[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
commit: d4639cf44474ba5d9f2a006d826e56931655
Author: Miroslav Šulc gentoo org>
AuthorDate: Wed Jan 17 09:44:37 2024 +
Commit: Miroslav Šulc gentoo org>
CommitDate: Wed Jan 17 09:44:37 2024 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4639cf4
media-sound/vorbis-tools: dropped obsolete 1.4.2-r2
Bug: https://bugs.gentoo.org/921352
Signed-off-by: Miroslav Šulc gentoo.org>
.../files/vorbis-tools-1.4.2-docdir.patch | 14 ---
.../vorbis-tools/vorbis-tools-1.4.2-r2.ebuild | 46 --
2 files changed, 60 deletions(-)
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch
deleted file mode 100644
index 3dc0bd1892f8..
--- a/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-docdir.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-Thanks-to: Chris Mayo
-https://bugs.gentoo.org/533774
-
a/configure
-+++ b/configure
-@@ -937,7 +937,7 @@
- runstatedir='${localstatedir}/run'
- includedir='${prefix}/include'
- oldincludedir='/usr/include'
--docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
-+docdir='${docdir}'
- infodir='${datarootdir}/info'
- htmldir='${docdir}'
- dvidir='${docdir}'
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.2-r2.ebuild
b/media-sound/vorbis-tools/vorbis-tools-1.4.2-r2.ebuild
deleted file mode 100644
index 1f2bdd07bd62..
--- a/media-sound/vorbis-tools/vorbis-tools-1.4.2-r2.ebuild
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DESCRIPTION="Tools for using the Ogg Vorbis sound file format"
-HOMEPAGE="https://xiph.org/vorbis/;
-SRC_URI="https://ftp.osuosl.org/pub/xiph/releases/vorbis/${P}.tar.gz;
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~alpha amd64 arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~riscv sparc x86
~amd64-linux ~x86-linux ~ppc-macos"
-IUSE="flac kate nls +ogg123 speex"
-
-RDEPEND="
- media-libs/libvorbis
- media-libs/opusfile
- flac? ( media-libs/flac:= )
- kate? ( media-libs/libkate )
- ogg123? (
- media-libs/libao
- net-misc/curl
- )
- speex? ( media-libs/speex )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="
- virtual/pkgconfig
- nls? ( sys-devel/gettext )
-"
-
-PATCHES=(
- "${FILESDIR}"/${P}-docdir.patch
- "${FILESDIR}"/${P}-clang16.patch
-)
-
-src_configure() {
- local myeconfargs=(
- $(use_with flac)
- $(use_with kate)
- $(use_enable nls)
- $(use_enable ogg123)
- $(use_with speex)
- )
- econf "${myeconfargs[@]}"
-}
[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
commit: 56cd32a30a93c362963c55b4499b6033be7dc0bb
Author: Sam James gentoo org>
AuthorDate: Thu Feb 9 03:59:05 2023 +
Commit: Sam James gentoo org>
CommitDate: Thu Feb 9 03:59:05 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=56cd32a3
media-sound/vorbis-tools: fix build w/ clang 16
Closes: https://bugs.gentoo.org/871042
Signed-off-by: Sam James gentoo.org>
.../files/vorbis-tools-1.4.2-clang16.patch | 22 ++
4.2-r1.ebuild => vorbis-tools-1.4.2-r2.ebuild} | 9 ++---
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-clang16.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-clang16.patch
new file mode 100644
index ..2d9b1158e635
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.2-clang16.patch
@@ -0,0 +1,22 @@
+https://gitlab.xiph.org/xiph/vorbis-tools/-/merge_requests/6
+
+From ec3a1a1de87168f575b93bc9cedcfaeb82c048a4 Mon Sep 17 00:00:00 2001
+From: Florian Weimer
+Date: Tue, 7 Feb 2023 08:48:05 +0100
+Subject: [PATCH] Fix C99 compatibility glitch in ogginfo/codec_skeleton.c
+
+Include "utf8.h" for a prototype of the utf8_decode function.
+This avoids an implicit function declaration and build issues
+with future compilers.
+--- a/ogginfo/codec_skeleton.c
b/ogginfo/codec_skeleton.c
+@@ -25,6 +25,7 @@
+ #include
+
+ #include "i18n.h"
++#include "utf8.h"
+
+ #include "private.h"
+
+--
+GitLab
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.2-r1.ebuild
b/media-sound/vorbis-tools/vorbis-tools-1.4.2-r2.ebuild
similarity index 87%
rename from media-sound/vorbis-tools/vorbis-tools-1.4.2-r1.ebuild
rename to media-sound/vorbis-tools/vorbis-tools-1.4.2-r2.ebuild
index 94609125c5c9..88fbe65aadc1 100644
--- a/media-sound/vorbis-tools/vorbis-tools-1.4.2-r1.ebuild
+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.2-r2.ebuild
@@ -1,7 +1,7 @@
-# Copyright 1999-2022 Gentoo Authors
+# Copyright 1999-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
-EAPI=7
+EAPI=8
DESCRIPTION="Tools for using the Ogg Vorbis sound file format"
HOMEPAGE="https://xiph.org/vorbis/;
@@ -29,7 +29,10 @@ BDEPEND="
nls? ( sys-devel/gettext )
"
-PATCHES=( "${FILESDIR}"/${P}-docdir.patch )
+PATCHES=(
+ "${FILESDIR}"/${P}-docdir.patch
+ "${FILESDIR}"/${P}-clang16.patch
+)
src_configure() {
local myeconfargs=(
[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
commit: 50641c44982386c6d670a52ea6d5cbac87381f3a
Author: Andreas Sturmlechner gentoo org>
AuthorDate: Sun Jun 10 10:34:23 2018 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Sun Jun 10 10:42:34 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=50641c44
media-sound/vorbis-tools: Fix examples install dir
Thanks-to: Chris Mayo gmail.com>
Closes: https://bugs.gentoo.org/533774
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../vorbis-tools/files/vorbis-tools-1.4.0-docdir.patch | 14 ++
...-tools-1.4.0-r4.ebuild => vorbis-tools-1.4.0-r5.ebuild} | 1 +
2 files changed, 15 insertions(+)
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-docdir.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-docdir.patch
new file mode 100644
index 000..d3fdde0e11d
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-docdir.patch
@@ -0,0 +1,14 @@
+Thanks-to: Chris Mayo
+https://bugs.gentoo.org/533774
+
+--- a/ogg123/Makefile.am
b/ogg123/Makefile.am
+@@ -19,7 +19,7 @@
+ localedir = $(datadir)/locale
+ DEFS = -DSYSCONFDIR=\"$(sysconfdir)\" -DLOCALEDIR=\"$(localedir)\" @DEFS@
+
+-docdir = $(datadir)/doc/$(PACKAGE)-$(VERSION)
++docdir = @docdir@
+ mandir = @MANDIR@
+
+ bin_PROGRAMS = ogg123
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r5.ebuild
similarity index 97%
rename from media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
rename to media-sound/vorbis-tools/vorbis-tools-1.4.0-r5.ebuild
index 54d3541a0b8..d6b6fef03c7 100644
--- a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r5.ebuild
@@ -34,6 +34,7 @@ PATCHES=(
"${FILESDIR}"/${P}-format-security.patch
"${FILESDIR}"/${P}-CVE-2014-9640.patch
"${FILESDIR}"/${P}-CVE-2014-9638.patch
+ "${FILESDIR}"/${P}-docdir.patch
)
src_prepare() {
[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
commit: a5f94c4d90095df4ec012acc6ca25e5fc0e7101a
Author: Andreas Sturmlechner gentoo org>
AuthorDate: Sun Jun 10 10:28:25 2018 +
Commit: Andreas Sturmlechner gentoo org>
CommitDate: Sun Jun 10 10:42:33 2018 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5f94c4d
media-sound/vorbis-tools: EAPI-6 bump
Package-Manager: Portage-2.3.40, Repoman-2.3.9
.../files/vorbis-tools-1.4.0-CVE-2014-9638.patch | 8 +++---
.../files/vorbis-tools-1.4.0-underlinking.patch| 8 +++---
.../vorbis-tools/vorbis-tools-1.4.0-r4.ebuild | 30 +-
3 files changed, 26 insertions(+), 20 deletions(-)
diff --git
a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
index 79859df0274..a643f1cb82f 100644
--- a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
@@ -5,8 +5,8 @@ To fix bug report:
http://www.openwall.com/lists/oss-security/2015/08/29/1
https://bugs.gentoo.org/show_bug.cgi?id=559170
https://bugs.gentoo.org/show_bug.cgi?id=537422
oggenc/audio.h
-+++ oggenc/audio.h
+--- a/oggenc/audio.h
b/oggenc/audio.h
@@ -25,7 +25,7 @@
typedef struct {
@@ -25,8 +25,8 @@ https://bugs.gentoo.org/show_bug.cgi?id=537422
int totalframes;
short samplesize;
int rate;
oggenc/audio.c
-+++ oggenc/audio.c
+--- a/oggenc/audio.c
b/oggenc/audio.c
@@ -245,8 +245,8 @@
int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
{
diff --git
a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch
index aaa10fbb54f..9aee38e0b19 100644
--- a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-underlinking.patch
@@ -23,8 +23,8 @@ using functions from the mathlib.
Therefore, always link to mathlib:
ogg123/Makefile.am
-+++ ogg123/Makefile.am
+--- a/ogg123/Makefile.am
b/ogg123/Makefile.am
@@ -30,7 +30,7 @@
ogg123_LDADD = @SHARE_LIBS@ \
@VORBISFILE_LIBS@ @VORBIS_LIBS@ @OGG_LIBS@ @AO_LIBS@ \
@@ -34,8 +34,8 @@ Therefore, always link to mathlib:
ogg123_DEPENDENCIES = @SHARE_LIBS@
ogg123_SOURCES = audio.c buffer.c callbacks.c \
oggenc/Makefile.am
-+++ oggenc/Makefile.am
+--- a/oggenc/Makefile.am
b/oggenc/Makefile.am
@@ -23,7 +23,7 @@
oggenc_LDADD = @SHARE_LIBS@ \
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
index 7f85f35db51..54d3541a0b8 100644
--- a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
@@ -1,10 +1,11 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
-EAPI=5
-inherit autotools eutils
+EAPI=6
-DESCRIPTION="tools for using the Ogg Vorbis sound file format"
+inherit autotools
+
+DESCRIPTION="Tools for using the Ogg Vorbis sound file format"
HOMEPAGE="http://www.vorbis.com;
SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.gz;
@@ -13,25 +14,30 @@ SLOT="0"
KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86
~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"
IUSE="flac kate nls +ogg123 speex"
-RDEPEND=">=media-libs/libvorbis-1.3.0
+RDEPEND="
+ >=media-libs/libvorbis-1.3.0
flac? ( media-libs/flac )
kate? ( media-libs/libkate )
ogg123? (
>=media-libs/libao-1.0.0
net-misc/curl
)
- speex? ( media-libs/speex )"
+ speex? ( media-libs/speex )
+"
DEPEND="${RDEPEND}
+ virtual/pkgconfig
nls? ( sys-devel/gettext )
- virtual/pkgconfig"
+"
-DOCS="AUTHORS CHANGES README"
+PATCHES=(
+ "${FILESDIR}"/${P}-underlinking.patch
+ "${FILESDIR}"/${P}-format-security.patch
+ "${FILESDIR}"/${P}-CVE-2014-9640.patch
+ "${FILESDIR}"/${P}-CVE-2014-9638.patch
+)
src_prepare() {
- epatch "${FILESDIR}"/${P}-underlinking.patch
- epatch "${FILESDIR}"/${P}-format-security.patch
- epatch "${FILESDIR}"/${P}-CVE-2014-9640.patch
- epatch "${FILESDIR}"/${P}-CVE-2014-9638.patch
+ default
sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.ac || die
#515220
eautoreconf
}
[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
commit: 5b60b4cd7ed6c51f086f57a39a1dbf9cebffc825
Author: Christopher Díaz gmail com>
AuthorDate: Sun Jul 23 15:17:30 2017 +
Commit: Alexis Ballier gentoo org>
CommitDate: Sat Jul 29 10:40:42 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b60b4cd
media-sound/vorbis-tools: multiple security fixes
https://bugs.gentoo.org/show_bug.cgi?id=537422
https://bugs.gentoo.org/show_bug.cgi?id=559170
.../files/vorbis-tools-1.4.0-CVE-2014-9638.patch | 92 ++
.../files/vorbis-tools-1.4.0-CVE-2014-9640.patch | 24 ++
.../vorbis-tools/vorbis-tools-1.4.0-r4.ebuild | 46 +++
3 files changed, 162 insertions(+)
diff --git
a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
new file mode 100644
index 000..79859df0274
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
@@ -0,0 +1,92 @@
+Patches taken as references:
+https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
+To fix bug report:
+http://www.openwall.com/lists/oss-security/2015/08/29/1
+https://bugs.gentoo.org/show_bug.cgi?id=559170
+https://bugs.gentoo.org/show_bug.cgi?id=537422
+--- oggenc/audio.h
oggenc/audio.h
+@@ -25,7 +25,7 @@
+
+ typedef struct {
+ short format;
+-short channels;
++unsigned short channels;
+ int samplerate;
+ int bytespersec;
+ short align;
+@@ -44,7 +44,7 @@
+ } wavfile;
+
+ typedef struct {
+-short channels;
++unsigned short channels;
+ int totalframes;
+ short samplesize;
+ int rate;
+--- oggenc/audio.c
oggenc/audio.c
+@@ -245,8 +245,8 @@
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+ int aifc; /* AIFC or AIFF? */
+-unsigned int len;
+-unsigned char *buffer;
++unsigned int len,readlen;
++unsigned char buffer[22];
+ unsigned char buf2[8];
+ aiff_fmt format;
+ aifffile *aiff = malloc(sizeof(aifffile));
+@@ -269,9 +269,9 @@
+ return 0; /* Weird common chunk */
+ }
+
+-buffer = alloca(len);
+-
+-if(fread(buffer,1,len,in) < len)
++readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++if(fread(buffer,1,readlen,in) < readlen ||
++(len > readlen && !seek_forward(in, len-readlen)))
+ {
+ fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF
header\n"));
+ return 0;
+@@ -277,11 +277,18 @@
+ return 0;
+ }
+
+-format.channels = READ_U16_BE(buffer);
++format.channels = (short)READ_U16_BE(buffer);
+ format.totalframes = READ_U32_BE(buffer+2);
+ format.samplesize = READ_U16_BE(buffer+6);
+ format.rate = (int)read_IEEE80(buffer+8);
+
++if(format.channels <=0)
++{
++ fprintf(stderr, _("ERROR: Invalid channel count in AIFF header\n"));
++ return 0;
++
++}
++
+ aiff->bigendian = 1;
+
+ if(aifc)
+@@ -449,11 +449,17 @@
+ }
+
+ format.format = READ_U16_LE(buf);
+-format.channels =READ_U16_LE(buf+2);
++format.channels =(short)READ_U16_LE(buf+2);
+ format.samplerate = READ_U32_LE(buf+4);
+ format.bytespersec = READ_U32_LE(buf+8);
+ format.align = READ_U16_LE(buf+12);
+ format.samplesize = READ_U16_LE(buf+14);
++
++if(format.channels == 0)
++{
++ fprintf(stderr, _("ERROR: Zero channels in WAV header\n"));
++ return 0;
++}
+
+ if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */
+ {
diff --git
a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch
new file mode 100644
index 000..51c23b062af
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9640.patch
@@ -0,0 +1,24 @@
+Patch taken from:
+https://trac.xiph.org/changeset/19117
+To fix bug report:
+https://bugs.gentoo.org/show_bug.cgi?id=537422
+--- vorbis-tools-1.4.0/oggenc/oggenc.c
vorbis-tools-1.4.0/oggenc/oggenc.c
+@@ -97,6 +97,8 @@
+ .3,-1,
+ 0,0,0.f,
+ 0, 0, 0, 0, 0};
++input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
++N_("RAW file reader")};
+
+ int i;
+
+@@ -239,8 +241,6 @@
+
+ if(opt.rawmode)
+ {
+-input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+-N_("RAW file reader")};
+
+ enc_opts.rate=opt.raw_samplerate;
+ enc_opts.channels=opt.raw_channels;
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
new file mode 100644
index 000..7f85f35db51
--- /dev/null
+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r4.ebuild
@@ -0,0 +1,46
[gentoo-commits] repo/gentoo:master commit in: media-sound/vorbis-tools/, media-sound/vorbis-tools/files/
commit: 3aeef28be917bba491ddb751f06aec58fdf672a9
Author: ChrisADR gmail com>
AuthorDate: Mon Jul 17 00:26:28 2017 +
Commit: Alexis Ballier gentoo org>
CommitDate: Mon Jul 17 15:53:30 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3aeef28b
media-sound/vorbis-tools: New revision fixing security bug 559170
.../vorbis-tools-1.4.0-aiff-buffer-overflow.patch | 31 +++
.../vorbis-tools/vorbis-tools-1.4.0-r3.ebuild | 45 ++
2 files changed, 76 insertions(+)
diff --git
a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch
new file mode 100644
index 000..f8b66a90e7c
--- /dev/null
+++
b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-aiff-buffer-overflow.patch
@@ -0,0 +1,31 @@
+Patch taken from:
+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
+To fix bug report:
+http://www.openwall.com/lists/oss-security/2015/08/29/1
+https://bugs.gentoo.org/show_bug.cgi?id=559170
+--- oggenc/audio.c
oggenc/audio.c
+@@ -245,8 +245,8 @@
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+ int aifc; /* AIFC or AIFF? */
+-unsigned int len;
+-unsigned char *buffer;
++unsigned int len,readlen;
++unsigned char buffer[22];
+ unsigned char buf2[8];
+ aiff_fmt format;
+ aifffile *aiff = malloc(sizeof(aifffile));
+@@ -269,9 +269,9 @@
+ return 0; /* Weird common chunk */
+ }
+
+-buffer = alloca(len);
+-
+-if(fread(buffer,1,len,in) < len)
++readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++if(fread(buffer,1,readlen,in) < readlen ||
++(len > readlen && !seek_forward(in, len-readlen)))
+ {
+ fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF
header\n"));
+ return 0;
diff --git a/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild
b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild
new file mode 100644
index 000..977e7e88ff3
--- /dev/null
+++ b/media-sound/vorbis-tools/vorbis-tools-1.4.0-r3.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+inherit autotools eutils
+
+DESCRIPTION="tools for using the Ogg Vorbis sound file format"
+HOMEPAGE="http://www.vorbis.com;
+SRC_URI="http://downloads.xiph.org/releases/vorbis/${P}.tar.gz;
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~sparc ~x86
~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x86-macos ~x86-solaris"
+IUSE="flac kate nls +ogg123 speex"
+
+RDEPEND=">=media-libs/libvorbis-1.3.0
+ flac? ( media-libs/flac )
+ kate? ( media-libs/libkate )
+ ogg123? (
+ >=media-libs/libao-1.0.0
+ net-misc/curl
+ )
+ speex? ( media-libs/speex )"
+DEPEND="${RDEPEND}
+ nls? ( sys-devel/gettext )
+ virtual/pkgconfig"
+
+DOCS="AUTHORS CHANGES README"
+
+src_prepare() {
+ epatch "${FILESDIR}"/${P}-underlinking.patch
+ epatch "${FILESDIR}"/${P}-format-security.patch
+ epatch "${FILESDIR}"/${P}-aiff-buffer-overflow.patch
+ sed -i -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' configure.ac || die
#515220
+ eautoreconf
+}
+
+src_configure() {
+ econf \
+ $(use_enable nls) \
+ $(use_enable ogg123) \
+ $(use_with flac) \
+ $(use_with speex) \
+ $(use_with kate)
+}
