From: "Aaron Bauman" <bman@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-sound/mpg321/, media-sound/mpg321/files/
Date: Sat, 6 Jun 2020 01:50:12 +0000 (UTC) [thread overview]
Message-ID: <1591408153.33364299eee045ae5df62612a33c9c80dbbe792c.bman@gentoo> (raw)
commit: 33364299eee045ae5df62612a33c9c80dbbe792c
Author: Azamat H. Hackimov <azamat.hackimov <AT> gmail <DOT> com>
AuthorDate: Thu Jun 4 17:51:17 2020 +0000
Commit: Aaron Bauman <bman <AT> gentoo <DOT> org>
CommitDate: Sat Jun 6 01:49:13 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=33364299
media-sound/mpg321: update ebuild
Applied security fix from Debian for CVE-2019-14247 (#711918), fixed
compilation on GCC10 (#706740), updated ebuild to EAPI 7.
Bug: https://bugs.gentoo.org/711918
Closes: https://bugs.gentoo.org/706740
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Azamat H. Hackimov <azamat.hackimov <AT> gmail.com>
Closes: https://github.com/gentoo/gentoo/pull/16066
Signed-off-by: Aaron Bauman <bman <AT> gentoo.org>
.../mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch | 20 ++++++
.../files/mpg321-0.3.2-format-security.patch | 4 +-
media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch | 83 ++++++++++++++++++++++
media-sound/mpg321/mpg321-0.3.2.ebuild | 12 +++-
4 files changed, 114 insertions(+), 5 deletions(-)
diff --git a/media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch b/media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch
new file mode 100644
index 00000000000..ff8aea8f8e7
--- /dev/null
+++ b/media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch
@@ -0,0 +1,20 @@
+Description: Handle illegal bitrate value
+Author: Chrysostomos Nanakos <cnanakos@debian.org>
+Bug-Debian: https://bugs.debian.org/870406
+Bug-Debian: https://bugs.debian.org/887057
+
+--- mpg321-0.3.2.orig/mad.c
++++ mpg321-0.3.2/mad.c
+@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
+
+ if (!is_vbr)
+ {
++ if (header.bitrate <= 0)
++ {
++ fprintf(stderr, "Illegal bit allocation value\n");
++ return;
++ }
++
+ double time = (len * 8.0) / (header.bitrate); /* time in seconds */
+ double timefrac = (double)time - ((long)(time));
+ long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */
diff --git a/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch b/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch
index 732ca2c6022..c93d8d796dc 100644
--- a/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch
+++ b/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch
@@ -1,5 +1,5 @@
---- /var/tmp/portage/media-sound/mpg321-0.3.2/work/mpg321-0.3.2-orig/mpg321.c 2012-03-25 14:27:49.000000000 +0200
-+++ /tmp/mpg321.c 2015-08-12 23:34:20.395331151 +0200
+--- mpg321-0.3.2-orig/mpg321.c 2012-03-25 14:27:49.000000000 +0200
++++ mpg321-0.3.2-orig/mpg321.c 2015-08-12 23:34:20.395331151 +0200
@@ -183,7 +183,7 @@
else{
#endif
diff --git a/media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch b/media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch
new file mode 100644
index 00000000000..8966d9f7c8d
--- /dev/null
+++ b/media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch
@@ -0,0 +1,83 @@
+From f930c3b81bdf9c05152fb005562b3869f6e36f34 Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Thu, 4 Jun 2020 20:41:25 +0300
+Subject: [PATCH] Fix GCC10 compilation
+
+---
+ mpg321.c | 8 ++++++++
+ mpg321.h | 16 ++++++++--------
+ 2 files changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/mpg321.c b/mpg321.c
+index 19282bb..663882e 100644
+--- a/mpg321.c
++++ b/mpg321.c
+@@ -63,6 +63,14 @@
+ #include <pthread.h>
+ #include <semaphore.h>
+
++output_frame *Output_Queue;
++decoded_frames *Decoded_Frames;
++int semarray;
++int mad_decoder_position;
++int output_buffer_position;
++double real[FFT_BUFFER_SIZE];
++double imag[FFT_BUFFER_SIZE];
++int loop_remaining;
+
+ int pflag = 0;
+ int volume = 0;
+diff --git a/mpg321.h b/mpg321.h
+index 798bff0..235cf4a 100644
+--- a/mpg321.h
++++ b/mpg321.h
+@@ -116,7 +116,7 @@ extern char *playlist_file;
+ extern int quit_now;
+ extern char remote_input_buf[PATH_MAX + 5];
+ extern int file_change;
+-int loop_remaining;
++extern int loop_remaining;
+
+ extern int status;
+ extern int scrobbler_time;
+@@ -233,8 +233,8 @@ RETSIGTYPE handle_sigchld(int sig);
+ #define FFT_BUFFER_SIZE_LOG 9
+ #define FFT_BUFFER_SIZE (1 << FFT_BUFFER_SIZE_LOG) /* 512 */
+ /*Temporary data stores to perform FFT in */
+-double real[FFT_BUFFER_SIZE];
+-double imag[FFT_BUFFER_SIZE];
++extern double real[FFT_BUFFER_SIZE];
++extern double imag[FFT_BUFFER_SIZE];
+
+ typedef struct {
+ double real[FFT_BUFFER_SIZE];
+@@ -258,10 +258,10 @@ fft_state *fft_init(void);
+ /* Output buffer process */
+ void frame_buffer_p();
+ /* Semaphore array */
+-int semarray;
++extern int semarray;
+ /* Input/Output buffer position */
+-int mad_decoder_position;
+-int output_buffer_position;
++extern int mad_decoder_position;
++extern int output_buffer_position;
+ /* Output Frame including needed information */
+ typedef struct {
+ unsigned char data[4*1152];
+@@ -285,10 +285,10 @@ typedef struct {
+ } decoded_frames;
+
+ /* Output frame queue pointer */
+-output_frame *Output_Queue;
++extern output_frame *Output_Queue;
+
+ /* Shared total decoded frames */
+-decoded_frames *Decoded_Frames;
++extern decoded_frames *Decoded_Frames;
+
+ #if defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED)
+ /* */
+--
+2.26.2
+
diff --git a/media-sound/mpg321/mpg321-0.3.2.ebuild b/media-sound/mpg321/mpg321-0.3.2.ebuild
index 1c6cf71665a..390abffdec0 100644
--- a/media-sound/mpg321/mpg321-0.3.2.ebuild
+++ b/media-sound/mpg321/mpg321-0.3.2.ebuild
@@ -1,7 +1,7 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=7
inherit autotools eutils
DESCRIPTION="A realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3"
@@ -23,9 +23,15 @@ DEPEND="${RDEPEND}"
S=${WORKDIR}/${P}-orig
+PATCHES=(
+ "${FILESDIR}/${PN}-0.2.12-check-for-lround.patch"
+ "${FILESDIR}/${P}-format-security.patch"
+ "${FILESDIR}/${P}-CVE-2019-14247.patch"
+ "${FILESDIR}/${P}-gcc10.patch"
+)
+
src_prepare() {
- epatch "${FILESDIR}"/${PN}-0.2.12-check-for-lround.patch \
- "${FILESDIR}"/${P}-format-security.patch
+ default
eautoreconf
}
next reply other threads:[~2020-06-06 1:50 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-06 1:50 Aaron Bauman [this message]
-- strict thread matches above, loose matches on Subject: below --
2015-08-12 21:40 [gentoo-commits] repo/gentoo:master commit in: media-sound/mpg321/, media-sound/mpg321/files/ Michael Weber
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1591408153.33364299eee045ae5df62612a33c9c80dbbe792c.bman@gentoo \
--to=bman@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox