pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2019Q2] pkgsrc/audio/taglib



Module Name:    pkgsrc
Committed By:   bsiegert
Date:           Thu Jul 18 13:33:53 UTC 2019

Modified Files:
        pkgsrc/audio/taglib [pkgsrc-2019Q2]: Makefile distinfo
Added Files:
        pkgsrc/audio/taglib/patches [pkgsrc-2019Q2]: patch-CVE-2017-12678
            patch-CVE-2018-11439

Log Message:
Pullup ticket #6005 - requested by nia
audio/taglib: security fix

Revisions pulled up:
- audio/taglib/Makefile                                         1.40
- audio/taglib/distinfo                                         1.22
- audio/taglib/patches/patch-CVE-2017-12678                     1.1
- audio/taglib/patches/patch-CVE-2018-11439                     1.1

---
   Module Name: pkgsrc
   Committed By:        nia
   Date:                Thu Jul 18 09:36:37 UTC 2019

   Modified Files:
        pkgsrc/audio/taglib: Makefile distinfo
   Added Files:
        pkgsrc/audio/taglib/patches: patch-CVE-2017-12678 patch-CVE-2018-11439

   Log Message:
   taglib: Add patches from upstream's git for the following CVEs:

   CVE-2017-12678 - denial-of-service
   CVE-2018-11439 - information-disclosure

   Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -u -r1.39 -r1.39.20.1 pkgsrc/audio/taglib/Makefile
cvs rdiff -u -r1.21 -r1.21.24.1 pkgsrc/audio/taglib/distinfo
cvs rdiff -u -r0 -r1.1.2.2 pkgsrc/audio/taglib/patches/patch-CVE-2017-12678 \
    pkgsrc/audio/taglib/patches/patch-CVE-2018-11439

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/audio/taglib/Makefile
diff -u pkgsrc/audio/taglib/Makefile:1.39 pkgsrc/audio/taglib/Makefile:1.39.20.1
--- pkgsrc/audio/taglib/Makefile:1.39   Wed May  3 08:38:39 2017
+++ pkgsrc/audio/taglib/Makefile        Thu Jul 18 13:33:52 2019
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.39 2017/05/03 08:38:39 jperkin Exp $
+# $NetBSD: Makefile,v 1.39.20.1 2019/07/18 13:33:52 bsiegert Exp $
 
 DISTNAME=      taglib-1.11.1
+PKGREVISION=   1
 CATEGORIES=    audio
 MASTER_SITES=  http://taglib.github.io/releases/
 

Index: pkgsrc/audio/taglib/distinfo
diff -u pkgsrc/audio/taglib/distinfo:1.21 pkgsrc/audio/taglib/distinfo:1.21.24.1
--- pkgsrc/audio/taglib/distinfo:1.21   Mon Oct 31 16:32:56 2016
+++ pkgsrc/audio/taglib/distinfo        Thu Jul 18 13:33:52 2019
@@ -1,6 +1,8 @@
-$NetBSD: distinfo,v 1.21 2016/10/31 16:32:56 wiz Exp $
+$NetBSD: distinfo,v 1.21.24.1 2019/07/18 13:33:52 bsiegert Exp $
 
 SHA1 (taglib-1.11.1.tar.gz) = 80a30eeae67392f636c9f113c60d778c2995c99e
 RMD160 (taglib-1.11.1.tar.gz) = 408d2a888875bc29fc64c4d0056daebba2c55192
 SHA512 (taglib-1.11.1.tar.gz) = 7846775c4954ea948fe4383e514ba7c11f55d038ee06b6ea5a0a1c1069044b348026e76b27aa4ba1c71539aa8143e1401fab39184cc6e915ba0ae2c06133cb98
 Size (taglib-1.11.1.tar.gz) = 1261620 bytes
+SHA1 (patch-CVE-2017-12678) = 4979bc04c5fad6e3b5daaf5b6f62c10c7e4f7841
+SHA1 (patch-CVE-2018-11439) = 96a627c07420c194e892d622c694b11ce7476898

Added files:

Index: pkgsrc/audio/taglib/patches/patch-CVE-2017-12678
diff -u /dev/null pkgsrc/audio/taglib/patches/patch-CVE-2017-12678:1.1.2.2
--- /dev/null   Thu Jul 18 13:33:53 2019
+++ pkgsrc/audio/taglib/patches/patch-CVE-2017-12678    Thu Jul 18 13:33:53 2019
@@ -0,0 +1,28 @@
+$NetBSD: patch-CVE-2017-12678,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2017-12678
+
+In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp
+has a pointer to cast vulnerability, which allows remote attackers to cause a
+denial of service or possibly have unspecified other impact via a crafted
+audio file. 
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/cb9f07d9dcd791b63e622da43f7b232adaec0a9a
+
+--- taglib/mpeg/id3v2/id3v2framefactory.cpp.orig       2016-10-24 03:03:23.000000000 +0000
++++ taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrame
+      tag->frameList("TDAT").size() == 1)
+   {
+     TextIdentificationFrame *tdrc =
+-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+ 
+-    if(tdrc->fieldList().size() == 1 &&
++    if(tdrc &&
++       tdrc->fieldList().size() == 1 &&
+        tdrc->fieldList().front().size() == 4 &&
+        tdat->data().size() >= 5)
+     {
Index: pkgsrc/audio/taglib/patches/patch-CVE-2018-11439
diff -u /dev/null pkgsrc/audio/taglib/patches/patch-CVE-2018-11439:1.1.2.2
--- /dev/null   Thu Jul 18 13:33:53 2019
+++ pkgsrc/audio/taglib/patches/patch-CVE-2018-11439    Thu Jul 18 13:33:53 2019
@@ -0,0 +1,33 @@
+$NetBSD: patch-CVE-2018-11439,v 1.1.2.2 2019/07/18 13:33:53 bsiegert Exp $
+
+Fix CVE-2018-11439 - OOB read when loading invalid ogg flac file.
+
+Upstream commit:
+https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45
+
+--- taglib/ogg/flac/oggflacfile.cpp.orig       2016-10-24 03:03:23.000000000 +0000
++++ taglib/ogg/flac/oggflacfile.cpp
+@@ -216,11 +216,21 @@ void Ogg::FLAC::File::scan()
+ 
+   if(!metadataHeader.startsWith("fLaC"))  {
+     // FLAC 1.1.2+
++    // See https://xiph.org/flac/ogg_mapping.html for the header specification.
++    if(metadataHeader.size() < 13)
++      return;
++
++    if(metadataHeader[0] != 0x7f)
++      return;
++
+     if(metadataHeader.mid(1, 4) != "FLAC")
+       return;
+ 
+-    if(metadataHeader[5] != 1)
+-      return; // not version 1
++    if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
++      return; // not version 1.0
++
++    if(metadataHeader.mid(9, 4) != "fLaC")
++      return;
+ 
+     metadataHeader = metadataHeader.mid(13);
+   }



Home | Main Index | Thread Index | Old Index