From 383e276fa931ae9cfe8dad7dd374f37aee692c5a Mon Sep 17 00:00:00 2001 From: Michal Hlavinka Date: Thu, 17 Dec 2015 11:40:39 +0100 Subject: [PATCH] fix incomplete patch for CVE-2015-7805 --- ...f0bcaf20203bb4ee56da760a6e5118e6f93b.patch | 22 +++++++++++++++++++ libsndfile.spec | 8 ++++++- 2 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch diff --git a/libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch b/libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch new file mode 100644 index 0000000..6aa4bf5 --- /dev/null +++ b/libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch @@ -0,0 +1,22 @@ +From 53c9f0bcaf20203bb4ee56da760a6e5118e6f93b Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo +Date: Mon, 9 Nov 2015 19:18:48 +1100 +Subject: [PATCH] src/common.c: Pull fix from 1.0.25 + +--- + src/common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/common.c b/src/common.c +index c6b88cc..830c43e 100644 +--- a/src/common.c ++++ b/src/common.c +@@ -805,7 +805,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes) + if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header)) + { int most ; + +- most = SIGNED_SIZEOF (psf->header) - psf->headindex ; ++ most = SIGNED_SIZEOF (psf->header) - psf->headend ; + psf_fread (psf->header + psf->headend, 1, most, psf) ; + memcpy (ptr, psf->header + psf->headend, most) ; + psf->headend = psf->headindex += most ; diff --git a/libsndfile.spec b/libsndfile.spec index f4b3ebb..f966c77 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,7 +1,7 @@ Summary: Library for reading and writing sound files Name: libsndfile Version: 1.0.17 -Release: 7%{?dist} +Release: 8%{?dist} License: LGPL Group: System Environment/Libraries URL: http://www.mega-nerd.com/libsndfile/ @@ -24,7 +24,9 @@ Patch5: libsndfile-1.0.25-zerodivfix.patch #from upstream, for libsndfile <= 1.0.25, rhbz#1178840 Patch6: libsndfile-1.0.25-cve2014_9496.patch +# 2x from upstream, for <= 1.0.25, rhbz#1277899 Patch7: libsndfile-1.0.25-d2a87385c1ca1d72918e9a2875d24f202a5093e8.patch +Patch8: libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n) @@ -59,6 +61,7 @@ This package contains files needed to develop with libsndfile. %patch5 -p1 -b .zerodivfix %patch6 -p1 -b .cve2014_9496 %patch7 -p1 -b .d2a87385c1ca1d72918e9a2875d24f202a5093e8 +%patch8 -p1 -b .53c9f0bcaf20203bb4ee56da760a6e5118e6f93b %build %configure --disable-dependency-tracking @@ -106,6 +109,9 @@ rm -rf $RPM_BUILD_ROOT %changelog +* Thu Dec 17 2015 Michal Hlavinka - 1.0.17-8 +- fix incomplete patch for CVE-2015-7805 + * Fri Nov 06 2015 Michal Hlavinka - 1.0.17-7 - fix CVE-2015-7805: Heap overflow vulnerability when parsing specially crafted AIFF header