From 265dbe5dbc14c199299496c6db8fce3f76647015 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 21 Sep 2018 18:00:10 +0100
Subject: gentoo resync : 21.09.2018

---
 media-libs/libsndfile/Manifest                     |  4 +
 .../files/libsndfile-1.0.28-CVE-2017-12562.patch   | 88 ++++++++++++++++++++++
 .../files/libsndfile-1.0.28-CVE-2018-13139.patch   | 31 ++++++++
 media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild  | 66 ++++++++++++++++
 media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild  | 67 ++++++++++++++++
 5 files changed, 256 insertions(+)
 create mode 100644 media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch
 create mode 100644 media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch
 create mode 100644 media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild
 create mode 100644 media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild

(limited to 'media-libs/libsndfile')

diff --git a/media-libs/libsndfile/Manifest b/media-libs/libsndfile/Manifest
index baa3cd861d25..35426916dda2 100644
--- a/media-libs/libsndfile/Manifest
+++ b/media-libs/libsndfile/Manifest
@@ -1,5 +1,9 @@
+AUX libsndfile-1.0.28-CVE-2017-12562.patch 4360 BLAKE2B d668fa5c114e3510ff51e2331593d040e0a69476472d55d2a784ceccc71d880cdcc4cda53210d8e2c62abb2397f13d8129162567df8f5528489190ce7c102172 SHA512 8f07edf06652c56877dc5bc478daf494bcfaa45fa1d5a655719aaa8b363edffb749c4878ca11a7dac602ac5658b17eea9397ad824e2c3be38e9fe6c51cea0c63
+AUX libsndfile-1.0.28-CVE-2018-13139.patch 920 BLAKE2B ac10209a6fa2f0f28b5d36dae9bd4e1afde90ae4db55163c42ea99bd20292c1e2df74f3130030982da13a16df11a1fc10b0138ecebc304351efd1b7852084d72 SHA512 b6a04575730de5a9bf2d1b531d585961a4bb822fbb2441d1cebf75519aa3744eddb3a322fc3b4f8aaf92cbf6fafee24eab6b26fa97d49bd2cbc0e3aec1aea66a
 AUX libsndfile-1.0.28-arm-varargs-failure.patch 1329 BLAKE2B d8a995e6596db880d2188cfc3243b7aff2dc13ed617b0bf589e918c5a852d4fc1d69c00eec26ec8c8b258ab00eb860872e01b149254d554cd563fd6d7b532891 SHA512 4577282dc0b71d456a562d06d8b22958f24caf383c6c4c8aa2c9006614d3110b7d6bbf896ce393468455460cb8d466c09a48416cdf159e30de6d5ecaa0d4cf09
 DIST libsndfile-1.0.28.tar.gz 1202833 BLAKE2B 102735766e2c22b5278fde43feaaa664598c08fadb5264d5130e4bf1e354bd4202948db38e2912d7487bd7f8c0b9faf1616c0873eed886a56b1d7f49452bf488 SHA512 890731a6b8173f714155ce05eaf6d991b31632c8ab207fbae860968861a107552df26fcf85602df2e7f65502c7256c1b41735e1122485a3a07ddb580aa83b57f
 EBUILD libsndfile-1.0.28-r1.ebuild 1663 BLAKE2B 7c6a0c188b0ffba2b67b87c117ef186e0bbc12dadc61cd4d1e58e8f4d02be44bb63d1244fb41ec1520d66b230c66d7d4a466ada116e1cd3ce7551995353db113 SHA512 9ad9784b4dfddb8f4d1b3f70cc47965e35fa2e3b4469e3906dec6be2dc53841f102603f37cb078438148d6fdecace56696038f04c02ace9c14d0c26ec6a12825
+EBUILD libsndfile-1.0.28-r2.ebuild 1721 BLAKE2B 7239131284eae7494988647171fc30680de5a6d3a916c179f0c56818c1ce9adddf827089bae208c4f1d6aa2e1f42b0e74914756a30ad56653ac211e43e6f5cd7 SHA512 5aa47d7d321bd9b94c5c8f4f8b1cbf604f826bd0c3cd309310de2943711f869c7fc10218a9518bfacafcf78428e6ac915e4c3b3cf86156742ff6474eda8969d2
+EBUILD libsndfile-1.0.28-r3.ebuild 1761 BLAKE2B 86a94ad3f44738bd4de2543a32038f8ec1ac75269f1481fa7f4212449d8a77467abb63d4bd73fd94a3173782a6458333fa14ab66588ecac76a7cba8e1237257e SHA512 a248b4a09a4dafd07e4fd6fece2643a28c7efe93aa70a86c452a339ba085195e26425f98cb71acef14fe6410f25100c8cb6979fbdb5f4e9c0d777f856ea6cd50
 EBUILD libsndfile-9999.ebuild 1745 BLAKE2B 597955cb2733c8ba88cbea8c0b6a8539cc3e4cbf4360244cafe669c85068c9a4f5b7fb152ffaf390344629d12909a8d514b06372afb6bed01aa90247e5470ed6 SHA512 37a4087046ba8fe41abd09bc16f485e8ca9ce1938021281ff09a5b2b953ed88f935389d13a9b1f6286bd3d35ebf727b4708cb117c7510ef4067f6fb39758adc7
 MISC metadata.xml 259 BLAKE2B 7339f463fc3fa87e1aba5665d97d0878dfd0ccdc4570e76adb531ce80090b0fd0eadf7ee78e3d081cd48083a800c5ecb395255df40d35f8745471346cf07ff16 SHA512 7315c86cee93f8109e30dd379dde35c51ad60e759a037cc8ee3feeec369434d65fecf785480861e7fc6a17baaf81517083284783b4b35143c911da98846d0360
diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch
new file mode 100644
index 000000000000..0ff2b7ef4590
--- /dev/null
+++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2017-12562.patch
@@ -0,0 +1,88 @@
+From b6a9d7e95888ffa77d8c75ce3f03e6c7165587cd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
+Date: Wed, 14 Jun 2017 12:25:40 +0200
+Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
+ in binheader
+
+Fixes the following problems:
+ 1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
+ 2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
+    big switch statement by an amount (16 bytes) which is enough for all cases
+    where only a single value gets added. Cases 's', 'S', 'p' however
+    additionally write an arbitrary length block of data and again enlarge the
+    buffer to the required amount. However, the required space calculation does
+    not take into account the size of the length field which gets output before
+    the data.
+ 3. Buffer size requirement calculation in case 'S' does not account for the
+    padding byte ("size += (size & 1) ;" happens after the calculation which
+    uses "size").
+ 4. Case 'S' can overrun the header buffer by 1 byte when no padding is
+    involved
+    ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
+    the buffer is only guaranteed to have "size" space available).
+ 5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
+    beyond the space which is guaranteed to be allocated in the header buffer.
+ 6. Case 's' can overrun the provided source string by 1 byte if padding is
+    involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
+    where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
+    plus optionally another 1 which is padding and not guaranteed to be
+    readable via the source string pointer).
+
+Closes: https://github.com/erikd/libsndfile/issues/292
+---
+ src/common.c | 15 +++++++--------
+ 1 file changed, 7 insertions(+), 8 deletions(-)
+
+diff --git a/src/common.c b/src/common.c
+index 1a6204ca..6b2a2ee9 100644
+--- a/src/common.c
++++ b/src/common.c
+@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					/* Write a C string (guaranteed to have a zero terminator). */
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) + 1 ;
+-					size += (size & 1) ;
+ 
+-					if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+-						header_put_be_int (psf, size) ;
++						header_put_be_int (psf, size + (size & 1)) ;
+ 					else
+-						header_put_le_int (psf, size) ;
++						header_put_le_int (psf, size + (size & 1)) ;
+ 					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
++					size += (size & 1) ;
+ 					psf->header.indx += size ;
+ 					psf->header.ptr [psf->header.indx - 1] = 0 ;
+ 					count += 4 + size ;
+@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					*/
+ 					strptr = va_arg (argptr, char *) ;
+ 					size = strlen (strptr) ;
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ 						return count ;
+ 					if (psf->rwf_endian == SF_ENDIAN_BIG)
+ 						header_put_be_int (psf, size) ;
+ 					else
+ 						header_put_le_int (psf, size) ;
+-					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
++					memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
+ 					size += (size & 1) ;
+ 					psf->header.indx += size ;
+-					psf->header.ptr [psf->header.indx] = 0 ;
+ 					count += 4 + size ;
+ 					break ;
+ 
+@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
+ 					size = (size & 1) ? size : size + 1 ;
+ 					size = (size > 254) ? 254 : size ;
+ 
+-					if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
++					if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ 						return count ;
+ 
+ 					header_put_byte (psf, size) ;
diff --git a/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch
new file mode 100644
index 000000000000..18e6ae76e62c
--- /dev/null
+++ b/media-libs/libsndfile/files/libsndfile-1.0.28-CVE-2018-13139.patch
@@ -0,0 +1,31 @@
+From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001
+From: "Brett T. Warden" <brett.t.warden@intel.com>
+Date: Tue, 28 Aug 2018 12:01:17 -0700
+Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
+
+Allocated buffer has space for only 16 channels. Verify that input file
+meets this limit.
+
+Fixes #397
+---
+ programs/sndfile-deinterleave.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
+index 53660310..225b4d54 100644
+--- a/programs/sndfile-deinterleave.c
++++ b/programs/sndfile-deinterleave.c
+@@ -89,6 +89,13 @@ main (int argc, char **argv)
+ 		exit (1) ;
+ 		} ;
+ 
++	if (sfinfo.channels > MAX_CHANNELS)
++	{	printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
++			argv [1], sfinfo.channels, MAX_CHANNELS) ;
++		exit (1) ;
++		} ;
++
++
+ 	state.channels = sfinfo.channels ;
+ 	sfinfo.channels = 1 ;
+ 
\ No newline at end of file
diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild
new file mode 100644
index 000000000000..fb59074ec723
--- /dev/null
+++ b/media-libs/libsndfile/libsndfile-1.0.28-r2.ebuild
@@ -0,0 +1,66 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} )
+
+inherit python-any-r1 multilib-minimal
+
+MY_P=${P/_pre/pre}
+
+DESCRIPTION="C library for reading and writing files containing sampled sound"
+HOMEPAGE="http://www.mega-nerd.com/libsndfile"
+if [[ ${MY_P} == ${P} ]]; then
+	SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz"
+else
+	SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz"
+fi
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="alsa minimal sqlite static-libs test"
+
+RDEPEND="
+	!minimal? (
+		>=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}]
+		>=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]
+		>=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}]
+	)
+	alsa? ( media-libs/alsa-lib )
+	sqlite? ( >=dev-db/sqlite-3.2 )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	virtual/pkgconfig
+	test? ( ${PYTHON_DEPS} )"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+	"${FILESDIR}"/${P}-arm-varargs-failure.patch
+	"${FILESDIR}"/${P}-CVE-2017-12562.patch
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		--disable-octave \
+		--enable-gcc-pipe \
+		--enable-gcc-opt \
+		$(use_enable static-libs static) \
+		$(use_enable !minimal external-libs) \
+		$(multilib_native_enable full-suite) \
+		$(multilib_native_use_enable alsa) \
+		$(multilib_native_use_enable sqlite)
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	# package provides .pc files
+	find "${D}" -name '*.la' -delete || die
+}
diff --git a/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild
new file mode 100644
index 000000000000..ea62ff850c7b
--- /dev/null
+++ b/media-libs/libsndfile/libsndfile-1.0.28-r3.ebuild
@@ -0,0 +1,67 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} pypy{,3} )
+
+inherit python-any-r1 multilib-minimal
+
+MY_P=${P/_pre/pre}
+
+DESCRIPTION="C library for reading and writing files containing sampled sound"
+HOMEPAGE="http://www.mega-nerd.com/libsndfile"
+if [[ ${MY_P} == ${P} ]]; then
+	SRC_URI="http://www.mega-nerd.com/libsndfile/files/${P}.tar.gz"
+else
+	SRC_URI="http://www.mega-nerd.com/tmp/${MY_P}b.tar.gz"
+fi
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh sparc x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~sparc-solaris ~x64-solaris ~x86-solaris"
+IUSE="alsa minimal sqlite static-libs test"
+
+RDEPEND="
+	!minimal? (
+		>=media-libs/flac-1.2.1-r5[${MULTILIB_USEDEP}]
+		>=media-libs/libogg-1.3.0[${MULTILIB_USEDEP}]
+		>=media-libs/libvorbis-1.3.3-r1[${MULTILIB_USEDEP}]
+	)
+	alsa? ( media-libs/alsa-lib )
+	sqlite? ( >=dev-db/sqlite-3.2 )"
+DEPEND="${RDEPEND}"
+BDEPEND="
+	virtual/pkgconfig
+	test? ( ${PYTHON_DEPS} )"
+
+S=${WORKDIR}/${MY_P}
+
+PATCHES=(
+	"${FILESDIR}"/${P}-arm-varargs-failure.patch
+	"${FILESDIR}"/${P}-CVE-2017-12562.patch
+	"${FILESDIR}"/${P}-CVE-2018-13139.patch
+)
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+multilib_src_configure() {
+	ECONF_SOURCE="${S}" econf \
+		--disable-octave \
+		--enable-gcc-pipe \
+		--enable-gcc-opt \
+		$(use_enable static-libs static) \
+		$(use_enable !minimal external-libs) \
+		$(multilib_native_enable full-suite) \
+		$(multilib_native_use_enable alsa) \
+		$(multilib_native_use_enable sqlite)
+}
+
+multilib_src_install_all() {
+	einstalldocs
+
+	# package provides .pc files
+	find "${D}" -name '*.la' -delete || die
+}
-- 
cgit v1.2.3