pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: [pkgsrc-2019Q2] pkgsrc/audio/taglib
Module Name: pkgsrc
Committed By: bsiegert
Date: Thu Jul 18 13:33:53 UTC 2019
Modified Files:
pkgsrc/audio/taglib [pkgsrc-2019Q2]: Makefile distinfo
Added Files:
pkgsrc/audio/taglib/patches [pkgsrc-2019Q2]: patch-CVE-2017-12678
patch-CVE-2018-11439
Log Message:
Pullup ticket #6005 - requested by nia
audio/taglib: security fix
Revisions pulled up:
- audio/taglib/Makefile 1.40
- audio/taglib/distinfo 1.22
- audio/taglib/patches/patch-CVE-2017-12678 1.1
- audio/taglib/patches/patch-CVE-2018-11439 1.1
---
Module Name: pkgsrc
Committed By: nia
Date: Thu Jul 18 09:36:37 UTC 2019
Modified Files:
pkgsrc/audio/taglib: Makefile distinfo
Added Files:
pkgsrc/audio/taglib/patches: patch-CVE-2017-12678 patch-CVE-2018-11439
Log Message:
taglib: Add patches from upstream's git for the following CVEs:
CVE-2017-12678 - denial-of-service
CVE-2018-11439 - information-disclosure
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.20.1 pkgsrc/audio/taglib/Makefile
cvs rdiff -u -r1.21 -r1.21.24.1 pkgsrc/audio/taglib/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/audio/taglib/patches/patch-CVE-2017-12678 \
pkgsrc/audio/taglib/patches/patch-CVE-2018-11439
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/audio/taglib/Makefile
diff -u pkgsrc/audio/taglib/Makefile:1.39 pkgsrc/audio/taglib/Makefile:1.39.20.1
--- pkgsrc/audio/taglib/Makefile:1.39 Wed May 3 08:38:39 2017
+++ pkgsrc/audio/taglib/Makefile Thu Jul 18 13:33:52 2019
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2017/05/03 08:38:39 jperkin Exp $
+# $NetBSD: Makefile,v 1.39.20.1 2019/07/18 13:33:52 bsiegert Exp $
DISTNAME= taglib-1.11.1
+PKGREVISION= 1
CATEGORIES= audio
MASTER_SITES= http://taglib.github.io/releases/
Index: pkgsrc/audio/taglib/distinfo
diff -u pkgsrc/audio/taglib/distinfo:1.21 pkgsrc/audio/taglib/distinfo:1.21.24.1
--- pkgsrc/audio/taglib/distinfo:1.21 Mon Oct 31 16:32:56 2016
+++ pkgsrc/audio/taglib/distinfo Thu Jul 18 13:33:52 2019
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.21 2016/10/31 16:32:56 wiz Exp $
+$NetBSD: distinfo,v 1.21.24.1 2019/07/18 13:33:52 bsiegert Exp $
SHA1 (taglib-1.11.1.tar.gz) = 80a30eeae67392f636c9f113c60d778c2995c99e
RMD160 (taglib-1.11.1.tar.gz) = 408d2a888875bc29fc64c4d0056daebba2c55192
SHA512 (taglib-1.11.1.tar.gz) = 7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98
Size (taglib-1.11.1.tar.gz) = 1261620 bytes
+SHA1 (patch-CVE-2017-12678) = 4979bc04c5fad6e3b5daaf5b6f62c10c7e4f7841
+SHA1 (patch-CVE-2018-11439) = 96a627c07420c194e892d622c694b11ce7476898
Added files:
Index: pkgsrc/audio/taglib/patches/patch-CVE-2017-12678
diff -u /dev/null pkgsrc/audio/taglib/patches/patch-CVE-2017-12678:1.1.2.2
--- /dev/null Thu Jul 18 13:33:53 2019
+++ pkgsrc/audio/taglib/patches/patch-CVE-2017-12678 Thu Jul 18 13:33:53 2019
@@ -0,0 +1,28 @@
+$NetBSD: patch-CVE-2017-12678,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2017-12678
+
+In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp
+has a pointer to cast vulnerability, which allows remote attackers to cause a
+denial of service or possibly have unspecified other impact via a crafted
+audio file.
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
+
+--- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig 2016-10-24 03:03:23.000000000 +0000
++++ taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
+ tag->frameList("TDAT").size() == 1)
+ {
+ TextIdentificationFrame *tdrc =
+- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+ UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+
+- if(tdrc->fieldList().size() == 1 &&
++ if(tdrc &&
++ tdrc->fieldList().size() == 1 &&
+ tdrc->fieldList().front().size() == 4 &&
+ tdat->data().size() >= 5)
+ {
Index: pkgsrc/audio/taglib/patches/patch-CVE-2018-11439
diff -u /dev/null pkgsrc/audio/taglib/patches/patch-CVE-2018-11439:1.1.2.2
--- /dev/null Thu Jul 18 13:33:53 2019
+++ pkgsrc/audio/taglib/patches/patch-CVE-2018-11439 Thu Jul 18 13:33:53 2019
@@ -0,0 +1,33 @@
+$NetBSD: patch-CVE-2018-11439,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file.
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
+
+--- taglib/ogg/flac/oggflacfile.cpp.orig 2016-10-24 03:03:23.000000000 +0000
++++ taglib/ogg/flac/oggflacfile.cpp
+@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan()
+
+ if(!metadataHeader.startsWith("fLaC")) {
+ // FLAC 1.1.2+
++ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++ if(metadataHeader.size() < 13)
++ return;
++
++ if(metadataHeader[0] != 0x7f)
++ return;
++
+ if(metadataHeader.mid(1, 4) != "FLAC")
+ return;
+
+- if(metadataHeader[5] != 1)
+- return; // not version 1
++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++ return; // not version 1.0
++
++ if(metadataHeader.mid(9, 4) != "fLaC")
++ return;
+
+ metadataHeader = metadataHeader.mid(13);
+ }
Home |
Main Index |
Thread Index |
Old Index