rpms/libsndfile
6
0
Fork 0
Code Issues Pull Requests Releases Activity

import libsndfile-1.0.28-10.el8_4.1

Browse Source
This commit is contained in:
CentOS Sources 2021-10-05 18:28:42 -04:00 committed by Stepan Oksanichenko
parent d72ce5d841
commit 687238c11c
2 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
SOURCES/libsndfile-1.0.31-deb669ee.patch Normal file
View File

@ -0,0 +1,21 @@
diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
index 5e8f1a31..a21cb994 100644
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock)
if (psf->file.mode == SFM_WRITE)
samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
- if (blockalign < 7 * psf->sf.channels)
- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+ /* There's 7 samples per channel in the preamble of each block */
+ if (samplesperblock < 7 * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+
+ if (2 * blockalign < samplesperblock * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
return SFE_INTERNAL ;
} ;

8
SPECS/libsndfile.spec
View File

@ -1,7 +1,7 @@
Summary: Library for reading and writing sound files Summary: Library for reading and writing sound files
Name: libsndfile Name: libsndfile
Version: 1.0.28 Version: 1.0.28
Release: 10%{?dist} Release: 10%{?dist}.1
License: LGPLv2+ and GPLv2+ and BSD License: LGPLv2+ and GPLv2+ and BSD
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.mega-nerd.com/libsndfile/ URL: http://www.mega-nerd.com/libsndfile/
@ -18,6 +18,8 @@ Patch6: libsndfile-1.0.28-fixfree.patch
Patch7: libsndfile-1.0.28-vafix.patch Patch7: libsndfile-1.0.28-vafix.patch
Patch8: libsndfile-1.0.28-CVE_2018_13139.patch Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
Patch9: libsndfile-1.0.28-cve_2018_19662.patch Patch9: libsndfile-1.0.28-cve_2018_19662.patch
# from upstream, for <= 1.0.31, rhbz#1985027
Patch10: libsndfile-1.0.31-deb669ee.patch
BuildRequires: alsa-lib-devel BuildRequires: alsa-lib-devel
BuildRequires: flac-devel BuildRequires: flac-devel
BuildRequires: libogg-devel BuildRequires: libogg-devel
@ -72,6 +74,7 @@ This package contains command line utilities for libsndfile.
%patch7 -p1 -b .vafix %patch7 -p1 -b .vafix
%patch8 -p1 -b .CVE_2018_13139 %patch8 -p1 -b .CVE_2018_13139
%patch9 -p1 -b .cve_2018_19662 %patch9 -p1 -b .cve_2018_19662
%patch10 -p1 -b .deb669ee
rm -r src/GSM610 rm -r src/GSM610
%build %build
@ -167,6 +170,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%changelog %changelog
* Tue Jul 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10.1
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985027)
* Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10 * Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
- fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function
i2alaw_array in alaw (#1673085) i2alaw_array in alaw (#1673085)