libid3tag: patch for CVE-2004-2779

(From OE-Core rev: e2bec1f7e05ec014bd887440521da7e1a13555be) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Changqing Li <changqing.li@windriver.com> 2018-08-28 13:58:55 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-29 10:42:48 +0100
commit: a53b5dc5eba5a56c776cc5c23f909fc7a854ee74 (patch)
tree: fdd13a9fa923d8a1d3433088459b28a9b9c73843 /meta/recipes-multimedia/libid3tag
parent: c274e1c8d830f6a0cf6c78264b6527b65ef691ee (diff)
download: poky-a53b5dc5eba5a56c776cc5c23f909fc7a854ee74.tar.gz
2 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
new file mode 100644
index 0000000000..8d09ce7b6f
--- /dev/null
+++ b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
@@ -0,0 +1,33 @@
+libid3tag: patch for CVE-2004-2779
+The patch comes from
+https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
+Upstream-Status: Pending
+CVE: CVE-2004-2779
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
+--- libid3tag-0.15.1b/utf16.c   2006-01-13 15:26:29.000000000 +0100
+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c  2006-01-13 15:27:19.000000000 +0100
+@@ -282,5 +282,18 @@
+ 
+   free(utf16);
+ 
+  if (end == *ptr && length % 2 != 0)
+  {
+     /* We were called with a bogus length.  It should always
+      * be an even number.  We can deal with this in a few ways:
+      * - Always give an error.
+      * - Try and parse as much as we can and
+      *   - return an error if we're called again when we
+      *     already tried to parse everything we can.
+      *   - tell that we parsed it, which is what we do here.
+      */
+     (*ptr)++;
+  }
+
+   return ucs4;
+ }
diff --git a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
index f6139d6124..fe31646107 100644
--- a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
+++ b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \
           file://addpkgconfig.patch \
           file://obsolete_automake_macros.patch \
           file://0001-Fix-gperf-3.1-incompatibility.patch \
+           file://10_utf16.dpatch \
           "
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/"
 UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$"
author	Changqing Li <changqing.li@windriver.com>	2018-08-28 13:58:55 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-29 10:42:48 +0100
commit	a53b5dc5eba5a56c776cc5c23f909fc7a854ee74 (patch)
tree	fdd13a9fa923d8a1d3433088459b28a9b9c73843 /meta/recipes-multimedia/libid3tag
parent	c274e1c8d830f6a0cf6c78264b6527b65ef691ee (diff)
download	poky-a53b5dc5eba5a56c776cc5c23f909fc7a854ee74.tar.gz

diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch new file mode 100644 index 0000000000..8d09ce7b6f --- /dev/null +++ b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
@@ -0,0 +1,33 @@
		1	libid3tag: patch for CVE-2004-2779
		2
		3	The patch comes from
		4	https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
		5
		6	Upstream-Status: Pending
		7
		8	CVE: CVE-2004-2779
		9
		10	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		11
		12	diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
		13	--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100
		14	+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100
		15	@@ -282,5 +282,18 @@
		16
		17	free(utf16);
		18
		19	+ if (end == *ptr && length % 2 != 0)
		20	+ {
		21	+ /* We were called with a bogus length. It should always
		22	+ * be an even number. We can deal with this in a few ways:
		23	+ * - Always give an error.
		24	+ * - Try and parse as much as we can and
		25	+ * - return an error if we're called again when we
		26	+ * already tried to parse everything we can.
		27	+ * - tell that we parsed it, which is what we do here.
		28	+ */
		29	+ (*ptr)++;
		30	+ }
		31	+
		32	return ucs4;
		33	}


diff --git a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb index f6139d6124..fe31646107 100644 --- a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb +++ b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \
13	file://addpkgconfig.patch \	13	file://addpkgconfig.patch \
14	file://obsolete_automake_macros.patch \	14	file://obsolete_automake_macros.patch \
15	file://0001-Fix-gperf-3.1-incompatibility.patch \	15	file://0001-Fix-gperf-3.1-incompatibility.patch \
		16	file://10_utf16.dpatch \
16	"	17	"
17	UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/"	18	UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/"
18	UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$"	19	UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$"