From: Andreas Sturmlechner Date: Wed, 22 Aug 2018 21:56:46 +0000 (+0200) Subject: media-sound/timidity++: EAPI-6, CVE-2017-11546, CVE-2017-11547 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=6a87c686d9ac9de5e0e455d15773d11307a73c66;p=gentoo.git media-sound/timidity++: EAPI-6, CVE-2017-11546, CVE-2017-11547 Bug: https://bugs.gentoo.org/626706 Package-Manager: Portage-2.3.48, Repoman-2.3.10 --- diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch new file mode 100644 index 000000000000..94135e98b96a --- /dev/null +++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11546.patch @@ -0,0 +1,31 @@ +From 2386ec2c745f6c5075e53ea051da211336b44b84 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 26 Jun 2018 22:31:27 +0200 +Subject: readmidi: Fix division by zero + +References: CVE-2017-11546 + +An adhoc fix for division by zero in insert_note_steps(). + +Signed-off-by: Takashi Iwai +bug-debian: https://bugs.debian.org/870338 +bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694 +bug: https://bugzilla.suse.com/show_bug.cgi?id=1081694 +origin: https://bugzilla.suse.com/attachment.cgi?id=760825 +--- + timidity/readmidi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/timidity/readmidi.c b/timidity/readmidi.c +index 158388a..341777e 100644 +--- a/timidity/readmidi.c ++++ b/timidity/readmidi.c +@@ -4585,6 +4585,8 @@ static void insert_note_steps(void) + if (beat != 0) + meas++, beat = 0; + num = timesig[n].a, denom = timesig[n].b, n++; ++ if (!denom) ++ denom = 1; + } + a = (meas + 1) & 0xff; + b = (((meas + 1) >> 8) & 0x0f) + ((beat + 1) << 4); diff --git a/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch new file mode 100644 index 000000000000..12562a577e0e --- /dev/null +++ b/media-sound/timidity++/files/timidity++-2.14.0-CVE-2017-11547.patch @@ -0,0 +1,67 @@ +From 34328d22cbb4ccf03f29223f54f1834c796d86a2 Mon Sep 17 00:00:00 2001 +From: Takashi Iwai +Date: Tue, 26 Jun 2018 22:31:28 +0200 +Subject: resample: Fix out-of-bound access in resamplers + +References: CVE-2017-11547 + +An adhoc fix for out-of-bound accesses in resamples. +The offset might overflow the given data range. + +Signed-off-by: Takashi Iwai +bug-debian: https://bugs.debian.org/870338 +bug-suse: https://bugzilla.suse.com/show_bug.cgi?id=1081694 +origin: https://bugzilla.suse.com/attachment.cgi?id=760826 +--- + timidity/resample.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/timidity/resample.c b/timidity/resample.c +index cd6b8e6..4a3fadf 100644 +--- a/timidity/resample.c ++++ b/timidity/resample.c +@@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t *src, splen_t ofs, resample_rec_t *r + { + int32 ofsi, ofsf, v0, v1, v2, v3, temp; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + ofsi = ofs >> FRACTION_BITS; + v1 = src[ofsi]; + v2 = src[ofsi + 1]; +@@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t *src, splen_t ofs, resample_rec_t * + { + int32 ofsi, ofsf, v0, v1, v2, v3; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + ofsi = ofs >> FRACTION_BITS; + v1 = (int32)src[ofsi]; + v2 = (int32)src[ofsi + 1]; +@@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t *src, splen_t ofs, resample_rec_t *rec + sample_t *sptr; + int32 left, right, temp_n; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + left = (ofs>>FRACTION_BITS); + right = (rec->data_length>>FRACTION_BITS) - left - 1; + temp_n = (right<<1)-1; +@@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t *src, splen_t ofs, resample_rec_t *re + int32 left, right, temp_n; + int ii, jj; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + left = (ofs>>FRACTION_BITS); + right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1; + temp_n = (right<<1)-1; +@@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t *src, splen_t ofs, resample_rec_t *re + { + int32 v1, v2, ofsi; + ++ if (ofs + (1 << FRACTION_BITS) >= rec->data_length) ++ return src[ofs >> FRACTION_BITS]; + ofsi = ofs >> FRACTION_BITS; + v1 = src[ofsi]; + v2 = src[ofsi + 1]; diff --git a/media-sound/timidity++/files/timidity++-2.14.0-params.patch b/media-sound/timidity++/files/timidity++-2.14.0-params.patch index d56448b8761b..18790f8bffb4 100644 --- a/media-sound/timidity++/files/timidity++-2.14.0-params.patch +++ b/media-sound/timidity++/files/timidity++-2.14.0-params.patch @@ -1,5 +1,5 @@ ---- configure.in -+++ configure.in +--- a/configure.in ++++ b/configure.in @@ -2245,10 +2245,15 @@ AM_CONDITIONAL(W32READDIR, test "x$W32READDIR" = "xyes") diff --git a/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch b/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch index a83a7db993f8..6f901eab8bc0 100644 --- a/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch +++ b/media-sound/timidity++/files/timidity++-2.14.0-revert-for-required-ctl_speana_data-function.patch @@ -8,8 +8,8 @@ Because otherwise TiMidity++ simply won't build as per: xskin_c.c:(.text+0x17c): undefined reference to `ctl_speana_data' collect2: error: ld returned 1 exit status ---- interface/xskin_c.c -+++ interface/xskin_c.c +--- a/interface/xskin_c.c ++++ b/interface/xskin_c.c @@ -228,7 +228,6 @@ } } diff --git a/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch b/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch index ea2c0eec6c7d..23ef62aa03e5 100644 --- a/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch +++ b/media-sound/timidity++/files/timidity++-2.14.0-tcltk86.patch @@ -1,7 +1,7 @@ http://bugs.gentoo.org/451296 ---- interface/tk_c.c -+++ interface/tk_c.c +--- a/interface/tk_c.c ++++ b/interface/tk_c.c @@ -913,7 +913,7 @@ vsnprintf(buf, sizeof(buf), fmt, ap); Tcl_Eval(my_interp, buf); diff --git a/media-sound/timidity++/timidity++-2.14.0-r3.ebuild b/media-sound/timidity++/timidity++-2.14.0-r3.ebuild new file mode 100644 index 000000000000..5a1770ebcfdb --- /dev/null +++ b/media-sound/timidity++/timidity++-2.14.0-r3.ebuild @@ -0,0 +1,199 @@ +# Copyright 1999-2018 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +inherit autotools desktop elisp-common systemd toolchain-funcs user xdg-utils + +MY_PV=${PV/_/-} +MY_P=TiMidity++-${MY_PV} +S=${WORKDIR}/${MY_P} + +DESCRIPTION="A handy MIDI to WAV converter with OSS and ALSA output support" +HOMEPAGE="http://timidity.sourceforge.net/" +SRC_URI="mirror://sourceforge/timidity/${MY_P}.tar.xz" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ppc ~ppc64 ~sparc ~x86 ~x86-fbsd" +IUSE="motif oss nas X gtk vorbis tk slang alsa jack emacs ao selinux speex flac ncurses" + +DEPEND=" + alsa? ( media-libs/alsa-lib ) + ao? ( >=media-libs/libao-0.8.5 ) + emacs? ( virtual/emacs ) + flac? ( media-libs/flac ) + gtk? ( x11-libs/gtk+:2 ) + jack? ( virtual/jack ) + motif? ( >=x11-libs/motif-2.3:0 ) + nas? ( >=media-libs/nas-1.4 ) + ncurses? ( sys-libs/ncurses:0= ) + slang? ( sys-libs/slang ) + speex? ( media-libs/speex ) + tk? ( dev-lang/tk:0= ) + vorbis? ( media-libs/libvorbis ) + X? ( + media-libs/libpng:0= + x11-libs/libXaw + x11-libs/libXext + ) +" +RDEPEND="${DEPEND} + app-eselect/eselect-timidity + alsa? ( media-sound/alsa-utils ) + selinux? ( sec-policy/selinux-timidity ) +" + +PDEPEND="|| ( media-sound/timidity-eawpatches media-sound/timidity-freepats )" + +SITEFILE=50${PN}-gentoo.el + +pkg_setup() { + enewgroup audio 18 # Just make sure it exists + enewuser timidity -1 -1 /var/lib/timidity audio +} + +DOCS=( AUTHORS ChangeLog NEWS README "${FILESDIR}"/timidity.cfg-r1 ) + +PATCHES=( + "${FILESDIR}"/${P}-params.patch + "${FILESDIR}"/${P}-revert-for-required-ctl_speana_data-function.patch + "${FILESDIR}"/${P}-tcltk86.patch + "${FILESDIR}"/${P}-ar.patch + "${FILESDIR}"/${P}-configure-flags.patch + "${FILESDIR}"/${P}-pkg-config.patch + "${FILESDIR}"/${P}-CVE-2017-1154{6,7}.patch +) + +src_prepare() { + default + eautoreconf +} + +src_configure() { + export EXTRACFLAGS="${CFLAGS}" #385817 + + local myconf=() + local audios + + use flac && audios+=",flac" + use speex && audios+=",speex" + use vorbis && audios+=",vorbis" + use oss && audios+=",oss" + use jack && audios+=",jack" + use ao && audios+=",ao" + + if use nas; then + audios+=",nas" + myconf+=( --with-nas-library="/usr/$(get_libdir)/libaudio.so" --with-x ) + use X || ewarn "Basic X11 support will be enabled because required by nas." + fi + + if use alsa; then + audios+=",alsa" + myconf+=( --with-default-output=alsa --enable-alsaseq ) + fi + + # We disable motif by default and then only enable it if it's requested. + if use motif; then + myconf+=( --enable-motif --with-x ) + use X || ewarn "Basic X11 support will be enabled because required by motif." + fi + + econf \ + --localstatedir=/var/state/timidity++ \ + --with-module-dir="${EPREFIX}/usr/share/timidity" \ + --with-lispdir="${SITELISP}/${PN}" \ + --with-elf \ + --enable-audio=${audios} \ + --enable-server \ + --enable-network \ + --enable-dynamic \ + --enable-vt100 \ + --enable-spline=cubic \ + $(use_enable emacs) \ + $(use_enable slang) \ + $(use_enable ncurses) \ + $(use_with X x) \ + $(use_enable X spectrogram) \ + $(use_enable X wrd) \ + $(use_enable X xskin) \ + $(use_enable X xaw) \ + $(use_enable gtk) \ + $(use_enable tk tcltk) \ + --disable-motif \ + "${myconf[@]}" +} + +src_install() { + emake DESTDIR="${D}" install + einstalldocs + + # these are only for the ALSA sequencer mode + if use alsa; then + newconfd "${FILESDIR}"/conf.d.timidity.2 timidity + newinitd "${FILESDIR}"/init.d.timidity.4 timidity + + systemd_dounit "${FILESDIR}"/timidity.service + fi + + insinto /etc + newins "${FILESDIR}"/timidity.cfg-r1 timidity.cfg + + dodir /usr/share/timidity + dosym ../../../etc/timidity.cfg /usr/share/timidity/timidity.cfg + + if use emacs; then + elisp-site-file-install "${FILESDIR}/${SITEFILE}" + fi + + diropts -o timidity -g nobody -m 0700 + keepdir /var/lib/timidity + + doicon "${FILESDIR}"/timidity.xpm + newmenu "${FILESDIR}"/timidity.desktop.2 timidity.desktop + + # Order of preference: gtk, X (Xaw), ncurses, slang + # Do not create menu item for terminal ones + local interface="-id" + local terminal="true" + local nodisplay="true" + if use gtk || use X; then + interface="-ia" + terminal="false" + nodisplay="false" + use gtk && interface="-ig" + elif use ncurses || use slang; then + local interface="-is" + use ncurses && interface="-in" + fi + sed -e "s/Exec=timidity/Exec=timidity ${interface}/" \ + -e "s/Terminal=.*/Terminal=${terminal}/" \ + -e "s/NoDisplay=.*/NoDisplay=${nodisplay}/" \ + -i "${D}"/usr/share/applications/timidity.desktop || die +} + +pkg_postinst() { + use emacs && elisp-site-regen + + elog "A timidity config file has been installed in /etc/timidity.cfg." + elog "Do not edit this file as it will interfere with the eselect timidity tool." + elog "The tool 'eselect timidity' can be used to switch between installed patchsets." + + if use alsa; then + elog "An init script for the alsa timidity sequencer has been installed." + elog "If you wish to use the timidity virtual sequencer, edit /etc/conf.d/timidity" + elog "and run 'rc-update add timidity && /etc/init.d/timidity start'" + fi + + if use sparc; then + elog "Only saving to wave file and ALSA soundback has been tested working." + fi + + xdg_desktop_database_update +} + +pkg_postrm() { + use emacs && elisp-site-regen + xdg_desktop_database_update +}