1 |
commit: 36f8689f7903548f5d89827a6e7bdf70a9882cee |
2 |
Author: Sam James <sam <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Aug 3 05:11:12 2020 +0000 |
4 |
Commit: Sam James <sam <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Aug 3 05:12:45 2020 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36f8689f |
7 |
|
8 |
media-sound/mp3gain: bump to 1.6.2 (+ CVE patch) |
9 |
|
10 |
Bump to 1.6.2, which includes an upstreamed patch |
11 |
for a previous CVE, and include openSUSE's patch |
12 |
for CVE-2019-18359 (and others). |
13 |
|
14 |
Bug: https://bugs.gentoo.org/717940 |
15 |
Package-Manager: Portage-3.0.1, Repoman-2.3.23 |
16 |
Signed-off-by: Sam James <sam <AT> gentoo.org> |
17 |
|
18 |
media-sound/mp3gain/Manifest | 1 + |
19 |
.../files/mp3gain-1.6.2-CVE-2019-18359-plus.patch | 183 +++++++++++++++++++++ |
20 |
media-sound/mp3gain/mp3gain-1.6.2.ebuild | 33 ++++ |
21 |
3 files changed, 217 insertions(+) |
22 |
|
23 |
diff --git a/media-sound/mp3gain/Manifest b/media-sound/mp3gain/Manifest |
24 |
index 796440a5be0..f6771ab442c 100644 |
25 |
--- a/media-sound/mp3gain/Manifest |
26 |
+++ b/media-sound/mp3gain/Manifest |
27 |
@@ -1 +1,2 @@ |
28 |
DIST mp3gain-1_6_1-src.zip 68932 BLAKE2B 8c1ed35123f1613e189ec7bd74ee9f6176404a1b79c660f8f1a6df461cdfd3c6bb505daa09b8cc4756e1755d0923fe473a45c3ae171fcf35df22daaa08a7717a SHA512 6d26a7716a1901c80caff9d7fb03a454a452c06c6a57a7a921d5979727e112ba139690d8a287dde7a6e5a09b022d3c6f57193b4756a9c25caa177cef65f9e375 |
29 |
+DIST mp3gain-1_6_2-src.zip 71246 BLAKE2B 5172c2103bb2267bf819f36180e9cd7a9d57df6f7ddc29900e9063f97c4513972053bb0c3f1f69f7ddd12ec0cf4251e93e1b6920389a8246bfdd5650176a90d2 SHA512 ec9de6c755120480ccb72b34a0042aea7546ef923090ab04e420d5b189523b4504e29952a3d695d3c42c74348f5c3c9123ff090bcc671e43375711e085d67480 |
30 |
|
31 |
diff --git a/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch b/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch |
32 |
new file mode 100644 |
33 |
index 00000000000..5f05fc1bf27 |
34 |
--- /dev/null |
35 |
+++ b/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch |
36 |
@@ -0,0 +1,183 @@ |
37 |
+openSUSE patch: https://build.opensuse.org/package/view_file/openSUSE:Factory/mp3gain/0001-fix-security-bugs.patch?expand=1 |
38 |
+Gentoo bug: https://bugs.gentoo.org/717940 |
39 |
+---- |
40 |
+From: Jason Craig <os-dev@×××××××.com> |
41 |
+Date: Mon, 30 Mar 2020 12:43:20 -0600 |
42 |
+Subject: [PATCH] Fix various security issues including CVE-2019-18359 |
43 |
+References: boo#1154971 |
44 |
+Upstream: dead |
45 |
+ |
46 |
+Multiple POCs at https://github.com/zjuchenyuan/fuzzpoc were fixed. |
47 |
+--- a/apetag.c |
48 |
++++ b/apetag.c |
49 |
+@@ -16,6 +16,13 @@ |
50 |
+ #define _stricmp strcasecmp |
51 |
+ #endif /* WIN32 */ |
52 |
+ |
53 |
++// Min and max values for gain and peak in order to fit in allotted space in the APE tags. For gain that is nine chars, |
54 |
++// including a + or -. For peak that is eight chars, including a - but no +. Both will always have six precision digits. |
55 |
++#define MIN_GAIN -9.999999 |
56 |
++#define MAX_GAIN 9.999999 |
57 |
++#define MIN_PEAK -9.99999 |
58 |
++#define MAX_PEAK 9.999999 |
59 |
++ |
60 |
+ int ReadMP3ID3v1Tag(FILE *fi, unsigned char **tagbuff, long *tag_offset) { |
61 |
+ char tmp[128]; |
62 |
+ |
63 |
+@@ -102,9 +109,9 @@ static int ReadMP3Lyrics3v2Tag ( FILE *fp, unsigned char **tagbuff, unsigned lon |
64 |
+ if ( fseek (fp, *tag_offset - 128 - (long)sizeof (T) - len, SEEK_SET) ) return 0; |
65 |
+ if ( fread (tmp, 1, 11, fp) != 11 ) return 0; |
66 |
+ if ( memcmp (tmp, "LYRICSBEGIN", 11) ) return 0; |
67 |
+- |
68 |
++ |
69 |
+ taglen = 128 + Lyrics3GetNumber6(T.Length) + sizeof(T); |
70 |
+- |
71 |
++ |
72 |
+ *tag_offset -= taglen; |
73 |
+ if (*tagbuff != NULL) { |
74 |
+ free(*tagbuff); |
75 |
+@@ -142,7 +149,7 @@ enum { |
76 |
+ |
77 |
+ unsigned long strlen_max(const char * ptr, unsigned long max) { |
78 |
+ unsigned long n = 0; |
79 |
+- while (ptr[n] && n < max) n++; |
80 |
++ while (n < max && ptr[n]) n++; |
81 |
+ return n; |
82 |
+ } |
83 |
+ |
84 |
+@@ -234,6 +241,14 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct |
85 |
+ info->albumPeak = atof(value); |
86 |
+ } else if (!_stricmp(name,"MP3GAIN_UNDO")) { |
87 |
+ /* value should be something like "+003,+003,W" */ |
88 |
++ /* If the file didn't specify enough bytes for the value (at least 11...see above), skip the tag. */ |
89 |
++ if(vsize < 11) |
90 |
++ { |
91 |
++ free(value); |
92 |
++ free(name); |
93 |
++ p += isize + 1 + vsize; |
94 |
++ continue; |
95 |
++ } |
96 |
+ info->haveUndo = !0; |
97 |
+ vp = value; |
98 |
+ memcpy(tmpString,vp,4); |
99 |
+@@ -251,6 +266,14 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct |
100 |
+ } |
101 |
+ } else if (!_stricmp(name,"MP3GAIN_MINMAX")) { |
102 |
+ /* value should be something like "001,153" */ |
103 |
++ /* If the file didn't specify enough bytes for the value (at least 7...see above), skip the tag. */ |
104 |
++ if(vsize < 7) |
105 |
++ { |
106 |
++ free(value); |
107 |
++ free(name); |
108 |
++ p += isize + 1 + vsize; |
109 |
++ continue; |
110 |
++ } |
111 |
+ info->haveMinMaxGain = !0; |
112 |
+ vp = value; |
113 |
+ memcpy(tmpString,vp,3); |
114 |
+@@ -289,7 +312,7 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct |
115 |
+ } |
116 |
+ |
117 |
+ free (buff); |
118 |
+- |
119 |
++ |
120 |
+ *tag_offset -= TagLen; |
121 |
+ (*apeTag)->originalTagSize = TagLen; |
122 |
+ |
123 |
+@@ -318,7 +341,7 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct |
124 |
+ int truncate_file (char *filename, long truncLength) { |
125 |
+ |
126 |
+ #ifdef WIN32 |
127 |
+- |
128 |
++ |
129 |
+ int fh, result; |
130 |
+ |
131 |
+ /* Open a file */ |
132 |
+@@ -370,10 +393,10 @@ int ReadMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct FileT |
133 |
+ fi = fopen(filename, "rb"); |
134 |
+ if (fi == NULL) |
135 |
+ return 0; |
136 |
+- |
137 |
++ |
138 |
+ fseek(fi, 0, SEEK_END); |
139 |
+ tag_offset = file_size = ftell(fi); |
140 |
+- |
141 |
++ |
142 |
+ fileTags->lyrics3TagSize = 0; |
143 |
+ |
144 |
+ do { |
145 |
+@@ -515,7 +538,7 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File |
146 |
+ Write_LE_Uint32(newFooter.Flags,1<<31); /* tag has header */ |
147 |
+ memset(newFooter.Reserved,0,sizeof(newFooter.Reserved)); |
148 |
+ } |
149 |
+- |
150 |
++ |
151 |
+ if (info->haveMinMaxGain) { |
152 |
+ /* 8 bytes + "MP3GAIN_MINMAX" + '/0' + "123,123" = 30 bytes */ |
153 |
+ Write_LE_Uint32(mp3gainTagData,7); |
154 |
+@@ -575,7 +598,10 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File |
155 |
+ mp3gainTagData += 4; |
156 |
+ strcpy(mp3gainTagData, "REPLAYGAIN_TRACK_GAIN"); |
157 |
+ mp3gainTagData += 22; |
158 |
+- sprintf(valueString,"%-+9.6f", info->trackGain); |
159 |
++ // Clamp the gain value to ensure that sprintf won't put more than 9 chars in valueString. In cases of very |
160 |
++ // large trackGain value, valueString could overflow. |
161 |
++ sprintf(valueString, "%-+9.6f", info->trackGain < MIN_GAIN ? MIN_GAIN |
162 |
++ : (info->trackGain > MAX_GAIN ? MAX_GAIN : info->trackGain)); |
163 |
+ memcpy(mp3gainTagData, valueString, 9); |
164 |
+ mp3gainTagData += 9; |
165 |
+ memcpy(mp3gainTagData, " dB", 3); |
166 |
+@@ -589,7 +615,10 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File |
167 |
+ mp3gainTagData += 4; |
168 |
+ strcpy(mp3gainTagData, "REPLAYGAIN_TRACK_PEAK"); |
169 |
+ mp3gainTagData += 22; |
170 |
+- sprintf(valueString,"%-8.6f", info->trackPeak); |
171 |
++ // Clamp the peak value to ensure that sprintf won't put more than 8 chars in valueString. In cases of very |
172 |
++ // large trackPeak value, valueString could overflow. |
173 |
++ sprintf(valueString,"%-8.6f", info->trackPeak < MIN_PEAK ? MIN_PEAK |
174 |
++ : (info->trackPeak > MAX_PEAK ? MAX_PEAK : info->trackPeak)); |
175 |
+ memcpy(mp3gainTagData, valueString, 8); |
176 |
+ mp3gainTagData += 8; |
177 |
+ } |
178 |
+@@ -601,7 +630,9 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File |
179 |
+ mp3gainTagData += 4; |
180 |
+ strcpy(mp3gainTagData, "REPLAYGAIN_ALBUM_GAIN"); |
181 |
+ mp3gainTagData += 22; |
182 |
+- sprintf(valueString,"%-+9.6f", info->albumGain); |
183 |
++ // Clamp the gain value, see haveTrackGain if above. |
184 |
++ sprintf(valueString,"%-+9.6f", info->albumGain < MIN_GAIN ? MIN_GAIN |
185 |
++ : (info->albumGain > MAX_GAIN ? MAX_GAIN : info->albumGain)); |
186 |
+ memcpy(mp3gainTagData, valueString, 9); |
187 |
+ mp3gainTagData += 9; |
188 |
+ memcpy(mp3gainTagData, " dB", 3); |
189 |
+@@ -615,7 +646,9 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File |
190 |
+ mp3gainTagData += 4; |
191 |
+ strcpy(mp3gainTagData, "REPLAYGAIN_ALBUM_PEAK"); |
192 |
+ mp3gainTagData += 22; |
193 |
+- sprintf(valueString,"%-8.6f", info->albumPeak); |
194 |
++ // Clamp the peak value, see haveTrackPeak if above. |
195 |
++ sprintf(valueString,"%-8.6f", info->albumPeak < MIN_PEAK ? MIN_PEAK |
196 |
++ : (info->albumPeak > MAX_PEAK ? MAX_PEAK : info->albumPeak)); |
197 |
+ memcpy(mp3gainTagData, valueString, 8); |
198 |
+ mp3gainTagData += 8; |
199 |
+ } |
200 |
+@@ -641,7 +674,7 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File |
201 |
+ } //no Lyrics3 tag |
202 |
+ |
203 |
+ fclose(outputFile); |
204 |
+- |
205 |
++ |
206 |
+ if (saveTimeStamp) |
207 |
+ fileTime(filename,setStoredTime); |
208 |
+ |
209 |
+@@ -666,7 +699,7 @@ int RemoveMP3GainAPETag (char *filename, int saveTimeStamp) { |
210 |
+ info.haveMinMaxGain = 0; |
211 |
+ info.haveAlbumMinMaxGain = 0; |
212 |
+ info.haveUndo = 0; |
213 |
+- |
214 |
++ |
215 |
+ fileTags.apeTag = NULL; |
216 |
+ fileTags.id31tag = NULL; |
217 |
+ fileTags.lyrics3tag = NULL; |
218 |
+ |
219 |
+ |
220 |
|
221 |
diff --git a/media-sound/mp3gain/mp3gain-1.6.2.ebuild b/media-sound/mp3gain/mp3gain-1.6.2.ebuild |
222 |
new file mode 100644 |
223 |
index 00000000000..44bb5054568 |
224 |
--- /dev/null |
225 |
+++ b/media-sound/mp3gain/mp3gain-1.6.2.ebuild |
226 |
@@ -0,0 +1,33 @@ |
227 |
+# Copyright 1999-2020 Gentoo Authors |
228 |
+# Distributed under the terms of the GNU General Public License v2 |
229 |
+ |
230 |
+EAPI=7 |
231 |
+ |
232 |
+inherit toolchain-funcs |
233 |
+ |
234 |
+MY_P="${P//./_}" |
235 |
+ |
236 |
+DESCRIPTION="A program to analyze and adjust MP3 files to same volume" |
237 |
+HOMEPAGE="http://mp3gain.sourceforge.net/" |
238 |
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}-src.zip" |
239 |
+S="${WORKDIR}" |
240 |
+ |
241 |
+LICENSE="LGPL-2.1" |
242 |
+SLOT="0" |
243 |
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos" |
244 |
+ |
245 |
+BDEPEND="app-arch/unzip" |
246 |
+RDEPEND="media-sound/mpg123" |
247 |
+DEPEND="${RDEPEND}" |
248 |
+ |
249 |
+PATCHES=( |
250 |
+ "${FILESDIR}/${PN}-1.6.2-CVE-2019-18359-plus.patch" |
251 |
+) |
252 |
+ |
253 |
+src_compile() { |
254 |
+ emake CC="$(tc-getCC)" |
255 |
+} |
256 |
+ |
257 |
+src_install() { |
258 |
+ dobin mp3gain |
259 |
+} |