gentoo resync : 22.04.2018

author: V3n3RiX <venerix@redcorelinux.org> 2018-04-22 14:25:03 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2018-04-22 14:25:03 +0100
commit: 5e8702bcbbed438e6c6cce023e7ef0cc9baa3e02 (patch)
tree: b041acef19bb9ae66c228d5c9d34d1e00aeb2b95 /media-sound/mp3gain
parent: 5cfef3c94cd7e82136c69a0322f5ba21f7e64632 (diff)
4 files changed, 114 insertions, 38 deletions
diff --git a/media-sound/mp3gain/Manifest b/media-sound/mp3gain/Manifest
index e6caeb3fb588..8e87f26a9f3e 100644
--- a/media-sound/mp3gain/Manifest
+++ b/media-sound/mp3gain/Manifest
@@ -1,3 +1,4 @@
-DIST mp3gain-1_5_2-src.zip 129435 BLAKE2B 39ad12a09e58375c23602939097622fda0cb6b7487e95947d5443fce55f4d2163c15df619f96b1839acf99bba9ed8ad1990bab287e1392c30813d185d823d734 SHA512 1a7ac51bf0108c1f6fbd610c513bf7fd2c64d340a2ba23dc9fa5c3b896b279474f31f2d60318f409576e39f7643dd585d3e159e2a4db4553f7c9cc3761b7f388
-EBUILD mp3gain-1.5.2.ebuild 728 BLAKE2B a93caa57abf577406eac807d879f53f375868cb34ab11fc637f9affcbed6a4233af42f671f3277764c52dcc2b4fc2c3f30a68ab6ae549dc1ea6ed0dee62978ca SHA512 99741719ade948434a37842839586b51b72634fea2cf642162be076f1042ba03b031b6a3148889ee073e8fdea88e7fc7ec8d6b5e93918203f00e61c193bf9841
+AUX mp3gain-1.6.1-CVE-2017-12911.patch 2804 BLAKE2B 71d410abe4196cb47d4f006af7d8fd73a0308280ce57aaa955434c9f7b1bb8bf3363eb1ad8dbe0da3b5dd79e4ac5a355b796cdc253608c5bf2ba7c03527c3b32 SHA512 b5b093f18160cd4205870952d8f092c300f66d6fa025ac09114f55b1e5b37af6ab8ea1b505e33446f6c7153a5ffad04c001b67f9a069db8d3418c6fae3e73002
+DIST mp3gain-1_6_1-src.zip 68932 BLAKE2B 8c1ed35123f1613e189ec7bd74ee9f6176404a1b79c660f8f1a6df461cdfd3c6bb505daa09b8cc4756e1755d0923fe473a45c3ae171fcf35df22daaa08a7717a SHA512 6d26a7716a1901c80caff9d7fb03a454a452c06c6a57a7a921d5979727e112ba139690d8a287dde7a6e5a09b022d3c6f57193b4756a9c25caa177cef65f9e375
+EBUILD mp3gain-1.6.1.ebuild 676 BLAKE2B ecf7bddf2ac065af612287123bb04fde4adbf04221c4dc409a59f22213ed1c6ee04dd1e8e0b8922d3f465a90f3ed34f312b5acb8329efa332215dd79e9b9cc22 SHA512 52fe2d39c153bfa0d83ac36fb89f3a694b881850c3c69bfbd6f1af6599abb6fd665bc9d94effb25146859d297a32580a4841442a10d37e5a594bd06666e777c6
 MISC metadata.xml 452 BLAKE2B c0b22d81f8e91934b834281f256b67e4e61a86fe9cfee08ace713baa8ff28221393594e9199aa631889c2b7e25b50bc108876b3f991ea7bef7575e486d5b206a SHA512 8ab00c2369fea3ed2ae75f5d04939ac81f4f227236215556157c3616ce1d72636c94af0988f06c995a08dd95c3774635c5d954e6992a077c20c7472be907a119
diff --git a/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch b/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch
new file mode 100644
index 000000000000..0b5a32280963
--- /dev/null
+++ b/media-sound/mp3gain/files/mp3gain-1.6.1-CVE-2017-12911.patch
@@ -0,0 +1,77 @@
+--- a/apetag.c
++++ b/apetag.c
+@@ -49,6 +49,12 @@
+ 
+ static int Lyrics3GetNumber6 ( const unsigned char* string )
+ {
++	if (string[0] < '0' || string[0] > '9') return 0;
++	if (string[1] < '0' || string[1] > '9') return 0;
++	if (string[2] < '0' || string[2] > '9') return 0;
++	if (string[3] < '0' || string[3] > '9') return 0;
++	if (string[4] < '0' || string[4] > '9') return 0;
++	if (string[5] < '0' || string[5] > '9') return 0;
+ 	return ( string[0] - '0') * 100000 +
+ 		   ( string[1] - '0') * 10000 +
+ 		   ( string[2] - '0') * 1000 +
+@@ -86,12 +92,14 @@
+ 		free(*id3tagbuff);
+ 	*id3tagbuff = (unsigned char *)malloc(128);
+     memcpy(*id3tagbuff,tmpid3,128);
++	if ( *tag_offset < (128 + (long)(sizeof(T))) ) return 0;
+     if ( fseek (fp, *tag_offset - 128 - sizeof (T), SEEK_SET) ) return 0;
+     if ( fread (&T, 1, sizeof (T), fp) != sizeof (T) ) return 0;
+     // check for lyrics3 v2.00 tag
+     if ( memcmp (T.ID, "LYRICS200", sizeof (T.ID)) ) return 0;
+ 	len = Lyrics3GetNumber6 (T.Length);
+-	if ( fseek (fp, *tag_offset - 128 - (int)sizeof (T) - len, SEEK_SET) ) return 0;
++	if (*tag_offset < (128 + (long)(sizeof(T)) + len)) return 0;
++	if ( fseek (fp, *tag_offset - 128 - (long)sizeof (T) - len, SEEK_SET) ) return 0;
+     if ( fread  (tmp, 1, 11, fp) != 11 ) return 0;
+     if ( memcmp (tmp, "LYRICSBEGIN", 11) ) return 0;
+     
+@@ -167,6 +175,7 @@
+     Ver = Read_LE_Uint32 (T.Version);
+     if ( (Ver != 1000) && (Ver != 2000) ) return 0;
+     if ( (TagLen = Read_LE_Uint32 (T.Length)) < sizeof (T) ) return 0;
++	if (*tag_offset < TagLen) return 0;
+     if ( fseek (fp, *tag_offset - TagLen, SEEK_SET) ) return 0;
+     buff = (char *)malloc (TagLen);
+     if ( fread (buff, 1, TagLen - sizeof (T), fp) != (TagLen - sizeof (T)) ) {
+@@ -285,6 +294,7 @@
+ 	(*apeTag)->originalTagSize = TagLen;
+ 
+     if ( Read_LE_Uint32 (T.Flags) & (1<<31) ) {  // Tag contains header
++		if (*tag_offset < (long)(sizeof(T))) return 0;
+         *tag_offset -= sizeof (T);
+ 
+ 		fseek (fp, *tag_offset, SEEK_SET);
+@@ -355,14 +365,14 @@
+  */
+ int ReadMP3GainAPETag (char *filename, struct MP3GainTagInfo *info, struct FileTagsStruct *fileTags) {
+     FILE *fi;
+-    long tag_offset, offs_bk;
++    long tag_offset, offs_bk, file_size;
+ 
+     fi = fopen(filename, "rb");
+     if (fi == NULL)
+ 		return 0;
+ 	
+ 	fseek(fi, 0, SEEK_END);
+-    tag_offset = ftell(fi);
++    tag_offset = file_size = ftell(fi);
+ 	
+ 	fileTags->lyrics3TagSize = 0;
+ 
+@@ -373,7 +383,11 @@
+ 		ReadMP3ID3v1Tag ( fi, &(fileTags->id31tag), &tag_offset );
+ 	} while ( offs_bk != tag_offset );
+ 
+-	fileTags->tagOffset = tag_offset;
++	if (tag_offset >= 0 && tag_offset <= file_size) {
++		fileTags->tagOffset = tag_offset;
++	} else { //Corrupt tag information, simply default to end-of-file
++		fileTags->tagOffset = file_size;
++	}
+ 
+     fclose(fi);
+ 
+\ No newline at end of file
diff --git a/media-sound/mp3gain/mp3gain-1.5.2.ebuild b/media-sound/mp3gain/mp3gain-1.5.2.ebuild
deleted file mode 100644
index f97e02d40f50..000000000000
--- a/media-sound/mp3gain/mp3gain-1.5.2.ebuild
+++ /dev/null
@@ -1,36 +0,0 @@
-# Copyright 1999-2015 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=2
-inherit toolchain-funcs
-
-MY_P=${P//./_}
-
-DESCRIPTION="A program to analyze and adjust MP3 files to same volume"
-HOMEPAGE="http://mp3gain.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}-src.zip"
-
-LICENSE="LGPL-2.1"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
-IUSE=""
-
-RDEPEND=""
-DEPEND="app-arch/unzip"
-
-S=${WORKDIR}
-
-src_prepare() {
-	sed -i \
-		-e 's:CFLAGS= -Wall -O2:CFLAGS+= -Wall:' \
-		-e 's:$(CC) -o:$(CC) $(LDFLAGS) -o:' \
-		Makefile || die
-}
-
-src_compile() {
-	emake CC="$(tc-getCC)" || die
-}
-
-src_install() {
-	dobin mp3gain || die
-}
diff --git a/media-sound/mp3gain/mp3gain-1.6.1.ebuild b/media-sound/mp3gain/mp3gain-1.6.1.ebuild
new file mode 100644
index 000000000000..87dce052e2ae
--- /dev/null
+++ b/media-sound/mp3gain/mp3gain-1.6.1.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+inherit toolchain-funcs
+
+MY_P="${P//./_}"
+
+DESCRIPTION="A program to analyze and adjust MP3 files to same volume"
+HOMEPAGE="http://mp3gain.sourceforge.net/"
+SRC_URI="mirror://sourceforge/${PN}/${MY_P}-src.zip"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~hppa ~ppc ~ppc64 ~sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos"
+IUSE=""
+
+RDEPEND="
+	app-arch/unzip
+	media-sound/mpg123
+"
+DEPEND="${RDEPEND}"
+
+PATCHES=( "${FILESDIR}"/${P}-CVE-2017-12911.patch )
+
+S="${WORKDIR}"
+
+src_compile() {
+	emake CC="$(tc-getCC)"
+}
+
+src_install() {
+	dobin mp3gain
+}
author	V3n3RiX <venerix@redcorelinux.org>	2018-04-22 14:25:03 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2018-04-22 14:25:03 +0100
commit	5e8702bcbbed438e6c6cce023e7ef0cc9baa3e02 (patch)
tree	b041acef19bb9ae66c228d5c9d34d1e00aeb2b95 /media-sound/mp3gain
parent	5cfef3c94cd7e82136c69a0322f5ba21f7e64632 (diff)