From 4f2d7949f03e1c198bc888f2d05f421d35c57e21 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Mon, 9 Oct 2017 18:53:29 +0100 Subject: reinit the tree, so we can have metadata --- .../files/vorbis-tools-1.4.0-CVE-2014-9638.patch | 92 ++++++++++++++++++++++ .../files/vorbis-tools-1.4.0-CVE-2014-9640.patch | 24 ++++++ .../vorbis-tools-1.4.0-aiff-buffer-overflow.patch | 31 ++++++++ .../files/vorbis-tools-1.4.0-format-security.patch | 11 +++ .../files/vorbis-tools-1.4.0-underlinking.patch | 47 +++++++++++ 5 files changed, 205 insertions(+) create mode 100644 media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch create mode 100644 media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch create mode 100644 media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch create mode 100644 media-sound/vorbis-tools/files/vorbis-tools-1.4.0-format-security.patch create mode 100644 media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch (limited to 'media-sound/vorbis-tools/files') diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch new file mode 100644 index 000000000000..79859df0274f --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch @@ -0,0 +1,92 @@ +Patches taken as references: +https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e +https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch +To fix bug report: +http://www.openwall.com/lists/oss-security/2015/08/29/1 + https://bugs.gentoo.org/show_bug.cgi?id=559170 +https://bugs.gentoo.org/show_bug.cgi?id=537422 +--- oggenc/audio.h ++++ oggenc/audio.h +@@ -25,7 +25,7 @@ + + typedef struct { + short format; +- short channels; ++ unsigned short channels; + int samplerate; + int bytespersec; + short align; +@@ -44,7 +44,7 @@ + } wavfile; + + typedef struct { +- short channels; ++ unsigned short channels; + int totalframes; + short samplesize; + int rate; +--- oggenc/audio.c ++++ oggenc/audio.c +@@ -245,8 +245,8 @@ + int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) + { + int aifc; /* AIFC or AIFF? */ +- unsigned int len; +- unsigned char *buffer; ++ unsigned int len,readlen; ++ unsigned char buffer[22]; + unsigned char buf2[8]; + aiff_fmt format; + aifffile *aiff = malloc(sizeof(aifffile)); +@@ -269,9 +269,9 @@ + return 0; /* Weird common chunk */ + } + +- buffer = alloca(len); +- +- if(fread(buffer,1,len,in) < len) ++ readlen = len < sizeof(buffer) ? len : sizeof(buffer); ++ if(fread(buffer,1,readlen,in) < readlen || ++ (len > readlen && !seek_forward(in, len-readlen))) + { + fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n")); + return 0; +@@ -277,11 +277,18 @@ + return 0; + } + +- format.channels = READ_U16_BE(buffer); ++ format.channels = (short)READ_U16_BE(buffer); + format.totalframes = READ_U32_BE(buffer+2); + format.samplesize = READ_U16_BE(buffer+6); + format.rate = (int)read_IEEE80(buffer+8); + ++ if(format.channels <=0) ++ { ++ fprintf(stderr, _("ERROR: Invalid channel count in AIFF header\n")); ++ return 0; ++ ++ } ++ + aiff->bigendian = 1; + + if(aifc) +@@ -449,11 +449,17 @@ + } + + format.format = READ_U16_LE(buf); +- format.channels = READ_U16_LE(buf+2); ++ format.channels = (short)READ_U16_LE(buf+2); + format.samplerate = READ_U32_LE(buf+4); + format.bytespersec = READ_U32_LE(buf+8); + format.align = READ_U16_LE(buf+12); + format.samplesize = READ_U16_LE(buf+14); ++ ++ if(format.channels == 0) ++ { ++ fprintf(stderr, _("ERROR: Zero channels in WAV header\n")); ++ return 0; ++ } + + if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */ + { diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch new file mode 100644 index 000000000000..51c23b062aff --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch @@ -0,0 +1,24 @@ +Patch taken from: +https://trac.xiph.org/changeset/19117 +To fix bug report: +https://bugs.gentoo.org/show_bug.cgi?id=537422 +--- vorbis-tools-1.4.0/oggenc/oggenc.c ++++ vorbis-tools-1.4.0/oggenc/oggenc.c +@@ -97,6 +97,8 @@ + .3,-1, + 0,0,0.f, + 0, 0, 0, 0, 0}; ++ input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", ++ N_("RAW file reader")}; + + int i; + +@@ -239,8 +241,6 @@ + + if(opt.rawmode) + { +- input_format raw_format = {NULL, 0, raw_open, wav_close, "raw", +- N_("RAW file reader")}; + + enc_opts.rate=opt.raw_samplerate; + enc_opts.channels=opt.raw_channels; diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch new file mode 100644 index 000000000000..f8b66a90e7cd --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch @@ -0,0 +1,31 @@ +Patch taken from: +https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch +To fix bug report: +http://www.openwall.com/lists/oss-security/2015/08/29/1 + https://bugs.gentoo.org/show_bug.cgi?id=559170 +--- oggenc/audio.c ++++ oggenc/audio.c +@@ -245,8 +245,8 @@ + int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) + { + int aifc; /* AIFC or AIFF? */ +- unsigned int len; +- unsigned char *buffer; ++ unsigned int len,readlen; ++ unsigned char buffer[22]; + unsigned char buf2[8]; + aiff_fmt format; + aifffile *aiff = malloc(sizeof(aifffile)); +@@ -269,9 +269,9 @@ + return 0; /* Weird common chunk */ + } + +- buffer = alloca(len); +- +- if(fread(buffer,1,len,in) < len) ++ readlen = len < sizeof(buffer) ? len : sizeof(buffer); ++ if(fread(buffer,1,readlen,in) < readlen || ++ (len > readlen && !seek_forward(in, len-readlen))) + { + fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n")); + return 0; diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-format-security.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-format-security.patch new file mode 100644 index 000000000000..501300ca6171 --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-format-security.patch @@ -0,0 +1,11 @@ +--- vorbis-tools-1.4.0.orig/ogg123/status.c ++++ vorbis-tools-1.4.0/ogg123/status.c +@@ -148,7 +148,7 @@ + + switch (stats->type) { + case stat_noarg: +- len += sprintf(str+len, stats->formatstr); ++ len += sprintf(str+len, "%s", stats->formatstr); + break; + case stat_intarg: + len += sprintf(str+len, stats->formatstr, stats->arg.intarg); diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch new file mode 100644 index 000000000000..aaa10fbb54f9 --- /dev/null +++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch @@ -0,0 +1,47 @@ +http://bugs.gentoo.org/513942 + +Fix building with `./configure --enable-ogg123 --without-flac --without-speex --without-kate` and `make`: + +libtool: link: gcc -Wall -ffast-math -fsigned-char -O2 -pipe -march=native -Wl,-O1 -Wl,--hash-style=gnu -o oggenc oggenc.o audio.o encode.o platform.o resample.o skeleton.o -Wl,--as-needed ../share/libutf8.a ../share/libgetopt.a -lvorbisenc -lvorbis -logg +resample.o:resample.c:function res_init: error: undefined reference to 'sin' +collect2: error: ld returned 1 exit status + +libtool: link: gcc -Wall -ffast-math -fsigned-char -O2 -pipe -march=native -Wl,-O1 -Wl,--as-needed -Wl,--hash-style=gnu -o ogg123 audio.o buffer.o callbacks.o cfgfile_options.o cmdline_options.o file_transport.o format.o http_transport.o ogg123.o oggvorbis_format.o playlist.o status.o remote.o transport.o vorbis_comments.o vgfilter.o ../share/libutf8.a ../share/libgetopt.a -lvorbisfile -lvorbis -logg -lao -lnsl -lcurl -lpthread +vgfilter.o:vgfilter.c:function vg_init: error: undefined reference to '__pow_finite' +vgfilter.o:vgfilter.c:function vg_init: error: undefined reference to '__pow_finite' +vgfilter.o:vgfilter.c:function vg_filter: error: undefined reference to 'tanh' +vgfilter.o:vgfilter.c:function vg_filter: error: undefined reference to 'tanh' +collect2: error: ld returned 1 exit status + +This is using the new GNU gold linker: + +$ ld -v +GNU gold (GNU Binutils 2.24) 1.11 + +Happens because -lm gets appended to the libraries list only with, for example, --with-flac but vgfilter.c and resample.c are always +using functions from the mathlib. + +Therefore, always link to mathlib: + +--- ogg123/Makefile.am ++++ ogg123/Makefile.am +@@ -30,7 +30,7 @@ + ogg123_LDADD = @SHARE_LIBS@ \ + @VORBISFILE_LIBS@ @VORBIS_LIBS@ @OGG_LIBS@ @AO_LIBS@ \ + @SOCKET_LIBS@ @LIBICONV@ @CURL_LIBS@ @PTHREAD_CFLAGS@ \ +- @PTHREAD_LIBS@ @I18N_LIBS@ @FLAC_LIBS@ @SPEEX_LIBS@ ++ @PTHREAD_LIBS@ @I18N_LIBS@ @FLAC_LIBS@ @SPEEX_LIBS@ -lm + + ogg123_DEPENDENCIES = @SHARE_LIBS@ + ogg123_SOURCES = audio.c buffer.c callbacks.c \ +--- oggenc/Makefile.am ++++ oggenc/Makefile.am +@@ -23,7 +23,7 @@ + + oggenc_LDADD = @SHARE_LIBS@ \ + @VORBISENC_LIBS@ @VORBIS_LIBS@ @KATE_LIBS@ @OGG_LIBS@ \ +- @LIBICONV@ @I18N_LIBS@ @FLAC_LIBS@ ++ @LIBICONV@ @I18N_LIBS@ @FLAC_LIBS@ -lm + + oggenc_DEPENDENCIES = @SHARE_LIBS@ + -- cgit v1.2.3