From 879740d141131be88d6edaeb224e3629444664b6 Mon Sep 17 00:00:00 2001 From: Max Rees Date: Thu, 29 Aug 2019 12:31:58 -0500 Subject: user/faad2: [CVE] bump to 2.9.0 --- user/faad2/APKBUILD | 47 +++++++++++++++++++++++++++++++++++++---------- user/faad2/automake.patch | 11 ----------- user/faad2/overflow.patch | 25 ------------------------- 3 files changed, 37 insertions(+), 46 deletions(-) delete mode 100644 user/faad2/automake.patch delete mode 100644 user/faad2/overflow.patch diff --git a/user/faad2/APKBUILD b/user/faad2/APKBUILD index 3794942b9..6b1fc47b1 100644 --- a/user/faad2/APKBUILD +++ b/user/faad2/APKBUILD @@ -1,7 +1,8 @@ # Maintainer: pkgname=faad2 -pkgver=2.8.8 -pkgrel=1 +pkgver=2.9.0 +_pkgver="$(printf '%s' "$pkgver" | tr . _)" +pkgrel=0 pkgdesc="ISO AAC audio decoder" url="https://www.audiocoding.com/" arch="all" @@ -10,23 +11,49 @@ license="GPL-2.0+" subpackages="$pkgname-dev $pkgname-doc" depends="" makedepends="autoconf automake libtool" -source="https://downloads.sourceforge.net/sourceforge/faac/$pkgname-$pkgver.tar.gz - overflow.patch - " +source="$pkgname-$pkgver.tar.gz::https://github.com/knik0/faad2/archive/$_pkgver.tar.gz" +builddir="$srcdir/$pkgname-$_pkgver" + +# secfixes: +# 2.8.8-r1: +# - CVE-2018-19502 +# - CVE-2019-15296 +# 2.8.8-r2: +# - CVE-2019-6956 +# - CVE-2018-20196 +# - CVE-2018-20199 +# - CVE-2018-20360 +# 2.9.0-r0: +# - CVE-2018-19503 +# - CVE-2018-19504 +# - CVE-2018-20194 +# - CVE-2018-20195 +# - CVE-2018-20197 +# - CVE-2018-20198 +# - CVE-2018-20357 +# - CVE-2018-20358 +# - CVE-2018-20359 +# - CVE-2018-20361 +# - CVE-2018-20362 + +prepare() { + default_prepare + ./bootstrap +} build() { - cd "$builddir" ./configure \ --build=$CBUILD \ --host=$CHOST \ - --prefix=/usr + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --localstatedir=/var make } package() { - cd "$builddir" make DESTDIR="$pkgdir" install } -sha512sums="3275d292b2a9fe984842962f4d81202894bddd17033f7cd6df95466554cc968dfcbf2890ae8b1df37da0cd25d645cca0a687f07e39b9fc37dd004fd5956a82af faad2-2.8.8.tar.gz -f9266ca424d1e4f5b46c2f6b4b1568caee86849d2b6edc3b6c1fb7cf08fd736c0a8fe2c096c3bc64674e4fa40619c24d45d6d6125f11360517feb09a5c996a34 overflow.patch" +sha512sums="1756b2672f9e438a56b11160ddc77fc721d85860eaa325a3ff01b51a2524baf4c1c61068a97cbc4e99d47e7643f10e1d6afb997eede3295b44551fe4661fb5dc faad2-2.9.0.tar.gz" diff --git a/user/faad2/automake.patch b/user/faad2/automake.patch deleted file mode 100644 index 809031eb0..000000000 --- a/user/faad2/automake.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- ./configure.in.orig 2012-12-31 10:42:26.394219312 +0000 -+++ ./configure.in 2012-12-31 10:42:43.294360781 +0000 -@@ -25,7 +25,7 @@ - AC_PROG_MAKE_SET - AC_CHECK_PROGS(RPMBUILD, rpmbuild, rpm) - --AM_CONFIG_HEADER(config.h) -+AC_CONFIG_HEADER(config.h) - - AC_ARG_WITH(xmms,[ --with-xmms compile XMMS-1 plugin], - WITHXMMS=$withval, WITHXMMS=no) diff --git a/user/faad2/overflow.patch b/user/faad2/overflow.patch deleted file mode 100644 index 5a198f8d8..000000000 --- a/user/faad2/overflow.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- faad2/libfaad/bits.c 2007-11-01 13:33:29.000000000 +0100 -+++ faad2.new/libfaad/bits.c 2019-03-25 17:29:26.134199188 +0100 -@@ -167,7 +167,10 @@ - int words = bits >> 5; - int remainder = bits & 0x1F; - -- ld->bytes_left = ld->buffer_size - words*4; -+ if (ld->buffer_size < words * 4) -+ ld->bytes_left = 0; -+ else -+ ld->bytes_left = ld->buffer_size - words*4; - - if (ld->bytes_left >= 4) - { ---- faad2/libfaad/syntax.c 2019-03-25 17:57:36.930937066 +0100 -+++ faad2.new/libfaad/syntax.c 2019-03-25 17:49:26.135368525 +0100 -@@ -2292,6 +2292,8 @@ - while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld - DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1) - { -+ if (i >= MAX_CHANNELS - num_excl_chan - 7) -+ return n; - for (i = num_excl_chan; i < num_excl_chan+7; i++) - { - drc->exclude_mask[i] = faad_get1bit(ld -- cgit v1.2.3-70-g09d2