commit: c77b4de07de7b74bba15ac1c62332ed2aa2143cb Author: Aaron Bauman <bman <AT> gentoo <DOT> org> AuthorDate: Sat May 5 00:46:54 2018 +0000 Commit: Aaron Bauman <bman <AT> gentoo <DOT> org> CommitDate: Sat May 5 00:46:54 2018 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c77b4de0
media-libs/libmp3splt: add CVE-2017-15185 DoS patch Bug: https://bugs.gentoo.org/633840 Package-Manager: Portage-2.3.36, Repoman-2.3.9 media-libs/libmp3splt/files/CVE-2017-15185.patch | 41 +++++++++++++++++++ media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 52 ++++++++++++++++++++++++ 2 files changed, 93 insertions(+) diff --git a/media-libs/libmp3splt/files/CVE-2017-15185.patch b/media-libs/libmp3splt/files/CVE-2017-15185.patch new file mode 100644 index 00000000000..b31a92d0c45 --- /dev/null +++ b/media-libs/libmp3splt/files/CVE-2017-15185.patch @@ -0,0 +1,41 @@ +diff --git a/libmp3splt/plugins/ogg.c b/libmp3splt/plugins/ogg.c +index 50cc495..57745f1 100644 +--- a/libmp3splt/plugins/ogg.c ++++ b/libmp3splt/plugins/ogg.c +@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error) + goto error; + } + memset(oggstate, 0, sizeof(splt_ogg_state)); ++ + if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL) + { + goto error; + } ++ memset(oggstate->sync_in, 0, sizeof(ogg_sync_state)); ++ + if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL) + { + goto error; + } ++ memset(oggstate->stream_in, 0, sizeof(ogg_stream_state)); ++ + if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL) + { + goto error; + } ++ memset(oggstate->vd, 0, sizeof(vorbis_dsp_state)); ++ + if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL) + { + goto error; + } ++ memset(oggstate->vi, 0, sizeof(vorbis_info)); ++ + if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL) + { + goto error; + } ++ memset(oggstate->vb, 0, sizeof(vorbis_block)); + + if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL) + { diff --git a/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild new file mode 100644 index 00000000000..0427694ed0b --- /dev/null +++ b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit versionator autotools eutils multilib + +DESCRIPTION="a library for mp3splt to split mp3 and ogg files without decoding" +HOMEPAGE="http://mp3splt.sourceforge.net"; +SRC_URI="mirror://sourceforge/${PN:3}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc flac pcre" + +RDEPEND="media-libs/libmad + media-libs/libvorbis + media-libs/libogg + media-libs/libid3tag + flac? ( >=media-libs/flac-1.2.1 ) + pcre? ( dev-libs/libpcre )" +DEPEND="${RDEPEND} + doc? ( >=app-doc/doxygen-1.8.3.1 media-gfx/graphviz ) + sys-apps/findutils" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-0.7-libltdl.patch + epatch "${FILESDIR}"/CVE-2017-15185.patch + eautoreconf +} + +src_configure() { + econf \ + --disable-dependency-tracking \ + --disable-static \ + $(use_enable pcre) \ + $(use_enable flac) \ + $(use_enable doc doxygen_doc) \ + --docdir=/usr/share/doc/${PF} \ + --disable-optimise \ + --disable-cutter # TODO package cutter <http://cutter.sourceforge.net/> +} + +src_install() { + default + use doc && docompress -x /usr/share/doc/${PF}/doxygen/${PN}_ico.svg + + dodoc AUTHORS ChangeLog LIMITS NEWS README TODO + + find "${D}"/usr -name '*.la' -delete +}
