* [gentoo-commits] repo/gentoo:master commit in: media-sound/mp3gain/files/, media-sound/mp3gain/
@ 2020-08-03 5:12 Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2020-08-03 5:12 UTC (permalink / raw
To: gentoo-commits
commit: 36f8689f7903548f5d89827a6e7bdf70a9882cee
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Mon Aug 3 05:11:12 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Aug 3 05:12:45 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36f8689f
media-sound/mp3gain: bump to 1.6.2 (+ CVE patch)
Bump to 1.6.2, which includes an upstreamed patch
for a previous CVE, and include openSUSE's patch
for CVE-2019-18359 (and others).
Bug: https://bugs.gentoo.org/717940
Package-Manager: Portage-3.0.1, Repoman-2.3.23
Signed-off-by: Sam James <sam <AT> gentoo.org>
media-sound/mp3gain/Manifest | 1 +
.../files/mp3gain-1.6.2-CVE-2019-18359-plus.patch | 183 +++++++++++++++++++++
media-sound/mp3gain/mp3gain-1.6.2.ebuild | 33 ++++
3 files changed, 217 insertions(+)
diff --git a/media-sound/mp3gain/Manifest b/media-sound/mp3gain/Manifest
index 796440a5be0..f6771ab442c 100644
--- a/media-sound/mp3gain/Manifest
+++ b/media-sound/mp3gain/Manifest
@@ -1 +1,2 @@
DIST mp3gain-1_6_1-src.zip 68932 BLAKE2B 8c1ed35123f1613e189ec7bd74ee9f6176404a1b79c660f8f1a6df461cdfd3c6bb505daa09b8cc4756e1755d0923fe473a45c3ae171fcf35df22daaa08a7717a SHA512 6d26a7716a1901c80caff9d7fb03a454a452c06c6a57a7a921d5979727e112ba139690d8a287dde7a6e5a09b022d3c6f57193b4756a9c25caa177cef65f9e375
+DIST mp3gain-1_6_2-src.zip 71246 BLAKE2B 5172c2103bb2267bf819f36180e9cd7a9d57df6f7ddc29900e9063f97c4513972053bb0c3f1f69f7ddd12ec0cf4251e93e1b6920389a8246bfdd5650176a90d2 SHA512 ec9de6c755120480ccb72b34a0042aea7546ef923090ab04e420d5b189523b4504e29952a3d695d3c42c74348f5c3c9123ff090bcc671e43375711e085d67480
diff --git a/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch b/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch
new file mode 100644
index 00000000000..5f05fc1bf27
--- /dev/null
+++ b/media-sound/mp3gain/files/mp3gain-1.6.2-CVE-2019-18359-plus.patch
@@ -0,0 +1,183 @@
+openSUSE patch: https://build.opensuse.org/package/view_file/openSUSE:Factory/mp3gain/0001-fix-security-bugs.patch?expand=1
+Gentoo bug: https://bugs.gentoo.org/717940
+----
+From: Jason Craig <os-dev@jacraig.com>
+Date: Mon, 30 Mar 2020 12:43:20 -0600
+Subject: [PATCH] Fix various security issues including CVE-2019-18359
+References: boo#1154971
+Upstream: dead
+
+Multiple POCs at https://github.com/zjuchenyuan/fuzzpoc were fixed.
+--- a/apetag.c
++++ b/apetag.c
+@@ -16,6 +16,13 @@
+ #define _stricmp strcasecmp
+ #endif /* WIN32 */
+
++// Min and max values for gain and peak in order to fit in allotted space in the APE tags. For gain that is nine chars,
++// including a + or -. For peak that is eight chars, including a - but no +. Both will always have six precision digits.
++#define MIN_GAIN -9.999999
++#define MAX_GAIN 9.999999
++#define MIN_PEAK -9.99999
++#define MAX_PEAK 9.999999
++
+ int ReadMP3ID3v1Tag(FILE *fi, unsigned char **tagbuff, long *tag_offset) {
+ char tmp[128];
+
+@@ -102,9 +109,9 @@ static int ReadMP3Lyrics3v2Tag ( FILE *fp, unsigned char **tagbuff, unsigned lon
+ if ( fseek (fp, *tag_offset - 128 - (long)sizeof (T) - len, SEEK_SET) ) return 0;
+ if ( fread (tmp, 1, 11, fp) != 11 ) return 0;
+ if ( memcmp (tmp, "LYRICSBEGIN", 11) ) return 0;
+-
++
+ taglen = 128 + Lyrics3GetNumber6(T.Length) + sizeof(T);
+-
++
+ *tag_offset -= taglen;
+ if (*tagbuff != NULL) {
+ free(*tagbuff);
+@@ -142,7 +149,7 @@ enum {
+
+ unsigned long strlen_max(const char * ptr, unsigned long max) {
+ unsigned long n = 0;
+- while (ptr[n] && n < max) n++;
++ while (n < max && ptr[n]) n++;
+ return n;
+ }
+
+@@ -234,6 +241,14 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct
+ info->albumPeak = atof(value);
+ } else if (!_stricmp(name,"MP3GAIN_UNDO")) {
+ /* value should be something like "+003,+003,W" */
++ /* If the file didn't specify enough bytes for the value (at least 11...see above), skip the tag. */
++ if(vsize < 11)
++ {
++ free(value);
++ free(name);
++ p += isize + 1 + vsize;
++ continue;
++ }
+ info->haveUndo = !0;
+ vp = value;
+ memcpy(tmpString,vp,4);
+@@ -251,6 +266,14 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct
+ }
+ } else if (!_stricmp(name,"MP3GAIN_MINMAX")) {
+ /* value should be something like "001,153" */
++ /* If the file didn't specify enough bytes for the value (at least 7...see above), skip the tag. */
++ if(vsize < 7)
++ {
++ free(value);
++ free(name);
++ p += isize + 1 + vsize;
++ continue;
++ }
+ info->haveMinMaxGain = !0;
+ vp = value;
+ memcpy(tmpString,vp,3);
+@@ -289,7 +312,7 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct
+ }
+
+ free (buff);
+-
++
+ *tag_offset -= TagLen;
+ (*apeTag)->originalTagSize = TagLen;
+
+@@ -318,7 +341,7 @@ int ReadMP3APETag ( FILE *fp, struct MP3GainTagInfo *info, struct APETagStruct
+ int truncate_file (char *filename, long truncLength) {
+
+ #ifdef WIN32
+-
++
+ int fh, result;
+
+ /* Open a file */
+@@ -370,10 +393,10 @@ int ReadMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct FileT
+ fi = fopen(filename, "rb");
+ if (fi == NULL)
+ return 0;
+-
++
+ fseek(fi, 0, SEEK_END);
+ tag_offset = file_size = ftell(fi);
+-
++
+ fileTags->lyrics3TagSize = 0;
+
+ do {
+@@ -515,7 +538,7 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File
+ Write_LE_Uint32(newFooter.Flags,1<<31); /* tag has header */
+ memset(newFooter.Reserved,0,sizeof(newFooter.Reserved));
+ }
+-
++
+ if (info->haveMinMaxGain) {
+ /* 8 bytes + "MP3GAIN_MINMAX" + '/0' + "123,123" = 30 bytes */
+ Write_LE_Uint32(mp3gainTagData,7);
+@@ -575,7 +598,10 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File
+ mp3gainTagData += 4;
+ strcpy(mp3gainTagData, "REPLAYGAIN_TRACK_GAIN");
+ mp3gainTagData += 22;
+- sprintf(valueString,"%-+9.6f", info->trackGain);
++ // Clamp the gain value to ensure that sprintf won't put more than 9 chars in valueString. In cases of very
++ // large trackGain value, valueString could overflow.
++ sprintf(valueString, "%-+9.6f", info->trackGain < MIN_GAIN ? MIN_GAIN
++ : (info->trackGain > MAX_GAIN ? MAX_GAIN : info->trackGain));
+ memcpy(mp3gainTagData, valueString, 9);
+ mp3gainTagData += 9;
+ memcpy(mp3gainTagData, " dB", 3);
+@@ -589,7 +615,10 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File
+ mp3gainTagData += 4;
+ strcpy(mp3gainTagData, "REPLAYGAIN_TRACK_PEAK");
+ mp3gainTagData += 22;
+- sprintf(valueString,"%-8.6f", info->trackPeak);
++ // Clamp the peak value to ensure that sprintf won't put more than 8 chars in valueString. In cases of very
++ // large trackPeak value, valueString could overflow.
++ sprintf(valueString,"%-8.6f", info->trackPeak < MIN_PEAK ? MIN_PEAK
++ : (info->trackPeak > MAX_PEAK ? MAX_PEAK : info->trackPeak));
+ memcpy(mp3gainTagData, valueString, 8);
+ mp3gainTagData += 8;
+ }
+@@ -601,7 +630,9 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File
+ mp3gainTagData += 4;
+ strcpy(mp3gainTagData, "REPLAYGAIN_ALBUM_GAIN");
+ mp3gainTagData += 22;
+- sprintf(valueString,"%-+9.6f", info->albumGain);
++ // Clamp the gain value, see haveTrackGain if above.
++ sprintf(valueString,"%-+9.6f", info->albumGain < MIN_GAIN ? MIN_GAIN
++ : (info->albumGain > MAX_GAIN ? MAX_GAIN : info->albumGain));
+ memcpy(mp3gainTagData, valueString, 9);
+ mp3gainTagData += 9;
+ memcpy(mp3gainTagData, " dB", 3);
+@@ -615,7 +646,9 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File
+ mp3gainTagData += 4;
+ strcpy(mp3gainTagData, "REPLAYGAIN_ALBUM_PEAK");
+ mp3gainTagData += 22;
+- sprintf(valueString,"%-8.6f", info->albumPeak);
++ // Clamp the peak value, see haveTrackPeak if above.
++ sprintf(valueString,"%-8.6f", info->albumPeak < MIN_PEAK ? MIN_PEAK
++ : (info->albumPeak > MAX_PEAK ? MAX_PEAK : info->albumPeak));
+ memcpy(mp3gainTagData, valueString, 8);
+ mp3gainTagData += 8;
+ }
+@@ -641,7 +674,7 @@ int WriteMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct File
+ } //no Lyrics3 tag
+
+ fclose(outputFile);
+-
++
+ if (saveTimeStamp)
+ fileTime(filename,setStoredTime);
+
+@@ -666,7 +699,7 @@ int RemoveMP3GainAPETag (char *filename, int saveTimeStamp) {
+ info.haveMinMaxGain = 0;
+ info.haveAlbumMinMaxGain = 0;
+ info.haveUndo = 0;
+-
++
+ fileTags.apeTag = NULL;
+ fileTags.id31tag = NULL;
+ fileTags.lyrics3tag = NULL;
+
+
diff --git a/media-sound/mp3gain/mp3gain-1.6.2.ebuild b/media-sound/mp3gain/mp3gain-1.6.2.ebuild
new file mode 100644
index 00000000000..44bb5054568
--- /dev/null
+++ b/media-sound/mp3gain/mp3gain-1.6.2.ebuild
@@ -0,0 +1,33 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit toolchain-funcs
+
+MY_P="${P//./_}"
+
+DESCRIPTION="A program to analyze and adjust MP3 files to same volume"
+HOMEPAGE="http://mp3gain.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}-src.zip"
+S="${WORKDIR}"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+
+BDEPEND="app-arch/unzip"
+RDEPEND="media-sound/mpg123"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+ "${FILESDIR}/${PN}-1.6.2-CVE-2019-18359-plus.patch"
+)
+
+src_compile() {
+ emake CC="$(tc-getCC)"
+}
+
+src_install() {
+ dobin mp3gain
+}
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-commits] repo/gentoo:master commit in: media-sound/mp3gain/files/, media-sound/mp3gain/
@ 2020-08-29 0:28 Sam James
0 siblings, 0 replies; 2+ messages in thread
From: Sam James @ 2020-08-29 0:28 UTC (permalink / raw
To: gentoo-commits
commit: 78ad7877efb30b4599320e7f81a15cb2527acdfe
Author: Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sat Aug 29 00:26:26 2020 +0000
Commit: Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sat Aug 29 00:26:26 2020 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78ad7877
media-sound/mp3gain: security cleanup
Closes: https://bugs.gentoo.org/717940
Package-Manager: Portage-3.0.4, Repoman-3.0.1
Signed-off-by: Sam James <sam <AT> gentoo.org>
media-sound/mp3gain/Manifest | 1 -
.../files/mp3gain-1.6.1-CVE-2017-12911.patch | 77 ----------------------
media-sound/mp3gain/mp3gain-1.6.1.ebuild | 34 ----------
3 files changed, 112 deletions(-)
diff --git a/media-sound/mp3gain/Manifest b/media-sound/mp3gain/Manifest
index f6771ab442c..e76bdaa6317 100644
--- a/media-sound/mp3gain/Manifest
+++ b/media-sound/mp3gain/Manifest
@@ -1,2 +1 @@
-DIST mp3gain-1_6_1-src.zip 68932 BLAKE2B 8c1ed35123f1613e189ec7bd74ee9f6176404a1b79c660f8f1a6df461cdfd3c6bb505daa09b8cc4756e1755d0923fe473a45c3ae171fcf35df22daaa08a7717a SHA512 6d26a7716a1901c80caff9d7fb03a454a452c06c6a57a7a921d5979727e112ba139690d8a287dde7a6e5a09b022d3c6f57193b4756a9c25caa177cef65f9e375
DIST mp3gain-1_6_2-src.zip 71246 BLAKE2B 5172c2103bb2267bf819f36180e9cd7a9d57df6f7ddc29900e9063f97c4513972053bb0c3f1f69f7ddd12ec0cf4251e93e1b6920389a8246bfdd5650176a90d2 SHA512 ec9de6c755120480ccb72b34a0042aea7546ef923090ab04e420d5b189523b4504e29952a3d695d3c42c74348f5c3c9123ff090bcc671e43375711e085d67480
diff --git a/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch b/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch
deleted file mode 100644
index 0b5a3228096..00000000000
--- a/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch
+++ /dev/null
@@ -1,77 +0,0 @@
---- a/apetag.c
-+++ b/apetag.c
-@@ -49,6 +49,12 @@
-
- static int Lyrics3GetNumber6 ( const unsigned char* string )
- {
-+ if (string[0] < '0' || string[0] > '9') return 0;
-+ if (string[1] < '0' || string[1] > '9') return 0;
-+ if (string[2] < '0' || string[2] > '9') return 0;
-+ if (string[3] < '0' || string[3] > '9') return 0;
-+ if (string[4] < '0' || string[4] > '9') return 0;
-+ if (string[5] < '0' || string[5] > '9') return 0;
- return ( string[0] - '0') * 100000 +
- ( string[1] - '0') * 10000 +
- ( string[2] - '0') * 1000 +
-@@ -86,12 +92,14 @@
- free(*id3tagbuff);
- *id3tagbuff = (unsigned char *)malloc(128);
- memcpy(*id3tagbuff,tmpid3,128);
-+ if ( *tag_offset < (128 + (long)(sizeof(T))) ) return 0;
- if ( fseek (fp, *tag_offset - 128 - sizeof (T), SEEK_SET) ) return 0;
- if ( fread (&T, 1, sizeof (T), fp) != sizeof (T) ) return 0;
- // check for lyrics3 v2.00 tag
- if ( memcmp (T.ID, "LYRICS200", sizeof (T.ID)) ) return 0;
- len = Lyrics3GetNumber6 (T.Length);
-- if ( fseek (fp, *tag_offset - 128 - (int)sizeof (T) - len, SEEK_SET) ) return 0;
-+ if (*tag_offset < (128 + (long)(sizeof(T)) + len)) return 0;
-+ if ( fseek (fp, *tag_offset - 128 - (long)sizeof (T) - len, SEEK_SET) ) return 0;
- if ( fread (tmp, 1, 11, fp) != 11 ) return 0;
- if ( memcmp (tmp, "LYRICSBEGIN", 11) ) return 0;
-
-@@ -167,6 +175,7 @@
- Ver = Read_LE_Uint32 (T.Version);
- if ( (Ver != 1000) && (Ver != 2000) ) return 0;
- if ( (TagLen = Read_LE_Uint32 (T.Length)) < sizeof (T) ) return 0;
-+ if (*tag_offset < TagLen) return 0;
- if ( fseek (fp, *tag_offset - TagLen, SEEK_SET) ) return 0;
- buff = (char *)malloc (TagLen);
- if ( fread (buff, 1, TagLen - sizeof (T), fp) != (TagLen - sizeof (T)) ) {
-@@ -285,6 +294,7 @@
- (*apeTag)->originalTagSize = TagLen;
-
- if ( Read_LE_Uint32 (T.Flags) & (1<<31) ) { // Tag contains header
-+ if (*tag_offset < (long)(sizeof(T))) return 0;
- *tag_offset -= sizeof (T);
-
- fseek (fp, *tag_offset, SEEK_SET);
-@@ -355,14 +365,14 @@
- */
- int ReadMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct FileTagsStruct *fileTags) {
- FILE *fi;
-- long tag_offset, offs_bk;
-+ long tag_offset, offs_bk, file_size;
-
- fi = fopen(filename, "rb");
- if (fi == NULL)
- return 0;
-
- fseek(fi, 0, SEEK_END);
-- tag_offset = ftell(fi);
-+ tag_offset = file_size = ftell(fi);
-
- fileTags->lyrics3TagSize = 0;
-
-@@ -373,7 +383,11 @@
- ReadMP3ID3v1Tag ( fi, &(fileTags->id31tag), &tag_offset );
- } while ( offs_bk != tag_offset );
-
-- fileTags->tagOffset = tag_offset;
-+ if (tag_offset >= 0 && tag_offset <= file_size) {
-+ fileTags->tagOffset = tag_offset;
-+ } else { //Corrupt tag information, simply default to end-of-file
-+ fileTags->tagOffset = file_size;
-+ }
-
- fclose(fi);
-
\ No newline at end of file
diff --git a/media-sound/mp3gain/mp3gain-1.6.1.ebuild b/media-sound/mp3gain/mp3gain-1.6.1.ebuild
deleted file mode 100644
index 11c40690473..00000000000
--- a/media-sound/mp3gain/mp3gain-1.6.1.ebuild
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit toolchain-funcs
-
-MY_P="${P//./_}"
-
-DESCRIPTION="A program to analyze and adjust MP3 files to same volume"
-HOMEPAGE="http://mp3gain.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}-src.zip"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~hppa ~ppc ~ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
-IUSE=""
-
-RDEPEND="
- app-arch/unzip
- media-sound/mpg123
-"
-DEPEND="${RDEPEND}"
-
-PATCHES=( "${FILESDIR}"/${P}-CVE-2017-12911.patch )
-
-S="${WORKDIR}"
-
-src_compile() {
- emake CC="$(tc-getCC)"
-}
-
-src_install() {
- dobin mp3gain
-}
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-08-29 0:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-08-29 0:28 [gentoo-commits] repo/gentoo:master commit in: media-sound/mp3gain/files/, media-sound/mp3gain/ Sam James
-- strict thread matches above, loose matches on Subject: below --
2020-08-03 5:12 Sam James
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox