From 96280e607739038a6f0ed6778fb3f01b82a5f534 Mon Sep 17 00:00:00 2001 From: Andreas Sturmlechner Date: Tue, 8 Aug 2017 19:26:24 +0200 Subject: media-libs/taglib: Security revbump for CVE-2017-12678 Package-Manager: Portage-2.3.6, Repoman-2.3.1 --- .../files/taglib-1.11.1-CVE-2017-12678.patch | 30 ++++++++++++ media-libs/taglib/taglib-1.11.1-r1.ebuild | 55 ++++++++++++++++++++++ 2 files changed, 85 insertions(+) create mode 100644 media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch create mode 100644 media-libs/taglib/taglib-1.11.1-r1.ebuild (limited to 'media-libs/taglib') diff --git a/media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch b/media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch new file mode 100644 index 000000000000..4b567da19821 --- /dev/null +++ b/media-libs/taglib/files/taglib-1.11.1-CVE-2017-12678.patch @@ -0,0 +1,30 @@ +From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001 +From: "Stephen F. Booth" +Date: Sun, 23 Jul 2017 10:11:09 -0400 +Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame + +If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame +which causes problems in rebuildAggregateFrames() when it is assumed +that TDRC is a TextIdentificationFrame +--- + taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp +index 759a9b7be..9347ab869 100644 +--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp ++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp +@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const + tag->frameList("TDAT").size() == 1) + { + TextIdentificationFrame *tdrc = +- static_cast(tag->frameList("TDRC").front()); ++ dynamic_cast(tag->frameList("TDRC").front()); + UnknownFrame *tdat = static_cast(tag->frameList("TDAT").front()); + +- if(tdrc->fieldList().size() == 1 && ++ if(tdrc && ++ tdrc->fieldList().size() == 1 && + tdrc->fieldList().front().size() == 4 && + tdat->data().size() >= 5) + { diff --git a/media-libs/taglib/taglib-1.11.1-r1.ebuild b/media-libs/taglib/taglib-1.11.1-r1.ebuild new file mode 100644 index 000000000000..f8b48fe19f0c --- /dev/null +++ b/media-libs/taglib/taglib-1.11.1-r1.ebuild @@ -0,0 +1,55 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit cmake-multilib + +DESCRIPTION="A library for reading and editing audio meta data" +HOMEPAGE="https://taglib.github.io/" +SRC_URI="https://github.com/${PN}/${PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz" + +LICENSE="LGPL-2.1 MPL-1.1" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris" +SLOT="0" +IUSE="boost debug examples test" + +RDEPEND=">=sys-libs/zlib-1.2.8-r1[${MULTILIB_USEDEP}] + boost? ( dev-libs/boost:=[${MULTILIB_USEDEP}] )" +DEPEND="${RDEPEND} + >=virtual/pkgconfig-0-r1[${MULTILIB_USEDEP}] + test? ( >=dev-util/cppunit-1.13.2[${MULTILIB_USEDEP}] ) +" + +PATCHES=( + "${FILESDIR}"/${PN}-1.11-install-examples.patch + "${FILESDIR}"/${P}-CVE-2017-12678.patch +) + +MULTILIB_CHOST_TOOLS=( + /usr/bin/taglib-config +) + +src_prepare() { + cmake-utils_src_prepare + + sed -e "s/BUILD_TESTS AND NOT BUILD_SHARED_LIBS/BUILD_TESTS/" \ + -i CMakeLists.txt \ + -i ConfigureChecks.cmake || die +} + +multilib_src_configure() { + local mycmakeargs=( + -DBUILD_EXAMPLES=$(multilib_native_usex examples) + $(cmake-utils_use_find_package boost Boost) + -DBUILD_SHARED_LIBS=ON + -DBUILD_TESTS=$(usex test) + ) + + cmake-utils_src_configure +} + +multilib_src_test() { + # ctest does not work + emake -C "${BUILD_DIR}" check +} -- cgit v1.2.3-65-gdbad