From e0f6e2da18feafadda5f22501df0fe37a6b91b34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98rjan=20Malde?= <red@foxi.me>
Date: Fri, 26 Mar 2021 15:20:15 +0100
Subject: groups/251.native_packages_lib.group: adds libmp3splt v0.9.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de>
---
 patches/libmp3splt/CVE-2017-15185.patch |  41 ++++
 patches/libmp3splt/include-stdlib.patch | 333 ++++++++++++++++++++++++++++++++
 2 files changed, 374 insertions(+)
 create mode 100644 patches/libmp3splt/CVE-2017-15185.patch
 create mode 100644 patches/libmp3splt/include-stdlib.patch

(limited to 'patches/libmp3splt')

diff --git a/patches/libmp3splt/CVE-2017-15185.patch b/patches/libmp3splt/CVE-2017-15185.patch
new file mode 100644
index 00000000..82090f43
--- /dev/null
+++ b/patches/libmp3splt/CVE-2017-15185.patch
@@ -0,0 +1,41 @@
+diff --git a/plugins/ogg.c b/plugins/ogg.c
+index 50cc495..57745f1 100644
+--- a/plugins/ogg.c
++++ b/plugins/ogg.c
+@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error)
+     goto error;
+   }
+   memset(oggstate, 0, sizeof(splt_ogg_state));
++
+   if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->sync_in, 0, sizeof(ogg_sync_state));
++
+   if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->stream_in, 0, sizeof(ogg_stream_state));
++
+   if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->vd, 0, sizeof(vorbis_dsp_state));
++
+   if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->vi, 0, sizeof(vorbis_info));
++
+   if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->vb, 0, sizeof(vorbis_block));
+ 
+   if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL)
+   {
diff --git a/patches/libmp3splt/include-stdlib.patch b/patches/libmp3splt/include-stdlib.patch
new file mode 100644
index 00000000..43c3494b
--- /dev/null
+++ b/patches/libmp3splt/include-stdlib.patch
@@ -0,0 +1,333 @@
+diff -ru libmp3splt-0.9.2.orig/plugins/flac.c libmp3splt-0.9.2/plugins/flac.c
+--- libmp3splt-0.9.2.orig/plugins/flac.c	2014-05-10 16:38:47.000000000 +0200
++++ libmp3splt-0.9.2/plugins/flac.c	2021-03-26 14:34:08.419874982 +0100
+@@ -27,6 +27,7 @@
+  *
+  *********************************************************/
+ 
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "splt.h"
+diff -ru libmp3splt-0.9.2.orig/plugins/ogg.c libmp3splt-0.9.2/plugins/ogg.c
+--- libmp3splt-0.9.2.orig/plugins/ogg.c	2014-05-10 16:38:10.000000000 +0200
++++ libmp3splt-0.9.2/plugins/ogg.c	2021-03-26 14:34:59.147873394 +0100
+@@ -41,6 +41,7 @@
+ The Plug-in that handles ogg vorbis files
+ */
+ 
++#include <stdlib.h>
+ #include <time.h>
+ #include <string.h>
+ #include <locale.h>
+diff -ru libmp3splt-0.9.2.orig/plugins/ogg_new_stream_handler.c libmp3splt-0.9.2/plugins/ogg_new_stream_handler.c
+--- libmp3splt-0.9.2.orig/plugins/ogg_new_stream_handler.c	2014-05-10 16:38:37.000000000 +0200
++++ libmp3splt-0.9.2/plugins/ogg_new_stream_handler.c	2021-03-26 14:36:25.667870685 +0100
+@@ -38,6 +38,7 @@
+ 
+ #include "ogg_new_stream_handler.h"
+ 
++#include <stdlib.h>
+ #include <string.h>
+ 
+ splt_ogg_new_stream_handler *splt_ogg_nsh_new(splt_state *state, splt_ogg_state *oggstate, 
+diff -ru libmp3splt-0.9.2.orig/plugins/ogg_silence.c libmp3splt-0.9.2/plugins/ogg_silence.c
+--- libmp3splt-0.9.2.orig/plugins/ogg_silence.c	2014-05-10 16:37:35.000000000 +0200
++++ libmp3splt-0.9.2/plugins/ogg_silence.c	2021-03-26 14:34:39.875873998 +0100
+@@ -36,6 +36,7 @@
+  *
+  *********************************************************/
+ 
++#include <stdlib.h>
+ #include <string.h>
+ #include <math.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/plugins/ogg_utils.c libmp3splt-0.9.2/plugins/ogg_utils.c
+--- libmp3splt-0.9.2.orig/plugins/ogg_utils.c	2014-05-10 16:38:18.000000000 +0200
++++ libmp3splt-0.9.2/plugins/ogg_utils.c	2021-03-26 14:39:00.414825145 +0100
+@@ -36,6 +36,7 @@
+  *
+  *********************************************************/
+ 
++#include <stdlib.h>
+ #include <string.h>
+ #include <math.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/plugins/silence_processors.c libmp3splt-0.9.2/plugins/silence_processors.c
+--- libmp3splt-0.9.2.orig/plugins/silence_processors.c	2014-05-10 16:39:18.000000000 +0200
++++ libmp3splt-0.9.2/plugins/silence_processors.c	2021-03-26 14:39:14.954824690 +0100
+@@ -26,6 +26,8 @@
+ 
+ #include "silence_processors.h"
+ 
++#include <stdlib.h>
++
+ static void write_to_full_log(splt_state *state, double time, float level, int shots, int found,
+     double begin_position, double end_position);
+ 
+diff -ru libmp3splt-0.9.2.orig/src/cddb.c libmp3splt-0.9.2/src/cddb.c
+--- libmp3splt-0.9.2.orig/src/cddb.c	2014-05-10 16:28:18.000000000 +0200
++++ libmp3splt-0.9.2/src/cddb.c	2021-03-26 14:52:07.483887567 +0100
+@@ -28,6 +28,8 @@
+ 
+   The cddb search functionality
+  */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <math.h>
+diff -ru libmp3splt-0.9.2.orig/src/client.c libmp3splt-0.9.2/src/client.c
+--- libmp3splt-0.9.2.orig/src/client.c	2014-05-10 16:35:00.000000000 +0200
++++ libmp3splt-0.9.2/src/client.c	2021-03-26 14:54:11.631883680 +0100
+@@ -29,6 +29,7 @@
+  *
+  *********************************************************/
+ 
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "splt.h"
+diff -ru libmp3splt-0.9.2.orig/src/cue.c libmp3splt-0.9.2/src/cue.c
+--- libmp3splt-0.9.2.orig/src/cue.c	2014-09-20 21:00:47.000000000 +0200
++++ libmp3splt-0.9.2/src/cue.c	2021-03-26 14:52:20.071887172 +0100
+@@ -28,6 +28,8 @@
+ 
+ All that is needed in order to be able to read and write cue files.
+  */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/debug.c libmp3splt-0.9.2/src/debug.c
+--- libmp3splt-0.9.2.orig/src/debug.c	2014-05-10 16:28:13.000000000 +0200
++++ libmp3splt-0.9.2/src/debug.c	2021-03-26 14:41:25.130820614 +0100
+@@ -29,6 +29,7 @@
+  *
+  *********************************************************/
+ 
++#include <stdlib.h>
+ #include <string.h>
+ #include <stdarg.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/errors.c libmp3splt-0.9.2/src/errors.c
+--- libmp3splt-0.9.2.orig/src/errors.c	2014-10-07 02:22:55.000000000 +0200
++++ libmp3splt-0.9.2/src/errors.c	2021-03-26 14:46:07.532650882 +0100
+@@ -35,6 +35,7 @@
+ that is meant to be used directly are all in mp3splt.c.
+ */
+ 
++#include <stdlib.h>
+ #include <string.h>
+ #include <errno.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/freedb.c libmp3splt-0.9.2/src/freedb.c
+--- libmp3splt-0.9.2.orig/src/freedb.c	2014-05-10 16:34:54.000000000 +0200
++++ libmp3splt-0.9.2/src/freedb.c	2021-03-26 14:54:21.763883362 +0100
+@@ -32,6 +32,7 @@
+ that is meant to be used directly are all in mp3splt.c.
+ */
+ 
++#include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/freedb_utils.c libmp3splt-0.9.2/src/freedb_utils.c
+--- libmp3splt-0.9.2.orig/src/freedb_utils.c	2014-05-10 16:28:17.000000000 +0200
++++ libmp3splt-0.9.2/src/freedb_utils.c	2021-03-26 14:54:45.335882624 +0100
+@@ -33,6 +33,8 @@
+ 
+ Utilities used by the functions in freedb.c
+  */
++
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "splt.h"
+diff -ru libmp3splt-0.9.2.orig/src/input_output.c libmp3splt-0.9.2/src/input_output.c
+--- libmp3splt-0.9.2.orig/src/input_output.c	2014-09-19 23:48:27.000000000 +0200
++++ libmp3splt-0.9.2/src/input_output.c	2021-03-26 14:49:12.768645082 +0100
+@@ -28,6 +28,8 @@
+ 
+ This file contains all I/O functions this library uses.
+ */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
+diff -ru libmp3splt-0.9.2.orig/src/mp3splt.c libmp3splt-0.9.2/src/mp3splt.c
+--- libmp3splt-0.9.2.orig/src/mp3splt.c	2014-09-16 23:39:39.000000000 +0200
++++ libmp3splt-0.9.2/src/mp3splt.c	2021-03-26 14:47:15.272648761 +0100
+@@ -42,6 +42,7 @@
+ should therefore not be too hard a task...
+  */
+ 
++#include <stdlib.h>
+ #include <sys/stat.h>
+ #include <string.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/oformat_parser.c libmp3splt-0.9.2/src/oformat_parser.c
+--- libmp3splt-0.9.2.orig/src/oformat_parser.c	2014-10-03 00:46:20.000000000 +0200
++++ libmp3splt-0.9.2/src/oformat_parser.c	2021-03-26 14:41:38.526820195 +0100
+@@ -33,6 +33,8 @@
+ 
+ Automatic generation of filenams for split files from tags.
+  */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <math.h>
+diff -ru libmp3splt-0.9.2.orig/src/options.c libmp3splt-0.9.2/src/options.c
+--- libmp3splt-0.9.2.orig/src/options.c	2014-05-29 00:04:18.000000000 +0200
++++ libmp3splt-0.9.2/src/options.c	2021-03-26 14:52:30.959886832 +0100
+@@ -31,6 +31,8 @@
+ 
+ #include "splt.h"
+ 
++#include <stdlib.h>
++
+ extern int global_debug;
+ 
+ void splt_o_set_options_default_values(splt_state *state)
+diff -ru libmp3splt-0.9.2.orig/src/output_format.c libmp3splt-0.9.2/src/output_format.c
+--- libmp3splt-0.9.2.orig/src/output_format.c	2014-05-10 16:28:15.000000000 +0200
++++ libmp3splt-0.9.2/src/output_format.c	2021-03-26 14:49:26.076644665 +0100
+@@ -33,6 +33,8 @@
+ 
+ The format of output file names
+ */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <math.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/pair.c libmp3splt-0.9.2/src/pair.c
+--- libmp3splt-0.9.2.orig/src/pair.c	2014-05-10 16:34:54.000000000 +0200
++++ libmp3splt-0.9.2/src/pair.c	2021-03-26 14:41:54.206819704 +0100
+@@ -35,6 +35,8 @@
+ */
+ #include "splt.h"
+ 
++#include <stdlib.h>
++
+ splt_int_pair *splt_int_pair_new(int first, int second)
+ {
+   splt_int_pair *pair = malloc(sizeof(splt_int_pair));
+diff -ru libmp3splt-0.9.2.orig/src/proxy.c libmp3splt-0.9.2/src/proxy.c
+--- libmp3splt-0.9.2.orig/src/proxy.c	2014-05-10 16:35:00.000000000 +0200
++++ libmp3splt-0.9.2/src/proxy.c	2021-03-26 14:39:57.110823370 +0100
+@@ -31,6 +31,7 @@
+ 
+ #include "splt.h"
+ 
++#include <stdlib.h>
+ #include <string.h>
+ 
+ static void splt_pr_free_proxy_address(splt_state *state);
+diff -ru libmp3splt-0.9.2.orig/src/silence_utils.c libmp3splt-0.9.2/src/silence_utils.c
+--- libmp3splt-0.9.2.orig/src/silence_utils.c	2014-05-10 16:28:14.000000000 +0200
++++ libmp3splt-0.9.2/src/silence_utils.c	2021-03-26 14:55:20.373966575 +0100
+@@ -35,6 +35,8 @@
+ */
+ #include "splt.h"
+ 
++#include <stdlib.h>
++
+ int splt_siu_ssplit_new(struct splt_ssplit **silence_list, 
+     float begin_position, float end_position, int len, int *error)
+ {
+diff -ru libmp3splt-0.9.2.orig/src/socket_manager.c libmp3splt-0.9.2/src/socket_manager.c
+--- libmp3splt-0.9.2.orig/src/socket_manager.c	2014-05-10 16:28:15.000000000 +0200
++++ libmp3splt-0.9.2/src/socket_manager.c	2021-03-26 14:40:18.558822698 +0100
+@@ -33,6 +33,7 @@
+ Manages a socket connection
+ */
+ 
++#include <stdlib.h>
+ #include <unistd.h>
+ 
+ #ifdef __WIN32__
+diff -ru libmp3splt-0.9.2.orig/src/split_points.c libmp3splt-0.9.2/src/split_points.c
+--- libmp3splt-0.9.2.orig/src/split_points.c	2014-09-20 20:21:07.000000000 +0200
++++ libmp3splt-0.9.2/src/split_points.c	2021-03-26 15:03:13.525209460 +0100
+@@ -34,6 +34,8 @@
+ All functions needed for handling split points (adding to the list,
+ checking, of this split point already exists,...)
+ */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <math.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/splt.c libmp3splt-0.9.2/src/splt.c
+--- libmp3splt-0.9.2.orig/src/splt.c	2014-10-12 11:16:46.000000000 +0200
++++ libmp3splt-0.9.2/src/splt.c	2021-03-26 14:49:40.811892159 +0100
+@@ -34,6 +34,7 @@
+ Actually split the input file
+ */
+ 
++#include <stdlib.h>
+ #include <sys/stat.h>
+ #include <string.h>
+ #include <math.h>
+diff -ru libmp3splt-0.9.2.orig/src/sync_errors.c libmp3splt-0.9.2/src/sync_errors.c
+--- libmp3splt-0.9.2.orig/src/sync_errors.c	2014-05-10 16:34:58.000000000 +0200
++++ libmp3splt-0.9.2/src/sync_errors.c	2021-03-26 14:50:01.567891509 +0100
+@@ -46,6 +46,8 @@
+ 
+ #include "splt.h"
+ 
++#include <stdlib.h>
++
+ void splt_se_set_sync_errors_default_values(splt_state *state)
+ {
+   splt_syncerrors *serrors = state->serrors;
+diff -ru libmp3splt-0.9.2.orig/src/tags_parser.c libmp3splt-0.9.2/src/tags_parser.c
+--- libmp3splt-0.9.2.orig/src/tags_parser.c	2014-05-10 16:34:59.000000000 +0200
++++ libmp3splt-0.9.2/src/tags_parser.c	2021-03-26 14:42:25.154818735 +0100
+@@ -33,6 +33,8 @@
+ 
+   Parse tags (Artist, Album, Year,...)
+  */
++
++#include <stdlib.h>
+ #include <string.h>
+ #include <ctype.h>
+ 
+diff -ru libmp3splt-0.9.2.orig/src/tags_utils.c libmp3splt-0.9.2/src/tags_utils.c
+--- libmp3splt-0.9.2.orig/src/tags_utils.c	2014-05-10 16:28:14.000000000 +0200
++++ libmp3splt-0.9.2/src/tags_utils.c	2021-03-26 14:59:31.017958728 +0100
+@@ -25,6 +25,7 @@
+  * USA.
+  *********************************************************/
+ 
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "splt.h"
+diff -ru libmp3splt-0.9.2.orig/src/types_func.c libmp3splt-0.9.2/src/types_func.c
+--- libmp3splt-0.9.2.orig/src/types_func.c	2014-05-10 16:34:55.000000000 +0200
++++ libmp3splt-0.9.2/src/types_func.c	2021-03-26 14:45:49.760651438 +0100
+@@ -35,6 +35,7 @@
+ split.
+  */
+ 
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "splt.h"
+diff -ru libmp3splt-0.9.2.orig/src/wrap.c libmp3splt-0.9.2/src/wrap.c
+--- libmp3splt-0.9.2.orig/src/wrap.c	2014-05-10 16:34:57.000000000 +0200
++++ libmp3splt-0.9.2/src/wrap.c	2021-03-26 14:42:36.990818364 +0100
+@@ -34,6 +34,8 @@
+ Automatically split mp3 files created with mp3wrap into the original 
+ tracks
+ */
++
++#include <stdlib.h>
+ #include <string.h>
+ 
+ #include "splt.h"
-- 
cgit v1.2.3