[gentoo-commits] repo/gentoo:master commit in: media-libs/libmp3splt/, media-libs/libmp3splt/files/ - gentoo-commits

From:	Aaron Bauman <bman@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/libmp3splt/, media-libs/libmp3splt/files/
Date:	Sat, 05 May 2018 00:47:12
Message-Id:	`1525481214.c77b4de07de7b74bba15ac1c62332ed2aa2143cb.bman@gentoo`

1

commit:     c77b4de07de7b74bba15ac1c62332ed2aa2143cb

2

Author:     Aaron Bauman <bman <AT> gentoo <DOT> org>

3

AuthorDate: Sat May  5 00:46:54 2018 +0000

4

Commit:     Aaron Bauman <bman <AT> gentoo <DOT> org>

5

CommitDate: Sat May  5 00:46:54 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77b4de0

7

8

media-libs/libmp3splt: add CVE-2017-15185 DoS patch

9

10

Bug: https://bugs.gentoo.org/633840

11

Package-Manager: Portage-2.3.36, Repoman-2.3.9

12

13

 media-libs/libmp3splt/files/CVE-2017-15185.patch | 41 +++++++++++++++++++

14

 media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 52 ++++++++++++++++++++++++

15

 2 files changed, 93 insertions(+)

16

17

diff --git a/media-libs/libmp3splt/files/CVE-2017-15185.patch b/media-libs/libmp3splt/files/CVE-2017-15185.patch

18

new file mode 100644

19

index 00000000000..b31a92d0c45

20

--- /dev/null

21

+++ b/media-libs/libmp3splt/files/CVE-2017-15185.patch

22

@@ -0,0 +1,41 @@

23

+diff --git a/libmp3splt/plugins/ogg.c b/libmp3splt/plugins/ogg.c

24

+index 50cc495..57745f1 100644

25

+--- a/libmp3splt/plugins/ogg.c

26

++++ b/libmp3splt/plugins/ogg.c

27

+@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error)

28

+     goto error;

29

+   }

30

+   memset(oggstate, 0, sizeof(splt_ogg_state));

31

++

32

+   if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL)

33

+   {

34

+     goto error;

35

+   }

36

++  memset(oggstate->sync_in, 0, sizeof(ogg_sync_state));

37

++

38

+   if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL)

39

+   {

40

+     goto error;

41

+   }

42

++  memset(oggstate->stream_in, 0, sizeof(ogg_stream_state));

43

++

44

+   if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL)

45

+   {

46

+     goto error;

47

+   }

48

++  memset(oggstate->vd, 0, sizeof(vorbis_dsp_state));

49

++

50

+   if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL)

51

+   {

52

+     goto error;

53

+   }

54

++  memset(oggstate->vi, 0, sizeof(vorbis_info));

55

++

56

+   if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL)

57

+   {

58

+     goto error;

59

+   }

60

++  memset(oggstate->vb, 0, sizeof(vorbis_block));

61

+

62

+   if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL)

63

+   {

64

65

diff --git a/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild

66

new file mode 100644

67

index 00000000000..0427694ed0b

68

--- /dev/null

69

+++ b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild

70

@@ -0,0 +1,52 @@

71

+# Copyright 1999-2018 Gentoo Foundation

72

+# Distributed under the terms of the GNU General Public License v2

73

+

74

+EAPI=5

75

+

76

+inherit versionator autotools eutils multilib

77

+

78

+DESCRIPTION="a library for mp3splt to split mp3 and ogg files without decoding"

79

+HOMEPAGE="http://mp3splt.sourceforge.net"

80

+SRC_URI="mirror://sourceforge/${PN:3}/${P}.tar.gz"

81

+

82

+LICENSE="GPL-2"

83

+SLOT="0"

84

+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"

85

+IUSE="doc flac pcre"

86

+

87

+RDEPEND="media-libs/libmad

88

+	media-libs/libvorbis

89

+	media-libs/libogg

90

+	media-libs/libid3tag

91

+	flac? ( >=media-libs/flac-1.2.1 )

92

+	pcre? ( dev-libs/libpcre )"

93

+DEPEND="${RDEPEND}

94

+	doc? ( >=app-doc/doxygen-1.8.3.1 media-gfx/graphviz )

95

+	sys-apps/findutils"

96

+

97

+src_prepare() {

98

+	epatch "${FILESDIR}"/${PN}-0.7-libltdl.patch

99

+	epatch "${FILESDIR}"/CVE-2017-15185.patch

100

+	eautoreconf

101

+}

102

+

103

+src_configure() {

104

+	econf \

105

+		--disable-dependency-tracking \

106

+		--disable-static \

107

+		$(use_enable pcre) \

108

+		$(use_enable flac) \

109

+		$(use_enable doc doxygen_doc) \

110

+		--docdir=/usr/share/doc/${PF} \

111

+		--disable-optimise \

112

+		--disable-cutter  # TODO package cutter <http://cutter.sourceforge.net/>

113

+}

114

+

115

+src_install() {

116

+	default

117

+	use	doc && docompress -x /usr/share/doc/${PF}/doxygen/${PN}_ico.svg

118

+

119

+	dodoc AUTHORS ChangeLog LIMITS NEWS README TODO

120

+

121

+	find "${D}"/usr -name '*.la' -delete

122

+}

1	commit: c77b4de07de7b74bba15ac1c62332ed2aa2143cb
2	Author: Aaron Bauman <bman <AT> gentoo <DOT> org>
3	AuthorDate: Sat May 5 00:46:54 2018 +0000
4	Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
5	CommitDate: Sat May 5 00:46:54 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77b4de0
7
8	media-libs/libmp3splt: add CVE-2017-15185 DoS patch
9
10	Bug: https://bugs.gentoo.org/633840
11	Package-Manager: Portage-2.3.36, Repoman-2.3.9
12
13	media-libs/libmp3splt/files/CVE-2017-15185.patch \| 41 +++++++++++++++++++
14	media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild \| 52 ++++++++++++++++++++++++
15	2 files changed, 93 insertions(+)
16
17	diff --git a/media-libs/libmp3splt/files/CVE-2017-15185.patch b/media-libs/libmp3splt/files/CVE-2017-15185.patch
18	new file mode 100644
19	index 00000000000..b31a92d0c45
20	--- /dev/null
21	+++ b/media-libs/libmp3splt/files/CVE-2017-15185.patch
22	@@ -0,0 +1,41 @@
23	+diff --git a/libmp3splt/plugins/ogg.c b/libmp3splt/plugins/ogg.c
24	+index 50cc495..57745f1 100644
25	+--- a/libmp3splt/plugins/ogg.c
26	++++ b/libmp3splt/plugins/ogg.c
27	+@@ -212,26 +212,36 @@ static splt_ogg_state splt_ogg_v_new(int error)
28	+ goto error;
29	+ }
30	+ memset(oggstate, 0, sizeof(splt_ogg_state));
31	++
32	+ if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL)
33	+ {
34	+ goto error;
35	+ }
36	++ memset(oggstate->sync_in, 0, sizeof(ogg_sync_state));
37	++
38	+ if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL)
39	+ {
40	+ goto error;
41	+ }
42	++ memset(oggstate->stream_in, 0, sizeof(ogg_stream_state));
43	++
44	+ if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL)
45	+ {
46	+ goto error;
47	+ }
48	++ memset(oggstate->vd, 0, sizeof(vorbis_dsp_state));
49	++
50	+ if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL)
51	+ {
52	+ goto error;
53	+ }
54	++ memset(oggstate->vi, 0, sizeof(vorbis_info));
55	++
56	+ if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL)
57	+ {
58	+ goto error;
59	+ }
60	++ memset(oggstate->vb, 0, sizeof(vorbis_block));
61	+
62	+ if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL)
63	+ {
64
65	diff --git a/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild
66	new file mode 100644
67	index 00000000000..0427694ed0b
68	--- /dev/null
69	+++ b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild
70	@@ -0,0 +1,52 @@
71	+# Copyright 1999-2018 Gentoo Foundation
72	+# Distributed under the terms of the GNU General Public License v2
73	+
74	+EAPI=5
75	+
76	+inherit versionator autotools eutils multilib
77	+
78	+DESCRIPTION="a library for mp3splt to split mp3 and ogg files without decoding"
79	+HOMEPAGE="http://mp3splt.sourceforge.net"
80	+SRC_URI="mirror://sourceforge/${PN:3}/${P}.tar.gz"
81	+
82	+LICENSE="GPL-2"
83	+SLOT="0"
84	+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
85	+IUSE="doc flac pcre"
86	+
87	+RDEPEND="media-libs/libmad
88	+ media-libs/libvorbis
89	+ media-libs/libogg
90	+ media-libs/libid3tag
91	+ flac? ( >=media-libs/flac-1.2.1 )
92	+ pcre? ( dev-libs/libpcre )"
93	+DEPEND="${RDEPEND}
94	+ doc? ( >=app-doc/doxygen-1.8.3.1 media-gfx/graphviz )
95	+ sys-apps/findutils"
96	+
97	+src_prepare() {
98	+ epatch "${FILESDIR}"/${PN}-0.7-libltdl.patch
99	+ epatch "${FILESDIR}"/CVE-2017-15185.patch
100	+ eautoreconf
101	+}
102	+
103	+src_configure() {
104	+ econf \
105	+ --disable-dependency-tracking \
106	+ --disable-static \
107	+ $(use_enable pcre) \
108	+ $(use_enable flac) \
109	+ $(use_enable doc doxygen_doc) \
110	+ --docdir=/usr/share/doc/${PF} \
111	+ --disable-optimise \
112	+ --disable-cutter # TODO package cutter <http://cutter.sourceforge.net/>
113	+}
114	+
115	+src_install() {
116	+ default
117	+ use doc && docompress -x /usr/share/doc/${PF}/doxygen/${PN}_ico.svg
118	+
119	+ dodoc AUTHORS ChangeLog LIMITS NEWS README TODO
120	+
121	+ find "${D}"/usr -name '*.la' -delete
122	+}

Gentoo Archives: gentoo-commits