updated to 1.0.28
fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
This commit is contained in:
parent
de2d85ec4c
commit
3b870c8e68
|
@ -4,3 +4,4 @@ libsndfile-1.0.21.tar.gz
|
|||
/libsndfile-1.0.24.tar.gz
|
||||
/libsndfile-1.0.25.tar.gz
|
||||
/libsndfile-1.0.27.tar.gz
|
||||
/libsndfile-1.0.28.tar.gz
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
diff -up libsndfile-1.0.27/src/gsm610.c.systemgsm libsndfile-1.0.27/src/gsm610.c
|
||||
--- libsndfile-1.0.27/src/gsm610.c.systemgsm 2016-04-01 23:08:53.000000000 +0200
|
||||
+++ libsndfile-1.0.27/src/gsm610.c 2016-11-11 19:12:06.749656521 +0100
|
||||
diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c
|
||||
--- libsndfile-1.0.28/src/gsm610.c.systemgsm 2016-09-10 10:08:27.000000000 +0200
|
||||
+++ libsndfile-1.0.28/src/gsm610.c 2017-04-11 10:47:40.437162489 +0200
|
||||
@@ -27,7 +27,7 @@
|
||||
#include "sfendian.h"
|
||||
#include "common.h"
|
||||
|
@ -20,9 +20,9 @@ diff -up libsndfile-1.0.27/src/gsm610.c.systemgsm libsndfile-1.0.27/src/gsm610.c
|
|||
if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
|
||||
(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
|
||||
gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
|
||||
diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makefile.am
|
||||
--- libsndfile-1.0.27/src/Makefile.am.systemgsm 2016-11-11 19:10:05.220551515 +0100
|
||||
+++ libsndfile-1.0.27/src/Makefile.am 2016-11-11 19:10:14.315634212 +0100
|
||||
diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am
|
||||
--- libsndfile-1.0.28/src/Makefile.am.systemgsm 2017-04-01 09:18:02.000000000 +0200
|
||||
+++ libsndfile-1.0.28/src/Makefile.am 2017-04-11 10:48:43.855620172 +0200
|
||||
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
|
||||
include_HEADERS = sndfile.hh
|
||||
nodist_include_HEADERS = sndfile.h
|
||||
|
@ -32,7 +32,7 @@ diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makef
|
|||
|
||||
SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
|
||||
|
||||
@@ -46,7 +46,7 @@ endif
|
||||
@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR
|
||||
libsndfile_la_LDFLAGS = -no-undefined -version-info $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
|
||||
libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
|
||||
nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
|
||||
|
@ -40,8 +40,8 @@ diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makef
|
|||
+libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
|
||||
libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
|
||||
|
||||
libcommon_la_SOURCES = $(COMMON)
|
||||
@@ -54,12 +54,6 @@ libcommon_la_SOURCES = $(COMMON)
|
||||
EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
|
||||
@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io.
|
||||
#======================================================================
|
||||
# Subdir libraries.
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
Summary: Library for reading and writing sound files
|
||||
Name: libsndfile
|
||||
Version: 1.0.27
|
||||
Release: 2%{?dist}
|
||||
Version: 1.0.28
|
||||
Release: 1%{?dist}
|
||||
License: LGPLv2+ and GPLv2+ and BSD
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.mega-nerd.com/libsndfile/
|
||||
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
|
||||
Patch0: libsndfile-1.0.25-system-gsm.patch
|
||||
Patch1: libsndfile-1.0.25-zerodivfix.patch
|
||||
|
||||
Patch2: revert.patch
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: flac-devel
|
||||
BuildRequires: libogg-devel
|
||||
|
@ -55,6 +55,7 @@ This package contains command line utilities for libsndfile.
|
|||
%setup -q
|
||||
%patch0 -p1 -b .systemgsm
|
||||
%patch1 -p1 -b .zerodivfix
|
||||
%patch2 -p1 -b .revert
|
||||
rm -r src/GSM610
|
||||
|
||||
%build
|
||||
|
@ -150,6 +151,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
|||
|
||||
|
||||
%changelog
|
||||
* Tue Apr 11 2017 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-1
|
||||
- updated to 1.0.28
|
||||
- fix possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586)
|
||||
- fix possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585)
|
||||
|
||||
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.27-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
||||
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
--- libsndfile-1.0.28/src/rf64.c 2017-04-02 09:43:22.000000000 +0200
|
||||
+++ libsndfile-1.0.27/src/rf64.c 2016-04-01 23:08:53.000000000 +0200
|
||||
@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int
|
||||
|
||||
#endif
|
||||
|
||||
- pad_size = psf->dataoffset - 16 - psf->header.indx ;
|
||||
- if (pad_size >= 0)
|
||||
- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
|
||||
+ if (psf->header.indx + 8 < psf->dataoffset)
|
||||
+ { /* Add PAD data if necessary. */
|
||||
+ int k = psf->dataoffset - 16 - psf->header.indx ;
|
||||
+ psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ;
|
||||
+ } ;
|
||||
|
||||
if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
|
||||
psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
|
||||
else
|
||||
psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ;
|
||||
|
||||
- psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
|
||||
+ psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
|
||||
if (psf->error)
|
||||
return psf->error ;
|
||||
|
||||
- if (has_data && psf->dataoffset != psf->header.indx)
|
||||
- { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
|
||||
+ if (has_data && psf->dataoffset != psf->header.indx)
|
||||
+ { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
|
||||
return psf->error = SFE_INTERNAL ;
|
||||
} ;
|
||||
|
||||
- psf->dataoffset = psf->header.indx ;
|
||||
+ psf->dataoffset = psf->header.indx ;
|
||||
|
||||
if (NOT (has_data))
|
||||
psf_fseek (psf, psf->dataoffset, SEEK_SET) ;
|
Loading…
Reference in New Issue