Accepting request 515262 from home:sbrabec:branches:multimedia:libs

- Update to versio 1.11.1:
  * Fixed binary incompatible change in TagLib::String.
  * Fixed reading ID3v2 CTOC frames with a lot of entries.
  * Fixed seeking ByteVectorStream from the end.
- Prevent denial of service (bsc#1052699, CVE-2017-12678,
  taglib-CVE-2017-12678.patch).

OBS-URL: https://build.opensuse.org/request/show/515262
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/taglib?expand=0&rev=71

taglib-1.11.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b6d1a5a610aae6ff39d93de5efd0fdc787aa9e9dc1e7026fa4c961b26563526b
+size 1261620

taglib-1.11.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ed4cabb3d970ff9a30b2620071c2b054c4347f44fc63546dbe06f97980ece288
-size 1263736

taglib-CVE-2017-12678.patch

@@ -0,0 +1,35 @@
+https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6
+
+From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001
+From: "Stephen F. Booth" <me@sbooth.org>
+Date: Sun, 23 Jul 2017 10:11:09 -0400
+Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame
+
+If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame
+which causes problems in rebuildAggregateFrames() when it is assumed
+that TDRC is a TextIdentificationFrame
+---
+ taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+index 759a9b7b..9347ab86 100644
+--- a/taglib/mpeg/id3v2/id3v2framefactory.cpp
++++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp
+@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const
+      tag->frameList("TDAT").size() == 1)
+   {
+     TextIdentificationFrame *tdrc =
+-      static_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
++      dynamic_cast<TextIdentificationFrame *>(tag->frameList("TDRC").front());
+     UnknownFrame *tdat = static_cast<UnknownFrame *>(tag->frameList("TDAT").front());
+ 
+-    if(tdrc->fieldList().size() == 1 &&
++    if(tdrc &&
++       tdrc->fieldList().size() == 1 &&
+        tdrc->fieldList().front().size() == 4 &&
+        tdat->data().size() >= 5)
+     {
+-- 
+2.13.1
+

taglib.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Aug  8 22:36:41 CEST 2017 - sbrabec@suse.com
+
+- Update to versio 1.11.1:
+  * Fixed binary incompatible change in TagLib::String.
+  * Fixed reading ID3v2 CTOC frames with a lot of entries.
+  * Fixed seeking ByteVectorStream from the end.
+- Prevent denial of service (bsc#1052699, CVE-2017-12678,
+  taglib-CVE-2017-12678.patch).
+
 -------------------------------------------------------------------
 Mon May  2 18:24:57 UTC 2016 - aloisio@gmx.com
 

taglib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package taglib
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,14 +17,16 @@
 
 
 Name:           taglib
-Version:        1.11
+Version:        1.11.1
 Release:        0
 Summary:        Audio Meta-Data Library
 License:        LGPL-2.1+ and MPL-1.1
 Group:          Productivity/Multimedia/Other
 Url:            http://taglib.github.io/
-Source0:        http://taglib.github.io/releases/taglib-%{version}.tar.gz
+Source0:        http://taglib.github.io/releases/%{name}-%{version}.tar.gz
 Source1:        %{name}.desktop
+# PATCH-FIX-SECURITY taglib-CVE-2017-12678.patch bsc1052699 CVE-2017-12678 sbrabec@suse.com -- Prevent denial of service.
+Patch:          taglib-CVE-2017-12678.patch
 Source100:      baselibs.conf
 BuildRequires:  cmake >= 2.8
 BuildRequires:  doxygen
@@ -97,6 +99,7 @@ This package contains development files for taglib.
 
 %prep
 %setup -q
+%patch -p1
 
 %build
 %cmake \