From 1816783f61ce5bce830e1e5cb1954ef46f3f9b87 Mon Sep 17 00:00:00 2001
From: ultra_planet <lingsheng@huawei.com>
Date: Fri, 20 Mar 2020 15:29:28 +0800
Subject: [PATCH] fix CVE-2017-11550

---
 CVE-2017-11550.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 libid3tag.spec       | 10 +++++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2017-11550.patch

diff --git a/CVE-2017-11550.patch b/CVE-2017-11550.patch
new file mode 100644
index 0000000..b469e9e
--- /dev/null
+++ b/CVE-2017-11550.patch
@@ -0,0 +1,42 @@
+References: https://sources.debian.org/src/libid3tag/0.15.1b-13/debian/patches/11_unknown_encoding.dpatch/
+From: Karol Babioch <kbabioch@suse.com>
+Date: Wed Feb 21 13:23:47 CET 2018
+Upstream: dead
+Subject: Fix unknown encoding when parsing ID3 tags
+
+Fixes the handling of unknown encodings when parsing ID3 tags. (CVE-2017-11550 bsc#1081962 CVE-2008-2109 bsc#387731)
+
+---
+ compat.gperf |    3 +++
+ parse.c      |    4 ++++
+ 2 files changed, 7 insertions(+)
+
+Index: libid3tag-0.15.1b/compat.gperf
+===================================================================
+--- libid3tag-0.15.1b.orig/compat.gperf
++++ libid3tag-0.15.1b/compat.gperf
+@@ -241,6 +241,9 @@ int id3_compat_fixup(struct id3_tag *tag
+     encoding = id3_parse_uint(&data, 1);
+     string   = id3_parse_string(&data, end - data, encoding, 0);
+ 
++    if (!string)
++	continue;
++
+     if (id3_ucs4_length(string) < 4) {
+       free(string);
+       continue;
+Index: libid3tag-0.15.1b/parse.c
+===================================================================
+--- libid3tag-0.15.1b.orig/parse.c
++++ libid3tag-0.15.1b/parse.c
+@@ -165,6 +165,10 @@ id3_ucs4_t *id3_parse_string(id3_byte_t
+   case ID3_FIELD_TEXTENCODING_UTF_8:
+     ucs4 = id3_utf8_deserialize(ptr, length);
+     break;
++
++  default:
++    /* FIXME: Unknown encoding! Print warning? */
++    return NULL;
+   }
+ 
+   if (ucs4 && !full) {
diff --git a/libid3tag.spec b/libid3tag.spec
index d98a7ff..30b9a3d 100644
--- a/libid3tag.spec
+++ b/libid3tag.spec
@@ -1,12 +1,13 @@
 Name:           libid3tag
 Version:        0.15.1b
-Release:        19
+Release:        20
 Summary:        ID3 tag manipulation library
 License:        GPLv2+
 URL:            http://www.underbit.com/products/mad/
 Source0:        http://downloads.sourceforge.net/mad/%{name}-%{version}.tar.gz
 Patch0:         libid3tag-0.15.1b-fix_overflow.patch
 Patch6000:      CVE-2004-2779.patch
+Patch6001:      CVE-2017-11550.patch
 BuildRequires:  zlib-devel >= 1.1.4 libtool
 
 %description
@@ -24,6 +25,7 @@ ID3 tag library development files.
 %setup -q
 %patch0 -p0 -b .CVE-2008-2109
 %patch6000 -p1
+%patch6001 -p1
 touch NEWS AUTHORS ChangeLog
 autoreconf -i -f
 
@@ -69,6 +71,12 @@ install -Dpm 644 %{name}.pc $RPM_BUILD_ROOT%{_libdir}/pkgconfig/id3tag.pc
 
 
 %changelog
+* Fri Mar 20 2020 lingsheng<lingsheng@huawei.com> - 0.15.1b-20
+- Type:cves
+- ID:CVE-2017-11550
+- SUG:restart
+- DESC: fix CVE-2017-11550
+
 * Tue Dec 24 2019 daiqianwen<daiqianwen@huawei.com> - 0.15.1b-19
 - Type:cves
 - ID:CVE-2004-2779
-- 
Gitee