diff --git a/taglib-CVE-2018-11439.patch b/taglib-CVE-2018-11439.patch new file mode 100644 index 0000000..55e6a2f --- /dev/null +++ b/taglib-CVE-2018-11439.patch @@ -0,0 +1,41 @@ +From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 +From: Scott Gayou +Date: Mon, 4 Jun 2018 11:34:36 -0400 +Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) + +CVE-2018-11439 is caused by a failure to check the minimum length +of a ogg flac header. This header is detailed in full at: +https://xiph.org/flac/ogg_mapping.html. Added more strict checking +for entire header. +--- + taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp +index 53d04508a..07ea9dccc 100644 +--- a/taglib/ogg/flac/oggflacfile.cpp ++++ b/taglib/ogg/flac/oggflacfile.cpp +@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() + + if(!metadataHeader.startsWith("fLaC")) { + // FLAC 1.1.2+ ++ // See https://xiph.org/flac/ogg_mapping.html for the header specification. ++ if(metadataHeader.size() < 13) ++ return; ++ ++ if(metadataHeader[0] != 0x7f) ++ return; ++ + if(metadataHeader.mid(1, 4) != "FLAC") + return; + +- if(metadataHeader[5] != 1) +- return; // not version 1 ++ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) ++ return; // not version 1.0 ++ ++ if(metadataHeader.mid(9, 4) != "fLaC") ++ return; + + metadataHeader = metadataHeader.mid(13); + } diff --git a/taglib.changes b/taglib.changes index 87f2084..76480c9 100644 --- a/taglib.changes +++ b/taglib.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Wed Jun 6 08:38:38 UTC 2018 - kbabioch@suse.com + +- Added taglib-CVE-2018-11439.patch: Fix an out-of-bounds read when loading + invalid ogg flac files (CVE-2018-11439, bsc#1096180). +- Applied spec-cleaner to specfile + ------------------------------------------------------------------- Tue Sep 26 09:27:25 UTC 2017 - tchvatal@suse.com diff --git a/taglib.spec b/taglib.spec index d44e0c1..0877945 100644 --- a/taglib.spec +++ b/taglib.spec @@ -1,7 +1,7 @@ # # spec file for package taglib # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,14 +20,15 @@ Name: taglib Version: 1.11.1 Release: 0 Summary: Audio Meta-Data Library -License: LGPL-2.1+ AND MPL-1.1 +License: LGPL-2.1-or-later AND MPL-1.1 Group: Productivity/Multimedia/Other -Url: http://taglib.github.io/ +URL: http://taglib.github.io/ Source0: http://taglib.github.io/releases/%{name}-%{version}.tar.gz Source1: %{name}.desktop Source100: baselibs.conf # PATCH-FIX-SECURITY taglib-CVE-2017-12678.patch bsc1052699 CVE-2017-12678 sbrabec@suse.com -- Prevent denial of service. Patch0: taglib-CVE-2017-12678.patch +Patch1: taglib-CVE-2018-11439.patch BuildRequires: cmake >= 2.8 BuildRequires: doxygen BuildRequires: fdupes @@ -52,7 +53,7 @@ command line. %package -n libtag1 Summary: Audio Meta-Data Library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Conflicts: taglib <= 1.6.3 @@ -64,7 +65,7 @@ TrueAudio, WAV, AIFF, MP4 and ASF files. %package -n libtag_c0 Summary: Audio Meta-Data Library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Conflicts: taglib <= 1.6.3 @@ -76,7 +77,7 @@ TrueAudio, WAV, AIFF, MP4 and ASF files. %package -n libtag-devel Summary: Development files for taglib -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: libstdc++-devel Requires: libtag1 = %{version}-%{release} @@ -92,6 +93,7 @@ This package contains development files for taglib. %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %cmake \