[gentoo-commits] repo/gentoo:master commit in: media-libs/libsndfile/, media-libs/libsndfile/files/ - gentoo-commits

From:	Andreas Sturmlechner <asturm@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-libs/libsndfile/, media-libs/libsndfile/files/
Date:	Tue, 18 Sep 2018 21:24:32
Message-Id:	`1537305848.e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1.asturm@gentoo`

1

commit:     e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1

2

Author:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>

3

AuthorDate: Tue Sep 18 21:23:22 2018 +0000

4

Commit:     Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>

5

CommitDate: Tue Sep 18 21:24:08 2018 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2ec2c79

7

8

media-libs/libsndfile: Fix CVE-2018-13139

9

10

Bug: https://bugs.gentoo.org/660452

11

Package-Manager: Portage-2.3.49, Repoman-2.3.10

12

13

 .../files/libsndfile-1.0.28-CVE-2018-13139.patch   | 31 ++++++++++

14

 media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild  | 67 ++++++++++++++++++++++

15

 2 files changed, 98 insertions(+)

16

17

diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch

18

new file mode 100644

19

index 00000000000..18e6ae76e62

20

--- /dev/null

21

+++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch

22

@@ -0,0 +1,31 @@

23

+From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001

24

+From: "Brett T. Warden" <brett.t.warden@×××××.com>

25

+Date: Tue, 28 Aug 2018 12:01:17 -0700

26

+Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave

27

+

28

+Allocated buffer has space for only 16 channels. Verify that input file

29

+meets this limit.

30

+

31

+Fixes #397

32

+---

33

+ programs/sndfile-deinterleave.c | 7 +++++++

34

+ 1 file changed, 7 insertions(+)

35

+

36

+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c

37

+index 53660310..225b4d54 100644

38

+--- a/programs/sndfile-deinterleave.c

39

++++ b/programs/sndfile-deinterleave.c

40

+@@ -89,6 +89,13 @@ main (int argc, char **argv)

41

+ 		exit (1) ;

42

+ 		} ;

43

+

44

++	if (sfinfo.channels > MAX_CHANNELS)

45

++	{	printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",

46

++			argv [1], sfinfo.channels, MAX_CHANNELS) ;

47

++		exit (1) ;

48

++		} ;

49

++

50

++

51

+ 	state.channels = sfinfo.channels ;

52

+ 	sfinfo.channels = 1 ;

53

+

54

\ No newline at end of file

55

56

diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild

57

new file mode 100644

58

index 00000000000..a6eb6e3a48c

59

--- /dev/null

60

+++ b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild

61

@@ -0,0 +1,67 @@

62

+# Copyright 1999-2018 Gentoo Foundation

63

+# Distributed under the terms of the GNU General Public License v2

64

+

65

+EAPI=7

66

+

67

+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} )

68

+

69

+inherit python-any-r1 multilib-minimal

70

+

71

+MY_P=${P/_pre/pre}

72

+

73

+DESCRIPTION="C library for reading and writing files containing sampled sound"

74

+HOMEPAGE="http://www.mega-nerd.com/libsndfile"

75

+if [[ ${MY_P} == ${P} ]]; then

76

+	SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz"

77

+else

78

+	SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz"

79

+fi

80

+

81

+LICENSE="LGPL-2.1"

82

+SLOT="0"

83

+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"

84

+IUSE="alsa minimal sqlite static-libs test"

85

+

86

+RDEPEND="

87

+	!minimal? (

88

+		>=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}]

89

+		>=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]

90

+		>=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}]

91

+	)

92

+	alsa? ( media-libs/alsa-lib )

93

+	sqlite? ( >=dev-db/sqlite-3.2 )"

94

+DEPEND="${RDEPEND}"

95

+BDEPEND="

96

+	virtual/pkgconfig

97

+	test? ( ${PYTHON_DEPS} )"

98

+

99

+S=${WORKDIR}/${MY_P}

100

+

101

+PATCHES=(

102

+	"${FILESDIR}"/${P}-arm-varargs-failure.patch

103

+	"${FILESDIR}"/${P}-CVE-2017-12562.patch

104

+	"${FILESDIR}"/${P}-CVE-2018-13139.patch

105

+)

106

+

107

+pkg_setup() {

108

+	use test && python-any-r1_pkg_setup

109

+}

110

+

111

+multilib_src_configure() {

112

+	ECONF_SOURCE="${S}" econf \

113

+		--disable-octave \

114

+		--enable-gcc-pipe \

115

+		--enable-gcc-opt \

116

+		$(use_enable static-libs static) \

117

+		$(use_enable !minimal external-libs) \

118

+		$(multilib_native_enable full-suite) \

119

+		$(multilib_native_use_enable alsa) \

120

+		$(multilib_native_use_enable sqlite)

121

+}

122

+

123

+multilib_src_install_all() {

124

+	einstalldocs

125

+

126

+	# package provides .pc files

127

+	find "${D}" -name '*.la' -delete || die

128

+}

1	commit: e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1
2	Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
3	AuthorDate: Tue Sep 18 21:23:22 2018 +0000
4	Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
5	CommitDate: Tue Sep 18 21:24:08 2018 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2ec2c79
7
8	media-libs/libsndfile: Fix CVE-2018-13139
9
10	Bug: https://bugs.gentoo.org/660452
11	Package-Manager: Portage-2.3.49, Repoman-2.3.10
12
13	.../files/libsndfile-1.0.28-CVE-2018-13139.patch \| 31 ++++++++++
14	media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild \| 67 ++++++++++++++++++++++
15	2 files changed, 98 insertions(+)
16
17	diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch
18	new file mode 100644
19	index 00000000000..18e6ae76e62
20	--- /dev/null
21	+++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch
22	@@ -0,0 +1,31 @@
23	+From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001
24	+From: "Brett T. Warden" <brett.t.warden@×××××.com>
25	+Date: Tue, 28 Aug 2018 12:01:17 -0700
26	+Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
27	+
28	+Allocated buffer has space for only 16 channels. Verify that input file
29	+meets this limit.
30	+
31	+Fixes #397
32	+---
33	+ programs/sndfile-deinterleave.c \| 7 +++++++
34	+ 1 file changed, 7 insertions(+)
35	+
36	+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
37	+index 53660310..225b4d54 100644
38	+--- a/programs/sndfile-deinterleave.c
39	++++ b/programs/sndfile-deinterleave.c
40	+@@ -89,6 +89,13 @@ main (int argc, char **argv)
41	+ exit (1) ;
42	+ } ;
43	+
44	++ if (sfinfo.channels > MAX_CHANNELS)
45	++ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
46	++ argv [1], sfinfo.channels, MAX_CHANNELS) ;
47	++ exit (1) ;
48	++ } ;
49	++
50	++
51	+ state.channels = sfinfo.channels ;
52	+ sfinfo.channels = 1 ;
53	+
54	\ No newline at end of file
55
56	diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild
57	new file mode 100644
58	index 00000000000..a6eb6e3a48c
59	--- /dev/null
60	+++ b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild
61	@@ -0,0 +1,67 @@
62	+# Copyright 1999-2018 Gentoo Foundation
63	+# Distributed under the terms of the GNU General Public License v2
64	+
65	+EAPI=7
66	+
67	+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} )
68	+
69	+inherit python-any-r1 multilib-minimal
70	+
71	+MY_P=${P/_pre/pre}
72	+
73	+DESCRIPTION="C library for reading and writing files containing sampled sound"
74	+HOMEPAGE="http://www.mega-nerd.com/libsndfile"
75	+if [[ ${MY_P} == ${P} ]]; then
76	+ SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz"
77	+else
78	+ SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz"
79	+fi
80	+
81	+LICENSE="LGPL-2.1"
82	+SLOT="0"
83	+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
84	+IUSE="alsa minimal sqlite static-libs test"
85	+
86	+RDEPEND="
87	+ !minimal? (
88	+ >=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}]
89	+ >=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]
90	+ >=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}]
91	+ )
92	+ alsa? ( media-libs/alsa-lib )
93	+ sqlite? ( >=dev-db/sqlite-3.2 )"
94	+DEPEND="${RDEPEND}"
95	+BDEPEND="
96	+ virtual/pkgconfig
97	+ test? ( ${PYTHON_DEPS} )"
98	+
99	+S=${WORKDIR}/${MY_P}
100	+
101	+PATCHES=(
102	+ "${FILESDIR}"/${P}-arm-varargs-failure.patch
103	+ "${FILESDIR}"/${P}-CVE-2017-12562.patch
104	+ "${FILESDIR}"/${P}-CVE-2018-13139.patch
105	+)
106	+
107	+pkg_setup() {
108	+ use test && python-any-r1_pkg_setup
109	+}
110	+
111	+multilib_src_configure() {
112	+ ECONF_SOURCE="${S}" econf \
113	+ --disable-octave \
114	+ --enable-gcc-pipe \
115	+ --enable-gcc-opt \
116	+ $(use_enable static-libs static) \
117	+ $(use_enable !minimal external-libs) \
118	+ $(multilib_native_enable full-suite) \
119	+ $(multilib_native_use_enable alsa) \
120	+ $(multilib_native_use_enable sqlite)
121	+}
122	+
123	+multilib_src_install_all() {
124	+ einstalldocs
125	+
126	+ # package provides .pc files
127	+ find "${D}" -name '*.la' -delete \|\| die
128	+}

Gentoo Archives: gentoo-commits