[gentoo-commits] repo/gentoo:master commit in: media-libs/audiofile/, media-libs/audiofile/files/

["Alexis Ballier" <aballier@gentoo.org>]

commit:     d95fcc8b14612f4a91ab015436e4ea709ba1a7e4
Author:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
AuthorDate: Sat Jan 21 17:03:07 2017 +0000
Commit:     Alexis Ballier <aballier <AT> gentoo <DOT> org>
CommitDate: Sat Jan 21 18:14:45 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d95fcc8b

media-libs/audiofile: Add patch for CVE-2015-7747 (bug #562886)

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 media-libs/audiofile/audiofile-0.3.6-r3.ebuild     |  51 +++++++
 .../files/audiofile-0.3.6-CVE-2015-7747.patch      | 156 +++++++++++++++++++++
 2 files changed, 207 insertions(+)

diff --git a/media-libs/audiofile/audiofile-0.3.6-r3.ebuild b/media-libs/audiofile/audiofile-0.3.6-r3.ebuild
new file mode 100644
index 00000000..4707a47
--- /dev/null
+++ b/media-libs/audiofile/audiofile-0.3.6-r3.ebuild
@@ -0,0 +1,51 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+EAPI=6
+
+inherit autotools gnome.org multilib-minimal
+
+DESCRIPTION="An elegant API for accessing audio files"
+HOMEPAGE="http://www.68k.org/~michael/audiofile/"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0/1" # subslot = soname major version
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc \
+	~x86 ~amd64-fbsd ~x86-fbsd ~x86-freebsd ~x86-interix ~amd64-linux \
+	~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x86-solaris"
+IUSE="flac static-libs test"
+
+RDEPEND="flac? ( >=media-libs/flac-1.2.1[${MULTILIB_USEDEP}] )"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig
+	test? ( dev-cpp/gtest[${MULTILIB_USEDEP}] )"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.3.6-gcc6-build-fixes.patch
+	"${FILESDIR}"/${PN}-0.3.6-system-gtest.patch
+	"${FILESDIR}"/${PN}-0.3.6-CVE-2015-7747.patch
+)
+
+src_prepare() {
+	default
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--enable-largefile
+		--disable-werror
+		--disable-examples
+		$(use_enable flac)
+		$(use_enable static-libs static)
+	)
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	# package provides .pc file
+	find "${D}" -name '*.la' -delete || die
+}

diff --git a/media-libs/audiofile/files/audiofile-0.3.6-CVE-2015-7747.patch b/media-libs/audiofile/files/audiofile-0.3.6-CVE-2015-7747.patch
new file mode 100644
index 00000000..3325639
--- /dev/null
+++ b/media-libs/audiofile/files/audiofile-0.3.6-CVE-2015-7747.patch
@@ -0,0 +1,156 @@
+Description: fix buffer overflow when changing both sample format and
+ number of channels
+Origin: https://github.com/mpruett/audiofile/pull/25
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
+Bug-Debian: https://bugs.debian.org/801102
+
+--- a/libaudiofile/modules/ModuleState.cpp
++++ b/libaudiofile/modules/ModuleState.cpp
+@@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
+ 		addModule(new Transform(outfc, in.pcm, out.pcm));
+ 
+ 	if (in.channelCount != out.channelCount)
+-		addModule(new ApplyChannelMatrix(infc, isReading,
++		addModule(new ApplyChannelMatrix(outfc, isReading,
+ 			in.channelCount, out.channelCount,
+ 			in.pcm.minClip, in.pcm.maxClip,
+ 			track->channelMatrix));
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -26,6 +26,7 @@ TESTS = \
+ 	VirtualFile \
+ 	floatto24 \
+ 	query2 \
++	sixteen-stereo-to-eight-mono \
+ 	sixteen-to-eight \
+ 	testchannelmatrix \
+ 	testdouble \
+@@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
+ printmarkers_LDADD = $(LIBAUDIOFILE) -lm
+ 
+ sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h
++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h
+ 
+ testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h
+ 
+--- /dev/null
++++ b/test/sixteen-stereo-to-eight-mono.c
+@@ -0,0 +1,118 @@
++/*
++	Audio File Library
++
++	Copyright 2000, Silicon Graphics, Inc.
++
++	This program is free software; you can redistribute it and/or modify
++	it under the terms of the GNU General Public License as published by
++	the Free Software Foundation; either version 2 of the License, or
++	(at your option) any later version.
++
++	This program is distributed in the hope that it will be useful,
++	but WITHOUT ANY WARRANTY; without even the implied warranty of
++	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++	GNU General Public License for more details.
++
++	You should have received a copy of the GNU General Public License along
++	with this program; if not, write to the Free Software Foundation, Inc.,
++	51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++*/
++
++/*
++	sixteen-stereo-to-eight-mono.c
++
++	This program tests the conversion from 2-channel 16-bit integers to
++	1-channel 8-bit	integers.
++*/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <limits.h>
++
++#include <audiofile.h>
++
++#include "TestUtilities.h"
++
++int main (int argc, char **argv)
++{
++	AFfilehandle file;
++	AFfilesetup setup;
++	int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
++	int8_t frames8[] = {28, 6, -2};
++	int i, frameCount = 3;
++	int8_t byte;
++	AFframecount result;
++
++	setup = afNewFileSetup();
++
++	afInitFileFormat(setup, AF_FILE_WAVE);
++
++	afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
++	afInitChannels(setup, AF_DEFAULT_TRACK, 2);
++
++	char *testFileName;
++	if (!createTemporaryFile("sixteen-to-eight", &testFileName))
++	{
++		fprintf(stderr, "Could not create temporary file.\n");
++		exit(EXIT_FAILURE);
++	}
++
++	file = afOpenFile(testFileName, "w", setup);
++	if (file == AF_NULL_FILEHANDLE)
++	{
++		fprintf(stderr, "could not open file for writing\n");
++		exit(EXIT_FAILURE);
++	}
++
++	afFreeFileSetup(setup);
++
++	afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
++
++	afCloseFile(file);
++
++	file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
++	if (file == AF_NULL_FILEHANDLE)
++	{
++		fprintf(stderr, "could not open file for reading\n");
++		exit(EXIT_FAILURE);
++	}
++
++	afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8);
++	afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
++
++	for (i=0; i<frameCount; i++)
++	{
++		/* Read one frame. */
++		result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
++
++		if (result != 1)
++			break;
++
++		/* Compare the byte read with its precalculated value. */
++		if (memcmp(&byte, &frames8[i], 1) != 0)
++		{
++			printf("error\n");
++			printf("expected %d, got %d\n", frames8[i], byte);
++			exit(EXIT_FAILURE);
++		}
++		else
++		{
++#ifdef DEBUG
++			printf("got what was expected: %d\n", byte);
++#endif
++		}
++	}
++
++	afCloseFile(file);
++	unlink(testFileName);
++	free(testFileName);
++
++	exit(EXIT_SUCCESS);
++}