commit e716f7d5e802e2c2ec95117890b4b7532ade8554 · pyrox.dev/nixpkgs

-28

pkgs/applications/misc/audio/sox/0001-Check-for-minimum-size-sphere-headers.patch

···

       1
       -
       From 55e33019afcb3256cccedf606548b86816f6da59 Mon Sep 17 00:00:00 2001

     

       2
       -
       From: Chris Bagwell <chris@cnpbagwell.com>

     

       3
       -
       Date: Sat, 13 Dec 2014 12:48:37 -0600

     

       4
       -
       Subject: [PATCH 1/2] Check for minimum size sphere headers

     

       5
       -
       

     

       6
       -
       ---

     

       7
       -
        src/sphere.c | 5 +++++

     

       8
       -
        1 file changed, 5 insertions(+)

     

       9
       -
       

     

       10
       -
       diff --git a/src/sphere.c b/src/sphere.c

     

       11
       -
       index 479a552..a3fd1c6 100644

     

       12
       -
       --- a/src/sphere.c

     

       13
       -
       +++ b/src/sphere.c

     

       14
       -
       @@ -47,6 +47,11 @@ static int start_read(sox_format_t * ft)

     

       15
       -
        

     

       16
       -
          /* Determine header size, and allocate a buffer large enough to hold it. */

     

       17
       -
          sscanf(fldsval, "%lu", &header_size_ul);

     

       18
       -
       +  if (header_size_ul < 16) {

     

       19
       -
       +    lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header");

     

       20
       -
       +    return (SOX_EOF);

     

       21
       -
       +  }

     

       22
       -
       +

     

       23
       -
          buf = lsx_malloc(header_size = header_size_ul);

     

       24
       -
        

     

       25
       -
          /* Skip what we have read so far */

     

       26
       -
       -- 

     

       27
       -
       2.1.0

     

       28
       -

-28

pkgs/applications/misc/audio/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch

···

       1
       -
       From ebb64cddde59ecc9cedf3741ce2337c72148cc0c Mon Sep 17 00:00:00 2001

     

       2
       -
       From: Chris Bagwell <chris@cnpbagwell.com>

     

       3
       -
       Date: Sat, 13 Dec 2014 12:49:55 -0600

     

       4
       -
       Subject: [PATCH 2/2] More checks for invalid MS ADPCM blocks.

     

       5
       -
       

     

       6
       -
       If block doesn't exacty match blockAlign then do not allow

     

       7
       -
       number of samples in invalid size block to ever be more than

     

       8
       -
       what WAV header defined as samplesPerBlock.

     

       9
       -
       ---

     

       10
       -
        src/wav.c | 2 +-

     

       11
       -
        1 file changed, 1 insertion(+), 1 deletion(-)

     

       12
       -
       

     

       13
       -
       diff --git a/src/wav.c b/src/wav.c

     

       14
       -
       index 61d5908..5202556 100644

     

       15
       -
       --- a/src/wav.c

     

       16
       -
       +++ b/src/wav.c

     

       17
       -
       @@ -168,7 +168,7 @@ static unsigned short  AdpcmReadBlock(sox_format_t * ft)

     

       18
       -
                /* work with partial blocks.  Specs say it should be null */

     

       19
       -
                /* padded but I guess this is better than trailing quiet. */

     

       20
       -
                samplesThisBlock = lsx_ms_adpcm_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t)0);

     

       21
       -
       -        if (samplesThisBlock == 0)

     

       22
       -
       +        if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock)

     

       23
       -
                {

     

       24
       -
                    lsx_warn("Premature EOF on .wav input file");

     

       25
       -
                    return 0;

     

       26
       -
       -- 

     

       27
       -
       2.1.0

     

       28
       -

+2 -9

pkgs/applications/misc/audio/sox/default.nix

···

       11
        
       with stdenv.lib;

     

       12
        
       

     

       13
        
       stdenv.mkDerivation rec {

     

       14
       -
         name = "sox-14.4.1";

     

       15
        
       

     

       16
        
         src = fetchurl {

     

       17
        
           url = "mirror://sourceforge/sox/${name}.tar.gz";

     

       18
       -
           sha256 = "16x8gykfjdhxg0kdxwzcwgwpm5caa08y2mx18siqsq0ywmpjr34s";

     

       19
        
         };

     

       20
       -
       

     

       21
       -
         patches = [

     

       22
       -
           # Patches for CVE-2014-8145, found via RedHat bug 1174792.  It was not

     

       23
       -
           # clear whether these address a NULL deref and a division by zero.

     

       24
       -
           ./0001-Check-for-minimum-size-sphere-headers.patch

     

       25
       -
           ./0002-More-checks-for-invalid-MS-ADPCM-blocks.patch

     

       26
       -
         ];

     

       27
        
       

     

       28
        
         buildInputs =

     

       29
        
           optional (enableAlsa && stdenv.isLinux) alsaLib ++

···

       11
        
       with stdenv.lib;

     

       12
        
       

     

       13
        
       stdenv.mkDerivation rec {

     

       14
       +
         name = "sox-14.4.2";

     

       15
        
       

     

       16
        
         src = fetchurl {

     

       17
        
           url = "mirror://sourceforge/sox/${name}.tar.gz";

     

       18
       +
           sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";

     

       19
        
         };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       20
        
       

     

       21
        
         buildInputs =

     

       22
        
           optional (enableAlsa && stdenv.isLinux) alsaLib ++