVE-2018-11439.patch"
diff --git a/main/taglib/CVE-2017-12678.patch b/main/taglib/CVE-2017-12678.patch
new file mode 100644
index 00000000000..6291ff08945
--- /dev/null
+++ b/main/taglib/CVE-2017-12678.patch
@@ -0,0 +1,18 @@
+Index: b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+===================================================================
+--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
+      tag->frameList("TDAT").size() == 1)
+   {
+     TextIdentificationFrame *tdrc =
+-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+ 
+-    if(tdrc->fieldList().size() == 1 &&
++    if(tdrc &&
++       tdrc->fieldList().size() == 1 &&
+        tdrc->fieldList().front().size() == 4 &&
+        tdat->data().size() >= 5)
+     {
diff --git a/main/taglib/CVE-2018-11439.patch b/main/taglib/CVE-2018-11439.patch
new file mode 100644
index 00000000000..20b777e74e2
--- /dev/null
+++ b/main/taglib/CVE-2018-11439.patch
@@ -0,0 +1,42 @@
+From 2c4ae870ec086f2ddd21a47861a3709c36faac45 Mon Sep 17 00:00:00 2001
+From: Scott Gayou <github.scott@gmail.com>
+Date: Tue, 9 Oct 2018 18:46:55 -0500
+Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
+ (#869)
+
+CVE-2018-11439 is caused by a failure to check the minimum length
+of a ogg flac header. This header is detailed in full at:
+https://xiph.org/flac/ogg_mapping.html. Added more strict checking
+for entire header.
+---
+ taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
+index 53d04508a..07ea9dccc 100644
+--- a/taglib/ogg/flac/oggflacfile.cpp
++++ b/taglib/ogg/flac/oggflacfile.cpp
+@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
+ 
+   if(!metadataHeader.startsWith("fLaC"))  {
+     // FLAC 1.1.2+
++    // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++    if(metadataHeader.size() < 13)
++      return;
++
++    if(metadataHeader[0] != 0x7f)
++      return;
++
+     if(metadataHeader.mid(1, 4) != "FLAC")
+       return;
+ 
+-    if(metadataHeader[5] != 1)
+-      return; // not version 1
++    if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++      return; // not version 1.0
++
++    if(metadataHeader.mid(9, 4) != "fLaC")
++      return;
+ 
+     metadataHeader = metadataHeader.mid(13);
+   }
author	Leo <thinkabit.ukim@gmail.com>	2019-05-02 02:10:04 -0300
committer	Natanael Copa <ncopa@alpinelinux.org>	2019-05-05 19:05:40 +0000
commit	5a61d74337f3c6e4993a4a9b00581f554f6d1308 (patch)
tree	d499c24bce7163ddbcaa2d27b4a52974e01996cd /main
parent	b86c9d69ef22f66add28b947c238717d4e78c015 (diff)