Friday, October 30, 2020

UPDATE: libsndfile 1.0.30 - CVE

Here is an update to libsndfile 1.0.30.

CVE-2017-12562, CVE-2017-17456, CVE-2017-17457, CVE-2018-19661, CVE-2018-19662,
CVE-2018-19758 and CVE-2019-3832.


Index: Makefile
===================================================================
RCS file: /cvs/ports/audio/libsndfile/Makefile,v
retrieving revision 1.33
diff -u -p -u -p -r1.33 Makefile
--- Makefile 12 Jul 2019 20:43:35 -0000 1.33
+++ Makefile 31 Oct 2020 05:07:55 -0000
@@ -2,31 +2,33 @@

COMMENT= library to handle various audio file formats

-DISTNAME= libsndfile-1.0.28
+DISTNAME= libsndfile-1.0.30
CATEGORIES= audio
+GH_ACCOUNT= libsndfile
+GH_PROJECT= libsndfile
+GH_TAGNAME= v1.0.30
+
HOMEPAGE= http://www.mega-nerd.com/libsndfile/
+
MAINTAINER= Jan Stary <hans@stare.cz>
-SHARED_LIBS += sndfile 6.0 # .1.28
+
+SHARED_LIBS += sndfile 7.0 # .1.28

# LGPLv2.1
PERMIT_PACKAGE= Yes

-MASTER_SITES= ${HOMEPAGE}files/
+WANTLIB= c m sndio FLAC ogg opus vorbis vorbisenc

-WANTLIB= c m sndio FLAC ogg vorbis vorbisenc
+MODULES= devel/cmake

-CONFIGURE_STYLE=gnu
-CONFIGURE_ARGS= --disable-alsa \
- --disable-octave \
- --disable-sqlite
-
-CONFIGURE_ENV= CPPFLAGS="-I${PREFIX}/include"
-MODGNU_CONFIG_GUESS_DIRS=${WRKSRC}/Cfg
+CONFIGURE_ARGS= -DBUILD_SHARED_LIBS:BOOL=ON \
+ -DCMAKE_DISABLE_FIND_PACKAGE_ALSA:BOOL=True \
+ -DCMAKE_DISABLE_FIND_PACKAGE_Speex:BOOL=True \
+ -DCMAKE_DISABLE_FIND_PACKAGE_SQLite3:BOOL=True

LIB_DEPENDS= audio/flac \
audio/libogg \
- audio/libvorbis
-
-FAKE_FLAGS= htmldocdir=${PREFIX}/share/doc/libsndfile
+ audio/libvorbis \
+ audio/opus

.include <bsd.port.mk>
Index: distinfo
===================================================================
RCS file: /cvs/ports/audio/libsndfile/distinfo,v
retrieving revision 1.17
diff -u -p -u -p -r1.17 distinfo
--- distinfo 23 Apr 2018 08:48:54 -0000 1.17
+++ distinfo 31 Oct 2020 05:07:55 -0000
@@ -1,2 +1,2 @@
-SHA256 (libsndfile-1.0.28.tar.gz) = H/M5KfBC+jM67R6JI6pijD7p4euFUSaGxVCS0eWp36k=
-SIZE (libsndfile-1.0.28.tar.gz) = 1202833
+SHA256 (libsndfile-1.0.30.tar.gz) = WUK5Y9HbPtirH/uFcIMiqpY333bZ/oTh3+Sal6kOj0c=
+SIZE (libsndfile-1.0.30.tar.gz) = 650659
Index: patches/patch-CMakeLists_txt
===================================================================
RCS file: patches/patch-CMakeLists_txt
diff -N patches/patch-CMakeLists_txt
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-CMakeLists_txt 31 Oct 2020 05:07:55 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+
+Index: CMakeLists.txt
+--- CMakeLists.txt.orig
++++ CMakeLists.txt
+@@ -56,6 +56,7 @@ if (MSVC AND (CMAKE_VERSION VERSION_LESS 3.15))
+ endif ()
+ option (ENABLE_PACKAGE_CONFIG "Generate and install package config file" ON)
+ option (INSTALL_PKGCONFIG_MODULE "Generate and install pkg-config module" ON)
++option (INSTALL_MANPAGES "Install man pages for programs" ON)
+
+ list (APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
+
+@@ -74,7 +75,6 @@ if (NOT ENABLE_CPU_CLIP)
+ set (CPU_CLIPS_NEGATIVE FALSE)
+ endif ()
+ cmake_dependent_option (ENABLE_COMPATIBLE_LIBSNDFILE_NAME "Set DLL name to libsndfile-1.dll (canonical name), sndfile.dll otherwise" OFF "WIN32;BUILD_SHARED_LIBS" OFF)
+-cmake_dependent_option (INSTALL_MANPAGES "Install man pages for programs" ON "BUILD_PROGRAMS AND (UNIX OR MINGW OR CYGWIN)" OFF)
+
+ set (HAVE_EXTERNAL_XIPH_LIBS ${ENABLE_EXTERNAL_LIBS})
+ set (HAVE_SQLITE3 ${BUILD_REGTEST})
Index: patches/patch-configure
===================================================================
RCS file: patches/patch-configure
diff -N patches/patch-configure
--- patches/patch-configure 23 Apr 2018 08:48:54 -0000 1.3
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,16 +0,0 @@
-$OpenBSD: patch-configure,v 1.3 2018/04/23 08:48:54 jca Exp $
-
-Some compilers don't have -Wvla
-
-Index: configure
---- configure.orig
-+++ configure
-@@ -20828,7 +20828,7 @@ rm -f core conftest.err conftest.$ac_objext \
- common_flags="-Wcast-align -Wcast-qual -Wshadow -Wwrite-strings -Wundef -Wuninitialized -Winit-self"
-
- # -Winline -Wconversion "
-- CFLAGS="$CFLAGS $common_flags -Wbad-function-cast -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Waggregate-return -Wvla"
-+ CFLAGS="$CFLAGS $common_flags -Wbad-function-cast -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Waggregate-return"
- CXXFLAGS="$CXXFLAGS $common_flags -Wctor-dtor-privacy -Wnon-virtual-dtor -Woverloaded-virtual -Wreorder -Wsign-promo"
-
- if test "x$enable_gcc_opt" = "xno" ; then
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/audio/libsndfile/pkg/PLIST,v
retrieving revision 1.13
diff -u -p -u -p -r1.13 PLIST
--- pkg/PLIST 23 Apr 2018 08:48:54 -0000 1.13
+++ pkg/PLIST 31 Oct 2020 05:07:55 -0000
@@ -12,8 +12,12 @@
@bin bin/sndfile-salvage
include/sndfile.h
include/sndfile.hh
-lib/libsndfile.a
-lib/libsndfile.la
+lib/cmake/
+lib/cmake/SndFile/
+lib/cmake/SndFile/SndFileConfig.cmake
+lib/cmake/SndFile/SndFileConfigVersion.cmake
+lib/cmake/SndFile/SndFileTargets${MODCMAKE_BUILD_SUFFIX}
+lib/cmake/SndFile/SndFileTargets.cmake
@lib lib/libsndfile.so.${LIBsndfile_VERSION}
lib/pkgconfig/sndfile.pc
@man man/man1/sndfile-cmp.1
@@ -32,12 +36,14 @@ share/doc/libsndfile/api.html
share/doc/libsndfile/bugs.html
share/doc/libsndfile/command.html
share/doc/libsndfile/embedded_files.html
+share/doc/libsndfile/formats.html
share/doc/libsndfile/index.html
share/doc/libsndfile/libsndfile.css
share/doc/libsndfile/libsndfile.jpg
share/doc/libsndfile/lists.html
share/doc/libsndfile/new_file_type.HOWTO
share/doc/libsndfile/octave.html
+share/doc/libsndfile/print.css
share/doc/libsndfile/sndfile_info.html
share/doc/libsndfile/tutorial.html
share/doc/libsndfile/win32.html

No comments:

Post a Comment