diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:36 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-01-07 02:18:47 +0000 |
commit | 36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2 (patch) | |
tree | b3faaf573407b32aa645237a4d16b82778a39a92 /nixpkgs/pkgs/development/libraries/audiofile | |
parent | 4e31070265257dc67d120c27e0f75c2344fdfa9a (diff) | |
parent | abf060725d7614bd3b9f96764262dfbc2f9c2199 (diff) | |
download | nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.gz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.bz2 nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.lz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.xz nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.tar.zst nixlib-36f56d99fa0a0765c9f1de4a5f17a9b05830c3f2.zip |
Add 'nixpkgs/' from commit 'abf060725d7614bd3b9f96764262dfbc2f9c2199'
git-subtree-dir: nixpkgs git-subtree-mainline: 4e31070265257dc67d120c27e0f75c2344fdfa9a git-subtree-split: abf060725d7614bd3b9f96764262dfbc2f9c2199
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/audiofile')
3 files changed, 267 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/audiofile/CVE-2015-7747.patch b/nixpkgs/pkgs/development/libraries/audiofile/CVE-2015-7747.patch new file mode 100644 index 000000000000..a01aaa14dcee --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/audiofile/CVE-2015-7747.patch @@ -0,0 +1,161 @@ +Description: fix buffer overflow when changing both sample format and + number of channels +Origin: backport, https://github.com/mpruett/audiofile/pull/25 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 +Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=801102 + +Index: audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp +=================================================================== +--- audiofile-0.3.6.orig/libaudiofile/modules/ModuleState.cpp 2015-10-20 08:00:58.036128202 -0400 ++++ audiofile-0.3.6/libaudiofile/modules/ModuleState.cpp 2015-10-20 08:00:58.036128202 -0400 +@@ -402,7 +402,7 @@ + addModule(new Transform(outfc, in.pcm, out.pcm)); + + if (in.channelCount != out.channelCount) +- addModule(new ApplyChannelMatrix(infc, isReading, ++ addModule(new ApplyChannelMatrix(outfc, isReading, + in.channelCount, out.channelCount, + in.pcm.minClip, in.pcm.maxClip, + track->channelMatrix)); +Index: audiofile-0.3.6/test/Makefile.am +=================================================================== +--- audiofile-0.3.6.orig/test/Makefile.am 2015-10-20 08:00:58.036128202 -0400 ++++ audiofile-0.3.6/test/Makefile.am 2015-10-20 08:00:58.036128202 -0400 +@@ -26,6 +26,7 @@ + VirtualFile \ + floatto24 \ + query2 \ ++ sixteen-stereo-to-eight-mono \ + sixteen-to-eight \ + testchannelmatrix \ + testdouble \ +@@ -139,6 +140,7 @@ + printmarkers_LDADD = $(LIBAUDIOFILE) -lm + + sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h ++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h + + testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h + +Index: audiofile-0.3.6/test/sixteen-stereo-to-eight-mono.c +=================================================================== +--- /dev/null 1970-01-01 00:00:00.000000000 +0000 ++++ audiofile-0.3.6/test/sixteen-stereo-to-eight-mono.c 2015-10-20 08:33:57.512286416 -0400 +@@ -0,0 +1,117 @@ ++/* ++ Audio File Library ++ ++ Copyright 2000, Silicon Graphics, Inc. ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2 of the License, or ++ (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License along ++ with this program; if not, write to the Free Software Foundation, Inc., ++ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. ++*/ ++ ++/* ++ sixteen-stereo-to-eight-mono.c ++ ++ This program tests the conversion from 2-channel 16-bit integers to ++ 1-channel 8-bit integers. ++*/ ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <stdint.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <unistd.h> ++#include <limits.h> ++ ++#include <audiofile.h> ++ ++#include "TestUtilities.h" ++ ++int main (int argc, char **argv) ++{ ++ AFfilehandle file; ++ AFfilesetup setup; ++ int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921}; ++ int8_t frames8[] = {28, 6, -2}; ++ int i, frameCount = 3; ++ int8_t byte; ++ AFframecount result; ++ ++ setup = afNewFileSetup(); ++ ++ afInitFileFormat(setup, AF_FILE_WAVE); ++ ++ afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16); ++ afInitChannels(setup, AF_DEFAULT_TRACK, 2); ++ ++ char testFileName[PATH_MAX]; ++ if (!createTemporaryFile("sixteen-to-eight", testFileName)) ++ { ++ fprintf(stderr, "Could not create temporary file.\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ file = afOpenFile(testFileName, "w", setup); ++ if (file == AF_NULL_FILEHANDLE) ++ { ++ fprintf(stderr, "could not open file for writing\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ afFreeFileSetup(setup); ++ ++ afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount); ++ ++ afCloseFile(file); ++ ++ file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP); ++ if (file == AF_NULL_FILEHANDLE) ++ { ++ fprintf(stderr, "could not open file for reading\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8); ++ afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1); ++ ++ for (i=0; i<frameCount; i++) ++ { ++ /* Read one frame. */ ++ result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1); ++ ++ if (result != 1) ++ break; ++ ++ /* Compare the byte read with its precalculated value. */ ++ if (memcmp(&byte, &frames8[i], 1) != 0) ++ { ++ printf("error\n"); ++ printf("expected %d, got %d\n", frames8[i], byte); ++ exit(EXIT_FAILURE); ++ } ++ else ++ { ++#ifdef DEBUG ++ printf("got what was expected: %d\n", byte); ++#endif ++ } ++ } ++ ++ afCloseFile(file); ++ unlink(testFileName); ++ ++ exit(EXIT_SUCCESS); ++} diff --git a/nixpkgs/pkgs/development/libraries/audiofile/default.nix b/nixpkgs/pkgs/development/libraries/audiofile/default.nix new file mode 100644 index 000000000000..1ed457aa5fe1 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/audiofile/default.nix @@ -0,0 +1,76 @@ +{ stdenv, fetchurl, fetchpatch, alsaLib, AudioUnit, CoreServices }: + +let + + fetchDebianPatch = { name, debname, sha256 }: + fetchpatch { + inherit sha256 name; + url = "https://salsa.debian.org/multimedia-team/audiofile/raw/debian/0.3.6-4/debian/patches/${debname}"; + }; + +in + +stdenv.mkDerivation rec { + name = "audiofile-0.3.6"; + + buildInputs = + stdenv.lib.optionals stdenv.isLinux [ + alsaLib + ] ++ stdenv.lib.optionals stdenv.isDarwin [ + CoreServices AudioUnit + ]; + + src = fetchurl { + url = "https://audiofile.68k.org/${name}.tar.gz"; + sha256 = "0rb927zknk9kmhprd8rdr4azql4gn2dp75a36iazx2xhkbqhvind"; + }; + + patches = [ + ./gcc-6.patch + ./CVE-2015-7747.patch + + (fetchDebianPatch { + name = "CVE-2017-6829.patch"; + debname = "04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch"; + sha256 = "04qxl51i64c53v69q2kx61qdq474f4vapk8rq97cipj7yrar392m"; + }) + (fetchDebianPatch { + name = "CVE-2017-6827+CVE-2017-6828+CVE-2017-6832+CVE-2017-6835+CVE-2017-6837.patch"; + debname = "05_Always-check-the-number-of-coefficients.patch"; + sha256 = "1ih03kfkabffi6ymp6832q470i28rsds78941vzqlshnqjb2nnxw"; + }) + (fetchDebianPatch { + name = "CVE-2017-6839.patch"; + debname = "06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch"; + sha256 = "0a8s2z8rljlj03p7l1is9s4fml8vyzvyvfrh1m6xj5a8vbi635d0"; + }) + (fetchDebianPatch { + name = "CVE-2017-6830+CVE-2017-6834+CVE-2017-6836+CVE-2017-6838.patch"; + debname = "07_Check-for-multiplication-overflow-in-sfconvert.patch"; + sha256 = "0rfba8rkasl5ycvc0kqlzinkl3rvyrrjvjhpc45h423wmjk2za2l"; + }) + (fetchDebianPatch { + name = "audiofile-fix-multiplyCheckOverflow-signature.patch"; + debname = "08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch"; + sha256 = "032p5jqp7q7jgc5axdnazz00zm7hd26z6m5j55ifs0sykr5lwldb"; + }) + (fetchDebianPatch { + name = "CVE-2017-6831.patch"; + debname = "09_Actually-fail-when-error-occurs-in-parseFormat.patch"; + sha256 = "0csikmj8cbiy6cigg0rmh67jrr0sgm56dfrnrxnac3m9635nxlac"; + }) + (fetchDebianPatch { + name = "CVE-2017-6833.patch"; + debname = "10_Check-for-division-by-zero-in-BlockCodec-runPull.patch"; + sha256 = "1rlislkjawq98bbcf1dgl741zd508wwsg85r37ca7pfdf6wgl6z7"; + }) + ]; + + meta = with stdenv.lib; { + description = "Library for reading and writing audio files in various formats"; + homepage = http://www.68k.org/~michael/audiofile/; + license = licenses.lgpl21Plus; + maintainers = with maintainers; [ lovek323 ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/development/libraries/audiofile/gcc-6.patch b/nixpkgs/pkgs/development/libraries/audiofile/gcc-6.patch new file mode 100644 index 000000000000..1a7edd5af9a1 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/audiofile/gcc-6.patch @@ -0,0 +1,30 @@ +http://patchwork.ozlabs.org/patch/630200/ + +From 28cfdbbcb96a69087c3d21faf69b5eae7bcf6d69 Mon Sep 17 00:00:00 2001 +From: Hodorgasm <nsane457@gmail.com> +Date: Wed, 11 May 2016 21:42:07 -0400 +Subject: [PATCH] Cast to unsigned while left bit-shifting + +GCC-6 now treats the left bitwise-shift of a negative integer as nonconformant so explicitly cast to an unsigned int while bit-shifting. + +Downloaded from upstream PR: +https://github.com/mpruett/audiofile/pull/28 + +Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> +--- + libaudiofile/modules/SimpleModule.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libaudiofile/modules/SimpleModule.h b/libaudiofile/modules/SimpleModule.h +index 03c6c69..4014fb2 100644 +--- a/libaudiofile/modules/SimpleModule.h ++++ b/libaudiofile/modules/SimpleModule.h +@@ -123,7 +123,7 @@ struct signConverter + typedef typename IntTypes<Format>::UnsignedType UnsignedType; + + static const int kScaleBits = (Format + 1) * CHAR_BIT - 1; +- static const int kMinSignedValue = -1 << kScaleBits; ++ static const int kMinSignedValue = static_cast<signed>(static_cast<unsigned>(-1) << kScaleBits);; + + struct signedToUnsigned : public std::unary_function<SignedType, UnsignedType> + { |