media-libs/taglib: Security revbump for CVE-2017-12678

Package-Manager: Portage-2.3.6, Repoman-2.3.1

2 files changed, 85 insertions, 0 deletions

diff --git a/media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch b/media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch
new file mode 100644
index 000000000000..4b567da19821
--- /dev/null
+++ b/media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch
@@ -0,0 +1,30 @@
+From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001
+From: "Stephen F. Booth" <me@sbooth.org>
+Date: Sun, 23 Jul 2017 10:11:09 -0400
+Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
+
+If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
+which causes problems in rebuildAggregateFrames() when it is assumed
+that TDRC is a TextIdentificationFrame
+---
+ taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+index 759a9b7be..9347ab869 100644
+--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
+      tag->frameList("TDAT").size() == 1)
+   {
+     TextIdentificationFrame *tdrc =
+-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+ 
+-    if(tdrc->fieldList().size() == 1 &&
++    if(tdrc &&
++       tdrc->fieldList().size() == 1 &&
+        tdrc->fieldList().front().size() == 4 &&
+        tdat->data().size() >= 5)
+     {
diff --git a/media-libs/taglib/taglib-1.11.1-r1.ebuild b/media-libs/taglib/taglib-1.11.1-r1.ebuild
new file mode 100644
index 000000000000..f8b48fe19f0c
--- /dev/null
+++ b/media-libs/taglib/taglib-1.11.1-r1.ebuild
@@ -0,0 +1,55 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-multilib
+
+DESCRIPTION="A library for reading and editing audio meta data"
+HOMEPAGE="https://taglib.github.io/"
+SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="LGPL-2.1 MPL-1.1"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris"
+SLOT="0"
+IUSE="boost debug examples test"
+
+RDEPEND=">=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}]
+	boost? ( dev-libs/boost:=[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	>=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}]
+	test? ( >=dev-util/cppunit-1.13.2[${MULTILIB_USEDEP}] )
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.11-install-examples.patch
+	"${FILESDIR}"/${P}-CVE-2017-12678.patch
+)
+
+MULTILIB_CHOST_TOOLS=(
+	/usr/bin/taglib-config
+)
+
+src_prepare() {
+	cmake-utils_src_prepare
+
+	sed -e "s/BUILD_TESTS AND NOT BUILD_SHARED_LIBS/BUILD_TESTS/" \
+		-i CMakeLists.txt \
+		-i ConfigureChecks.cmake || die
+}
+
+multilib_src_configure() {
+	local mycmakeargs=(
+		-DBUILD_EXAMPLES=$(multilib_native_usex examples)
+		$(cmake-utils_use_find_package boost Boost)
+		-DBUILD_SHARED_LIBS=ON
+		-DBUILD_TESTS=$(usex test)
+	)
+
+	cmake-utils_src_configure
+}
+
+multilib_src_test() {
+	# ctest does not work
+	emake -C "${BUILD_DIR}" check
+}