import libsndfile-1.0.28-12.el8
This commit is contained in:
CentOS Sources
Stepan Oksanichenko
parent
c1d03881e0
commit
7ecb75772a
25
SOURCES/libsndfile-1.0.31-ced91d7b.patch
Normal file
25
SOURCES/libsndfile-1.0.31-ced91d7b.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
|
||||
From: yuan <ssspeed00@gmail.com>
|
||||
Date: Tue, 20 Apr 2021 16:16:32 +0800
|
||||
Subject: [PATCH] flac: Fix improper buffer reusing (#732)
|
||||
|
||||
---
|
||||
src/flac.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/flac.c b/src/flac.c
|
||||
index 64d0172e6..e33204505 100644
|
||||
--- a/src/flac.c
|
||||
+++ b/src/flac.c
|
||||
@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
|
||||
/* Decode some more. */
|
||||
while (pflac->pos < pflac->len)
|
||||
{ if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
|
||||
+ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
|
||||
+ /* Current frame is busted, so NULL the pointer. */
|
||||
+ pflac->frame = NULL ;
|
||||
break ;
|
||||
+ } ;
|
||||
state = FLAC__stream_decoder_get_state (pflac->fsd) ;
|
||||
if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
|
||||
{ psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: Library for reading and writing sound files
|
||||
Name: libsndfile
|
||||
Version: 1.0.28
|
||||
Release: 10%{?dist}.1
|
||||
Release: 12%{?dist}
|
||||
License: LGPLv2+ and GPLv2+ and BSD
|
||||
Group: System Environment/Libraries
|
||||
URL: http://www.mega-nerd.com/libsndfile/
|
||||
@ -18,8 +18,9 @@ Patch6: libsndfile-1.0.28-fixfree.patch
|
||||
Patch7: libsndfile-1.0.28-vafix.patch
|
||||
Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
|
||||
Patch9: libsndfile-1.0.28-cve_2018_19662.patch
|
||||
# from upstream, for <= 1.0.31, rhbz#1985027
|
||||
# from upstream, for <= 1.0.31, rhbz#1985028
|
||||
Patch10: libsndfile-1.0.31-deb669ee.patch
|
||||
Patch11: libsndfile-1.0.31-ced91d7b.patch
|
||||
BuildRequires: alsa-lib-devel
|
||||
BuildRequires: flac-devel
|
||||
BuildRequires: libogg-devel
|
||||
@ -75,6 +76,7 @@ This package contains command line utilities for libsndfile.
|
||||
%patch8 -p1 -b .CVE_2018_13139
|
||||
%patch9 -p1 -b .cve_2018_19662
|
||||
%patch10 -p1 -b .deb669ee
|
||||
%patch11 -p1 -b .ced91d7b
|
||||
rm -r src/GSM610
|
||||
|
||||
%build
|
||||
@ -170,8 +172,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Jul 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10.1
|
||||
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985027)
|
||||
* Wed Jan 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-12
|
||||
- fix heap buffer overflow in flac (#2030507)
|
||||
|
||||
* Mon Jul 26 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-11
|
||||
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985028)
|
||||
|
||||
* Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
|
||||
- fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function
|
||||
|
||||
Loading…
Reference in New Issue
Block a user