diff options
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libid3tag')
4 files changed, 157 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch b/nixpkgs/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch new file mode 100644 index 000000000000..b1f9d0978cec --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch @@ -0,0 +1,13 @@ +Common subdirectories: libid3tag-0.15.1b/msvc++ and libid3tag-0.15.1b-patched/msvc++ +diff -uwp libid3tag-0.15.1b/utf16.c libid3tag-0.15.1b-patched/utf16.c +--- libid3tag-0.15.1b/utf16.c 2004-01-23 10:41:32.000000000 +0100 ++++ libid3tag-0.15.1b-patched/utf16.c 2018-11-01 13:12:00.866050641 +0100 +@@ -250,6 +250,8 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by + id3_ucs4_t *ucs4; + + end = *ptr + (length & ~1); ++ if (end == *ptr) ++ return 0; + + utf16 = malloc((length / 2 + 1) * sizeof(*utf16)); + if (utf16 == 0) diff --git a/nixpkgs/pkgs/development/libraries/libid3tag/debian-patches.patch b/nixpkgs/pkgs/development/libraries/libid3tag/debian-patches.patch new file mode 100644 index 000000000000..0a828b334cf8 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libid3tag/debian-patches.patch @@ -0,0 +1,89 @@ +diff --git a/compat.gperf b/compat.gperf +index 4e24613..5635980 100644 +--- a/compat.gperf ++++ b/compat.gperf +@@ -236,6 +236,10 @@ int id3_compat_fixup(struct id3_tag *tag) + + encoding = id3_parse_uint(&data, 1); + string = id3_parse_string(&data, end - data, encoding, 0); ++ if (!string) ++ { ++ continue; ++ } + + if (id3_ucs4_length(string) < 4) { + free(string); +diff --git a/genre.dat b/genre.dat +index 17acab5..1f02779 100644 +--- a/genre.dat ++++ b/genre.dat +@@ -277,8 +277,8 @@ static id3_ucs4_t const genre_PUNK_ROCK[] = + { 'P', 'u', 'n', 'k', ' ', 'R', 'o', 'c', 'k', 0 }; + static id3_ucs4_t const genre_DRUM_SOLO[] = + { 'D', 'r', 'u', 'm', ' ', 'S', 'o', 'l', 'o', 0 }; +-static id3_ucs4_t const genre_A_CAPPELLA[] = +- { 'A', ' ', 'C', 'a', 'p', 'p', 'e', 'l', 'l', 'a', 0 }; ++static id3_ucs4_t const genre_A_CAPELLA[] = ++ { 'A', ' ', 'C', 'a', 'p', 'e', 'l', 'l', 'a', 0 }; + static id3_ucs4_t const genre_EURO_HOUSE[] = + { 'E', 'u', 'r', 'o', '-', 'H', 'o', 'u', 's', 'e', 0 }; + static id3_ucs4_t const genre_DANCE_HALL[] = +@@ -452,7 +452,7 @@ static id3_ucs4_t const *const genre_table[] = { + genre_DUET, + genre_PUNK_ROCK, + genre_DRUM_SOLO, +- genre_A_CAPPELLA, ++ genre_A_CAPELLA, + genre_EURO_HOUSE, + genre_DANCE_HALL, + genre_GOA, +diff --git a/genre.dat.in b/genre.dat.in +index 872de40..e71e34b 100644 +--- a/genre.dat.in ++++ b/genre.dat.in +@@ -153,7 +153,7 @@ Freestyle + Duet + Punk Rock + Drum Solo +-A Cappella ++A Capella + Euro-House + Dance Hall + Goa +diff --git a/parse.c b/parse.c +index 86a3f21..947c249 100644 +--- a/parse.c ++++ b/parse.c +@@ -165,6 +165,9 @@ id3_ucs4_t *id3_parse_string(id3_byte_t const **ptr, id3_length_t length, + case ID3_FIELD_TEXTENCODING_UTF_8: + ucs4 = id3_utf8_deserialize(ptr, length); + break; ++ default: ++ /* FIXME: Unknown encoding! Print warning? */ ++ return NULL; + } + + if (ucs4 && !full) { +diff --git a/utf16.c b/utf16.c +index 70ee9d5..6e60a75 100644 +--- a/utf16.c ++++ b/utf16.c +@@ -282,5 +282,18 @@ id3_ucs4_t *id3_utf16_deserialize(id3_byte_t const **ptr, id3_length_t length, + + free(utf16); + ++ if (end == *ptr && length % 2 != 0) ++ { ++ /* We were called with a bogus length. It should always ++ * be an even number. We can deal with this in a few ways: ++ * - Always give an error. ++ * - Try and parse as much as we can and ++ * - return an error if we're called again when we ++ * already tried to parse everything we can. ++ * - tell that we parsed it, which is what we do here. ++ */ ++ (*ptr)++; ++ } ++ + return ucs4; + } \ No newline at end of file diff --git a/nixpkgs/pkgs/development/libraries/libid3tag/default.nix b/nixpkgs/pkgs/development/libraries/libid3tag/default.nix new file mode 100644 index 000000000000..674862d694c7 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libid3tag/default.nix @@ -0,0 +1,44 @@ +{stdenv, fetchurl, zlib, gperf}: + +stdenv.mkDerivation rec { + pname = "libid3tag"; + version = "0.15.1b"; + + src = fetchurl { + url = mirror://sourceforge/mad/libid3tag-0.15.1b.tar.gz; + sha256 = "63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151"; + }; + + outputs = [ "out" "dev" ]; + setOutputFlags = false; + + propagatedBuildInputs = [ zlib gperf ]; + + patches = [ + ./debian-patches.patch + ./CVE-2017-11550-and-CVE-2017-11551.patch + ]; + + preConfigure = '' + configureFlagsArray+=( + --includedir=$dev/include + ) + ''; + + postInstall = '' + mkdir -p $dev/lib/pkgconfig + cp ${./id3tag.pc} $dev/lib/pkgconfig/id3tag.pc + substituteInPlace $dev/lib/pkgconfig/id3tag.pc \ + --subst-var-by out $out \ + --subst-var-by dev $dev \ + --subst-var-by version "${version}" + ''; + + meta = with stdenv.lib; { + description = "ID3 tag manipulation library"; + homepage = http://mad.sourceforge.net/; + license = licenses.gpl2; + maintainers = [ maintainers.fuuzetsu ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/libid3tag/id3tag.pc b/nixpkgs/pkgs/development/libraries/libid3tag/id3tag.pc new file mode 100644 index 000000000000..e3df7b3f9df0 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libid3tag/id3tag.pc @@ -0,0 +1,11 @@ +prefix=@out@ +exec_prefix=${prefix} +libdir=${exec_prefix}/lib +includedir=@dev@/include + +Name: libid3tag +Description: ID3 tag manipulation library +Version: @version@ + +Libs: -L${libdir} -lid3tag +Cflags: -I${includedir} |