initial import

2025-06-22 20:39:04 -05:00
commit f8a70886f0
3428 changed files with 302546 additions and 0 deletions
--- a/libmp3splt/PKGBUILD
+++ b/libmp3splt/PKGBUILD
@@ -0,0 +1,34 @@
+# Maintainer: Jesus E. <heckyel@riseup.net>
+
+pkgname=libmp3splt
+pkgver=0.9.2
+pkgrel=1
+pkgdesc="Library for splitting mp3 and ogg files without decoding"
+arch=('i686' 'x86_64')
+url='http://mp3splt.sourceforge.net'
+license=('GPL-2')
+depends=('flac' 'libmad' 'libvorbis' 'libid3tag' 'pcre' 'libtool')
+makedepends=('libtool')
+source=("https://downloads.sourceforge.net/sourceforge/mp3splt/$pkgname-$pkgver.tar.gz"
+        "properly-zero-initialise-the-ogg-and-vorbis-state.patch")
+sha512sums=('e5c98e8b173bc86302ccee4ca5eb0c8a8d93f225357eb7b14dea8d0700ed62ed6316506c182f6b295130f7924ff0b38e865d5e49fa9cd7882c648360d68872ed'
+            'ec9904f86fb631520b4c06c03dcd7fde2b17a0ebdf7e77f36c47bddcaa49961f639c91976470bcd571001d133b724403eb4ffe550c14b49ae883940d914567e9')
+
+prepare() {
+  cd $pkgname-$pkgver
+  patch -Np1 -i ${srcdir}/properly-zero-initialise-the-ogg-and-vorbis-state.patch
+  libtoolize --copy --force
+  ./autogen.sh
+}
+
+build() {
+   cd $pkgname-$pkgver
+  ./configure --prefix=/usr
+  make
+}
+
+package() {
+  cd $pkgname-$pkgver
+  make DESTDIR="$pkgdir/" install
+  install -Dm644 COPYING -t "${pkgdir}/usr/share/licenses/$pkgname"
+}
--- a/libmp3splt/properly-zero-initialise-the-ogg-and-vorbis-state.patch
+++ b/libmp3splt/properly-zero-initialise-the-ogg-and-vorbis-state.patch
@@ -0,0 +1,65 @@
+From 18f018cd774cb931116ce06a520dc0c5f9443932 Mon Sep 17 00:00:00 2001
+From: Ron <ron@debian.org>
+Date: Wed, 27 Sep 2017 03:36:51 +0930
+Subject: [PATCH] Properly zero initialise the ogg and vorbis state structs
+
+This prevents things from exploding in flames if an error occurs and the
+code tries to unwind before the codec and container initialiser functions
+can all be called.  It fixes the second issue indicated in CVE-2017-11333,
+which isn't the fault of libvorbis, it's caused by us passing junk data
+to vorbis_block_clear() when an invalid file is detected and we bail out
+before vorbis_block_init() gets called.
+
+Ideally, we should simplify all of this and get rid of most of the malloc
+farm there by embedding the needed structs in splt_ogg_state (instead of
+pointers to them), then just do a single malloc and memset for the whole
+lot - but that would be a much more intrusive change, so for now just
+ensure the allocated memory is all safely zeroed in the simplest manner.
+---
+ libmp3splt/plugins/ogg.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/libmp3splt/plugins/ogg.c b/libmp3splt/plugins/ogg.c
+index 50cc495..57745f1 100644
+--- a/plugins/ogg.c
+++ b/plugins/ogg.c
+@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error)
+     goto error;
+   }
+   memset(oggstate, 0, sizeof(splt_ogg_state));
+
+   if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL)
+   {
+     goto error;
+   }
+  memset(oggstate->sync_in, 0, sizeof(ogg_sync_state));
+
+   if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL)
+   {
+     goto error;
+   }
+  memset(oggstate->stream_in, 0, sizeof(ogg_stream_state));
+
+   if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL)
+   {
+     goto error;
+   }
+  memset(oggstate->vd, 0, sizeof(vorbis_dsp_state));
+
+   if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL)
+   {
+     goto error;
+   }
+  memset(oggstate->vi, 0, sizeof(vorbis_info));
+
+   if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL)
+   {
+     goto error;
+   }
+  memset(oggstate->vb, 0, sizeof(vorbis_block));
+ 
+   if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL)
+   {
+-- 
+2.29.2
+