Created attachment 216769 [details] Patch for libsndfile The current version is very dated and needs a lot of patches to fix multiple CVEs which also adds to maintence overhead. Upstream released a pre-release tarball about a year ago [1] however nothing new since. This also adds support for Opus format and bugfixes. * Pull source code from GitHub * Switch to Cmake * Remove clipping option (autodetected) Tested on FreeBSD 13.0-CURRENT r361421 (amd64) "make test" OK with and without external libs Poudriere testport OK 12.1-RELEASE (amd64) Compile test: musicpd, twolame, wavegain [1] https://github.com/erikd/libsndfile/issues/470#issuecomment-501893463
A commit references this bug: Author: riggs Date: Tue Jul 28 12:05:52 UTC 2020 New revision: 543591 URL: https://svnweb.freebsd.org/changeset/ports/543591 Log: Update to upstream prerelease snapshot 1.0.29 as of 20200620 Details: * Pull source code from GitHub * Switch to cmake * Remove clipping option (autodetected) * Fix denial-of-service (CVE-2019-3832, since CVE-2018-19758 appears to be incomplete.) PR: 248268 Submitted by: daniel.engberg.lists@pyret.net MFH: 2020Q3 (hat: ports-secteam) Security: CVE-2019-3832 Changes: head/audio/libsndfile/Makefile head/audio/libsndfile/distinfo head/audio/libsndfile/files/extrapatch-cmake_SndFileChecks.cmake-disableexternallibs head/audio/libsndfile/files/patch-CMakeLists.txt head/audio/libsndfile/files/patch-CVE-2017-12562 head/audio/libsndfile/files/patch-CVE-2017-14634 head/audio/libsndfile/files/patch-CVE-2017-17456_2017-17457_2018-19661_2018-19662 head/audio/libsndfile/files/patch-CVE-2017-6892 head/audio/libsndfile/files/patch-CVE-2017-8361 head/audio/libsndfile/files/patch-CVE-2017-8362 head/audio/libsndfile/files/patch-CVE-2017-8363 head/audio/libsndfile/files/patch-CVE-2018-19758 head/audio/libsndfile/files/patch-Check-MAX_CHANNELS-in-sndfile-deinterleave head/audio/libsndfile/files/patch-cmake_SndFileChecks.cmake head/audio/libsndfile/files/patch-rf64_arm head/audio/libsndfile/files/patch-typos head/audio/libsndfile/pkg-plist
A commit references this bug: Author: riggs Date: Tue Jul 28 12:07:34 UTC 2020 New revision: 543592 URL: https://svnweb.freebsd.org/changeset/ports/543592 Log: MFH: r543591 Update to upstream prerelease snapshot 1.0.29 as of 20200620 Details: * Pull source code from GitHub * Switch to cmake * Remove clipping option (autodetected) * Fix denial-of-service (CVE-2019-3832, since CVE-2018-19758 appears to be incomplete.) PR: 248268 Submitted by: daniel.engberg.lists@pyret.net Security: CVE-2019-3832 Approved by: ports-secteam (riggs) Changes: _U branches/2020Q3/ branches/2020Q3/audio/libsndfile/Makefile branches/2020Q3/audio/libsndfile/distinfo branches/2020Q3/audio/libsndfile/files/extrapatch-cmake_SndFileChecks.cmake-disableexternallibs branches/2020Q3/audio/libsndfile/files/patch-CMakeLists.txt branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-12562 branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-14634 branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-17456_2017-17457_2018-19661_2018-19662 branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-6892 branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8361 branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8362 branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8363 branches/2020Q3/audio/libsndfile/files/patch-CVE-2018-19758 branches/2020Q3/audio/libsndfile/files/patch-Check-MAX_CHANNELS-in-sndfile-deinterleave branches/2020Q3/audio/libsndfile/files/patch-cmake_SndFileChecks.cmake branches/2020Q3/audio/libsndfile/files/patch-rf64_arm branches/2020Q3/audio/libsndfile/files/patch-typos branches/2020Q3/audio/libsndfile/pkg-plist
A commit references this bug: Author: riggs Date: Tue Jul 28 12:19:48 UTC 2020 New revision: 543593 URL: https://svnweb.freebsd.org/changeset/ports/543593 Log: Document out-of-bounds-read in libsndfile (CVE-2019-3832). PR: 248268 Changes: head/security/vuxml/vuln.xml