diff --git a/941774c8c0e79007196d7f1e7afdc97689f869b3.patch b/941774c8c0e79007196d7f1e7afdc97689f869b3.patch new file mode 100644 index 0000000..978d5f4 --- /dev/null +++ b/941774c8c0e79007196d7f1e7afdc97689f869b3.patch @@ -0,0 +1,21 @@ +From 941774c8c0e79007196d7f1e7afdc97689f869b3 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 12:09:45 +0200 +Subject: [PATCH] ALAC: set chunk frameCount to 0 on short read + +--- + libaudiofile/modules/ALAC.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libaudiofile/modules/ALAC.cpp b/libaudiofile/modules/ALAC.cpp +index 7593c11..478e2af 100644 +--- a/libaudiofile/modules/ALAC.cpp ++++ b/libaudiofile/modules/ALAC.cpp +@@ -240,6 +240,7 @@ void ALAC::runPull() + if (read(m_inChunk->buffer, bytesPerPacket) < bytesPerPacket) + { + reportReadError(0, m_track->f.framesPerPacket); ++ m_outChunk->frameCount = 0; + return; + } + diff --git a/audiofile.spec b/audiofile.spec index 26312f6..1ed4e85 100644 --- a/audiofile.spec +++ b/audiofile.spec @@ -3,7 +3,7 @@ Summary: Library for accessing various audio file formats Name: audiofile Version: 0.3.6 -Release: 20%{?dist} +Release: 21%{?dist} Epoch: 1 # library is LGPL / the two programs GPL / see README License: LGPLv2+ and GPLv2+ @@ -26,6 +26,8 @@ Patch3: audiofile-0.3.6-pull42.patch Patch4: audiofile-0.3.6-pull43.patch Patch5: audiofile-0.3.6-pull44.patch Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch +Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch +Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch %description The Audio File library is an implementation of the Audio File Library @@ -54,6 +56,9 @@ other resources you can use to develop Audio File applications. %patch4 -p1 -b .pull43 %patch5 -p1 -b .pull44 %patch6 -p1 -b .CVE-2018-17095 +%patch7 -p1 -b .CVE-2018-13440 +%patch8 -p1 -b .CVE-2018-13440 + %build %configure @@ -93,6 +98,9 @@ make check %{_mandir}/man3/* %changelog +* Tue Oct 09 2018 Gwyn Ciesla - 1:0.3.6-21 +- Fixes for CVE-2018-13440. + * Tue Oct 09 2018 Gwyn Ciesla - 1:0.3.6-20 - Fix for CVE-2018-17095. diff --git a/fde6d79fb8363c4a329a184ef0b107156602b225.patch b/fde6d79fb8363c4a329a184ef0b107156602b225.patch new file mode 100644 index 0000000..ffd65b4 --- /dev/null +++ b/fde6d79fb8363c4a329a184ef0b107156602b225.patch @@ -0,0 +1,28 @@ +From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 10:48:45 +0200 +Subject: [PATCH] ModuleState: handle compress/decompress init failure + +When the unit initcompress or initdecompress function fails, +m_fileModule is NULL. Return AF_FAIL in that case instead of +causing NULL pointer dereferences later. + +Fixes #49 +--- + libaudiofile/modules/ModuleState.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp +index 0c29d7a..070fd9b 100644 +--- a/libaudiofile/modules/ModuleState.cpp ++++ b/libaudiofile/modules/ModuleState.cpp +@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track) + m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok, + file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames); + ++ if (!m_fileModule) ++ return AF_FAIL; ++ + if (unit->needsRebuffer) + { + assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP);