add a patch wrt to buffer overflow possibility, bug #192834

Package-Manager: portage-2.1.3.9

5 files changed, 131 insertions, 5 deletions

diff --git a/media-libs/libsndfile/ChangeLog b/media-libs/libsndfile/ChangeLog
index bcaccbae79a6..ed3ebc0b5c42 100644
--- a/media-libs/libsndfile/ChangeLog
+++ b/media-libs/libsndfile/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for media-libs/libsndfile
 # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/media-libs/libsndfile/ChangeLog,v 1.71 2007/08/06 11:35:33 drac Exp $
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libsndfile/ChangeLog,v 1.72 2007/09/19 15:37:32 aballier Exp $
+
+*libsndfile-1.0.17-r1 (19 Sep 2007)
+
+  19 Sep 2007; Alexis Ballier <aballier@gentoo.org>
+  +files/libsndfile-1.0.17-flac-buffer-overflow.patch,
+  +libsndfile-1.0.17-r1.ebuild:
+  add a patch wrt to buffer overflow possibility, bug #192834
 
   06 Aug 2007; Samuli Suominen <drac@gentoo.org> libsndfile-1.0.17.ebuild:
   Install pkgconfig for bug 187856.
diff --git a/media-libs/libsndfile/Manifest b/media-libs/libsndfile/Manifest
index 3832f7169f68..cb17cdddc1f6 100644
--- a/media-libs/libsndfile/Manifest
+++ b/media-libs/libsndfile/Manifest
@@ -1,17 +1,28 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+AUX libsndfile-1.0.17-flac-buffer-overflow.patch 1518 RMD160 41fbc8cddbc252f6b49a8a19d48ec4a09966371d SHA1 aaa818fdfa35002af77b84b19398dae5c3f53744 SHA256 f080aa485cdcc5940ba4e54f6f7295233c4947f2ba6a6dbe6681036a655543d6
+MD5 6cd2ad05491221f1d3a0e3e5131a5642 files/libsndfile-1.0.17-flac-buffer-overflow.patch 1518
+RMD160 41fbc8cddbc252f6b49a8a19d48ec4a09966371d files/libsndfile-1.0.17-flac-buffer-overflow.patch 1518
+SHA256 f080aa485cdcc5940ba4e54f6f7295233c4947f2ba6a6dbe6681036a655543d6 files/libsndfile-1.0.17-flac-buffer-overflow.patch 1518
 AUX libsndfile-1.0.17-ogg.patch 385 RMD160 7f2bee213423b77b7a03f209b75ababcbe21f215 SHA1 d06d5db4aa6b7aa0964c2bdd5730068c88a7ce91 SHA256 1237b34a26b2b29998235495762aadd316761ee4cdeb148c74872b9669b4c866
 MD5 8376605bd965a5efcb713ff172285997 files/libsndfile-1.0.17-ogg.patch 385
 RMD160 7f2bee213423b77b7a03f209b75ababcbe21f215 files/libsndfile-1.0.17-ogg.patch 385
 SHA256 1237b34a26b2b29998235495762aadd316761ee4cdeb148c74872b9669b4c866 files/libsndfile-1.0.17-ogg.patch 385
 DIST libsndfile-1.0.17+flac-1.1.3.patch.bz2 3127 RMD160 fc6e6f03069c1ad8ee43f600f6ac2aa6e97bb1f5 SHA1 10e0d19dfc8cf2a6bf499e0fa0d1ab17dca4c519 SHA256 2c8b6df283309061e8e9aaedd0bc20c7ebf75fa8ad4ed8b01f7bf04162206df1
 DIST libsndfile-1.0.17.tar.gz 819456 RMD160 ae93822a4c587dcdd7c70d043d2a38ed2fe3a188 SHA1 2f66798d596a15491fbd1191ded8125ed71ef411 SHA256 1792e4e60386b450ef8ec07c756e8f3ecfe96ebda7d0b09148da5f436d065ef2
+EBUILD libsndfile-1.0.17-r1.ebuild 1421 RMD160 4a48dca9954bccee48862be924ec2ff16107a985 SHA1 f35d8eb51a6b0ed2809ec9ce243640eb6342178e SHA256 2e92ab63ef3935983323d297bfd27e533591b49747e67543e3b7ca509b6416fa
+MD5 b44cba02395496c78ff95c5d3c2d7fd9 libsndfile-1.0.17-r1.ebuild 1421
+RMD160 4a48dca9954bccee48862be924ec2ff16107a985 libsndfile-1.0.17-r1.ebuild 1421
+SHA256 2e92ab63ef3935983323d297bfd27e533591b49747e67543e3b7ca509b6416fa libsndfile-1.0.17-r1.ebuild 1421
 EBUILD libsndfile-1.0.17.ebuild 1350 RMD160 3191030f0d1d2ef84523d84e950ce795e6dd01d3 SHA1 259b98a9404acdd64711cd8a523b0f330cd39dac SHA256 4044e62687cbeb7f44c06faa1e8116efea050a3d0a00856a7e8c74f151c90956
 MD5 d2ff861db3797136cec58112858a9073 libsndfile-1.0.17.ebuild 1350
 RMD160 3191030f0d1d2ef84523d84e950ce795e6dd01d3 libsndfile-1.0.17.ebuild 1350
 SHA256 4044e62687cbeb7f44c06faa1e8116efea050a3d0a00856a7e8c74f151c90956 libsndfile-1.0.17.ebuild 1350
-MISC ChangeLog 10186 RMD160 a2a272b8edc63bd6d18e862c2e58f36b345a2d60 SHA1 527743010f11c46078b9fbe2067b86a492fd8fbb SHA256 325955a595bd8bf368a5cdfbbec3983be121d9417c4e2656eb90c95e2dcdfc56
-MD5 637d49a028b5992e2fd84ec433954c42 ChangeLog 10186
-RMD160 a2a272b8edc63bd6d18e862c2e58f36b345a2d60 ChangeLog 10186
-SHA256 325955a595bd8bf368a5cdfbbec3983be121d9417c4e2656eb90c95e2dcdfc56 ChangeLog 10186
+MISC ChangeLog 10429 RMD160 6eea494d9e4691757137bd2fe49b674bfd099b0d SHA1 fb6be5f330f49804b58ebc5e60874f5e9c013f2e SHA256 c1f8c7996cfa247e081896139f1bfccfb1502ecee1adb6f39e41c1ab9025d71f
+MD5 0e6519dfd9828ce903e7d97f013bfa7e ChangeLog 10429
+RMD160 6eea494d9e4691757137bd2fe49b674bfd099b0d ChangeLog 10429
+SHA256 c1f8c7996cfa247e081896139f1bfccfb1502ecee1adb6f39e41c1ab9025d71f ChangeLog 10429
 MISC metadata.xml 158 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e SHA1 703cea5a2109d41f7c87993c1f01d418a4c85174 SHA256 dfb5b47e6836db39fb187301dfcff1c2605e91d13d21db160806a563d8c75f9b
 MD5 a1eaeb2ae801daeb712c90c060e922dc metadata.xml 158
 RMD160 6842e2189a50bd8a98e84802c38180ac1421c00e metadata.xml 158
@@ -19,3 +30,13 @@ SHA256 dfb5b47e6836db39fb187301dfcff1c2605e91d13d21db160806a563d8c75f9b metadata
 MD5 67beb9269bb978b47656f0631b663c41 files/digest-libsndfile-1.0.17 542
 RMD160 93bd725af5a0483ba690f30147515b13cb0e7151 files/digest-libsndfile-1.0.17 542
 SHA256 597f7792ec7f2a23a7dff42dcef2df934fde455c3c602db799d22ac4fc220fbd files/digest-libsndfile-1.0.17 542
+MD5 67beb9269bb978b47656f0631b663c41 files/digest-libsndfile-1.0.17-r1 542
+RMD160 93bd725af5a0483ba690f30147515b13cb0e7151 files/digest-libsndfile-1.0.17-r1 542
+SHA256 597f7792ec7f2a23a7dff42dcef2df934fde455c3c602db799d22ac4fc220fbd files/digest-libsndfile-1.0.17-r1 542
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.7 (GNU/Linux)
+
+iD8DBQFG8UJDvFcC4BYPU0oRAkUoAKCEVLtMqFN0eA++mnwevcQqdNVCYgCgzajZ
+fh/e7ND3XYG0NgqSidHebXY=
+=yorm
+-----END PGP SIGNATURE-----
diff --git a/media-libs/libsndfile/files/digest-libsndfile-1.0.17-r1 b/media-libs/libsndfile/files/digest-libsndfile-1.0.17-r1
new file mode 100644
index 000000000000..349f0760973e
--- /dev/null
+++ b/media-libs/libsndfile/files/digest-libsndfile-1.0.17-r1
@@ -0,0 +1,6 @@
+MD5 21b433470305ccf5ad9a2d4dbadca30a libsndfile-1.0.17+flac-1.1.3.patch.bz2 3127
+RMD160 fc6e6f03069c1ad8ee43f600f6ac2aa6e97bb1f5 libsndfile-1.0.17+flac-1.1.3.patch.bz2 3127
+SHA256 2c8b6df283309061e8e9aaedd0bc20c7ebf75fa8ad4ed8b01f7bf04162206df1 libsndfile-1.0.17+flac-1.1.3.patch.bz2 3127
+MD5 2d126c35448503f6dbe33934d9581f6b libsndfile-1.0.17.tar.gz 819456
+RMD160 ae93822a4c587dcdd7c70d043d2a38ed2fe3a188 libsndfile-1.0.17.tar.gz 819456
+SHA256 1792e4e60386b450ef8ec07c756e8f3ecfe96ebda7d0b09148da5f436d065ef2 libsndfile-1.0.17.tar.gz 819456
diff --git a/media-libs/libsndfile/files/libsndfile-1.0.17-flac-buffer-overflow.patch b/media-libs/libsndfile/files/libsndfile-1.0.17-flac-buffer-overflow.patch
new file mode 100644
index 000000000000..2ed559ecbc80
--- /dev/null
+++ b/media-libs/libsndfile/files/libsndfile-1.0.17-flac-buffer-overflow.patch
@@ -0,0 +1,40 @@
+Index: libsndfile-1.0.17/src/flac.c
+===================================================================
+--- libsndfile-1.0.17.orig/src/flac.c
++++ libsndfile-1.0.17/src/flac.c
+@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf)
+ ** Private static functions.
+ */
+ 
+-#define ENC_BUFFER_SIZE 4096
++#define ENC_BUFFER_SIZE 8192
+ 
+ typedef enum
+ {	PFLAC_PCM_SHORT = 0,
+@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const FLAC__int32* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset ;
+ 
++	/*
++	**	frame->header.blocksize is variable and we're using a constant blocksize
++	**	of FLAC__MAX_BLOCK_SIZE.
++	**	Check our assumptions here.
++	*/
++	if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
++	{	psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
++		psf->error = SFE_INTERNAL ;
++		return 0 ;
++		} ;
++
+ 	if (pflac->ptr == NULL)
+ 	{	/*
+ 		**	Not sure why this code is here and not elsewhere.
+@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		pflac->bufferbackup = SF_TRUE ;
+ 		for (i = 0 ; i < frame->header.channels ; i++)
+ 		{	if (pflac->rbuffer [i] == NULL)
+-				pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
++				pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
+ 			memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
+ 			} ;
+ 		pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;
diff --git a/media-libs/libsndfile/libsndfile-1.0.17-r1.ebuild b/media-libs/libsndfile/libsndfile-1.0.17-r1.ebuild
new file mode 100644
index 000000000000..e93d1138b63c
--- /dev/null
+++ b/media-libs/libsndfile/libsndfile-1.0.17-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/media-libs/libsndfile/libsndfile-1.0.17-r1.ebuild,v 1.1 2007/09/19 15:37:32 aballier Exp $
+
+WANT_AUTOCONF=2.5
+WANT_AUTOMAKE=1.9
+
+inherit eutils libtool autotools
+
+DESCRIPTION="A C library for reading and writing files containing sampled sound"
+HOMEPAGE="http://www.mega-nerd.com/libsndfile"
+SRC_URI="http://www.mega-nerd.com/libsndfile/${P}.tar.gz
+	mirror://gentoo/${P}+flac-1.1.3.patch.bz2"
+
+LICENSE="LGPL-2.1"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="sqlite flac alsa"
+
+RESTRICT="test"
+
+RDEPEND="flac? ( media-libs/flac )
+	alsa? ( media-libs/alsa-lib )
+	sqlite? ( >=dev-db/sqlite-3.2 )"
+DEPEND="${RDEPEND}
+	dev-util/pkgconfig"
+
+src_unpack() {
+	unpack ${A}
+	cd "${S}"
+
+	epatch "${WORKDIR}/${P}+flac-1.1.3.patch"
+	epatch "${FILESDIR}/${P}-ogg.patch"
+	epatch "${FILESDIR}/${P}-flac-buffer-overflow.patch"
+	eautoreconf
+	epunt_cxx
+}
+
+src_compile() {
+	econf $(use_enable sqlite) \
+		$(use_enable flac) \
+		$(use_enable alsa) \
+		--disable-werror \
+		--disable-gcc-pipe \
+		--disable-dependency-tracking || die "econf failed."
+	emake || die "emake failed."
+}
+
+src_install() {
+	emake -j1 DESTDIR="${D}" htmldocdir="/usr/share/doc/${PF}/html" install || die "emake install failed."
+	dodoc AUTHORS ChangeLog NEWS README TODO
+}