Compare commits
2 Commits
Author | SHA1 | Date |
---|---|---|
Michal Hlavinka | 84684ab429 | |
Michal Hlavinka | 4d3a7a4237 |
|
@ -0,0 +1,22 @@
|
|||
From 53c9f0bcaf20203bb4ee56da760a6e5118e6f93b Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Mon, 9 Nov 2015 19:18:48 +1100
|
||||
Subject: [PATCH] src/common.c: Pull fix from 1.0.25
|
||||
|
||||
---
|
||||
src/common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common.c b/src/common.c
|
||||
index c6b88cc..830c43e 100644
|
||||
--- a/src/common.c
|
||||
+++ b/src/common.c
|
||||
@@ -805,7 +805,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
|
||||
if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
|
||||
{ int most ;
|
||||
|
||||
- most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
|
||||
+ most = SIGNED_SIZEOF (psf->header) - psf->headend ;
|
||||
psf_fread (psf->header + psf->headend, 1, most, psf) ;
|
||||
memcpy (ptr, psf->header + psf->headend, most) ;
|
||||
psf->headend = psf->headindex += most ;
|
|
@ -0,0 +1,90 @@
|
|||
From d2a87385c1ca1d72918e9a2875d24f202a5093e8 Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Sat, 7 Feb 2015 15:45:10 +1100
|
||||
Subject: [PATCH] src/common.c : Fix a header parsing bug.
|
||||
|
||||
When the file header is bigger that SF_HEADER_LEN, the code would seek
|
||||
instead of reading causing file parse errors.
|
||||
|
||||
The current header parsing and writing code *badly* needs a re-write.
|
||||
---
|
||||
src/common.c | 27 +++++++++++----------------
|
||||
1 file changed, 11 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/src/common.c b/src/common.c
|
||||
index dd4edb7..c6b88cc 100644
|
||||
--- a/src/common.c
|
||||
+++ b/src/common.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
-** Copyright (C) 1999-2011 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
+** Copyright (C) 1999-2015 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU Lesser General Public License as published by
|
||||
@@ -800,21 +800,16 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
|
||||
{ int count = 0 ;
|
||||
|
||||
if (psf->headindex >= SIGNED_SIZEOF (psf->header))
|
||||
- { memset (ptr, 0, SIGNED_SIZEOF (psf->header) - psf->headindex) ;
|
||||
-
|
||||
- /* This is the best that we can do. */
|
||||
- psf_fseek (psf, bytes, SEEK_CUR) ;
|
||||
- return bytes ;
|
||||
- } ;
|
||||
+ return psf_fread (ptr, 1, bytes, psf) ;
|
||||
|
||||
if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
|
||||
{ int most ;
|
||||
|
||||
most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
|
||||
psf_fread (psf->header + psf->headend, 1, most, psf) ;
|
||||
- memset ((char *) ptr + most, 0, bytes - most) ;
|
||||
-
|
||||
- psf_fseek (psf, bytes - most, SEEK_CUR) ;
|
||||
+ memcpy (ptr, psf->header + psf->headend, most) ;
|
||||
+ psf->headend = psf->headindex += most ;
|
||||
+ psf_fread ((char *) ptr + most, bytes - most, 1, psf) ;
|
||||
return bytes ;
|
||||
} ;
|
||||
|
||||
@@ -822,7 +817,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
|
||||
{ count = psf_fread (psf->header + psf->headend, 1, bytes - (psf->headend - psf->headindex), psf) ;
|
||||
if (count != bytes - (int) (psf->headend - psf->headindex))
|
||||
{ psf_log_printf (psf, "Error : psf_fread returned short count.\n") ;
|
||||
- return 0 ;
|
||||
+ return count ;
|
||||
} ;
|
||||
psf->headend += count ;
|
||||
} ;
|
||||
@@ -836,7 +831,6 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
|
||||
static void
|
||||
header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
|
||||
{
|
||||
-
|
||||
switch (whence)
|
||||
{ case SEEK_SET :
|
||||
if (position > SIGNED_SIZEOF (psf->header))
|
||||
@@ -885,8 +879,7 @@ header_seek (SF_PRIVATE *psf, sf_count_t position, int whence)
|
||||
|
||||
static int
|
||||
header_gets (SF_PRIVATE *psf, char *ptr, int bufsize)
|
||||
-{
|
||||
- int k ;
|
||||
+{ int k ;
|
||||
|
||||
for (k = 0 ; k < bufsize - 1 ; k++)
|
||||
{ if (psf->headindex < psf->headend)
|
||||
@@ -1073,8 +1066,10 @@ psf_binheader_readf (SF_PRIVATE *psf, char const *format, ...)
|
||||
case 'j' :
|
||||
/* Get the seek position first. */
|
||||
count = va_arg (argptr, size_t) ;
|
||||
- header_seek (psf, count, SEEK_CUR) ;
|
||||
- byte_count += count ;
|
||||
+ if (count)
|
||||
+ { header_seek (psf, count, SEEK_CUR) ;
|
||||
+ byte_count += count ;
|
||||
+ } ;
|
||||
break ;
|
||||
|
||||
default :
|
|
@ -1,14 +1,18 @@
|
|||
Summary: Library for reading and writing sound files
|
||||
Name: libsndfile
|
||||
Version: 1.0.25
|
||||
Release: 14%{?dist}
|
||||
Release: 18%{?dist}
|
||||
License: LGPLv2+ and GPLv2+ and BSD
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.mega-nerd.com/libsndfile/
|
||||
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
|
||||
Patch0: %{name}-1.0.25-system-gsm.patch
|
||||
Patch1: libsndfile-1.0.25-zerodivfix.patch
|
||||
Patch2: libsndfile-1.0.25-cve2014_9496.patch
|
||||
Patch1: libsndfile-1.0.25-zerodivfix.patch
|
||||
Patch2: libsndfile-1.0.25-cve2014_9496.patch
|
||||
|
||||
# 2x from upstream, for <= 1.0.25, rhbz#1277899
|
||||
Patch3: libsndfile-1.0.25-d2a87385c1ca1d72918e9a2875d24f202a5093e8.patch
|
||||
Patch4: libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch
|
||||
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: flac-devel
|
||||
|
@ -44,7 +48,6 @@ This package contains files needed to develop with libsndfile.
|
|||
Summary: Command Line Utilities for libsndfile
|
||||
Group: Applications/Multimedia
|
||||
Requires: %{name} = %{version}-%{release}
|
||||
Obsoletes: libsndfile < 1.0.20-4
|
||||
|
||||
|
||||
%description utils
|
||||
|
@ -58,9 +61,12 @@ This package contains command line utilities for libsndfile.
|
|||
%patch0 -p1
|
||||
%patch1 -p1 -b .zerodivfix
|
||||
%patch2 -p1 -b .cve2014_9496
|
||||
rm -r src/GSM610 ; autoreconf -I M4 -fiv # for system-gsm patch
|
||||
%patch3 -p1 -b .d2a87385c1ca1d72918e9a2875d24f202a5093e8
|
||||
%patch4 -p1 -b .53c9f0bcaf20203bb4ee56da760a6e5118e6f93b
|
||||
rm -r src/GSM610
|
||||
|
||||
%build
|
||||
autoreconf -I M4 -fiv # for system-gsm patch
|
||||
%configure \
|
||||
--disable-dependency-tracking \
|
||||
--enable-sqlite \
|
||||
|
@ -80,9 +86,10 @@ make install DESTDIR=$RPM_BUILD_ROOT
|
|||
rm -rf __docs
|
||||
cp -pR $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev/html __docs
|
||||
rm -rf $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev
|
||||
find %{buildroot} -type f -name "*.la" -delete
|
||||
|
||||
# fix multilib issues
|
||||
%if %{__isa_bits} == 64
|
||||
%ifarch aarch64 %{power64} s390x x86_64
|
||||
%define wordsize 64
|
||||
%else
|
||||
%define wordsize 32
|
||||
|
@ -118,7 +125,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
|||
|
||||
|
||||
%files
|
||||
%doc COPYING AUTHORS README NEWS
|
||||
%{!?_licensedir:%global license %%doc}
|
||||
%license COPYING
|
||||
%doc AUTHORS README NEWS
|
||||
%{_libdir}/%{name}.so.*
|
||||
|
||||
%files utils
|
||||
|
@ -144,9 +153,7 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
|||
%{_mandir}/man1/sndfile-play.1*
|
||||
|
||||
%files devel
|
||||
%doc __docs/*
|
||||
%doc ChangeLog
|
||||
%exclude %{_libdir}/%{name}.la
|
||||
%doc __docs/* ChangeLog
|
||||
%{_includedir}/sndfile.h
|
||||
%{_includedir}/sndfile.hh
|
||||
%{_includedir}/sndfile-%{wordsize}.h
|
||||
|
@ -155,6 +162,20 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
|||
|
||||
|
||||
%changelog
|
||||
* Wed Dec 16 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-18
|
||||
- fix incomplete patch for CVE-2015-7805
|
||||
|
||||
* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-17
|
||||
- fix CVE-2015-7805: Heap overflow vulnerability when parsing specially
|
||||
crafted AIFF header
|
||||
|
||||
* Sun Jul 19 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.25-16
|
||||
- Fix FTBFS
|
||||
- Use %%license
|
||||
|
||||
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.25-15
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
||||
|
||||
* Tue Jan 13 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-14
|
||||
- fix CVE-2014-9496: 2 buffer overruns in sd2_parse_rsrc_fork (#1178840)
|
||||
- division by zero leading to denial of service in psf_fwrite (#1177254)
|
||||
|
|
Loading…
Reference in New Issue