summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiroslav Šulc <fordfrog@gentoo.org>2023-05-17 09:12:56 +0200
committerMiroslav Šulc <fordfrog@gentoo.org>2023-05-17 09:12:56 +0200
commitd2a2cffd6ad3268b681c1c6978162cee9353c19c (patch)
tree01536c6a8731dd0427b0b12165f75ba954307074 /media-libs
parentmedia-sound/qmidiarp: dropped obsolete 0.6.5 (diff)
downloadgentoo-d2a2cffd6ad3268b681c1c6978162cee9353c19c.tar.gz
gentoo-d2a2cffd6ad3268b681c1c6978162cee9353c19c.tar.bz2
gentoo-d2a2cffd6ad3268b681c1c6978162cee9353c19c.zip
media-libs/libmp4v2: dropped obsolete and vulnerable 2.0.0-r2 & 2.1.2
Bug: https://bugs.gentoo.org/906520 Bug: https://bugs.gentoo.org/905092 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
Diffstat (limited to 'media-libs')
-rw-r--r--media-libs/libmp4v2/Manifest2
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14054.patch35
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14325.patch60
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch33
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14403.patch28
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-clang.patch36
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-gcc7.patch18
-rw-r--r--media-libs/libmp4v2/files/libmp4v2-2.0.0-mp4tags-corruption.patch20
-rw-r--r--media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild53
-rw-r--r--media-libs/libmp4v2/libmp4v2-2.1.2.ebuild32
10 files changed, 0 insertions, 317 deletions
diff --git a/media-libs/libmp4v2/Manifest b/media-libs/libmp4v2/Manifest
index c67a681a3951..7636b52f390f 100644
--- a/media-libs/libmp4v2/Manifest
+++ b/media-libs/libmp4v2/Manifest
@@ -1,3 +1 @@
-DIST mp4v2-2.0.0.tar.bz2 495672 BLAKE2B 966c90b443bd6f7a81c96fd12f95b00c3ec89cd476aa0fff3e0450b315d54543578ef953c5e3f28d52ca800a0768c601dddc8e99a32ff512767cd65c12832bd5 SHA512 15eb882f33d72d4209053b54c883b67715f539c33096705a0e7bc79015b93f6f3ac80ae29c65a0ffe9eab1bf0dedf07198bdee23fa6eafcd6ccb34f984484be0
-DIST mp4v2-2.1.2.tar.bz2 594365 BLAKE2B ca7438ab34d826926bb39a9f1c09f24a65c2ea7aae45cb736ec4b285ef975f575c1c28ee88d47e623c8085e2800a52ac89d18bd7c42232c72d7d6ae89d78c850 SHA512 7996edbbaf4125cb406ea5dad82dd04e50bc04d6d3f7c32ba5f3be35872b5dc7048038a6e59c668578e8ee1898d56a3c77bcafc5cd42cff9cb6232ee20cdb406
DIST mp4v2-2.1.3.tar.bz2 594549 BLAKE2B ee8e5792b5b92098e2990bd76a8be7aa6cffc60cb28059702a07eb5cc73dcc9def59dec290f40cbf246069b491d1911714fb00f8d48b77e421e8993fac37f76c SHA512 89bca9c76cf468a932a09d66bc5409266acde51184bf1262c5bc9a524ee5c9a3e073fd0d37450580284e12d9d46d1fd5db0c4ce647c365cc5106fb39ee3d59f6
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14054.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14054.patch
deleted file mode 100644
index 3ff3e731b93c..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14054.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-Upstream: https://github.com/sergiomb2/libmp4v2/commit/3410bc66fb91f46325ab1d008b6a421dd8240949
-Gentoo Bug: https://bugs.gentoo.org/661582
-
-From 3410bc66fb91f46325ab1d008b6a421dd8240949 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
-Date: Sat, 2 Nov 2019 04:21:17 +0000
-Subject: [PATCH] Null out pointer after free to prevent double free
-
-If an exception occurs (because of a crafted MP4) before the value is reassigned, then a double free can occur. By setting the pointer to NULL after the first free, we prevent the double free in this case.
-Addresses: https://nvd.nist.gov/vuln/detail/CVE-2018-14054
-
-copied form https://github.com/TechSmith/mp4v2/commit/f09cceeee5bd7f783fd31f10e8b3c440ccf4c743
-From: Dave O'Rourke
-Date: Wed, 20 Mar 2019 08:57:29 -0400
----
- src/mp4property.cpp | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/src/mp4property.cpp b/src/mp4property.cpp
-index 9a5b1e3..1b8e1d2 100644
---- a/src/mp4property.cpp
-+++ b/src/mp4property.cpp
-@@ -391,8 +391,10 @@ void MP4StringProperty::Read( MP4File& file, uint32_t index )
- char*& value = m_values[i];
-
- // Generally a default atom setting, e.g. see atom_avc1.cpp, "JVT/AVC Coding"; we'll leak this string if
-- // we don't free. Note that MP4Free checks for null.
-- MP4Free(value);
-+ // we don't free. Note that this code checks for null before calling free and sets the pointer to null
-+ // after freeing it, to prevent a double free in case an exception occurs before the value is reassigned.
-+ MP4Free( value );
-+ value = NULL;
-
- if( m_useCountedFormat ) {
- value = file.ReadCountedString( (m_useUnicode ? 2 : 1), m_useExpandedCount, m_fixedLength );
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14325.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14325.patch
deleted file mode 100644
index eb23926bb49d..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14325.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-Upstream: https://github.com/sergiomb2/libmp4v2/commit/9084868fd9f86bee118001c23171e832f15009f4
-Gentoo Bug: https://bugs.gentoo.org/661582
-
-
-From 9084868fd9f86bee118001c23171e832f15009f4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
-Date: Fri, 8 Nov 2019 02:01:32 +0000
-Subject: [PATCH] Fix v3 Integer underflow/overflow in MP4v2 2.0.0
-
-Reference: https://www.openwall.com/lists/oss-security/2018/07/16/1
-
-For the overflow, we could check the result of the integer multiplication:
-
-fix vulnerability where an atom list size is enormous
-and calculating the number of bytes needed to hold the list overflows
-https://github.com/TechSmith/mp4v2/pull/27/commits/70d823ccd8e2d7d0ed9e62fb7e8983d21e6acbeb
-
-Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14326 and https://nvd.nist.gov/vuln/detail/CVE-2018-14446
-
-For the underflow, we could check if `dataSize >= hdrSize` satisfies:
-Throw exception when invalid atom size would cause integer underflow
-The calculation `hdrSize - dataSize` can underflow the 64-bit unsigned int dataSize type, which can lead to incorrect results. We throw an exception to stop the code from going any further.
-
-Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14325
-Based on https://github.com/TechSmith/mp4v2/commit/e475013c6ef78093055a02b0d035eda0f9f01451
----
- src/mp4array.h | 2 ++
- src/mp4atom.cpp | 6 ++++++
- 2 files changed, 8 insertions(+)
-
-diff --git a/src/mp4array.h b/src/mp4array.h
-index c49d59b..69d470a 100644
---- a/src/mp4array.h
-+++ b/src/mp4array.h
-@@ -102,6 +102,8 @@ class MP4Array {
- void Resize(MP4ArrayIndex newSize) { \
- m_numElements = newSize; \
- m_maxNumElements = newSize; \
-+ if ( (uint64_t) m_maxNumElements * sizeof(type) > 0xFFFFFFFF ) \
-+ throw new PlatformException("requested array size exceeds 4GB", ERANGE, __FILE__, __LINE__, __FUNCTION__); /* prevent overflow */ \
- m_elements = (type*)MP4Realloc(m_elements, \
- m_maxNumElements * sizeof(type)); \
- } \
-diff --git a/src/mp4atom.cpp b/src/mp4atom.cpp
-index 7a0a53f..f5d5dc0 100644
---- a/src/mp4atom.cpp
-+++ b/src/mp4atom.cpp
-@@ -143,6 +143,12 @@ MP4Atom* MP4Atom::ReadAtom(MP4File& file, MP4Atom* pParentAtom)
- dataSize = file.GetSize() - pos;
- }
-
-+ if(dataSize < hdrSize) {
-+ ostringstream oss;
-+ oss << "Invalid atom size in '" << type << "' atom, dataSize = " << dataSize << " cannot be less than hdrSize = " << static_cast<unsigned>( hdrSize );
-+ log.errorf( "%s: \"%s\": %s", __FUNCTION__, file.GetFilename().c_str(), oss.str().c_str() );
-+ throw new Exception( oss.str().c_str(), __FILE__, __LINE__, __FUNCTION__ );
-+ }
- dataSize -= hdrSize;
-
- log.verbose1f("\"%s\": type = \"%s\" data-size = %" PRIu64 " (0x%" PRIx64 ") hdr %u",
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch
deleted file mode 100644
index 487dc709af39..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14379.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-Upstream: https://github.com/sergiomb2/libmp4v2/commit/bb920de948c85e3db4a52292ac7250a50e3bfc86
-Gentoo Bug: https://bugs.gentoo.org/661582
-
-From bb920de948c85e3db4a52292ac7250a50e3bfc86 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
-Date: Sat, 2 Nov 2019 04:19:27 +0000
-Subject: [PATCH] Fix v2 Type confusion in MP4v2 2.0.0
-
-The bug is caused by the wrong assumption that the child of an `ilst`
-can never be an `ilst`. So we could fix it by simply adding an ASSERT.
-
-Reference: https://www.openwall.com/lists/oss-security/2018/07/17/1
-Addresses: https://nvd.nist.gov/vuln/detail/CVE-2018-14379
----
- src/mp4atom.cpp | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/mp4atom.cpp b/src/mp4atom.cpp
-index 520cbc8..7a0a53f 100644
---- a/src/mp4atom.cpp
-+++ b/src/mp4atom.cpp
-@@ -778,8 +778,10 @@ MP4Atom::factory( MP4File &file, MP4Atom* parent, const char* type )
- const char* const ptype = parent->GetType();
-
- if( descendsFrom( parent, "ilst" )) {
-- if( ATOMID( ptype ) == ATOMID( "ilst" ))
-+ if( ATOMID( ptype ) == ATOMID( "ilst" )) {
-+ ASSERT(ATOMID( type ) != ATOMID( "ilst" ));
- return new MP4ItemAtom( file, type );
-+ }
-
- if( ATOMID( type ) == ATOMID( "data" ))
- return new MP4DataAtom(file);
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14403.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14403.patch
deleted file mode 100644
index e7bea4e1dee1..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-CVE-2018-14403.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-Upstream: https://github.com/sergiomb2/libmp4v2/commit/a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b
-Gentoo Bug: https://bugs.gentoo.org/661582
-
-From a94a3372c6ef66a2276cc6cd92f7ec07a9c8bb6b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?S=C3=A9rgio=20M=2E=20Basto?= <sergio@serjux.com>
-Date: Wed, 17 Oct 2018 16:13:06 +0100
-Subject: [PATCH] Fix Out-of-bounds memory access in MP4v2 2.0.0
-
-The bug can be fixed by more checks when doing type comparison.
-Reference: https://www.openwall.com/lists/oss-security/2018/07/18/3
-
-Addresses https://nvd.nist.gov/vuln/detail/CVE-2018-14403
----
- src/mp4util.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/mp4util.cpp b/src/mp4util.cpp
-index 47bd74e..696dab4 100644
---- a/src/mp4util.cpp
-+++ b/src/mp4util.cpp
-@@ -46,6 +46,7 @@ bool MP4NameFirstMatches(const char* s1, const char* s2)
- s1++;
- s2++;
- }
-+ if(*s2 != '[' && *s2 != '.' && *s2 != '\0') return false;
- return true;
- }
-
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-clang.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-clang.patch
deleted file mode 100644
index 34aa81cc5e0e..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-clang.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From edc4f0ad8f37bb8aeae4e3ea34766dc6cdbb2f15 Mon Sep 17 00:00:00 2001
-From: David Carlos Manuelda <StormByte@gmail.com>
-Date: Tue, 7 Aug 2018 05:42:28 +0200
-Subject: [PATCH] Fix clang compilation
-
----
- src/mp4.cpp | 2 +-
- src/mp4util.h | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/mp4.cpp b/src/mp4.cpp
-index 1016f79..d576103 100644
---- a/src/mp4.cpp
-+++ b/src/mp4.cpp
-@@ -896,7 +896,7 @@ MP4FileHandle MP4ReadProvider( const char* fileName, const MP4FileProvider* file
- }
-
- catch (...) {
-- return MP4_INVALID_TRACK_ID;
-+ return (mp4v2_ismacrypParams *)MP4_INVALID_TRACK_ID;
- }
- }
-
-diff --git a/src/mp4util.h b/src/mp4util.h
-index 1fbbd81..b33bb44 100644
---- a/src/mp4util.h
-+++ b/src/mp4util.h
-@@ -33,7 +33,7 @@ namespace mp4v2 { namespace impl {
- #ifndef ASSERT
- # define ASSERT(expr) \
- if (!(expr)) { \
-- throw new Exception("assert failure: "LIBMPV42_STRINGIFY((expr)), __FILE__, __LINE__, __FUNCTION__ ); \
-+ throw new Exception("assert failure: " LIBMPV42_STRINGIFY((expr)), __FILE__, __LINE__, __FUNCTION__ ); \
- }
- #endif
- \ No newline at end of file
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-gcc7.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-gcc7.patch
deleted file mode 100644
index 156f0fcbaa0d..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-gcc7.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-https://bugs.gentoo.org/show_bug.cgi?id=600892
-
-Description: Fix pointer comparison (FTBFS on GCC 7)
-Author: Philip Chung <philipchung1995@yahoo.com>
-Bug-Debian: https://bugs.debian.org/853560
-Last-Update: 2017-09-04
-
---- a/src/rtphint.cpp
-+++ b/src/rtphint.cpp
-@@ -339,7 +339,7 @@ void MP4RtpHintTrack::GetPayload(
- pSlash = strchr(pSlash, '/');
- if (pSlash != NULL) {
- pSlash++;
-- if (pSlash != '\0') {
-+ if (*pSlash != '\0') {
- length = (uint32_t)strlen(pRtpMap) - (pSlash - pRtpMap);
- *ppEncodingParams = (char *)MP4Calloc(length + 1);
- strncpy(*ppEncodingParams, pSlash, length);
diff --git a/media-libs/libmp4v2/files/libmp4v2-2.0.0-mp4tags-corruption.patch b/media-libs/libmp4v2/files/libmp4v2-2.0.0-mp4tags-corruption.patch
deleted file mode 100644
index 182d41bb8123..000000000000
--- a/media-libs/libmp4v2/files/libmp4v2-2.0.0-mp4tags-corruption.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-From: "Matteo F. Vescovi" <mfv@debian.org>
-Date: Thu, 5 Nov 2015 15:26:00 +0100
-Subject: Fix_mp4tags_corruption
-
----
- util/mp4tags.cpp | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/util/mp4tags.cpp b/util/mp4tags.cpp
-index 1b9e866..80e89d4 100644
---- a/util/mp4tags.cpp
-+++ b/util/mp4tags.cpp
-@@ -539,6 +539,7 @@ extern "C" int
- else {
- fprintf( stderr, "Art file %s not found\n", tags[i] );
- }
-+ break;
- }
- case OPT_ALBUM_ARTIST:
- MP4TagsSetAlbumArtist( mdata, tags[i] );
diff --git a/media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild b/media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild
deleted file mode 100644
index a4c1965e9c1b..000000000000
--- a/media-libs/libmp4v2/libmp4v2-2.0.0-r2.ebuild
+++ /dev/null
@@ -1,53 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-MY_P=${P/lib}
-
-inherit libtool
-
-DESCRIPTION="Functions for accessing ISO-IEC:14496-1:2001 MPEG-4 standard"
-HOMEPAGE="https://code.google.com/p/mp4v2/"
-SRC_URI="https://mp4v2.googlecode.com/files/${MY_P}.tar.bz2"
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x86-solaris"
-IUSE="static-libs utils"
-# Tests need DejaGnu but are non-existent (just an empty framework)
-RESTRICT="test"
-
-BDEPEND="utils? ( sys-apps/help2man )"
-
-DOCS=( doc/{Authors,BuildSource,Documentation,ReleaseNotes,ToolGuide}.txt README )
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/${P}-gcc7.patch"
- "${FILESDIR}/${P}-mp4tags-corruption.patch"
- "${FILESDIR}/${P}-clang.patch"
- "${FILESDIR}/${P}-CVE-2018-14054.patch"
- "${FILESDIR}/${P}-CVE-2018-14325.patch"
- "${FILESDIR}/${P}-CVE-2018-14379.patch"
- "${FILESDIR}/${P}-CVE-2018-14403.patch"
- "${FILESDIR}/${P}-unsigned-int-cast.patch"
-)
-
-src_prepare() {
- default
- elibtoolize
-}
-
-src_configure() {
- econf \
- --disable-gch \
- $(use_enable utils util) \
- $(use_enable static-libs static)
-}
-
-src_install() {
- default
- find "${D}" -name '*.la' -delete || die
-}
diff --git a/media-libs/libmp4v2/libmp4v2-2.1.2.ebuild b/media-libs/libmp4v2/libmp4v2-2.1.2.ebuild
deleted file mode 100644
index 2b7c38415a27..000000000000
--- a/media-libs/libmp4v2/libmp4v2-2.1.2.ebuild
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MY_P=${P/lib}
-
-inherit cmake
-
-DESCRIPTION="Functions for accessing ISO-IEC:14496-1:2001 MPEG-4 standard"
-HOMEPAGE="https://mp4v2.org/"
-SRC_URI="https://github.com/enzo1982/mp4v2/releases/download/v${PV}/${MY_P}.tar.bz2"
-
-LICENSE="MPL-1.1"
-SLOT="0"
-KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~sparc-solaris ~x86-solaris"
-IUSE="utils"
-# Tests need DejaGnu but are non-existent (just an empty framework)
-RESTRICT="test"
-
-S="${WORKDIR}/${MY_P}"
-
-PATCHES=(
- "${FILESDIR}/${PN}-2.0.0-unsigned-int-cast.patch"
-)
-
-src_configure() {
- local mycmakeargs=(
- -DBUILD_UTILS=$(usex utils)
- )
- cmake_src_configure
-}