[gentoo-commits] repo/gentoo:master commit in: media-sound/milkytracker/files/, media-sound/milkytracker/

2020-07-19 Thread Sam James 
commit: d2261786b3997b6ce70aae655928c625abc305f3
Author: John Helmert III  posteo  net>
AuthorDate: Mon Jul  6 03:38:48 2020 +
Commit: Sam James  gentoo  org>
CommitDate: Sun Jul 19 23:38:33 2020 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d2261786

media-sound/milkytracker: Add 1.02.00 (security)

Bug: https://bugs.gentoo.org/711280
Closes: https://bugs.gentoo.org/711564
Package-Manager: Portage-2.3.103, Repoman-2.3.23
Signed-off-by: John Helmert III  posteo.net>
Signed-off-by: Sam James  gentoo.org>

 media-sound/milkytracker/Manifest  |   2 +
 .../milkytracker-1.02.00-CVE-2019-14464.patch  |  26 ++
 .../milkytracker-1.02.00-CVE-2019-1449x.patch  | 104 +
 .../milkytracker-1.02.00-CVE-2020-15569.patch  |  35 +++
 .../milkytracker/milkytracker-1.02.00.ebuild   |  53 +++
 5 files changed, 220 insertions(+)

diff --git a/media-sound/milkytracker/Manifest 
b/media-sound/milkytracker/Manifest
index 1400b0f2a7e..34a0214ebc1 100644
--- a/media-sound/milkytracker/Manifest
+++ b/media-sound/milkytracker/Manifest
@@ -1 +1,3 @@
 DIST milkytracker-1.0.0.tar.gz 3749140 BLAKE2B 
5bf1e374c8d51e7f65a222c46b4cb3e26dd88ba5be304af540d3af4f5123179a2496d0b5eb87021d2dc0f12e7fab3f55e9ad06573aa5fb3a8842d9b743e6c948
 SHA512 
a96e8b015a4e3b38f3ad44756fc79cb062f91ab193b7428a6abde042aa4e51c8fb45757cba0504283410d714eefffdee57d3e3bf42e7991d1f9581ab8d2ab1c4
+DIST milkytracker-1.02.00-cmake.patch 40073 BLAKE2B 
cef8fc7efff9324c1d628026d650c79e11950b53481686e5dd35ace483839fbdd6b2b1f8ccce2f688beec2c7c28b0fe3b60d0e8d540d6cd163927f4bacf9d396
 SHA512 
bd4ca0d092229722ca81addaf9eec3ff1b176061da7b44fe3f02fbe020c3820778ed973dde95588b4c9f918728e2c69c24ac23083a2f48c0cbad2e854eeff5ba
+DIST milkytracker-1.02.00.tar.gz 3753882 BLAKE2B 
e9bb4341e016d2a9c518835e8b4620f748da60bca7205302e7500f14f3294e7fa9a20fef203226fffbe22a11a3b4978ea928f0f544eb70e99b5998ecc7c45611
 SHA512 
479a7b3198d97c68dca4fa772a2aa64d7f740957f5d8038fabfb303e724c85aec0865746a0a5c3ef6b9599b78892dcda22727ab2bb80ae38764bcf81b249e134

diff --git 
a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch 
b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch
new file mode 100644
index 000..d59522d6d1d
--- /dev/null
+++ b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-14464.patch
@@ -0,0 +1,26 @@
+This patch is from upstream:
+https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
+
+commit fd607a3439fcdd0992e5efded3c16fc79c804e34
+Author: Christopher O'Neill 
+Date:   Tue Jul 30 19:11:58 2019 +0100
+
+Fix #184: Heap overflow in S3M loader
+
+diff --git a/src/milkyplay/LoaderS3M.cpp b/src/milkyplay/LoaderS3M.cpp
+index 5abf211..edf0fd5 100644
+--- a/src/milkyplay/LoaderS3M.cpp
 b/src/milkyplay/LoaderS3M.cpp
+@@ -340,7 +340,11 @@ mp_sint32 LoaderS3M::load(XMFileBase& f, XModule* module)
+   return MP_OUT_OF_MEMORY;
+   
+   header->insnum = f.readWord(); // number of instruments
+-  header->patnum = f.readWord(); // number of patterns
++  if (header->insnum > MP_MAXINS)
++  return MP_LOADER_FAILED;
++  header->patnum = f.readWord(); // number of patterns
++  if (header->patnum > 256)
++  return MP_LOADER_FAILED;
+   
+   mp_sint32 flags = f.readWord(); // st3 flags
+ 

diff --git 
a/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch 
b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch
new file mode 100644
index 000..0560cd2b825
--- /dev/null
+++ b/media-sound/milkytracker/files/milkytracker-1.02.00-CVE-2019-1449x.patch
@@ -0,0 +1,104 @@
+This patch is from upstream:
+https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
+
+commit ea7772a3fae0a9dd0a322e8fec441d15843703b7
+Author: Christopher O'Neill 
+Date:   Tue Jul 30 18:40:03 2019 +0100
+
+Fixes for buffer overflow issues #182 & #183
+
+diff --git a/src/milkyplay/LoaderXM.cpp b/src/milkyplay/LoaderXM.cpp
+index 108d915..f87f5c1 100644
+--- a/src/milkyplay/LoaderXM.cpp
 b/src/milkyplay/LoaderXM.cpp
+@@ -63,8 +63,8 @@ const char* LoaderXM::identifyModule(const mp_ubyte* buffer)
+ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module)
+ {
+   mp_ubyte insData[230];  
+-  mp_sint32 smpReloc[96];
+-  mp_ubyte nbu[96];
++  mp_sint32 smpReloc[MP_MAXINSSAMPS];
++  mp_ubyte nbu[MP_MAXINSSAMPS];
+   mp_uint32 fileSize = 0;
+   
+   module->cleanUp();
+@@ -117,6 +117,8 @@ mp_sint32 LoaderXM::load(XMFileBase& f, XModule* module)
+   memcpy(header->ord, hdrBuff+16, 256);
+   if(header->ordnum > MP_MAXORDERS)
+   header->ordnum = MP_MAXORDERS;
++  if(header->insnum > MP_MAXINS)
++  return MP_LOADER_FAILED;
+ 
+   delete[] hdrBuff;
+   
+@@ -143,7 +145,7 @@

[gentoo-commits] repo/gentoo:master commit in: media-sound/milkytracker/files/, media-sound/milkytracker/

2019-12-07 Thread Andreas Sturmlechner 
commit: a0a0d74e043187609c8e560053a29685121f8219
Author: Andreas Sturmlechner  gentoo  org>
AuthorDate: Sat Dec  7 15:55:39 2019 +
Commit: Andreas Sturmlechner  gentoo  org>
CommitDate: Sat Dec  7 15:56:00 2019 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a0a0d74e

media-sound/milkytracker: Add upstream cmake fix

Closes: https://bugs.gentoo.org/676128
Package-Manager: Portage-2.3.81, Repoman-2.3.19
Signed-off-by: Andreas Sturmlechner  gentoo.org>

 .../files/milkytracker-1.0.0-cmake.patch   | 148 +
 media-sound/milkytracker/milkytracker-1.0.0.ebuild |   5 +-
 2 files changed, 152 insertions(+), 1 deletion(-)

diff --git a/media-sound/milkytracker/files/milkytracker-1.0.0-cmake.patch 
b/media-sound/milkytracker/files/milkytracker-1.0.0-cmake.patch
new file mode 100644
index 000..391ec55c7d8
--- /dev/null
+++ b/media-sound/milkytracker/files/milkytracker-1.0.0-cmake.patch
@@ -0,0 +1,148 @@
+From 87d0f55cd8868d91472f96cccafaf6fdb9e0cbbc Mon Sep 17 00:00:00 2001
+From: Dale Whinham 
+Date: Thu, 31 Oct 2019 21:21:28 +
+Subject: [PATCH] CMake: Use SDL2's official CMake package mechanism
+
+We shouldn't need to rely on a FindSDL2.cmake, as SDL2 comes with a
+CMake package definition that should be installed by the distro into a
+location where CMake can find it.
+
+Fixes #168.
+---
+ CMakeLists.txt   |   4 +-
+ cmake/FindSDL2.cmake | 104 ---
+ 2 files changed, 1 insertion(+), 107 deletions(-)
+ delete mode 100644 cmake/FindSDL2.cmake
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 27ad4a18..5b6ed9f1 100644
+--- a/CMakeLists.txt
 b/CMakeLists.txt
+@@ -31,8 +31,6 @@ if(FORCESDL)
+ unset(APPLE)
+ unset(WIN32)
+ add_definitions(-D__FORCE_SDL_AUDIO__)
+-# Frameworks not supported by findSDL2.cmake
+-set(CMAKE_FIND_FRAMEWORK NEVER)
+ endif()
+ 
+ # Lowercase project name for binaries and packaging
+@@ -166,7 +164,7 @@ else()
+ # https://bugzilla.libsdl.org/show_bug.cgi?id=3295
+ cmake_policy(SET CMP0004 OLD)
+ 
+-find_package(SDL2 2 REQUIRED)
++find_package(SDL2 REQUIRED)
+ endif()
+ 
+ # Prefer static linkage under OS X for libraries located with find_package()
+diff --git a/cmake/FindSDL2.cmake b/cmake/FindSDL2.cmake
+deleted file mode 100644
+index 27c78f05..
+--- a/cmake/FindSDL2.cmake
 /dev/null
+@@ -1,104 +0,0 @@
+-# - Find SDL2 library and headers
+-# 
+-# Find module for SDL 2.0 (http://www.libsdl.org/).
+-# It defines the following variables:
+-#  SDL2_INCLUDE_DIRS - The location of the headers, e.g., SDL.h.
+-#  SDL2_LIBRARIES - The libraries to link against to use SDL2.
+-#  SDL2_FOUND - If false, do not try to use SDL2.
+-#  SDL2_VERSION_STRING - Human-readable string containing the version of SDL2.
+-#
+-# This module responds to the the flag:
+-#  SDL2_BUILDING_LIBRARY
+-#If this is defined, then no SDL2_main will be linked in because
+-#only applications need main().
+-#Otherwise, it is assumed you are building an application and this
+-#module will attempt to locate and set the the proper link flags
+-#as part of the returned SDL2_LIBRARIES variable.
+-#
+-# Also defined, but not for general use are:
+-#   SDL2_INCLUDE_DIR - The directory that contains SDL.h.
+-#   SDL2_LIBRARY - The location of the SDL2 library.
+-#   SDL2MAIN_LIBRARY - The location of the SDL2main library.
+-#
+-
+-#=
+-# Copyright 2013 Benjamin Eikel
+-#
+-# Redistribution and use in source and binary forms, with or without
+-# modification, are permitted provided that the following conditions are met:
+-# * Redistributions of source code must retain the above copyright
+-#   notice, this list of conditions and the following disclaimer.
+-# * Redistributions in binary form must reproduce the above copyright
+-#   notice, this list of conditions and the following disclaimer in the
+-#   documentation and/or other materials provided with the distribution.
+-# * Neither the name of the  nor the
+-#   names of its contributors may be used to endorse or promote products
+-#   derived from this software without specific prior written permission.
+-#
+-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+-# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-# ARE DISCLAIMED. IN NO EVENT SHALL  BE LIABLE FOR ANY
+-# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+-# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+-# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+-#

[gentoo-commits] repo/gentoo:master commit in: media-sound/milkytracker/files/, media-sound/milkytracker/

2017-05-07 Thread David Seifert 
commit: d0b5cca4baed1671d32c58481ba5de9015464757
Author: David Seifert  gentoo  org>
AuthorDate: Sun May  7 09:02:09 2017 +
Commit: David Seifert  gentoo  org>
CommitDate: Sun May  7 09:04:13 2017 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0b5cca4

media-sound/milkytracker: Version bump to 1.0.0

* EAPI 6
Bug: https://bugs.gentoo.org/show_bug.cgi?id=599678
Package-Manager: Portage-2.3.5, Repoman-2.3.2

 media-sound/milkytracker/Manifest  |  1 +
 .../files/milkytracker-1.0.0-docdir.patch  | 71 ++
 media-sound/milkytracker/milkytracker-1.0.0.ebuild | 43 +
 3 files changed, 115 insertions(+)

diff --git a/media-sound/milkytracker/Manifest 
b/media-sound/milkytracker/Manifest
index 95f5a45c441..3b3a5da9eb6 100644
--- a/media-sound/milkytracker/Manifest
+++ b/media-sound/milkytracker/Manifest
@@ -1 +1,2 @@
 DIST milkytracker-0.90.86.tar.bz2 2202256 SHA256 
eb93000ed4855e198dfb02df54f3e3536dc891084ca47cdd5393121137ba3bed SHA512 
8142f0b438e478571db25960d1b31f1d8c7e68feea96bdd238d1b1c1744105d929f18c990a301af6bebfc2d517bad687232410477ced6d8c4bfec8053cfcad8e
 WHIRLPOOL 
3c388cde08c81a73e80ee834e7b1cef90dc32d3e7885de47259cb3b219bd7207f816c240b87fede59335ec5a2561a00e23ab3aa05b5e34f4bbe3ae7866ff5045
+DIST milkytracker-1.0.0.tar.gz 3749140 SHA256 
7fa982561c297aae7ed8223d2535c1f0a72057da01d002e8665b9223206932dc SHA512 
a96e8b015a4e3b38f3ad44756fc79cb062f91ab193b7428a6abde042aa4e51c8fb45757cba0504283410d714eefffdee57d3e3bf42e7991d1f9581ab8d2ab1c4
 WHIRLPOOL 
859f8604b8b61cfd8467dfe5d72d68800938d1054f69c91abcb129bb8082c549d9791a94f10429aa1c7a7b3e0db097f1f5828213526af6af640ea44b9ead0a34

diff --git a/media-sound/milkytracker/files/milkytracker-1.0.0-docdir.patch 
b/media-sound/milkytracker/files/milkytracker-1.0.0-docdir.patch
new file mode 100644
index 000..aeae02af2b0
--- /dev/null
+++ b/media-sound/milkytracker/files/milkytracker-1.0.0-docdir.patch
@@ -0,0 +1,71 @@
+From 56bf091a0e8c5242e160d37f2974f3e1e2525821 Mon Sep 17 00:00:00 2001
+From: David Seifert 
+Date: Sun, 7 May 2017 10:49:21 +0200
+Subject: [PATCH] Use GNUInstallDirs in order to change installation paths
+
+* This allows distro-specific modification of directories
+  to adjust to different FHS layouts.
+---
+ CMakeLists.txt | 5 -
+ docs/CMakeLists.txt| 2 +-
+ resources/music/CMakeLists.txt | 2 +-
+ src/tracker/CMakeLists.txt | 2 +-
+ 4 files changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 996e2f0..bac54f3 100644
+--- a/CMakeLists.txt
 b/CMakeLists.txt
+@@ -19,9 +19,12 @@
+ #  along with MilkyTracker.  If not, see .
+ #
+ 
+-cmake_minimum_required(VERSION 2.6)
++cmake_minimum_required(VERSION 2.8.5)
+ project(MilkyTracker)
+ 
++# Adhere to GNU filesystem layout conventions
++include(GNUInstallDirs)
++
+ # Force SDL if requested
+ option(FORCESDL "Force SDL instead of native" OFF)
+ if(FORCESDL)
+diff --git a/docs/CMakeLists.txt b/docs/CMakeLists.txt
+index 0aacc60..aca4a61 100644
+--- a/docs/CMakeLists.txt
 b/docs/CMakeLists.txt
+@@ -35,7 +35,7 @@ elseif(WIN32)
+ set(INSTALL_DEST .)
+ else()
+ list(APPEND DOCUMENTS readme_unix)
+-set(INSTALL_DEST share/doc/${PROJECT_NAME_LOWER})
++set(INSTALL_DEST ${CMAKE_INSTALL_DOCDIR})
+ endif()
+ 
+ install(FILES ${DOCUMENTS} DESTINATION ${INSTALL_DEST})
+diff --git a/resources/music/CMakeLists.txt b/resources/music/CMakeLists.txt
+index f918b6e..f29fcd6 100644
+--- a/resources/music/CMakeLists.txt
 b/resources/music/CMakeLists.txt
+@@ -24,7 +24,7 @@ file(GLOB SONGS "*.xm")
+ if(APPLE OR WIN32)
+ set(INSTALL_DEST "Example Songs")
+ else()
+-set(INSTALL_DEST share/${PROJECT_NAME_LOWER}/songs)
++set(INSTALL_DEST ${CMAKE_INSTALL_DATADIR}/${PROJECT_NAME_LOWER}/songs)
+ endif()
+ 
+ install(FILES ${SONGS} DESTINATION ${INSTALL_DEST})
+diff --git a/src/tracker/CMakeLists.txt b/src/tracker/CMakeLists.txt
+index 1e4062e..b7a96a7 100644
+--- a/src/tracker/CMakeLists.txt
 b/src/tracker/CMakeLists.txt
+@@ -399,7 +399,7 @@ target_link_libraries(
+ if(APPLE OR WIN32)
+ set(INSTALL_DEST .)
+ else()
+-set(INSTALL_DEST bin)
++set(INSTALL_DEST ${CMAKE_INSTALL_BINDIR})
+ endif()
+ 
+ install(TARGETS ${TARGET_NAME} DESTINATION ${INSTALL_DEST})

diff --git a/media-sound/milkytracker/milkytracker-1.0.0.ebuild 
b/media-sound/milkytracker/milkytracker-1.0.0.ebuild
new file mode 100644
index 000..c59ff0579dd
--- /dev/null
+++ b/media-sound/milkytracker/milkytracker-1.0.0.ebuild
@@ -0,0 +1,43 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit cmake-utils eutils vcs-snapshot
+
+DESCRIPTION="FastTracker 2 inspired music tracker"
+HOMEPAGE="http://milkytracker.titandemo.org/;
+SRC_URI="https://github.com/milkytracker/MilkyTracker/archive/v${PV}.tar.gz ->