diff options
author | Andreas Sturmlechner <asturm@gentoo.org> | 2018-08-22 23:56:46 +0200 |
---|---|---|
committer | Andreas Sturmlechner <asturm@gentoo.org> | 2018-08-23 00:23:22 +0200 |
commit | 6a87c686d9ac9de5e0e455d15773d11307a73c66 (patch) | |
tree | 5389c019246a19492abc6d51f8d835d48514dd9a /media-sound/timidity++/files | |
parent | x11-libs/libX11-1.6.6: arm64 stable (bug #664184) (diff) | |
download | gentoo-6a87c686d9ac9de5e0e455d15773d11307a73c66.tar.gz gentoo-6a87c686d9ac9de5e0e455d15773d11307a73c66.tar.bz2 gentoo-6a87c686d9ac9de5e0e455d15773d11307a73c66.zip |
media-sound/timidity++: EAPI-6, CVE-2017-11546, CVE-2017-11547
Bug: https://bugs.gentoo.org/626706
Package-Manager: Portage-2.3.48, Repoman-2.3.10
Diffstat (limited to 'media-sound/timidity++/files')
5 files changed, 104 insertions, 6 deletions
diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch new file mode 100644 index 000000000000..94135e98b96a --- /dev/null +++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch @@ -0,0 +1,31 @@ +From 2386ec2c745f6c5075e53ea051da211336b44b84 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <tiwai@suse.de> +Date: Tue, 26 Jun 2018 22:31:27 +0200 +Subject: readmidi: Fix division by zero + +References: CVE-2017-11546 + +An adhoc fix for division by zero in insert_note_steps(). + +Signed-off-by: Takashi Iwai <tiwai@suse.de> +bug-debian: https://bugs.debian.org/870338 +bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694 +bug: https://bugzilla.suse.com/show_bug.cgi?id=1081694 +origin: https://bugzilla.suse.com/attachment.cgi?id=760825 +--- + timidity/readmidi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/timidity/readmidi.c b/timidity/readmidi.c +index 158388a..341777e 100644 +--- a/timidity/readmidi.c ++++ b/timidity/readmidi.c +@@ -4585,6 +4585,8 @@ static void insert_note_steps(void) + if (beat != 0) + meas++, beat = 0; + num = timesig[n].a, denom = timesig[n].b, n++; ++ if (!denom) ++ denom = 1; + } + a = (meas + 1) & 0xff; + b = (((meas + 1) >> 8) & 0x0f) + ((beat + 1) << 4); diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch new file mode 100644 index 000000000000..12562a577e0e --- /dev/null +++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch @@ -0,0 +1,67 @@ +From 34328d22cbb4ccf03f29223f54f1834c796d86a2 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai <tiwai@suse.de> +Date: Tue, 26 Jun 2018 22:31:28 +0200 +Subject: resample: Fix out-of-bound access in resamplers + +References: CVE-2017-11547 + +An adhoc fix for out-of-bound accesses in resamples. +The offset might overflow the given data range. + +Signed-off-by: Takashi Iwai <tiwai@suse.de> +bug-debian: https://bugs.debian.org/870338 +bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694 +origin: https://bugzilla.suse.com/attachment.cgi?id=760826 +--- + timidity/resample.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/timidity/resample.c b/timidity/resample.c +index cd6b8e6..4a3fadf 100644 +--- a/timidity/resample.c ++++ b/timidity/resample.c +@@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t *src, splen_t ofs, resample_rec_t *r + { + int32 ofsi, ofsf, v0, v1, v2, v3, temp; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + ofsi = ofs >> FRACTION_BITS; + v1 = src[ofsi]; + v2 = src[ofsi + 1]; +@@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t *src, splen_t ofs, resample_rec_t * + { + int32 ofsi, ofsf, v0, v1, v2, v3; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + ofsi = ofs >> FRACTION_BITS; + v1 = (int32)src[ofsi]; + v2 = (int32)src[ofsi + 1]; +@@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t *src, splen_t ofs, resample_rec_t *rec + sample_t *sptr; + int32 left, right, temp_n; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + left = (ofs>>FRACTION_BITS); + right = (rec->data_length>>FRACTION_BITS) - left - 1; + temp_n = (right<<1)-1; +@@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t *src, splen_t ofs, resample_rec_t *re + int32 left, right, temp_n; + int ii, jj; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + left = (ofs>>FRACTION_BITS); + right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1; + temp_n = (right<<1)-1; +@@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t *src, splen_t ofs, resample_rec_t *re + { + int32 v1, v2, ofsi; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + ofsi = ofs >> FRACTION_BITS; + v1 = src[ofsi]; + v2 = src[ofsi + 1]; diff --git a/media-sound/timidity++/files/timidity++-2.14.0-params.patch b/media-sound/timidity++/files/timidity++-2.14.0-params.patch index d56448b8761b..18790f8bffb4 100644 --- a/media-sound/timidity++/files/timidity++-2.14.0-params.patch +++ b/media-sound/timidity++/files/timidity++-2.14.0-params.patch @@ -1,5 +1,5 @@ ---- configure.in -+++ configure.in +--- a/configure.in ++++ b/configure.in @@ -2245,10 +2245,15 @@ AM_CONDITIONAL(W32READDIR, test "x$W32READDIR" = "xyes") diff --git a/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch b/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch index a83a7db993f8..6f901eab8bc0 100644 --- a/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch +++ b/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch @@ -8,8 +8,8 @@ Because otherwise TiMidity++ simply won't build as per: xskin_c.c:(.text+0x17c): undefined reference to `ctl_speana_data' collect2: error: ld returned 1 exit status ---- interface/xskin_c.c -+++ interface/xskin_c.c +--- a/interface/xskin_c.c ++++ b/interface/xskin_c.c @@ -228,7 +228,6 @@ } } diff --git a/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch b/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch index ea2c0eec6c7d..23ef62aa03e5 100644 --- a/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch +++ b/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch @@ -1,7 +1,7 @@ http://bugs.gentoo.org/451296 ---- interface/tk_c.c -+++ interface/tk_c.c +--- a/interface/tk_c.c ++++ b/interface/tk_c.c @@ -913,7 +913,7 @@ vsnprintf(buf, sizeof(buf), fmt, ap); Tcl_Eval(my_interp, buf); |