| 1 |
commit: 78ad7877efb30b4599320e7f81a15cb2527acdfe |
| 2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sat Aug 29 00:26:26 2020 +0000 |
| 4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sat Aug 29 00:26:26 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78ad7877 |
| 7 |
|
| 8 |
media-sound/mp3gain: security cleanup |
| 9 |
|
| 10 |
Closes: https://bugs.gentoo.org/717940 |
| 11 |
Package-Manager: Portage-3.0.4, Repoman-3.0.1 |
| 12 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
| 13 |
|
| 14 |
media-sound/mp3gain/Manifest | 1 - |
| 15 |
.../files/mp3gain-1.6.1-CVE-2017-12911.patch | 77 ---------------------- |
| 16 |
media-sound/mp3gain/mp3gain-1.6.1.ebuild | 34 ---------- |
| 17 |
3 files changed, 112 deletions(-) |
| 18 |
|
| 19 |
diff --git a/media-sound/mp3gain/Manifest b/media-sound/mp3gain/Manifest |
| 20 |
index f6771ab442c..e76bdaa6317 100644 |
| 21 |
--- a/media-sound/mp3gain/Manifest |
| 22 |
+++ b/media-sound/mp3gain/Manifest |
| 23 |
@@ -1,2 +1 @@ |
| 24 |
-DIST mp3gain-1_6_1-src.zip 68932 BLAKE2B 8c1ed35123f1613e189ec7bd74ee9f6176404a1b79c660f8f1a6df461cdfd3c6bb505daa09b8cc4756e1755d0923fe473a45c3ae171fcf35df22daaa08a7717a SHA512 6d26a7716a1901c80caff9d7fb03a454a452c06c6a57a7a921d5979727e112ba139690d8a287dde7a6e5a09b022d3c6f57193b4756a9c25caa177cef65f9e375 |
| 25 |
DIST mp3gain-1_6_2-src.zip 71246 BLAKE2B 5172c2103bb2267bf819f36180e9cd7a9d57df6f7ddc29900e9063f97c4513972053bb0c3f1f69f7ddd12ec0cf4251e93e1b6920389a8246bfdd5650176a90d2 SHA512 ec9de6c755120480ccb72b34a0042aea7546ef923090ab04e420d5b189523b4504e29952a3d695d3c42c74348f5c3c9123ff090bcc671e43375711e085d67480 |
| 26 |
|
| 27 |
diff --git a/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch b/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch |
| 28 |
deleted file mode 100644 |
| 29 |
index 0b5a3228096..00000000000 |
| 30 |
--- a/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch |
| 31 |
+++ /dev/null |
| 32 |
@@ -1,77 +0,0 @@ |
| 33 |
---- a/apetag.c |
| 34 |
-+++ b/apetag.c |
| 35 |
-@@ -49,6 +49,12 @@ |
| 36 |
- |
| 37 |
- static int Lyrics3GetNumber6 ( const unsigned char* string ) |
| 38 |
- { |
| 39 |
-+ if (string[0] < '0' || string[0] > '9') return 0; |
| 40 |
-+ if (string[1] < '0' || string[1] > '9') return 0; |
| 41 |
-+ if (string[2] < '0' || string[2] > '9') return 0; |
| 42 |
-+ if (string[3] < '0' || string[3] > '9') return 0; |
| 43 |
-+ if (string[4] < '0' || string[4] > '9') return 0; |
| 44 |
-+ if (string[5] < '0' || string[5] > '9') return 0; |
| 45 |
- return ( string[0] - '0') * 100000 + |
| 46 |
- ( string[1] - '0') * 10000 + |
| 47 |
- ( string[2] - '0') * 1000 + |
| 48 |
-@@ -86,12 +92,14 @@ |
| 49 |
- free(*id3tagbuff); |
| 50 |
- *id3tagbuff = (unsigned char *)malloc(128); |
| 51 |
- memcpy(*id3tagbuff,tmpid3,128); |
| 52 |
-+ if ( *tag_offset < (128 + (long)(sizeof(T))) ) return 0; |
| 53 |
- if ( fseek (fp, *tag_offset - 128 - sizeof (T), SEEK_SET) ) return 0; |
| 54 |
- if ( fread (&T, 1, sizeof (T), fp) != sizeof (T) ) return 0; |
| 55 |
- // check for lyrics3 v2.00 tag |
| 56 |
- if ( memcmp (T.ID, "LYRICS200", sizeof (T.ID)) ) return 0; |
| 57 |
- len = Lyrics3GetNumber6 (T.Length); |
| 58 |
-- if ( fseek (fp, *tag_offset - 128 - (int)sizeof (T) - len, SEEK_SET) ) return 0; |
| 59 |
-+ if (*tag_offset < (128 + (long)(sizeof(T)) + len)) return 0; |
| 60 |
-+ if ( fseek (fp, *tag_offset - 128 - (long)sizeof (T) - len, SEEK_SET) ) return 0; |
| 61 |
- if ( fread (tmp, 1, 11, fp) != 11 ) return 0; |
| 62 |
- if ( memcmp (tmp, "LYRICSBEGIN", 11) ) return 0; |
| 63 |
- |
| 64 |
-@@ -167,6 +175,7 @@ |
| 65 |
- Ver = Read_LE_Uint32 (T.Version); |
| 66 |
- if ( (Ver != 1000) && (Ver != 2000) ) return 0; |
| 67 |
- if ( (TagLen = Read_LE_Uint32 (T.Length)) < sizeof (T) ) return 0; |
| 68 |
-+ if (*tag_offset < TagLen) return 0; |
| 69 |
- if ( fseek (fp, *tag_offset - TagLen, SEEK_SET) ) return 0; |
| 70 |
- buff = (char *)malloc (TagLen); |
| 71 |
- if ( fread (buff, 1, TagLen - sizeof (T), fp) != (TagLen - sizeof (T)) ) { |
| 72 |
-@@ -285,6 +294,7 @@ |
| 73 |
- (*apeTag)->originalTagSize = TagLen; |
| 74 |
- |
| 75 |
- if ( Read_LE_Uint32 (T.Flags) & (1<<31) ) { // Tag contains header |
| 76 |
-+ if (*tag_offset < (long)(sizeof(T))) return 0; |
| 77 |
- *tag_offset -= sizeof (T); |
| 78 |
- |
| 79 |
- fseek (fp, *tag_offset, SEEK_SET); |
| 80 |
-@@ -355,14 +365,14 @@ |
| 81 |
- */ |
| 82 |
- int ReadMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct FileTagsStruct *fileTags) { |
| 83 |
- FILE *fi; |
| 84 |
-- long tag_offset, offs_bk; |
| 85 |
-+ long tag_offset, offs_bk, file_size; |
| 86 |
- |
| 87 |
- fi = fopen(filename, "rb"); |
| 88 |
- if (fi == NULL) |
| 89 |
- return 0; |
| 90 |
- |
| 91 |
- fseek(fi, 0, SEEK_END); |
| 92 |
-- tag_offset = ftell(fi); |
| 93 |
-+ tag_offset = file_size = ftell(fi); |
| 94 |
- |
| 95 |
- fileTags->lyrics3TagSize = 0; |
| 96 |
- |
| 97 |
-@@ -373,7 +383,11 @@ |
| 98 |
- ReadMP3ID3v1Tag ( fi, &(fileTags->id31tag), &tag_offset ); |
| 99 |
- } while ( offs_bk != tag_offset ); |
| 100 |
- |
| 101 |
-- fileTags->tagOffset = tag_offset; |
| 102 |
-+ if (tag_offset >= 0 && tag_offset <= file_size) { |
| 103 |
-+ fileTags->tagOffset = tag_offset; |
| 104 |
-+ } else { //Corrupt tag information, simply default to end-of-file |
| 105 |
-+ fileTags->tagOffset = file_size; |
| 106 |
-+ } |
| 107 |
- |
| 108 |
- fclose(fi); |
| 109 |
- |
| 110 |
\ No newline at end of file |
| 111 |
|
| 112 |
diff --git a/media-sound/mp3gain/mp3gain-1.6.1.ebuild b/media-sound/mp3gain/mp3gain-1.6.1.ebuild |
| 113 |
deleted file mode 100644 |
| 114 |
index 11c40690473..00000000000 |
| 115 |
--- a/media-sound/mp3gain/mp3gain-1.6.1.ebuild |
| 116 |
+++ /dev/null |
| 117 |
@@ -1,34 +0,0 @@ |
| 118 |
-# Copyright 1999-2020 Gentoo Authors |
| 119 |
-# Distributed under the terms of the GNU General Public License v2 |
| 120 |
- |
| 121 |
-EAPI=6 |
| 122 |
-inherit toolchain-funcs |
| 123 |
- |
| 124 |
-MY_P="${P//./_}" |
| 125 |
- |
| 126 |
-DESCRIPTION="A program to analyze and adjust MP3 files to same volume" |
| 127 |
-HOMEPAGE="http://mp3gain.sourceforge.net/" |
| 128 |
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}-src.zip" |
| 129 |
- |
| 130 |
-LICENSE="LGPL-2.1" |
| 131 |
-SLOT="0" |
| 132 |
-KEYWORDS="~alpha amd64 ~hppa ~ppc ~ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" |
| 133 |
-IUSE="" |
| 134 |
- |
| 135 |
-RDEPEND=" |
| 136 |
- app-arch/unzip |
| 137 |
- media-sound/mpg123 |
| 138 |
-" |
| 139 |
-DEPEND="${RDEPEND}" |
| 140 |
- |
| 141 |
-PATCHES=( "${FILESDIR}"/${P}-CVE-2017-12911.patch ) |
| 142 |
- |
| 143 |
-S="${WORKDIR}" |
| 144 |
- |
| 145 |
-src_compile() { |
| 146 |
- emake CC="$(tc-getCC)" |
| 147 |
-} |
| 148 |
- |
| 149 |
-src_install() { |
| 150 |
- dobin mp3gain |
| 151 |
-} |
Archives