libid3tag: patch for CVE-2004-2779

(From OE-Core rev: e2bec1f7e05ec014bd887440521da7e1a13555be)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/recipes-multimedia/libid3tag/libid3tag/10_utf16.dpatch

@@ -0,0 +1,33 @@
+libid3tag: patch for CVE-2004-2779
+
+The patch comes from
+https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch
+
+Upstream-Status: Pending
+
+CVE: CVE-2004-2779
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+
+diff -urNad libid3tag-0.15.1b/utf16.c /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c
+--- libid3tag-0.15.1b/utf16.c	2006-01-13 15:26:29.000000000 +0100
++++ /tmp/dpep.tKvO7a/libid3tag-0.15.1b/utf16.c	2006-01-13 15:27:19.000000000 +0100
+@@ -282,5 +282,18 @@
+ 
+   free(utf16);
+ 
++  if (end == *ptr && length % 2 != 0)
++  {
++     /* We were called with a bogus length.  It should always
++      * be an even number.  We can deal with this in a few ways:
++      * - Always give an error.
++      * - Try and parse as much as we can and
++      *   - return an error if we're called again when we
++      *     already tried to parse everything we can.
++      *   - tell that we parsed it, which is what we do here.
++      */
++     (*ptr)++;
++  }
++
+   return ucs4;
+ }

meta/recipes-multimedia/libid3tag/libid3tag_0.15.1b.bb

@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/mad/libid3tag-${PV}.tar.gz \
            file://addpkgconfig.patch \
            file://obsolete_automake_macros.patch \
            file://0001-Fix-gperf-3.1-incompatibility.patch \
+           file://10_utf16.dpatch \
            "
 UPSTREAM_CHECK_URI = "https://sourceforge.net/projects/mad/files/libid3tag/"
 UPSTREAM_CHECK_REGEX = "/projects/mad/files/libid3tag/(?P<pver>.*)/$"