From ed7daa7e858823f962d8382f55e3e6928bcbc58c Mon Sep 17 00:00:00 2001 From: Ross Burton Date: Fri, 8 Mar 2019 14:20:59 +0000 Subject: libid3tag: actually apply 10_utf16 do_patch() doesn't apply files called .dpatch, so rename it to .patch. Fixes CVE-2004-2779. (From OE-Core rev: 6e5dcb4027fbf3e65c0aad2ded36ce387ca7f917) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie --- .../libid3tag/libid3tag/10_utf16.dpatch | 33 ---------------------- .../libid3tag/libid3tag/10_utf16.patch | 33 ++++++++++++++++++++++ .../libid3tag/libid3tag_0.15.1b.bb | 2 +- 3 files changed, 34 insertions(+), 34 deletions(-) delete mode 100644 meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch create mode 100644 meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch deleted file mode 100644 index 8d09ce7b6f..0000000000 --- a/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch +++ /dev/null @@ -1,33 +0,0 @@ -libid3tag: patch for CVE-2004-2779 - -The patch comes from -https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch - -Upstream-Status: Pending - -CVE: CVE-2004-2779 - -Signed-off-by: Changqing Li - -diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c ---- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 -+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 -@@ -282,5 +282,18 @@ - - free(utf16); - -+ if (end == *ptr && length % 2 != 0) -+ { -+ /* We were called with a bogus length. It should always -+ * be an even number. We can deal with this in a few ways: -+ * - Always give an error. -+ * - Try and parse as much as we can and -+ * - return an error if we're called again when we -+ * already tried to parse everything we can. -+ * - tell that we parsed it, which is what we do here. -+ */ -+ (*ptr)++; -+ } -+ - return ucs4; - } diff --git a/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch new file mode 100644 index 0000000000..8d09ce7b6f --- /dev/null +++ b/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch @@ -0,0 +1,33 @@ +libid3tag: patch for CVE-2004-2779 + +The patch comes from +https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch + +Upstream-Status: Pending + +CVE: CVE-2004-2779 + +Signed-off-by: Changqing Li + +diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c +--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100 ++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100 +@@ -282,5 +282,18 @@ + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } diff --git a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb index fe31646107..43edd3fe6a 100644 --- a/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb +++ b/meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb @@ -13,7 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \ file://addpkgconfig.patch \ file://obsolete_automake_macros.patch \ file://0001-Fix-gperf-3.1-incompatibility.patch \ - file://10_utf16.dpatch \ + file://10_utf16.patch \ " UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/" UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P.*)/$" -- cgit v1.2.3-54-g00ecf