Compare commits
3 Commits
| Author | SHA1 | Date |
|---|---|---|
Michal Hlavinka
|
8c4cb4ae93 | |
|
Michal Hlavinka
|
9af7244f30 | |
|
Michal Hlavinka
|
25a7744b76 |
|
|
@ -3,3 +3,4 @@ libsndfile-1.0.21.tar.gz
|
|||
/libsndfile-1.0.23.tar.gz
|
||||
/libsndfile-1.0.24.tar.gz
|
||||
/libsndfile-1.0.25.tar.gz
|
||||
/libsndfile-1.0.27.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,51 +0,0 @@
|
|||
diff -up libsndfile-1.0.25/src/sd2.c.cve2014_9496 libsndfile-1.0.25/src/sd2.c
|
||||
--- libsndfile-1.0.25/src/sd2.c.cve2014_9496 2011-01-19 11:10:36.000000000 +0100
|
||||
+++ libsndfile-1.0.25/src/sd2.c 2015-01-13 17:00:35.920285526 +0100
|
||||
@@ -395,6 +395,21 @@ read_marker (const unsigned char * data,
|
||||
return 0x666 ;
|
||||
} /* read_marker */
|
||||
|
||||
+static inline int
|
||||
+read_rsrc_marker (const SD2_RSRC *prsrc, int offset)
|
||||
+{ const unsigned char * data = prsrc->rsrc_data ;
|
||||
+
|
||||
+ if (offset < 0 || offset + 3 >= prsrc->rsrc_len)
|
||||
+ return 0 ;
|
||||
+
|
||||
+ if (CPU_IS_BIG_ENDIAN)
|
||||
+ return (((uint32_t) data [offset]) << 24) + (data [offset + 1] << 16) + (data [offset + 2] << 8) + data [offset + 3] ;
|
||||
+ if (CPU_IS_LITTLE_ENDIAN)
|
||||
+ return data [offset] + (data [offset + 1] << 8) + (data [offset + 2] << 16) + (((uint32_t) data [offset + 3]) << 24) ;
|
||||
+
|
||||
+ return 0 ;
|
||||
+} /* read_rsrc_marker */
|
||||
+
|
||||
static void
|
||||
read_str (const unsigned char * data, int offset, char * buffer, int buffer_len)
|
||||
{ int k ;
|
||||
@@ -496,6 +511,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
|
||||
|
||||
rsrc.type_offset = rsrc.map_offset + 30 ;
|
||||
|
||||
+ if (rsrc.map_offset + 28 > rsrc.rsrc_len)
|
||||
+ { psf_log_printf (psf, "Bad map offset.\n") ;
|
||||
+ goto parse_rsrc_fork_cleanup ;
|
||||
+ } ;
|
||||
+
|
||||
rsrc.type_count = read_short (rsrc.rsrc_data, rsrc.map_offset + 28) + 1 ;
|
||||
if (rsrc.type_count < 1)
|
||||
{ psf_log_printf (psf, "Bad type count.\n") ;
|
||||
@@ -512,7 +532,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf)
|
||||
|
||||
rsrc.str_index = -1 ;
|
||||
for (k = 0 ; k < rsrc.type_count ; k ++)
|
||||
- { marker = read_marker (rsrc.rsrc_data, rsrc.type_offset + k * 8) ;
|
||||
+ { if (rsrc.type_offset + k * 8 > rsrc.rsrc_len)
|
||||
+ { psf_log_printf (psf, "Bad rsrc marker.\n") ;
|
||||
+ goto parse_rsrc_fork_cleanup ;
|
||||
+ } ;
|
||||
+
|
||||
+ marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ;
|
||||
|
||||
if (marker == STR_MARKER)
|
||||
{ rsrc.str_index = k ;
|
||||
|
|
@ -1,16 +1,16 @@
|
|||
diff -up libsndfile-1.0.25/src/gsm610.c~ libsndfile-1.0.25/src/gsm610.c
|
||||
--- libsndfile-1.0.25/src/gsm610.c~ 2011-01-19 12:12:14.000000000 +0200
|
||||
+++ libsndfile-1.0.25/src/gsm610.c 2011-11-12 02:05:23.385054757 +0200
|
||||
diff -up libsndfile-1.0.27/src/gsm610.c.systemgsm libsndfile-1.0.27/src/gsm610.c
|
||||
--- libsndfile-1.0.27/src/gsm610.c.systemgsm 2016-04-01 23:08:53.000000000 +0200
|
||||
+++ libsndfile-1.0.27/src/gsm610.c 2016-11-11 19:12:06.749656521 +0100
|
||||
@@ -27,7 +27,7 @@
|
||||
#include "sfendian.h"
|
||||
#include "common.h"
|
||||
#include "wav_w64.h"
|
||||
#include "wavlike.h"
|
||||
-#include "GSM610/gsm.h"
|
||||
+#include <gsm.h>
|
||||
|
||||
#define GSM610_BLOCKSIZE 33
|
||||
#define GSM610_SAMPLES 160
|
||||
@@ -388,7 +388,8 @@ gsm610_seek (SF_PRIVATE *psf, int UNUSED
|
||||
@@ -391,7 +391,8 @@ gsm610_seek (SF_PRIVATE *psf, int UNUSED
|
||||
psf_fseek (psf, psf->dataoffset, SEEK_SET) ;
|
||||
pgsm610->blockcount = 0 ;
|
||||
|
||||
|
|
@ -20,28 +20,28 @@ diff -up libsndfile-1.0.25/src/gsm610.c~ libsndfile-1.0.25/src/gsm610.c
|
|||
if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
|
||||
(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
|
||||
gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
|
||||
diff -up libsndfile-1.0.25/src/Makefile.am~ libsndfile-1.0.25/src/Makefile.am
|
||||
--- libsndfile-1.0.25/src/Makefile.am~ 2011-07-07 12:40:25.000000000 +0300
|
||||
+++ libsndfile-1.0.25/src/Makefile.am 2011-11-12 01:46:19.760807068 +0200
|
||||
diff -up libsndfile-1.0.27/src/Makefile.am.systemgsm libsndfile-1.0.27/src/Makefile.am
|
||||
--- libsndfile-1.0.27/src/Makefile.am.systemgsm 2016-11-11 19:10:05.220551515 +0100
|
||||
+++ libsndfile-1.0.27/src/Makefile.am 2016-11-11 19:10:14.315634212 +0100
|
||||
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
|
||||
include_HEADERS = sndfile.hh
|
||||
nodist_include_HEADERS = sndfile.h
|
||||
|
||||
-noinst_LTLIBRARIES = GSM610/libgsm.la G72x/libg72x.la libcommon.la
|
||||
+noinst_LTLIBRARIES = G72x/libg72x.la libcommon.la
|
||||
-noinst_LTLIBRARIES = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la libcommon.la
|
||||
+noinst_LTLIBRARIES = G72x/libg72x.la ALAC/libalac.la libcommon.la
|
||||
|
||||
OS_SPECIFIC_CFLAGS = @OS_SPECIFIC_CFLAGS@
|
||||
OS_SPECIFIC_LINKS = @OS_SPECIFIC_LINKS@
|
||||
@@ -49,7 +49,7 @@ endif
|
||||
libsndfile_la_LDFLAGS = -no-undefined -version-info @SHARED_VERSION_INFO@ @SHLIB_VERSION_ARG@
|
||||
SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
|
||||
|
||||
@@ -46,7 +46,7 @@ endif
|
||||
libsndfile_la_LDFLAGS = -no-undefined -version-info $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
|
||||
libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
|
||||
nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
|
||||
-libsndfile_la_LIBADD = libcommon.la GSM610/libgsm.la G72x/libg72x.la \
|
||||
+libsndfile_la_LIBADD = libcommon.la -lgsm G72x/libg72x.la \
|
||||
@EXTERNAL_LIBS@ -lm
|
||||
-libsndfile_la_LIBADD = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la \
|
||||
+libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
|
||||
libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
|
||||
|
||||
libcommon_la_SOURCES = $(COMMON)
|
||||
@@ -57,12 +57,6 @@ libcommon_la_SOURCES = $(COMMON)
|
||||
@@ -54,12 +54,6 @@ libcommon_la_SOURCES = $(COMMON)
|
||||
#======================================================================
|
||||
# Subdir libraries.
|
||||
|
||||
|
|
@ -51,6 +51,6 @@ diff -up libsndfile-1.0.25/src/Makefile.am~ libsndfile-1.0.25/src/Makefile.am
|
|||
- GSM610/gsm_option.c GSM610/long_term.c GSM610/lpc.c GSM610/preprocess.c \
|
||||
- GSM610/rpe.c GSM610/short_term.c GSM610/table.c
|
||||
-
|
||||
G72x_libg72x_la_SOURCES = $(COMMON)G72x/g72x.h G72x/g72x_priv.h \
|
||||
G72x_libg72x_la_SOURCES = G72x/g72x.h G72x/g72x_priv.h \
|
||||
G72x/g721.c G72x/g723_16.c G72x/g723_24.c G72x/g723_40.c G72x/g72x.c
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ diff --git a/src/file_io.c b/src/file_io.c
|
|||
index 26d3d6d..6ccab78 100644
|
||||
--- a/src/file_io.c
|
||||
+++ b/src/file_io.c
|
||||
@@ -358,6 +358,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
|
||||
@@ -1322,6 +1322,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
|
||||
{ sf_count_t total = 0 ;
|
||||
ssize_t count ;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,14 +1,13 @@
|
|||
Summary: Library for reading and writing sound files
|
||||
Name: libsndfile
|
||||
Version: 1.0.25
|
||||
Release: 16%{?dist}
|
||||
Version: 1.0.27
|
||||
Release: 1%{?dist}
|
||||
License: LGPLv2+ and GPLv2+ and BSD
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.mega-nerd.com/libsndfile/
|
||||
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
|
||||
Patch0: %{name}-1.0.25-system-gsm.patch
|
||||
Patch0: libsndfile-1.0.25-system-gsm.patch
|
||||
Patch1: libsndfile-1.0.25-zerodivfix.patch
|
||||
Patch2: libsndfile-1.0.25-cve2014_9496.patch
|
||||
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: flac-devel
|
||||
|
|
@ -54,9 +53,8 @@ This package contains command line utilities for libsndfile.
|
|||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch0 -p1 -b .systemgsm
|
||||
%patch1 -p1 -b .zerodivfix
|
||||
%patch2 -p1 -b .cve2014_9496
|
||||
rm -r src/GSM610
|
||||
|
||||
%build
|
||||
|
|
@ -78,8 +76,9 @@ make %{?_smp_mflags}
|
|||
%install
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
rm -rf __docs
|
||||
cp -pR $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev/html __docs
|
||||
rm -rf $RPM_BUILD_ROOT%{_docdir}/libsndfile1-dev
|
||||
mkdir __docs
|
||||
cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs
|
||||
rm -rf $RPM_BUILD_ROOT%{_docdir}/%{name}
|
||||
find %{buildroot} -type f -name "*.la" -delete
|
||||
|
||||
# fix multilib issues
|
||||
|
|
@ -145,9 +144,10 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
|||
%{_mandir}/man1/sndfile-metadata-get.1*
|
||||
%{_mandir}/man1/sndfile-metadata-set.1*
|
||||
%{_mandir}/man1/sndfile-play.1*
|
||||
%{_mandir}/man1/sndfile-salvage.1*
|
||||
|
||||
%files devel
|
||||
%doc __docs/* ChangeLog
|
||||
%doc __docs ChangeLog
|
||||
%{_includedir}/sndfile.h
|
||||
%{_includedir}/sndfile.hh
|
||||
%{_includedir}/sndfile-%{wordsize}.h
|
||||
|
|
@ -156,6 +156,16 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 11 2016 Michal Hlavinka <mhlavink@redhat.com> - 1.0.27-1
|
||||
- updated to 1.0.27
|
||||
|
||||
* Wed Dec 16 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-18
|
||||
- fix incomplete patch for CVE-2015-7805
|
||||
|
||||
* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-17
|
||||
- fix CVE-2015-7805: Heap overflow vulnerability when parsing specially
|
||||
crafted AIFF header
|
||||
|
||||
* Sun Jul 19 2015 Peter Robinson <pbrobinson@fedoraproject.org> 1.0.25-16
|
||||
- Fix FTBFS
|
||||
- Use %%license
|
||||
|
|
|
|||
Loading…
Reference in New Issue