[gentoo-commits] repo/gentoo:master commit in: media-sound/timidity++/files/ - gentoo-commits

From:	Sam James <sam@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: media-sound/timidity++/files/
Date:	Thu, 07 Jan 2021 05:19:02
Message-Id:	`1609996733.585ee02d57684b9b47738d103492543eb5786418.sam@gentoo`

1

commit:     585ee02d57684b9b47738d103492543eb5786418

2

Author:     Sam James <sam <AT> gentoo <DOT> org>

3

AuthorDate: Thu Jan  7 05:18:53 2021 +0000

4

Commit:     Sam James <sam <AT> gentoo <DOT> org>

5

CommitDate: Thu Jan  7 05:18:53 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=585ee02d

7

8

media-sound/timidity++: restore CVE patches from 2.14.0

9

10

Whoops, misgrep (fooled by {}, I think?)

11

12

Thanks-to: Jeroen Roovers

13

Fixes: 4071642e177ae0e7289d684387d1f01af563cbd1

14

Package-Manager: Portage-3.0.12, Repoman-3.0.2

15

Signed-off-by: Sam James <sam <AT> gentoo.org>

16

17

 .../files/timidity++-2.14.0-CVE-2017-11546.patch   | 31 ++++++++++

18

 .../files/timidity++-2.14.0-CVE-2017-11547.patch   | 67 ++++++++++++++++++++++

19

 2 files changed, 98 insertions(+)

20

21

diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch

22

new file mode 100644

23

index 00000000000..94135e98b96

24

--- /dev/null

25

+++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch

26

@@ -0,0 +1,31 @@

27

+From 2386ec2c745f6c5075e53ea051da211336b44b84 Mon Sep 17 00:00:00 2001

28

+From: Takashi Iwai <tiwai@××××.de>

29

+Date: Tue, 26 Jun 2018 22:31:27 +0200

30

+Subject: readmidi: Fix division by zero

31

+

32

+References: CVE-2017-11546

33

+

34

+An adhoc fix for division by zero in insert_note_steps().

35

+

36

+Signed-off-by: Takashi Iwai <tiwai@××××.de>

37

+bug-debian: https://bugs.debian.org/870338

38

+bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694

39

+bug: https://bugzilla.suse.com/show_bug.cgi?id=1081694

40

+origin: https://bugzilla.suse.com/attachment.cgi?id=760825

41

+---

42

+ timidity/readmidi.c | 2 ++

43

+ 1 file changed, 2 insertions(+)

44

+

45

+diff --git a/timidity/readmidi.c b/timidity/readmidi.c

46

+index 158388a..341777e 100644

47

+--- a/timidity/readmidi.c

48

++++ b/timidity/readmidi.c

49

+@@ -4585,6 +4585,8 @@ static void insert_note_steps(void)

50

+ 			if (beat != 0)

51

+ 				meas++, beat = 0;

52

+ 			num = timesig[n].a, denom = timesig[n].b, n++;

53

++			if (!denom)

54

++				denom = 1;

55

+ 		}

56

+ 		a = (meas + 1) & 0xff;

57

+ 		b = (((meas + 1) >> 8) & 0x0f) + ((beat + 1) << 4);

58

59

diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch

60

new file mode 100644

61

index 00000000000..12562a577e0

62

--- /dev/null

63

+++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch

64

@@ -0,0 +1,67 @@

65

+From 34328d22cbb4ccf03f29223f54f1834c796d86a2 Mon Sep 17 00:00:00 2001

66

+From: Takashi Iwai <tiwai@××××.de>

67

+Date: Tue, 26 Jun 2018 22:31:28 +0200

68

+Subject: resample: Fix out-of-bound access in resamplers

69

+

70

+References: CVE-2017-11547

71

+

72

+An adhoc fix for out-of-bound accesses in resamples.

73

+The offset might overflow the given data range.

74

+

75

+Signed-off-by: Takashi Iwai <tiwai@××××.de>

76

+bug-debian: https://bugs.debian.org/870338

77

+bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694

78

+origin: https://bugzilla.suse.com/attachment.cgi?id=760826

79

+---

80

+ timidity/resample.c | 10 ++++++++++

81

+ 1 file changed, 10 insertions(+)

82

+

83

+diff --git a/timidity/resample.c b/timidity/resample.c

84

+index cd6b8e6..4a3fadf 100644

85

+--- a/timidity/resample.c

86

++++ b/timidity/resample.c

87

+@@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t *src, splen_t ofs, resample_rec_t *r

88

+ {

89

+     int32 ofsi, ofsf, v0, v1, v2, v3, temp;

90

+

91

++    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)

92

++      return src[ofs >> FRACTION_BITS];

93

+     ofsi = ofs >> FRACTION_BITS;

94

+     v1 = src[ofsi];

95

+     v2 = src[ofsi + 1];

96

+@@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t *src, splen_t ofs, resample_rec_t *

97

+ {

98

+     int32 ofsi, ofsf, v0, v1, v2, v3;

99

+

100

++    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)

101

++      return src[ofs >> FRACTION_BITS];

102

+     ofsi = ofs >> FRACTION_BITS;

103

+     v1 = (int32)src[ofsi];

104

+     v2 = (int32)src[ofsi + 1];

105

+@@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t *src, splen_t ofs, resample_rec_t *rec

106

+     sample_t *sptr;

107

+     int32 left, right, temp_n;

108

+

109

++    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)

110

++      return src[ofs >> FRACTION_BITS];

111

+     left = (ofs>>FRACTION_BITS);

112

+     right = (rec->data_length>>FRACTION_BITS) - left - 1;

113

+     temp_n = (right<<1)-1;

114

+@@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t *src, splen_t ofs, resample_rec_t *re

115

+     int32 left, right, temp_n;

116

+     int ii, jj;

117

+

118

++    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)

119

++      return src[ofs >> FRACTION_BITS];

120

+     left = (ofs>>FRACTION_BITS);

121

+     right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1;

122

+     temp_n = (right<<1)-1;

123

+@@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t *src, splen_t ofs, resample_rec_t *re

124

+ {

125

+     int32 v1, v2, ofsi;

126

+

127

++    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)

128

++      return src[ofs >> FRACTION_BITS];

129

+     ofsi = ofs >> FRACTION_BITS;

130

+     v1 = src[ofsi];

131

+     v2 = src[ofsi + 1];

1	commit: 585ee02d57684b9b47738d103492543eb5786418
2	Author: Sam James <sam <AT> gentoo <DOT> org>
3	AuthorDate: Thu Jan 7 05:18:53 2021 +0000
4	Commit: Sam James <sam <AT> gentoo <DOT> org>
5	CommitDate: Thu Jan 7 05:18:53 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=585ee02d
7
8	media-sound/timidity++: restore CVE patches from 2.14.0
9
10	Whoops, misgrep (fooled by {}, I think?)
11
12	Thanks-to: Jeroen Roovers
13	Fixes: 4071642e177ae0e7289d684387d1f01af563cbd1
14	Package-Manager: Portage-3.0.12, Repoman-3.0.2
15	Signed-off-by: Sam James <sam <AT> gentoo.org>
16
17	.../files/timidity++-2.14.0-CVE-2017-11546.patch \| 31 ++++++++++
18	.../files/timidity++-2.14.0-CVE-2017-11547.patch \| 67 ++++++++++++++++++++++
19	2 files changed, 98 insertions(+)
20
21	diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch
22	new file mode 100644
23	index 00000000000..94135e98b96
24	--- /dev/null
25	+++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch
26	@@ -0,0 +1,31 @@
27	+From 2386ec2c745f6c5075e53ea051da211336b44b84 Mon Sep 17 00:00:00 2001
28	+From: Takashi Iwai <tiwai@××××.de>
29	+Date: Tue, 26 Jun 2018 22:31:27 +0200
30	+Subject: readmidi: Fix division by zero
31	+
32	+References: CVE-2017-11546
33	+
34	+An adhoc fix for division by zero in insert_note_steps().
35	+
36	+Signed-off-by: Takashi Iwai <tiwai@××××.de>
37	+bug-debian: https://bugs.debian.org/870338
38	+bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694
39	+bug: https://bugzilla.suse.com/show_bug.cgi?id=1081694
40	+origin: https://bugzilla.suse.com/attachment.cgi?id=760825
41	+---
42	+ timidity/readmidi.c \| 2 ++
43	+ 1 file changed, 2 insertions(+)
44	+
45	+diff --git a/timidity/readmidi.c b/timidity/readmidi.c
46	+index 158388a..341777e 100644
47	+--- a/timidity/readmidi.c
48	++++ b/timidity/readmidi.c
49	+@@ -4585,6 +4585,8 @@ static void insert_note_steps(void)
50	+ if (beat != 0)
51	+ meas++, beat = 0;
52	+ num = timesig[n].a, denom = timesig[n].b, n++;
53	++ if (!denom)
54	++ denom = 1;
55	+ }
56	+ a = (meas + 1) & 0xff;
57	+ b = (((meas + 1) >> 8) & 0x0f) + ((beat + 1) << 4);
58
59	diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch
60	new file mode 100644
61	index 00000000000..12562a577e0
62	--- /dev/null
63	+++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch
64	@@ -0,0 +1,67 @@
65	+From 34328d22cbb4ccf03f29223f54f1834c796d86a2 Mon Sep 17 00:00:00 2001
66	+From: Takashi Iwai <tiwai@××××.de>
67	+Date: Tue, 26 Jun 2018 22:31:28 +0200
68	+Subject: resample: Fix out-of-bound access in resamplers
69	+
70	+References: CVE-2017-11547
71	+
72	+An adhoc fix for out-of-bound accesses in resamples.
73	+The offset might overflow the given data range.
74	+
75	+Signed-off-by: Takashi Iwai <tiwai@××××.de>
76	+bug-debian: https://bugs.debian.org/870338
77	+bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694
78	+origin: https://bugzilla.suse.com/attachment.cgi?id=760826
79	+---
80	+ timidity/resample.c \| 10 ++++++++++
81	+ 1 file changed, 10 insertions(+)
82	+
83	+diff --git a/timidity/resample.c b/timidity/resample.c
84	+index cd6b8e6..4a3fadf 100644
85	+--- a/timidity/resample.c
86	++++ b/timidity/resample.c
87	+@@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t src, splen_t ofs, resample_rec_t r
88	+ {
89	+ int32 ofsi, ofsf, v0, v1, v2, v3, temp;
90	+
91	++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
92	++ return src[ofs >> FRACTION_BITS];
93	+ ofsi = ofs >> FRACTION_BITS;
94	+ v1 = src[ofsi];
95	+ v2 = src[ofsi + 1];
96	+@@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t src, splen_t ofs, resample_rec_t
97	+ {
98	+ int32 ofsi, ofsf, v0, v1, v2, v3;
99	+
100	++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
101	++ return src[ofs >> FRACTION_BITS];
102	+ ofsi = ofs >> FRACTION_BITS;
103	+ v1 = (int32)src[ofsi];
104	+ v2 = (int32)src[ofsi + 1];
105	+@@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t src, splen_t ofs, resample_rec_t rec
106	+ sample_t *sptr;
107	+ int32 left, right, temp_n;
108	+
109	++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
110	++ return src[ofs >> FRACTION_BITS];
111	+ left = (ofs>>FRACTION_BITS);
112	+ right = (rec->data_length>>FRACTION_BITS) - left - 1;
113	+ temp_n = (right<<1)-1;
114	+@@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t src, splen_t ofs, resample_rec_t re
115	+ int32 left, right, temp_n;
116	+ int ii, jj;
117	+
118	++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
119	++ return src[ofs >> FRACTION_BITS];
120	+ left = (ofs>>FRACTION_BITS);
121	+ right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1;
122	+ temp_n = (right<<1)-1;
123	+@@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t src, splen_t ofs, resample_rec_t re
124	+ {
125	+ int32 v1, v2, ofsi;
126	+
127	++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
128	++ return src[ofs >> FRACTION_BITS];
129	+ ofsi = ofs >> FRACTION_BITS;
130	+ v1 = src[ofsi];
131	+ v2 = src[ofsi + 1];

Gentoo Archives: gentoo-commits