pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2019Q2]: pkgsrc/audio/taglib Pullup ticket #6005 - requested b...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2f47a4f2ecae
branches:  pkgsrc-2019Q2
changeset: 408165:2f47a4f2ecae
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Thu Jul 18 13:33:52 2019 +0000

description:
Pullup ticket #6005 - requested by nia
audio/taglib: security fix

Revisions pulled up:
- audio/taglib/Makefile                                         1.40
- audio/taglib/distinfo                                         1.22
- audio/taglib/patches/patch-CVE-2017-12678                     1.1
- audio/taglib/patches/patch-CVE-2018-11439                     1.1

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Thu Jul 18 09:36:37 UTC 2019

   Modified Files:
        pkgsrc/audio/taglib: Makefile distinfo
   Added Files:
        pkgsrc/audio/taglib/patches: patch-CVE-2017-12678 patch-CVE-2018-11439

   Log Message:
   taglib: Add patches from upstream's git for the following CVEs:

   CVE-2017-12678 - denial-of-service
   CVE-2018-11439 - information-disclosure

   Bump PKGREVISION.

diffstat:

 audio/taglib/Makefile                     |   3 +-
 audio/taglib/distinfo                     |   4 ++-
 audio/taglib/patches/patch-CVE-2017-12678 |  28 ++++++++++++++++++++++++++
 audio/taglib/patches/patch-CVE-2018-11439 |  33 +++++++++++++++++++++++++++++++
 4 files changed, 66 insertions(+), 2 deletions(-)

diffs (94 lines):

diff -r eaadfe447b88 -r 2f47a4f2ecae audio/taglib/Makefile
--- a/audio/taglib/Makefile     Thu Jul 18 13:32:31 2019 +0000
+++ b/audio/taglib/Makefile     Thu Jul 18 13:33:52 2019 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2017/05/03 08:38:39 jperkin Exp $
+# $NetBSD: Makefile,v 1.39.20.1 2019/07/18 13:33:52 bsiegert Exp $
 
 DISTNAME=      taglib-1.11.1
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://taglib.github.io/releases/
 
diff -r eaadfe447b88 -r 2f47a4f2ecae audio/taglib/distinfo
--- a/audio/taglib/distinfo     Thu Jul 18 13:32:31 2019 +0000
+++ b/audio/taglib/distinfo     Thu Jul 18 13:33:52 2019 +0000
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.21 2016/10/31 16:32:56 wiz Exp $
+$NetBSD: distinfo,v 1.21.24.1 2019/07/18 13:33:52 bsiegert Exp $
 
 SHA1 (taglib-1.11.1.tar.gz) = 80a30eeae67392f636c9f113c60d778c2995c99e
 RMD160 (taglib-1.11.1.tar.gz) = 408d2a888875bc29fc64c4d0056daebba2c55192
 SHA512 (taglib-1.11.1.tar.gz) = 7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98
 Size (taglib-1.11.1.tar.gz) = 1261620 bytes
+SHA1 (patch-CVE-2017-12678) = 4979bc04c5fad6e3b5daaf5b6f62c10c7e4f7841
+SHA1 (patch-CVE-2018-11439) = 96a627c07420c194e892d622c694b11ce7476898
diff -r eaadfe447b88 -r 2f47a4f2ecae audio/taglib/patches/patch-CVE-2017-12678
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/taglib/patches/patch-CVE-2017-12678 Thu Jul 18 13:33:52 2019 +0000
@@ -0,0 +1,28 @@
+$NetBSD: patch-CVE-2017-12678,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2017-12678
+
+In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp
+has a pointer to cast vulnerability, which allows remote attackers to cause a
+denial of service or possibly have unspecified other impact via a crafted
+audio file. 
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
+
+--- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig       2016-10-24 03:03:23.000000000 +0000
++++ taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
+      tag->frameList("TDAT").size() == 1)
+   {
+     TextIdentificationFrame *tdrc =
+-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+ 
+-    if(tdrc->fieldList().size() == 1 &&
++    if(tdrc &&
++       tdrc->fieldList().size() == 1 &&
+        tdrc->fieldList().front().size() == 4 &&
+        tdat->data().size() >= 5)
+     {
diff -r eaadfe447b88 -r 2f47a4f2ecae audio/taglib/patches/patch-CVE-2018-11439
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/taglib/patches/patch-CVE-2018-11439 Thu Jul 18 13:33:52 2019 +0000
@@ -0,0 +1,33 @@
+$NetBSD: patch-CVE-2018-11439,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file.
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
+
+--- taglib/ogg/flac/oggflacfile.cpp.orig       2016-10-24 03:03:23.000000000 +0000
++++ taglib/ogg/flac/oggflacfile.cpp
+@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan()
+ 
+   if(!metadataHeader.startsWith("fLaC"))  {
+     // FLAC 1.1.2+
++    // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++    if(metadataHeader.size() < 13)
++      return;
++
++    if(metadataHeader[0] != 0x7f)
++      return;
++
+     if(metadataHeader.mid(1, 4) != "FLAC")
+       return;
+ 
+-    if(metadataHeader[5] != 1)
+-      return; // not version 1
++    if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++      return; // not version 1.0
++
++    if(metadataHeader.mid(9, 4) != "fLaC")
++      return;
+ 
+     metadataHeader = metadataHeader.mid(13);
+   }



Home | Main Index | Thread Index | Old Index