[gentoo-commits] repo/gentoo:master commit in: media-libs/libvorbis/, media-libs/libvorbis/files/

[gentoo-commits] repo/gentoo:master commit in: media-libs/libvorbis/, media-libs/libvorbis/files/

[Miroslav Šulc]

commit:     aca7f025aa768f7b2d826011df6d07ea1b023eab
Author:     Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>
AuthorDate: Tue Sep  8 07:51:18 2020 +0000
Commit:     Miroslav Šulc <fordfrog <AT> gentoo <DOT> org>
CommitDate: Tue Sep  8 07:51:18 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aca7f025

media-libs/libvorbis: removed obsolete 1.3.6-r1

Package-Manager: Portage-3.0.6, Repoman-3.0.1
Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org>

 media-libs/libvorbis/Manifest                      |  1 -
 .../files/libvorbis-1.3.6-CVE-2017-14160.patch     | 29 -----------
 .../files/libvorbis-1.3.6-CVE-2018-10392.patch     | 25 ---------
 media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild     | 60 ----------------------
 4 files changed, 115 deletions(-)

diff --git a/media-libs/libvorbis/Manifest b/media-libs/libvorbis/Manifest
index 39301919adc..63ff2efccc1 100644
--- a/media-libs/libvorbis/Manifest
+++ b/media-libs/libvorbis/Manifest
@@ -1,2 +1 @@
-DIST libvorbis-1.3.6.tar.xz 1195388 BLAKE2B 9fc1dd125fdecb95687ea159b75cd66eed21329ec0795a3050e52e6cc58e1aac7b084ca25c4e52ca6f251ff474f6d71a716c0fbb2367beda8eb6a51a8fa9049a SHA512 a5d990bb88db2501b16f8eaee9f2ecb599cefd7dab2134d16538d8905263a972157c7671867848c2a8a358bf5e5dbc7721205ece001032482f168be7bda4f132
 DIST libvorbis-1.3.7.tar.xz 1203792 BLAKE2B 849e3f1129313646471e2bb7e9beeb3766d6a121fe09984e39a353cae7dacd0a970900b0cb6f68b1d69e759515298d901fcc0cba1edb91dbc4bae4456f4bd6ea SHA512 bbf5f11f623d959b3ba98d6b52806521b0b918b59b867f0658c153ea1013293364eead4987e9e71f8798021379310860a2e548fcf89d10caf23d45e41aba45cd

diff --git a/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2017-14160.patch b/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2017-14160.patch
deleted file mode 100644
index 7759e2eb2a6..00000000000
--- a/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2017-14160.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-This is also the patch for CVE-2018-10393.
-
-From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Wed, 9 May 2018 14:56:59 -0700
-Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates.
-
----
- lib/psy.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/lib/psy.c b/lib/psy.c
-index 422c6f1..1310123 100644
---- a/lib/psy.c
-+++ b/lib/psy.c
-@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
-   for (i = 0, x = 0.f;; i++, x += 1.f) {
- 
-     lo = b[i] >> 16;
--    if( lo>=0 ) break;
-     hi = b[i] & 0xffff;
-+    if( lo>=0 ) break;
-+    if( hi>=n ) break;
- 
-     tN = N[hi] + N[-lo];
-     tX = X[hi] - X[-lo];
--- 
-2.22.0
-

diff --git a/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2018-10392.patch b/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2018-10392.patch
deleted file mode 100644
index a12038a9423..00000000000
--- a/media-libs/libvorbis/files/libvorbis-1.3.6-CVE-2018-10392.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001
-From: Thomas Daede <daede003@umn.edu>
-Date: Thu, 17 May 2018 16:19:19 -0700
-Subject: [PATCH] Sanity check number of channels in setup.
-
-Fixes #2335.
----
- lib/vorbisenc.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
-index 4fc7b62..64a51b5 100644
---- a/lib/vorbisenc.c
-+++ b/lib/vorbisenc.c
-@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
-   highlevel_encode_setup *hi=&ci->hi;
- 
-   if(ci==NULL)return(OV_EINVAL);
-+  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
-   if(!hi->impulse_block_p)i0=1;
- 
-   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
--- 
-2.22.0
-

diff --git a/media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild b/media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild
deleted file mode 100644
index 304ac22cd07..00000000000
--- a/media-libs/libvorbis/libvorbis-1.3.6-r1.ebuild
+++ /dev/null
@@ -1,60 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-inherit autotools multilib-minimal
-
-DESCRIPTION="The Ogg Vorbis sound file format library"
-HOMEPAGE="https://xiph.org/vorbis/"
-SRC_URI="https://downloads.xiph.org/releases/vorbis/${P}.tar.xz"
-
-LICENSE="BSD"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~mips ppc ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
-IUSE="static-libs test"
-
-RESTRICT="!test? ( test )"
-
-BDEPEND="virtual/pkgconfig"
-
-RDEPEND=">=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]"
-
-DEPEND="${RDEPEND}"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-CVE-2017-14160.patch
-	"${FILESDIR}"/${P}-CVE-2018-10392.patch
-)
-
-src_prepare() {
-	default
-
-	sed -i \
-		-e '/CFLAGS/s:-O20::' \
-		-e '/CFLAGS/s:-mcpu=750::' \
-		-e '/CFLAGS/s:-mno-ieee-fp::' \
-		configure.ac || die
-
-	# Un-hack docdir redefinition.
-	find -name 'Makefile.am' \
-		-exec sed -i \
-			-e 's:$(datadir)/doc/$(PACKAGE)-$(VERSION):@docdir@/html:' \
-			{} + || die
-
-	eautoreconf
-}
-
-multilib_src_configure() {
-	local myconf=(
-		--enable-shared
-		$(use_enable static-libs static)
-		$(use_enable test oggtest)
-	)
-
-	einfo "Running configure in ${BUILD_DIR}"
-	ECONF_SOURCE="${S}" econf "${myconf[@]}"
-}
-
-multilib_src_install_all() {
-	find "${ED}" -name '*.la' -delete || die
-}

[gentoo-commits] repo/gentoo:master commit in: media-libs/libvorbis/, media-libs/libvorbis/files/

[Sam James]

commit:     a921e04dff46b220e8be2f32d10ab10a98038a92
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar  9 08:25:10 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar  9 08:26:11 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a921e04d

media-libs/libvorbis: fix UBSAN issue and some other patches

Noticed when looking at bug #950965 but it's not related at all.

Fixes an issue with UBSAN and some other notable looking patches from
master for correctness.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/libvorbis-1.3.7-mismatched-free.patch    | 29 +++++++++++
 .../files/libvorbis-1.3.7-psy-bounds.patch         | 35 +++++++++++++
 .../files/libvorbis-1.3.7-ubsan-shift.patch        | 27 ++++++++++
 media-libs/libvorbis/libvorbis-1.3.7-r2.ebuild     | 59 ++++++++++++++++++++++
 4 files changed, 150 insertions(+)

diff --git a/media-libs/libvorbis/files/libvorbis-1.3.7-mismatched-free.patch b/media-libs/libvorbis/files/libvorbis-1.3.7-mismatched-free.patch
new file mode 100644
index 000000000000..e15c8fad4888
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.3.7-mismatched-free.patch
@@ -0,0 +1,29 @@
+https://gitlab.xiph.org/xiph/vorbis/-/commit/4e1155cc77a2c672f3dd18f9a32dbf1404693289
+
+From 4e1155cc77a2c672f3dd18f9a32dbf1404693289 Mon Sep 17 00:00:00 2001
+From: Robert Kausch <robert.kausch@freac.org>
+Date: Sat, 20 Feb 2021 16:22:02 +0100
+Subject: [PATCH] Fix tests run with make check when using alternative
+ allocators.
+
+The call to free in line 584 of sharedbook.c mismatches
+the _ogg_calloc call used to allocated that data in line 216.
+
+This causes make check to fail when alternative allocators
+are used, e.g. the xmm_malloc family of allocators used with
+the Lancer optimizations.
+
+Signed-off-by: Ralph Giles <giles@thaumas.net>
+--- a/lib/sharedbook.c
++++ b/lib/sharedbook.c
+@@ -581,7 +581,7 @@ void run_test(static_codebook *b,float *comp){
+       exit(1);
+     }
+   }
+-  free(out);
++  _ogg_free(out);
+ }
+ 
+ int main(){
+-- 
+GitLab

diff --git a/media-libs/libvorbis/files/libvorbis-1.3.7-psy-bounds.patch b/media-libs/libvorbis/files/libvorbis-1.3.7-psy-bounds.patch
new file mode 100644
index 000000000000..1331c7ca24c7
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.3.7-psy-bounds.patch
@@ -0,0 +1,35 @@
+https://gitlab.xiph.org/xiph/vorbis/-/commit/315da9cc9d30484c802b2e2ea150df39e060e2b9
+
+From 315da9cc9d30484c802b2e2ea150df39e060e2b9 Mon Sep 17 00:00:00 2001
+From: "Timothy B. Terriberry" <tterribe@xiph.org>
+Date: Wed, 5 Feb 2025 08:11:19 -0800
+Subject: [PATCH] Fix the half-octave bounds check in _vp_psy_init
+
+The existing code ensured that halfoc would not exceed P_BANDS-1,
+ but the interpolation used index P_BANDS (albeit with a weight
+ of 0) when this bound was actually hit.
+Add an extra clamp on the integer index to avoid this.
+Thanks to Paul Adenot for the report.
+
+Fixes #2353
+---
+ lib/psy.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 036b094a..96213c42 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -339,6 +339,10 @@ void _vp_psy_init(vorbis_look_psy *p,vorbis_info_psy *vi,
+     if(halfoc<0)halfoc=0;
+     if(halfoc>=P_BANDS-1)halfoc=P_BANDS-1;
+     inthalfoc=(int)halfoc;
++    /*If we hit the P_BANDS-1 clamp above, inthalfoc+1 will be out of bounds,
++       even though it will have an interpolation weight of 0.
++      Shift the interval so we don't read past the end of the array.*/
++    if(inthalfoc>=P_BANDS-2)inthalfoc=P_BANDS-2;
+     del=halfoc-inthalfoc;
+ 
+     for(j=0;j<P_NOISECURVES;j++)
+-- 
+GitLab

diff --git a/media-libs/libvorbis/files/libvorbis-1.3.7-ubsan-shift.patch b/media-libs/libvorbis/files/libvorbis-1.3.7-ubsan-shift.patch
new file mode 100644
index 000000000000..d3b4558de637
--- /dev/null
+++ b/media-libs/libvorbis/files/libvorbis-1.3.7-ubsan-shift.patch
@@ -0,0 +1,27 @@
+https://gitlab.xiph.org/xiph/vorbis/-/commit/bb4047de4c05712bf1fd49b9584c360b8e4e0adf
+
+From bb4047de4c05712bf1fd49b9584c360b8e4e0adf Mon Sep 17 00:00:00 2001
+From: Tristan Matthews <tmatth@videolan.org>
+Date: Fri, 14 Jun 2024 11:39:26 -0400
+Subject: [PATCH] sharedbook: cast to unsigned to avoid undefined shift
+
+Fixes #2351
+---
+ lib/sharedbook.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/sharedbook.c b/lib/sharedbook.c
+index 444f42b5..7a98b479 100644
+--- a/lib/sharedbook.c
++++ b/lib/sharedbook.c
+@@ -422,7 +422,7 @@ int vorbis_book_init_decode(codebook *c,const static_codebook *s){
+         long lo=0,hi=0;
+ 
+         for(i=0;i<tabn;i++){
+-          ogg_uint32_t word=i<<(32-c->dec_firsttablen);
++          ogg_uint32_t word=((ogg_uint32_t)i<<(32-c->dec_firsttablen));
+           if(c->dec_firsttable[bitreverse(word)]==0){
+             while((lo+1)<n && c->codelist[lo+1]<=word)lo++;
+             while(    hi<n && word>=(c->codelist[hi]&mask))hi++;
+-- 
+GitLab

diff --git a/media-libs/libvorbis/libvorbis-1.3.7-r2.ebuild b/media-libs/libvorbis/libvorbis-1.3.7-r2.ebuild
new file mode 100644
index 000000000000..9c3f5c01b36c
--- /dev/null
+++ b/media-libs/libvorbis/libvorbis-1.3.7-r2.ebuild
@@ -0,0 +1,59 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit autotools multilib-minimal
+
+DESCRIPTION="The Ogg Vorbis sound file format library"
+HOMEPAGE="https://xiph.org/vorbis/"
+SRC_URI="https://downloads.xiph.org/releases/vorbis/${P}.tar.xz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x64-solaris"
+IUSE="static-libs test"
+RESTRICT="!test? ( test )"
+
+BDEPEND="virtual/pkgconfig"
+RDEPEND=">=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]"
+DEPEND="${RDEPEND}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-mismatched-free.patch
+	"${FILESDIR}"/${P}-macro-wstrict-prototypes.patch
+	"${FILESDIR}"/${P}-ubsan-shift.patch
+	"${FILESDIR}"/${P}-psy-bounds.patch
+)
+
+src_prepare() {
+	default
+
+	sed -i \
+		-e '/CFLAGS/s:-O20::' \
+		-e '/CFLAGS/s:-mcpu=750::' \
+		-e '/CFLAGS/s:-mno-ieee-fp::' \
+		configure.ac || die
+
+	# Un-hack docdir redefinition.
+	find -name 'Makefile.am' \
+		-exec sed -i \
+			-e 's:$(datadir)/doc/$(PACKAGE)-$(VERSION):@docdir@/html:' \
+			{} + || die
+
+	eautoreconf
+}
+
+multilib_src_configure() {
+	local myconf=(
+		--enable-shared
+		$(use_enable static-libs static)
+		$(use_enable test oggtest)
+	)
+
+	ECONF_SOURCE="${S}" econf "${myconf[@]}"
+}
+
+multilib_src_install_all() {
+	find "${ED}" -type f -name '*.la' -delete || die
+}