rpms/libsndfile
5
0
Fork 0
Code Issues Pull Requests Releases Activity

import libsndfile-1.0.28-12.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-05-10 03:07:55 -04:00 committed by Stepan Oksanichenko
parent c1d03881e0
commit 7ecb75772a
2 changed files with 34 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
SOURCES/libsndfile-1.0.31-ced91d7b.patch Normal file
View File

@ -0,0 +1,25 @@
From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
From: yuan <ssspeed00@gmail.com>
Date: Tue, 20 Apr 2021 16:16:32 +0800
Subject: [PATCH] flac: Fix improper buffer reusing (#732)
---
src/flac.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/flac.c b/src/flac.c
index 64d0172e6..e33204505 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
/* Decode some more. */
while (pflac->pos < pflac->len)
{ if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
+ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
+ /* Current frame is busted, so NULL the pointer. */
+ pflac->frame = NULL ;
break ;
+ } ;
state = FLAC__stream_decoder_get_state (pflac->fsd) ;
if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
{ psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;

13
SPECS/libsndfile.spec
View File

@ -1,7 +1,7 @@
Summary: Library for reading and writing sound files Summary: Library for reading and writing sound files
Name: libsndfile Name: libsndfile
Version: 1.0.28 Version: 1.0.28
Release: 10%{?dist}.1 Release: 12%{?dist}
License: LGPLv2+ and GPLv2+ and BSD License: LGPLv2+ and GPLv2+ and BSD
Group: System Environment/Libraries Group: System Environment/Libraries
URL: http://www.mega-nerd.com/libsndfile/ URL: http://www.mega-nerd.com/libsndfile/
@ -18,8 +18,9 @@ Patch6: libsndfile-1.0.28-fixfree.patch
Patch7: libsndfile-1.0.28-vafix.patch Patch7: libsndfile-1.0.28-vafix.patch
Patch8: libsndfile-1.0.28-CVE_2018_13139.patch Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
Patch9: libsndfile-1.0.28-cve_2018_19662.patch Patch9: libsndfile-1.0.28-cve_2018_19662.patch
# from upstream, for <= 1.0.31, rhbz#1985027 # from upstream, for <= 1.0.31, rhbz#1985028
Patch10: libsndfile-1.0.31-deb669ee.patch Patch10: libsndfile-1.0.31-deb669ee.patch
Patch11: libsndfile-1.0.31-ced91d7b.patch
BuildRequires: alsa-lib-devel BuildRequires: alsa-lib-devel
BuildRequires: flac-devel BuildRequires: flac-devel
BuildRequires: libogg-devel BuildRequires: libogg-devel
@ -75,6 +76,7 @@ This package contains command line utilities for libsndfile.
%patch8 -p1 -b .CVE_2018_13139 %patch8 -p1 -b .CVE_2018_13139
%patch9 -p1 -b .cve_2018_19662 %patch9 -p1 -b .cve_2018_19662
%patch10 -p1 -b .deb669ee %patch10 -p1 -b .deb669ee
%patch11 -p1 -b .ced91d7b
rm -r src/GSM610 rm -r src/GSM610
%build %build
@ -170,8 +172,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%changelog %changelog
* Tue Jul 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10.1 * Wed Jan 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-12
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985027) - fix heap buffer overflow in flac (#2030507)
* Mon Jul 26 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-11
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985028)
* Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10 * Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
- fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function