From 356f47550a1d05cd1115e186a6816d614bbf8eeb Mon Sep 17 00:00:00 2001
From: James Meyer <james.meyer@operamail.com>
Date: Tue, 7 Aug 2012 09:57:31 -0500
Subject: libid3tag .15.1b

---
 abs/core/libid3tag/10_utf16.diff            | 48 +++++++++++++++++++++++++++++
 abs/core/libid3tag/11_unknown_encoding.diff | 37 ++++++++++++++++++++++
 abs/core/libid3tag/CVE-2008-2109.patch      | 11 +++++++
 abs/core/libid3tag/PKGBUILD                 | 41 ++++++++++++++++--------
 abs/core/libid3tag/id3tag.pc                |  2 +-
 5 files changed, 126 insertions(+), 13 deletions(-)
 create mode 100644 abs/core/libid3tag/10_utf16.diff
 create mode 100644 abs/core/libid3tag/11_unknown_encoding.diff
 create mode 100644 abs/core/libid3tag/CVE-2008-2109.patch

diff --git a/abs/core/libid3tag/10_utf16.diff b/abs/core/libid3tag/10_utf16.diff
new file mode 100644
index 0000000..a3218d2
--- /dev/null
+++ b/abs/core/libid3tag/10_utf16.diff
@@ -0,0 +1,48 @@
+#! /bin/sh -e
+## 10_utf16.dpatch by  <kurt@roeckx.be>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Handle bogus UTF16 sequences that have a length that is not
+## DP: an even number of 8 bit characters.
+
+if [ $# -lt 1 ]; then
+    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+    exit 1
+fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
+case "$1" in
+    -patch) patch -p1 ${patch_opts} < $0;;
+    -unpatch) patch -R -p1 ${patch_opts} < $0;;
+    *)
+        echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+        exit 1;;
+esac
+
+exit 0
+
+@DPATCH@
+diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
+--- libid3tag-0.15.1b/utf16.c	2006-01-13 15:26:29.000000000 +0100
++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c	2006-01-13 15:27:19.000000000 +0100
+@@ -282,5 +282,18 @@
+ 
+   free(utf16);
+ 
++  if (end == *ptr && length % 2 != 0)
++  {
++     /* We were called with a bogus length.  It should always
++      * be an even number.  We can deal with this in a few ways:
++      * - Always give an error.
++      * - Try and parse as much as we can and
++      *   - return an error if we're called again when we
++      *     already tried to parse everything we can.
++      *   - tell that we parsed it, which is what we do here.
++      */
++     (*ptr)++;
++  }
++
+   return ucs4;
+ }
diff --git a/abs/core/libid3tag/11_unknown_encoding.diff b/abs/core/libid3tag/11_unknown_encoding.diff
new file mode 100644
index 0000000..7387f2f
--- /dev/null
+++ b/abs/core/libid3tag/11_unknown_encoding.diff
@@ -0,0 +1,37 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 11_unknown_encoding.dpatch by Andreas Henriksson <andreas@fatal.se>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: In case of an unknown/invalid encoding, id3_parse_string() will
+## DP: return NULL, but the return value wasn't checked resulting
+## DP: in segfault in id3_ucs4_length().  This is the only place
+## DP: the return value wasn't checked.
+
+@DPATCH@
+diff -urNad libid3tag-0.15.1b~/compat.gperf libid3tag-0.15.1b/compat.gperf
+--- libid3tag-0.15.1b~/compat.gperf	2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/compat.gperf	2007-01-14 14:36:53.000000000 +0000
+@@ -236,6 +236,10 @@
+ 
+     encoding = id3_parse_uint(&data, 1);
+     string   = id3_parse_string(&data, end - data, encoding, 0);
++    if (!string)
++    {
++	continue;
++    }
+ 
+     if (id3_ucs4_length(string) < 4) {
+       free(string);
+diff -urNad libid3tag-0.15.1b~/parse.c libid3tag-0.15.1b/parse.c
+--- libid3tag-0.15.1b~/parse.c	2004-01-23 09:41:32.000000000 +0000
++++ libid3tag-0.15.1b/parse.c	2007-01-14 14:37:34.000000000 +0000
+@@ -165,6 +165,9 @@
+   case ID3_FIELD_TEXTENCODING_UTF_8:
+     ucs4 = id3_utf8_deserialize(ptr, length);
+     break;
++  default:
++  	/* FIXME: Unknown encoding! Print warning? */
++	return NULL;
+   }
+ 
+   if (ucs4 && !full) {
diff --git a/abs/core/libid3tag/CVE-2008-2109.patch b/abs/core/libid3tag/CVE-2008-2109.patch
new file mode 100644
index 0000000..26c54c5
--- /dev/null
+++ b/abs/core/libid3tag/CVE-2008-2109.patch
@@ -0,0 +1,11 @@
+--- field.c.orig	2008-05-05 09:49:15.000000000 -0400
++++ field.c	2008-05-05 09:49:25.000000000 -0400
+@@ -291,7 +291,7 @@
+ 
+       end = *ptr + length;
+ 
+-      while (end - *ptr > 0) {
++      while (end - *ptr > 0 && **ptr != '\0') {
+ 	ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
+ 	if (ucs4 == 0)
+ 	  goto fail;
diff --git a/abs/core/libid3tag/PKGBUILD b/abs/core/libid3tag/PKGBUILD
index aad7fb2..6f2b929 100644
--- a/abs/core/libid3tag/PKGBUILD
+++ b/abs/core/libid3tag/PKGBUILD
@@ -1,21 +1,38 @@
-# $Id: PKGBUILD 356 2008-04-18 22:56:27Z aaron $
-# Maintainer: dorphell <dorphell@archlinux.org>
+# $Id: PKGBUILD 150540 2012-02-18 12:17:15Z pierre $
+# Maintainer:
+# Contributor: dorphell <dorphell@archlinux.org>
+
 pkgname=libid3tag
 pkgver=0.15.1b
-pkgrel=2
+pkgrel=7
 pkgdesc="library for id3 tagging"
-url="http://www.underbit.com/products/mad/"
-depends=('zlib')
 arch=('i686' 'x86_64')
-source=(ftp://ftp.mars.org/pub/mpeg/$pkgname-$pkgver.tar.gz id3tag.pc)
 url="http://www.underbit.com/products/mad/"
-md5sums=('e5808ad997ba32c498803822078748c3' 'cd5ea001dc24505040b781ad1de9ddf2')
+license=('GPL')
+depends=('zlib')
+makedepends=('gperf')
+options=('!libtool')
+source=("ftp://ftp.mars.org/pub/mpeg/${pkgname}-${pkgver}.tar.gz"
+	'id3tag.pc'
+	'10_utf16.diff' '11_unknown_encoding.diff' 'CVE-2008-2109.patch')
+md5sums=('e5808ad997ba32c498803822078748c3'
+	'8bb41fd814fafcc37ec8bc88f5545a4a'
+	'4f9df4011e6a8c23240fff5de2d05f6e'
+	'3ca856b97924d48a0fdfeff0bd83ce7d'
+	'c51822ea6301b1ca469975f0c9ee8e34')
 
 build() {
-  cd $startdir/src/$pkgname-$pkgver
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  patch -p1 -i ${srcdir}/10_utf16.diff
+  patch -p1 -i ${srcdir}/11_unknown_encoding.diff
+  patch -Np0 -i ${srcdir}/CVE-2008-2109.patch
+
   ./configure --prefix=/usr
-  make || return 1
-  make DESTDIR=$startdir/pkg install
-  install -D -m644 $startdir/src/id3tag.pc $startdir/pkg/usr/lib/pkgconfig/id3tag.pc
-  find $startdir/pkg -name '*.la' -exec rm {} \;
+  make
+}
+
+package() {
+  cd "${srcdir}/${pkgname}-${pkgver}"
+  make DESTDIR="${pkgdir}" install
+  install -D -m644 "${srcdir}/id3tag.pc" "${pkgdir}/usr/lib/pkgconfig/id3tag.pc"
 }
diff --git a/abs/core/libid3tag/id3tag.pc b/abs/core/libid3tag/id3tag.pc
index 07a8fae..3155de7 100644
--- a/abs/core/libid3tag/id3tag.pc
+++ b/abs/core/libid3tag/id3tag.pc
@@ -6,5 +6,5 @@ includedir=/usr/include
 Name: ID3TAG
 Description: libid3tag - ID3 tag manipulation library
 Version: 0.15.0b
-Libs: -L${libdir} -lid3tag -zf
+Libs: -L${libdir} -lid3tag -lz
 Cflags:
-- 
cgit v0.12