summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAzamat H. Hackimov <azamat.hackimov@gmail.com>2020-06-04 20:51:17 +0300
committerAaron Bauman <bman@gentoo.org>2020-06-05 21:49:13 -0400
commit33364299eee045ae5df62612a33c9c80dbbe792c (patch)
treeb9c44c11370bc73545d1d673c5170ff7c26d2bac
parentvirtual/podofo-build: Remove vulnerable versions (bug 614038) (diff)
downloadgentoo-33364299eee045ae5df62612a33c9c80dbbe792c.tar.gz
gentoo-33364299eee045ae5df62612a33c9c80dbbe792c.tar.bz2
gentoo-33364299eee045ae5df62612a33c9c80dbbe792c.zip
media-sound/mpg321: update ebuild
Applied security fix from Debian for CVE-2019-14247 (#711918), fixed compilation on GCC10 (#706740), updated ebuild to EAPI 7. Bug: https://bugs.gentoo.org/711918 Closes: https://bugs.gentoo.org/706740 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/16066 Signed-off-by: Aaron Bauman <bman@gentoo.org>
-rw-r--r--media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch20
-rw-r--r--media-sound/mpg321/files/mpg321-0.3.2-format-security.patch4
-rw-r--r--media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch83
-rw-r--r--media-sound/mpg321/mpg321-0.3.2.ebuild12
4 files changed, 114 insertions, 5 deletions
diff --git a/media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch b/media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch
new file mode 100644
index 00000000000..ff8aea8f8e7
--- /dev/null
+++ b/media-sound/mpg321/files/mpg321-0.3.2-CVE-2019-14247.patch
@@ -0,0 +1,20 @@
+Description: Handle illegal bitrate value
+Author: Chrysostomos Nanakos <cnanakos@debian.org>
+Bug-Debian: https://bugs.debian.org/870406
+Bug-Debian: https://bugs.debian.org/887057
+
+--- mpg321-0.3.2.orig/mad.c
++++ mpg321-0.3.2/mad.c
+@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
+
+ if (!is_vbr)
+ {
++ if (header.bitrate <= 0)
++ {
++ fprintf(stderr, "Illegal bit allocation value\n");
++ return;
++ }
++
+ double time = (len * 8.0) / (header.bitrate); /* time in seconds */
+ double timefrac = (double)time - ((long)(time));
+ long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */
diff --git a/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch b/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch
index 732ca2c6022..c93d8d796dc 100644
--- a/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch
+++ b/media-sound/mpg321/files/mpg321-0.3.2-format-security.patch
@@ -1,5 +1,5 @@
---- /var/tmp/portage/media-sound/mpg321-0.3.2/work/mpg321-0.3.2-orig/mpg321.c 2012-03-25 14:27:49.000000000 +0200
-+++ /tmp/mpg321.c 2015-08-12 23:34:20.395331151 +0200
+--- mpg321-0.3.2-orig/mpg321.c 2012-03-25 14:27:49.000000000 +0200
++++ mpg321-0.3.2-orig/mpg321.c 2015-08-12 23:34:20.395331151 +0200
@@ -183,7 +183,7 @@
else{
#endif
diff --git a/media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch b/media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch
new file mode 100644
index 00000000000..8966d9f7c8d
--- /dev/null
+++ b/media-sound/mpg321/files/mpg321-0.3.2-gcc10.patch
@@ -0,0 +1,83 @@
+From f930c3b81bdf9c05152fb005562b3869f6e36f34 Mon Sep 17 00:00:00 2001
+From: "Azamat H. Hackimov" <azamat.hackimov@gmail.com>
+Date: Thu, 4 Jun 2020 20:41:25 +0300
+Subject: [PATCH] Fix GCC10 compilation
+
+---
+ mpg321.c | 8 ++++++++
+ mpg321.h | 16 ++++++++--------
+ 2 files changed, 16 insertions(+), 8 deletions(-)
+
+diff --git a/mpg321.c b/mpg321.c
+index 19282bb..663882e 100644
+--- a/mpg321.c
++++ b/mpg321.c
+@@ -63,6 +63,14 @@
+ #include <pthread.h>
+ #include <semaphore.h>
+
++output_frame *Output_Queue;
++decoded_frames *Decoded_Frames;
++int semarray;
++int mad_decoder_position;
++int output_buffer_position;
++double real[FFT_BUFFER_SIZE];
++double imag[FFT_BUFFER_SIZE];
++int loop_remaining;
+
+ int pflag = 0;
+ int volume = 0;
+diff --git a/mpg321.h b/mpg321.h
+index 798bff0..235cf4a 100644
+--- a/mpg321.h
++++ b/mpg321.h
+@@ -116,7 +116,7 @@ extern char *playlist_file;
+ extern int quit_now;
+ extern char remote_input_buf[PATH_MAX + 5];
+ extern int file_change;
+-int loop_remaining;
++extern int loop_remaining;
+
+ extern int status;
+ extern int scrobbler_time;
+@@ -233,8 +233,8 @@ RETSIGTYPE handle_sigchld(int sig);
+ #define FFT_BUFFER_SIZE_LOG 9
+ #define FFT_BUFFER_SIZE (1 << FFT_BUFFER_SIZE_LOG) /* 512 */
+ /*Temporary data stores to perform FFT in */
+-double real[FFT_BUFFER_SIZE];
+-double imag[FFT_BUFFER_SIZE];
++extern double real[FFT_BUFFER_SIZE];
++extern double imag[FFT_BUFFER_SIZE];
+
+ typedef struct {
+ double real[FFT_BUFFER_SIZE];
+@@ -258,10 +258,10 @@ fft_state *fft_init(void);
+ /* Output buffer process */
+ void frame_buffer_p();
+ /* Semaphore array */
+-int semarray;
++extern int semarray;
+ /* Input/Output buffer position */
+-int mad_decoder_position;
+-int output_buffer_position;
++extern int mad_decoder_position;
++extern int output_buffer_position;
+ /* Output Frame including needed information */
+ typedef struct {
+ unsigned char data[4*1152];
+@@ -285,10 +285,10 @@ typedef struct {
+ } decoded_frames;
+
+ /* Output frame queue pointer */
+-output_frame *Output_Queue;
++extern output_frame *Output_Queue;
+
+ /* Shared total decoded frames */
+-decoded_frames *Decoded_Frames;
++extern decoded_frames *Decoded_Frames;
+
+ #if defined(__GNU_LIBRARY__) && !defined(_SEM_SEMUN_UNDEFINED)
+ /* */
+--
+2.26.2
+
diff --git a/media-sound/mpg321/mpg321-0.3.2.ebuild b/media-sound/mpg321/mpg321-0.3.2.ebuild
index 1c6cf71665a..390abffdec0 100644
--- a/media-sound/mpg321/mpg321-0.3.2.ebuild
+++ b/media-sound/mpg321/mpg321-0.3.2.ebuild
@@ -1,7 +1,7 @@
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
+EAPI=7
inherit autotools eutils
DESCRIPTION="A realtime MPEG 1.0/2.0/2.5 audio player for layers 1, 2 and 3"
@@ -23,9 +23,15 @@ DEPEND="${RDEPEND}"
S=${WORKDIR}/${P}-orig
+PATCHES=(
+ "${FILESDIR}/${PN}-0.2.12-check-for-lround.patch"
+ "${FILESDIR}/${P}-format-security.patch"
+ "${FILESDIR}/${P}-CVE-2019-14247.patch"
+ "${FILESDIR}/${P}-gcc10.patch"
+)
+
src_prepare() {
- epatch "${FILESDIR}"/${PN}-0.2.12-check-for-lround.patch \
- "${FILESDIR}"/${P}-format-security.patch
+ default
eautoreconf
}