!8 fix the build issue with gperf-3.1

Merge pull request !8 from jpzhang187/master

CVE-2004-2779.patch

@@ -0,0 +1,38 @@
+From: Karol Babioch <kbabioch@suse.com>
+Date: Tue Feb 20 17:52:15 CET 2018
+Upstream: dead
+References: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
+Subject: Fixes utf16 handling in case of an odd number of bytes
+
+Fixes id3_utf16_deserialize() in utf16.c, which previously misparsed ID3v2 tags
+encoded in UTF-16 with an odd number of bytes, triggering an endless loop
+allocating memory until OOM leading to DoS. (CVE-2004-2779 bsc#1081959
+CVE-2017-11551 bsc#1081961)
+
+---
+ utf16.c |   13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+Index: libid3tag-0.15.1b/utf16.c
+===================================================================
+--- libid3tag-0.15.1b.orig/utf16.c
++++ libid3tag-0.15.1b/utf16.c
+@@ -282,5 +282,18 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by
+
+   free(utf16);
+
++  if (end == *ptr && length % 2 != 0)
++  {
++     /* We were called with a bogus length.  It should always
++      * be an even number.  We can deal with this in a few ways:
++      * - Always give an error.
++      * - Try and parse as much as we can and
++      *   - return an error if we're called again when we
++      *     already tried to parse everything we can.
++      *   - tell that we parsed it, which is what we do here.
++      */
++     (*ptr)++;
++  }
++
+   return ucs4;
+ }

CVE-2017-11550.patch

@@ -0,0 +1,42 @@
+References: https://sources.debian.org/src/libid3tag/0.15.1b-13/debian/patches/11_unknown_encoding.dpatch/
+From: Karol Babioch <kbabioch@suse.com>
+Date: Wed Feb 21 13:23:47 CET 2018
+Upstream: dead
+Subject: Fix unknown encoding when parsing ID3 tags
+
+Fixes the handling of unknown encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962 CVE-2008-2109 bsc#387731)
+
+---
+ compat.gperf |    3 +++
+ parse.c      |    4 ++++
+ 2 files changed, 7 insertions(+)
+
+Index: libid3tag-0.15.1b/compat.gperf
+===================================================================
+--- libid3tag-0.15.1b.orig/compat.gperf
++++ libid3tag-0.15.1b/compat.gperf
+@@ -241,6 +241,9 @@ int id3_compat_fixup(struct id3_tag *tag
+     encoding = id3_parse_uint(&data, 1);
+     string   = id3_parse_string(&data, end - data, encoding, 0);
+ 
++    if (!string)
++	continue;
++
+     if (id3_ucs4_length(string) < 4) {
+       free(string);
+       continue;
+Index: libid3tag-0.15.1b/parse.c
+===================================================================
+--- libid3tag-0.15.1b.orig/parse.c
++++ libid3tag-0.15.1b/parse.c
+@@ -165,6 +165,10 @@ id3_ucs4_t *id3_parse_string(id3_byte_t
+   case ID3_FIELD_TEXTENCODING_UTF_8:
+     ucs4 = id3_utf8_deserialize(ptr, length);
+     break;
++
++  default:
++    /* FIXME: Unknown encoding! Print warning? */
++    return NULL;
+   }
+ 
+   if (ucs4 && !full) {

libid3tag-0.15.1b-fix-the-build-issue-with-gperf-3.1.patch

@@ -0,0 +1,47 @@
+From f7eea39940917922a31185ce0735059d66374928 Mon Sep 17 00:00:00 2001
+From: jpzhang <jpzhang187@163.com>
+Date: Wed, 15 Jul 2020 11:50:44 +0800
+Subject: [PATCH] fix the build issue with gperf-3.1
+
+
+diff --git a/compat.h b/compat.h
+index 8af71ec..b3d80d9 100644
+--- a/compat.h
++++ b/compat.h
+@@ -34,7 +34,7 @@ struct id3_compat {
+ };
+ 
+ struct id3_compat const *id3_compat_lookup(register char const *,
+-					   register unsigned int);
++					   register size_t);
+ 
+ int id3_compat_fixup(struct id3_tag *);
+ 
+diff --git a/frametype.c b/frametype.c
+index 13c5001..4d7e0f8 100644
+--- a/frametype.c
++++ b/frametype.c
+@@ -357,7 +357,7 @@ __inline
+ const struct id3_frametype *
+ id3_frametype_lookup (str, len)
+      register const char *str;
+-     register unsigned int len;
++     register size_t len;
+ {
+   static const struct id3_frametype wordlist[] =
+     {
+diff --git a/frametype.h b/frametype.h
+index dd064b2..b5b7593 100644
+--- a/frametype.h
++++ b/frametype.h
+@@ -37,6 +37,6 @@ extern struct id3_frametype const id3_frametype_unknown;
+ extern struct id3_frametype const id3_frametype_obsolete;
+ 
+ struct id3_frametype const *id3_frametype_lookup(register char const *,
+-						 register unsigned int);
++						 register size_t);
+ 
+ # endif
+-- 
+2.23.0
+

libid3tag.spec

@@ -1,12 +1,15 @@
 Name:           libid3tag
 Version:        0.15.1b
-Release:        18
+Release:        21
 Summary:        ID3 tag manipulation library
 License:        GPLv2+
 URL:            http://www.underbit.com/products/mad/
 Source0:        http://downloads.sourceforge.net/mad/%{name}-%{version}.tar.gz
 Patch0:         libid3tag-0.15.1b-fix_overflow.patch
-BuildRequires:  zlib-devel >= 1.1.4 libtool
+Patch1:         libid3tag-0.15.1b-fix-the-build-issue-with-gperf-3.1.patch 
+Patch6000:      CVE-2004-2779.patch
+Patch6001:      CVE-2017-11550.patch
+BuildRequires:  zlib-devel >= 1.1.4 libtool gperf >= 3.1
 
 %description
 libid3tag is a library for reading and (eventually) writing ID3 tags,
@@ -22,6 +25,9 @@ ID3 tag library development files.
 %prep
 %setup -q
 %patch0 -p0 -b .CVE-2008-2109
+%patch1 -p1
+%patch6000 -p1
+%patch6001 -p1
 touch NEWS AUTHORS ChangeLog
 autoreconf -i -f
 
@@ -67,5 +73,23 @@ install -Dpm 644 %{name}.pc $RPM_BUILD_ROOT%{_libdir}/pkgconfig/id3tag.pc
 
 
 %changelog
+* Wed Jul 15 2020 zhangjiapeng<zhangjiapeng9@huawei.com> - 0.15.1b-21
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC: fix the build issue with gperf-3.1
+
+* Fri Mar 20 2020 lingsheng<lingsheng@huawei.com> - 0.15.1b-20
+- Type:cves
+- ID:CVE-2017-11550
+- SUG:restart
+- DESC: fix CVE-2017-11550
+
+* Tue Dec 24 2019 daiqianwen<daiqianwen@huawei.com> - 0.15.1b-19
+- Type:cves
+- ID:CVE-2004-2779
+- SUG:restart
+- DESC: fix CVE-2004-2779
+
 * Sat Dec 7 2018 openEuler Buildteam <buildteam@openeuler.org> - 0.15.1b-18
 - Package init