diff options
| author | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2019-12-07 13:22:04 +0100 |
|---|---|---|
| committer | Hartmut Goebel <h.goebel@crazy-compilers.com> | 2019-12-26 16:44:53 +0100 |
| commit | a8e149434eb1500026256747b4ed21b8bab95926 (patch) | |
| tree | 77e15612daaf970841bd5a4ec54233f3f384b528 /gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch | |
| parent | 9d25a4548cc16da83d4a28badd5db5104dd2264e (diff) | |
| download | guix-patches-a8e149434eb1500026256747b4ed21b8bab95926.tar guix-patches-a8e149434eb1500026256747b4ed21b8bab95926.tar.gz | |
gnu: Add audiofile.
Patches should fix all CVEs reported by `guix lint`:
CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829,
CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,
CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837,
CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095
Since the patches do not reference to CVEs, it's a bit hard to tell which
patch actually closes which CVE. Debian reports all these to be closed by
the patches below and NixPkgs provides references.
* gnu/packages/audio.scm (audiofile): New variable.
* gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch,
gnu/packages/patches/audiofile-fix-sign-conversion.patch,
gnu/packages/patches/audiofile-CVE-2015-7747.patch,
gnu/packages/patches/audiofile-CVE-2018-13440.patch,
gnu/packages/patches/audiofile-CVE-2018-17095.patch,
gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch,
gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch,
gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch,
gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch,
gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch,
gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch,
gnu/packages/patches/audiofile-hurd.patch,
gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch:
New files.
* gnu/local.mk: Add them.
Diffstat (limited to 'gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch')
| -rw-r--r-- | gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch b/gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch new file mode 100644 index 0000000000..00e0f3c4a3 --- /dev/null +++ b/gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch @@ -0,0 +1,54 @@ +Based on (hunks for changelog and Identy.cpp removed) +From ecbc07f0ed336187cc9a67c3363f89681b8b8f52 Mon Sep 17 00:00:00 2001 +From: Michael Pruett <michael@68k.org> +Date: Tue, 5 Jul 2016 23:26:16 -0500 +Subject: [PATCH] Fix type of test data arrays. + + + + +--- + ChangeLog | 6 ++++++ + test/Identify.cpp | 3 ++- + test/NeXT.cpp | 7 ++++--- + 3 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/test/NeXT.cpp b/test/NeXT.cpp +index 7e39850..29af877 100644 +--- a/test/NeXT.cpp ++++ b/test/NeXT.cpp +@@ -30,6 +30,7 @@ + #include <audiofile.h> + #include <fcntl.h> + #include <gtest/gtest.h> ++#include <stdint.h> + #include <sys/stat.h> + #include <sys/types.h> + #include <unistd.h> +@@ -37,7 +38,7 @@ + + #include "TestUtilities.h" + +-const char kDataUnspecifiedLength[] = ++const uint8_t kDataUnspecifiedLength[] = + { + '.', 's', 'n', 'd', + 0, 0, 0, 24, // offset of 24 bytes +@@ -57,7 +58,7 @@ const char kDataUnspecifiedLength[] = + 0, 55 + }; + +-const char kDataTruncated[] = ++const uint8_t kDataTruncated[] = + { + '.', 's', 'n', 'd', + 0, 0, 0, 24, // offset of 24 bytes +@@ -152,7 +153,7 @@ TEST(NeXT, Truncated) + ASSERT_EQ(::unlink(testFileName.c_str()), 0); + } + +-const char kDataZeroChannels[] = ++const uint8_t kDataZeroChannels[] = + { + '.', 's', 'n', 'd', + 0, 0, 0, 24, // offset of 24 bytes |