Bug 248268 - audio/libsndfile: Update to master branch and use cmake
Summary: audio/libsndfile: Update to master branch and use cmake
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Thomas Zander
URL:
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2020-07-25 18:43 UTC by daniel.engberg.lists
Modified: 2020-07-28 12:21 UTC (History)
1 user (show)

See Also:
riggs: maintainer-feedback+
riggs: merge-quarterly+


Attachments
Patch for libsndfile (32.97 KB, patch)
2020-07-25 18:43 UTC, daniel.engberg.lists
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description daniel.engberg.lists 2020-07-25 18:43:56 UTC
Created attachment 216769 [details]
Patch for libsndfile

The current version is very dated and needs a lot of patches to fix multiple CVEs which also adds to maintence overhead. Upstream released a pre-release tarball about a year ago [1] however nothing new since. This also adds support for Opus format and bugfixes.

* Pull source code from GitHub
* Switch to Cmake
* Remove clipping option (autodetected)

Tested on FreeBSD 13.0-CURRENT r361421 (amd64)
"make test" OK with and without external libs
Poudriere testport OK 12.1-RELEASE (amd64)

Compile test: musicpd, twolame, wavegain

[1] https://github.com/erikd/libsndfile/issues/470#issuecomment-501893463
Comment 1 commit-hook freebsd_committer 2020-07-28 12:06:19 UTC
A commit references this bug:

Author: riggs
Date: Tue Jul 28 12:05:52 UTC 2020
New revision: 543591
URL: https://svnweb.freebsd.org/changeset/ports/543591

Log:
  Update to upstream prerelease snapshot 1.0.29 as of 20200620

  Details:
  * Pull source code from GitHub
  * Switch to cmake
  * Remove clipping option (autodetected)
  * Fix denial-of-service (CVE-2019-3832, since CVE-2018-19758 appears
    to be incomplete.)

  PR:		248268
  Submitted by:	daniel.engberg.lists@pyret.net
  MFH:		2020Q3 (hat: ports-secteam)
  Security:	CVE-2019-3832

Changes:
  head/audio/libsndfile/Makefile
  head/audio/libsndfile/distinfo
  head/audio/libsndfile/files/extrapatch-cmake_SndFileChecks.cmake-disableexternallibs
  head/audio/libsndfile/files/patch-CMakeLists.txt
  head/audio/libsndfile/files/patch-CVE-2017-12562
  head/audio/libsndfile/files/patch-CVE-2017-14634
  head/audio/libsndfile/files/patch-CVE-2017-17456_2017-17457_2018-19661_2018-19662
  head/audio/libsndfile/files/patch-CVE-2017-6892
  head/audio/libsndfile/files/patch-CVE-2017-8361
  head/audio/libsndfile/files/patch-CVE-2017-8362
  head/audio/libsndfile/files/patch-CVE-2017-8363
  head/audio/libsndfile/files/patch-CVE-2018-19758
  head/audio/libsndfile/files/patch-Check-MAX_CHANNELS-in-sndfile-deinterleave
  head/audio/libsndfile/files/patch-cmake_SndFileChecks.cmake
  head/audio/libsndfile/files/patch-rf64_arm
  head/audio/libsndfile/files/patch-typos
  head/audio/libsndfile/pkg-plist
Comment 2 commit-hook freebsd_committer 2020-07-28 12:08:20 UTC
A commit references this bug:

Author: riggs
Date: Tue Jul 28 12:07:34 UTC 2020
New revision: 543592
URL: https://svnweb.freebsd.org/changeset/ports/543592

Log:
  MFH: r543591

  Update to upstream prerelease snapshot 1.0.29 as of 20200620

  Details:
  * Pull source code from GitHub
  * Switch to cmake
  * Remove clipping option (autodetected)
  * Fix denial-of-service (CVE-2019-3832, since CVE-2018-19758 appears
    to be incomplete.)

  PR:		248268
  Submitted by:	daniel.engberg.lists@pyret.net
  Security:	CVE-2019-3832

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/audio/libsndfile/Makefile
  branches/2020Q3/audio/libsndfile/distinfo
  branches/2020Q3/audio/libsndfile/files/extrapatch-cmake_SndFileChecks.cmake-disableexternallibs
  branches/2020Q3/audio/libsndfile/files/patch-CMakeLists.txt
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-12562
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-14634
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-17456_2017-17457_2018-19661_2018-19662
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-6892
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8361
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8362
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2017-8363
  branches/2020Q3/audio/libsndfile/files/patch-CVE-2018-19758
  branches/2020Q3/audio/libsndfile/files/patch-Check-MAX_CHANNELS-in-sndfile-deinterleave
  branches/2020Q3/audio/libsndfile/files/patch-cmake_SndFileChecks.cmake
  branches/2020Q3/audio/libsndfile/files/patch-rf64_arm
  branches/2020Q3/audio/libsndfile/files/patch-typos
  branches/2020Q3/audio/libsndfile/pkg-plist
Comment 3 commit-hook freebsd_committer 2020-07-28 12:20:22 UTC
A commit references this bug:

Author: riggs
Date: Tue Jul 28 12:19:48 UTC 2020
New revision: 543593
URL: https://svnweb.freebsd.org/changeset/ports/543593

Log:
  Document out-of-bounds-read in libsndfile (CVE-2019-3832).

  PR:		248268

Changes:
  head/security/vuxml/vuln.xml