CVS commit: pkgsrc/audio/audacity

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/audio/audacity
From: "Robert Bagdan" <kikadf%netbsd.org@localhost>
Date: Mon, 1 Sep 2025 15:12:19 +0000

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Mon Sep  1 15:12:19 UTC 2025

Modified Files:
        pkgsrc/audio/audacity: Makefile distinfo
Added Files:
        pkgsrc/audio/audacity/patches: patch-lib-src_portmixer_src_Makefile.am
            patch-lib-src_sbsms_src_Makefile.am patch-src_AudacityApp.cpp
Removed Files:
        pkgsrc/audio/audacity/patches:
            patch-lib-src_portmixer_src-extra_Makefile.am
            patch-lib-src_sbsms_src-extra_Makefile.am

Log Message:
audio/audacity: fix CVE-2020-11867

* Patch from upstream, https://github.com/audacity/audacity/commit/8bb55b8bbf0f0030224d0bfa1b290c4bc1d91b6a
* Fix pkglint warnings


To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 pkgsrc/audio/audacity/Makefile
cvs rdiff -u -r1.48 -r1.49 pkgsrc/audio/audacity/distinfo
cvs rdiff -u -r1.1 -r0 \
    pkgsrc/audio/audacity/patches/patch-lib-src_portmixer_src-extra_Makefile.am \
    pkgsrc/audio/audacity/patches/patch-lib-src_sbsms_src-extra_Makefile.am
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/audio/audacity/patches/patch-lib-src_portmixer_src_Makefile.am \
    pkgsrc/audio/audacity/patches/patch-lib-src_sbsms_src_Makefile.am \
    pkgsrc/audio/audacity/patches/patch-src_AudacityApp.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/audio/audacity/Makefile
diff -u pkgsrc/audio/audacity/Makefile:1.165 pkgsrc/audio/audacity/Makefile:1.166
--- pkgsrc/audio/audacity/Makefile:1.165        Sat Aug 30 22:44:33 2025
+++ pkgsrc/audio/audacity/Makefile      Mon Sep  1 15:12:19 2025
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.165 2025/08/30 22:44:33 wiz Exp $
+# $NetBSD: Makefile,v 1.166 2025/09/01 15:12:19 kikadf Exp $
 
 # NOTES ON UPDATING
 # - Upstream is insisting that packages use their internal modified
@@ -8,7 +8,7 @@
 #   This should be disabled by default, Audacity is offline software.
 # - Please test usage on NetBSD.
 DISTNAME=      audacity-2.4.1
-PKGREVISION=   27
+PKGREVISION=   28
 CATEGORIES=    audio
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=audacity/}
 GITHUB_PROJECT=        Audacity

Index: pkgsrc/audio/audacity/distinfo
diff -u pkgsrc/audio/audacity/distinfo:1.48 pkgsrc/audio/audacity/distinfo:1.49
--- pkgsrc/audio/audacity/distinfo:1.48 Sun Mar 30 15:39:27 2025
+++ pkgsrc/audio/audacity/distinfo      Mon Sep  1 15:12:19 2025
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.48 2025/03/30 15:39:27 wiz Exp $
+$NetBSD: distinfo,v 1.49 2025/09/01 15:12:19 kikadf Exp $
 
 BLAKE2s (audacity-2.4.1.tar.gz) = 53a42d20bfea5dfecfe0f40f7c668036c1057a4dddaea5541802ccd76aa75e99
 SHA512 (audacity-2.4.1.tar.gz) = 2f0a3f7e24dce91ae520e285dbb05778b68e0fe37b8ded55ac568b5f8135069951b3986764adc5d0791c165b283a3c19596f1d6f51ba17028e0eb04558c63f25
@@ -15,8 +15,9 @@ SHA1 (patch-lib-src_libnyquist_nyquist_c
 SHA1 (patch-lib-src_libnyquist_nyquist_nyqsrc_sndread.c) = dbc0b5b88043c7b2895742e78e6a5990f65012ef
 SHA1 (patch-lib-src_libnyquist_nyquist_sys_unix_switches.h) = 9401ac521d5a2aa8600a465b9133dff7e7b2ea35
 SHA1 (patch-lib-src_libnyquist_nyquist_xlisp_xlisp.h) = a79f2f58f32f96fc67bc2420bef6c812d37c96f0
-SHA1 (patch-lib-src_portmixer_src-extra_Makefile.am) = 9a0d5be37753683a2cade42673edb3d08e01ab4d
-SHA1 (patch-lib-src_sbsms_src-extra_Makefile.am) = 2beca18a286de1b26f4f96976fb58e1665d0531c
+SHA1 (patch-lib-src_portmixer_src_Makefile.am) = 9a0d5be37753683a2cade42673edb3d08e01ab4d
+SHA1 (patch-lib-src_sbsms_src_Makefile.am) = 2beca18a286de1b26f4f96976fb58e1665d0531c
+SHA1 (patch-src_AudacityApp.cpp) = 3ae757ada999f1e56fae0499137f37b51bdd7fec
 SHA1 (patch-src_AudioIO.cpp) = 1b44c68c4233b24a5fa4e17515eb237fee0e283a
 SHA1 (patch-src_audacity.desktop.in) = 66e43b6cba4d0245210fb6e9b7345abef1828e89
 SHA1 (patch-src_effects_NoiseRemoval.cpp) = 6d72545cde66ac90d4eb3821a3a3f384ccbf46f2

Added files:

Index: pkgsrc/audio/audacity/patches/patch-lib-src_portmixer_src_Makefile.am
diff -u /dev/null pkgsrc/audio/audacity/patches/patch-lib-src_portmixer_src_Makefile.am:1.1
--- /dev/null   Mon Sep  1 15:12:19 2025
+++ pkgsrc/audio/audacity/patches/patch-lib-src_portmixer_src_Makefile.am       Mon Sep  1 15:12:19 2025
@@ -0,0 +1,12 @@
+$NetBSD: patch-lib-src_portmixer_src_Makefile.am,v 1.1 2025/09/01 15:12:19 kikadf Exp $
+
+don't build a shared library of this.
+
+--- lib-src/portmixer/src/Makefile.am.orig     2015-03-01 17:07:05.000000000 -0800
++++ lib-src/portmixer/src/Makefile.am  2015-09-18 11:29:08.000000000 -0700
+@@ -1,4 +1,4 @@
+-lib_LTLIBRARIES = libportmixer.la
++noinst_LTLIBRARIES = libportmixer.la
+ 
+ libportmixer_la_CPPFLAGS = -I$(top_srcdir)/include $(PORTAUDIO_CFLAGS)
+ libportmixer_la_SOURCES = \
Index: pkgsrc/audio/audacity/patches/patch-lib-src_sbsms_src_Makefile.am
diff -u /dev/null pkgsrc/audio/audacity/patches/patch-lib-src_sbsms_src_Makefile.am:1.1
--- /dev/null   Mon Sep  1 15:12:19 2025
+++ pkgsrc/audio/audacity/patches/patch-lib-src_sbsms_src_Makefile.am   Mon Sep  1 15:12:19 2025
@@ -0,0 +1,15 @@
+$NetBSD: patch-lib-src_sbsms_src_Makefile.am,v 1.1 2025/09/01 15:12:19 kikadf Exp $
+
+don't build a shared library of this.
+
+--- lib-src/sbsms/src/Makefile.am.orig 2015-03-01 17:07:04.000000000 -0800
++++ lib-src/sbsms/src/Makefile.am      2015-09-18 11:29:19.000000000 -0700
+@@ -3,7 +3,7 @@
+ libsbsmsincludedir = $(includedir)
+ libsbsmsinclude_HEADERS = ../include/sbsms.h
+ 
+-lib_LTLIBRARIES = libsbsms.la
++noinst_LTLIBRARIES = libsbsms.la
+ libsbsms_la_SOURCES = \
+       sms.cpp \
+       track.cpp \
Index: pkgsrc/audio/audacity/patches/patch-src_AudacityApp.cpp
diff -u /dev/null pkgsrc/audio/audacity/patches/patch-src_AudacityApp.cpp:1.1
--- /dev/null   Mon Sep  1 15:12:19 2025
+++ pkgsrc/audio/audacity/patches/patch-src_AudacityApp.cpp     Mon Sep  1 15:12:19 2025
@@ -0,0 +1,15 @@
+$NetBSD: patch-src_AudacityApp.cpp,v 1.1 2025/09/01 15:12:19 kikadf Exp $
+
+* Fix CVE-2020-11867, https://github.com/audacity/audacity/commit/8bb55b8bbf0f0030224d0bfa1b290c4bc1d91b6a
+
+--- src/AudacityApp.cpp.orig   2025-09-01 16:24:41.676126412 +0200
++++ src/AudacityApp.cpp
+@@ -1786,7 +1786,7 @@ bool AudacityApp::InitTempDir()
+    // The permissions don't always seem to be set on
+    // some platforms.  Hopefully this fixes it...
+    #ifdef __UNIX__
+-   chmod(OSFILENAME(temp), 0755);
++   chmod(OSFILENAME(temp), 0700);
+    #endif
+ 
+    bool bSuccess = gPrefs->Write(wxT("/Directories/TempDir"), temp) && gPrefs->Flush();

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index