community/sox: backport fix for CVEs

- CVE-2019-8355 - CVE-2019-8356 - CVE-2019-8357
author: Leo <thinkabit.ukim@gmail.com> 2019-07-16 05:22:34 -0300
committer: Leo <thinkabit.ukim@gmail.com> 2019-07-16 07:03:25 -0300
commit: 95942be17b87677d6a63df31d34f02cf786f29c0 (patch)
tree: 38d66351a5e91ff0d2e2c6962b4a8a4a1fefe8e0
parent: 2c6453a2a13b679695f092e59ee53e7cedafdf90 (diff)
4 files changed, 145 insertions, 2 deletions
diff --git a/community/sox/APKBUILD b/community/sox/APKBUILD
index e50a1d5d755..1c6c41a6f80 100644
--- a/community/sox/APKBUILD
+++ b/community/sox/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=sox
 pkgver=14.4.2
-pkgrel=2
+pkgrel=3
 pkgdesc="The Swiss Army knife of sound processing tools"
 url="http://sox.sourceforge.net/"
 arch="all"
@@ -18,8 +18,17 @@ subpackages="$pkgname-dev $pkgname-doc"
 source="https://downloads.sourceforge.net/sourceforge/$pkgname/$pkgname-$pkgver.tar.gz
 	sox-uclibc.patch
 	sox-dynamic.patch
+	CVE-2019-8357.patch
+	CVE-2019-8356.patch
+	CVE-2019-8355.patch
 	"
 
+# secfixes:
+#   14.4.2-r3:
+#     - CVE-2019-8357
+#     - CVE-2019-8356
+#     - CVE-2019-8355
+
 prepare() {
 	cd "$builddir"
 	default_prepare
@@ -47,4 +56,7 @@ package() {
 }
 sha512sums="b5c6203f4f5577503a034fe5b3d6a033ee97fe4d171c533933e2b036118a43a14f97c9668433229708609ccf9ee16abdeca3fc7501aa0aafe06baacbba537eca  sox-14.4.2.tar.gz
 08c55a0de96733e10544d450f39c2205b4057b9fc024503ec97b1906a075752ee8a4b0a1b4c5bbad2eebec17bcf8d069b22d243a63d28b77c23d545efcca6aec  sox-uclibc.patch
-3950834db26faa0523006c6fd8e0769d080518f127d345c8ec9bf53e9db8a6bd67cd724f0f86492aaf9ce6ede2dfbde167049768f35c14ef3c2b96e7e00302b6  sox-dynamic.patch"
+3950834db26faa0523006c6fd8e0769d080518f127d345c8ec9bf53e9db8a6bd67cd724f0f86492aaf9ce6ede2dfbde167049768f35c14ef3c2b96e7e00302b6  sox-dynamic.patch
+b5daae78fc4eb855049c298da98ff6bb16933fb9b308801c02853fe58fb9086304343007740e2783a64fddc09c3ba576645e10cf4d5fe24f99ae98c4c1d943d7  CVE-2019-8357.patch
+38f0572603181422ffa9d25ee17dea924b9b523803d0a835039c64aab1408d8e7cc36f9d2285d6d9a310901c3449b90ccc34da1273e33842e9f0634a5bb2757f  CVE-2019-8356.patch
+7a5499a5dea5635eb67703f95144e57b68c4c0c50aea04f2ecbfffd4cdd31cc183d97410da4f79cdbb9af4f357792a04fc7496f031cd2e30eb9dacf258050ff3  CVE-2019-8355.patch"
diff --git a/community/sox/CVE-2019-8355.patch b/community/sox/CVE-2019-8355.patch
new file mode 100644
index 00000000000..0936b38d514
--- /dev/null
+++ b/community/sox/CVE-2019-8355.patch
@@ -0,0 +1,45 @@
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 4e50abb..c76c812 100644
+--- a/src/Makefile.am
++++ b/src/Makefile.am
+@@ -95,7 +95,7 @@ libsox_la_LIBADD += @GOMP_LIBS@
+ 
+ libsox_la_CFLAGS = @WARN_CFLAGS@
+ libsox_la_LDFLAGS = @APP_LDFLAGS@ -version-info @SHLIB_VERSION@ \
+-  -export-symbols-regex '^(sox_.*|lsx_(error|flush|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|fail_errno|filelength|find_(enum_(text|value)|file_extension)|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|realloc|rewind|seeki|sigfigs3p?|strcasecmp|tell|unreadb|write(b|_b_buf|buf|s)))$$'
++  -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc.*|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$'
+ 
+ if HAVE_WIN32_LTDL
+   libsox_la_SOURCES += win32-ltdl.c win32-ltdl.h
+diff --git a/src/xmalloc.c b/src/xmalloc.c
+index 9bf1596..5ca7cdd 100644
+--- a/src/xmalloc.c
++++ b/src/xmalloc.c
+@@ -41,3 +41,13 @@ void *lsx_realloc(void *ptr, size_t newsize)
+ 
+   return ptr;
+ }
++
++void *lsx_realloc_array(void *p, size_t n, size_t size)
++{
++  if (n > (size_t)-1 / size) {
++    lsx_fail("malloc size overflow");
++    exit(2);
++  }
++
++  return lsx_realloc(p, n * size);
++}
+diff --git a/src/xmalloc.h b/src/xmalloc.h
+index 9ee77f6..d708a90 100644
+--- a/src/xmalloc.h
++++ b/src/xmalloc.h
+@@ -28,7 +28,7 @@
+ #define lsx_Calloc(v,n)  v = lsx_calloc(n,sizeof(*(v)))
+ #define lsx_strdup(p) ((p)? strcpy((char *)lsx_malloc(strlen(p) + 1), p) : NULL)
+ #define lsx_memdup(p,s) ((p)? memcpy(lsx_malloc(s), p, s) : NULL)
+-#define lsx_valloc(v,n)  v = lsx_malloc((n)*sizeof(*(v)))
+-#define lsx_revalloc(v,n)  v = lsx_realloc(v, (n)*sizeof(*(v)))
++#define lsx_valloc(v,n)  v = lsx_realloc_array(NULL, n, sizeof(*(v)))
++#define lsx_revalloc(v,n)  v = lsx_realloc_array(v, n, sizeof(*(v)))
+ 
+ #endif
diff --git a/community/sox/CVE-2019-8356.patch b/community/sox/CVE-2019-8356.patch
new file mode 100644
index 00000000000..a9ae615bf8b
--- /dev/null
+++ b/community/sox/CVE-2019-8356.patch
@@ -0,0 +1,74 @@
+--- a/src/fft4g.h
++++ b/src/fft4g.h
+@@ -12,6 +12,8 @@
+  * along with this library; if not, write to the Free Software Foundation,
+  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+  */
++
++#define FFT4G_MAX_SIZE 262144
+ 
+ void lsx_cdft(int, int, double *, int *, double *);
+ void lsx_rdft(int, int, double *, int *, double *);
+
+--- a/src/fft4g.c
++++ b/src/fft4g.c
+@@ -322,6 +322,9 @@
+ 
+ void cdft(int n, int isgn, double *a, int *ip, double *w)
+ {
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     if (n > (ip[0] << 2)) {
+         makewt(n >> 2, ip, w);
+     }
+@@ -344,6 +347,9 @@
+     int nw, nc;
+     double xi;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 2)) {
+         nw = n >> 2;
+@@ -384,6 +390,9 @@
+     int j, nw, nc;
+     double xr;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 2)) {
+         nw = n >> 2;
+@@ -435,6 +444,9 @@
+     int j, nw, nc;
+     double xr;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 2)) {
+         nw = n >> 2;
+@@ -486,6 +498,9 @@
+     int j, k, l, m, mh, nw, nc;
+     double xr, xi, yr, yi;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 3)) {
+         nw = n >> 3;
+@@ -576,6 +591,9 @@
+     int j, k, l, m, mh, nw, nc;
+     double xr, xi, yr, yi;
+     
++    if (n > FFT4G_MAX_SIZE)
++        return;
++
+     nw = ip[0];
+     if (n > (nw << 3)) {
+         nw = n >> 3;
diff --git a/community/sox/CVE-2019-8357.patch b/community/sox/CVE-2019-8357.patch
new file mode 100644
index 00000000000..6f0bf72e536
--- /dev/null
+++ b/community/sox/CVE-2019-8357.patch
@@ -0,0 +1,12 @@
+--- a/src/effects_i_dsp.c
++++ b/src/effects_i_dsp.c
+@@ -362,6 +362,9 @@
+   assert(Fc >= 0 && Fc <= 1);
+   lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale);
+ 
++  if (!h)
++    return NULL;
++
+   for (i = 0; i <= m / 2; ++i) {
+     double z = i - .5 * m, x = z * M_PI, y = z * mult1;
+     h[i] = x? sin(Fc * x) / x : Fc;
author	Leo <thinkabit.ukim@gmail.com>	2019-07-16 05:22:34 -0300
committer	Leo <thinkabit.ukim@gmail.com>	2019-07-16 07:03:25 -0300
commit	95942be17b87677d6a63df31d34f02cf786f29c0 (patch)
tree	38d66351a5e91ff0d2e2c6962b4a8a4a1fefe8e0
parent	2c6453a2a13b679695f092e59ee53e7cedafdf90 (diff)