From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 578241382C5 for ; Sat, 5 May 2018 00:47:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 78E2BE085B; Sat, 5 May 2018 00:47:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4316FE085B for ; Sat, 5 May 2018 00:47:10 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 8C22C335C60 for ; Sat, 5 May 2018 00:47:09 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id D793032 for ; Sat, 5 May 2018 00:47:07 +0000 (UTC) From: "Aaron Bauman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Aaron Bauman" Message-ID: <1525481214.c77b4de07de7b74bba15ac1c62332ed2aa2143cb.bman@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: media-libs/libmp3splt/, media-libs/libmp3splt/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: media-libs/libmp3splt/files/CVE-2017-15185.patch media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild X-VCS-Directories: media-libs/libmp3splt/ media-libs/libmp3splt/files/ X-VCS-Committer: bman X-VCS-Committer-Name: Aaron Bauman X-VCS-Revision: c77b4de07de7b74bba15ac1c62332ed2aa2143cb X-VCS-Branch: master Date: Sat, 5 May 2018 00:47:07 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 365f6e26-8fa6-4e35-b521-60881075e801 X-Archives-Hash: 105fa0f3997fdce490040b3f48829ee2 commit: c77b4de07de7b74bba15ac1c62332ed2aa2143cb Author: Aaron Bauman gentoo org> AuthorDate: Sat May 5 00:46:54 2018 +0000 Commit: Aaron Bauman gentoo org> CommitDate: Sat May 5 00:46:54 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77b4de0 media-libs/libmp3splt: add CVE-2017-15185 DoS patch Bug: https://bugs.gentoo.org/633840 Package-Manager: Portage-2.3.36, Repoman-2.3.9 media-libs/libmp3splt/files/CVE-2017-15185.patch | 41 +++++++++++++++++++ media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 52 ++++++++++++++++++++++++ 2 files changed, 93 insertions(+) diff --git a/media-libs/libmp3splt/files/CVE-2017-15185.patch b/media-libs/libmp3splt/files/CVE-2017-15185.patch new file mode 100644 index 00000000000..b31a92d0c45 --- /dev/null +++ b/media-libs/libmp3splt/files/CVE-2017-15185.patch @@ -0,0 +1,41 @@ +diff --git a/libmp3splt/plugins/ogg.c b/libmp3splt/plugins/ogg.c +index 50cc495..57745f1 100644 +--- a/libmp3splt/plugins/ogg.c ++++ b/libmp3splt/plugins/ogg.c +@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error) + goto error; + } + memset(oggstate, 0, sizeof(splt_ogg_state)); ++ + if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL) + { + goto error; + } ++ memset(oggstate->sync_in, 0, sizeof(ogg_sync_state)); ++ + if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL) + { + goto error; + } ++ memset(oggstate->stream_in, 0, sizeof(ogg_stream_state)); ++ + if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL) + { + goto error; + } ++ memset(oggstate->vd, 0, sizeof(vorbis_dsp_state)); ++ + if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL) + { + goto error; + } ++ memset(oggstate->vi, 0, sizeof(vorbis_info)); ++ + if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL) + { + goto error; + } ++ memset(oggstate->vb, 0, sizeof(vorbis_block)); + + if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL) + { diff --git a/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild new file mode 100644 index 00000000000..0427694ed0b --- /dev/null +++ b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit versionator autotools eutils multilib + +DESCRIPTION="a library for mp3splt to split mp3 and ogg files without decoding" +HOMEPAGE="http://mp3splt.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN:3}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc flac pcre" + +RDEPEND="media-libs/libmad + media-libs/libvorbis + media-libs/libogg + media-libs/libid3tag + flac? ( >=media-libs/flac-1.2.1 ) + pcre? ( dev-libs/libpcre )" +DEPEND="${RDEPEND} + doc? ( >=app-doc/doxygen-1.8.3.1 media-gfx/graphviz ) + sys-apps/findutils" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-0.7-libltdl.patch + epatch "${FILESDIR}"/CVE-2017-15185.patch + eautoreconf +} + +src_configure() { + econf \ + --disable-dependency-tracking \ + --disable-static \ + $(use_enable pcre) \ + $(use_enable flac) \ + $(use_enable doc doxygen_doc) \ + --docdir=/usr/share/doc/${PF} \ + --disable-optimise \ + --disable-cutter # TODO package cutter +} + +src_install() { + default + use doc && docompress -x /usr/share/doc/${PF}/doxygen/${PN}_ico.svg + + dodoc AUTHORS ChangeLog LIMITS NEWS README TODO + + find "${D}"/usr -name '*.la' -delete +}