Commit a78a6f94 authored by David King's avatar David King

Update libid3tag patches in flatpak manifest

Patches to fix CVE-2004-2779 and CVE-2017-11550 copied from Fedora
package.
parent a0e70ff9
......@@ -70,6 +70,19 @@
"path": "libid3tag-0.15.1b-fix_overflow.patch",
"strip-components": 0
},
{
"type": "patch",
"path": "libid3tag-0.15.1b-handle-unknown-encoding.patch"
},
{
"type": "patch",
"path": "libid3tag-0.15.1b-id3v1-zero-padding.patch"
},
{
"type": "patch",
"path": "libid3tag-0.15.1b-id3v2-endless-loop.patch",
"strip-components": 0
},
{
"type": "patch",
"path": "libid3tag-0.15.1b-pkgconfig.patch"
......
#! /bin/sh /usr/share/dpatch/dpatch-run
## 11_unknown_encoding.dpatch by Andreas Henriksson <andreas@fatal.se>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: In case of an unknown/invalid encoding, id3_parse_string() will
## DP: return NULL, but the return value wasn't checked resulting
## DP: in segfault in id3_ucs4_length(). This is the only place
## DP: the return value wasn't checked.
@DPATCH@
diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
--- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000
+++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000
@@ -236,6 +236,10 @@
encoding = id3_parse_uint(&data, 1);
string = id3_parse_string(&data, end - data, encoding, 0);
+ if (!string)
+ {
+ continue;
+ }
if (id3_ucs4_length(string) < 4) {
free(string);
diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
--- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000
+++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000
@@ -165,6 +165,9 @@
case ID3_FIELD_TEXTENCODING_UTF_8:
ucs4 = id3_utf8_deserialize(ptr, length);
break;
+ default:
+ /* FIXME: Unknown encoding! Print warning? */
+ return NULL;
}
if (ucs4 && !full) {
#! /bin/sh /usr/share/dpatch/dpatch-run
## 10_id3v1_zeropadding.dpatch by <sm17hs@gmail.com>
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Use zero padding instead of space padding for ID3V1 fields
## DP: (as requested by http://id3lib.sourceforge.net/id3/id3v1.html).
@DPATCH@
diff -urNad libid3tag-0.15.1b~/render.c libid3tag-0.15.1b/render.c
--- libid3tag-0.15.1b~/render.c 2004-01-23 10:41:32.000000000 +0100
+++ libid3tag-0.15.1b/render.c 2009-11-09 17:17:48.000000000 +0100
@@ -183,18 +183,16 @@
end = data + length;
if (ucs4) {
- while (*ucs4 && end - data > 0) {
+ while (*ucs4 && end - data > 0)
*data++ = *ucs4++;
-
- if (data[-1] == '\n')
- data[-1] = ' ';
- }
}
- while (end - data > 0)
- *data++ = ' ';
-
*data = 0;
- return id3_latin1_serialize(ptr, padded, 0);
+ id3_latin1_serialize(ptr, padded, 0);
+
+ if (end - data > 0)
+ id3_render_padding(ptr, 0, end - data);
+
+ return length;
}
--- utf16.c.old 2005-01-07 12:35:28.622883237 +0100
+++ utf16.c 2005-01-07 12:35:36.603673548 +0100
@@ -250,6 +250,8 @@
id3_ucs4_t *ucs4;
end = *ptr + (length & ~1);
+ if (end == *ptr)
+ return 0;
utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
if (utf16 == 0)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment