From 1c7d6584a7811b7785ae5c1e378f14b5ba0971cf Mon Sep 17 00:00:00 2001
From: takeshi_hoshina <takeshi_hoshina@mail.toyota.co.jp>
Date: Mon, 2 Nov 2020 11:07:33 +0900
Subject: basesystem-jj recipes

---
 .../libid3tag/libid3tag/10_utf16.dpatch            | 33 ------------------
 .../libid3tag/libid3tag/10_utf16.patch             | 34 +++++++++++++++++++
 .../libid3tag/libid3tag/unknown-encoding.patch     | 39 ++++++++++++++++++++++
 3 files changed, 73 insertions(+), 33 deletions(-)
 delete mode 100644 external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
 create mode 100644 external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch
 create mode 100644 external/poky/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch

(limited to 'external/poky/meta/recipes-multimedia/libid3tag/libid3tag')

diff --git a/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
deleted file mode 100644
index 8d09ce7b..00000000
--- a/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch
+++ /dev/null
@@ -1,33 +0,0 @@
-libid3tag: patch for CVE-2004-2779
-
-The patch comes from
-https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
-
-Upstream-Status: Pending
-
-CVE: CVE-2004-2779
-
-Signed-off-by: Changqing Li <changqing.li@windriver.com>
-
-diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
---- libid3tag-0.15.1b/utf16.c	2006-01-13 15:26:29.000000000 +0100
-+++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c	2006-01-13 15:27:19.000000000 +0100
-@@ -282,5 +282,18 @@
- 
-   free(utf16);
- 
-+  if (end == *ptr && length % 2 != 0)
-+  {
-+     /* We were called with a bogus length.  It should always
-+      * be an even number.  We can deal with this in a few ways:
-+      * - Always give an error.
-+      * - Try and parse as much as we can and
-+      *   - return an error if we're called again when we
-+      *     already tried to parse everything we can.
-+      *   - tell that we parsed it, which is what we do here.
-+      */
-+     (*ptr)++;
-+  }
-+
-   return ucs4;
- }
diff --git a/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch
new file mode 100644
index 00000000..10e08901
--- /dev/null
+++ b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch
@@ -0,0 +1,34 @@
+libid3tag: patch for CVE-2004-2779
+
+The patch comes from
+https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
+
+Upstream-Status: Pending
+
+CVE: CVE-2004-2779
+CVE: CVE-2017-11551
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
+--- libid3tag-0.15.1b/utf16.c	2006-01-13 15:26:29.000000000 +0100
++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c	2006-01-13 15:27:19.000000000 +0100
+@@ -282,5 +282,18 @@
+ 
+   free(utf16);
+ 
++  if (end == *ptr && length % 2 != 0)
++  {
++     /* We were called with a bogus length.  It should always
++      * be an even number.  We can deal with this in a few ways:
++      * - Always give an error.
++      * - Try and parse as much as we can and
++      *   - return an error if we're called again when we
++      *     already tried to parse everything we can.
++      *   - tell that we parsed it, which is what we do here.
++      */
++     (*ptr)++;
++  }
++
+   return ucs4;
+ }
diff --git a/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch
new file mode 100644
index 00000000..f0867b5f
--- /dev/null
+++ b/external/poky/meta/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch
@@ -0,0 +1,39 @@
+In case of an unknown/invalid encoding, id3_parse_string() will
+return NULL, but the return value wasn't checked resulting
+in segfault in id3_ucs4_length().  This is the only place
+the return value wasn't checked.
+
+Patch taken from Debian:
+https://sources.debian.org/patches/libid3tag/0.15.1b-14/11_unknown_encoding.dpatch/
+
+CVE: CVE-2017-11550
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
+--- libid3tag-0.15.1b~/compat.gperf	2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/compat.gperf	2007-01-14 14:36:53.000000000 +0000
+@@ -236,6 +236,10 @@
+ 
+     encoding = id3_parse_uint(&data, 1);
+     string   = id3_parse_string(&data, end - data, encoding, 0);
++    if (!string)
++    {
++	continue;
++    }
+ 
+     if (id3_ucs4_length(string) < 4) {
+       free(string);
+diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
+--- libid3tag-0.15.1b~/parse.c	2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/parse.c	2007-01-14 14:37:34.000000000 +0000
+@@ -165,6 +165,9 @@
+   case ID3_FIELD_TEXTENCODING_UTF_8:
+     ucs4 = id3_utf8_deserialize(ptr, length);
+     break;
++  default:
++  	/* FIXME: Unknown encoding! Print warning? */
++	return NULL;
+   }
+ 
+   if (ucs4 && !full) {
-- 
cgit 1.2.3-korg