1 |
commit: 7a8736c5acc6898bf74f7788560bf8667f441f67 |
2 |
Author: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> |
3 |
AuthorDate: Fri Sep 4 12:07:06 2020 +0000 |
4 |
Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> |
5 |
CommitDate: Fri Sep 4 12:07:18 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a8736c5 |
7 |
|
8 |
media-sound/sox: security cleanup |
9 |
|
10 |
Bug: https://bugs.gentoo.org/711320 |
11 |
Package-Manager: Portage-3.0.5, Repoman-3.0.1 |
12 |
Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org> |
13 |
|
14 |
media-sound/sox/Manifest | 1 - |
15 |
.../sox/files/sox-14.4.2-CVE-2017-11332.patch | 25 ------ |
16 |
.../sox/files/sox-14.4.2-CVE-2017-11333.patch | 43 ---------- |
17 |
.../sox/files/sox-14.4.2-CVE-2017-11358.patch | 26 ------ |
18 |
.../sox/files/sox-14.4.2-CVE-2017-11359.patch | 27 ------ |
19 |
.../sox/files/sox-14.4.2-CVE-2017-15370.patch | 25 ------ |
20 |
.../sox/files/sox-14.4.2-CVE-2017-15371.patch | 37 -------- |
21 |
.../sox/files/sox-14.4.2-CVE-2017-15372.patch | 97 --------------------- |
22 |
.../sox/files/sox-14.4.2-CVE-2017-15642.patch | 28 ------- |
23 |
.../sox/files/sox-14.4.2-CVE-2017-18189.patch | 30 ------- |
24 |
.../sox-14.4.2-wavpack-chk-errors-on-init.patch | 35 -------- |
25 |
media-sound/sox/sox-14.4.2-r1.ebuild | 98 ---------------------- |
26 |
12 files changed, 472 deletions(-) |
27 |
|
28 |
diff --git a/media-sound/sox/Manifest b/media-sound/sox/Manifest |
29 |
index c561e3e27dc..f8cd840cafa 100644 |
30 |
--- a/media-sound/sox/Manifest |
31 |
+++ b/media-sound/sox/Manifest |
32 |
@@ -1,2 +1 @@ |
33 |
-DIST sox-14.4.2.tar.gz 1134299 BLAKE2B 9fae987d421fc733b84746f8dc8f09ced1c3ce066643a426d7c64c4ed4ceeb18e5d00165108b39065a4ce40ff39e9d020fc6e734ff1121ee39bfeed4ad822bc5 SHA512 b5c6203f4f5577503a034fe5b3d6a033ee97fe4d171c533933e2b036118a43a14f97c9668433229708609ccf9ee16abdeca3fc7501aa0aafe06baacbba537eca |
34 |
DIST sox-14.4.2_p20200803.zip 1089835 BLAKE2B fa53d8c9f14620675bf534090bf6c69ec256bb977aa1b3c01b2d95ba8e685eb4f9d479872f303b2954aa1b063c095bf3b90e5b746fd8d7d66e35476e5218fa6b SHA512 8c485a53b9ecce9ecf759d7bbf8d95e568a89505bec7d1258afded4c7ad0f28c624b637a188ab87b64dee720db59b8de20c347805910f0401f00550832e16392 |
35 |
|
36 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11332.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11332.patch |
37 |
deleted file mode 100644 |
38 |
index 2b4448ed2d7..00000000000 |
39 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11332.patch |
40 |
+++ /dev/null |
41 |
@@ -1,25 +0,0 @@ |
42 |
-From 7405bcaacb1ded8c595cb751d407cf738cb26571 Mon Sep 17 00:00:00 2001 |
43 |
-From: Mans Rullgard <mans@×××××.com> |
44 |
-Date: Sun, 5 Nov 2017 16:29:28 +0000 |
45 |
-Subject: [PATCH] wav: fix crash if channel count is zero (CVE-2017-11332) |
46 |
- |
47 |
---- |
48 |
- src/wav.c | 5 +++++ |
49 |
- 1 file changed, 5 insertions(+) |
50 |
- |
51 |
-diff --git a/src/wav.c b/src/wav.c |
52 |
-index 3e80e692..3eaebfa7 100644 |
53 |
---- a/src/wav.c |
54 |
-+++ b/src/wav.c |
55 |
-@@ -712,6 +712,11 @@ static int startread(sox_format_t * ft) |
56 |
- else |
57 |
- lsx_report("User options overriding channels read in .wav header"); |
58 |
- |
59 |
-+ if (ft->signal.channels == 0) { |
60 |
-+ lsx_fail_errno(ft, SOX_EHDR, "Channel count is zero"); |
61 |
-+ return SOX_EOF; |
62 |
-+ } |
63 |
-+ |
64 |
- if (ft->signal.rate == 0 || ft->signal.rate == dwSamplesPerSecond) |
65 |
- ft->signal.rate = dwSamplesPerSecond; |
66 |
- else |
67 |
|
68 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11333.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11333.patch |
69 |
deleted file mode 100644 |
70 |
index a9a5b276219..00000000000 |
71 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11333.patch |
72 |
+++ /dev/null |
73 |
@@ -1,43 +0,0 @@ |
74 |
-From 93b6e4b5b0efa47b318151d39c35277fc06525f1 Mon Sep 17 00:00:00 2001 |
75 |
-Message-Id: <93b6e4b5b0efa47b318151d39c35277fc06525f1.1511192342.git.agx@×××××××.org> |
76 |
-From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@×××××××.org> |
77 |
-Date: Wed, 15 Nov 2017 18:36:58 +0100 |
78 |
-Subject: [PATCH] Handle vorbis_analysis_headerout errors |
79 |
- |
80 |
-This is related to |
81 |
- |
82 |
- https://github.com/xiph/vorbis/pull/34 |
83 |
- |
84 |
-but could also happen today with on other errors in the called function. |
85 |
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882236 |
86 |
-Forwarded: sox-devel@×××××××××××××××××.net |
87 |
---- |
88 |
- src/vorbis.c | 8 ++++++-- |
89 |
- 1 file changed, 6 insertions(+), 2 deletions(-) |
90 |
- |
91 |
-Index: sox/src/vorbis.c |
92 |
-=================================================================== |
93 |
---- sox.orig/src/vorbis.c |
94 |
-+++ sox/src/vorbis.c |
95 |
-@@ -270,8 +270,11 @@ static int write_vorbis_header(sox_forma |
96 |
- vc.comment_lengths[i] = strlen(text); |
97 |
- } |
98 |
- } |
99 |
-- vorbis_analysis_headerout( /* Build the packets */ |
100 |
-- &ve->vd, &vc, &header_main, &header_comments, &header_codebooks); |
101 |
-+ if (vorbis_analysis_headerout( /* Build the packets */ |
102 |
-+ &ve->vd, &vc, &header_main, &header_comments, &header_codebooks) < 0) { |
103 |
-+ ret = HEADER_ERROR; |
104 |
-+ goto cleanup; |
105 |
-+ } |
106 |
- |
107 |
- ogg_stream_packetin(&ve->os, &header_main); /* And stream them out */ |
108 |
- ogg_stream_packetin(&ve->os, &header_comments); |
109 |
-@@ -280,6 +283,7 @@ static int write_vorbis_header(sox_forma |
110 |
- while (ogg_stream_flush(&ve->os, &ve->og) && ret == HEADER_OK) |
111 |
- if (!oe_write_page(&ve->og, ft)) |
112 |
- ret = HEADER_ERROR; |
113 |
-+cleanup: |
114 |
- for (i = 0; i < vc.comments; ++i) |
115 |
- free(vc.user_comments[i]); |
116 |
- free(vc.user_comments); |
117 |
|
118 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11358.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11358.patch |
119 |
deleted file mode 100644 |
120 |
index 6cd8c2bb15f..00000000000 |
121 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11358.patch |
122 |
+++ /dev/null |
123 |
@@ -1,26 +0,0 @@ |
124 |
-From 6cb44a44b9eda6b321ccdbf6483348d4a9798b00 Mon Sep 17 00:00:00 2001 |
125 |
-From: Mans Rullgard <mans@×××××.com> |
126 |
-Date: Sun, 5 Nov 2017 16:43:35 +0000 |
127 |
-Subject: [PATCH] hcom: fix crash on input with corrupt dictionary |
128 |
- (CVE-2017-11358) |
129 |
- |
130 |
---- |
131 |
- src/hcom.c | 5 +++++ |
132 |
- 1 file changed, 5 insertions(+) |
133 |
- |
134 |
-diff --git a/src/hcom.c b/src/hcom.c |
135 |
-index c62b020c..1b0e09dd 100644 |
136 |
---- a/src/hcom.c |
137 |
-+++ b/src/hcom.c |
138 |
-@@ -150,6 +150,11 @@ static int startread(sox_format_t * ft) |
139 |
- lsx_debug("%d %d", |
140 |
- p->dictionary[i].dict_leftson, |
141 |
- p->dictionary[i].dict_rightson); |
142 |
-+ if ((unsigned) p->dictionary[i].dict_leftson >= dictsize || |
143 |
-+ (unsigned) p->dictionary[i].dict_rightson >= dictsize) { |
144 |
-+ lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary"); |
145 |
-+ return SOX_EOF; |
146 |
-+ } |
147 |
- } |
148 |
- rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */ |
149 |
- if (rc) |
150 |
|
151 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-11359.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-11359.patch |
152 |
deleted file mode 100644 |
153 |
index 180d7d1c867..00000000000 |
154 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-11359.patch |
155 |
+++ /dev/null |
156 |
@@ -1,27 +0,0 @@ |
157 |
-From 8b590b3a52f4ccc4eea3f41b4a067c38b3565b60 Mon Sep 17 00:00:00 2001 |
158 |
-From: Mans Rullgard <mans@×××××.com> |
159 |
-Date: Sun, 5 Nov 2017 17:02:11 +0000 |
160 |
-Subject: [PATCH] wav: fix crash writing header when channel count >64k |
161 |
- (CVE-2017-11359) |
162 |
- |
163 |
---- |
164 |
- src/wav.c | 6 ++++++ |
165 |
- 1 file changed, 6 insertions(+) |
166 |
- |
167 |
-diff --git a/src/wav.c b/src/wav.c |
168 |
-index 3eaebfa7..fad334cf 100644 |
169 |
---- a/src/wav.c |
170 |
-+++ b/src/wav.c |
171 |
-@@ -1379,6 +1379,12 @@ static int wavwritehdr(sox_format_t * ft, int second_header) |
172 |
- long blocksWritten = 0; |
173 |
- sox_bool isExtensible = sox_false; /* WAVE_FORMAT_EXTENSIBLE? */ |
174 |
- |
175 |
-+ if (ft->signal.channels > UINT16_MAX) { |
176 |
-+ lsx_fail_errno(ft, SOX_EOF, "Too many channels (%u)", |
177 |
-+ ft->signal.channels); |
178 |
-+ return SOX_EOF; |
179 |
-+ } |
180 |
-+ |
181 |
- dwSamplesPerSecond = ft->signal.rate; |
182 |
- wChannels = ft->signal.channels; |
183 |
- wBitsPerSample = ft->encoding.bits_per_sample; |
184 |
|
185 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15370.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15370.patch |
186 |
deleted file mode 100644 |
187 |
index 473c383a663..00000000000 |
188 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15370.patch |
189 |
+++ /dev/null |
190 |
@@ -1,25 +0,0 @@ |
191 |
-From ef3d8be0f80cbb650e4766b545d61e10d7a24c9e Mon Sep 17 00:00:00 2001 |
192 |
-From: Mans Rullgard <mans@×××××.com> |
193 |
-Date: Sun, 5 Nov 2017 16:21:23 +0000 |
194 |
-Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input |
195 |
- (CVE-2017-15370) |
196 |
- |
197 |
-Add the same check bad block size as was done for MS adpcm in commit |
198 |
-f39c574b ("More checks for invalid MS ADPCM blocks"). |
199 |
---- |
200 |
- src/wav.c | 2 +- |
201 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
202 |
- |
203 |
-diff --git a/src/wav.c b/src/wav.c |
204 |
-index 5202556c..3e80e692 100644 |
205 |
---- a/src/wav.c |
206 |
-+++ b/src/wav.c |
207 |
-@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) |
208 |
- /* work with partial blocks. Specs say it should be null */ |
209 |
- /* padded but I guess this is better than trailing quiet. */ |
210 |
- samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); |
211 |
-- if (samplesThisBlock == 0) |
212 |
-+ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) |
213 |
- { |
214 |
- lsx_warn("Premature EOF on .wav input file"); |
215 |
- return 0; |
216 |
|
217 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15371.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15371.patch |
218 |
deleted file mode 100644 |
219 |
index cde253da4ec..00000000000 |
220 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15371.patch |
221 |
+++ /dev/null |
222 |
@@ -1,37 +0,0 @@ |
223 |
-From 818bdd0ccc1e5b6cae742c740c17fd414935cf39 Mon Sep 17 00:00:00 2001 |
224 |
-From: Mans Rullgard <mans@×××××.com> |
225 |
-Date: Sun, 5 Nov 2017 15:57:48 +0000 |
226 |
-Subject: [PATCH] flac: fix crash on corrupt metadata (CVE-2017-15371) |
227 |
- |
228 |
---- |
229 |
- src/flac.c | 8 +++++--- |
230 |
- 1 file changed, 5 insertions(+), 3 deletions(-) |
231 |
- |
232 |
-Index: sox/src/flac.c |
233 |
-=================================================================== |
234 |
---- sox.orig/src/flac.c |
235 |
-+++ sox/src/flac.c |
236 |
-@@ -119,9 +119,10 @@ static void decoder_metadata_callback(FL |
237 |
- p->total_samples = metadata->data.stream_info.total_samples; |
238 |
- } |
239 |
- else if (metadata->type == FLAC__METADATA_TYPE_VORBIS_COMMENT) { |
240 |
-+ const FLAC__StreamMetadata_VorbisComment *vc = &metadata->data.vorbis_comment; |
241 |
- size_t i; |
242 |
- |
243 |
-- if (metadata->data.vorbis_comment.num_comments == 0) |
244 |
-+ if (vc->num_comments == 0) |
245 |
- return; |
246 |
- |
247 |
- if (ft->oob.comments != NULL) { |
248 |
-@@ -129,8 +130,9 @@ static void decoder_metadata_callback(FL |
249 |
- return; |
250 |
- } |
251 |
- |
252 |
-- for (i = 0; i < metadata->data.vorbis_comment.num_comments; ++i) |
253 |
-- sox_append_comment(&ft->oob.comments, (char const *) metadata->data.vorbis_comment.comments[i].entry); |
254 |
-+ for (i = 0; i < vc->num_comments; ++i) |
255 |
-+ if (vc->comments[i].entry) |
256 |
-+ sox_append_comment(&ft->oob.comments, (char const *) vc->comments[i].entry); |
257 |
- } |
258 |
- } |
259 |
- |
260 |
|
261 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15372.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15372.patch |
262 |
deleted file mode 100644 |
263 |
index 8671213a98f..00000000000 |
264 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15372.patch |
265 |
+++ /dev/null |
266 |
@@ -1,97 +0,0 @@ |
267 |
-From 3f7ed312614649e2695b54b398475d32be4f64f3 Mon Sep 17 00:00:00 2001 |
268 |
-From: Mans Rullgard <mans@×××××.com> |
269 |
-Date: Wed, 8 Nov 2017 00:29:14 +0000 |
270 |
-Subject: adpcm: fix stack overflow with >4 channels (CVE-2017-15372) |
271 |
- |
272 |
---- |
273 |
- src/adpcm.c | 8 +++++++- |
274 |
- src/adpcm.h | 3 +++ |
275 |
- src/wav.c | 5 ++++- |
276 |
- 3 files changed, 14 insertions(+), 2 deletions(-) |
277 |
- |
278 |
-Index: sox/src/adpcm.c |
279 |
-=================================================================== |
280 |
---- sox.orig/src/adpcm.c |
281 |
-+++ sox/src/adpcm.c |
282 |
-@@ -71,6 +71,11 @@ const short lsx_ms_adpcm_i_coef[7][2] = |
283 |
- { 392,-232} |
284 |
- }; |
285 |
- |
286 |
-+extern void *lsx_ms_adpcm_alloc(unsigned chans) |
287 |
-+{ |
288 |
-+ return lsx_malloc(chans * sizeof(MsState_t)); |
289 |
-+} |
290 |
-+ |
291 |
- static inline sox_sample_t AdpcmDecode(sox_sample_t c, MsState_t *state, |
292 |
- sox_sample_t sample1, sox_sample_t sample2) |
293 |
- { |
294 |
-@@ -102,6 +107,7 @@ static inline sox_sample_t AdpcmDecode(s |
295 |
- |
296 |
- /* lsx_ms_adpcm_block_expand_i() outputs interleaved samples into one output buffer */ |
297 |
- const char *lsx_ms_adpcm_block_expand_i( |
298 |
-+ void *priv, |
299 |
- unsigned chans, /* total channels */ |
300 |
- int nCoef, |
301 |
- const short *coef, |
302 |
-@@ -113,7 +119,7 @@ const char *lsx_ms_adpcm_block_expand_i( |
303 |
- const unsigned char *ip; |
304 |
- unsigned ch; |
305 |
- const char *errmsg = NULL; |
306 |
-- MsState_t state[4]; /* One decompressor state for each channel */ |
307 |
-+ MsState_t *state = priv; /* One decompressor state for each channel */ |
308 |
- |
309 |
- /* Read the four-byte header for each channel */ |
310 |
- ip = ibuff; |
311 |
-Index: sox/src/adpcm.h |
312 |
-=================================================================== |
313 |
---- sox.orig/src/adpcm.h |
314 |
-+++ sox/src/adpcm.h |
315 |
-@@ -29,8 +29,11 @@ |
316 |
- /* default coef sets */ |
317 |
- extern const short lsx_ms_adpcm_i_coef[7][2]; |
318 |
- |
319 |
-+extern void *lsx_ms_adpcm_alloc(unsigned chans); |
320 |
-+ |
321 |
- /* lsx_ms_adpcm_block_expand_i() outputs interleaved samples into one output buffer */ |
322 |
- extern const char *lsx_ms_adpcm_block_expand_i( |
323 |
-+ void *priv, |
324 |
- unsigned chans, /* total channels */ |
325 |
- int nCoef, |
326 |
- const short *coef, |
327 |
-Index: sox/src/wav.c |
328 |
-=================================================================== |
329 |
---- sox.orig/src/wav.c |
330 |
-+++ sox/src/wav.c |
331 |
-@@ -82,6 +82,7 @@ typedef struct { |
332 |
- /* following used by *ADPCM wav files */ |
333 |
- unsigned short nCoefs; /* ADPCM: number of coef sets */ |
334 |
- short *lsx_ms_adpcm_i_coefs; /* ADPCM: coef sets */ |
335 |
-+ void *ms_adpcm_data; /* Private data of adpcm decoder */ |
336 |
- unsigned char *packet; /* Temporary buffer for packets */ |
337 |
- short *samples; /* interleaved samples buffer */ |
338 |
- short *samplePtr; /* Pointer to current sample */ |
339 |
-@@ -175,7 +176,7 @@ static unsigned short AdpcmReadBlock(so |
340 |
- } |
341 |
- } |
342 |
- |
343 |
-- errmsg = lsx_ms_adpcm_block_expand_i(ft->signal.channels, wav->nCoefs, wav->lsx_ms_adpcm_i_coefs, wav->packet, wav->samples, samplesThisBlock); |
344 |
-+ errmsg = lsx_ms_adpcm_block_expand_i(wav->ms_adpcm_data, ft->signal.channels, wav->nCoefs, wav->lsx_ms_adpcm_i_coefs, wav->packet, wav->samples, samplesThisBlock); |
345 |
- |
346 |
- if (errmsg) |
347 |
- lsx_warn("%s", errmsg); |
348 |
-@@ -791,6 +792,7 @@ static int startread(sox_format_t * ft) |
349 |
- |
350 |
- /* nCoefs, lsx_ms_adpcm_i_coefs used by adpcm.c */ |
351 |
- wav->lsx_ms_adpcm_i_coefs = lsx_malloc(wav->nCoefs * 2 * sizeof(short)); |
352 |
-+ wav->ms_adpcm_data = lsx_ms_adpcm_alloc(wChannels); |
353 |
- { |
354 |
- int i, errct=0; |
355 |
- for (i=0; len>=2 && i < 2*wav->nCoefs; i++) { |
356 |
-@@ -1216,6 +1218,7 @@ static int stopread(sox_format_t * ft) |
357 |
- free(wav->packet); |
358 |
- free(wav->samples); |
359 |
- free(wav->lsx_ms_adpcm_i_coefs); |
360 |
-+ free(wav->ms_adpcm_data); |
361 |
- free(wav->comment); |
362 |
- wav->comment = NULL; |
363 |
- |
364 |
|
365 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-15642.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-15642.patch |
366 |
deleted file mode 100644 |
367 |
index d43ef50d101..00000000000 |
368 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-15642.patch |
369 |
+++ /dev/null |
370 |
@@ -1,28 +0,0 @@ |
371 |
-Description: This fixes a use after free and double free if an empty comment |
372 |
-chunk follows a non-empty one. |
373 |
-Author: Mans Rullgard <mans@×××××.com> |
374 |
-Forwarded: not-needed |
375 |
---- |
376 |
- src/aiff.c | 2 +- |
377 |
- 1 file changed, 1 insertion(+), 1 deletion(-) |
378 |
- |
379 |
-Index: sox/src/aiff.c |
380 |
-=================================================================== |
381 |
---- sox.orig/src/aiff.c |
382 |
-+++ sox/src/aiff.c |
383 |
-@@ -62,7 +62,6 @@ int lsx_aiffstartread(sox_format_t * ft) |
384 |
- size_t ssndsize = 0; |
385 |
- char *annotation; |
386 |
- char *author; |
387 |
-- char *comment = NULL; |
388 |
- char *copyright; |
389 |
- char *nametext; |
390 |
- |
391 |
-@@ -270,6 +269,7 @@ int lsx_aiffstartread(sox_format_t * ft) |
392 |
- free(annotation); |
393 |
- } |
394 |
- else if (strncmp(buf, "COMT", (size_t)4) == 0) { |
395 |
-+ char *comment = NULL; |
396 |
- rc = commentChunk(&comment, "Comment:", ft); |
397 |
- if (rc) { |
398 |
- /* Fail already called in function */ |
399 |
|
400 |
diff --git a/media-sound/sox/files/sox-14.4.2-CVE-2017-18189.patch b/media-sound/sox/files/sox-14.4.2-CVE-2017-18189.patch |
401 |
deleted file mode 100644 |
402 |
index fd04bcdff13..00000000000 |
403 |
--- a/media-sound/sox/files/sox-14.4.2-CVE-2017-18189.patch |
404 |
+++ /dev/null |
405 |
@@ -1,30 +0,0 @@ |
406 |
-Description: A corrupt header specifying zero channels would send read_channels() |
407 |
-into an infinite loop. Prevent this by sanity checking the channel |
408 |
-count in open_read(). Also add an upper bound to prevent overflow |
409 |
-in multiplication. |
410 |
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121 |
411 |
-Author: Mans Rullgard <mans@×××××.com> |
412 |
- Jaromír Mikeš <mira.mikes@××××××.cz> |
413 |
-Forwarded: not-needed |
414 |
- |
415 |
---- |
416 |
- src/xa.c | 6 ++++++ |
417 |
- 1 file changed, 6 insertions(+) |
418 |
- |
419 |
-Index: sox/src/xa.c |
420 |
-=================================================================== |
421 |
---- sox.orig/src/xa.c |
422 |
-+++ sox/src/xa.c |
423 |
-@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft) |
424 |
- lsx_report("User options overriding rate read in .xa header"); |
425 |
- } |
426 |
- |
427 |
-+ if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) { |
428 |
-+ lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d", |
429 |
-+ ft->signal.channels); |
430 |
-+ return SOX_EOF; |
431 |
-+ } |
432 |
-+ |
433 |
- /* Check for supported formats */ |
434 |
- if (ft->encoding.bits_per_sample != 16) { |
435 |
- lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.", |
436 |
|
437 |
diff --git a/media-sound/sox/files/sox-14.4.2-wavpack-chk-errors-on-init.patch b/media-sound/sox/files/sox-14.4.2-wavpack-chk-errors-on-init.patch |
438 |
deleted file mode 100644 |
439 |
index 4ebb31c0ae9..00000000000 |
440 |
--- a/media-sound/sox/files/sox-14.4.2-wavpack-chk-errors-on-init.patch |
441 |
+++ /dev/null |
442 |
@@ -1,35 +0,0 @@ |
443 |
-Description: wavpack: check errors when initializing |
444 |
-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881145 |
445 |
-Author: Eric Wong <normalperson@××××.net> |
446 |
- Jaromír Mikeš <mira.mikes@××××××.cz> |
447 |
-Forwarded: not-needed |
448 |
- |
449 |
- src/wavpack.c | 8 ++++++++ |
450 |
- 1 file changed, 8 insertions(+) |
451 |
- |
452 |
-diff --git a/src/wavpack.c b/src/wavpack.c |
453 |
-index 9e525cd4..b7e8dafa 100644 |
454 |
---- a/src/wavpack.c |
455 |
-+++ b/src/wavpack.c |
456 |
-@@ -65,6 +65,10 @@ static int start_read(sox_format_t * ft) |
457 |
- char msg[80]; |
458 |
- |
459 |
- p->codec = WavpackOpenFileInputEx(&io_fns, ft, NULL, msg, OPEN_NORMALIZE, 0); |
460 |
-+ if (!p->codec) { |
461 |
-+ lsx_fail_errno(ft, SOX_EHDR, "%s", msg); |
462 |
-+ return SOX_EOF; |
463 |
-+ } |
464 |
- ft->encoding.bits_per_sample = WavpackGetBytesPerSample(p->codec) << 3; |
465 |
- ft->signal.channels = WavpackGetNumChannels(p->codec); |
466 |
- if (WavpackGetSampleRate(p->codec) && ft->signal.rate && ft->signal.rate != WavpackGetSampleRate(p->codec)) |
467 |
-@@ -108,6 +112,10 @@ static int start_write(sox_format_t * ft) |
468 |
- uint64_t size64; |
469 |
- |
470 |
- p->codec = WavpackOpenFileOutput(ft_write_b_buf, ft, NULL); |
471 |
-+ if (!p->codec) { |
472 |
-+ lsx_fail_errno(ft, SOX_ENOMEM, "WavPack error creating output instance"); |
473 |
-+ return SOX_EOF; |
474 |
-+ } |
475 |
- memset(&config, 0, sizeof(config)); |
476 |
- config.bytes_per_sample = ft->encoding.bits_per_sample >> 3; |
477 |
- config.bits_per_sample = ft->encoding.bits_per_sample; |
478 |
|
479 |
diff --git a/media-sound/sox/sox-14.4.2-r1.ebuild b/media-sound/sox/sox-14.4.2-r1.ebuild |
480 |
deleted file mode 100644 |
481 |
index f6a0b545d51..00000000000 |
482 |
--- a/media-sound/sox/sox-14.4.2-r1.ebuild |
483 |
+++ /dev/null |
484 |
@@ -1,98 +0,0 @@ |
485 |
-# Copyright 1999-2020 Gentoo Authors |
486 |
-# Distributed under the terms of the GNU General Public License v2 |
487 |
- |
488 |
-EAPI=6 |
489 |
- |
490 |
-inherit autotools |
491 |
- |
492 |
-DESCRIPTION="The swiss army knife of sound processing programs" |
493 |
-HOMEPAGE="http://sox.sourceforge.net" |
494 |
-SRC_URI="mirror://sourceforge/sox/${P}.tar.gz" |
495 |
- |
496 |
-LICENSE="LGPL-2.1" |
497 |
-SLOT="0" |
498 |
-KEYWORDS="~alpha amd64 arm arm64 ~hppa ~ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-solaris" |
499 |
-IUSE="alsa amr ao debug encode flac id3tag ladspa mad ogg openmp oss opus png pulseaudio sndfile static-libs twolame wavpack" |
500 |
- |
501 |
-RDEPEND=" |
502 |
- dev-libs/libltdl:0= |
503 |
- >=media-sound/gsm-1.0.12-r1 |
504 |
- alsa? ( media-libs/alsa-lib ) |
505 |
- amr? ( media-libs/opencore-amr ) |
506 |
- ao? ( media-libs/libao ) |
507 |
- encode? ( >=media-sound/lame-3.98.4 ) |
508 |
- flac? ( >=media-libs/flac-1.1.3 ) |
509 |
- id3tag? ( media-libs/libid3tag ) |
510 |
- ladspa? ( media-libs/ladspa-sdk ) |
511 |
- mad? ( media-libs/libmad ) |
512 |
- ogg? ( |
513 |
- media-libs/libogg |
514 |
- media-libs/libvorbis |
515 |
- ) |
516 |
- opus? ( |
517 |
- media-libs/opus |
518 |
- media-libs/opusfile |
519 |
- ) |
520 |
- png? ( |
521 |
- media-libs/libpng:0= |
522 |
- sys-libs/zlib |
523 |
- ) |
524 |
- pulseaudio? ( media-sound/pulseaudio ) |
525 |
- sndfile? ( >=media-libs/libsndfile-1.0.11 ) |
526 |
- twolame? ( media-sound/twolame ) |
527 |
- wavpack? ( media-sound/wavpack )" |
528 |
-DEPEND="${RDEPEND} |
529 |
- virtual/pkgconfig" |
530 |
- |
531 |
-DOCS=( AUTHORS ChangeLog NEWS README ) |
532 |
- |
533 |
-PATCHES=( |
534 |
- "${FILESDIR}"/${P}-CVE-2017-11332.patch |
535 |
- "${FILESDIR}"/${P}-CVE-2017-11333.patch |
536 |
- "${FILESDIR}"/${P}-CVE-2017-11358.patch |
537 |
- "${FILESDIR}"/${P}-CVE-2017-11359.patch |
538 |
- "${FILESDIR}"/${P}-CVE-2017-15370.patch |
539 |
- "${FILESDIR}"/${P}-CVE-2017-15371.patch |
540 |
- "${FILESDIR}"/${P}-CVE-2017-15372.patch |
541 |
- "${FILESDIR}"/${P}-CVE-2017-15642.patch |
542 |
- "${FILESDIR}"/${P}-CVE-2017-18189.patch |
543 |
- "${FILESDIR}"/${P}-wavpack-chk-errors-on-init.patch |
544 |
-) |
545 |
- |
546 |
-src_prepare() { |
547 |
- default |
548 |
- sed -i -e 's:CFLAGS="-g":CFLAGS="$CFLAGS -g":' configure.ac || die #386027 |
549 |
- eautoreconf |
550 |
-} |
551 |
- |
552 |
-src_configure() { |
553 |
- econf \ |
554 |
- $(use_with alsa) \ |
555 |
- $(use_with amr amrnb) \ |
556 |
- $(use_with amr amrwb) \ |
557 |
- $(use_with ao) \ |
558 |
- $(use_enable debug) \ |
559 |
- $(use_with encode lame) \ |
560 |
- $(use_with flac) \ |
561 |
- $(use_with id3tag) \ |
562 |
- $(use_with ladspa) \ |
563 |
- $(use_with mad) \ |
564 |
- $(use_enable openmp) \ |
565 |
- $(use_with ogg oggvorbis) \ |
566 |
- $(use_with oss) \ |
567 |
- $(use_with opus) \ |
568 |
- $(use_with png) \ |
569 |
- $(use_with pulseaudio) \ |
570 |
- $(use_with sndfile) \ |
571 |
- $(use_enable static-libs static) \ |
572 |
- $(use_with twolame) \ |
573 |
- $(use_with wavpack) \ |
574 |
- --with-distro="Gentoo" |
575 |
-} |
576 |
- |
577 |
-src_install() { |
578 |
- default |
579 |
- # libltdl is used for loading plugins, keeping libtool files with empty |
580 |
- # dependency_libs what otherwise would be -exec rm -f {} + |
581 |
- find "${ED}" -name '*.la' -exec sed -i -e "/^dependency_libs/s:=.*:='':" {} + |
582 |
-} |