Bug 248268

Summary: audio/libsndfile: Update to master branch and use cmake
Product: Ports & Packages Reporter: Daniel Engberg <diizzy>
Component: Individual Port(s)Assignee: Thomas Zander <riggs>
Status: Closed FIXED    
Severity: Affects Only Me CC: riggs
Priority: --- Keywords: patch, security
Version: LatestFlags: riggs: maintainer-feedback+
riggs: merge-quarterly+
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Patch for libsndfile none

Description Daniel Engberg freebsd_committer freebsd_triage 2020-07-25 18:43:56 UTC 
Created attachment 216769 [details]
Patch for libsndfile

The current version is very dated and needs a lot of patches to fix multiple CVEs which also adds to maintence overhead. Upstream released a pre-release tarball about a year ago [1] however nothing new since. This also adds support for Opus format and bugfixes.

* Pull source code from GitHub
* Switch to Cmake
* Remove clipping option (autodetected)

Tested on FreeBSD 13.0-CURRENT r361421 (amd64)
"make test" OK with and without external libs
Poudriere testport OK 12.1-RELEASE (amd64)

Compile test: musicpd, twolame, wavegain

[1] https://github.com/erikd/libsndfile/issues/470#issuecomment-501893463
Comment 1 commit-hook freebsd_committer freebsd_triage 2020-07-28 12:06:19 UTC 
A commit references this bug:

Author: riggs
Date: Tue Jul 28 12:05:52 UTC 2020
New revision: 543591
URL: https://svnweb.freebsd.org/changeset/ports/543591

Log:
  Update to upstream prerelease snapshot 1.0.29 as of 20200620

  Details:
  * Pull source code from GitHub
  * Switch to cmake
  * Remove clipping option (autodetected)
  * Fix denial-of-service (CVE-2019-3832, since CVE-2018-19758 appears
    to be incomplete.)

  PR:		248268
  Submitted by:	daniel.engberg.lists@pyret.net
  MFH:		2020Q3 (hat: ports-secteam)
  Security:	CVE-2019-3832

Changes:
  head/audio/libsndfile/Makefile
  head/audio/libsndfile/distinfo
  head/audio/libsndfile/files/extrapatch-cmake_SndFileChecks.cmake-disableexternallibs
  head/audio/libsndfile/files/patch-CMakeLists.txt
  head/audio/libsndfile/files/patch-CVE-2017-12562
  head/audio/libsndfile/files/patch-CVE-2017-14634
  head/audio/libsndfile/files/patch-CVE-2017-17456_2017-17457_2018-19661_2018-19662
  head/audio/libsndfile/files/patch-CVE-2017-6892
  head/audio/libsndfile/files/patch-CVE-2017-8361
  head/audio/libsndfile/files/patch-CVE-2017-8362
  head/audio/libsndfile/files/patch-CVE-2017-8363
  head/audio/libsndfile/files/patch-CVE-2018-19758
  head/audio/libsndfile/files/patch-Check-MAX_CHANNELS-in-sndfile-deinterleave
  head/audio/libsndfile/files/patch-cmake_SndFileChecks.cmake
  head/audio/libsndfile/files/patch-rf64_arm
  head/audio/libsndfile/files/patch-typos
  head/audio/libsndfile/pkg-plist
Comment 2 commit-hook freebsd_committer freebsd_triage 2020-07-28 12:08:20 UTC 
A commit references this bug:

Author: riggs
Date: Tue Jul 28 12:07:34 UTC 2020
New revision: 543592
URL: https://svnweb.freebsd.org/changeset/ports/543592

Log:
  MFH: r543591

  Update to upstream prerelease snapshot 1.0.29 as of 20200620

  Details:
  * Pull source code from GitHub
  * Switch to cmake
  * Remove clipping option (autodetected)
  * Fix denial-of-service (CVE-2019-3832, since CVE-2018-19758 appears
    to be incomplete.)

  PR:		248268
  Submitted by:	daniel.engberg.lists@pyret.net
  Security:	CVE-2019-3832

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/audio/libsndfile/Makefile
  branches/2020Q3/audio/libsndfile/distinfo
  branches/2020Q3/audio/libsndfile/files/extrapatch-cmake_SndFileChecks.cmake-disableexternallibs
  branches/2020Q3/audio/libsndfile/files/patch-CMakeLists.txt
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-12562
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-14634
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-17456_2017-17457_2018-19661_2018-19662
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-6892
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8361
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8362
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8363
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2018-19758
  branches/2020Q3/audio/libsndfile/files/patch-Check-MAX_CHANNELS-in-sndfile-deinterleave
  branches/2020Q3/audio/libsndfile/files/patch-cmake_SndFileChecks.cmake
  branches/2020Q3/audio/libsndfile/files/patch-rf64_arm
  branches/2020Q3/audio/libsndfile/files/patch-typos
  branches/2020Q3/audio/libsndfile/pkg-plist
Comment 3 commit-hook freebsd_committer freebsd_triage 2020-07-28 12:20:22 UTC 
A commit references this bug:

Author: riggs
Date: Tue Jul 28 12:19:48 UTC 2020
New revision: 543593
URL: https://svnweb.freebsd.org/changeset/ports/543593

Log:
  Document out-of-bounds-read in libsndfile (CVE-2019-3832).

  PR:		248268

Changes:
  head/security/vuxml/vuln.xml