Hello community, here is the log from the commit of package taglib for openSUSE:Factory checked in at 2018-06-13 15:15:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/taglib (Old) and /work/SRC/openSUSE:Factory/.taglib.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "taglib" Wed Jun 13 15:15:51 2018 rev:50 rq:614499 version:1.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/taglib/taglib.changes 2017-09-29 11:50:08.083235608 +0200 +++ /work/SRC/openSUSE:Factory/.taglib.new/taglib.changes 2018-06-13 15:15:53.944323281 +0200 @@ -1,0 +2,7 @@ +Wed Jun 6 08:38:38 UTC 2018 - [email protected] + +- Added taglib-CVE-2018-11439.patch: Fix an out-of-bounds read when loading + invalid ogg flac files (CVE-2018-11439, bsc#1096180). +- Applied spec-cleaner to specfile + +------------------------------------------------------------------- New: ---- taglib-CVE-2018-11439.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ taglib.spec ++++++ --- /var/tmp/diff_new_pack.iUhdlW/_old 2018-06-13 15:15:54.720294969 +0200 +++ /var/tmp/diff_new_pack.iUhdlW/_new 2018-06-13 15:15:54.724294823 +0200 @@ -1,7 +1,7 @@ # # spec file for package taglib # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,14 +20,15 @@ Version: 1.11.1 Release: 0 Summary: Audio Meta-Data Library -License: LGPL-2.1+ AND MPL-1.1 +License: LGPL-2.1-or-later AND MPL-1.1 Group: Productivity/Multimedia/Other -Url: http://taglib.github.io/ +URL: http://taglib.github.io/ Source0: http://taglib.github.io/releases/%{name}-%{version}.tar.gz Source1: %{name}.desktop Source100: baselibs.conf # PATCH-FIX-SECURITY taglib-CVE-2017-12678.patch bsc1052699 CVE-2017-12678 [email protected] -- Prevent denial of service. Patch0: taglib-CVE-2017-12678.patch +Patch1: taglib-CVE-2018-11439.patch BuildRequires: cmake >= 2.8 BuildRequires: doxygen BuildRequires: fdupes @@ -52,7 +53,7 @@ %package -n libtag1 Summary: Audio Meta-Data Library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Conflicts: taglib <= 1.6.3 @@ -64,7 +65,7 @@ %package -n libtag_c0 Summary: Audio Meta-Data Library -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: System/Libraries Conflicts: taglib <= 1.6.3 @@ -76,7 +77,7 @@ %package -n libtag-devel Summary: Development files for taglib -License: LGPL-2.1+ +License: LGPL-2.1-or-later Group: Development/Libraries/C and C++ Requires: libstdc++-devel Requires: libtag1 = %{version}-%{release} @@ -92,6 +93,7 @@ %prep %setup -q %patch0 -p1 +%patch1 -p1 %build %cmake \ ++++++ taglib-CVE-2018-11439.patch ++++++ >From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 From: Scott Gayou <[email protected]> Date: Mon, 4 Jun 2018 11:34:36 -0400 Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) CVE-2018-11439 is caused by a failure to check the minimum length of a ogg flac header. This header is detailed in full at: https://xiph.org/flac/ogg_mapping.html. Added more strict checking for entire header. --- taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp index 53d04508a..07ea9dccc 100644 --- a/taglib/ogg/flac/oggflacfile.cpp +++ b/taglib/ogg/flac/oggflacfile.cpp @@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() if(!metadataHeader.startsWith("fLaC")) { // FLAC 1.1.2+ + // See https://xiph.org/flac/ogg_mapping.html for the header specification. + if(metadataHeader.size() < 13) + return; + + if(metadataHeader[0] != 0x7f) + return; + if(metadataHeader.mid(1, 4) != "FLAC") return; - if(metadataHeader[5] != 1) - return; // not version 1 + if(metadataHeader[5] != 1 && metadataHeader[6] != 0) + return; // not version 1.0 + + if(metadataHeader.mid(9, 4) != "fLaC") + return; metadataHeader = metadataHeader.mid(13); }
