Re: audio/sox patches from oss-security
On Tue, Feb 07, 2023 at 02:48:25PM +0100, Jan Stary wrote: > On Feb 06 22:56:02, t...@theobuehler.org wrote: > > There is an ongoing discussion on audio/sox on oss-security: > > > > https://marc.info/?l=oss-security=167546008232629=2 > > > > Steffen Nurpmeso ported the patches to apply against the commit > > we also use in our ports, that's what's included in the diff below. > > > > The patches look sensible to me although I haven't reviewed them > > thoroughly. > > > > It's probably a good idea to keep an eye on this discussion both for > > reviews of the patches and for possible developments of a new upstream > > repo containing them. > > I just asked upstream - let's wait a on whether the upstream maintainer > decides to include these in the upstream git (SF) that we build from; > I would prefer that to maintaining the patches (thank you Steffen!) For reference: https://marc.info/?l=sox-devel=167577672104072=2 The patches were sent to oss-security *because* upstream failed to react: I am working on fixing known vulnerabilities in sox and since upstream seems mostly dead (no commits in more than a year, no replies to bug reports) Given this, waiting until upstream decides to unhibernate makes little sense to me.
Re: audio/sox patches from oss-security
On Feb 06 22:56:02, t...@theobuehler.org wrote:
> There is an ongoing discussion on audio/sox on oss-security:
>
> https://marc.info/?l=oss-security=167546008232629=2
>
> Steffen Nurpmeso ported the patches to apply against the commit
> we also use in our ports, that's what's included in the diff below.
>
> The patches look sensible to me although I haven't reviewed them
> thoroughly.
>
> It's probably a good idea to keep an eye on this discussion both for
> reviews of the patches and for possible developments of a new upstream
> repo containing them.
I just asked upstream - let's wait a on whether the upstream maintainer
decides to include these in the upstream git (SF) that we build from;
I would prefer that to maintaining the patches (thank you Steffen!)
Jan
> ===
> RCS file: /cvs/ports/audio/sox/Makefile,v
> retrieving revision 1.74
> diff -u -p -r1.74 Makefile
> --- Makefile 11 Mar 2022 18:20:31 - 1.74
> +++ Makefile 6 Feb 2023 21:39:18 -
> @@ -5,6 +5,7 @@ V=14.4.2pl20210509
> GIT_V= 14.4.3git
> DISTNAME=sox-${V}
> SHARED_LIBS += sox 4.1 # 3.0
> +REVISION = 0
>
> CATEGORIES= audio
> HOMEPAGE=http://sox.sourceforge.net/
> Index: patches/patch-src_aiff_c
> ===
> RCS file: patches/patch-src_aiff_c
> diff -N patches/patch-src_aiff_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_aiff_c 6 Feb 2023 21:38:58 -
> @@ -0,0 +1,17 @@
> +https://marc.info/?l=oss-security=167571683504082=2
> +
> +Index: src/aiff.c
> +--- src/aiff.c.orig
> src/aiff.c
> +@@ -619,6 +619,11 @@ int lsx_aiffstartwrite(sox_format_t * ft)
> +At 48 kHz, 16 bits stereo, this gives ~3 hours of audio.
> +Sorry, the AIFF format does not provide for an indefinite
> +number of samples. */
> ++if (ft->signal.channels >= (0x7f00 /
> (ft->encoding.bits_per_sample >> 3)))
> ++{
> ++lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF
> header");
> ++return SOX_EOF;
> ++}
> + return(aiffwriteheader(ft, (uint64_t) 0x7f00 /
> ((ft->encoding.bits_per_sample>>3)*ft->signal.channels)));
> + }
> +
> Index: patches/patch-src_formats_c
> ===
> RCS file: /cvs/ports/audio/sox/patches/patch-src_formats_c,v
> retrieving revision 1.8
> diff -u -p -r1.8 patch-src_formats_c
> --- patches/patch-src_formats_c 11 Mar 2022 18:20:31 - 1.8
> +++ patches/patch-src_formats_c 6 Feb 2023 21:38:58 -
> @@ -1,3 +1,5 @@
> +https://marc.info/?l=oss-security=167571683504082=2
> +
> Index: src/formats.c
> --- src/formats.c.orig
> +++ src/formats.c
> @@ -19,3 +21,11 @@ Index: src/formats.c
> char * command = lsx_malloc(strlen(command_format) +
> strlen(identifier));
> sprintf(command, command_format, identifier);
> f = popen(command, POPEN_MODE);
> +@@ -627,6 +627,7 @@ error:
> + free(ft->priv);
> + free(ft->filename);
> + free(ft->filetype);
> ++ sox_delete_comments(>oob.comments);
> + free(ft);
> + return NULL;
> + }
> Index: patches/patch-src_formats_i_c
> ===
> RCS file: patches/patch-src_formats_i_c
> diff -N patches/patch-src_formats_i_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-src_formats_i_c 6 Feb 2023 21:38:58 -
> @@ -0,0 +1,42 @@
> +https://marc.info/?l=oss-security=167571683504082=2
> +
> +Index: src/formats_i.c
> +--- src/formats_i.c.orig
> src/formats_i.c
> +@@ -19,6 +19,7 @@
> + */
> +
> + #include "sox_i.h"
> ++#include
> + #include
> + #include
> + #include
> +@@ -60,13 +61,24 @@ int lsx_check_read_params(sox_format_t * ft, unsigned
> + if (ft->seekable)
> + ft->data_start = lsx_tell(ft);
> +
> +- if (channels && ft->signal.channels && ft->signal.channels != channels)
> ++ if (channels && ft->signal.channels && ft->signal.channels != channels) {
> + lsx_warn("`%s': overriding number of channels", ft->filename);
> +- else ft->signal.channels = channels;
> ++ } else if (channels > SHRT_MAX) {
> ++lsx_fail_errno(ft, EINVAL, "implausibly large number of channels");
> ++return SOX_EOF;
> ++ } else {
> ++ft->signal.channels = channels;
> ++ }
> +
> +- if (rate && ft->signal.rate && ft->signal.rate != rate)
> ++ if (rate && ft->signal.rate && ft->signal.rate != rate) {
> + lsx_warn("`%s': overriding sample rate", ft->filename);
> +- else ft->signal.rate = rate;
> ++ /* Since NaN comparisons yield false, the negation rejects them. */
> ++ } else if (!(rate > 0)) {
> ++lsx_fail_errno(ft, EINVAL, "invalid rate value");
> ++return SOX_EOF;
> ++ } else {
> ++ft->signal.rate = rate;
> ++ }
> +
> + if (encoding && ft->encoding.encoding &&
audio/sox patches from oss-security
There is an ongoing discussion on audio/sox on oss-security:
https://marc.info/?l=oss-security=167546008232629=2
Steffen Nurpmeso ported the patches to apply against the commit
we also use in our ports, that's what's included in the diff below.
The patches look sensible to me although I haven't reviewed them
thoroughly.
It's probably a good idea to keep an eye on this discussion both for
reviews of the patches and for possible developments of a new upstream
repo containing them.
Index: Makefile
===
RCS file: /cvs/ports/audio/sox/Makefile,v
retrieving revision 1.74
diff -u -p -r1.74 Makefile
--- Makefile11 Mar 2022 18:20:31 - 1.74
+++ Makefile6 Feb 2023 21:39:18 -
@@ -5,6 +5,7 @@ V= 14.4.2pl20210509
GIT_V= 14.4.3git
DISTNAME= sox-${V}
SHARED_LIBS += sox 4.1 # 3.0
+REVISION = 0
CATEGORIES=audio
HOMEPAGE= http://sox.sourceforge.net/
Index: patches/patch-src_aiff_c
===
RCS file: patches/patch-src_aiff_c
diff -N patches/patch-src_aiff_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_aiff_c6 Feb 2023 21:38:58 -
@@ -0,0 +1,17 @@
+https://marc.info/?l=oss-security=167571683504082=2
+
+Index: src/aiff.c
+--- src/aiff.c.orig
src/aiff.c
+@@ -619,6 +619,11 @@ int lsx_aiffstartwrite(sox_format_t * ft)
+At 48 kHz, 16 bits stereo, this gives ~3 hours of audio.
+Sorry, the AIFF format does not provide for an indefinite
+number of samples. */
++if (ft->signal.channels >= (0x7f00 /
(ft->encoding.bits_per_sample >> 3)))
++{
++lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF
header");
++return SOX_EOF;
++}
+ return(aiffwriteheader(ft, (uint64_t) 0x7f00 /
((ft->encoding.bits_per_sample>>3)*ft->signal.channels)));
+ }
+
Index: patches/patch-src_formats_c
===
RCS file: /cvs/ports/audio/sox/patches/patch-src_formats_c,v
retrieving revision 1.8
diff -u -p -r1.8 patch-src_formats_c
--- patches/patch-src_formats_c 11 Mar 2022 18:20:31 - 1.8
+++ patches/patch-src_formats_c 6 Feb 2023 21:38:58 -
@@ -1,3 +1,5 @@
+https://marc.info/?l=oss-security=167571683504082=2
+
Index: src/formats.c
--- src/formats.c.orig
+++ src/formats.c
@@ -19,3 +21,11 @@ Index: src/formats.c
char * command = lsx_malloc(strlen(command_format) + strlen(identifier));
sprintf(command, command_format, identifier);
f = popen(command, POPEN_MODE);
+@@ -627,6 +627,7 @@ error:
+ free(ft->priv);
+ free(ft->filename);
+ free(ft->filetype);
++ sox_delete_comments(>oob.comments);
+ free(ft);
+ return NULL;
+ }
Index: patches/patch-src_formats_i_c
===
RCS file: patches/patch-src_formats_i_c
diff -N patches/patch-src_formats_i_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_formats_i_c 6 Feb 2023 21:38:58 -
@@ -0,0 +1,42 @@
+https://marc.info/?l=oss-security=167571683504082=2
+
+Index: src/formats_i.c
+--- src/formats_i.c.orig
src/formats_i.c
+@@ -19,6 +19,7 @@
+ */
+
+ #include "sox_i.h"
++#include
+ #include
+ #include
+ #include
+@@ -60,13 +61,24 @@ int lsx_check_read_params(sox_format_t * ft, unsigned
+ if (ft->seekable)
+ ft->data_start = lsx_tell(ft);
+
+- if (channels && ft->signal.channels && ft->signal.channels != channels)
++ if (channels && ft->signal.channels && ft->signal.channels != channels) {
+ lsx_warn("`%s': overriding number of channels", ft->filename);
+- else ft->signal.channels = channels;
++ } else if (channels > SHRT_MAX) {
++lsx_fail_errno(ft, EINVAL, "implausibly large number of channels");
++return SOX_EOF;
++ } else {
++ft->signal.channels = channels;
++ }
+
+- if (rate && ft->signal.rate && ft->signal.rate != rate)
++ if (rate && ft->signal.rate && ft->signal.rate != rate) {
+ lsx_warn("`%s': overriding sample rate", ft->filename);
+- else ft->signal.rate = rate;
++ /* Since NaN comparisons yield false, the negation rejects them. */
++ } else if (!(rate > 0)) {
++lsx_fail_errno(ft, EINVAL, "invalid rate value");
++return SOX_EOF;
++ } else {
++ft->signal.rate = rate;
++ }
+
+ if (encoding && ft->encoding.encoding && ft->encoding.encoding != encoding)
+ lsx_warn("`%s': overriding encoding type", ft->filename);
Index: patches/patch-src_hcom_c
===
RCS file: patches/patch-src_hcom_c
diff -N patches/patch-src_hcom_c
--- /dev/null 1 Jan 1970 00:00:00 -
+++ patches/patch-src_hcom_c6 Feb 2023 21:38:58 -
@@ -0,0 +1,57 @@
+https://marc.info/?l=oss-security=167571683504082=2
+
+Index: src/hcom.c
+--- src/hcom.c.orig
src/hcom.c
+@@ -141,6 +141,11 @@ static int
