From: "Alexis Ballier" <aballier@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
Date: Sat, 29 Jul 2017 10:52:39 +0000 (UTC) [thread overview]
Message-ID: <1501324842.5b60b4cd7ed6c51f086f57a39a1dbf9cebffc825.aballier@gentoo> (raw)
commit: 5b60b4cd7ed6c51f086f57a39a1dbf9cebffc825
Author: Christopher Díaz <christopher.diaz.riv <AT> gmail <DOT> com>
AuthorDate: Sun Jul 23 15:17:30 2017 +0000
Commit: Alexis Ballier <aballier <AT> gentoo <DOT> org>
CommitDate: Sat Jul 29 10:40:42 2017 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b60b4cd
media-sound/vorbis-tools: multiple security fixes
https://bugs.gentoo.org/show_bug.cgi?id=537422
https://bugs.gentoo.org/show_bug.cgi?id=559170
.../files/vorbis-tools-1.4.0-CVE-2014-9638.patch | 92 ++++++++++++++++++++++
.../files/vorbis-tools-1.4.0-CVE-2014-9640.patch | 24 ++++++
.../vorbis-tools/vorbis-tools-1.4.0-r4.ebuild | 46 +++++++++++
3 files changed, 162 insertions(+)
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
new file mode 100644
index 00000000000..79859df0274
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
@@ -0,0 +1,92 @@
+Patches taken as references:
+https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
+To fix bug report:
+http://www.openwall.com/lists/oss-security/2015/08/29/1
+ https://bugs.gentoo.org/show_bug.cgi?id=559170
+https://bugs.gentoo.org/show_bug.cgi?id=537422
+--- oggenc/audio.h
++++ oggenc/audio.h
+@@ -25,7 +25,7 @@
+
+ typedef struct {
+ short format;
+- short channels;
++ unsigned short channels;
+ int samplerate;
+ int bytespersec;
+ short align;
+@@ -44,7 +44,7 @@
+ } wavfile;
+
+ typedef struct {
+- short channels;
++ unsigned short channels;
+ int totalframes;
+ short samplesize;
+ int rate;
+--- oggenc/audio.c
++++ oggenc/audio.c
+@@ -245,8 +245,8 @@
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+ int aifc; /* AIFC or AIFF? */
+- unsigned int len;
+- unsigned char *buffer;
++ unsigned int len,readlen;
++ unsigned char buffer[22];
+ unsigned char buf2[8];
+ aiff_fmt format;
+ aifffile *aiff = malloc(sizeof(aifffile));
+@@ -269,9 +269,9 @@
+ return 0; /* Weird common chunk */
+ }
+
+- buffer = alloca(len);
+-
+- if(fread(buffer,1,len,in) < len)
++ readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++ if(fread(buffer,1,readlen,in) < readlen ||
++ (len > readlen && !seek_forward(in, len-readlen)))
+ {
+ fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
+ return 0;
+@@ -277,11 +277,18 @@
+ return 0;
+ }
+
+- format.channels = READ_U16_BE(buffer);
++ format.channels = (short)READ_U16_BE(buffer);
+ format.totalframes = READ_U32_BE(buffer+2);
+ format.samplesize = READ_U16_BE(buffer+6);
+ format.rate = (int)read_IEEE80(buffer+8);
+
++ if(format.channels <=0)
++ {
++ fprintf(stderr, _("ERROR: Invalid channel count in AIFF header\n"));
++ return 0;
++
++ }
++
+ aiff->bigendian = 1;
+
+ if(aifc)
+@@ -449,11 +449,17 @@
+ }
+
+ format.format = READ_U16_LE(buf);
+- format.channels = READ_U16_LE(buf+2);
++ format.channels = (short)READ_U16_LE(buf+2);
+ format.samplerate = READ_U32_LE(buf+4);
+ format.bytespersec = READ_U32_LE(buf+8);
+ format.align = READ_U16_LE(buf+12);
+ format.samplesize = READ_U16_LE(buf+14);
++
++ if(format.channels == 0)
++ {
++ fprintf(stderr, _("ERROR: Zero channels in WAV header\n"));
++ return 0;
++ }
+
+ if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */
+ {
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch
new file mode 100644
index 00000000000..51c23b062af
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch
@@ -0,0 +1,24 @@
+Patch taken from:
+https://trac.xiph.org/changeset/19117
+To fix bug report:
+https://bugs.gentoo.org/show_bug.cgi?id=537422
+--- vorbis-tools-1.4.0/oggenc/oggenc.c
++++ vorbis-tools-1.4.0/oggenc/oggenc.c
+@@ -97,6 +97,8 @@
+ .3,-1,
+ 0,0,0.f,
+ 0, 0, 0, 0, 0};
++ input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
++ N_("RAW file reader")};
+
+ int i;
+
+@@ -239,8 +241,6 @@
+
+ if(opt.rawmode)
+ {
+- input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+- N_("RAW file reader")};
+
+ enc_opts.rate=opt.raw_samplerate;
+ enc_opts.channels=opt.raw_channels;
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
new file mode 100644
index 00000000000..7f85f35db51
--- /dev/null
+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit autotools eutils
+
+DESCRIPTION="tools for using the Ogg Vorbis sound file format"
+HOMEPAGE="http://www.vorbis.com"
+SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"
+IUSE="flac kate nls +ogg123 speex"
+
+RDEPEND=">=media-libs/libvorbis-1.3.0
+ flac? ( media-libs/flac )
+ kate? ( media-libs/libkate )
+ ogg123? (
+ >=media-libs/libao-1.0.0
+ net-misc/curl
+ )
+ speex? ( media-libs/speex )"
+DEPEND="${RDEPEND}
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+
+DOCS="AUTHORS CHANGES README"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-underlinking.patch
+ epatch "${FILESDIR}"/${P}-format-security.patch
+ epatch "${FILESDIR}"/${P}-CVE-2014-9640.patch
+ epatch "${FILESDIR}"/${P}-CVE-2014-9638.patch
+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.ac || die #515220
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable nls) \
+ $(use_enable ogg123) \
+ $(use_with flac) \
+ $(use_with speex) \
+ $(use_with kate)
+}
next reply other threads:[~2017-07-29 10:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-29 10:52 Alexis Ballier [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-01-17 9:44 [gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/ Miroslav Šulc
2023-02-09 4:08 Sam James
2018-06-10 10:42 Andreas Sturmlechner
2018-06-10 10:42 Andreas Sturmlechner
2017-07-17 15:54 Alexis Ballier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1501324842.5b60b4cd7ed6c51f086f57a39a1dbf9cebffc825.aballier@gentoo \
--to=aballier@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox