diff options
Diffstat (limited to 'meta/recipes-support/taglib/taglib')
-rw-r--r-- | meta/recipes-support/taglib/taglib/CVE-2017-12678.patch | 40 | ||||
-rw-r--r-- | meta/recipes-support/taglib/taglib/CVE-2018-11439.patch | 51 |
2 files changed, 0 insertions, 91 deletions
diff --git a/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch b/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch deleted file mode 100644 index 4bd9f2be17..0000000000 --- a/meta/recipes-support/taglib/taglib/CVE-2017-12678.patch +++ /dev/null | |||
@@ -1,40 +0,0 @@ | |||
1 | From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001 | ||
2 | From: "Stephen F. Booth" <me@sbooth.org> | ||
3 | Date: Sun, 23 Jul 2017 10:11:09 -0400 | ||
4 | Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame | ||
5 | |||
6 | If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame | ||
7 | which causes problems in rebuildAggregateFrames() when it is assumed | ||
8 | that TDRC is a TextIdentificationFrame | ||
9 | |||
10 | Upstream-Status: Backport | ||
11 | [https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6] | ||
12 | |||
13 | CVE: CVE-2017-12678 | ||
14 | |||
15 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
16 | --- | ||
17 | taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- | ||
18 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
19 | |||
20 | diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp | ||
21 | index 759a9b7b..9347ab86 100644 | ||
22 | --- a/taglib/mpeg/id3v2/id3v2framefactory.cpp | ||
23 | +++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp | ||
24 | @@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const | ||
25 | tag->frameList("TDAT").size() == 1) | ||
26 | { | ||
27 | TextIdentificationFrame *tdrc = | ||
28 | - static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); | ||
29 | + dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front()); | ||
30 | UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front()); | ||
31 | |||
32 | - if(tdrc->fieldList().size() == 1 && | ||
33 | + if(tdrc && | ||
34 | + tdrc->fieldList().size() == 1 && | ||
35 | tdrc->fieldList().front().size() == 4 && | ||
36 | tdat->data().size() >= 5) | ||
37 | { | ||
38 | -- | ||
39 | 2.13.5 | ||
40 | |||
diff --git a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch b/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch deleted file mode 100644 index cdd66e67f7..0000000000 --- a/meta/recipes-support/taglib/taglib/CVE-2018-11439.patch +++ /dev/null | |||
@@ -1,51 +0,0 @@ | |||
1 | From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 | ||
2 | From: Scott Gayou <github.scott@gmail.com> | ||
3 | Date: Mon, 4 Jun 2018 11:34:36 -0400 | ||
4 | Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) | ||
5 | |||
6 | This CVE is caused by a failure to check the minimum length | ||
7 | of a ogg flac header. This header is detailed in full at: | ||
8 | https://xiph.org/flac/ogg_mapping.html. Added more strict checking | ||
9 | for entire header. | ||
10 | |||
11 | Upstream-Status: Backport | ||
12 | [https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278] | ||
13 | |||
14 | CVE: CVE-2018-11439 | ||
15 | |||
16 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
17 | --- | ||
18 | taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- | ||
19 | 1 file changed, 12 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp | ||
22 | index 53d0450..07ea9dc 100644 | ||
23 | --- a/taglib/ogg/flac/oggflacfile.cpp | ||
24 | +++ b/taglib/ogg/flac/oggflacfile.cpp | ||
25 | @@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() | ||
26 | |||
27 | if(!metadataHeader.startsWith("fLaC")) { | ||
28 | // FLAC 1.1.2+ | ||
29 | + // See https://xiph.org/flac/ogg_mapping.html for the header specification. | ||
30 | + if(metadataHeader.size() < 13) | ||
31 | + return; | ||
32 | + | ||
33 | + if(metadataHeader[0] != 0x7f) | ||
34 | + return; | ||
35 | + | ||
36 | if(metadataHeader.mid(1, 4) != "FLAC") | ||
37 | return; | ||
38 | |||
39 | - if(metadataHeader[5] != 1) | ||
40 | - return; // not version 1 | ||
41 | + if(metadataHeader[5] != 1 && metadataHeader[6] != 0) | ||
42 | + return; // not version 1.0 | ||
43 | + | ||
44 | + if(metadataHeader.mid(9, 4) != "fLaC") | ||
45 | + return; | ||
46 | |||
47 | metadataHeader = metadataHeader.mid(13); | ||
48 | } | ||
49 | -- | ||
50 | 2.7.4 | ||
51 | |||