From: "Andreas Sturmlechner" <asturm@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: media-sound/timidity++/, media-sound/timidity++/files/
Date: Wed, 22 Aug 2018 22:23:51 +0000 (UTC) [thread overview]
Message-ID: <1534976602.6a87c686d9ac9de5e0e455d15773d11307a73c66.asturm@gentoo> (raw)
commit: 6a87c686d9ac9de5e0e455d15773d11307a73c66
Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
AuthorDate: Wed Aug 22 21:56:46 2018 +0000
Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org>
CommitDate: Wed Aug 22 22:23:22 2018 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a87c686
media-sound/timidity++: EAPI-6, CVE-2017-11546, CVE-2017-11547
Bug: https://bugs.gentoo.org/626706
Package-Manager: Portage-2.3.48, Repoman-2.3.10
.../files/timidity++-2.14.0-CVE-2017-11546.patch | 31 ++++
.../files/timidity++-2.14.0-CVE-2017-11547.patch | 67 +++++++
.../files/timidity++-2.14.0-params.patch | 4 +-
...ert-for-required-ctl_speana_data-function.patch | 4 +-
.../files/timidity++-2.14.0-tcltk86.patch | 4 +-
media-sound/timidity++/timidity++-2.14.0-r3.ebuild | 199 +++++++++++++++++++++
6 files changed, 303 insertions(+), 6 deletions(-)
diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch
new file mode 100644
index 00000000000..94135e98b96
--- /dev/null
+++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch
@@ -0,0 +1,31 @@
+From 2386ec2c745f6c5075e53ea051da211336b44b84 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 26 Jun 2018 22:31:27 +0200
+Subject: readmidi: Fix division by zero
+
+References: CVE-2017-11546
+
+An adhoc fix for division by zero in insert_note_steps().
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+bug-debian: https://bugs.debian.org/870338
+bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694
+bug: https://bugzilla.suse.com/show_bug.cgi?id=1081694
+origin: https://bugzilla.suse.com/attachment.cgi?id=760825
+---
+ timidity/readmidi.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/timidity/readmidi.c b/timidity/readmidi.c
+index 158388a..341777e 100644
+--- a/timidity/readmidi.c
++++ b/timidity/readmidi.c
+@@ -4585,6 +4585,8 @@ static void insert_note_steps(void)
+ if (beat != 0)
+ meas++, beat = 0;
+ num = timesig[n].a, denom = timesig[n].b, n++;
++ if (!denom)
++ denom = 1;
+ }
+ a = (meas + 1) & 0xff;
+ b = (((meas + 1) >> 8) & 0x0f) + ((beat + 1) << 4);
diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch
new file mode 100644
index 00000000000..12562a577e0
--- /dev/null
+++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch
@@ -0,0 +1,67 @@
+From 34328d22cbb4ccf03f29223f54f1834c796d86a2 Mon Sep 17 00:00:00 2001
+From: Takashi Iwai <tiwai@suse.de>
+Date: Tue, 26 Jun 2018 22:31:28 +0200
+Subject: resample: Fix out-of-bound access in resamplers
+
+References: CVE-2017-11547
+
+An adhoc fix for out-of-bound accesses in resamples.
+The offset might overflow the given data range.
+
+Signed-off-by: Takashi Iwai <tiwai@suse.de>
+bug-debian: https://bugs.debian.org/870338
+bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694
+origin: https://bugzilla.suse.com/attachment.cgi?id=760826
+---
+ timidity/resample.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/timidity/resample.c b/timidity/resample.c
+index cd6b8e6..4a3fadf 100644
+--- a/timidity/resample.c
++++ b/timidity/resample.c
+@@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t *src, splen_t ofs, resample_rec_t *r
+ {
+ int32 ofsi, ofsf, v0, v1, v2, v3, temp;
+
++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
++ return src[ofs >> FRACTION_BITS];
+ ofsi = ofs >> FRACTION_BITS;
+ v1 = src[ofsi];
+ v2 = src[ofsi + 1];
+@@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t *src, splen_t ofs, resample_rec_t *
+ {
+ int32 ofsi, ofsf, v0, v1, v2, v3;
+
++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
++ return src[ofs >> FRACTION_BITS];
+ ofsi = ofs >> FRACTION_BITS;
+ v1 = (int32)src[ofsi];
+ v2 = (int32)src[ofsi + 1];
+@@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t *src, splen_t ofs, resample_rec_t *rec
+ sample_t *sptr;
+ int32 left, right, temp_n;
+
++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
++ return src[ofs >> FRACTION_BITS];
+ left = (ofs>>FRACTION_BITS);
+ right = (rec->data_length>>FRACTION_BITS) - left - 1;
+ temp_n = (right<<1)-1;
+@@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t *src, splen_t ofs, resample_rec_t *re
+ int32 left, right, temp_n;
+ int ii, jj;
+
++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
++ return src[ofs >> FRACTION_BITS];
+ left = (ofs>>FRACTION_BITS);
+ right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1;
+ temp_n = (right<<1)-1;
+@@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t *src, splen_t ofs, resample_rec_t *re
+ {
+ int32 v1, v2, ofsi;
+
++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
++ return src[ofs >> FRACTION_BITS];
+ ofsi = ofs >> FRACTION_BITS;
+ v1 = src[ofsi];
+ v2 = src[ofsi + 1];
diff --git a/media-sound/timidity++/files/timidity++-2.14.0-params.patch b/media-sound/timidity++/files/timidity++-2.14.0-params.patch
index d56448b8761..18790f8bffb 100644
--- a/media-sound/timidity++/files/timidity++-2.14.0-params.patch
+++ b/media-sound/timidity++/files/timidity++-2.14.0-params.patch
@@ -1,5 +1,5 @@
---- configure.in
-+++ configure.in
+--- a/configure.in
++++ b/configure.in
@@ -2245,10 +2245,15 @@
AM_CONDITIONAL(W32READDIR, test "x$W32READDIR" = "xyes")
diff --git a/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch b/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch
index a83a7db993f..6f901eab8bc 100644
--- a/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch
+++ b/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch
@@ -8,8 +8,8 @@ Because otherwise TiMidity++ simply won't build as per:
xskin_c.c:(.text+0x17c): undefined reference to `ctl_speana_data'
collect2: error: ld returned 1 exit status
---- interface/xskin_c.c
-+++ interface/xskin_c.c
+--- a/interface/xskin_c.c
++++ b/interface/xskin_c.c
@@ -228,7 +228,6 @@
}
}
diff --git a/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch b/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch
index ea2c0eec6c7..23ef62aa03e 100644
--- a/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch
+++ b/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch
@@ -1,7 +1,7 @@
http://bugs.gentoo.org/451296
---- interface/tk_c.c
-+++ interface/tk_c.c
+--- a/interface/tk_c.c
++++ b/interface/tk_c.c
@@ -913,7 +913,7 @@
vsnprintf(buf, sizeof(buf), fmt, ap);
Tcl_Eval(my_interp, buf);
diff --git a/media-sound/timidity++/timidity++-2.14.0-r3.ebuild b/media-sound/timidity++/timidity++-2.14.0-r3.ebuild
new file mode 100644
index 00000000000..5a1770ebcfd
--- /dev/null
+++ b/media-sound/timidity++/timidity++-2.14.0-r3.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools desktop elisp-common systemd toolchain-funcs user xdg-utils
+
+MY_PV=${PV/_/-}
+MY_P=TiMidity++-${MY_PV}
+S=${WORKDIR}/${MY_P}
+
+DESCRIPTION="A handy MIDI to WAV converter with OSS and ALSA output support"
+HOMEPAGE="http://timidity.sourceforge.net/"
+SRC_URI="mirror://sourceforge/timidity/${MY_P}.tar.xz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd"
+IUSE="motif oss nas X gtk vorbis tk slang alsa jack emacs ao selinux speex flac ncurses"
+
+DEPEND="
+ alsa? ( media-libs/alsa-lib )
+ ao? ( >=media-libs/libao-0.8.5 )
+ emacs? ( virtual/emacs )
+ flac? ( media-libs/flac )
+ gtk? ( x11-libs/gtk+:2 )
+ jack? ( virtual/jack )
+ motif? ( >=x11-libs/motif-2.3:0 )
+ nas? ( >=media-libs/nas-1.4 )
+ ncurses? ( sys-libs/ncurses:0= )
+ slang? ( sys-libs/slang )
+ speex? ( media-libs/speex )
+ tk? ( dev-lang/tk:0= )
+ vorbis? ( media-libs/libvorbis )
+ X? (
+ media-libs/libpng:0=
+ x11-libs/libXaw
+ x11-libs/libXext
+ )
+"
+RDEPEND="${DEPEND}
+ app-eselect/eselect-timidity
+ alsa? ( media-sound/alsa-utils )
+ selinux? ( sec-policy/selinux-timidity )
+"
+
+PDEPEND="|| ( media-sound/timidity-eawpatches media-sound/timidity-freepats )"
+
+SITEFILE=50${PN}-gentoo.el
+
+pkg_setup() {
+ enewgroup audio 18 # Just make sure it exists
+ enewuser timidity -1 -1 /var/lib/timidity audio
+}
+
+DOCS=( AUTHORS ChangeLog NEWS README "${FILESDIR}"/timidity.cfg-r1 )
+
+PATCHES=(
+ "${FILESDIR}"/${P}-params.patch
+ "${FILESDIR}"/${P}-revert-for-required-ctl_speana_data-function.patch
+ "${FILESDIR}"/${P}-tcltk86.patch
+ "${FILESDIR}"/${P}-ar.patch
+ "${FILESDIR}"/${P}-configure-flags.patch
+ "${FILESDIR}"/${P}-pkg-config.patch
+ "${FILESDIR}"/${P}-CVE-2017-1154{6,7}.patch
+)
+
+src_prepare() {
+ default
+ eautoreconf
+}
+
+src_configure() {
+ export EXTRACFLAGS="${CFLAGS}" #385817
+
+ local myconf=()
+ local audios
+
+ use flac && audios+=",flac"
+ use speex && audios+=",speex"
+ use vorbis && audios+=",vorbis"
+ use oss && audios+=",oss"
+ use jack && audios+=",jack"
+ use ao && audios+=",ao"
+
+ if use nas; then
+ audios+=",nas"
+ myconf+=( --with-nas-library="/usr/$(get_libdir)/libaudio.so" --with-x )
+ use X || ewarn "Basic X11 support will be enabled because required by nas."
+ fi
+
+ if use alsa; then
+ audios+=",alsa"
+ myconf+=( --with-default-output=alsa --enable-alsaseq )
+ fi
+
+ # We disable motif by default and then only enable it if it's requested.
+ if use motif; then
+ myconf+=( --enable-motif --with-x )
+ use X || ewarn "Basic X11 support will be enabled because required by motif."
+ fi
+
+ econf \
+ --localstatedir=/var/state/timidity++ \
+ --with-module-dir="${EPREFIX}/usr/share/timidity" \
+ --with-lispdir="${SITELISP}/${PN}" \
+ --with-elf \
+ --enable-audio=${audios} \
+ --enable-server \
+ --enable-network \
+ --enable-dynamic \
+ --enable-vt100 \
+ --enable-spline=cubic \
+ $(use_enable emacs) \
+ $(use_enable slang) \
+ $(use_enable ncurses) \
+ $(use_with X x) \
+ $(use_enable X spectrogram) \
+ $(use_enable X wrd) \
+ $(use_enable X xskin) \
+ $(use_enable X xaw) \
+ $(use_enable gtk) \
+ $(use_enable tk tcltk) \
+ --disable-motif \
+ "${myconf[@]}"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+ einstalldocs
+
+ # these are only for the ALSA sequencer mode
+ if use alsa; then
+ newconfd "${FILESDIR}"/conf.d.timidity.2 timidity
+ newinitd "${FILESDIR}"/init.d.timidity.4 timidity
+
+ systemd_dounit "${FILESDIR}"/timidity.service
+ fi
+
+ insinto /etc
+ newins "${FILESDIR}"/timidity.cfg-r1 timidity.cfg
+
+ dodir /usr/share/timidity
+ dosym ../../../etc/timidity.cfg /usr/share/timidity/timidity.cfg
+
+ if use emacs; then
+ elisp-site-file-install "${FILESDIR}/${SITEFILE}"
+ fi
+
+ diropts -o timidity -g nobody -m 0700
+ keepdir /var/lib/timidity
+
+ doicon "${FILESDIR}"/timidity.xpm
+ newmenu "${FILESDIR}"/timidity.desktop.2 timidity.desktop
+
+ # Order of preference: gtk, X (Xaw), ncurses, slang
+ # Do not create menu item for terminal ones
+ local interface="-id"
+ local terminal="true"
+ local nodisplay="true"
+ if use gtk || use X; then
+ interface="-ia"
+ terminal="false"
+ nodisplay="false"
+ use gtk && interface="-ig"
+ elif use ncurses || use slang; then
+ local interface="-is"
+ use ncurses && interface="-in"
+ fi
+ sed -e "s/Exec=timidity/Exec=timidity ${interface}/" \
+ -e "s/Terminal=.*/Terminal=${terminal}/" \
+ -e "s/NoDisplay=.*/NoDisplay=${nodisplay}/" \
+ -i "${D}"/usr/share/applications/timidity.desktop || die
+}
+
+pkg_postinst() {
+ use emacs && elisp-site-regen
+
+ elog "A timidity config file has been installed in /etc/timidity.cfg."
+ elog "Do not edit this file as it will interfere with the eselect timidity tool."
+ elog "The tool 'eselect timidity' can be used to switch between installed patchsets."
+
+ if use alsa; then
+ elog "An init script for the alsa timidity sequencer has been installed."
+ elog "If you wish to use the timidity virtual sequencer, edit /etc/conf.d/timidity"
+ elog "and run 'rc-update add timidity <runlevel> && /etc/init.d/timidity start'"
+ fi
+
+ if use sparc; then
+ elog "Only saving to wave file and ALSA soundback has been tested working."
+ fi
+
+ xdg_desktop_database_update
+}
+
+pkg_postrm() {
+ use emacs && elisp-site-regen
+ xdg_desktop_database_update
+}
next reply other threads:[~2018-08-22 22:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-22 22:23 Andreas Sturmlechner [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-12-22 3:57 [gentoo-commits] repo/gentoo:master commit in: media-sound/timidity++/, media-sound/timidity++/files/ Sam James
2015-08-28 0:54 Manuel Rüger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1534976602.6a87c686d9ac9de5e0e455d15773d11307a73c66.asturm@gentoo \
--to=asturm@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox