diff --git a/meta-multimedia/recipes-multimedia/sox/sox/0001-Update-exported-symbol-list.patch b/meta-multimedia/recipes-multimedia/sox/sox/0001-Update-exported-symbol-list.patch deleted file mode 100644 index 44c6b19be04..00000000000 --- a/meta-multimedia/recipes-multimedia/sox/sox/0001-Update-exported-symbol-list.patch +++ /dev/null @@ -1,34 +0,0 @@ -From b1809d82031aa7c5bcaad58bcb4b59e082e0446e Mon Sep 17 00:00:00 2001 -From: Mans Rullgard -Date: Sun, 5 Nov 2017 15:40:16 +0000 -Subject: [PATCH] Update exported symbol list - -commit 5c58413544 ("Don't export (most) internal libsox symbols") -breaks dynamic flac builds as flac.c references lsx.error, so add it -to the list of exceptions. - -| .libs/flac.o: In function `decoder_read_callback': -| /usr/src/debug/sox/14.4.2-r0/sox-14.4.2/src/flac.c:63: undefined reference to `lsx_error' - -Upstream-Status: Backport [https://bogomips.org/sox.git ("pu" branch)] - ---- - src/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/Makefile.am b/src/Makefile.am -index 7cceaafd..a3a04ed1 100644 ---- a/src/Makefile.am -+++ b/src/Makefile.am -@@ -95,7 +95,7 @@ libsox_la_LIBADD += @GOMP_LIBS@ - - libsox_la_CFLAGS = @WARN_CFLAGS@ - libsox_la_LDFLAGS = @APP_LDFLAGS@ -version-info @SHLIB_VERSION@ \ -- -export-symbols-regex '^(sox_.*|lsx_(check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|fail_errno|filelength|find_(enum_(text|value)|file_extension)|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|realloc|rewind|seeki|sigfigs3p?|strcasecmp|tell|unreadb|write(b|_b_buf|buf|s)))$$' -+ -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|id3_read_tag|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$' - - if HAVE_WIN32_LTDL - libsox_la_SOURCES += win32-ltdl.c win32-ltdl.h --- -2.16.2 - diff --git a/meta-multimedia/recipes-multimedia/sox/sox/0001-remove-the-error-line-and-live-without-file-type-det.patch b/meta-multimedia/recipes-multimedia/sox/sox/0001-remove-the-error-line-and-live-without-file-type-det.patch index 3085bd495c4..15c429e515a 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox/0001-remove-the-error-line-and-live-without-file-type-det.patch +++ b/meta-multimedia/recipes-multimedia/sox/sox/0001-remove-the-error-line-and-live-without-file-type-det.patch @@ -15,7 +15,7 @@ diff --git a/src/formats.c b/src/formats.c index 724a4cda..f683a922 100644 --- a/src/formats.c +++ b/src/formats.c -@@ -422,7 +422,6 @@ static void UNUSED rewind_pipe(FILE * fp) +@@ -477,7 +477,6 @@ static void UNUSED rewind_pipe(FILE * fp) /* To fix this #error, either simply remove the #error line and live without * file-type detection with pipes, or add support for your compiler in the * lines above. Test with cat monkey.wav | ./sox --info - */ diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-23159_CVE-2021-2317.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-23159_CVE-2021-2317.patch new file mode 100644 index 00000000000..df27cbcd655 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-23159_CVE-2021-2317.patch @@ -0,0 +1,32 @@ +From 8eb3afb37f80d7231a998e3074e6fc5f7bdfe4d5 Mon Sep 17 00:00:00 2001 +From: Helmut Grohne +Date: Sun, 16 Mar 2025 20:28:15 +0100 +Subject: [PATCH] hcom: validate dictsize + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-23159.patch + +CVE: CVE-2021-23159 +CVE: CVE-2021-23172 +CVE: CVE-2023-34432 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/hcom.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/hcom.c b/src/hcom.c +index 594c8706..9e8b03c6 100644 +--- a/src/hcom.c ++++ b/src/hcom.c +@@ -141,6 +141,11 @@ static int startread(sox_format_t * ft) + return (SOX_EOF); + } + lsx_readw(ft, &dictsize); ++ if (dictsize == 0 || dictsize > 511) ++ { ++ lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header"); ++ return SOX_EOF; ++ } + + /* Translate to sox parameters */ + ft->encoding.encoding = SOX_ENCODING_HCOM; diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-33844.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-33844.patch new file mode 100644 index 00000000000..02c3edb35d3 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-33844.patch @@ -0,0 +1,40 @@ +From f2597e433afeee8ab00cf6368ec8519df34aa031 Mon Sep 17 00:00:00 2001 +From: Helmut Grohne +Date: Sun, 16 Mar 2025 23:19:43 +0100 +Subject: [PATCH] wav: reject 0 bits per sample to avoid division by zero + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-33844.patch + +CVE: CVE-2021-33844 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/testall.sh | 1 + + src/wav.c | 5 +++++ + 2 files changed, 6 insertions(+) + +diff --git a/src/testall.sh b/src/testall.sh +index e7398377..e1454c21 100755 +--- a/src/testall.sh ++++ b/src/testall.sh +@@ -67,3 +67,4 @@ t voc + t vox -r 8130 + t wav + t wve ++t wav -e gsm-full-rate +diff --git a/src/wav.c b/src/wav.c +index 3f6beb45..16f0bff8 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -963,6 +963,11 @@ static int startread(sox_format_t *ft) + #endif + } + ++ if (ft->encoding.bits_per_sample == 0) ++ { ++ lsx_fail_errno(ft, SOX_EHDR, "WAV file bits per sample is zero"); ++ return SOX_EOF; ++ } + if (!wav->numSamples) + wav->numSamples = div_bits(qwDataLength, ft->encoding.bits_per_sample) + / ft->signal.channels; diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-3643_CVE-2021-23210.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-3643_CVE-2021-23210.patch new file mode 100644 index 00000000000..f58d2fd7748 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-3643_CVE-2021-23210.patch @@ -0,0 +1,30 @@ +From 5b9a7c0fc7054b4f16a5058eef721470e9adcfcc Mon Sep 17 00:00:00 2001 +From: Helmut Grohne +Date: Sun, 16 Mar 2025 21:16:40 +0100 +Subject: [PATCH] voc: word width should never be 0 to avoid division by zero + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-3643.patch + +CVE: CVE-2021-3643 +CVE: CVE-2021-23210 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/voc.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/voc.c b/src/voc.c +index a75639e9..0ca07f94 100644 +--- a/src/voc.c ++++ b/src/voc.c +@@ -625,6 +625,10 @@ static int getblock(sox_format_t * ft) + v->rate = new_rate_32; + ft->signal.rate = new_rate_32; + lsx_readb(ft, &uc); ++ if (uc <= 1) { ++ lsx_fail_errno(ft, SOX_EFMT, "2 bits per word required"); ++ return (SOX_EOF); ++ } + v->size = uc; + lsx_readb(ft, &uc); + if (v->channels != -1 && uc != v->channels) { diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-40426.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-40426.patch new file mode 100644 index 00000000000..9e505a03a7b --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-40426.patch @@ -0,0 +1,38 @@ +From 25f686e0da423326a74fe16c603b6b6b75857fa4 Mon Sep 17 00:00:00 2001 +From: Helmut Grohne +Date: Sun, 16 Mar 2025 20:07:19 +0100 +Subject: [PATCH] sphere: avoid integer underflow + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-40426.patch + +CVE: CVE-2021-40426 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/sphere.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/sphere.c b/src/sphere.c +index a3fd1c64..9544d160 100644 +--- a/src/sphere.c ++++ b/src/sphere.c +@@ -63,7 +63,8 @@ static int start_read(sox_format_t * ft) + return (SOX_EOF); + } + +- header_size -= (strlen(buf) + 1); ++ bytes_read = strlen(buf); ++ header_size -= bytes_read >= header_size ? header_size : bytes_read + 1; + + while (strncmp(buf, "end_head", (size_t)8) != 0) { + if (strncmp(buf, "sample_n_bytes", (size_t)14) == 0) +@@ -105,7 +106,8 @@ static int start_read(sox_format_t * ft) + return (SOX_EOF); + } + +- header_size -= (strlen(buf) + 1); ++ bytes_read = strlen(buf); ++ header_size -= bytes_read >= header_size ? header_size : bytes_read + 1; + } + + if (!bytes_per_sample) diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2022-31650.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2022-31650.patch new file mode 100644 index 00000000000..41baad0e277 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2022-31650.patch @@ -0,0 +1,60 @@ +From 3a8e783c58499bb52052c671b9161c43e011a508 Mon Sep 17 00:00:00 2001 +From: Helmut Grohne +Date: Sun, 16 Mar 2025 20:08:04 +0100 +Subject: [PATCH] formats+aiff: reject implausibly large number of channels + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2022-31650.patch + +CVE: CVE-2022-31650 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/aiff.c | 5 +++++ + src/formats_i.c | 10 ++++++++-- + 2 files changed, 13 insertions(+), 2 deletions(-) + +diff --git a/src/aiff.c b/src/aiff.c +index 3a152c58..6de94f32 100644 +--- a/src/aiff.c ++++ b/src/aiff.c +@@ -619,6 +619,11 @@ int lsx_aiffstartwrite(sox_format_t * ft) + At 48 kHz, 16 bits stereo, this gives ~3 hours of audio. + Sorry, the AIFF format does not provide for an indefinite + number of samples. */ ++ if (ft->signal.channels >= (0x7f000000 / (ft->encoding.bits_per_sample >> 3))) ++ { ++ lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF header"); ++ return SOX_EOF; ++ } + return(aiffwriteheader(ft, (uint64_t) 0x7f000000 / ((ft->encoding.bits_per_sample>>3)*ft->signal.channels))); + } + +diff --git a/src/formats_i.c b/src/formats_i.c +index 7048040d..6a7c27e3 100644 +--- a/src/formats_i.c ++++ b/src/formats_i.c +@@ -19,6 +19,7 @@ + */ + + #include "sox_i.h" ++#include + #include + #include + #include +@@ -60,9 +61,14 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels, + if (ft->seekable) + ft->data_start = lsx_tell(ft); + +- if (channels && ft->signal.channels && ft->signal.channels != channels) ++ if (channels && ft->signal.channels && ft->signal.channels != channels) { + lsx_warn("`%s': overriding number of channels", ft->filename); +- else ft->signal.channels = channels; ++ } else if (channels > SHRT_MAX) { ++ lsx_fail_errno(ft, EINVAL, "implausibly large number of channels"); ++ return SOX_EOF; ++ } else { ++ ft->signal.channels = channels; ++ } + + if (rate && ft->signal.rate && ft->signal.rate != rate) + lsx_warn("`%s': overriding sample rate", ft->filename); diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2022-31651.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2022-31651.patch new file mode 100644 index 00000000000..853a69d2101 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2022-31651.patch @@ -0,0 +1,36 @@ +From db9641ce748bdfb465fdfa9b7794de2f8da0a249 Mon Sep 17 00:00:00 2001 +From: Helmut Grohne +Date: Sun, 16 Mar 2025 20:08:13 +0100 +Subject: [PATCH] formats: reject implausible rate + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2022-31651.patch + +CVE: CVE-2022-31651 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/formats_i.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/formats_i.c b/src/formats_i.c +index 6a7c27e3..5f5ef979 100644 +--- a/src/formats_i.c ++++ b/src/formats_i.c +@@ -70,9 +70,15 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels, + ft->signal.channels = channels; + } + +- if (rate && ft->signal.rate && ft->signal.rate != rate) ++ if (rate && ft->signal.rate && ft->signal.rate != rate) { + lsx_warn("`%s': overriding sample rate", ft->filename); +- else ft->signal.rate = rate; ++ /* Since NaN comparisons yield false, the negation rejects them. */ ++ } else if (!(rate > 0)) { ++ lsx_fail_errno(ft, EINVAL, "invalid rate value"); ++ return SOX_EOF; ++ } else { ++ ft->signal.rate = rate; ++ } + + if (encoding && ft->encoding.encoding && ft->encoding.encoding != encoding) + lsx_warn("`%s': overriding encoding type", ft->filename); diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch new file mode 100644 index 00000000000..b4e9994eabd --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2023-32627.patch @@ -0,0 +1,30 @@ +From b0b7e7fa7a48485c4d6b0ae64bfddedd519716f5 Mon Sep 17 00:00:00 2001 +From: =?utf-8?q?Bastien_Roucari=C3=A8s?= +Date: Sun, 16 Mar 2025 23:25:15 +0100 +Subject: [PATCH] CVE-2023-32627 Filter null sampling rate in VOC coder + +Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/0028-CVE-2023-32627-Filter-null-sampling-rate-in-VOC-code.patch + +CVE: CVE-2023-32627 +Upstream-Status: Inactive-Upstream [lastrelease: 2015] +Signed-off-by: Peter Marko +--- + src/voc.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/voc.c b/src/voc.c +index 0ca07f94..d8b982c5 100644 +--- a/src/voc.c ++++ b/src/voc.c +@@ -353,6 +353,11 @@ static size_t read_samples(sox_format_t * ft, sox_sample_t * buf, + v->block_remaining = 0; + return done; + } ++ if(uc == 0) { ++ lsx_fail_errno(ft, EINVAL, "invalid rate value"); ++ v->block_remaining = 0; ++ return done; ++ } + *buf = SOX_UNSIGNED_8BIT_TO_SAMPLE(uc,); + lsx_adpcm_init(&v->adpcm, 6 - v->size, SOX_SAMPLE_TO_SIGNED_16BIT(*buf, ft->clips)); + ++buf; diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 011cbc2a9df..7856407c676 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -4,35 +4,54 @@ and can apply different effects and filters to the audio data." HOMEPAGE = "http://sox.sourceforge.net" SECTION = "audio" -DEPENDS = "libpng libsndfile1 libtool" +DEPENDS = "autoconf-archive-native libpng libsndfile1 libtool" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio', d)} \ magic \ " -PACKAGECONFIG[pulseaudio] = "--with-pulseaudio=dyn,--with-pulseaudio=no,pulseaudio," -PACKAGECONFIG[alsa] = "--with-alsa=dyn,--with-alsa=no,alsa-lib," -PACKAGECONFIG[wavpack] = "--with-wavpack=dyn,--with-wavpack=no,wavpack," -PACKAGECONFIG[flac] = "--with-flac=dyn,--with-flac=no,flac," -PACKAGECONFIG[amrwb] = "--with-amrwb=dyn,--with-amrwb=no,opencore-amr," -PACKAGECONFIG[amrnb] = "--with-amrnb=dyn,--with-amrnb=no,opencore-amr," -PACKAGECONFIG[oggvorbis] = "--with-oggvorbis=dyn,--with-oggvorbis=no,libvorbis" -PACKAGECONFIG[opus] = "--with-opus=dyn,--with-opus=no,opusfile" +PACKAGECONFIG[pulseaudio] = "--enable-pulseaudio=dyn,--disable-pulseaudio,pulseaudio," +PACKAGECONFIG[alsa] = "--enable-alsa=dyn,--disable-alsa,alsa-lib," +PACKAGECONFIG[wavpack] = "--enable-wavpack=dyn,--disable-wavpack,wavpack," +PACKAGECONFIG[flac] = "--enable-flac=dyn,--disable-flac,flac," +PACKAGECONFIG[amrwb] = "--enable-amrwb=dyn,--disable-amrwb,opencore-amr," +PACKAGECONFIG[amrnb] = "--enable-amrnb=dyn,--disable-amrnb,opencore-amr," +PACKAGECONFIG[oggvorbis] = "--enable-oggvorbis=dyn,--disable-oggvorbis,libvorbis" +PACKAGECONFIG[opus] = "--enable-opus=dyn,--disable-opus,opusfile" PACKAGECONFIG[magic] = "--with-magic,--without-magic,file," PACKAGECONFIG[mad] = "--with-mad,--without-mad,libmad," PACKAGECONFIG[id3tag] = "--with-id3tag,--without-id3tag,libid3tag," PACKAGECONFIG[lame] = "--with-lame,--without-lame,lame," -PACKAGECONFIG[ao] = "--with-ao,--without-ao,libao," +PACKAGECONFIG[ao] = "--enable-ao,--disable-ao,libao," LICENSE = "GPL-2.0-only & LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE.GPL;md5=751419260aa954499f7abaabaa882bbe \ file://LICENSE.LGPL;md5=fbc093901857fcd118f065f900982c24" -SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ +SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \ file://0001-remove-the-error-line-and-live-without-file-type-det.patch \ - file://0001-Update-exported-symbol-list.patch \ + file://CVE-2021-3643_CVE-2021-23210.patch \ + file://CVE-2021-23159_CVE-2021-2317.patch \ + file://CVE-2021-33844.patch \ + file://CVE-2021-40426.patch \ + file://CVE-2022-31650.patch \ + file://CVE-2022-31651.patch \ + file://CVE-2023-32627.patch \ " -SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" -SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c" + +# last release was in 2015, use latest hash from 2024-05-30 +PV .= "+git" +SRCREV = "f3094754a7c2a7e55c35621d20fa9945736e72df" +S = "${WORKDIR}/git" + +CVE_PRODUCT:append = " libsox_project:libsox sound_exchange_project:sound_exchange" + +CVE_STATUS_GROUPS += "CVE_STATUS_HASH_UPDATE" +CVE_STATUS_HASH_UPDATE = " \ + CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 \ + CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 CVE-2019-13590 CVE-2019-8354 \ + CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 CVE-2019-1010004 \ +" +CVE_STATUS_HASH_UPDATE[status] = "fixed-version: patched in current git hash" inherit autotools pkgconfig