| 1 |
commit: 7a8736c5acc6898bf74f7788560bf8667f441f67 |
| 2 |
Author: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Sep 4 12:07:06 2020 +0000 |
| 4 |
Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Sep 4 12:07:18 2020 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a8736c5 |
| 7 |
|
| 8 |
media-sound/sox: security cleanup |
| 9 |
|
| 10 |
Bug: https://bugs.gentoo.org/711320 |
| 11 |
Package-Manager: Portage-3.0.5, Repoman-3.0.1 |
| 12 |
Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org> |
| 13 |
|
| 14 |
media-sound/sox/Manifest | 1 - |
| 15 |
.../sox/files/sox-14.4.2-CVE-2017-11332.patch | 25 ------ |
| 16 |
.../sox/files/sox-14.4.2-CVE-2017-11333.patch | 43 ---------- |
| 17 |
.../sox/files/sox-14.4.2-CVE-2017-11358.patch | 26 ------ |
| 18 |
.../sox/files/sox-14.4.2-CVE-2017-11359.patch | 27 ------ |
| 19 |
.../sox/files/sox-14.4.2-CVE-2017-15370.patch | 25 ------ |
| 20 |
.../sox/files/sox-14.4.2-CVE-2017-15371.patch | 37 -------- |
| 21 |
.../sox/files/sox-14.4.2-CVE-2017-15372.patch | 97 --------------------- |
| 22 |
.../sox/files/sox-14.4.2-CVE-2017-15642.patch | 28 ------- |
| 23 |
.../sox/files/sox-14.4.2-CVE-2017-18189.patch | 30 ------- |
| 24 |
.../sox-14.4.2-wavpack-chk-errors-on-init.patch | 35 -------- |
| 25 |
media-sound/sox/sox-14.4.2-r1.ebuild | 98 ---------------------- |
| 26 |
12 files changed, 472 deletions(-) |
| 27 |
|
| 28 |
diff --git a/media-sound/sox/Manifest b/media-sound/sox/Manifest |
| 29 |
index c561e3e27dc..f8cd840cafa 100644 |
| 30 |
--- a/media-sound/sox/Manifest |
| 31 |
+++ b/media-sound/sox/Manifest |
| 32 |
@@ -1,2 +1 @@ |
| 33 |
-DIST sox-14.4.2.tar.gz 1134299 BLAKE2B 9fae987d421fc733b84746f8dc8f09ced1c3ce066643a426d7c64c4ed4ceeb18e5d00165108b39065a4ce40ff39e9d020fc6e734ff1121ee39bfeed4ad822bc5 SHA512 b5c6203f4f5577503a034fe5b3d6a033ee97fe4d171c533933e2b036118a43a14f97c9668433229708609ccf9ee16abdeca3fc7501aa0aafe06baacbba537eca |
| 34 |
DIST sox-14.4.2_p20200803.zip 1089835 BLAKE2B fa53d8c9f14620675bf534090bf6c69ec256bb977aa1b3c01b2d95ba8e685eb4f9d479872f303b2954aa1b063c095bf3b90e5b746fd8d7d66e35476e5218fa6b SHA512 8c485a53b9ecce9ecf759d7bbf8d95e568a89505bec7d1258afded4c7ad0f28c624b637a188ab87b64dee720db59b8de20c347805910f0401f00550832e16392 |
| 35 |
|
| 36 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11332.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11332.patch |
| 37 |
deleted file mode 100644 |
| 38 |
index 2b4448ed2d7..00000000000 |
| 39 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11332.patch |
| 40 |
+++ /dev/null |
| 41 |
@@ -1,25 +0,0 @@ |
| 42 |
-From 7405bcaacb1ded8c595cb751d407cf738cb26571 Mon Sep 17 00:00:00 2001 |
| 43 |
-From: Mans Rullgard <mans@×××××.com> |
| 44 |
-Date: Sun, 5 Nov 2017 16:29:28 +0000 |
| 45 |
-Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332) |
| 46 |
- |
| 47 |
---- |
| 48 |
- src/wav.c | 5 +++++ |
| 49 |
- 1 file changed, 5 insertions(+) |
| 50 |
- |
| 51 |
-diff --git a/src/wav.c b/src/wav.c |
| 52 |
-index 3e80e692..3eaebfa7 100644 |
| 53 |
---- a/src/wav.c |
| 54 |
-+++ b/src/wav.c |
| 55 |
-@@ -712,6 +712,11 @@ static int startread(sox_format_t * ft) |
| 56 |
- else |
| 57 |
- lsx_report("User options overriding channels read in .wav header"); |
| 58 |
- |
| 59 |
-+ if (ft->signal.channels == 0) { |
| 60 |
-+ lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero"); |
| 61 |
-+ return SOX_EOF; |
| 62 |
-+ } |
| 63 |
-+ |
| 64 |
- if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond) |
| 65 |
- ft->signal.rate = dwSamplesPerSecond; |
| 66 |
- else |
| 67 |
|
| 68 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11333.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11333.patch |
| 69 |
deleted file mode 100644 |
| 70 |
index a9a5b276219..00000000000 |
| 71 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11333.patch |
| 72 |
+++ /dev/null |
| 73 |
@@ -1,43 +0,0 @@ |
| 74 |
-From 93b6e4b5b0efa47b318151d39c35277fc06525f1 Mon Sep 17 00:00:00 2001 |
| 75 |
-Message-Id: <93b6e4b5b0efa47b318151d39c35277fc06525f1.1511192342.git.agx@×××××××.org> |
| 76 |
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@×××××××.org> |
| 77 |
-Date: Wed, 15 Nov 2017 18:36:58 +0100 |
| 78 |
-Subject: [PATCH] Handle vorbis_analysis_headerout errors |
| 79 |
- |
| 80 |
-This is related to |
| 81 |
- |
| 82 |
- https://github.com/xiph/vorbis/pull/34 |
| 83 |
- |
| 84 |
-but could also happen today with on other errors in the called function. |
| 85 |
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882236 |
| 86 |
-Forwarded: sox-devel@×××××××××××××××××.net |
| 87 |
---- |
| 88 |
- src/vorbis.c | 8 ++++++-- |
| 89 |
- 1 file changed, 6 insertions(+), 2 deletions(-) |
| 90 |
- |
| 91 |
-Index: sox/src/vorbis.c |
| 92 |
-=================================================================== |
| 93 |
---- sox.orig/src/vorbis.c |
| 94 |
-+++ sox/src/vorbis.c |
| 95 |
-@@ -270,8 +270,11 @@ static int write_vorbis_header(sox_forma |
| 96 |
- vc.comment_lengths[i] = strlen(text); |
| 97 |
- } |
| 98 |
- } |
| 99 |
-- vorbis_analysis_headerout( /* Build the packets */ |
| 100 |
-- &ve->vd, &vc, &header_main, &header_comments, &header_codebooks); |
| 101 |
-+ if (vorbis_analysis_headerout( /* Build the packets */ |
| 102 |
-+ &ve->vd, &vc, &header_main, &header_comments, &header_codebooks) < 0) { |
| 103 |
-+ ret = HEADER_ERROR; |
| 104 |
-+ goto cleanup; |
| 105 |
-+ } |
| 106 |
- |
| 107 |
- ogg_stream_packetin(&ve->os, &header_main); /* And stream them out */ |
| 108 |
- ogg_stream_packetin(&ve->os, &header_comments); |
| 109 |
-@@ -280,6 +283,7 @@ static int write_vorbis_header(sox_forma |
| 110 |
- while (ogg_stream_flush(&ve->os, &ve->og) && ret == HEADER_OK) |
| 111 |
- if (!oe_write_page(&ve->og, ft)) |
| 112 |
- ret = HEADER_ERROR; |
| 113 |
-+cleanup: |
| 114 |
- for (i = 0; i < vc.comments; ++i) |
| 115 |
- free(vc.user_comments[i]); |
| 116 |
- free(vc.user_comments); |
| 117 |
|
| 118 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11358.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11358.patch |
| 119 |
deleted file mode 100644 |
| 120 |
index 6cd8c2bb15f..00000000000 |
| 121 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11358.patch |
| 122 |
+++ /dev/null |
| 123 |
@@ -1,26 +0,0 @@ |
| 124 |
-From 6cb44a44b9eda6b321ccdbf6483348d4a9798b00 Mon Sep 17 00:00:00 2001 |
| 125 |
-From: Mans Rullgard <mans@×××××.com> |
| 126 |
-Date: Sun, 5 Nov 2017 16:43:35 +0000 |
| 127 |
-Subject: [PATCH] hcom: fix crash on input with corrupt dictionary |
| 128 |
- (CVE-2017-11358) |
| 129 |
- |
| 130 |
---- |
| 131 |
- src/hcom.c | 5 +++++ |
| 132 |
- 1 file changed, 5 insertions(+) |
| 133 |
- |
| 134 |
-diff --git a/src/hcom.c b/src/hcom.c |
| 135 |
-index c62b020c..1b0e09dd 100644 |
| 136 |
---- a/src/hcom.c |
| 137 |
-+++ b/src/hcom.c |
| 138 |
-@@ -150,6 +150,11 @@ static int startread(sox_format_t * ft) |
| 139 |
- lsx_debug("%d %d", |
| 140 |
- p->dictionary[i].dict_leftson, |
| 141 |
- p->dictionary[i].dict_rightson); |
| 142 |
-+ if ((unsigned) p->dictionary[i].dict_leftson >= dictsize || |
| 143 |
-+ (unsigned) p->dictionary[i].dict_rightson >= dictsize) { |
| 144 |
-+ lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary"); |
| 145 |
-+ return SOX_EOF; |
| 146 |
-+ } |
| 147 |
- } |
| 148 |
- rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */ |
| 149 |
- if (rc) |
| 150 |
|
| 151 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11359.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11359.patch |
| 152 |
deleted file mode 100644 |
| 153 |
index 180d7d1c867..00000000000 |
| 154 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11359.patch |
| 155 |
+++ /dev/null |
| 156 |
@@ -1,27 +0,0 @@ |
| 157 |
-From 8b590b3a52f4ccc4eea3f41b4a067c38b3565b60 Mon Sep 17 00:00:00 2001 |
| 158 |
-From: Mans Rullgard <mans@×××××.com> |
| 159 |
-Date: Sun, 5 Nov 2017 17:02:11 +0000 |
| 160 |
-Subject: [PATCH] wav: fix crash writing header when channel count >64k |
| 161 |
- (CVE-2017-11359) |
| 162 |
- |
| 163 |
---- |
| 164 |
- src/wav.c | 6 ++++++ |
| 165 |
- 1 file changed, 6 insertions(+) |
| 166 |
- |
| 167 |
-diff --git a/src/wav.c b/src/wav.c |
| 168 |
-index 3eaebfa7..fad334cf 100644 |
| 169 |
---- a/src/wav.c |
| 170 |
-+++ b/src/wav.c |
| 171 |
-@@ -1379,6 +1379,12 @@ static int wavwritehdr(sox_format_t * ft, int second_header) |
| 172 |
- long blocksWritten = 0; |
| 173 |
- sox_bool isExtensible = sox_false; /* WAVE_FORMAT_EXTENSIBLE? */ |
| 174 |
- |
| 175 |
-+ if (ft->signal.channels > UINT16_MAX) { |
| 176 |
-+ lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)", |
| 177 |
-+ ft->signal.channels); |
| 178 |
-+ return SOX_EOF; |
| 179 |
-+ } |
| 180 |
-+ |
| 181 |
- dwSamplesPerSecond = ft->signal.rate; |
| 182 |
- wChannels = ft->signal.channels; |
| 183 |
- wBitsPerSample = ft->encoding.bits_per_sample; |
| 184 |
|
| 185 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15370.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15370.patch |
| 186 |
deleted file mode 100644 |
| 187 |
index 473c383a663..00000000000 |
| 188 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15370.patch |
| 189 |
+++ /dev/null |
| 190 |
@@ -1,25 +0,0 @@ |
| 191 |
-From ef3d8be0f80cbb650e4766b545d61e10d7a24c9e Mon Sep 17 00:00:00 2001 |
| 192 |
-From: Mans Rullgard <mans@×××××.com> |
| 193 |
-Date: Sun, 5 Nov 2017 16:21:23 +0000 |
| 194 |
-Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input |
| 195 |
- (CVE-2017-15370) |
| 196 |
- |
| 197 |
-Add the same check bad block size as was done for MS adpcm in commit |
| 198 |
-f39c574b ("More checks for invalid MS ADPCM blocks"). |
| 199 |
---- |
| 200 |
- src/wav.c | 2 +- |
| 201 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
| 202 |
- |
| 203 |
-diff --git a/src/wav.c b/src/wav.c |
| 204 |
-index 5202556c..3e80e692 100644 |
| 205 |
---- a/src/wav.c |
| 206 |
-+++ b/src/wav.c |
| 207 |
-@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) |
| 208 |
- /* work with partial blocks. Specs say it should be null */ |
| 209 |
- /* padded but I guess this is better than trailing quiet. */ |
| 210 |
- samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); |
| 211 |
-- if (samplesThisBlock == 0) |
| 212 |
-+ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) |
| 213 |
- { |
| 214 |
- lsx_warn("Premature EOF on .wav input file"); |
| 215 |
- return 0; |
| 216 |
|
| 217 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15371.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15371.patch |
| 218 |
deleted file mode 100644 |
| 219 |
index cde253da4ec..00000000000 |
| 220 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15371.patch |
| 221 |
+++ /dev/null |
| 222 |
@@ -1,37 +0,0 @@ |
| 223 |
-From 818bdd0ccc1e5b6cae742c740c17fd414935cf39 Mon Sep 17 00:00:00 2001 |
| 224 |
-From: Mans Rullgard <mans@×××××.com> |
| 225 |
-Date: Sun, 5 Nov 2017 15:57:48 +0000 |
| 226 |
-Subject: [PATCH] flac: fix crash on corrupt metadata (CVE-2017-15371) |
| 227 |
- |
| 228 |
---- |
| 229 |
- src/flac.c | 8 +++++--- |
| 230 |
- 1 file changed, 5 insertions(+), 3 deletions(-) |
| 231 |
- |
| 232 |
-Index: sox/src/flac.c |
| 233 |
-=================================================================== |
| 234 |
---- sox.orig/src/flac.c |
| 235 |
-+++ sox/src/flac.c |
| 236 |
-@@ -119,9 +119,10 @@ static void decoder_metadata_callback(FL |
| 237 |
- p->total_samples = metadata->data.stream_info.total_samples; |
| 238 |
- } |
| 239 |
- else if (metadata->type == FLAC__METADATA_TYPE_VORBIS_COMMENT) { |
| 240 |
-+ const FLAC__StreamMetadata_VorbisComment *vc = &metadata->data.vorbis_comment; |
| 241 |
- size_t i; |
| 242 |
- |
| 243 |
-- if (metadata->data.vorbis_comment.num_comments == 0) |
| 244 |
-+ if (vc->num_comments == 0) |
| 245 |
- return; |
| 246 |
- |
| 247 |
- if (ft->oob.comments != NULL) { |
| 248 |
-@@ -129,8 +130,9 @@ static void decoder_metadata_callback(FL |
| 249 |
- return; |
| 250 |
- } |
| 251 |
- |
| 252 |
-- for (i = 0; i < metadata->data.vorbis_comment.num_comments; ++i) |
| 253 |
-- sox_append_comment(&ft->oob.comments, (char const *) metadata->data.vorbis_comment.comments[i].entry); |
| 254 |
-+ for (i = 0; i < vc->num_comments; ++i) |
| 255 |
-+ if (vc->comments[i].entry) |
| 256 |
-+ sox_append_comment(&ft->oob.comments, (char const *) vc->comments[i].entry); |
| 257 |
- } |
| 258 |
- } |
| 259 |
- |
| 260 |
|
| 261 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15372.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15372.patch |
| 262 |
deleted file mode 100644 |
| 263 |
index 8671213a98f..00000000000 |
| 264 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15372.patch |
| 265 |
+++ /dev/null |
| 266 |
@@ -1,97 +0,0 @@ |
| 267 |
-From 3f7ed312614649e2695b54b398475d32be4f64f3 Mon Sep 17 00:00:00 2001 |
| 268 |
-From: Mans Rullgard <mans@×××××.com> |
| 269 |
-Date: Wed, 8 Nov 2017 00:29:14 +0000 |
| 270 |
-Subject: adpcm: fix stack overflow with >4 channels (CVE-2017-15372) |
| 271 |
- |
| 272 |
---- |
| 273 |
- src/adpcm.c | 8 +++++++- |
| 274 |
- src/adpcm.h | 3 +++ |
| 275 |
- src/wav.c | 5 ++++- |
| 276 |
- 3 files changed, 14 insertions(+), 2 deletions(-) |
| 277 |
- |
| 278 |
-Index: sox/src/adpcm.c |
| 279 |
-=================================================================== |
| 280 |
---- sox.orig/src/adpcm.c |
| 281 |
-+++ sox/src/adpcm.c |
| 282 |
-@@ -71,6 +71,11 @@ const short lsx_ms_adpcm_i_coef[7][2] = |
| 283 |
- { 392,-232} |
| 284 |
- }; |
| 285 |
- |
| 286 |
-+extern void *lsx_ms_adpcm_alloc(unsigned chans) |
| 287 |
-+{ |
| 288 |
-+ return lsx_malloc(chans * sizeof(MsState_t)); |
| 289 |
-+} |
| 290 |
-+ |
| 291 |
- static inline sox_sample_t AdpcmDecode(sox_sample_t c, MsState_t *state, |
| 292 |
- sox_sample_t sample1, sox_sample_t sample2) |
| 293 |
- { |
| 294 |
-@@ -102,6 +107,7 @@ static inline sox_sample_t AdpcmDecode(s |
| 295 |
- |
| 296 |
- /* lsx_ms_adpcm_block_expand_i() outputs interleaved samples into one output buffer */ |
| 297 |
- const char *lsx_ms_adpcm_block_expand_i( |
| 298 |
-+ void *priv, |
| 299 |
- unsigned chans, /* total channels */ |
| 300 |
- int nCoef, |
| 301 |
- const short *coef, |
| 302 |
-@@ -113,7 +119,7 @@ const char *lsx_ms_adpcm_block_expand_i( |
| 303 |
- const unsigned char *ip; |
| 304 |
- unsigned ch; |
| 305 |
- const char *errmsg = NULL; |
| 306 |
-- MsState_t state[4]; /* One decompressor state for each channel */ |
| 307 |
-+ MsState_t *state = priv; /* One decompressor state for each channel */ |
| 308 |
- |
| 309 |
- /* Read the four-byte header for each channel */ |
| 310 |
- ip = ibuff; |
| 311 |
-Index: sox/src/adpcm.h |
| 312 |
-=================================================================== |
| 313 |
---- sox.orig/src/adpcm.h |
| 314 |
-+++ sox/src/adpcm.h |
| 315 |
-@@ -29,8 +29,11 @@ |
| 316 |
- /* default coef sets */ |
| 317 |
- extern const short lsx_ms_adpcm_i_coef[7][2]; |
| 318 |
- |
| 319 |
-+extern void *lsx_ms_adpcm_alloc(unsigned chans); |
| 320 |
-+ |
| 321 |
- /* lsx_ms_adpcm_block_expand_i() outputs interleaved samples into one output buffer */ |
| 322 |
- extern const char *lsx_ms_adpcm_block_expand_i( |
| 323 |
-+ void *priv, |
| 324 |
- unsigned chans, /* total channels */ |
| 325 |
- int nCoef, |
| 326 |
- const short *coef, |
| 327 |
-Index: sox/src/wav.c |
| 328 |
-=================================================================== |
| 329 |
---- sox.orig/src/wav.c |
| 330 |
-+++ sox/src/wav.c |
| 331 |
-@@ -82,6 +82,7 @@ typedef struct { |
| 332 |
- /* following used by *ADPCM wav files */ |
| 333 |
- unsigned short nCoefs; /* ADPCM: number of coef sets */ |
| 334 |
- short *lsx_ms_adpcm_i_coefs; /* ADPCM: coef sets */ |
| 335 |
-+ void *ms_adpcm_data; /* Private data of adpcm decoder */ |
| 336 |
- unsigned char *packet; /* Temporary buffer for packets */ |
| 337 |
- short *samples; /* interleaved samples buffer */ |
| 338 |
- short *samplePtr; /* Pointer to current sample */ |
| 339 |
-@@ -175,7 +176,7 @@ static unsigned short AdpcmReadBlock(so |
| 340 |
- } |
| 341 |
- } |
| 342 |
- |
| 343 |
-- errmsg = lsx_ms_adpcm_block_expand_i(ft->signal.channels, wav->nCoefs, wav->lsx_ms_adpcm_i_coefs, wav->packet, wav->samples, samplesThisBlock); |
| 344 |
-+ errmsg = lsx_ms_adpcm_block_expand_i(wav->ms_adpcm_data, ft->signal.channels, wav->nCoefs, wav->lsx_ms_adpcm_i_coefs, wav->packet, wav->samples, samplesThisBlock); |
| 345 |
- |
| 346 |
- if (errmsg) |
| 347 |
- lsx_warn("%s", errmsg); |
| 348 |
-@@ -791,6 +792,7 @@ static int startread(sox_format_t * ft) |
| 349 |
- |
| 350 |
- /* nCoefs, lsx_ms_adpcm_i_coefs used by adpcm.c */ |
| 351 |
- wav->lsx_ms_adpcm_i_coefs = lsx_malloc(wav->nCoefs * 2 * sizeof(short)); |
| 352 |
-+ wav->ms_adpcm_data = lsx_ms_adpcm_alloc(wChannels); |
| 353 |
- { |
| 354 |
- int i, errct=0; |
| 355 |
- for (i=0; len>=2 && i < 2*wav->nCoefs; i++) { |
| 356 |
-@@ -1216,6 +1218,7 @@ static int stopread(sox_format_t * ft) |
| 357 |
- free(wav->packet); |
| 358 |
- free(wav->samples); |
| 359 |
- free(wav->lsx_ms_adpcm_i_coefs); |
| 360 |
-+ free(wav->ms_adpcm_data); |
| 361 |
- free(wav->comment); |
| 362 |
- wav->comment = NULL; |
| 363 |
- |
| 364 |
|
| 365 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15642.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15642.patch |
| 366 |
deleted file mode 100644 |
| 367 |
index d43ef50d101..00000000000 |
| 368 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15642.patch |
| 369 |
+++ /dev/null |
| 370 |
@@ -1,28 +0,0 @@ |
| 371 |
-Description: This fixes a use after free and double free if an empty comment |
| 372 |
-chunk follows a non-empty one. |
| 373 |
-Author: Mans Rullgard <mans@×××××.com> |
| 374 |
-Forwarded: not-needed |
| 375 |
---- |
| 376 |
- src/aiff.c | 2 +- |
| 377 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
| 378 |
- |
| 379 |
-Index: sox/src/aiff.c |
| 380 |
-=================================================================== |
| 381 |
---- sox.orig/src/aiff.c |
| 382 |
-+++ sox/src/aiff.c |
| 383 |
-@@ -62,7 +62,6 @@ int lsx_aiffstartread(sox_format_t * ft) |
| 384 |
- size_t ssndsize = 0; |
| 385 |
- char *annotation; |
| 386 |
- char *author; |
| 387 |
-- char *comment = NULL; |
| 388 |
- char *copyright; |
| 389 |
- char *nametext; |
| 390 |
- |
| 391 |
-@@ -270,6 +269,7 @@ int lsx_aiffstartread(sox_format_t * ft) |
| 392 |
- free(annotation); |
| 393 |
- } |
| 394 |
- else if (strncmp(buf, "COMT", (size_t)4) == 0) { |
| 395 |
-+ char *comment = NULL; |
| 396 |
- rc = commentChunk(&comment, "Comment:", ft); |
| 397 |
- if (rc) { |
| 398 |
- /* Fail already called in function */ |
| 399 |
|
| 400 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-18189.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-18189.patch |
| 401 |
deleted file mode 100644 |
| 402 |
index fd04bcdff13..00000000000 |
| 403 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-18189.patch |
| 404 |
+++ /dev/null |
| 405 |
@@ -1,30 +0,0 @@ |
| 406 |
-Description: A corrupt header specifying zero channels would send read_channels() |
| 407 |
-into an infinite loop. Prevent this by sanity checking the channel |
| 408 |
-count in open_read(). Also add an upper bound to prevent overflow |
| 409 |
-in multiplication. |
| 410 |
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121 |
| 411 |
-Author: Mans Rullgard <mans@×××××.com> |
| 412 |
- Jaromír Mikeš <mira.mikes@××××××.cz> |
| 413 |
-Forwarded: not-needed |
| 414 |
- |
| 415 |
---- |
| 416 |
- src/xa.c | 6 ++++++ |
| 417 |
- 1 file changed, 6 insertions(+) |
| 418 |
- |
| 419 |
-Index: sox/src/xa.c |
| 420 |
-=================================================================== |
| 421 |
---- sox.orig/src/xa.c |
| 422 |
-+++ sox/src/xa.c |
| 423 |
-@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft) |
| 424 |
- lsx_report("User options overriding rate read in .xa header"); |
| 425 |
- } |
| 426 |
- |
| 427 |
-+ if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) { |
| 428 |
-+ lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d", |
| 429 |
-+ ft->signal.channels); |
| 430 |
-+ return SOX_EOF; |
| 431 |
-+ } |
| 432 |
-+ |
| 433 |
- /* Check for supported formats */ |
| 434 |
- if (ft->encoding.bits_per_sample != 16) { |
| 435 |
- lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.", |
| 436 |
|
| 437 |
diff --git a/media-sound/sox/files/sox-14.4.2-wavpack-chk-errors-on-init.patch b/media-sound/sox/files/sox-14.4.2-wavpack-chk-errors-on-init.patch |
| 438 |
deleted file mode 100644 |
| 439 |
index 4ebb31c0ae9..00000000000 |
| 440 |
--- a/media-sound/sox/files/sox-14.4.2-wavpack-chk-errors-on-init.patch |
| 441 |
+++ /dev/null |
| 442 |
@@ -1,35 +0,0 @@ |
| 443 |
-Description: wavpack: check errors when initializing |
| 444 |
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881145 |
| 445 |
-Author: Eric Wong <normalperson@××××.net> |
| 446 |
- Jaromír Mikeš <mira.mikes@××××××.cz> |
| 447 |
-Forwarded: not-needed |
| 448 |
- |
| 449 |
- src/wavpack.c | 8 ++++++++ |
| 450 |
- 1 file changed, 8 insertions(+) |
| 451 |
- |
| 452 |
-diff --git a/src/wavpack.c b/src/wavpack.c |
| 453 |
-index 9e525cd4..b7e8dafa 100644 |
| 454 |
---- a/src/wavpack.c |
| 455 |
-+++ b/src/wavpack.c |
| 456 |
-@@ -65,6 +65,10 @@ static int start_read(sox_format_t * ft) |
| 457 |
- char msg[80]; |
| 458 |
- |
| 459 |
- p->codec = WavpackOpenFileInputEx(&io_fns, ft, NULL, msg, OPEN_NORMALIZE, 0); |
| 460 |
-+ if (!p->codec) { |
| 461 |
-+ lsx_fail_errno(ft, SOX_EHDR, "%s", msg); |
| 462 |
-+ return SOX_EOF; |
| 463 |
-+ } |
| 464 |
- ft->encoding.bits_per_sample = WavpackGetBytesPerSample(p->codec) << 3; |
| 465 |
- ft->signal.channels = WavpackGetNumChannels(p->codec); |
| 466 |
- if (WavpackGetSampleRate(p->codec) && ft->signal.rate && ft->signal.rate != WavpackGetSampleRate(p->codec)) |
| 467 |
-@@ -108,6 +112,10 @@ static int start_write(sox_format_t * ft) |
| 468 |
- uint64_t size64; |
| 469 |
- |
| 470 |
- p->codec = WavpackOpenFileOutput(ft_write_b_buf, ft, NULL); |
| 471 |
-+ if (!p->codec) { |
| 472 |
-+ lsx_fail_errno(ft, SOX_ENOMEM, "WavPack error creating output instance"); |
| 473 |
-+ return SOX_EOF; |
| 474 |
-+ } |
| 475 |
- memset(&config, 0, sizeof(config)); |
| 476 |
- config.bytes_per_sample = ft->encoding.bits_per_sample >> 3; |
| 477 |
- config.bits_per_sample = ft->encoding.bits_per_sample; |
| 478 |
|
| 479 |
diff --git a/media-sound/sox/sox-14.4.2-r1.ebuild b/media-sound/sox/sox-14.4.2-r1.ebuild |
| 480 |
deleted file mode 100644 |
| 481 |
index f6a0b545d51..00000000000 |
| 482 |
--- a/media-sound/sox/sox-14.4.2-r1.ebuild |
| 483 |
+++ /dev/null |
| 484 |
@@ -1,98 +0,0 @@ |
| 485 |
-# Copyright 1999-2020 Gentoo Authors |
| 486 |
-# Distributed under the terms of the GNU General Public License v2 |
| 487 |
- |
| 488 |
-EAPI=6 |
| 489 |
- |
| 490 |
-inherit autotools |
| 491 |
- |
| 492 |
-DESCRIPTION="The swiss army knife of sound processing programs" |
| 493 |
-HOMEPAGE="http://sox.sourceforge.net" |
| 494 |
-SRC_URI="mirror://sourceforge/sox/${P}.tar.gz" |
| 495 |
- |
| 496 |
-LICENSE="LGPL-2.1" |
| 497 |
-SLOT="0" |
| 498 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris" |
| 499 |
-IUSE="alsa amr ao debug encode flac id3tag ladspa mad ogg openmp oss opus png pulseaudio sndfile static-libs twolame wavpack" |
| 500 |
- |
| 501 |
-RDEPEND=" |
| 502 |
- dev-libs/libltdl:0= |
| 503 |
- >=media-sound/gsm-1.0.12-r1 |
| 504 |
- alsa? ( media-libs/alsa-lib ) |
| 505 |
- amr? ( media-libs/opencore-amr ) |
| 506 |
- ao? ( media-libs/libao ) |
| 507 |
- encode? ( >=media-sound/lame-3.98.4 ) |
| 508 |
- flac? ( >=media-libs/flac-1.1.3 ) |
| 509 |
- id3tag? ( media-libs/libid3tag ) |
| 510 |
- ladspa? ( media-libs/ladspa-sdk ) |
| 511 |
- mad? ( media-libs/libmad ) |
| 512 |
- ogg? ( |
| 513 |
- media-libs/libogg |
| 514 |
- media-libs/libvorbis |
| 515 |
- ) |
| 516 |
- opus? ( |
| 517 |
- media-libs/opus |
| 518 |
- media-libs/opusfile |
| 519 |
- ) |
| 520 |
- png? ( |
| 521 |
- media-libs/libpng:0= |
| 522 |
- sys-libs/zlib |
| 523 |
- ) |
| 524 |
- pulseaudio? ( media-sound/pulseaudio ) |
| 525 |
- sndfile? ( >=media-libs/libsndfile-1.0.11 ) |
| 526 |
- twolame? ( media-sound/twolame ) |
| 527 |
- wavpack? ( media-sound/wavpack )" |
| 528 |
-DEPEND="${RDEPEND} |
| 529 |
- virtual/pkgconfig" |
| 530 |
- |
| 531 |
-DOCS=( AUTHORS ChangeLog NEWS README ) |
| 532 |
- |
| 533 |
-PATCHES=( |
| 534 |
- "${FILESDIR}"/${P}-CVE-2017-11332.patch |
| 535 |
- "${FILESDIR}"/${P}-CVE-2017-11333.patch |
| 536 |
- "${FILESDIR}"/${P}-CVE-2017-11358.patch |
| 537 |
- "${FILESDIR}"/${P}-CVE-2017-11359.patch |
| 538 |
- "${FILESDIR}"/${P}-CVE-2017-15370.patch |
| 539 |
- "${FILESDIR}"/${P}-CVE-2017-15371.patch |
| 540 |
- "${FILESDIR}"/${P}-CVE-2017-15372.patch |
| 541 |
- "${FILESDIR}"/${P}-CVE-2017-15642.patch |
| 542 |
- "${FILESDIR}"/${P}-CVE-2017-18189.patch |
| 543 |
- "${FILESDIR}"/${P}-wavpack-chk-errors-on-init.patch |
| 544 |
-) |
| 545 |
- |
| 546 |
-src_prepare() { |
| 547 |
- default |
| 548 |
- sed -i -e 's:CFLAGS="-g":CFLAGS="$CFLAGS -g":' configure.ac || die #386027 |
| 549 |
- eautoreconf |
| 550 |
-} |
| 551 |
- |
| 552 |
-src_configure() { |
| 553 |
- econf \ |
| 554 |
- $(use_with alsa) \ |
| 555 |
- $(use_with amr amrnb) \ |
| 556 |
- $(use_with amr amrwb) \ |
| 557 |
- $(use_with ao) \ |
| 558 |
- $(use_enable debug) \ |
| 559 |
- $(use_with encode lame) \ |
| 560 |
- $(use_with flac) \ |
| 561 |
- $(use_with id3tag) \ |
| 562 |
- $(use_with ladspa) \ |
| 563 |
- $(use_with mad) \ |
| 564 |
- $(use_enable openmp) \ |
| 565 |
- $(use_with ogg oggvorbis) \ |
| 566 |
- $(use_with oss) \ |
| 567 |
- $(use_with opus) \ |
| 568 |
- $(use_with png) \ |
| 569 |
- $(use_with pulseaudio) \ |
| 570 |
- $(use_with sndfile) \ |
| 571 |
- $(use_enable static-libs static) \ |
| 572 |
- $(use_with twolame) \ |
| 573 |
- $(use_with wavpack) \ |
| 574 |
- --with-distro="Gentoo" |
| 575 |
-} |
| 576 |
- |
| 577 |
-src_install() { |
| 578 |
- default |
| 579 |
- # libltdl is used for loading plugins, keeping libtool files with empty |
| 580 |
- # dependency_libs what otherwise would be -exec rm -f {} + |
| 581 |
- find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} + |
| 582 |
-} |
Archives