fix incomplete patch for CVE-2015-7805
This commit is contained in:
Michal Hlavinka
parent
01c7afde1d
commit
52f7fc6c60
@ -0,0 +1,22 @@
|
||||
From 53c9f0bcaf20203bb4ee56da760a6e5118e6f93b Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Mon, 9 Nov 2015 19:18:48 +1100
|
||||
Subject: [PATCH] src/common.c: Pull fix from 1.0.25
|
||||
|
||||
---
|
||||
src/common.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/common.c b/src/common.c
|
||||
index c6b88cc..830c43e 100644
|
||||
--- a/src/common.c
|
||||
+++ b/src/common.c
|
||||
@@ -805,7 +805,7 @@ header_read (SF_PRIVATE *psf, void *ptr, int bytes)
|
||||
if (psf->headindex + bytes > SIGNED_SIZEOF (psf->header))
|
||||
{ int most ;
|
||||
|
||||
- most = SIGNED_SIZEOF (psf->header) - psf->headindex ;
|
||||
+ most = SIGNED_SIZEOF (psf->header) - psf->headend ;
|
||||
psf_fread (psf->header + psf->headend, 1, most, psf) ;
|
||||
memcpy (ptr, psf->header + psf->headend, most) ;
|
||||
psf->headend = psf->headindex += most ;
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library for reading and writing sound files
|
||||
Name: libsndfile
|
||||
Version: 1.0.25
|
||||
Release: 18%{?dist}
|
||||
Release: 19%{?dist}
|
||||
License: LGPLv2+ and GPLv2+ and BSD
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.mega-nerd.com/libsndfile/
|
||||
@ -9,8 +9,10 @@ Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
|
||||
Patch0: %{name}-1.0.25-system-gsm.patch
|
||||
Patch1: libsndfile-1.0.25-zerodivfix.patch
|
||||
Patch2: libsndfile-1.0.25-cve2014_9496.patch
|
||||
# from upstream, for <= 1.0.25, rhbz#1277899
|
||||
|
||||
# 2x from upstream, for <= 1.0.25, rhbz#1277899
|
||||
Patch3: libsndfile-1.0.25-d2a87385c1ca1d72918e9a2875d24f202a5093e8.patch
|
||||
Patch4: libsndfile-1.0.25-53c9f0bcaf20203bb4ee56da760a6e5118e6f93b.patch
|
||||
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: flac-devel
|
||||
@ -60,6 +62,7 @@ This package contains command line utilities for libsndfile.
|
||||
%patch1 -p1 -b .zerodivfix
|
||||
%patch2 -p1 -b .cve2014_9496
|
||||
%patch3 -p1 -b .d2a87385c1ca1d72918e9a2875d24f202a5093e8
|
||||
%patch4 -p1 -b .53c9f0bcaf20203bb4ee56da760a6e5118e6f93b
|
||||
rm -r src/GSM610
|
||||
|
||||
%build
|
||||
@ -153,6 +156,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
||||
|
||||
|
||||
%changelog
|
||||
* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-19
|
||||
- fix incomplete patch for CVE-2015-7805
|
||||
|
||||
* Fri Nov 06 2015 Michal Hlavinka <mhlavink@redhat.com> - 1.0.25-18
|
||||
- fix CVE-2015-7805: Heap overflow vulnerability when parsing specially
|
||||
crafted AIFF header
|
||||
|
||||
Loading…
Reference in New Issue
Block a user