# Buildsheet autogenerated by ravenadm tool -- Do not edit. NAMEBASE= opusfile VERSION= 0.12 REVISION= 2 KEYWORDS= audio VARIANTS= std SDESC[std]= Opus playback library HOMEPAGE= https://www.opus-codec.org/ CONTACT= nobody DOWNLOAD_GROUPS= main SITES[main]= MOZILLA/opus https://downloads.xiph.org/releases/opus/ DISTFILE[1]= opusfile-0.12.tar.gz:main DF_INDEX= 1 SPKGS[std]= set primary dev docs OPTIONS_AVAILABLE= none OPTIONS_STANDARD= none BUILD_DEPENDS= opus:dev:std libogg:dev:std BUILDRUN_DEPENDS= libogg:primary:std opus:primary:std EXRUN[dev]= opus:dev:std libogg:dev:std USES= autoreconf cpe gmake libtool pkgconfig ssl LICENSE= BSD3CLAUSE:primary LICENSE_FILE= BSD3CLAUSE:{{WRKSRC}}/COPYING LICENSE_SCHEME= solo CPE_VENDOR= xiph FPC_EQUIVALENT= audio/opusfile MUST_CONFIGURE= gnu INSTALL_TARGET= install-strip INSTALL_REQ_TOOLCHAIN= yes SOVERSION= 0.4.5 CVE_FIXED= CVE-2022-47021 pre-patch-freebsd: ${GREP} -l '@openssl@' ${WRKSRC}/opusurl.pc.in | \ ${XARGS} ${REINPLACE_CMD} -e 's| @openssl@||' post-patch-freebsd: ${GREP} -l 'AC_SEARCH_LIBS(ftime' ${WRKSRC}/configure.ac | \ ${XARGS} ${REINPLACE_CMD} -e '/ftime/d' ${GREP} -L 'src/ftime.c' ${WRKSRC}/Makefile.am | \ ${XARGS} ${REINPLACE_CMD} -e '/dist_doc_DATA/s/COPYING//' \ -e '/libopusurl_la_SOURCES/s|= \(src/http\.c\)|= src/ftime.c \1|' ${CP} ${FILESDIR}/ftime.c ${WRKSRC}/src/ [FILE:164:descriptions/desc.primary] The opusfile library provides seeking, decode, and playback of Opus streams in the Ogg container (.opus files) including over http(s) on posix and windows systems. [FILE:99:distinfo] 118d8601c12dd6a44f52423e68ca9083cc9f2bfe72da7a8c1acb22a80ae3550b 471354 opusfile-0.12.tar.gz [FILE:119:manifests/plist.primary] lib/ libopusfile.so.%%SOMAJOR%% libopusfile.so.%%SOVERSION%% libopusurl.so.%%SOMAJOR%% libopusurl.so.%%SOVERSION%% [FILE:129:manifests/plist.dev] include/opus/opusfile.h lib/ libopusfile.a libopusfile.so libopusurl.a libopusurl.so lib/pkgconfig/ opusfile.pc opusurl.pc [FILE:1507:patches/patch-fix-CVE-2022-47021] From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001 From: Ralph Giles Date: Tue, 6 Sep 2022 19:04:31 -0700 Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer. Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns a null pointer. This allows more graceful recovery by the caller in the unlikely event of a fallible ogg_malloc call. We do check the return value elsewhere in the code, so the new checks make the code more consistent. Thanks to https://github.com/xiph/opusfile/issues/36 for reporting. Signed-off-by: Timothy B. Terriberry Signed-off-by: Mark Harris --- src/opusfile.c | 2 ++ 1 file changed, 2 insertions(+) --- src/opusfile.c +++ src/opusfile.c @@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){ int nbytes; OP_ASSERT(_nbytes>0); buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes); + if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes); OP_ASSERT(nbytes<=_nbytes); if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes); @@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of, if(_initial_bytes>0){ char *buffer; buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes); + if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); ogg_sync_wrote(&_of->oy,(long)_initial_bytes); } [FILE:2152:files/ftime.c] /* * Copyright (c) 1994 Christopher G. Demetriou * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Christopher G. Demetriou. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef lint static char rcsid[] = "$FreeBSD: head/audio/opusfile/files/ftime.c 341456 2014-01-27 21:21:51Z makc $"; #endif /* not lint */ #include #include #include int ftime(struct timeb *tbp) { struct timezone tz; struct timeval t; if (gettimeofday(&t, &tz) < 0) return (-1); tbp->millitm = t.tv_usec / 1000; tbp->time = t.tv_sec; tbp->timezone = tz.tz_minuteswest; tbp->dstflag = tz.tz_dsttime; return (0); } [FILE:554:freebsd/patch-configure.ac] --- configure.ac.orig 2018-09-18 19:22:26 UTC +++ configure.ac @@ -96,10 +96,12 @@ variable ACLOCAL="aclocal -I/path/to/pkg AS_IF([test "$enable_http" != "no"], [ openssl="openssl" AC_DEFINE([OP_ENABLE_HTTP], [1], [Enable HTTP support]) - PKG_CHECK_MODULES([URL_DEPS], [openssl]) ]) AM_CONDITIONAL(OP_ENABLE_HTTP, [test "$enable_http" != "no"]) AC_SUBST([openssl]) +AC_CHECK_LIB(ssl, SSL_read, + [AC_CHECK_HEADERS(openssl/ssl.h, LIBS="$LIBS -lssl -lcrypto",,)],, + -lcrypto -lssl) PKG_CHECK_MODULES([DEPS], [ogg >= 1.3 opus >= 1.0.1])