diff --git a/taglib-1.11.1+git20181028.tar.gz b/taglib-1.11.1+git20181028.tar.gz new file mode 100644 index 0000000..de14e91 --- /dev/null +++ b/taglib-1.11.1+git20181028.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:50fb6715272818c043d7c71f8d9ffb0c8364992a6121bc209e2ff81632994f9c +size 1299993 diff --git a/taglib-1.11.1.tar.gz b/taglib-1.11.1.tar.gz deleted file mode 100644 index 85f118b..0000000 --- a/taglib-1.11.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b6d1a5a610aae6ff39d93de5efd0fdc787aa9e9dc1e7026fa4c961b26563526b -size 1261620 diff --git a/taglib-CVE-2017-12678.patch b/taglib-CVE-2017-12678.patch deleted file mode 100644 index f04ea55..0000000 --- a/taglib-CVE-2017-12678.patch +++ /dev/null @@ -1,35 +0,0 @@ -https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6 - -From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001 -From: "Stephen F. Booth" -Date: Sun, 23 Jul 2017 10:11:09 -0400 -Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame - -If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame -which causes problems in rebuildAggregateFrames() when it is assumed -that TDRC is a TextIdentificationFrame ---- - taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp -index 759a9b7b..9347ab86 100644 ---- a/taglib/mpeg/id3v2/id3v2framefactory.cpp -+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp -@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const - tag->frameList("TDAT").size() == 1) - { - TextIdentificationFrame *tdrc = -- static_cast(tag->frameList("TDRC").front()); -+ dynamic_cast(tag->frameList("TDRC").front()); - UnknownFrame *tdat = static_cast(tag->frameList("TDAT").front()); - -- if(tdrc->fieldList().size() == 1 && -+ if(tdrc && -+ tdrc->fieldList().size() == 1 && - tdrc->fieldList().front().size() == 4 && - tdat->data().size() >= 5) - { --- -2.13.1 - diff --git a/taglib-CVE-2018-11439.patch b/taglib-CVE-2018-11439.patch deleted file mode 100644 index 55e6a2f..0000000 --- a/taglib-CVE-2018-11439.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 -From: Scott Gayou -Date: Mon, 4 Jun 2018 11:34:36 -0400 -Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) - -CVE-2018-11439 is caused by a failure to check the minimum length -of a ogg flac header. This header is detailed in full at: -https://xiph.org/flac/ogg_mapping.html. Added more strict checking -for entire header. ---- - taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp -index 53d04508a..07ea9dccc 100644 ---- a/taglib/ogg/flac/oggflacfile.cpp -+++ b/taglib/ogg/flac/oggflacfile.cpp -@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() - - if(!metadataHeader.startsWith("fLaC")) { - // FLAC 1.1.2+ -+ // See https://xiph.org/flac/ogg_mapping.html for the header specification. -+ if(metadataHeader.size() < 13) -+ return; -+ -+ if(metadataHeader[0] != 0x7f) -+ return; -+ - if(metadataHeader.mid(1, 4) != "FLAC") - return; - -- if(metadataHeader[5] != 1) -- return; // not version 1 -+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) -+ return; // not version 1.0 -+ -+ if(metadataHeader.mid(9, 4) != "fLaC") -+ return; - - metadataHeader = metadataHeader.mid(13); - } diff --git a/taglib-fix-ogg.patch b/taglib-fix-ogg.patch deleted file mode 100644 index 97442cd..0000000 --- a/taglib-fix-ogg.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 9336c82da3a04552168f208cd7a5fa4646701ea4 Mon Sep 17 00:00:00 2001 -From: Tsuda Kageyu -Date: Thu, 1 Dec 2016 11:32:01 +0900 -Subject: [PATCH] Fix possible Ogg packet losses. - ---- - taglib/ogg/oggfile.cpp | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/taglib/ogg/oggfile.cpp b/taglib/ogg/oggfile.cpp -index 86b0b076..c36e4d46 100644 ---- a/taglib/ogg/oggfile.cpp -+++ b/taglib/ogg/oggfile.cpp -@@ -253,7 +253,7 @@ void Ogg::File::writePacket(unsigned int i, const ByteVector &packet) - ByteVectorList packets = firstPage->packets(); - packets[i - firstPage->firstPacketIndex()] = packet; - -- if(firstPage != lastPage && lastPage->packetCount() > 2) { -+ if(firstPage != lastPage && lastPage->packetCount() > 1) { - ByteVectorList lastPagePackets = lastPage->packets(); - lastPagePackets.erase(lastPagePackets.begin()); - packets.append(lastPagePackets); --- -2.19.1 - diff --git a/taglib-versionbump.patch b/taglib-versionbump.patch new file mode 100644 index 0000000..4e5011e --- /dev/null +++ b/taglib-versionbump.patch @@ -0,0 +1,13 @@ +Index: taglib/toolkit/taglib.h +=================================================================== +--- taglib/toolkit/taglib.h.orig 2018-10-28 15:43:45.000000000 +0200 ++++ taglib/toolkit/taglib.h 2018-11-03 14:59:44.431327422 +0200 +@@ -30,7 +30,7 @@ + + #define TAGLIB_MAJOR_VERSION 1 + #define TAGLIB_MINOR_VERSION 11 +-#define TAGLIB_PATCH_VERSION 1 ++#define TAGLIB_PATCH_VERSION 2 + + #if defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ > 1)) || defined(__clang__) + #define TAGLIB_IGNORE_MISSING_DESTRUCTOR _Pragma("GCC diagnostic ignored \"-Wnon-virtual-dtor\"") diff --git a/taglib.changes b/taglib.changes index 8ec9338..dea2aab 100644 --- a/taglib.changes +++ b/taglib.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Wed Dec 5 09:07:42 UTC 2018 - davejplater@gmail.com + +- Update to 1.11.1+git20181028 and add taglib-versionbump.patch to + enable qt5 clementine to build with system taglib. +- Removed incorporated taglib-CVE-2017-12678.patch, + taglib-CVE-2018-11439.patch and taglib-fix-ogg.patch. +- Upstream changes: + *Added support for DSF and DSDIFF files. + *Added support for WinRT. + *Added support for classical music tags of iTunes 12.5. + *Added support for file descriptor to FileStream. + *Added support for 'cmID', 'purl', 'egid' MP4 atoms. + *Enabled FileRef to detect file types based on the stream content. + *Check for mandatory header objects in ASF files. + *Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439). + *Fixed handling of empty MPEG files. + *Fixed reading MP4 atoms with zero length. + *Fixed reading FLAC files with zero-sized seektables. + *Fixed handling of lowercase field names in Vorbis Comments. + *Fixed handling of 'rate' atoms in MP4 files. + *Fixed handling of invalid UTF-8 sequences. + *Fixed possible file corruptions when saving Ogg files. + *TableOfContentsFrame::toString() improved. + *UserTextIdentificationFrame::toString() improved. + *Marked FileRef::create() deprecated. + *Several smaller bug fixes and performance improvements. + ------------------------------------------------------------------- Tue Nov 13 22:29:57 UTC 2018 - Jonas Kvinge diff --git a/taglib.spec b/taglib.spec index 773fe74..5e702b4 100644 --- a/taglib.spec +++ b/taglib.spec @@ -12,24 +12,24 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# Please submit bugfixes or comments via http://bugs.opensuse.org/ # +%define rev 5cb589a5b82c13ba8f0542e5e79629da7645cb3c + Name: taglib -Version: 1.11.1 +Version: 1.11.1+git20181028 Release: 0 Summary: Audio Meta-Data Library License: LGPL-2.1-or-later AND MPL-1.1 Group: Productivity/Multimedia/Other URL: http://taglib.github.io/ -Source0: http://taglib.github.io/releases/%{name}-%{version}.tar.gz +Source0: https://github.com/taglib/taglib/archive/%{rev}.tar.gz#/%{name}-%{version}.tar.gz +#Source0: http://taglib.github.io/releases/%%{name}-%%{version}.tar.gz Source1: %{name}.desktop Source100: baselibs.conf -# PATCH-FIX-SECURITY taglib-CVE-2017-12678.patch bsc1052699 CVE-2017-12678 sbrabec@suse.com -- Prevent denial of service. -Patch0: taglib-CVE-2017-12678.patch -Patch1: taglib-CVE-2018-11439.patch -Patch2: taglib-fix-ogg.patch +Patch0: taglib-versionbump.patch BuildRequires: cmake >= 2.8 BuildRequires: doxygen BuildRequires: fdupes @@ -92,10 +92,8 @@ Obsoletes: taglib-devel <= 1.6.3 This package contains development files for taglib. %prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 +%setup -q -n %{name}-%{rev} +%patch0 -p0 %build %cmake \