diff options
Diffstat (limited to 'repo/libao')
| -rw-r--r-- | repo/libao/CVE-2017-11548.patch | 177 | ||||
| -rw-r--r-- | repo/libao/libao.xibuild | 35 |
2 files changed, 212 insertions, 0 deletions
diff --git a/repo/libao/CVE-2017-11548.patch b/repo/libao/CVE-2017-11548.patch new file mode 100644 index 0000000..6f2aa7a --- /dev/null +++ b/repo/libao/CVE-2017-11548.patch @@ -0,0 +1,177 @@ +diff --git a/src/audio_out.c b/src/audio_out.c +index bd8f6fc..f5942d6 100644 +--- a/src/audio_out.c ++++ b/src/audio_out.c +@@ -634,6 +634,10 @@ static char *_sanitize_matrix(int maxchannels, char *matrix, ao_device *device){ + char *ret = calloc(strlen(matrix)+1,1); /* can only get smaller */ + char *p=matrix; + int count=0; ++ ++ if(!ret) ++ return NULL; ++ + while(count<maxchannels){ + char *h,*t; + int m=0; +@@ -706,6 +710,15 @@ static int _find_channel(int needle, char *haystack){ + return -1; + } + ++static void _free_map(char **m){ ++ char **in=m; ++ while(m && *m){ ++ free(*m); ++ m++; ++ } ++ if(in)free(in); ++} ++ + static char **_tokenize_matrix(char *matrix){ + char **ret=NULL; + char *p=matrix; +@@ -730,6 +743,8 @@ static char **_tokenize_matrix(char *matrix){ + } + + ret = calloc(count+1,sizeof(*ret)); ++ if(!ret) ++ return NULL; + + p=matrix; + count=0; +@@ -748,6 +763,10 @@ static char **_tokenize_matrix(char *matrix){ + while(t>p && isspace(*(t-1)))t--; + + ret[count] = calloc(t-p+1,1); ++ if(!ret[count]){ ++ _free_map(ret); ++ return NULL; ++ } + memcpy(ret[count],p,t-p); + count++; + if(!*h)break; +@@ -755,16 +774,6 @@ static char **_tokenize_matrix(char *matrix){ + } + + return ret; +- +-} +- +-static void _free_map(char **m){ +- char **in=m; +- while(m && *m){ +- free(*m); +- m++; +- } +- if(in)free(in); + } + + static unsigned int _matrix_to_channelmask(int ch, char *matrix, char *premap, int **mout){ +@@ -772,7 +781,14 @@ static unsigned int _matrix_to_channelmask(int ch, char *matrix, char *premap, i + char *p=matrix; + int *perm=(*mout=malloc(ch*sizeof(*mout))); + int i; +- char **map = _tokenize_matrix(premap); ++ char **map; ++ ++ if(!perm) ++ return 0; ++ ++ map = _tokenize_matrix(premap); ++ if(!map) ++ return 0; + + for(i=0;i<ch;i++) perm[i] = -1; + i=0; +@@ -810,6 +826,9 @@ static char *_channelmask_to_matrix(unsigned int mask, char *premap){ + char buffer[257]={0}; + char **map = _tokenize_matrix(premap); + ++ if(!map) ++ return NULL; ++ + while(map[m]){ + if(mask & (1<<m)){ + if(count) +@@ -849,6 +868,9 @@ static char *_matrix_intersect(char *matrix,char *premap){ + int count=0; + char **map = _tokenize_matrix(premap); + ++ if(!map) ++ return NULL; ++ + while(1){ + char *h=p; + int m=0; +@@ -1039,7 +1061,7 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + device->output_matrix, + &device->input_map); + int channels = _channelmask_bits(mask); +- if(channels<0){ ++ if(channels<=0){ + aerror("Unable to map any channels from input matrix to output"); + errno = AO_EBADFORMAT; + goto error; +@@ -1060,7 +1082,7 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + device->output_matrix, + &device->input_map); + int channels = _channelmask_bits(mask); +- if(channels<0){ ++ if(channels<=0){ + aerror("Unable to map any channels from input matrix to output"); + errno = AO_EBADFORMAT; + goto error; +@@ -1111,6 +1133,10 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + int count=0; + device->inter_permute = calloc(device->output_channels,sizeof(int)); + ++ if (!device->inter_permute) { ++ errno = AO_EFAIL; ++ goto error; ++ } + adebug("\n"); + + while(count<device->output_channels){ +@@ -1157,8 +1183,10 @@ static ao_device* _open_device(int driver_id, ao_sample_format *format, + for(i=0;i<device->output_channels;i++) + if(device->inter_permute[i]==j)break; + if(i==device->output_channels){ +- adebug("input %d (%s)\t -> none\n", +- j,inch[j]); ++ if(inch){ ++ adebug("input %d (%s)\t -> none\n", ++ j,inch[j]); ++ } + unflag=1; + } + } +diff --git a/src/plugins/macosx/ao_macosx.c b/src/plugins/macosx/ao_macosx.c +index a3daf1b..129020d 100644 +--- a/src/plugins/macosx/ao_macosx.c ++++ b/src/plugins/macosx/ao_macosx.c +@@ -594,11 +594,11 @@ int ao_plugin_open(ao_device *device, ao_sample_format *format) + internal->firstValidByteOffset = 0; + internal->validByteCount = 0; + internal->buffer = malloc(internal->bufferByteCount); +- memset(internal->buffer, 0, internal->bufferByteCount); + if (!internal->buffer) { + aerror("Unable to allocate queue buffer.\n"); + return 0; + } ++ memset(internal->buffer, 0, internal->bufferByteCount); + + /* limited to stereo for now */ + //if(!device->output_matrix) +diff --git a/src/plugins/sndio/ao_sndio.c b/src/plugins/sndio/ao_sndio.c +index ec251fb..e23fd47 100644 +--- a/src/plugins/sndio/ao_sndio.c ++++ b/src/plugins/sndio/ao_sndio.c +@@ -67,6 +67,9 @@ int ao_plugin_device_init(ao_device *device) + { + ao_sndio_internal *internal; + internal = (ao_sndio_internal *) calloc(1,sizeof(*internal)); ++ if (internal == NULL) ++ return 0; ++ + internal->id=-1; + device->internal = internal; + device->output_matrix_order = AO_OUTPUT_MATRIX_FIXED; diff --git a/repo/libao/libao.xibuild b/repo/libao/libao.xibuild new file mode 100644 index 0000000..220dbc8 --- /dev/null +++ b/repo/libao/libao.xibuild @@ -0,0 +1,35 @@ +#!/bin/sh + +NAME="libao" +DESC="Cross-platform audio output library and plugins" + +MAKEDEPS=" alsa-lib automake autoconf libtool pulseaudio" + +PKG_VER=1.2.2 +SOURCE="https://github.com/xiph/libao/archive/$PKG_VER.tar.gz" + +ADDITIONAL=" +CVE-2017-11548.patch +" + +prepare() { + apply_patches + autoreconf -fi +} + +build() { + ./configure \ + --prefix=/usr \ + --disable-esd \ + --disable-arts \ + --enable-alsa-mmap \ + --enable-pulse + make +} + +package() { + make DESTDIR="$PKG_DEST" install + + # No need for the liboss plugin + rm -f "$PKG_DEST"/usr/lib/ao/plugins-4/liboss.so +} |