ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-30 23:34:12 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #49585 from periklis/libid3tag-sec-fixes

Browse Source 
libid3tag: patch CVE-2017-11550 and CVE-2017-11551
This commit is contained in:
Mateusz Kowalczyk 2018-11-03 19:52:23 +09:00 committed by GitHub
commit 0e6d023b06
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkgs/development/libraries/libid3tag/CVE-2017-11550-and-CVE-2017-11551.patch Normal file
View File

@ -0,0 +1,13 @@
Common subdirectories: libid3tag-0.15.1b/msvc++ and libid3tag-0.15.1b-patched/msvc++
diff -uwp libid3tag-0.15.1b/utf16.c libid3tag-0.15.1b-patched/utf16.c
--- libid3tag-0.15.1b/utf16.c 2004-01-23 10:41:32.000000000 +0100
+++ libid3tag-0.15.1b-patched/utf16.c 2018-11-01 13:12:00.866050641 +0100
@@ -250,6 +250,8 @@ id3_ucs4_t *id3_utf16_deserialize(id3_by
id3_ucs4_t *ucs4;
end = *ptr + (length & ~1);
+ if (end == *ptr)
+ return 0;
utf16 = malloc((length / 2 + 1) * sizeof(*utf16));
if (utf16 == 0)

5
pkgs/development/libraries/libid3tag/default.nix
View File

@ -14,7 +14,10 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ zlib gperf ];
patches = [ ./debian-patches.patch ];
patches = [
./debian-patches.patch
./CVE-2017-11550-and-CVE-2017-11551.patch
];
preConfigure = ''
configureFlagsArray+=(