diff --git a/srcpkgs/taglib/patches/CVE-2017-12678.patch b/srcpkgs/taglib/patches/CVE-2017-12678.patch deleted file mode 100644 index 4bd9f2be17..0000000000 --- a/srcpkgs/taglib/patches/CVE-2017-12678.patch +++ /dev/null @@ -1,40 +0,0 @@ -From eb9ded1206f18f2c319157337edea2533a40bea6 Mon Sep 17 00:00:00 2001 -From: "Stephen F. Booth" -Date: Sun, 23 Jul 2017 10:11:09 -0400 -Subject: [PATCH] Don't assume TDRC is an instance of TextIdentificationFrame - -If TDRC is encrypted, FrameFactory::createFrame() returns UnknownFrame -which causes problems in rebuildAggregateFrames() when it is assumed -that TDRC is a TextIdentificationFrame - -Upstream-Status: Backport -[https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6] - -CVE: CVE-2017-12678 - -Signed-off-by: Yi Zhao ---- - taglib/mpeg/id3v2/id3v2framefactory.cpp | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/taglib/mpeg/id3v2/id3v2framefactory.cpp b/taglib/mpeg/id3v2/id3v2framefactory.cpp -index 759a9b7b..9347ab86 100644 ---- a/taglib/mpeg/id3v2/id3v2framefactory.cpp -+++ b/taglib/mpeg/id3v2/id3v2framefactory.cpp -@@ -334,10 +334,11 @@ void FrameFactory::rebuildAggregateFrames(ID3v2::Tag *tag) const - tag->frameList("TDAT").size() == 1) - { - TextIdentificationFrame *tdrc = -- static_cast(tag->frameList("TDRC").front()); -+ dynamic_cast(tag->frameList("TDRC").front()); - UnknownFrame *tdat = static_cast(tag->frameList("TDAT").front()); - -- if(tdrc->fieldList().size() == 1 && -+ if(tdrc && -+ tdrc->fieldList().size() == 1 && - tdrc->fieldList().front().size() == 4 && - tdat->data().size() >= 5) - { --- -2.13.5 - diff --git a/srcpkgs/taglib/patches/CVE-2018-11439.patch b/srcpkgs/taglib/patches/CVE-2018-11439.patch deleted file mode 100644 index cdd66e67f7..0000000000 --- a/srcpkgs/taglib/patches/CVE-2018-11439.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 272648ccfcccae30e002ccf34a22e075dd477278 Mon Sep 17 00:00:00 2001 -From: Scott Gayou -Date: Mon, 4 Jun 2018 11:34:36 -0400 -Subject: [PATCH] Fixed OOB read when loading invalid ogg flac file. (#868) - -This CVE is caused by a failure to check the minimum length -of a ogg flac header. This header is detailed in full at: -https://xiph.org/flac/ogg_mapping.html. Added more strict checking -for entire header. - -Upstream-Status: Backport -[https://github.com/taglib/taglib/pull/869/commits/272648ccfcccae30e002ccf34a22e075dd477278] - -CVE: CVE-2018-11439 - -Signed-off-by: Yi Zhao ---- - taglib/ogg/flac/oggflacfile.cpp | 14 ++++++++++++-- - 1 file changed, 12 insertions(+), 2 deletions(-) - -diff --git a/taglib/ogg/flac/oggflacfile.cpp b/taglib/ogg/flac/oggflacfile.cpp -index 53d0450..07ea9dc 100644 ---- a/taglib/ogg/flac/oggflacfile.cpp -+++ b/taglib/ogg/flac/oggflacfile.cpp -@@ -231,11 +231,21 @@ void Ogg::FLAC::File::scan() - - if(!metadataHeader.startsWith("fLaC")) { - // FLAC 1.1.2+ -+ // See https://xiph.org/flac/ogg_mapping.html for the header specification. -+ if(metadataHeader.size() < 13) -+ return; -+ -+ if(metadataHeader[0] != 0x7f) -+ return; -+ - if(metadataHeader.mid(1, 4) != "FLAC") - return; - -- if(metadataHeader[5] != 1) -- return; // not version 1 -+ if(metadataHeader[5] != 1 && metadataHeader[6] != 0) -+ return; // not version 1.0 -+ -+ if(metadataHeader.mid(9, 4) != "fLaC") -+ return; - - metadataHeader = metadataHeader.mid(13); - } --- -2.7.4 - diff --git a/srcpkgs/taglib/template b/srcpkgs/taglib/template index d385b4ad26..05b6f143ef 100644 --- a/srcpkgs/taglib/template +++ b/srcpkgs/taglib/template @@ -1,18 +1,17 @@ # Template file for 'taglib' pkgname=taglib -version=1.11.1 -revision=4 -patch_args="-Np1" +version=1.12 +revision=1 build_style=cmake configure_args="-DWITH_MP4=ON -DWITH_ASF=ON -DBUILD_SHARED_LIBS=ON" hostmakedepends="pkg-config" makedepends="zlib-devel" short_desc="Library for accessing ID tags in various media files" maintainer="Orphaned " +license="LGPL-2.1-or-later, MPL-1.1" homepage="https://taglib.github.io/" -license="LGPL-2.1, MPL-1.1" distfiles="https://github.com/taglib/taglib/archive/v${version}.tar.gz" -checksum=b6d1a5a610aae6ff39d93de5efd0fdc787aa9e9dc1e7026fa4c961b26563526b +checksum=b5a56f78a8bd962aaaec992b25a031f541b949b6eb30aa232bd6d5fa17cf8fa8 taglib-devel_package() { depends="${makedepends} ${sourcepkg}>=${version}_${revision}"