diff options
author | ChrisADR <christopher.diaz.riv@gmail.com> | 2017-07-16 19:26:28 -0500 |
---|---|---|
committer | Alexis Ballier <aballier@gentoo.org> | 2017-07-17 17:53:30 +0200 |
commit | 3aeef28be917bba491ddb751f06aec58fdf672a9 (patch) | |
tree | 892f307fea5c1860c46963bc34a5f4dde48d1dab /media-sound/vorbis-tools | |
parent | kde-frameworks/kxmlgui: keyword ~arm64 (diff) | |
download | gentoo-3aeef28be917bba491ddb751f06aec58fdf672a9.tar.gz gentoo-3aeef28be917bba491ddb751f06aec58fdf672a9.tar.bz2 gentoo-3aeef28be917bba491ddb751f06aec58fdf672a9.zip |
media-sound/vorbis-tools: New revision fixing security bug 559170
Diffstat (limited to 'media-sound/vorbis-tools')
-rw-r--r-- | media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch | 31 | ||||
-rw-r--r-- | media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild | 45 |
2 files changed, 76 insertions, 0 deletions
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch new file mode 100644 index 000000000000..f8b66a90e7cd --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch @@ -0,0 +1,31 @@ +Patch taken from: +https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch +To fix bug report: +http://www.openwall.com/lists/oss-security/2015/08/29/1 + https://bugs.gentoo.org/show_bug.cgi?id=559170 +--- oggenc/audio.c ++++ oggenc/audio.c +@@ -245,8 +245,8 @@ + int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) + { + int aifc; /* AIFC or AIFF? */ +- unsigned int len; +- unsigned char *buffer; ++ unsigned int len,readlen; ++ unsigned char buffer[22]; + unsigned char buf2[8]; + aiff_fmt format; + aifffile *aiff = malloc(sizeof(aifffile)); +@@ -269,9 +269,9 @@ + return 0; /* Weird common chunk */ + } + +- buffer = alloca(len); +- +- if(fread(buffer,1,len,in) < len) ++ readlen = len < sizeof(buffer) ? len : sizeof(buffer); ++ if(fread(buffer,1,readlen,in) < readlen || ++ (len > readlen && !seek_forward(in, len-readlen))) + { + fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n")); + return 0; diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild new file mode 100644 index 000000000000..977e7e88ff3f --- /dev/null +++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 +inherit autotools eutils + +DESCRIPTION="tools for using the Ogg Vorbis sound file format" +HOMEPAGE="http://www.vorbis.com" +SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris" +IUSE="flac kate nls +ogg123 speex" + +RDEPEND=">=media-libs/libvorbis-1.3.0 + flac? ( media-libs/flac ) + kate? ( media-libs/libkate ) + ogg123? ( + >=media-libs/libao-1.0.0 + net-misc/curl + ) + speex? ( media-libs/speex )" +DEPEND="${RDEPEND} + nls? ( sys-devel/gettext ) + virtual/pkgconfig" + +DOCS="AUTHORS CHANGES README" + +src_prepare() { + epatch "${FILESDIR}"/${P}-underlinking.patch + epatch "${FILESDIR}"/${P}-format-security.patch + epatch "${FILESDIR}"/${P}-aiff-buffer-overflow.patch + sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.ac || die #515220 + eautoreconf +} + +src_configure() { + econf \ + $(use_enable nls) \ + $(use_enable ogg123) \ + $(use_with flac) \ + $(use_with speex) \ + $(use_with kate) +} |