diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2018-09-18 23:23:22 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2018-09-18 23:24:08 +0200 |
commit | e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1 (patch) | |
tree | e0c1c54c379e20092c1ba03141d4b98f8fa1d1f1 | |
parent | x11-wm/qtile: remove old (diff) | |
download | gentoo-e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1.tar.gz gentoo-e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1.tar.bz2 gentoo-e2ec2c790cf28858ec8dd4da007ca7ca12ffeca1.zip |
media-libs/libsndfile: Fix CVE-2018-13139
Bug: https://bugs.gentoo.org/660452
Package-Manager: Portage-2.3.49, Repoman-2.3.10
-rw-r--r-- | media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch | 31 | ||||
-rw-r--r-- | media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild | 67 |
2 files changed, 98 insertions, 0 deletions
diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch new file mode 100644 index 000000000000..18e6ae76e62c --- /dev/null +++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch @@ -0,0 +1,31 @@ +From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001 +From: "Brett T. Warden" <brett.t.warden@intel.com> +Date: Tue, 28 Aug 2018 12:01:17 -0700 +Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave + +Allocated buffer has space for only 16 channels. Verify that input file +meets this limit. + +Fixes #397 +--- + programs/sndfile-deinterleave.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c +index 53660310..225b4d54 100644 +--- a/programs/sndfile-deinterleave.c ++++ b/programs/sndfile-deinterleave.c +@@ -89,6 +89,13 @@ main (int argc, char **argv) + exit (1) ; + } ; + ++ if (sfinfo.channels > MAX_CHANNELS) ++ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n", ++ argv [1], sfinfo.channels, MAX_CHANNELS) ; ++ exit (1) ; ++ } ; ++ ++ + state.channels = sfinfo.channels ; + sfinfo.channels = 1 ; +
\ No newline at end of file diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild new file mode 100644 index 000000000000..a6eb6e3a48c1 --- /dev/null +++ b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild @@ -0,0 +1,67 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} ) + +inherit python-any-r1 multilib-minimal + +MY_P=${P/_pre/pre} + +DESCRIPTION="C library for reading and writing files containing sampled sound" +HOMEPAGE="http://www.mega-nerd.com/libsndfile" +if [[ ${MY_P} == ${P} ]]; then + SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz" +else + SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz" +fi + +LICENSE="LGPL-2.1" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris" +IUSE="alsa minimal sqlite static-libs test" + +RDEPEND=" + !minimal? ( + >=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}] + >=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}] + >=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}] + ) + alsa? ( media-libs/alsa-lib ) + sqlite? ( >=dev-db/sqlite-3.2 )" +DEPEND="${RDEPEND}" +BDEPEND=" + virtual/pkgconfig + test? ( ${PYTHON_DEPS} )" + +S=${WORKDIR}/${MY_P} + +PATCHES=( + "${FILESDIR}"/${P}-arm-varargs-failure.patch + "${FILESDIR}"/${P}-CVE-2017-12562.patch + "${FILESDIR}"/${P}-CVE-2018-13139.patch +) + +pkg_setup() { + use test && python-any-r1_pkg_setup +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + --disable-octave \ + --enable-gcc-pipe \ + --enable-gcc-opt \ + $(use_enable static-libs static) \ + $(use_enable !minimal external-libs) \ + $(multilib_native_enable full-suite) \ + $(multilib_native_use_enable alsa) \ + $(multilib_native_use_enable sqlite) +} + +multilib_src_install_all() { + einstalldocs + + # package provides .pc files + find "${D}" -name '*.la' -delete || die +} |