[packages/libid3tag] Up to 0.16.4; fixes few CVE
arekm
arekm at pld-linux.org
Sun Mar 15 02:11:19 CET 2026
commit f6819e0eca876a2dcf7f3375312e793851f87359
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Sun Mar 15 02:10:56 2026 +0100
Up to 0.16.4; fixes few CVE
libid3tag-dos.patch | 12 ---
libid3tag-id3v23.patch | 243 -------------------------------------------------
libid3tag.spec | 72 ++++++---------
3 files changed, 28 insertions(+), 299 deletions(-)
---
diff --git a/libid3tag.spec b/libid3tag.spec
index b5e2a62..faaefc3 100644
--- a/libid3tag.spec
+++ b/libid3tag.spec
@@ -1,18 +1,16 @@
Summary: Library for reading and writing ID3 tags
Summary(pl.UTF-8): Biblioteka pozwalająca na odczyt i zapis znaczników ID3
Name: libid3tag
-Version: 0.15.1b
-Release: 7
-License: GPL
+Version: 0.16.4
+Release: 1
+License: GPL v2+
Group: Libraries
-Source0: ftp://ftp.mars.org/pub/mpeg/%{name}-%{version}.tar.gz
-# Source0-md5: e5808ad997ba32c498803822078748c3
-Patch0: %{name}-id3v23.patch
-Patch1: %{name}-dos.patch
-URL: http://www.underbit.com/products/mad/
-BuildRequires: autoconf >= 2.53
-BuildRequires: automake
-BuildRequires: libtool
+Source0: https://codeberg.org/tenacityteam/libid3tag/archive/%{version}.tar.gz
+# Source0-md5: 6b4dcbc9e1746c9d76dcb0f1b9eb4c16
+URL: https://codeberg.org/tenacityteam/libid3tag
+BuildRequires: cmake >= 3.10
+BuildRequires: gperf
+BuildRequires: rpmbuild(macros) >= 1.605
BuildRequires: zlib-devel
Obsoletes: mad-libs < 0.15.0b
BuildRoot: %{tmpdir}/%{name}-%{version}-root-%(id -u -n)
@@ -53,42 +51,28 @@ Static libid3tag library.
Biblioteka statyczna libid3tag.
%prep
-%setup -q
-%patch -P0 -p1
-%patch -P1 -p1
-
-# Create an additional pkgconfig file
-%{__cat} > id3tag.pc << EOF
-prefix=%{_prefix}
-exec_prefix=%{_prefix}
-libdir=%{_libdir}
-includedir=%{_includedir}
-
-Name: id3tag
-Description: ID3 tag library
-Requires:
-Version: %{version}
-Libs: -L%{_libdir} -lid3tag -lz
-Cflags: -I%{_includedir}
-EOF
+%setup -q -n libid3tag
%build
-%{__libtoolize}
-%{__aclocal}
-%{__autoconf}
-%{__autoheader}
-%{__automake}
-%configure
-%{__make}
+%cmake -B build \
+ -DBUILD_SHARED_LIBS=ON
+
+%{__make} -C build
+
+# Also build static library
+%cmake -B build-static \
+ -DBUILD_SHARED_LIBS=OFF
+
+%{__make} -C build-static
%install
rm -rf $RPM_BUILD_ROOT
-install -d $RPM_BUILD_ROOT%{_pkgconfigdir}
-%{__make} install \
+%{__make} -C build-static install \
DESTDIR=$RPM_BUILD_ROOT
-install id3tag.pc $RPM_BUILD_ROOT%{_pkgconfigdir}
+%{__make} -C build install \
+ DESTDIR=$RPM_BUILD_ROOT
%clean
rm -rf $RPM_BUILD_ROOT
@@ -98,16 +82,16 @@ rm -rf $RPM_BUILD_ROOT
%files
%defattr(644,root,root,755)
-%doc CHANGES COPYRIGHT CREDITS README TODO
+%doc CHANGES COPYRIGHT CREDITS README.md
%attr(755,root,root) %{_libdir}/libid3tag.so.*.*.*
-%attr(755,root,root) %ghost %{_libdir}/libid3tag.so.0
+%ghost %{_libdir}/libid3tag.so.0
%files devel
%defattr(644,root,root,755)
-%attr(755,root,root) %{_libdir}/libid3tag.so
-%{_libdir}/libid3tag.la
-%{_includedir}/*.h
+%{_libdir}/libid3tag.so
+%{_includedir}/id3tag.h
%{_pkgconfigdir}/id3tag.pc
+%{_libdir}/cmake/id3tag
%files static
%defattr(644,root,root,755)
diff --git a/libid3tag-dos.patch b/libid3tag-dos.patch
deleted file mode 100644
index 99870ac..0000000
--- a/libid3tag-dos.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -urN libid3tag-0.15.1b/field.c libid3tag-0.15.1b.new/field.c
---- libid3tag-0.15.1b/field.c 2004-01-23 10:41:32.000000000 +0100
-+++ libid3tag-0.15.1b.new/field.c 2008-05-16 18:44:38.000000000 +0200
-@@ -291,7 +291,7 @@
-
- end = *ptr + length;
-
-- while (end - *ptr > 0) {
-+ while (end - *ptr > 0 && **ptr != '\0') {
- ucs4 = id3_parse_string(ptr, end - *ptr, *encoding, 0);
- if (ucs4 == 0)
- goto fail;
diff --git a/libid3tag-id3v23.patch b/libid3tag-id3v23.patch
deleted file mode 100644
index 1d09f1b..0000000
--- a/libid3tag-id3v23.patch
+++ /dev/null
@@ -1,243 +0,0 @@
-ID3 v2.3 support taken from modified libid3tag included in audacity sources
-updated for 0.15.1b (s/id3_crc_calculate/id3_crc_compute/)
-diff -Nur libid3tag-0.15.0b/frame.c audacity-src-1.2.0-pre2/lib-src/libid3tag/frame.c
---- libid3tag-0.15.0b/frame.c 2003-04-19 02:14:33.000000000 +0200
-+++ audacity-src-1.2.0-pre2/lib-src/libid3tag/frame.c 2003-09-29 08:51:28.000000000 +0200
-@@ -539,8 +539,12 @@
-
- if (flags & (ID3_FRAME_FLAG_FORMATFLAGS & ~ID3_FRAME_FLAG_KNOWNFLAGS)) {
- size += id3_render_binary(ptr, frame->encoded, frame->encoded_length);
-- if (size_ptr)
-- id3_render_syncsafe(&size_ptr, size - 10, 4);
-+ if (size_ptr) {
-+ if (options & ID3_TAG_OPTION_ID3V2_3)
-+ id3_render_int(&size_ptr, size - 10, 4);
-+ else
-+ id3_render_syncsafe(&size_ptr, size - 10, 4);
-+ }
-
- return size;
- }
-@@ -557,10 +561,14 @@
- flags |= ID3_FRAME_FLAG_COMPRESSION | ID3_FRAME_FLAG_DATALENGTHINDICATOR;
- }
-
-- if (flags & ID3_FRAME_FLAG_GROUPINGIDENTITY)
-+ if (flags & ID3_FRAME_FLAG_GROUPINGIDENTITY) {
- size += id3_render_int(ptr, frame->group_id, 1);
-- if (flags & ID3_FRAME_FLAG_ENCRYPTION)
-+ }
-+
-+ if (flags & ID3_FRAME_FLAG_ENCRYPTION) {
- size += id3_render_int(ptr, frame->encryption_method, 1);
-+ }
-+
- if (flags & ID3_FRAME_FLAG_DATALENGTHINDICATOR) {
- if (flags & ID3_FRAME_FLAG_ENCRYPTION)
- decoded_length = frame->decoded_length;
-@@ -617,8 +625,12 @@
-
- /* patch size and flags */
-
-- if (size_ptr)
-- id3_render_syncsafe(&size_ptr, size - 10, 4);
-+ if (size_ptr) {
-+ if (options & ID3_TAG_OPTION_ID3V2_3)
-+ id3_render_int(&size_ptr, size - 10, 4);
-+ else
-+ id3_render_syncsafe(&size_ptr, size - 10, 4);
-+ }
- if (flags_ptr)
- id3_render_int(&flags_ptr, flags, 2);
-
-diff -Nur libid3tag-0.15.0b/id3tag.h audacity-src-1.2.0-pre2/lib-src/libid3tag/id3tag.h
---- libid3tag-0.15.0b/id3tag.h 2003-05-29 06:23:59.000000000 +0200
-+++ audacity-src-1.2.0-pre2/lib-src/libid3tag/id3tag.h 2003-09-29 08:51:28.000000000 +0200
-@@ -139,7 +139,8 @@
- ID3_TAG_OPTION_APPENDEDTAG = 0x0010, /* tag will be appended */
- ID3_TAG_OPTION_FILEALTERED = 0x0020, /* audio data was altered */
-
-- ID3_TAG_OPTION_ID3V1 = 0x0100 /* render ID3v1/ID3v1.1 tag */
-+ ID3_TAG_OPTION_ID3V1 = 0x0100,/* render ID3v1/ID3v1.1 tag */
-+ ID3_TAG_OPTION_ID3V2_3 = 0x0200 /* render ID3v2.3 tag */
- };
-
- struct id3_frame {
-diff -Nur libid3tag-0.15.0b/tag.c audacity-src-1.2.0-pre2/lib-src/libid3tag/tag.c
---- libid3tag-0.15.0b/tag.c 2003-04-19 02:14:33.000000000 +0200
-+++ audacity-src-1.2.0-pre2/lib-src/libid3tag/tag.c 2003-09-29 08:51:28.000000000 +0200
-@@ -762,6 +762,155 @@
- }
-
- /*
-+ * NAME: v2_3_render()
-+ * DESCRIPTION: render a v2.3 ID3 tag for compatibility
-+ * AUTHOR: Dominic Mazzoni
-+ */
-+
-+#define ID3V2_3_TAG_VERSION 0x0300
-+#define ID3V2_3_TAG_FLAG_KNOWNFLAGS 0xc0
-+
-+id3_length_t v2_3_render(struct id3_tag const *tag, id3_byte_t *buffer)
-+{
-+ id3_length_t size = 0;
-+ id3_byte_t **ptr,
-+ *header_ptr = 0, *tagsize_ptr = 0, *crc_ptr = 0, *frames_ptr = 0;
-+ int flags, extendedflags;
-+ unsigned int i;
-+
-+ assert(tag);
-+
-+ /* a tag must contain at least one (renderable) frame */
-+
-+ for (i = 0; i < tag->nframes; ++i) {
-+ if (id3_frame_render(tag->frames[i], 0, 0) > 0)
-+ break;
-+ }
-+
-+ if (i == tag->nframes)
-+ return 0;
-+
-+ ptr = buffer ? &buffer : 0;
-+
-+ /* get flags */
-+
-+ flags = tag->flags & ID3V2_3_TAG_FLAG_KNOWNFLAGS;
-+ extendedflags = tag->extendedflags & ID3_TAG_EXTENDEDFLAG_KNOWNFLAGS;
-+
-+ extendedflags &= ~ID3_TAG_EXTENDEDFLAG_CRCDATAPRESENT;
-+ if (tag->options & ID3_TAG_OPTION_CRC)
-+ extendedflags |= ID3_TAG_EXTENDEDFLAG_CRCDATAPRESENT;
-+
-+ extendedflags &= ~ID3_TAG_EXTENDEDFLAG_TAGRESTRICTIONS;
-+ if (tag->restrictions)
-+ extendedflags |= ID3_TAG_EXTENDEDFLAG_TAGRESTRICTIONS;
-+
-+
-+ extendedflags = 0;
-+
-+
-+ flags &= ~ID3_TAG_FLAG_UNSYNCHRONISATION;
-+ if (tag->options & ID3_TAG_OPTION_UNSYNCHRONISATION)
-+ flags |= ID3_TAG_FLAG_UNSYNCHRONISATION;
-+
-+ flags &= ~ID3_TAG_FLAG_EXTENDEDHEADER;
-+ if (extendedflags)
-+ flags |= ID3_TAG_FLAG_EXTENDEDHEADER;
-+
-+ /* header */
-+
-+ if (ptr)
-+ header_ptr = *ptr;
-+
-+ size += id3_render_immediate(ptr, "ID3", 3);
-+ size += id3_render_int(ptr, ID3V2_3_TAG_VERSION, 2);
-+ size += id3_render_int(ptr, flags, 1);
-+
-+ if (ptr)
-+ tagsize_ptr = *ptr;
-+
-+ size += id3_render_syncsafe(ptr, 0, 4);
-+
-+ /* extended header */
-+
-+ if (flags & ID3_TAG_FLAG_EXTENDEDHEADER) {
-+ id3_length_t ehsize = 0;
-+ id3_byte_t *ehsize_ptr = 0;
-+
-+ if (ptr)
-+ ehsize_ptr = *ptr;
-+
-+ ehsize += id3_render_syncsafe(ptr, 0, 4);
-+ ehsize += id3_render_int(ptr, 1, 1);
-+ ehsize += id3_render_int(ptr, extendedflags, 1);
-+
-+ if (extendedflags & ID3_TAG_EXTENDEDFLAG_TAGISANUPDATE)
-+ ehsize += id3_render_int(ptr, 0, 1);
-+
-+ if (extendedflags & ID3_TAG_EXTENDEDFLAG_CRCDATAPRESENT) {
-+ ehsize += id3_render_int(ptr, 5, 1);
-+
-+ if (ptr)
-+ crc_ptr = *ptr;
-+
-+ ehsize += id3_render_syncsafe(ptr, 0, 5);
-+ }
-+
-+ if (extendedflags & ID3_TAG_EXTENDEDFLAG_TAGRESTRICTIONS) {
-+ ehsize += id3_render_int(ptr, 1, 1);
-+ ehsize += id3_render_int(ptr, tag->restrictions, 1);
-+ }
-+
-+ if (ehsize_ptr)
-+ id3_render_syncsafe(&ehsize_ptr, ehsize, 4);
-+
-+ size += ehsize;
-+ }
-+
-+ /* frames */
-+
-+ if (ptr)
-+ frames_ptr = *ptr;
-+
-+ for (i = 0; i < tag->nframes; ++i)
-+ size += id3_frame_render(tag->frames[i], ptr, tag->options);
-+
-+ /* padding */
-+
-+ if (!(flags & ID3_TAG_FLAG_FOOTERPRESENT)) {
-+ if (size < tag->paddedsize)
-+ size += id3_render_padding(ptr, 0, tag->paddedsize - size);
-+ else if (tag->options & ID3_TAG_OPTION_UNSYNCHRONISATION) {
-+ if (ptr == 0)
-+ size += 1;
-+ else {
-+ if ((*ptr)[-1] == 0xff)
-+ size += id3_render_padding(ptr, 0, 1);
-+ }
-+ }
-+ }
-+
-+ /* patch tag size and CRC */
-+
-+ if (tagsize_ptr)
-+ id3_render_syncsafe(&tagsize_ptr, size - 10, 4);
-+
-+ if (crc_ptr) {
-+ id3_render_syncsafe(&crc_ptr,
-+ id3_crc_compute(frames_ptr, *ptr - frames_ptr), 5);
-+ }
-+
-+ /* footer */
-+
-+ if (flags & ID3_TAG_FLAG_FOOTERPRESENT) {
-+ size += id3_render_immediate(ptr, "3DI", 3);
-+ size += id3_render_binary(ptr, header_ptr + 3, 7);
-+ }
-+
-+ return size;
-+}
-+
-+/*
- * NAME: tag->render()
- * DESCRIPTION: render a complete ID3 tag
- */
-@@ -778,6 +927,9 @@
- if (tag->options & ID3_TAG_OPTION_ID3V1)
- return v1_render(tag, buffer);
-
-+ if (tag->options & ID3_TAG_OPTION_ID3V2_3)
-+ return v2_3_render(tag, buffer);
-+
- /* a tag must contain at least one (renderable) frame */
-
- for (i = 0; i < tag->nframes; ++i) {
-@@ -849,7 +1001,7 @@
- ehsize += id3_render_int(ptr, 5, 1);
-
- if (ptr)
-- crc_ptr = *ptr;
-+ crc_ptr = *ptr;
-
- ehsize += id3_render_syncsafe(ptr, 0, 5);
- }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libid3tag.git/commitdiff/f6819e0eca876a2dcf7f3375312e793851f87359
More information about the pld-cvs-commit
mailing list