From a8e149434eb1500026256747b4ed21b8bab95926 Mon Sep 17 00:00:00 2001 From: Hartmut Goebel Date: Sat, 7 Dec 2019 13:22:04 +0100 Subject: gnu: Add audiofile. Patches should fix all CVEs reported by `guix lint`: CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095 Since the patches do not reference to CVEs, it's a bit hard to tell which patch actually closes which CVE. Debian reports all these to be closed by the patches below and NixPkgs provides references. * gnu/packages/audio.scm (audiofile): New variable. * gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch, gnu/packages/patches/audiofile-fix-sign-conversion.patch, gnu/packages/patches/audiofile-CVE-2015-7747.patch, gnu/packages/patches/audiofile-CVE-2018-13440.patch, gnu/packages/patches/audiofile-CVE-2018-17095.patch, gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch, gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch, gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch, gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch, gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch, gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch, gnu/packages/patches/audiofile-hurd.patch, gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch: New files. * gnu/local.mk: Add them. --- .../patches/audiofile-fix-datatypes-in-tests.patch | 54 ++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch (limited to 'gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch') diff --git a/gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch b/gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch new file mode 100644 index 0000000000..00e0f3c4a3 --- /dev/null +++ b/gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch @@ -0,0 +1,54 @@ +Based on (hunks for changelog and Identy.cpp removed) +From ecbc07f0ed336187cc9a67c3363f89681b8b8f52 Mon Sep 17 00:00:00 2001 +From: Michael Pruett +Date: Tue, 5 Jul 2016 23:26:16 -0500 +Subject: [PATCH] Fix type of test data arrays. + + + + +--- + ChangeLog | 6 ++++++ + test/Identify.cpp | 3 ++- + test/NeXT.cpp | 7 ++++--- + 3 files changed, 12 insertions(+), 4 deletions(-) + +diff --git a/test/NeXT.cpp b/test/NeXT.cpp +index 7e39850..29af877 100644 +--- a/test/NeXT.cpp ++++ b/test/NeXT.cpp +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -37,7 +38,7 @@ + + #include "TestUtilities.h" + +-const char kDataUnspecifiedLength[] = ++const uint8_t kDataUnspecifiedLength[] = + { + '.', 's', 'n', 'd', + 0, 0, 0, 24, // offset of 24 bytes +@@ -57,7 +58,7 @@ const char kDataUnspecifiedLength[] = + 0, 55 + }; + +-const char kDataTruncated[] = ++const uint8_t kDataTruncated[] = + { + '.', 's', 'n', 'd', + 0, 0, 0, 24, // offset of 24 bytes +@@ -152,7 +153,7 @@ TEST(NeXT, Truncated) + ASSERT_EQ(::unlink(testFileName.c_str()), 0); + } + +-const char kDataZeroChannels[] = ++const uint8_t kDataZeroChannels[] = + { + '.', 's', 'n', 'd', + 0, 0, 0, 24, // offset of 24 bytes -- cgit v1.2.3