Patches for CVE-2018-13440.
This commit is contained in:
parent
ea15332b60
commit
0b51fee3ed
|
@ -0,0 +1,21 @@
|
||||||
|
From 941774c8c0e79007196d7f1e7afdc97689f869b3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wim Taymans <wtaymans@redhat.com>
|
||||||
|
Date: Thu, 27 Sep 2018 12:09:45 +0200
|
||||||
|
Subject: [PATCH] ALAC: set chunk frameCount to 0 on short read
|
||||||
|
|
||||||
|
---
|
||||||
|
libaudiofile/modules/ALAC.cpp | 1 +
|
||||||
|
1 file changed, 1 insertion(+)
|
||||||
|
|
||||||
|
diff --git a/libaudiofile/modules/ALAC.cpp b/libaudiofile/modules/ALAC.cpp
|
||||||
|
index 7593c11..478e2af 100644
|
||||||
|
--- a/libaudiofile/modules/ALAC.cpp
|
||||||
|
+++ b/libaudiofile/modules/ALAC.cpp
|
||||||
|
@@ -240,6 +240,7 @@ void ALAC::runPull()
|
||||||
|
if (read(m_inChunk->buffer, bytesPerPacket) < bytesPerPacket)
|
||||||
|
{
|
||||||
|
reportReadError(0, m_track->f.framesPerPacket);
|
||||||
|
+ m_outChunk->frameCount = 0;
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
Summary: Library for accessing various audio file formats
|
Summary: Library for accessing various audio file formats
|
||||||
Name: audiofile
|
Name: audiofile
|
||||||
Version: 0.3.6
|
Version: 0.3.6
|
||||||
Release: 20%{?dist}
|
Release: 21%{?dist}
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
# library is LGPL / the two programs GPL / see README
|
# library is LGPL / the two programs GPL / see README
|
||||||
License: LGPLv2+ and GPLv2+
|
License: LGPLv2+ and GPLv2+
|
||||||
|
@ -26,6 +26,8 @@ Patch3: audiofile-0.3.6-pull42.patch
|
||||||
Patch4: audiofile-0.3.6-pull43.patch
|
Patch4: audiofile-0.3.6-pull43.patch
|
||||||
Patch5: audiofile-0.3.6-pull44.patch
|
Patch5: audiofile-0.3.6-pull44.patch
|
||||||
Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch
|
Patch6: 822b732fd31ffcb78f6920001e9b1fbd815fa712.patch
|
||||||
|
Patch7: 941774c8c0e79007196d7f1e7afdc97689f869b3.patch
|
||||||
|
Patch8: fde6d79fb8363c4a329a184ef0b107156602b225.patch
|
||||||
|
|
||||||
%description
|
%description
|
||||||
The Audio File library is an implementation of the Audio File Library
|
The Audio File library is an implementation of the Audio File Library
|
||||||
|
@ -54,6 +56,9 @@ other resources you can use to develop Audio File applications.
|
||||||
%patch4 -p1 -b .pull43
|
%patch4 -p1 -b .pull43
|
||||||
%patch5 -p1 -b .pull44
|
%patch5 -p1 -b .pull44
|
||||||
%patch6 -p1 -b .CVE-2018-17095
|
%patch6 -p1 -b .CVE-2018-17095
|
||||||
|
%patch7 -p1 -b .CVE-2018-13440
|
||||||
|
%patch8 -p1 -b .CVE-2018-13440
|
||||||
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure
|
%configure
|
||||||
|
@ -93,6 +98,9 @@ make check
|
||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Oct 09 2018 Gwyn Ciesla <limburgher@gmail.com> - 1:0.3.6-21
|
||||||
|
- Fixes for CVE-2018-13440.
|
||||||
|
|
||||||
* Tue Oct 09 2018 Gwyn Ciesla <limburgher@gmail.com> - 1:0.3.6-20
|
* Tue Oct 09 2018 Gwyn Ciesla <limburgher@gmail.com> - 1:0.3.6-20
|
||||||
- Fix for CVE-2018-17095.
|
- Fix for CVE-2018-17095.
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Wim Taymans <wtaymans@redhat.com>
|
||||||
|
Date: Thu, 27 Sep 2018 10:48:45 +0200
|
||||||
|
Subject: [PATCH] ModuleState: handle compress/decompress init failure
|
||||||
|
|
||||||
|
When the unit initcompress or initdecompress function fails,
|
||||||
|
m_fileModule is NULL. Return AF_FAIL in that case instead of
|
||||||
|
causing NULL pointer dereferences later.
|
||||||
|
|
||||||
|
Fixes #49
|
||||||
|
---
|
||||||
|
libaudiofile/modules/ModuleState.cpp | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp
|
||||||
|
index 0c29d7a..070fd9b 100644
|
||||||
|
--- a/libaudiofile/modules/ModuleState.cpp
|
||||||
|
+++ b/libaudiofile/modules/ModuleState.cpp
|
||||||
|
@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track)
|
||||||
|
m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok,
|
||||||
|
file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames);
|
||||||
|
|
||||||
|
+ if (!m_fileModule)
|
||||||
|
+ return AF_FAIL;
|
||||||
|
+
|
||||||
|
if (unit->needsRebuffer)
|
||||||
|
{
|
||||||
|
assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP);
|
Loading…
Reference in New Issue