diff options
Diffstat (limited to 'media-libs/libsndfile')
5 files changed, 256 insertions, 0 deletions
diff --git a/media-libs/libsndfile/Manifest b/media-libs/libsndfile/Manifest index baa3cd861d25..35426916dda2 100644 --- a/media-libs/libsndfile/Manifest +++ b/media-libs/libsndfile/Manifest @@ -1,5 +1,9 @@ +AUX libsndfile-1.0.28-CVE-2017-12562.patch 4360 BLAKE2B d668fa5c114e3510ff51e2331593d040e0a69476472d55d2a784ceccc71d880cdcc4cda53210d8e2c62abb2397f13d8129162567df8f5528489190ce7c102172 SHA512 8f07edf06652c56877dc5bc478daf494bcfaa45fa1d5a655719aaa8b363edffb749c4878ca11a7dac602ac5658b17eea9397ad824e2c3be38e9fe6c51cea0c63 +AUX libsndfile-1.0.28-CVE-2018-13139.patch 920 BLAKE2B ac10209a6fa2f0f28b5d36dae9bd4e1afde90ae4db55163c42ea99bd20292c1e2df74f3130030982da13a16df11a1fc10b0138ecebc304351efd1b7852084d72 SHA512 b6a04575730de5a9bf2d1b531d585961a4bb822fbb2441d1cebf75519aa3744eddb3a322fc3b4f8aaf92cbf6fafee24eab6b26fa97d49bd2cbc0e3aec1aea66a AUX libsndfile-1.0.28-arm-varargs-failure.patch 1329 BLAKE2B d8a995e6596db880d2188cfc3243b7aff2dc13ed617b0bf589e918c5a852d4fc1d69c00eec26ec8c8b258ab00eb860872e01b149254d554cd563fd6d7b532891 SHA512 4577282dc0b71d456a562d06d8b22958f24caf383c6c4c8aa2c9006614d3110b7d6bbf896ce393468455460cb8d466c09a48416cdf159e30de6d5ecaa0d4cf09 DIST libsndfile-1.0.28.tar.gz 1202833 BLAKE2B 102735766e2c22b5278fde43feaaa664598c08fadb5264d5130e4bf1e354bd4202948db38e2912d7487bd7f8c0b9faf1616c0873eed886a56b1d7f49452bf488 SHA512 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f EBUILD libsndfile-1.0.28-r1.ebuild 1663 BLAKE2B 7c6a0c188b0ffba2b67b87c117ef186e0bbc12dadc61cd4d1e58e8f4d02be44bb63d1244fb41ec1520d66b230c66d7d4a466ada116e1cd3ce7551995353db113 SHA512 9ad9784b4dfddb8f4d1b3f70cc47965e35fa2e3b4469e3906dec6be2dc53841f102603f37cb078438148d6fdecace56696038f04c02ace9c14d0c26ec6a12825 +EBUILD libsndfile-1.0.28-r2.ebuild 1721 BLAKE2B 7239131284eae7494988647171fc30680de5a6d3a916c179f0c56818c1ce9adddf827089bae208c4f1d6aa2e1f42b0e74914756a30ad56653ac211e43e6f5cd7 SHA512 5aa47d7d321bd9b94c5c8f4f8b1cbf604f826bd0c3cd309310de2943711f869c7fc10218a9518bfacafcf78428e6ac915e4c3b3cf86156742ff6474eda8969d2 +EBUILD libsndfile-1.0.28-r3.ebuild 1761 BLAKE2B 86a94ad3f44738bd4de2543a32038f8ec1ac75269f1481fa7f4212449d8a77467abb63d4bd73fd94a3173782a6458333fa14ab66588ecac76a7cba8e1237257e SHA512 a248b4a09a4dafd07e4fd6fece2643a28c7efe93aa70a86c452a339ba085195e26425f98cb71acef14fe6410f25100c8cb6979fbdb5f4e9c0d777f856ea6cd50 EBUILD libsndfile-9999.ebuild 1745 BLAKE2B 597955cb2733c8ba88cbea8c0b6a8539cc3e4cbf4360244cafe669c85068c9a4f5b7fb152ffaf390344629d12909a8d514b06372afb6bed01aa90247e5470ed6 SHA512 37a4087046ba8fe41abd09bc16f485e8ca9ce1938021281ff09a5b2b953ed88f935389d13a9b1f6286bd3d35ebf727b4708cb117c7510ef4067f6fb39758adc7 MISC metadata.xml 259 BLAKE2B 7339f463fc3fa87e1aba5665d97d0878dfd0ccdc4570e76adb531ce80090b0fd0eadf7ee78e3d081cd48083a800c5ecb395255df40d35f8745471346cf07ff16 SHA512 7315c86cee93f8109e30dd379dde35c51ad60e759a037cc8ee3feeec369434d65fecf785480861e7fc6a17baaf81517083284783b4b35143c911da98846d0360 diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch new file mode 100644 index 000000000000..0ff2b7ef4590 --- /dev/null +++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch @@ -0,0 +1,88 @@ +From b6a9d7e95888ffa77d8c75ce3f03e6c7165587cd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de> +Date: Wed, 14 Jun 2017 12:25:40 +0200 +Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings + in binheader + +Fixes the following problems: + 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes. + 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the + big switch statement by an amount (16 bytes) which is enough for all cases + where only a single value gets added. Cases 's', 'S', 'p' however + additionally write an arbitrary length block of data and again enlarge the + buffer to the required amount. However, the required space calculation does + not take into account the size of the length field which gets output before + the data. + 3. Buffer size requirement calculation in case 'S' does not account for the + padding byte ("size += (size & 1) ;" happens after the calculation which + uses "size"). + 4. Case 'S' can overrun the header buffer by 1 byte when no padding is + involved + ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while + the buffer is only guaranteed to have "size" space available). + 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte + beyond the space which is guaranteed to be allocated in the header buffer. + 6. Case 's' can overrun the provided source string by 1 byte if padding is + involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;" + where "size" is "strlen (strptr) + 1" (which includes the 0 terminator, + plus optionally another 1 which is padding and not guaranteed to be + readable via the source string pointer). + +Closes: https://github.com/erikd/libsndfile/issues/292 +--- + src/common.c | 15 +++++++-------- + 1 file changed, 7 insertions(+), 8 deletions(-) + +diff --git a/src/common.c b/src/common.c +index 1a6204ca..6b2a2ee9 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + /* Write a C string (guaranteed to have a zero terminator). */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) + 1 ; +- size += (size & 1) ; + +- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + + if (psf->rwf_endian == SF_ENDIAN_BIG) +- header_put_be_int (psf, size) ; ++ header_put_be_int (psf, size + (size & 1)) ; + else +- header_put_le_int (psf, size) ; ++ header_put_le_int (psf, size + (size & 1)) ; + memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ; ++ size += (size & 1) ; + psf->header.indx += size ; + psf->header.ptr [psf->header.indx - 1] = 0 ; + count += 4 + size ; +@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + */ + strptr = va_arg (argptr, char *) ; + size = strlen (strptr) ; +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1))) + return count ; + if (psf->rwf_endian == SF_ENDIAN_BIG) + header_put_be_int (psf, size) ; + else + header_put_le_int (psf, size) ; +- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ; ++ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ; + size += (size & 1) ; + psf->header.indx += size ; +- psf->header.ptr [psf->header.indx] = 0 ; + count += 4 + size ; + break ; + +@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...) + size = (size & 1) ? size : size + 1 ; + size = (size > 254) ? 254 : size ; + +- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size)) ++ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size)) + return count ; + + header_put_byte (psf, size) ; diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch new file mode 100644 index 000000000000..18e6ae76e62c --- /dev/null +++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch @@ -0,0 +1,31 @@ +From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001 +From: "Brett T. Warden" <brett.t.warden@intel.com> +Date: Tue, 28 Aug 2018 12:01:17 -0700 +Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave + +Allocated buffer has space for only 16 channels. Verify that input file +meets this limit. + +Fixes #397 +--- + programs/sndfile-deinterleave.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c +index 53660310..225b4d54 100644 +--- a/programs/sndfile-deinterleave.c ++++ b/programs/sndfile-deinterleave.c +@@ -89,6 +89,13 @@ main (int argc, char **argv) + exit (1) ; + } ; + ++ if (sfinfo.channels > MAX_CHANNELS) ++ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n", ++ argv [1], sfinfo.channels, MAX_CHANNELS) ; ++ exit (1) ; ++ } ; ++ ++ + state.channels = sfinfo.channels ; + sfinfo.channels = 1 ; +
\ No newline at end of file diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild new file mode 100644 index 000000000000..fb59074ec723 --- /dev/null +++ b/media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild @@ -0,0 +1,66 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} ) + +inherit python-any-r1 multilib-minimal + +MY_P=${P/_pre/pre} + +DESCRIPTION="C library for reading and writing files containing sampled sound" +HOMEPAGE="http://www.mega-nerd.com/libsndfile" +if [[ ${MY_P} == ${P} ]]; then + SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz" +else + SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz" +fi + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="alsa minimal sqlite static-libs test" + +RDEPEND=" + !minimal? ( + >=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}] + >=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}] + >=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}] + ) + alsa? ( media-libs/alsa-lib ) + sqlite? ( >=dev-db/sqlite-3.2 )" +DEPEND="${RDEPEND}" +BDEPEND=" + virtual/pkgconfig + test? ( ${PYTHON_DEPS} )" + +S=${WORKDIR}/${MY_P} + +PATCHES=( + "${FILESDIR}"/${P}-arm-varargs-failure.patch + "${FILESDIR}"/${P}-CVE-2017-12562.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + --disable-octave \ + --enable-gcc-pipe \ + --enable-gcc-opt \ + $(use_enable static-libs static) \ + $(use_enable !minimal external-libs) \ + $(multilib_native_enable full-suite) \ + $(multilib_native_use_enable alsa) \ + $(multilib_native_use_enable sqlite) +} + +multilib_src_install_all() { + einstalldocs + + # package provides .pc files + find "${D}" -name '*.la' -delete || die +} diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild new file mode 100644 index 000000000000..ea62ff850c7b --- /dev/null +++ b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} ) + +inherit python-any-r1 multilib-minimal + +MY_P=${P/_pre/pre} + +DESCRIPTION="C library for reading and writing files containing sampled sound" +HOMEPAGE="http://www.mega-nerd.com/libsndfile" +if [[ ${MY_P} == ${P} ]]; then + SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz" +else + SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz" +fi + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="alsa minimal sqlite static-libs test" + +RDEPEND=" + !minimal? ( + >=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}] + >=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}] + >=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}] + ) + alsa? ( media-libs/alsa-lib ) + sqlite? ( >=dev-db/sqlite-3.2 )" +DEPEND="${RDEPEND}" +BDEPEND=" + virtual/pkgconfig + test? ( ${PYTHON_DEPS} )" + +S=${WORKDIR}/${MY_P} + +PATCHES=( + "${FILESDIR}"/${P}-arm-varargs-failure.patch + "${FILESDIR}"/${P}-CVE-2017-12562.patch + "${FILESDIR}"/${P}-CVE-2018-13139.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + --disable-octave \ + --enable-gcc-pipe \ + --enable-gcc-opt \ + $(use_enable static-libs static) \ + $(use_enable !minimal external-libs) \ + $(multilib_native_enable full-suite) \ + $(multilib_native_use_enable alsa) \ + $(multilib_native_use_enable sqlite) +} + +multilib_src_install_all() { + einstalldocs + + # package provides .pc files + find "${D}" -name '*.la' -delete || die +} |