diff options
| author |   Aaron Bauman <bman@gentoo.org> | 2018-05-04 20:46:54 -0400 |
|---|---|---|
| committer | Aaron Bauman <bman@gentoo.org> | 2018-05-04 20:46:54 -0400 |
| commit | c77b4de07de7b74bba15ac1c62332ed2aa2143cb (patch) | |
| tree | 728437a298a8b9a8b6ec40479909f7062f8298e0 /media-libs/libmp3splt | |
| parent | net-firewall/shorewall: Bump to v5.2.0.1 (diff) | |
| download | gentoo-c77b4de07de7b74bba15ac1c62332ed2aa2143cb.tar.gz gentoo-c77b4de07de7b74bba15ac1c62332ed2aa2143cb.tar.bz2 gentoo-c77b4de07de7b74bba15ac1c62332ed2aa2143cb.zip | |
media-libs/libmp3splt: add CVE-2017-15185 DoS patch
Bug: https://bugs.gentoo.org/633840
Package-Manager: Portage-2.3.36, Repoman-2.3.9
Diffstat (limited to 'media-libs/libmp3splt')
| -rw-r--r-- | media-libs/libmp3splt/files/CVE-2017-15185.patch | 41 | ||||
| -rw-r--r-- | media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild | 52 |
2 files changed, 93 insertions, 0 deletions
diff --git a/media-libs/libmp3splt/files/CVE-2017-15185.patch b/media-libs/libmp3splt/files/CVE-2017-15185.patch new file mode 100644 index 000000000000..b31a92d0c452 --- /dev/null +++ b/media-libs/libmp3splt/files/CVE-2017-15185.patch @@ -0,0 +1,41 @@ +diff --git a/libmp3splt/plugins/ogg.c b/libmp3splt/plugins/ogg.c +index 50cc495..57745f1 100644 +--- a/libmp3splt/plugins/ogg.c ++++ b/libmp3splt/plugins/ogg.c +@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error) + goto error; + } + memset(oggstate, 0, sizeof(splt_ogg_state)); ++ + if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL) + { + goto error; + } ++ memset(oggstate->sync_in, 0, sizeof(ogg_sync_state)); ++ + if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL) + { + goto error; + } ++ memset(oggstate->stream_in, 0, sizeof(ogg_stream_state)); ++ + if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL) + { + goto error; + } ++ memset(oggstate->vd, 0, sizeof(vorbis_dsp_state)); ++ + if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL) + { + goto error; + } ++ memset(oggstate->vi, 0, sizeof(vorbis_info)); ++ + if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL) + { + goto error; + } ++ memset(oggstate->vb, 0, sizeof(vorbis_block)); + + if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL) + { diff --git a/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild new file mode 100644 index 000000000000..0427694ed0bc --- /dev/null +++ b/media-libs/libmp3splt/libmp3splt-0.9.2-r1.ebuild @@ -0,0 +1,52 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +inherit versionator autotools eutils multilib + +DESCRIPTION="a library for mp3splt to split mp3 and ogg files without decoding" +HOMEPAGE="http://mp3splt.sourceforge.net" +SRC_URI="mirror://sourceforge/${PN:3}/${P}.tar.gz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86" +IUSE="doc flac pcre" + +RDEPEND="media-libs/libmad + media-libs/libvorbis + media-libs/libogg + media-libs/libid3tag + flac? ( >=media-libs/flac-1.2.1 ) + pcre? ( dev-libs/libpcre )" +DEPEND="${RDEPEND} + doc? ( >=app-doc/doxygen-1.8.3.1 media-gfx/graphviz ) + sys-apps/findutils" + +src_prepare() { + epatch "${FILESDIR}"/${PN}-0.7-libltdl.patch + epatch "${FILESDIR}"/CVE-2017-15185.patch + eautoreconf +} + +src_configure() { + econf \ + --disable-dependency-tracking \ + --disable-static \ + $(use_enable pcre) \ + $(use_enable flac) \ + $(use_enable doc doxygen_doc) \ + --docdir=/usr/share/doc/${PF} \ + --disable-optimise \ + --disable-cutter # TODO package cutter <http://cutter.sourceforge.net/> +} + +src_install() { + default + use doc && docompress -x /usr/share/doc/${PF}/doxygen/${PN}_ico.svg + + dodoc AUTHORS ChangeLog LIMITS NEWS README TODO + + find "${D}"/usr -name '*.la' -delete +} |