rpms
/
libsndfile
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'rawhide' into f33

This commit is contained in:
Michal Hlavinka 2021-08-03 00:00:54 +02:00
parent b8af4e0ec6 8356ca8394
commit 20a079cc56
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
libsndfile-1.0.31-deb669ee.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
index 5e8f1a31..a21cb994 100644
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock)
if (psf->file.mode == SFM_WRITE)
samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
- if (blockalign < 7 * psf->sf.channels)
- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+ /* There's 7 samples per channel in the preamble of each block */
+ if (samplesperblock < 7 * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+
+ if (2 * blockalign < samplesperblock * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
return SFE_INTERNAL ;
} ;

11
libsndfile.spec
View File

@ -1,12 +1,14 @@
Summary: Library for reading and writing sound files
Name: libsndfile
Version: 1.0.31
Release: 3%{?dist}
Release: 5%{?dist}%{?dist}
License: LGPLv2+ and GPLv2+ and BSD
URL: http://libsndfile.github.io/libsndfile/
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2
Patch0: libsndfile-1.0.25-system-gsm.patch
Patch1: libsndfile-1.0.25-zerodivfix.patch
# from upstream, fix #1984320=CVE-2021-3246, for <= 1.0.31
Patch2: libsndfile-1.0.31-deb669ee.patch
BuildRequires: gcc-c++
BuildRequires: alsa-lib-devel
BuildRequires: flac-devel
@ -58,6 +60,7 @@ This package contains command line utilities for libsndfile.
rm -r src/GSM610
# TODO: check if this patch is still needed
%patch1 -p1 -b .zerodivfix
%patch2 -p1 -b .deb669ee
%build
autoreconf -I M4 -fiv # for system-gsm patch
@ -149,6 +152,12 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%changelog
* Fri Jul 23 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-5
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution (#1984320)
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.31-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Feb 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-3
- add opus-devel BR to satisfy configure requirements check (#1931251)