[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/ - gentoo-commits

From:	Alexis Ballier <aballier@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
Date:	Mon, 17 Jul 2017 15:54:33
Message-Id:	`1500306810.3aeef28be917bba491ddb751f06aec58fdf672a9.aballier@gentoo`

1

commit:     3aeef28be917bba491ddb751f06aec58fdf672a9

2

Author:     ChrisADR <christopher.diaz.riv <AT> gmail <DOT> com>

3

AuthorDate: Mon Jul 17 00:26:28 2017 +0000

4

Commit:     Alexis Ballier <aballier <AT> gentoo <DOT> org>

5

CommitDate: Mon Jul 17 15:53:30 2017 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3aeef28b

7

8

	media-sound/vorbis-tools: New revision fixing security bug 559170

9

10

 .../vorbis-tools-1.4.0-aiff-buffer-overflow.patch  | 31 +++++++++++++++

11

 .../vorbis-tools/vorbis-tools-1.4.0-r3.ebuild      | 45 ++++++++++++++++++++++

12

 2 files changed, 76 insertions(+)

13

14

diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch

15

new file mode 100644

16

index 00000000000..f8b66a90e7c

17

--- /dev/null

18

+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch

19

@@ -0,0 +1,31 @@

20

+Patch taken from: 

21

+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch

22

+To fix bug report:

23

+http://www.openwall.com/lists/oss-security/2015/08/29/1

24

+    https://bugs.gentoo.org/show_bug.cgi?id=559170

25

+--- oggenc/audio.c

26

++++ oggenc/audio.c

27

+@@ -245,8 +245,8 @@

28

+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)

29

+ {

30

+     int aifc; /* AIFC or AIFF? */

31

+-    unsigned int len;

32

+-    unsigned char *buffer;

33

++    unsigned int len,readlen;

34

++    unsigned char buffer[22];

35

+     unsigned char buf2[8];

36

+     aiff_fmt format;

37

+     aifffile *aiff = malloc(sizeof(aifffile));

38

+@@ -269,9 +269,9 @@

39

+         return 0; /* Weird common chunk */

40

+     }

41

+

42

+-    buffer = alloca(len);

43

+-

44

+-    if(fread(buffer,1,len,in) < len)

45

++    readlen = len < sizeof(buffer) ? len : sizeof(buffer);

46

++    if(fread(buffer,1,readlen,in) < readlen ||

47

++        (len > readlen && !seek_forward(in, len-readlen)))

48

+     {

49

+         fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));

50

+         return 0;

51

52

diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild

53

new file mode 100644

54

index 00000000000..977e7e88ff3

55

--- /dev/null

56

+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild

57

@@ -0,0 +1,45 @@

58

+# Copyright 1999-2017 Gentoo Foundation

59

+# Distributed under the terms of the GNU General Public License v2

60

+

61

+EAPI=5

62

+inherit autotools eutils

63

+

64

+DESCRIPTION="tools for using the Ogg Vorbis sound file format"

65

+HOMEPAGE="http://www.vorbis.com"

66

+SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.gz"

67

+

68

+LICENSE="GPL-2"

69

+SLOT="0"

70

+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"

71

+IUSE="flac kate nls +ogg123 speex"

72

+

73

+RDEPEND=">=media-libs/libvorbis-1.3.0

74

+	flac? ( media-libs/flac )

75

+	kate? ( media-libs/libkate )

76

+	ogg123? (

77

+		>=media-libs/libao-1.0.0

78

+		net-misc/curl

79

+	)

80

+	speex? ( media-libs/speex )"

81

+DEPEND="${RDEPEND}

82

+	nls? ( sys-devel/gettext )

83

+	virtual/pkgconfig"

84

+

85

+DOCS="AUTHORS CHANGES README"

86

+

87

+src_prepare() {

88

+	epatch "${FILESDIR}"/${P}-underlinking.patch

89

+	epatch "${FILESDIR}"/${P}-format-security.patch

90

+	epatch "${FILESDIR}"/${P}-aiff-buffer-overflow.patch

91

+	sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.ac || die #515220

92

+	eautoreconf

93

+}

94

+

95

+src_configure() {

96

+	econf \

97

+		$(use_enable nls) \

98

+		$(use_enable ogg123) \

99

+		$(use_with flac) \

100

+		$(use_with speex) \

101

+		$(use_with kate)

102

+}

1	commit: 3aeef28be917bba491ddb751f06aec58fdf672a9
2	Author: ChrisADR <christopher.diaz.riv <AT> gmail <DOT> com>
3	AuthorDate: Mon Jul 17 00:26:28 2017 +0000
4	Commit: Alexis Ballier <aballier <AT> gentoo <DOT> org>
5	CommitDate: Mon Jul 17 15:53:30 2017 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3aeef28b
7
8	media-sound/vorbis-tools: New revision fixing security bug 559170
9
10	.../vorbis-tools-1.4.0-aiff-buffer-overflow.patch \| 31 +++++++++++++++
11	.../vorbis-tools/vorbis-tools-1.4.0-r3.ebuild \| 45 ++++++++++++++++++++++
12	2 files changed, 76 insertions(+)
13
14	diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch
15	new file mode 100644
16	index 00000000000..f8b66a90e7c
17	--- /dev/null
18	+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch
19	@@ -0,0 +1,31 @@
20	+Patch taken from:
21	+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
22	+To fix bug report:
23	+http://www.openwall.com/lists/oss-security/2015/08/29/1
24	+ https://bugs.gentoo.org/show_bug.cgi?id=559170
25	+--- oggenc/audio.c
26	++++ oggenc/audio.c
27	+@@ -245,8 +245,8 @@
28	+ int aiff_open(FILE in, oe_enc_opt opt, unsigned char *buf, int buflen)
29	+ {
30	+ int aifc; /* AIFC or AIFF? */
31	+- unsigned int len;
32	+- unsigned char *buffer;
33	++ unsigned int len,readlen;
34	++ unsigned char buffer[22];
35	+ unsigned char buf2[8];
36	+ aiff_fmt format;
37	+ aifffile *aiff = malloc(sizeof(aifffile));
38	+@@ -269,9 +269,9 @@
39	+ return 0; /* Weird common chunk */
40	+ }
41	+
42	+- buffer = alloca(len);
43	+-
44	+- if(fread(buffer,1,len,in) < len)
45	++ readlen = len < sizeof(buffer) ? len : sizeof(buffer);
46	++ if(fread(buffer,1,readlen,in) < readlen \|\|
47	++ (len > readlen && !seek_forward(in, len-readlen)))
48	+ {
49	+ fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
50	+ return 0;
51
52	diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild
53	new file mode 100644
54	index 00000000000..977e7e88ff3
55	--- /dev/null
56	+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild
57	@@ -0,0 +1,45 @@
58	+# Copyright 1999-2017 Gentoo Foundation
59	+# Distributed under the terms of the GNU General Public License v2
60	+
61	+EAPI=5
62	+inherit autotools eutils
63	+
64	+DESCRIPTION="tools for using the Ogg Vorbis sound file format"
65	+HOMEPAGE="http://www.vorbis.com"
66	+SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.gz"
67	+
68	+LICENSE="GPL-2"
69	+SLOT="0"
70	+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"
71	+IUSE="flac kate nls +ogg123 speex"
72	+
73	+RDEPEND=">=media-libs/libvorbis-1.3.0
74	+ flac? ( media-libs/flac )
75	+ kate? ( media-libs/libkate )
76	+ ogg123? (
77	+ >=media-libs/libao-1.0.0
78	+ net-misc/curl
79	+ )
80	+ speex? ( media-libs/speex )"
81	+DEPEND="${RDEPEND}
82	+ nls? ( sys-devel/gettext )
83	+ virtual/pkgconfig"
84	+
85	+DOCS="AUTHORS CHANGES README"
86	+
87	+src_prepare() {
88	+ epatch "${FILESDIR}"/${P}-underlinking.patch
89	+ epatch "${FILESDIR}"/${P}-format-security.patch
90	+ epatch "${FILESDIR}"/${P}-aiff-buffer-overflow.patch
91	+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.ac \|\| die #515220
92	+ eautoreconf
93	+}
94	+
95	+src_configure() {
96	+ econf \
97	+ $(use_enable nls) \
98	+ $(use_enable ogg123) \
99	+ $(use_with flac) \
100	+ $(use_with speex) \
101	+ $(use_with kate)
102	+}

Gentoo Archives: gentoo-commits