2 files changed, 0 insertions, 91 deletions
diff --git a/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch b/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch
deleted file mode 100644
index 4bd9f2be17..0000000000
--- a/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001
-From: "Stephen F. Booth" <me@sbooth.org>
-Date: Sun, 23 Jul 2017 10:11:09 -0400
-Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
-If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
-which causes problems in rebuildAggregateFrames() when it is assumed
-that TDRC is a TextIdentificationFrame
-Upstream-Status: Backport
-[https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6]
-CVE: CVE-2017-12678
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
-index 759a9b7b..9347ab86 100644
--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
-+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
-@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
-      tag->frameList("TDAT").size() == 1)
-   {
-     TextIdentificationFrame *tdrc =
-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
-+      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
-     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
- 
-    if(tdrc->fieldList().size() == 1 &&
-+    if(tdrc &&
-+       tdrc->fieldList().size() == 1 &&
-        tdrc->fieldList().front().size() == 4 &&
-        tdat->data().size() >= 5)
-     {
-- 
-2.13.5
diff --git a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch b/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch
deleted file mode 100644
index cdd66e67f7..0000000000
--- a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001
-From: Scott Gayou <github.scott@gmail.com>
-Date: Mon, 4 Jun 2018 11:34:36 -0400
-Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
-This CVE is caused by a failure to check the minimum length
-of a ogg flac header. This header is detailed in full at:
-https://xiph.org/flac/ogg_mapping.html. Added more strict checking
-for entire header.
-Upstream-Status: Backport
-[https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278]
-CVE: CVE-2018-11439
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
-index 53d0450..07ea9dc 100644
--- a/taglib/ogg/flac/oggflacfile.cpp
-+++ b/taglib/ogg/flac/oggflacfile.cpp
-@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
- 
-   if(!metadataHeader.startsWith("fLaC"))  {
-     // FLAC 1.1.2+
-+    // See https://xiph.org/flac/ogg_mapping.html for the header specification.
-+    if(metadataHeader.size() < 13)
-+      return;
-+
-+    if(metadataHeader[0] != 0x7f)
-+      return;
-+
-     if(metadataHeader.mid(1, 4) != "FLAC")
-       return;
- 
-    if(metadataHeader[5] != 1)
-      return; // not version 1
-+    if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
-+      return; // not version 1.0
-+
-+    if(metadataHeader.mid(9, 4) != "fLaC")
-+      return;
- 
-     metadataHeader = metadataHeader.mid(13);
-   }
-- 
-2.7.4

diff --git a/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch b/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch deleted file mode 100644 index 4bd9f2be17..0000000000 --- a/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch +++ /dev/null
@@ -1,40 +0,0 @@
1	From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001
2	From: "Stephen F. Booth" <me@sbooth.org>
3	Date: Sun, 23 Jul 2017 10:11:09 -0400
4	Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
5
6	If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
7	which causes problems in rebuildAggregateFrames() when it is assumed
8	that TDRC is a TextIdentificationFrame
9
10	Upstream-Status: Backport
11	[https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6]
12
13	CVE: CVE-2017-12678
14
15	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
16	---
17	taglib/mpeg/id3v2/id3v2framefactory.cpp \| 5 +++--
18	1 file changed, 3 insertions(+), 2 deletions(-)
19
20	diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
21	index 759a9b7b..9347ab86 100644
22	--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
23	+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
24	@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
25	tag->frameList("TDAT").size() == 1)
26	{
27	TextIdentificationFrame *tdrc =
28	- static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
29	+ dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
30	UnknownFrame tdat = static_cast<UnknownFrame >(tag->frameList("TDAT").front());
31
32	- if(tdrc->fieldList().size() == 1 &&
33	+ if(tdrc &&
34	+ tdrc->fieldList().size() == 1 &&
35	tdrc->fieldList().front().size() == 4 &&
36	tdat->data().size() >= 5)
37	{
38	--
39	2.13.5
40


diff --git a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch b/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch deleted file mode 100644 index cdd66e67f7..0000000000 --- a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch +++ /dev/null
@@ -1,51 +0,0 @@
1	From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001
2	From: Scott Gayou <github.scott@gmail.com>
3	Date: Mon, 4 Jun 2018 11:34:36 -0400
4	Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868)
5
6	This CVE is caused by a failure to check the minimum length
7	of a ogg flac header. This header is detailed in full at:
8	https://xiph.org/flac/ogg_mapping.html. Added more strict checking
9	for entire header.
10
11	Upstream-Status: Backport
12	[https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278]
13
14	CVE: CVE-2018-11439
15
16	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
17	---
18	taglib/ogg/flac/oggflacfile.cpp \| 14 ++++++++++++--
19	1 file changed, 12 insertions(+), 2 deletions(-)
20
21	diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp
22	index 53d0450..07ea9dc 100644
23	--- a/taglib/ogg/flac/oggflacfile.cpp
24	+++ b/taglib/ogg/flac/oggflacfile.cpp
25	@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan()
26
27	if(!metadataHeader.startsWith("fLaC")) {
28	// FLAC 1.1.2+
29	+ // See https://xiph.org/flac/ogg_mapping.html for the header specification.
30	+ if(metadataHeader.size() < 13)
31	+ return;
32	+
33	+ if(metadataHeader[0] != 0x7f)
34	+ return;
35	+
36	if(metadataHeader.mid(1, 4) != "FLAC")
37	return;
38
39	- if(metadataHeader[5] != 1)
40	- return; // not version 1
41	+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0)
42	+ return; // not version 1.0
43	+
44	+ if(metadataHeader.mid(9, 4) != "fLaC")
45	+ return;
46
47	metadataHeader = metadataHeader.mid(13);
48	}
49	--
50	2.7.4
51