From: Alexander Kanavin <alex.kanavin@gmail.com>
To: openembedded-devel@lists.openembedded.org
Cc: Alexander Kanavin <alex@linutronix.de>
Subject: [PATCH] libid3tag: add from oe-core
Date: Fri, 3 Dec 2021 11:36:53 +0100 [thread overview]
Message-ID: <20211203103653.1099149-1-alex@linutronix.de> (raw)
Signed-off-by: Alexander Kanavin <alex@linutronix.de>
---
.../0001-Fix-gperf-3.1-incompatibility.patch | 40 +++++++++++++++++
.../libid3tag/libid3tag/10_utf16.patch | 34 +++++++++++++++
.../libid3tag/libid3tag/addpkgconfig.patch | 43 +++++++++++++++++++
.../libid3tag/libid3tag/cflags_filter.patch | 19 ++++++++
.../libid3tag/obsolete_automake_macros.patch | 15 +++++++
.../libid3tag/unknown-encoding.patch | 39 +++++++++++++++++
.../libid3tag/libid3tag_0.15.1b.bb | 28 ++++++++++++
7 files changed, 218 insertions(+)
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag/0001-Fix-gperf-3.1-incompatibility.patch
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag/addpkgconfig.patch
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag/obsolete_automake_macros.patch
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch
create mode 100644 meta-oe/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag/0001-Fix-gperf-3.1-incompatibility.patch b/meta-oe/recipes-multimedia/libid3tag/libid3tag/0001-Fix-gperf-3.1-incompatibility.patch
new file mode 100644
index 000000000..54f49f6f2
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag/0001-Fix-gperf-3.1-incompatibility.patch
@@ -0,0 +1,40 @@
+From 91fcf66b9182c75cd2b96d88991d5a1c6307d4b4 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Wed, 2 Aug 2017 16:27:52 +0300
+Subject: [PATCH] Fix gperf 3.1 incompatibility.
+
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ compat.h | 2 +-
+ frametype.h | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/compat.h b/compat.h
+index 8af71ec..b3d80d9 100644
+--- a/compat.h
++++ b/compat.h
+@@ -34,7 +34,7 @@ struct id3_compat {
+ };
+
+ struct id3_compat const *id3_compat_lookup(register char const *,
+- register unsigned int);
++ register size_t);
+
+ int id3_compat_fixup(struct id3_tag *);
+
+diff --git a/frametype.h b/frametype.h
+index dd064b2..b5b7593 100644
+--- a/frametype.h
++++ b/frametype.h
+@@ -37,6 +37,6 @@ extern struct id3_frametype const id3_frametype_unknown;
+ extern struct id3_frametype const id3_frametype_obsolete;
+
+ struct id3_frametype const *id3_frametype_lookup(register char const *,
+- register unsigned int);
++ register size_t);
+
+ # endif
+--
+2.13.2
+
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch b/meta-oe/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch
new file mode 100644
index 000000000..10e089018
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag/10_utf16.patch
@@ -0,0 +1,34 @@
+libid3tag: patch for CVE-2004-2779
+
+The patch comes from
+https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
+
+Upstream-Status: Pending
+
+CVE: CVE-2004-2779
+CVE: CVE-2017-11551
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
+--- libid3tag-0.15.1b/utf16.c 2006-01-13 15:26:29.000000000 +0100
++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c 2006-01-13 15:27:19.000000000 +0100
+@@ -282,5 +282,18 @@
+
+ free(utf16);
+
++ if (end == *ptr && length % 2 != 0)
++ {
++ /* We were called with a bogus length. It should always
++ * be an even number. We can deal with this in a few ways:
++ * - Always give an error.
++ * - Try and parse as much as we can and
++ * - return an error if we're called again when we
++ * already tried to parse everything we can.
++ * - tell that we parsed it, which is what we do here.
++ */
++ (*ptr)++;
++ }
++
+ return ucs4;
+ }
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag/addpkgconfig.patch b/meta-oe/recipes-multimedia/libid3tag/libid3tag/addpkgconfig.patch
new file mode 100644
index 000000000..38d40c363
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag/addpkgconfig.patch
@@ -0,0 +1,43 @@
+Upstream-Status: Inappropriate [configuration]
+
+Index: libid3tag-0.15.1b/Makefile.am
+===================================================================
+--- libid3tag-0.15.1b.orig/Makefile.am 2009-07-29 09:29:20.000000000 +0100
++++ libid3tag-0.15.1b/Makefile.am 2009-07-29 09:29:47.000000000 +0100
+@@ -27,6 +27,9 @@
+ lib_LTLIBRARIES = libid3tag.la
+ include_HEADERS = id3tag.h
+
++pkgconfigdir = $(libdir)/pkgconfig
++pkgconfig_DATA = id3tag.pc
++
+ ## From the libtool documentation on library versioning:
+ ##
+ ## CURRENT
+Index: libid3tag-0.15.1b/configure.ac
+===================================================================
+--- libid3tag-0.15.1b.orig/configure.ac 2009-07-29 09:27:15.000000000 +0100
++++ libid3tag-0.15.1b/configure.ac 2009-07-29 09:27:45.000000000 +0100
+@@ -201,5 +201,5 @@
+ dnl AC_SUBST(LTLIBOBJS)
+
+ AC_CONFIG_FILES([Makefile msvc++/Makefile \
+- libid3tag.list])
++ libid3tag.list id3tag.pc])
+ AC_OUTPUT
+Index: libid3tag-0.15.1b/id3tag.pc.in
+===================================================================
+--- /dev/null 1970-01-01 00:00:00.000000000 +0000
++++ libid3tag-0.15.1b/id3tag.pc.in 2009-07-29 09:29:10.000000000 +0100
+@@ -0,0 +1,11 @@
++prefix=@prefix@
++exec_prefix=@exec_prefix@
++libdir=@libdir@
++includedir=@includedir@
++
++Name: id3tag
++Description: ID3 tag reading library
++Requires:
++Version: @VERSION@
++Libs: -L${libdir} -lid3tag -lz
++Cflags: -I${includedir}
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch b/meta-oe/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch
new file mode 100644
index 000000000..1895748d1
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag/cflags_filter.patch
@@ -0,0 +1,19 @@
+configure contains CFLAGS filtering code which was removing our prefix-map
+flags. We need those to generate reproducible binaries. Allow them through.
+
+Upstream-Status: Pending
+Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -99,6 +99,10 @@ do
+ -mno-cygwin)
+ shift
+ ;;
++ -fmacro-prefix-map*|-fdebug-prefix-map*|-ffile-prefix-map*)
++ CFLAGS="$CFLAGS $1"
++ shift
++ ;;
+ -m*)
+ arch="$arch $1"
+ shift
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag/obsolete_automake_macros.patch b/meta-oe/recipes-multimedia/libid3tag/libid3tag/obsolete_automake_macros.patch
new file mode 100644
index 000000000..2845fb1d3
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag/obsolete_automake_macros.patch
@@ -0,0 +1,15 @@
+Upstream-Status: Submitted [https://sourceforge.net/tracker/?func=detail&aid=3599280&group_id=12349&atid=112349]
+
+Signed-off-by: Marko Lindqvist <cazfi74@gmail.com>
+diff -Nurd libid3tag-0.15.1b/configure.ac libid3tag-0.15.1b/configure.ac
+--- libid3tag-0.15.1b/configure.ac 2004-01-24 01:22:46.000000000 +0200
++++ libid3tag-0.15.1b/configure.ac 2013-01-03 06:41:02.734835014 +0200
+@@ -28,7 +28,7 @@
+
+-AM_INIT_AUTOMAKE
++AM_INIT_AUTOMAKE([foreign])
+
+-AM_CONFIG_HEADER([config.h])
++AC_CONFIG_HEADERS([config.h])
+
+ dnl System type.
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch b/meta-oe/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch
new file mode 100644
index 000000000..f0867b5f0
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag/unknown-encoding.patch
@@ -0,0 +1,39 @@
+In case of an unknown/invalid encoding, id3_parse_string() will
+return NULL, but the return value wasn't checked resulting
+in segfault in id3_ucs4_length(). This is the only place
+the return value wasn't checked.
+
+Patch taken from Debian:
+https://sources.debian.org/patches/libid3tag/0.15.1b-14/11_unknown_encoding.dpatch/
+
+CVE: CVE-2017-11550
+Upstream-Status: Pending
+Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
+--- libid3tag-0.15.1b~/compat.gperf 2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/compat.gperf 2007-01-14 14:36:53.000000000 +0000
+@@ -236,6 +236,10 @@
+
+ encoding = id3_parse_uint(&data, 1);
+ string = id3_parse_string(&data, end - data, encoding, 0);
++ if (!string)
++ {
++ continue;
++ }
+
+ if (id3_ucs4_length(string) < 4) {
+ free(string);
+diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
+--- libid3tag-0.15.1b~/parse.c 2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/parse.c 2007-01-14 14:37:34.000000000 +0000
+@@ -165,6 +165,9 @@
+ case ID3_FIELD_TEXTENCODING_UTF_8:
+ ucs4 = id3_utf8_deserialize(ptr, length);
+ break;
++ default:
++ /* FIXME: Unknown encoding! Print warning? */
++ return NULL;
+ }
+
+ if (ucs4 && !full) {
diff --git a/meta-oe/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb b/meta-oe/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
new file mode 100644
index 000000000..80581765a
--- /dev/null
+++ b/meta-oe/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb
@@ -0,0 +1,28 @@
+SUMMARY = "Library for interacting with ID3 tags in MP3 files"
+HOMEPAGE = "http://sourceforge.net/projects/mad/"
+BUGTRACKER = "http://sourceforge.net/tracker/?group_id=12349&atid=112349"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f \
+ file://COPYRIGHT;md5=5e6279efb87c26c6e5e7a68317a6a87a \
+ file://version.h;beginline=1;endline=8;md5=86ac68b67f054b7afde9e149bbc3fe63"
+SECTION = "libs"
+DEPENDS = "zlib gperf-native"
+PR = "r7"
+
+SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \
+ file://addpkgconfig.patch \
+ file://obsolete_automake_macros.patch \
+ file://0001-Fix-gperf-3.1-incompatibility.patch \
+ file://10_utf16.patch \
+ file://unknown-encoding.patch \
+ file://cflags_filter.patch \
+ "
+UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/"
+UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$"
+
+SRC_URI[md5sum] = "e5808ad997ba32c498803822078748c3"
+SRC_URI[sha256sum] = "63da4f6e7997278f8a3fef4c6a372d342f705051d1eeb6a46a86b03610e26151"
+
+S = "${WORKDIR}/libid3tag-${PV}"
+
+inherit autotools pkgconfig
--
2.20.1
reply other threads:[~2021-12-03 10:37 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211203103653.1099149-1-alex@linutronix.de \
--to=alex.kanavin@gmail.com \
--cc=alex@linutronix.de \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.