Merge pull request #9822 from taku0/sox-14.4.2

sox: 14.4.1 -> 14.4.2
2015-09-18 15:14:34 +02:00 · 2015-09-18 15:14:34 +02:00 · e716f7d5e8
commit e716f7d5e8
parent c65d8ef38d cec63e87a2
3 changed files with 2 additions and 65 deletions
--- a/pkgs/applications/misc/audio/sox/0001-Check-for-minimum-size-sphere-headers.patch
+++ b/pkgs/applications/misc/audio/sox/0001-Check-for-minimum-size-sphere-headers.patch
@ -1,28 +0,0 @@
-From 55e33019afcb3256cccedf606548b86816f6da59 Mon Sep 17 00:00:00 2001
-From: Chris Bagwell <chris@cnpbagwell.com>
-Date: Sat, 13 Dec 2014 12:48:37 -0600
-Subject: [PATCH 1/2] Check for minimum size sphere headers
-
---
- src/sphere.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/src/sphere.c b/src/sphere.c
-index 479a552..a3fd1c6 100644
--- a/src/sphere.c
-+++ b/src/sphere.c
-@@ -47,6 +47,11 @@ static int start_read(sox_format_t * ft)
- 
-   /* Determine header size, and allocate a buffer large enough to hold it. */
-   sscanf(fldsval, "%lu", &header_size_ul);
-+  if (header_size_ul < 16) {
-+    lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header");
-+    return (SOX_EOF);
-+  }
-+
-   buf = lsx_malloc(header_size = header_size_ul);
- 
-   /* Skip what we have read so far */
-- 
-2.1.0
-
--- a/pkgs/applications/misc/audio/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
+++ b/pkgs/applications/misc/audio/sox/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
@ -1,28 +0,0 @@
-From ebb64cddde59ecc9cedf3741ce2337c72148cc0c Mon Sep 17 00:00:00 2001
-From: Chris Bagwell <chris@cnpbagwell.com>
-Date: Sat, 13 Dec 2014 12:49:55 -0600
-Subject: [PATCH 2/2] More checks for invalid MS ADPCM blocks.
-
-If block doesn't exacty match blockAlign then do not allow
-number of samples in invalid size block to ever be more than
-what WAV header defined as samplesPerBlock.
---
- src/wav.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/wav.c b/src/wav.c
-index 61d5908..5202556 100644
--- a/src/wav.c
-+++ b/src/wav.c
-@@ -168,7 +168,7 @@ static unsigned short  AdpcmReadBlock(sox_format_t * ft)
-         /* work with partial blocks.  Specs say it should be null */
-         /* padded but I guess this is better than trailing quiet. */
-         samplesThisBlock = lsx_ms_adpcm_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t)0);
-        if (samplesThisBlock == 0)
-+        if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock)
-         {
-             lsx_warn("Premature EOF on .wav input file");
-             return 0;
-- 
-2.1.0
-
--- a/pkgs/applications/misc/audio/sox/default.nix
+++ b/pkgs/applications/misc/audio/sox/default.nix
@ -11,20 +11,13 @@
 with stdenv.lib;

 stdenv.mkDerivation rec {
-  name = "sox-14.4.1";
+  name = "sox-14.4.2";

  src = fetchurl {
    url = "mirror://sourceforge/sox/${name}.tar.gz";
-    sha256 = "16x8gykfjdhxg0kdxwzcwgwpm5caa08y2mx18siqsq0ywmpjr34s";
+    sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";
  };

-  patches = [
-    # Patches for CVE-2014-8145, found via RedHat bug 1174792.  It was not
-    # clear whether these address a NULL deref and a division by zero.
-    ./0001-Check-for-minimum-size-sphere-headers.patch
-    ./0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
-  ];
-
  buildInputs =
    optional (enableAlsa && stdenv.isLinux) alsaLib ++
    optional enableLibao libao ++